Idea Details

Cisco 9300 series device certification

Last activity 06-13-2019 10:07 AM
omasri's profile image
12-19-2017 04:33 AM

Cisco 9300 series devices are not certified in CA Spectrum

OID 1.3.6.1.4.1.9.1.2494


Comments

02-04-2019 04:03 AM

You're right - IOS-XE versions for these switches no longer contain K9 -  changed to 9K by Cisco -eg:

 

cat9k_iosxe.16.06.05.SPA.bin

cat9k_iosxe.16.06.04a.SPA.bin

cat9k_iosxe.16.09.02.SPA.bin

 

So we see this in Spectrum:

Cisco IOS Software [Everest], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 16.6.4, RELEASE SOFTWARE (fc3


I guess the only solution to this is to have 9K also recognized as SSH capable? I do not see Cisco changing the name of their IOS...

 

 

 

02-01-2019 03:18 PM

Hi Omar,

  I'm guessing the firmware info doesn't have "K9" in it.

Cheers

Jay

 

To place a device into the Cisco IOS - SSH Capable family, the following conditions must be met:

■ The device descriptor must indicate a firmware version of 12.2 (18) or greater.

■ The feature set must contain letters “K9” indicating the device has the necessary encryption functionality that is needed for SCP.

■ SSH v2 access for the device must be unblocked at the time of discovery.

Note: If SSH v2 access to the device is blocked (for example, with a firewall) at the time of discovery, put the device in the Cisco IOS device family.

 

Network Configuration Manager supports SSH v2 only. Network Configuration Manager does not support SSH v1.

 

For example, a device with the following description is placed in the Cisco IOS - SSH Capable family:

Cisco IOS Software, 7200 Software (C7200-JK9S-M), Version 12.3(14)T6, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Thu 05-Jan-06 05:36 by dchih

 

A device with the following description is placed in the Cisco IOS family and is not capable of obtaining configurations using SSH/SCP:

Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Mon 12-Dec-05 1

02-01-2019 11:48 AM

Hi Jason

Thanks - no the problem seems to be that they stay in the "Cisco IOS" device family when I would expect them to be in "Cisco IOS - SSH Capable" - SSH is active on the switch and works from the Spectrum server.

Thanks

02-01-2019 11:26 AM

Hi Omar,

 They model as SwCiscoIOS...If you already self certified them this way then there wouldn't be much difference.  If you didn't, then they would change from GnSNMPDev to SwCiscoIOS after running the NewMM.pl script.

 

Were you expecting them to be something else?

Cheers

Jay

02-01-2019 03:40 AM

Has anyone installed this new patch and tested Cisco 9300 series switches? It does not seem to have made any change to how they are modeled.

01-29-2019 05:28 AM

Hey Jeff,

 

Any news regarding the Catalyst 9500?

01-18-2019 12:47 PM

Cisco Catalyst 9410R Switch OID - 1.3.6.1.4.1.9.1.2501

Cisco Catalyst 9407R Switch OID - 1.3.6.1.4.1.9.1.2500

 

are included, but I will have to see if 9500 is still being considered. 

01-18-2019 11:25 AM

Hi Jeff,

 

The certification released is for 9300, but not for 9400 or 9500. Are these planned to be released in the next cert pack?

01-18-2019 10:12 AM

This certification has now been released.

 Solutions & Patches index.

12-11-2018 06:24 AM

After rediscovering the device, this change fixed it. 

12-11-2018 03:03 AM

Requested the certification as well..

For what I have heard the release date was beginning of Januari 2019.

 

Nick

12-08-2018 11:44 AM

This would be a nice alternative if it actually worked.

 

Ray Cook

rcook@aspiretp.com

Senior Consultant

Aspire Technical Professionals

Direct Managed CA Platinum Services Partner

Cell:330-391-8037

http://www.aspiretp.com

 

 

 

 

 

On Fri, Dec 7, 2018 at 9:42 AM ackjo04 <

12-08-2018 05:46 AM

Hi,

 

Is there any functional parity between self certification and having it be certified by CA?

12-07-2018 09:44 AM

I opened a case for this with CA in September 2018- last update is:

"I have requested information from the SE to see in which BMP cert package this is going to be implemented"

 

Not sure why these devices are taking so long...

12-07-2018 09:42 AM

Ray,

 

I do not see where these have been certified out of the box.

 

You can use the Device Certification tool to self certify them.

 

Certifications - CA Spectrum - 10.2 to 10.2.3 - CA Technologies Documentation 

 

Joe

12-07-2018 09:36 AM

Did these devices ever get certified? I have a customer that is trying to monitor these devices and they are still coming up as Generic SNMP.

08-10-2018 08:18 AM

I will follow up with Sarbdeep, the Cert owner and check status of these. Thanks

 

HTH

Jay V

08-10-2018 05:33 AM

Hello,

 

We have an important customer who is using more and more of these devices  Cisco 9300 : System OID 1.3.6.1.4.1.9.1.2494 .

 

Spectrum is on version 10.2.3 + Spectrum_10.02.03.BMP_10.2.301 (06/05/18) + Spectrum_10.02.03.Cert_Pack_002 (07/19/18)

 

Any feedback on this Cert ?

07-12-2018 11:08 AM

Last update was from 1-January-2018:

 

"For your information, we have submitted this Enhancement Request (ER) to our Level 2"

 

Nothing since then!

07-12-2018 10:22 AM

Hi, Did you receive any update from CA Support?

02-13-2018 04:55 AM

Did you got any update from CA Support

02-08-2018 03:41 AM

Thank you for the response, please let me know once you have update from CA Support 

02-08-2018 03:33 AM

Case is still open with CA so probably still in progress...

02-08-2018 03:20 AM

Hello,

 

Is certification is available for Catalyst 9300, 9400 and 9500 Series

12-21-2017 08:35 AM

I can create a request but I don't have the actual hardware to perform an SNMP walk.

Is your team equipped with 9400s and 9500s?

 

Can you give a quick recap of how to open a certification request?

12-21-2017 04:39 AM

Thanks Lilah!!!

We would want to have the simulation for 9400s or 9500s. I request you to create a certification request, i'll have them done in a one go.

 

Thanks,
Sarb

12-21-2017 03:41 AM

It would be great to add the 9300 model, but also the 9400 and 9500 (part of the new Catalyst 9k series which will supersede the 3850s).

 

Any chance that someone has 9400s or 9500s that they are willing to help get certified?

12-19-2017 10:13 AM

Thanks for posting this.

I see a support case has been created and will add it to our backlog.

 

Regards,

Sarbdeep Singh

Spectrum Product Management.

12-19-2017 09:36 AM

ok, looks like it was probably a mistake and should have been submitted.  Let me follow up with the engineer to get it submitted.

Cheers

Jay

12-19-2017 09:33 AM

Let me check on it…

12-19-2017 08:53 AM

Hi Jay

 

Thanks - I had opened CA Support Case  00914582 - I was told that I needed to add a suggestion here for a device certification!

The case case a full sapwalk attached but I can send another one if needed.

12-19-2017 08:46 AM

Not sure how my text keeps getting removed from my post (not that it changes it much) but here is what I actually sent:

 

Hi Omar,

Actually, for device certifications, we have a different process (because we need files from you for the certification – mibs (possibly) and sapwalk output).  Please create a case and upload any specific mibs to add (if we don’t already have them) and run the <SPECROOT>/bin/sapwalk* application against the device.  You already know how to run this, but for others that may not…

 

Example:

 

sapwalk2.exe -i <ip address> -v <snmp version> -s <starting oid> -c <community name> -xv (bridge table oid) -o <outputfile>.walk

 

Here is a specific example (using linux, just change to sapwalk.exe for windows).  You can copy this and change/update the IP,comm string, and filename:

sapwalk2_aes_64bit -i 10.253.190.15 -v v1 -s 1.3.6.1 -c public -xv 1.3.6.1.2.1.17 -o 10.253.190.15.walk

 

Cheers

Jay