Cisco 9300 series devices are not certified in CA Spectrum
Not sure how my text keeps getting removed from my post (not that it changes it much) but here is what I actually sent:
Actually, for device certifications, we have a different process (because we need files from you for the certification – mibs (possibly) and sapwalk output). Please create a case and upload any specific mibs to add (if we don’t already have them) and run the <SPECROOT>/bin/sapwalk* application against the device. You already know how to run this, but for others that may not…
sapwalk2.exe -i <ip address> -v <snmp version> -s <starting oid> -c <community name> -xv (bridge table oid) -o <outputfile>.walk
Here is a specific example (using linux, just change to sapwalk.exe for windows). You can copy this and change/update the IP,comm string, and filename:
sapwalk2_aes_64bit -i 10.253.190.15 -v v1 -s 22.214.171.124 -c public -xv 126.96.36.199.2.1.17 -o 10.253.190.15.walk
Thanks - I had opened CA Support Case 00914582 - I was told that I needed to add a suggestion here for a device certification!
The case case a full sapwalk attached but I can send another one if needed.
Let me check on it…
ok, looks like it was probably a mistake and should have been submitted. Let me follow up with the engineer to get it submitted.
Thanks for posting this.
I see a support case has been created and will add it to our backlog.
Spectrum Product Management.
It would be great to add the 9300 model, but also the 9400 and 9500 (part of the new Catalyst 9k series which will supersede the 3850s).
Any chance that someone has 9400s or 9500s that they are willing to help get certified?
We would want to have the simulation for 9400s or 9500s. I request you to create a certification request, i'll have them done in a one go.
I can create a request but I don't have the actual hardware to perform an SNMP walk.
Is your team equipped with 9400s and 9500s?
Can you give a quick recap of how to open a certification request?
Is certification is available for Catalyst 9300, 9400 and 9500 Series
Case is still open with CA so probably still in progress...
Thank you for the response, please let me know once you have update from CA Support
Did you got any update from CA Support
Hi, Did you receive any update from CA Support?
Last update was from 1-January-2018:
"For your information, we have submitted this Enhancement Request (ER) to our Level 2"
Nothing since then!
We have an important customer who is using more and more of these devices Cisco 9300 : System OID 188.8.131.52.184.108.40.206.2494 .
Spectrum is on version 10.2.3 + Spectrum_10.02.03.BMP_10.2.301 (06/05/18) + Spectrum_10.02.03.Cert_Pack_002 (07/19/18)
Any feedback on this Cert ?
I will follow up with Sarbdeep, the Cert owner and check status of these. Thanks
Did these devices ever get certified? I have a customer that is trying to monitor these devices and they are still coming up as Generic SNMP.
I opened a case for this with CA in September 2018- last update is:
"I have requested information from the SE to see in which BMP cert package this is going to be implemented"
Not sure why these devices are taking so long...
I do not see where these have been certified out of the box.
You can use the Device Certification tool to self certify them.
Certifications - CA Spectrum - 10.2 to 10.2.3 - CA Technologies Documentation
Is there any functional parity between self certification and having it be certified by CA?
This would be a nice alternative if it actually worked.
Aspire Technical Professionals
Direct Managed CA Platinum Services Partner
On Fri, Dec 7, 2018 at 9:42 AM ackjo04 <
After rediscovering the device, this change fixed it.
Requested the certification as well..
For what I have heard the release date was beginning of Januari 2019.
This certification has now been released.
Solutions & Patches index.
The certification released is for 9300, but not for 9400 or 9500. Are these planned to be released in the next cert pack?
Cisco Catalyst 9410R Switch OID - 220.127.116.11.18.104.22.168.2501
Cisco Catalyst 9407R Switch OID - 22.214.171.124.126.96.36.199.2500
are included, but I will have to see if 9500 is still being considered.
Any news regarding the Catalyst 9500?
Has anyone installed this new patch and tested Cisco 9300 series switches? It does not seem to have made any change to how they are modeled.
They model as SwCiscoIOS...If you already self certified them this way then there wouldn't be much difference. If you didn't, then they would change from GnSNMPDev to SwCiscoIOS after running the NewMM.pl script.
Were you expecting them to be something else?
Thanks - no the problem seems to be that they stay in the "Cisco IOS" device family when I would expect them to be in "Cisco IOS - SSH Capable" - SSH is active on the switch and works from the Spectrum server.
I'm guessing the firmware info doesn't have "K9" in it.
To place a device into the Cisco IOS - SSH Capable family, the following conditions must be met:
■ The device descriptor must indicate a firmware version of 12.2 (18) or greater.
■ The feature set must contain letters “K9” indicating the device has the necessary encryption functionality that is needed for SCP.
■ SSH v2 access for the device must be unblocked at the time of discovery.
Note: If SSH v2 access to the device is blocked (for example, with a firewall) at the time of discovery, put the device in the Cisco IOS device family.
Network Configuration Manager supports SSH v2 only. Network Configuration Manager does not support SSH v1.
For example, a device with the following description is placed in the Cisco IOS - SSH Capable family:
Cisco IOS Software, 7200 Software (C7200-JK9S-M), Version 12.3(14)T6, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Thu 05-Jan-06 05:36 by dchih
A device with the following description is placed in the Cisco IOS family and is not capable of obtaining configurations using SSH/SCP:
Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-J1S3-M), Version 12.3(17a), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Mon 12-Dec-05 1
You're right - IOS-XE versions for these switches no longer contain K9 - changed to 9K by Cisco -eg:
So we see this in Spectrum:
Cisco IOS Software [Everest], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 16.6.4, RELEASE SOFTWARE (fc3
I guess the only solution to this is to have 9K also recognized as SSH capable? I do not see Cisco changing the name of their IOS...
Retrieving data ...