Quantcast
Channel: THWACK: Message List - Network Configuration Manager
Viewing all 8827 articles
Browse latest View live

NCUA Policy Reports?

May 12, 2014, 11:18 am
$
0
0

Hi All,

 

I work for the Credit Union industry governed by the National Credit Union Association (NCUA), which is a federal insurance agency not too dissimilar from the FDIC.  It is a different governing structure and we have our own security policies, but we are a much smaller industry.

 

Here's where the fun begins.  I am the one responsible for ensuring our IT infrastructure, specifically our network, is under compliance.  Great!  I'm looking forward to it, but the documentation is disparate and dated, for example, the last security letter I can find is from 2006!!@!$@!

 

Has anyone done the work of writing up a NCUA Policy Report?  If not, I'm happy to do so, but I want to make sure I'm not reinventing the wheel here.

 

Any help in deciphering these laws would be a great help, as I'm new to the financial industry.

 

IT Resources - General - Seems the place to start

Audit Examiner's Resources

IT Rules and Regulations - Very little help in regards to technical details

IT Laws - Looks perfect, except for the dates

IT Related Letters - Oh god, the dates

 

These two Questionnaires are the closest to what I'm looking for.  Regardless, I'm happy to translate all this legalese into technical requirements.  Any help would be appreciated interpreting and translating these!

 

Thank You,

 

Matthew

NCUA Member

Search

Re: connect to ASA 5520 using NCM

May 12, 2014, 1:49 pm
$
0
0

Thank you for posting this, and it worked changing from "enable 15" to just "enable".  I was stumped why NCM seemed to be connecting successfully, but not downloading the config with the "connection refused" error showing.   If anybody else is comparing notes, this is what the SSH debug looked like from the ASA side while experiencing the issue:

 

SSH2 1: shell request

SSH2 1: shell message receivedSSH1: TCP read failed, error code = 0x86300003 "TCP connection closed"

SSH1: receive SSH message: [no message ID: variable *data is NULL]

SSH1: Session disconnected by SSH server - error 0x00 "Internal error"

Re: Download both running and startup configs on RTCD?

May 13, 2014, 5:59 am

Re: Creating rules through NCM Policy

May 13, 2014, 6:55 am
$
0
0

You need to user parentheses to make make rules inclusive of eachother, like above do you want (rule2 or rule3) or do you want (rule 1 and rule 2) or rule 3 or rule 4.  Hopefully this makes sense to you, if not trial an error will probably yield the results.  Keep in mind this is just a truth table of AND, OR operations with a resulting 1 or 0 once calculated.

 

I don't think I can really explain it better as this is one of those things that each person grasps in their own way.

How to create Config Change Template to remove a command from SVI interfaces on all Cisco Layer 3 switcheses

May 13, 2014, 7:55 am
$
0
0

Hi,

 

I wanted to know if anyone has configured a change template to remove a command from SVI (Switch Virtual Interfaces) on Cisco Layer 3 switches.  I want to be able to remove a command from all SVI's.  For example, I want to be able to remove the ip broadcast-address from all SVI's.  Below is an example:

 

This is what I have:

int vlan 1                                              (SVI interface)

ip broadcast-address x.x.x.x                  (Item to remove)

 

This is what I want to accomplish:

int vlan 1

no ip broadcast-address

exit

search all SVI's, if command does not exist, then go to next SVI, if it does exist, then remove command and continue with process until it reaches the end.

 

I have 3 Cisco Layer 3 devices that I need to do this to.  This will save time by me not having  to go into each SVI and having to remove the command manually.

 

I am having a difficult time understanding the change template structure.   I don't know what context should map to what database information.  Any help is greatly appreciated.

 

Thank you,

 

Enid

Re: NCM scripts dont run on devices configured to Polling Engines

May 13, 2014, 9:30 am
$
0
0

Just checked the NCM settings.  I have additional polling engines checked under the Polling Engine Configuration for NCM.  I have to run the scripts off the polling engines as I have a firewall between the main poller and the additional polling engines.

 

I checked by trying to execute a script on a switch that is polled by a polling engine and it is stuck on initializing. 

Re: NCUA Policy Reports?

May 13, 2014, 9:32 am
$
0
0

Hi Jiri,

 

I'm finalizing my Orion/NTA/NCM/Device Tracker implementation at the moment (getting the MAC addresses identified in DT, ensuring all configs are backed up, etc.)  All my alerts and flows are working. 

 

In the next week or so, I'll be rolling out LEM, but I've never deployed it, so it may take me a bit to get rolling.  It's good to know there's NCUA reporting out of the box.  I still would like to have the ability to run a report in Orion and need to thoroughly understand the regulations of the NCUA regarding network architecture, so I will most likely be making a NCUA report for NCM as well.

 

Thanks for pointing me in the right direction!

 

Matthew

Re: NCM scripts dont run on devices configured to Polling Engines

May 13, 2014, 9:54 am
$
0
0

Make sure that the target nodes are native the the originating engine.

 

For example:

  • Polling Engine A has Router1
  • Polling Engine B has Firewall3

 

Any script(s) that run against Router1 MUST be run from Polling Engine A.

Likewise, script(s) for Firewall3 MUST be run from Polling Engine B.

 

You can easily edit polling engine assignments in bulk through Manage Nodes > Edit Settings

Search

Re: Unable to remove node from NCM

May 13, 2014, 10:01 am
$
0
0

I have a backup job that runs every week and it keeps looking for 2 nodes (ORLSW47 & 48) and of course failing.

 

I followed the instructions above but it keeps re-adding 2 nodes that are no longer in production to the Node Management list in the web interface.

 

When I find them in NCM on the SW server and choose delete it just launches IE to the web interface list of nodes and they are not there.

 

NCM.JPG

Web Interface.JPG

Re: How can I get a true configuration from a Cisco ASA and WLC?

May 13, 2014, 10:22 am
$
0
0

Hi Jiri,

 

I tried the WiSM template and was able to retrieve the configuration using TFTP and SSH for the login.  I am not successful with the ASA, though, and I'm using NCM 7.2.2 and ASA 8.4.  If there's any way to improve on the device template, I'm happy to help out.

 

So far, I've just configured SSH as the script and login protocol and TFTP for the retrieval of the configuration and upped the timeout to 300seconds.

 

Thanks,

 

Matthew

Re: NCM scripts dont run on devices configured to Polling Engines

May 13, 2014, 10:32 am
$
0
0

How do you run a script from a polling engine?  Maybe that is what I am doing wrong.

 

I am going under Config to Configuration Manager.  Selecting Execute Script and entering my script.  When I hit Next, I get to pick out the nodes I want to execute the script on.  I never get to say from where.

 

Another question about this, how do I cancel tasks that are stuck at initializing under Transfer Status?  I have quite a few stuck now.

 

Thanks for your help, too.

Config Change Report - Compare more recent downloaded running to last downloaded running

May 13, 2014, 2:56 pm
$
0
0

I want to setup a scheduled config change report that will always compare the more recently downloaded running to the last downloaded running. The important nuance here is that it is always running to running compare NOT the last downloaded config the last running config.

 

We download the startup and running configs on critical devices each night. We've ordered the backups so that the startup backs up first then the running (have to do this so that the running is "the most recently downloaded config"). But when the backup of the startup config is successful and the running fails (e.g. the because the link to the site is down when the running config is to be backed up), the compare then compares the startup config the last downloaded running, not what we want.

 

Anyone have a way to create a scheduled job that will always compare running-to-running?

how to input y or yes when meet the prompt

May 14, 2014, 3:06 am
$
0
0

Dear, Team

how can input the y or yes when the prompt waiting??

plz see the following logs plz

 

SWTelnetDebug log.txt

Got 83 bytes
WARNING: This command will reboot the system

Do you want to continue? (y/n) [n]

 

10.1.64.4-trace.txt

[2014-05-14 오후 7:05:44] TimerTick: mstrData=<Do you want to continue? (y/n) [n] > State=3 - Connected to server - idle

[2014-05-14 오후 7:05:44] Pending Disconnect = False

[2014-05-14 오후 7:05:44] Pre-Commands: Waiting more than 3 seconds for response start sending pre-command if any...

[2014-05-14 오후 7:05:44] Fuzzy match detector start detecting prompt. String1=doyouwanttocontinue?(y/n)[n] String2=switch#

[2014-05-14 오후 7:05:44] TimerTick: Just tick-tockin away. ..

 

Kind Regards

is anybody can tell to me how to using the configmgmt-command

May 14, 2014, 4:43 am
$
0
0

Dear, Team

i found following directories from the ncm installation folder

C:\Program Files\SolarWinds\Orion\NCM\DeviceTypes

there are several configmgmt-command there.

how can i using when i want to reboot the device.?

and how can i make own nexus 3048 configmgmt-command file?

tell to me plz

 

Kind Regards

Multilink error reporting

May 14, 2014, 6:00 am
$
0
0

I have multiple sites that have their routers into a multilink, both 28xx and 29xx cisco series.  What I have noticed is that although our individual T1s along with the multilink are being pulled into Orion, while one serial link shows 50 errors and one shows 2 errors, shouldn't the multilink show the summation of those links?  I am not sure if this a cisco config change I need to make or something that can be tweaked in Orion.  We are running NCM 7.0.2 and NPM 10.6. Any advise is greatly appreciated. Thanks!

Search

Re: how to input y or yes when meet the prompt

May 14, 2014, 6:57 am
$
0
0

Can you just add a y {CR$} to the next line in the script?

Re: is anybody can tell to me how to using the configmgmt-command

May 14, 2014, 8:26 am
$
0
0

These files are templates for storing configuration files, they are not for running scripts.

 

I would suggest you read the administrators guide on how to run scripts on devices and then post here if you have further questions.

Arris MG5225G (Media Gateway), NCM to Manage configs

May 14, 2014, 8:49 am
$
0
0

We need to prove a case, being able to manage customer configs for Arris MG5225G (Media Gateway) devices, using NCM to do so.

 

We are able to monitor the device(s) within NPM, however, we are not having any success pushing snmp/configs to the device(s).

These device(s) use a "Password of The Day" to login, as far as I know, and there appears to be two different ways to login, both web based.

 

Has anyone had any success, using NCM to manage (download/upload configs/snmp) Arris MG5225G (Media Gateway) devices?

We have just started this phase of the project, and do not have much experience working with these devices, yet.

 

Thank you,

 

-Will

Re: Transfer Status stuck

May 15, 2014, 6:10 am
$
0
0

Upgrade to v7.2.2 solved my problem

 

to clear the stuck transfers, tech support recommended that I do the following:


Use the database manager on the Orion Server.

Start - All Programs - SolarWinds Orion - Advanced Features - Database Manager

Click "Add default server" and then expand the SQL server. Right click the NCM database name and choose "New Query..."

(Note, modifying the NCM database via Database Manager will only work via the above method if both Orion and NCM use the same database credentials. If they do not you will need to click "Add Server" and supply your Database Server and NCM SQL credentials.)

Paste the query below in to the query window and then choose "Execute Query":

DELETE FROM TransferQueue WHERE Status LIKE 'Cancelling%'


if your transfers are stuck at Initializing, then change the query to:


DELETE FROM TransferQueue WHERE Status LIKE 'Initializing%'

Now perform the following:

How to Repair Job Engine, Collector and Information Service

(Note: This will cause ~10 min. or less of downtime)

- Start - All Programs - SolarWinds Orion - Advanced Features - Orion Service Manager -> Shutdown Everything

- Open C:\Documents and Settings\All Users\Application Data\SolarWinds\Installers.
- On a 2008 system, this will be under C:\ProgramData\Solarwinds\Installers.

- Right-click the Jobengine.msi and select Uninstall.
- Right-click the Jobengine.v2.msi and select Uninstall.
- Right-click the CollectorInstaller.msi and select Uninstall.
- Right-click the InformationService.msi and select Uninstall.

- Right-click the Jobengine.msi and select Install.
- Right-click the Jobengine.v2.msi and select Install.
- Right-click the CollectorInstaller.msi and select Install.
- Right-click the InformationService.msi and select Install.

- Start - All Programs - SolarWinds Orion - Advanced Features - Orion Service Manager -> Start Everything

a courtesy server reboot would be nice as well, but not necessary

Backup ASA Config using TFTP with Inside address

May 15, 2014, 7:17 am
$
0
0

I prefer to back up my ASA Firewall configs using TFTP since it shows the PSKs for VPN.  I can tftp the configs from my remote ASA5505s connected by VPN, but I need to modify the tftp command to use the inside address.  This allows it to easly pass through the tunnel.  Example, "copy run tftp://10.100.110.36/smco-fw01;int=inside".

 

When I configure these firewalls in NCM to "Request Configs Using SSH" "Transfer Configs Using TFTP", is there anyway to modify the request command that NCM sends to the firewall (appending it with ;int=inside)?

Viewing all 8827 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>