This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Download configs from Juniper SRX

Need some assistance on configuring NCM to download configs for Juniper devices

I have tried creating a Connection Profile, but keep getting the following error:

Juniper_timeout.JPG

----- Connection Profile: Juniper SRX-220 -----
--- JUNOS 12.1X44-D35.5 built 2014-05-19 21:36:43 UTC


[2
5;49H


root@WAN_3%

root@WAN_3%

root@WAN_3%

I can login successfully via putty

I want to be able to use NCM to automatically download configs or my SRX devices.

  • First I'd recommend you set up your connection profiles under "Settings" - "NCM Settings" - "Global Settings" and finally "Connection Profiles".  It will look a bit different than what you have there, but you set it up once and can use it on many devices, as well as set it up to be "auto discovered".

    Once you're there, assign a profile name, username and password.   Tell it there is "<No Enable Login>", and no need to set an enable password.   Set it up for "SSH auto" on everything ("Execute Commands and Scripts", "Config Request" and "Transfer Configs".    Leave the telnet port set to 23 and SSH port set to 22.  If you want this to be a credential that is used for auto-discovery, check the box at the bottom.

    That being said, I've had pretty good, but not perfect results doing this.   Sometimes I have to go into "Edit Properties" on the device itself and way at the bottom you will see where it says "Device Template".  I have had to set this to "Juniper" a couple times.  Not sure why.   I almost always have to set it to "Juniper Netscreen" for ScreenOS devices...

    These two things should have you up and running!!   If not, you can go back into "Settings" - "NCM Settings" then "Advanced" and "Advanced Settings" and click on "Enable Session Tracing".  Don't leave this enabled all the time, will fill up your drive!  It will tell you where to see the logfiles on that page too.

    HTH!!

  • ‌hi

    all my junos base nodes use the out of the box template.

    can you use the same connection user name and password with putty?

    can you run  that putty session from the ncm server?

  • Thank you for the reply cnorborg

    I have tried as you said, but without success

    I have created a connection profile as you suggested:

    Once you're there, assign a profile name, username and password.   Tell it there is "<No Enable Login>", and no need to set an enable password.   Set it up for "SSH auto" on everything ("Execute Commands and Scripts", "Config Request" and "Transfer Configs".    Leave the telnet port set to 23 and SSH port set to 22.  If you want this to be a credential that is used for auto-discovery, check the box at the bottom.

    But no luck, I get a different error - Connection refused

    Juniper_Refused.JPG

    Juniper_Refused_results.JPG

    I have downloaded the Juniper SRX device template and installed it

    Juniper-SRX-1.3.6.1.4.1.2636.ConfigMgmt-Commands

    this allows me to select the Juniper SRX device template. but still; no successJuniper SRX_Refused.JPGJuniper_Refused_results.JPG

  • Thank you for the reply sja

    I can in fact connect successfully from Putty on the NCM server

    Juniper_Putty.jpg

  • Not quite sure what to tell you.  If you can SSH to it from your server that is hosting NCM and you have the profile set up correctly, it should work just fine.   "Connection Refused" acts like there is a access-list or something preventing the communications.

    Just to make sure, you only have the one solarwinds server, no additional pollers or anything that might be assigned to poll this node?   If you did have additional pollers you'd need to make sure you could SSH from all of them.

    If everything checks out, I'd probably open a ticket with SW.  They'll probably want to do a webex session with you to figure out why it is this way...

  • ‌mmmm..

    what about other devices? The same issue?

    I Can see that you use root  as login username...

    that mean local no radius user ,you need to type cli to get to the junos OS

    that could  be the problem?

  • Yes, I only have one Solarwinds server that would be connecting to the Juniper devices.

    NCM can successful download configs from other non-Juniper devices

  • sja

    I Can see that you use root  as login username...

    that mean local no radius user ,you need to type cli to get to the junos OS

    that could  be the problem?

    That was definitely the problem.

    I created another user account named "admin" with administrator privileges and created a new connection profile that uses the new account instead of the "root" account and it worked perfectly

    Juniper_successful.JPG

    I can now download running and startup configs from my Juniper devices

    Juniper_configs.JPG

    Thank you all for your assistance