Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Network Configuration Manager (NCM) > NCM login failure on CATOS devices when authentication is handled via TACACS

NCM login failure on CATOS devices when authentication is handled via TACACS

Created by Bill Corgey, last modified by MindTouch on Jun 23, 2016

Views: 54 Votes: 1 Revisions: 6

Overview

NCM requires the device to respond and behave within certain pre-set/expected parameters in order to connect, for example login/password prompts and device prompts are the most important. There are some cases when there may be ASCII characters appended to the prompt hostname> when connecting for the first time and then the actual prompt is sent to NCM. But subsequent prompt appearances are changed, and look for example like hostname> (enable). This article provides a possible workaround for such behavior.

Environment

  • NCM version 7.4
  • CatOS
  • TACACS handles Authentication
  • Telnet is connection protocol being used (Not tested with SSH)

Cause

The problem is when the device sends the initial Hostname and the prompt has extra characters appended to the returned prompt.  At this point, NCM sets the matching criteria to know when to start and stop processing data. But since subsequent returns of the prompt are normal and not the same as the original, NCM will not match and will time out waiting. 

Resolution

 

Note: Verify the device is returning a prompt with the Extra characters. Generally be ASCII.
Check this by turning on session tracing or when testing the login via the edit node properties, click the Show credential login details:  slowly scroll through the output.  If the first time the prompt is sent and it has the extra characters, you have this issue.

Now that we have determined the issue is present, use the same login information for the show login credential login details to determine the Device template NCM is using if you have not manually set it.  The Device Template is at the top of the output.  We will need to copy this template and make a modification for this device to use. For how to access and steps follow these instructions.

 

for the intent of this article, the commands in the template should be the following to login and download a config if the the CATOS device is exhibiting this issue. And should not be used as a standard NCM Device Template

<Commands>        
<Command Name="RESET" Value="set length 0"/>        
<Command Name="Reboot" Value="reload${CRLF}y${CRLF}y"/>        
<Command Name="EnterConfigMode" Value=""/>        
<Command Name="ExitConfigMode" Value=""/>        
<Command Name="Startup" Value="config"/>        
<Command Name="Running" Value="config"/>        
<Command Name="DownloadConfig" Value="show config"/>        
<Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}"/>        
<Command Name="DownloadConfigIndirect" Value="copy ${ConfigType} ${TransferProtocol}://${StorageAddress}/

${StorageFilename}${CRLF}${CRLF}${CRLF}"/>        
<Command Name="UploadConfigIndirect" Value="copy ${TransferProtocol}://${StorageAddress}/${StorageFilename}  

${ConfigType}${CRLF}${CRLF}"/>        
<Command Name="EraseConfig" Value="write erase${CRLF}Y"/>        
<Command Name="SaveConfig" Value="write memory"/>        
<Command Name="Version" Value="show version"/>                           
<Command Name="EnableIdentifier" Value="(enable)"/>
<Command Name="PreCommand" Value="${CRLF}"/>

</Commands>

 

Manually assign your new template to the device(s) with the problem and do not set the device Template to be used for Auto determine unless all of the like devices are have this issue.

 

 

 

 

Last modified
21:26, 22 Jun 2016

Tags

Classifications

Public