1748000 Members
4692 Online
108757 Solutions
New Discussion

IMC Alarm when device is unreachable in SSH or Telnet

 
fykloo
Occasional Visitor

IMC Alarm when device is unreachable in SSH or Telnet

Hello everyone,

I'm currently running an iMC PLAT 7.3 (E0506) for my customer. We use iMC for supervision and administration of our Comware switches that we install site by site.

We use local authentication when we deploy our switch the first time and then we add them into our ClearPass and use Tacacs accounts. The problem I have, is that iMC doesn'f show alarm when devices are not reachable in SSH or Telnet (when the switch is added into ClearPass and tacacs become active).

And at this point, I can't use CLI script on my switches.

Is there any way to display alarm on this ?

Many thanks

5 REPLIES 5
NeilR
Esteemed Contributor

Re: IMC Alarm when device is unreachable in SSH or Telnet

Possibly by using syslog to alarm, if the change shows up in the syslog.

Or using a compliance task to periodically try and log in via ssh or telnet

Either can result in alarm of your chosen severity.

LindsayHill
Honored Contributor

Re: IMC Alarm when device is unreachable in SSH or Telnet

Do you want to check if the device is unreachable via SSH/Telnet, or if authentication is failing? (those are slightly different problems)

fykloo
Occasional Visitor

Re: IMC Alarm when device is unreachable in SSH or Telnet

Hi Neilr,

I don't think this is possible because there's no configuration change on the switch.

And there's nothing on the switch that it can generate a syslog.

IMC may check regularly and generate an alarm itself.

fykloo
Occasional Visitor

Re: IMC Alarm when device is unreachable in SSH or Telnet

Hi Lindsay,

you're right. I want to check if authentication is failing ;)

NeilR
Esteemed Contributor

Re: IMC Alarm when device is unreachable in SSH or Telnet

imc will test by ping and generate an error if no longer pingable.

Snmp will generate a blue indicator - unknown - if it was previously configured, and alarm if can't access MIB

Does not test login credentials to my knowledge. Backup failure will generate an alarm if you have periodic backups set.

yes you are right if no syslog event, then you can't generate an alarm.

But the Compliance center has a check task feature that can issue cli commands and look for return. So a cli task that can't login would generate a failure for the task and a report with a list of devices that did fail or succeed. Might work for you if you periodically schedule