NCM SSH/SCP fails to copy Cisco 6500 running-config file

Document ID : KB000047309
Last Modified Date : 14/02/2018
Show Technical Document Details

Symptoms:

There are some devices from the Cisco IOS - SSH Capable NCM device family that are failing in the NCM capture task. Others devices which also have the same IOS version work well. 

If manually run the scp against the problematic device, the operation is successful. 

 

Environment:

CA Spectrum 10.1 in Linux

 

Cause:

Spectrum NCM relies on Mindterm libraries for SSH/SCP implementation. Now this API seems to be complex and there seems to be some inherent issues causing these failures randomly for some devices. 

 

Workaround:

Turning on OpenSSH and bypass Mindterm libraries.

1) Prior to setting up Spectrum we must first configure the system perl environment. Use the cpan executable to install the Net::OpenSSH module and any of its dependencies:

install_Net-OpenSSH.png

 

Follow the steps below to install PERL modules if you are facing any problems with the steps above:

Perl Modules installation on  Linux.

 

 

Open Below Link.

http://search.cpan.org/

Enter The  Net::openssh module to down load and search.

 

 

The download link will appear on the site or use below link.

http://search.cpan.org/CPAN/authors/id/S/SA/SALVA/Net-OpenSSH-0.70.tar.gz.

 

Decompressing and unpacking is best done in a temporary directory somewhere, can usually be done with creating a tmp directory and copy the downloaded module and unpack to a directory in Linux terminal.

 

cd /tmp
tar xzvf yourmodule.tar.gz

 

For a global install (for which Root privileges are needed) do the following:

 

perl Makefile.PL

 

Then build, test and install the module

 

make
make install

 

You can check the perl modules got installed or not with the below command.

 

# instmodsh

Available commands are:

   l            - List all installed modules

   m <module>   - Select a module

   q            - Quit the program

cmd? l

Installed modules are:

   Net::OpenSSH

   Perl

 

cmd?

 

2) Create a new Device Family called OpenSSH

•Right click on Device Families under the Configuration Manager node in OneClick

•Select Create Device Family

 

3) Select the new OpenSSH family and fill in the SSH parameters for Username, Password, and Enable Password.

 

4) Expand the Capture Running Configuration Script sub-view, click the Set link that is next to Capture Running Script.

 

5) Select Create and create a new script called OpenSSH Capture Running Script and use the Import button to import the provided openssh_cap.pl script.

 

6) Click OK in the Create Script dialog. Then select the script in the Select Script dialog and click OK.

 

7) Next, add an addition parameter called Capture Timeout and set it to 300 (seconds). Set the following in the error code mappings as well:

•0 =  Success

•255 = Usage Error

•254 = Invalid timeout value

•252 = Login error

•244 = Error retrieving configuration

•245 = Insufficient privileges

 

8) Expand the Mask Configuration sub-view and copy the masks from the Cisco IOS – SSH Capable family.

•^!

•^ntp clock-period

•.*password 7

•.*password 5

•quit

•certificate self-signed

•(\s+[A-F,0-9]{8})+(\s+[A-F,0-9]{1,8})

 

9) Move some (or all) of the devices you wish to test into the new OpenSSH device family by right clicking on the devices and selecting “Add To -> Device Family”

 

10) Now attempt to capture some device configurations to verify the script is working.