8 Replies Latest reply: Mar 31, 2013 9:58 AM by Joel RSS

    Cisco Network Assistant

    cybermate

      Hi Guys,

       

      I have attached my cisco 2960 Switch with console cable to my PC, install Cisco Network Assistant for the Switch but i am still unable to find any option in CNA to grab all the configuration from Switch in order to create grapfical representation.

       

       

      Guidence is needed..

       

       

      Regards

       

      Kaleem

        • 1. Re: Cisco Network Assistant
          Daniel

          Hi Kaleem,

           

          When you say grab the configuration do you mean that you are unable to access the switch with CNA?

           

          Check out the documentation here:

           

          http://www.cisco.com/en/US/docs/net_mgmt/cisco_network_assistant/version5_0/quick/guide/English/C4K_GSG.html

           

           

          There's also a good guide of how to setup your switch for CNA, provided your IOS have the CNA installed. You can also have a look at the PDF available at the top right of this page where a more detailed explanation is provided. Or grab the PDF from my post .

           

          HTH

          -Daniel

          • 2. Re: Cisco Network Assistant
            cybermate

            Thnaks Daniel for your reply, Actually this is not the issue, i have gone thru its documentation, i am administring the 2960 Series Switch Network, how can i use CNA in that Senario.

             

            Regards

            Kaleem

            • 3. Re: Cisco Network Assistant
              Daniel

              Hi again Kaleem,

               

              I don't understand your question to be honest. How can you use CNA? First you gotta have it installed in your managed device, then you need to enable it on your device (usually ip http-server).

               

              If it's configured, installed and working correctly you should be able to acess your device by it's ip address to have access to a few CLI commands.

               

              CNA is used on a LAN-based PC to manage more than a single device, mostly, and have a sort of GUI for changing configurations, managing routers/switches/access points....just a tool for making your job as an administrator easier to get access to all devices at the same time from the same location. It's a network management application. You need to download the application to a PC and run it from there.

               

              Here is a good FAQ regarding CNA:

               

              http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps5931/prod_qas0900aecd8017a5c2.html

               

              HTH

              -Daniel

              • 4. Re: Cisco Network Assistant
                cybermate

                Thanks again for your detailed reply.

                 

                i can understand what you mean to say, now the thing is i can Telnet any of my switch using private IP 192.168.x.x with username authentication, but when i try to search that switch by giving my management IP, CNA discover that switch and ask for username and pass for authentication.i gave my existing login details and it failed to authenticate that by saying unable to authenticate

                 

                Same issue with all other switches.i have attach screen shot for that, so please have a look for that.

                 

                Regards

                Kaleem Error.JPG

                • 5. Re: Cisco Network Assistant
                  Daniel

                  Hi again,

                   

                  You're welcome! Now i think there is a configuration issue with your switch so that it's not configured properly for CNA to authenticate against it. How is your current configuration?

                   

                  This is usually what is needed for CNA to be able to authenticate from a scratch installation....run these commands:

                   

                  aaa new-model

                  aaa authentication login default local

                  username <your username obviously> password  <the password goes here>

                  ip http server

                  ip http authentication enable

                   

                  (optional) service password-encryption

                   

                  This should setup your switch to accept CNA logins, if this doesn't work. Post your config and i'll see if i can find anything!

                   

                  Edit: You can of course use other authentication than local, but it's a good start to use local to check if your things are working.

                   

                  HTH

                  -Daniel

                  • 6. Re: Cisco Network Assistant
                    cybermate

                    Current configuration : 10583 bytes

                     

                    version 12.2

                     

                    no service pad

                     

                    service timestamps debug datetime msec

                     

                    service timestamps log datetime msec

                     

                    no service password-encryption

                     

                    !

                     

                    hostname ACCESS-SWITCH2

                     

                     

                     

                    boot-start-marker

                     

                    boot-end-marker

                     

                    !

                    enable secret 5 $1$WhKD$o/k.eICpaPGmzzyBcMa311

                     

                    !

                     

                    username teksala password 0 pathfinder

                     

                    username nsh password 0 nsh1

                     

                    no aaa new-model

                     

                    system mtu routing 1500

                     

                    ip subnet-zero

                     

                     

                    ip http server

                     

                    ip http secure-server

                     

                    snmp-server community nsh-nuro RO

                     

                    !

                     

                    control-plane

                     

                    !

                     

                    !

                     

                    line con 0

                     

                    line vty 0 4

                     

                    login local

                     

                    line vty 5 15

                     

                    login local

                     

                    !

                     

                    end

                    • 7. Re: Cisco Network Assistant
                      Daniel

                      Let's see if we can tryand get it to work.

                       

                      I don't know if it was a typo or not, but you need to enable authentication, authorization and accounting first.

                       

                      Enter global configuration and type these commands:

                       

                      aaa new-model

                      aaa authentication login default local

                      ip http authentication enable

                       

                      (optionally configure these usernames/passwords again to be sure)

                       

                      username teksala password 0 pathfinder

                      username nsh password 0 nsh1

                       

                       

                      I don't know if you ahve already tried that, but they weren't in your configuration. You can keep your snmp RO string as well.

                       

                       

                      From looking at that config you seem to have not enabled AAA and defined which authentication method to use (which with the commands above would use a local database).

                       

                      That should let CNA access your switch.

                       

                      -Daniel

                       

                      P.s if that's a production switch please change your usernames and passwords

                      • 8. Re: Cisco Network Assistant
                        Joel

                        Hi?

                        Was this problem resolved? I am facing a similar problem, tried the instructions given above but to no avail. I have noticed the problem is with WS-C2960-24TC-L switches and most of them have had their ssh enabled. I am not able to add the switches to the community, when i try to add and give the username and password the login screen reappears and i get Authentocation error when i cancel it.