Filter
Top Products
A-40
User Guide for Resource Manager Essentials 4.1
OL-11714-01
Appendix A RME Troubleshooting Tips and FAQs
Software Management
A.
Software Management supports upgrading devices that are configured for TACACS or Radius
authentication. An exception is software upgrades on the Run-from-Flash partition if the device is
configured with Radius protocol authentication. The Common Services Device and Credential
Repository must be configured with the appropriate information to access the device.
Q.
Can I configure default privileges on terminal lines for Cisco IOS devices that Software
Management has upgraded?
A.
Software Management upgrades software by using the Telnet interface or Command-Line Interface
(CLI) on devices that do not support enough Management Information Base (MIB) instrumentation
for software management.
Software Management uses Telnet to connect into the devices and executes privileged commands
such as copy tftp flash, copy flash tftp, erase flash, show version, copy flash modem to perform
upgrades.
Software Management modifies the configuration file using the Telnet interface to upgrade the
software. For Software Management to work on a device, there are some restrictions on how default
privileges and enable mode authentication are configured.
The restrictions apply to only those Cisco IOS devices that are managed by Software Management
through the Telnet interface. Cisco 700 Series and Catalyst 5000/6000/4000 devices are not affected.
Restrictions include the following:
• Software Management tries to run the above CLI commands from privilege level 15. The user
must always configure an enable password/secret for privilege level 15, and the same
password/secret must be entered in the Device and Credential Repository.
If the device is configured with TACACS authentication for enable mode access, then the
Enable TACACS user name and password must be entered in the Device and Credential
Repository. The Enable User name and password authenticated by TACACS+ server always
should receive a privilege level of 15.
• The default privilege level configured on a vty line must allow Software Management to run the
CLI commands mentioned earlier as well change the configuration file on the device. The
privilege level does not need to be 15, but setting the privilege level to 15 guarantees Software
Management can always work on the device.
See Q.How are the device credentials mapped in Device and Credential Repository? for information
on how Device and Credential Repository maps the device credentials.
Q.
What is Job Approval?
A.
Job Approval allows an organization to require approvals before an administrator distributes
software images. When an image distribution job is created, the administrator (or whoever creates
the job) selects from a list of users who can approve the job.
For the job to run, one of the users on the approver list must approve it before its scheduled time. If
the job is not approved, it will be rejected at the scheduled time.
Q.
What is the approver list?
A.
An approver list consists of user names in RME who have the authority to approve software
upgrades.
The following steps are required:
a. Create a approver (Common Service > Server > Security > Single-Server Management >
Local User Setup > Add).