VoyenceControl: Cisco IOS switches fail to "pull config" due to TACACS error for Vlan text
search cancel

VoyenceControl: Cisco IOS switches fail to "pull config" due to TACACS error for Vlan text

book

Article ID: 303522

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:




VLAN text pull shows as completed while startup pull fails with:

Timeout waiting for configuration to build
Pull of startup failed
The "VLAN database" command is not allowed by TACACS

Running the VLAN database command on IOS switches from enable mode gives error:

Command authorization failed.



Environment

VMware Smart Assurance - NCM

Cause

The Cisco IOS switch driver does not know about the " Command authorization failed " error message. After 60 seconds, the " show current " command times out.

Resolution

  1. SSH to your VoyenceControl device server(s)
  2. Make a custompackage out of cisco/stdfuncs.inc:

    mkdir $VOYENCE_HOME/custompackage/cisco
  3. Copy stdfuncs.inc from package to custompackage:

    cp $VOYENCE_HOME/package/cisco/stdfuncs.inc $VOYENCE_HOME/custompackage/cisco
  4. Edit the copy of stdfuncs.inc

    vi $VOYENCE_HOME/custompackage/cisco/stdfuncs.inc
  5. Search for the pullVlanText function:

    /pullVlanText
  6. Edit this function to look like the following:

    pullVlanText(var session){
    var start=TIME;
    session = getSession (MECHANISM, smgrEnableMode);

    addState(session,100,"\\(vlan\\)");
    LOG="Pulling Vlan Text Config";
    send(session,"vlan database\n");
    waitFor(session,5,100);
    startCapture(session);
    send(session,"show current\n");
    waitFor(session,60,"100,10003");
    var thisState=getNextState(session);
    if (thisState==100){
    retVal=endCapture(session);
    send(session,"exit\n");
    waitFor(session,60,stdEnablePromptState);
    RESULT="PULL VLAN Text via Term took "+(TIME-start)+" seconds";
    }
    else if(thisState==10003){
    retVal="";
    ERRORCODE=daslECPermDeny;
    ERROR="PULL VLAN Text failed";
    }
    relSession (session);
    return;
    }
  7. Save and quit the file:

    :wq!
  8. Restart the Voyence service:

    /etc/init.d/voyence restart
     


Additional Information

$VOYENCE_HOME refers to the home directory of VoyenceControl, typically /opt/voyence.


Powered by Wolken Software