Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Taney
Advisor
Jump to solution

Get Interfaces / Topology From A Router In R80.10?

I've encountered something odd in R80.10 that seems different from R77.30 functionality. Not sure if this is a bug, or just a change in process that I was unaware of.

In R77.30 management, we would create "Gateway" objects for Cisco Routers. This would allow us to supply SNMP information to pull back the router's topology. This feature was important as it allowed us to accept TACACS from multiple interfaces on the router without having to create individual objects for each interface.

This is an object that was upgraded from R77.30 to R80.10... These objects got moved to the Interoperable Devices category of nodes. However, when you edit the object, it shows as a Gateway Node. Regardless, when you look at the properties, there is a sub-menu for "Other". This is where you can supply the SNMP community strings.

When I try to create a new Interoperable Device, there is no "Other" menu to supply SNMP credentials. There is"Get" button on the Topology menu, but it cannot retrieve the topology without the SNMP community strings. 

If anyone has any insights on this, please let me know!

Thanks,

Dan

R80 CCSA / CCSE
1 Solution

Accepted Solutions
Vladimir
Champion
Champion

Is it possible that the device should be listed as OSE:

OSE Device Properties — General

OSE Device Properties — General

What I can do here?

In this window you can define the general settings of the OSE Device: Name and IP address.

What background information do I need to know?

An Open Security Extension (OSE) Device is a 3rd party enforcement point which represents the router and influences and enforces its security settings. The Security Management server generates Access Lists from the Policy and downloads them to the appropriate device. This Access list represents a very basic security policy which is then enforced on the router. When configuring the OSE Device the user is actually defining the settings for the Access List.

When working with an OSE Device object, the rule base should not contain one of the following. If one of the following is included in the rule base Security Management will fail to generate Access Lists from the rules.

  • Drop (in the Action column)
  • Encrypt (Action)
  • Alert (Action)
  • RPC (Service)
  • AH (Service)
  • ACE (Service)
  • Authentication Rules
  • Negate Cell

View solution in original post

2 Replies
Vladimir
Champion
Champion

Is it possible that the device should be listed as OSE:

OSE Device Properties — General

OSE Device Properties — General

What I can do here?

In this window you can define the general settings of the OSE Device: Name and IP address.

What background information do I need to know?

An Open Security Extension (OSE) Device is a 3rd party enforcement point which represents the router and influences and enforces its security settings. The Security Management server generates Access Lists from the Policy and downloads them to the appropriate device. This Access list represents a very basic security policy which is then enforced on the router. When configuring the OSE Device the user is actually defining the settings for the Access List.

When working with an OSE Device object, the rule base should not contain one of the following. If one of the following is included in the rule base Security Management will fail to generate Access Lists from the rules.

  • Drop (in the Action column)
  • Encrypt (Action)
  • Alert (Action)
  • RPC (Service)
  • AH (Service)
  • ACE (Service)
  • Authentication Rules
  • Negate Cell

Daniel_Taney
Advisor

I wasn't aware of this object type, but it does look like it would suit our purposes. We'll try it out. Thank you!

R80 CCSA / CCSE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events