Out of the box, ENA v18.0's configuration monitoring works using a file server. ENA provides a TFTP server to install for Windows. A TFTP server is available as standard for Linux. Although configuration monitoring can make use of TFTP, FTP, SCP and RCP servers, this article will focus on using a TFTP server.
Please find below a brief summary of ENA's configuration monitoring and some troubleshooting suggestions if any issues arise during the procedure.
Summary of the procedure:
- Configuration monitoring relies on obtaining copies of configuration files - a running file (how it's currently configured and running) and a startup (saved) file (in its flash memory, used if the system is rebooted).
- By default, ENA archives 4 different versions of the files going back in time. This figure is configurable. Each entry is a pair of files - the running file and the startup file.
- The system looks for changes between the current pair of files and those in the archive. If ENA finds there to be a significant difference between the current pair of files and the most recent pair of saved files, it will put the new pair of files in the archive. A timestamp change, for example, is not considered significant, but other changes are.
Details of the procedure:
The configuration files are taken from the device in question and transferred to the ENA server:
- This procedure is initiated from ENA. This relies on the script engine logging in to the device CLI in question, negotiating through the necessary prompts and commands, to then cause the running and startup files to be written to the TFTP server.
- By default, the running and startup files land in the home directory of the TFTP server (the TFTP server is actually a process running on the ENA server). By default, these are placed into the cm_transfer directory by the TFTP server.
- When ENA sees the files in the directory, it initiates the check to see if there's a difference between the running configuration file that has just been uploaded and the most recent running configuration file saved in the archive, and the saved configuration file that has just been uploaded and the most recent saved configuration saved in the archive. If there is a significant difference between them, ENA will then check if the archive is full (and if so, will delete the oldest pair of files in the archive), and will then move the newly uploaded files into the cm_archive directory, which is also on the ENA server.
- When the files are moved to the archive directory, they disappear from the transfer directory. If there is no significant difference between the newly uploaded pair of files and the most recently saved pair of files in the archive, the newly uploaded files are simply deleted from the transfer directory. Therefore, within a few seconds, there will no longer be files in the transfer directory.
Different types of file retrieval:
There are 3 types of retrieval:
- change-based retrieval (only available for Cisco devices). Every 5 minutes, this will automatically check the last update time for the running and startup files.
- nightly retrieval.
- manual retrieval.
Possible issues that might arise:
Nothing will happen unless the script engine can successfully log in to the device. This requires CLI credentials.
- When you manually add a device to ENA, there are no fields available to enter the CLI credentials. The CLI Access fields will only become available for a device after you have added it, and go back to the Device Inventory page, select the device and click Modify. From ENA v18.0 P06 upwards, you can also edit CLI credentials directly from the Configuration Monitor Settings form.
Without CLI credentials, the Check Configuration Now button will be greyed out and unavailable on the Device Configuration dashlet of the Configuration Monitor dashboard:
It will become available once the CLI credentials have been entered and you set the Transfer Method in the Configuration Settings dashlet to TFTP. If you've followed these steps and the button is still unavailable, please refresh the page.
Some devices, particularly Cisco devices, have different login privileges. For example, if you have a low privilege login, you will not be able to upload configuration files. Therefore, you will need an account capable of performing the configuration file upload. In Cisco devices, you need an administrative account capable of using the Enable mode.
Some devices are configured so that Enable mode is automatically accessed with the original login password. If the account is not configured directly to Enable mode, then you will need to enter 2 passwords. This is how the two password fields appear in ENA:
Causes of configuration task failure
When you click Check Configuration Now, this starts a Configuration Management task. The Configuration Status dashlet should update after a few minutes, and if you want to see further information, you can navigate to the Configuration Management page via Administration to see the task history (which will include the task that you've just started).
On this page, you can view details of why tasks have failed. Select the task and click Details.
In this window, click Details to drill down into the specifics of the failure.
An example of a cause of failure might be a failure to log in. One way to fix this is access the Remote Terminal for the device, which in some cases might tell you that the device does not have a login set up. If you cannot log in to the device through the Remote Terminal, then the script engine itself will not be able to do so either, because the script engine is simply automating what you can manually do yourself.
If you have been able to log in, you can manually issue the command to copy the running configuration to the cm_transfer directory. This is useful to prove that many steps in the procedure are possible. For example, if the manual transfer had been blocked by a firewall, then you would need to address either a firewall in the network or the configuration of a firewall in the ENA server.