Ionix NCM/VoyenceControl: Login over TACACS protocol to Cisco CatOS switches fails when using CutThru proxy
search cancel

Ionix NCM/VoyenceControl: Login over TACACS protocol to Cisco CatOS switches fails when using CutThru proxy

book

Article ID: 303549

calendar_today

Updated On:

Products

VMware

Issue/Introduction

Symptoms:




Ionix Network Configuration Manager (Ionix NCM) login over TACACS protocol to Cisco CatOS switches fails when using CutThru proxy
Ionix NCM/VoyenceControl login over TACACS protocol to Cisco CatOS switches fails when using CutThru proxy

Ionix NCM/VoyenceControl login over TACACS protocol to Cisco CatOS switches fails and CutThru logs show the following:

Oct 04 15:13:03 163160/cutthru(2715)#4: DASL: termLogin: WARNING - Telnet No Login or Device Prompt detected

Oct 04 15:13:03 163160/cutthru(2715)#4: DASL: termLogin: Sending new line

Oct 04 15:13:03 163160/cutthru(2715)#4: DASL: termLogin: Waiting on device prompts

Oct 04 15:13:03 163160/cutthru(2715)#1: State match:[1007][[^%].*([Ii]ncorrect"[Ii]nvalid"[Bb]ad.*assord"[Ww]rong[^l]"Permission denied"Backup authentication"Authentication failed)] ROSECUTION~~~~~~~username:~~~~[



Environment

VMware Smart Assurance - NCM

Cause

The above problem symptoms occur because the driver does not detect the "username:" prompt and tries to send a newline. This behaves like entering a blank username, and error prompt is generated.  The prompts for CatOS are defined in the following location on the VoyenceControl server:

/opt/voyence/package/pkgxml/CiscoCatOSSwitch/CiscoCatOSSwitchPrompts.xml

<LoginPromptState>

<ID>1004</ID>

<Expr><![CDATA[ ?Username ?:"[Ii][Dd]:]]></Expr>

</LoginPromptState>

<PasswordPromptState>

<ID>1005</ID>

<Expr><![CDATA[assword:"Staff-Only]]></Expr>

</PasswordPromptState>

The pattern "?Username ?:"[Ii][Dd]:" is not able to match "username:".

Resolution

If you encounter this issue, you must create a custompackage entry for the CatOS prompts file and modify it as follows:

  1. On the Ionix NCM/VoyenceControl device server(s), copy the CiscoCatOSSwitchPrompts.xml file found here:

    /opt/voyence/package/pkgxml/CiscoCatOSSwitch/CiscoCatOSSwitchPrompts.xml
     
  2. Paste the CiscoCatOSSwitchPrompts.xml file copied in the preceding step to the following location:

    /opt/voyence/custompackage/pkgxml/CiscoCatOSSwitch/CiscoCatOSSwitchPrompts.xml


    Note: If any of the above directory structure under /opt/voyence/custompackage/ is missing, you must create it before pasting the CiscoCatOSSwitchPrompts.xml file.
     
  3. Edit the custompackage file and change the LoginPromptState pattern so that it matches the following:

    <LoginPromptState>

    <ID>1004</ID>

    <Expr><![CDATA[ ?[Uu]sername ?:"[Ii][Dd]:]]></Expr>

    </LoginPromptState>


    This creates a character class to match either`U or `u for that character position.

     
  4. Attempt the CutThru login again. There should be no need to restart any services as the prompt file lookup is dynamic.
  5. If the login still fails with the same messages in the logs, restart VoyenceControl and try again.
  6. If the issue is still not resolved, ensure that the credentials marked for CUT THRU are correct in the Device Properties > Communication tab of VoyenceControl. There are separate credential assignments for normal management and CutThru.


Powered by Wolken Software