Page 1 of 1

Unimus trying to enter configuration mode

Posted: Tue Jun 01, 2021 5:38 pm
by gholthaus
I have had a case open (#2269-579-252-72) about this issue since November of last year, but I still have not heard anything back about it despite multiple attempts to get in touch with someone.

I am seeing reports from our AAA servers (we use Cisco ISE) that Unimus is attempting to enter configuration mode on some of our devices. I was under the assumption that Unimus would only need enable mode access in order to run backups. Can you please explain why this might be happening? It's a bit concerning to see Unimus attempting to enter configuration mode when it is not necessary, and it's not configured to do so.

Re: Unimus trying to enter configuration mode

Posted: Fri Jun 04, 2021 3:08 pm
by gholthaus
I was provided the following explanation by a support engineer:
Unimus indeed enters the config mode, but does NOT do any configuration changes during discovery or backup.
It enters the mode to discover (hence the name of the "Discovery" process), which modes are available on the devices.

This is then use for example for Config Push, if you select "Require configure mode", Unimus already has all info about the device discovered, and knows how to enter the config mode.

If you use read-only credentials, Unimus will attempt to enter the config mode during discovery, but fail.
This is also a part of the learning during Discovery, and Unimus would know that Config mode is not available on this devices.

You can see what Unimus learned about the device in "Devices > Info".

This is mentioned in our Discovery documentation, and also in Config Push and Device mode table documentations:
https://wiki.unimus.net/display/UNPUB/Discovery
https://wiki.unimus.net/display/UNPUB/Mass+Config+Push
https://wiki.unimus.net/display/UNPUB/Device+mode+table

Hope this clarifies things.
Obviously I did not read the documentation very carefully! Even so, I do wish there was a way to disable the need for even attempting to enter config mode for deployments like ours where Unimus will rarely (if ever) be used to write config on devices. It's disconcerting to continually have alerts/logs generated about a system trying to enter config mode when I myself haven't specifically configured that system to do so.