Cisco LAN Management Solution 2.

6
Deployment Guide

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 64
Page 1 of
64

Deployment Guide

Table of Contents
Table of Contents .............................................................................................................................. 2
1. Cisco LAN Management Solution 2.6 Deployment Guide ............................................................. 4
Introduction................................................................................................................................... 4
Applications Included in LMS 2.6............................................................................................. 4
Versions Available for LMS 2.6................................................................................................ 5
LMS 2.6 Architecture .................................................................................................................... 5
Common Services and DCR.................................................................................................... 6
Device and LMS Workflow ........................................................................................................... 6
2. Setting up Devices on the Network ............................................................................................... 8
Device Setup Elements ................................................................................................................ 8
System Name .......................................................................................................................... 8
Domain Name.......................................................................................................................... 8
SNMP Settings ........................................................................................................................ 9
System Reload ...................................................................................................................... 10
Command Line Prompts ........................................................................................................ 10
Telnet/SSH ............................................................................................................................ 10
Syslog Messages................................................................................................................... 11
Remote Copy Protocol (rcp) .................................................................................................. 11
Configuring Protocols ................................................................................................................. 12
Cisco Discovery Protocol (CDP) ............................................................................................ 12
Secure Copy Protocol (scp) ................................................................................................... 13
HTTP and HTTPS Servers .................................................................................................... 13
Configuring Multiple Spanning-Tree ...................................................................................... 14
Configuring Multiple Instance Spanning-Tree ........................................................................ 15
Configuring Per-VLAN Spanning Tree+................................................................................. 16
Configuring VLAN Trunk Protocol (VTP)................................................................................ 17
3. Cisco LAN Management Solution 2.6 Installation Requirements ................................................ 20
Solaris OS Installation Requirements ......................................................................................... 20
Recommended Solaris Disk Layout ....................................................................................... 20
Windows OS Installation Requirements ..................................................................................... 21
Recommended Order for Installing LMS Applications ................................................................ 21
Ports Used by LMS Applications............................................................................................ 22
Licensing Terminology and Process3......................................................................................... 24
4. Initial Setup of the LAN Management Solution 2.6 Server .......................................................... 25
Application Mode Settings in LMS Applications.......................................................................... 25
Protocol Setup............................................................................................................................ 26
Configuration Management.................................................................................................... 26
Software Image Management................................................................................................ 27
Setting Up Security..................................................................................................................... 27
Certificate Setup .................................................................................................................... 27
Setting up the Cisco Secure Access Control Server .................................................................. 28
Integrating LMS Servers with ACS ........................................................................................ 28
Setting Permissions for Performing Tasks on Devices ............................................................... 30
Enabling HTTPS on an LMS Server ...................................................................................... 31
Single Sign-On....................................................................................................................... 31
5. Populating Devices in Cisco LAN Management Solution 2.6 ...................................................... 32
Campus Manager Device Discovery .......................................................................................... 32
Defining a Seed Device in Campus Manager ........................................................................ 32
Bulk Device Import to Device and Credentials Repository ......................................................... 33
Device Credentials Update......................................................................................................... 34
Device Management .................................................................................................................. 34
Adding Devices to RME From DCR ....................................................................................... 34
Viewing Configuration Collection Status in RME ................................................................... 35
Collecting Devices’ Startup and Running Config ................................................................... 35
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 64

Deployment Guide

Verification of Device Import Status in LMS Applications....................................................... 35
6. Server Administration in Cisco LAN Management Solution 2.6................................................... 37
Common Services ...................................................................................................................... 37
Creating User Defined Groups............................................................................................... 37
Backing Up LMS Data ................................................................................................................ 37
Restoring LMS Data ................................................................................................................... 38
Example Restore Operation (Solaris) .................................................................................... 38
Campus Manager....................................................................................................................... 38
Campus Manager Device Discovery...................................................................................... 39
Campus Manager Data Collection ......................................................................................... 40
User Tracking Module............................................................................................................ 40
Hierarchical Groups in Campus Manager .............................................................................. 41
Resource Manager Essentials.................................................................................................... 41
Inventory Collection/Polling.................................................................................................... 41
Configuration File Collection and Polling ............................................................................... 42
Purge Policies........................................................................................................................ 42
Syslog .................................................................................................................................... 43
Change Audit ......................................................................................................................... 44
SWIM Baseline Collection...................................................................................................... 44
Job Management ................................................................................................................... 45
Importing Devices into Internetwork Performance Monitor ......................................................... 46
Device Fault Manager ................................................................................................................ 46
Daily Purging Schedule.......................................................................................................... 46
Forwarding SNMP Traps ....................................................................................................... 46
Receiving SNMP Traps.......................................................................................................... 47
Default SMTP Server ............................................................................................................. 47
Rediscovery ........................................................................................................................... 47
Group Administration ............................................................................................................. 47
Polling and Threshold Management ...................................................................................... 47
View Management ................................................................................................................. 47
CiscoView................................................................................................................................... 48
Device Center ........................................................................................................................ 48
7. Network Management in Cisco LAN Management Solution 2.6.................................................. 50
Fault Monitoring.......................................................................................................................... 50
Set Up Tasks ......................................................................................................................... 50
Fault and Alerts Notification Services .................................................................................... 51
Fault History........................................................................................................................... 51
Alerts and Activities ............................................................................................................... 51
Baseline Configuration ............................................................................................................... 51
Preprovisioning Devices ........................................................................................................ 52
Data Extraction from LMS Applications ...................................................................................... 52
Campus Data Extraction Engine............................................................................................ 52
Possible Combinations of cmexport Commands ................................................................... 53
Resource Manager Essentials Data Extraction Engine.......................................................... 56
Internetwork Performance Monitor Export ............................................................................. 60
The DCR Command Line Interface........................................................................................ 61
UT Reports ................................................................................................................................. 61
Configuring Syslog on Devices................................................................................................... 62
VLAN Recommendations ........................................................................................................... 62
Ether Channel and Trunk Deployment ....................................................................................... 63
Ether Channel Configuration.................................................................................................. 63
Trunk Configuration ............................................................................................................... 63
Change Management ................................................................................................................. 63

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 64

and software images—as well as Syslog analysis.5 Common Services 3.5 To support life cycle management. Inc.Deployment Guide 1.6 will also be discussed. and troubleshooting of Cisco networks. This document is Cisco Public Information. Cisco LAN Management Solution 2.6. All rights reserved. and identification and localization of network trouble. detect network discrepancies. Some concepts related to multi-server deployment that have been introduced in LMS 2. helping enterprises deploy and manage solutions. It provides IT organizations an integrated system for sharing device information across management applications.5 provides “front panel” graphical displays of Cisco devices. With increasing reliance on networks to increase productivity.6 Campus Manager provides the ability to visualize network topology. CiscoWorks LMS delivers a unique platform of crossfunctional management capabilities that reduces network administration overhead and provides upper-layer systems integration. monitoring.5 includes both CiscoView 6. ● Resource Manager Essentials (RME) 4. References will be provided for detailed discussions in the respective white papers. automation of device management tasks. ● Campus Manager (CM) 4. How does an enterprise effectively deploy and maintain their network devices? CiscoWorks LAN Management Solution (LMS) provides the integrated management tools needed to simplify the configuration. All contents are Copyright © 1992–2008 Cisco Systems.5 provides a set of shared application services that are used by all LMS applications. ◦ CiscoView 6.0.0. By using common centralized systems and network-inventory knowledge. visibility into the health and capability of the network. and provide Layer 2 and Layer 3 data and voice traces and end-host user information.6 is an integration module that supports third-party network management systems. administration.6 Deployment Guide Introduction Network management is critical in today’s networks. Such increase in the number of network elements creates a challenge for network administrators. RME provides the ability to manage device inventory and audit changes. This deployment guide considers scenarios where all applications reside on a single server and provides tips and suggestions on configuring the server. Page 4 of 64 .0.1 and Integration Utility 1.6 LAN Management Solution (LMS) 2. Applications Included in LMS 2. configuration files. ◦ Integration Utility 1.1.0.6 includes the following components: ● CiscoWorks Common Services 3. Common Services 3. allowing users to easily interact with device components to change configuration parameters and monitor statistics.0. enterprises are confronted with an ever growing network size. manage VLANs.

LMS 2.6. Page 5 of 64 .x Unlimited version or from LMS 2.6 Internetwork Performance Monitor measures network performance based on the synthetic ® traffic generation technology within the Cisco IOS software.x to LMS 2. The device limit for this version is 300 devices.6 Device Fault Manager provides the ability to monitor device faults in real-time and determine the root cause by correlating device-level fault conditions. Inc.6 You can select one of the following two versions of LMS 2.x Unlimited version or from LMS 2. Fault History lets the operator store and access historical information about alerts and faults that are detected and processed by DFM. IPM takes advantage of Cisco IOS IP SLA3 technology by configuring network performance agents. All rights reserved. called collectors.6 server and how the applications residing on a single LMS server interact to obtain device information. Versions Available for LMS 2. Using synthetic traffic gives the network manager a high degree of flexibility in selecting the end points in a network between which network performance will be measured. All contents are Copyright © 1992–2008 Cisco Systems. This document is Cisco Public Information. ● Internetwork Performance Monitor (IPM) 2.0.Deployment Guide ● Device Fault Manager (DFM) 2. These collectors.6 is for customers transitioning from LMS 1.x to LMS 2. as part of their configuration. This flexibility makes IPM a highly effective performance-troubleshooting tool. include a source router. a target device and an operation type. This version has no limit on the number of devices it can support.6 Architecture Figure 1 shows the architecture diagram of an LMS 2. which is known as Cisco IOS IP SLA. ● Large Enterprise Version The Large Enterprise version is for customers transitioning from LMS 1. in the router. DFM can issue notifications of critical network conditions via email or pager.6: ● Restricted Version The Restricted version of LMS 2.6.

Subsequent chapters describe the setup and workflow processes in detail. Page 6 of 64 . This document is Cisco Public Information. LMS 2. All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide Figure 1. All rights reserved.6 applications use Common Services as shown in Figure 1. devices populated in DCR can be automatically populated in different applications. For more information on this. This document only briefly describes some of the basic configuration that can be achieved in a multi-server setup. Device Credential and Repository (DCR) is part of Common Services and acts as a central secure repository for all the device and credential information. Inc. see the Application Mode Settings in LMS Applications. page 24. The Device and Credential Repository also helps in a multi-server setup. Device and LMS Workflow Figure 2 summarizes the device and LMS setup workflow. All applications within LMS request DCR for device credential information. Since there is a common device and credentials repository.6 Architecture Common Services and DCR LMS 2.

Deployment Guide Figure 2. All rights reserved. Page 7 of 64 . This document is Cisco Public Information. Device and LMS Setup Workflow All contents are Copyright © 1992–2008 Cisco Systems. Inc.

Deployment Guide

2. Setting up Devices on the Network
LAN Management Solution (LMS) 2.6 helps to manage Cisco devices on the network. But before
LMS 2.6 can function correctly, the network devices it touches must be set up correctly. The
information provided in this chapter is a general description of the means and procedures
recommended to ensure that the network devices are set up correctly.
Note:

This chapter provides a great deal of information on the device configuration procedures

required to manage devices using CiscoWorks LAN Management Solution. But keep in mind that
this document is not intended to be a comprehensive configuration guide for LMS 2.6. For
additional configuration details, please contact a Cisco certified network engineer if possible and
refer to pertinent documents that are posted on Cisco.com.
Tip:

Prior to LMS deployment, in the case of Cisco IOS and Catalyst OS devices, all

configuration changes must be saved to non-volatile memory (NVRAM) using the following
commands:
write memory or copy running-config startup-config.
Please note that these two commands are provided to save pre-LMS deployment configuration
changes. After LMS is deployed, configuration changes are saved automatically where appropriate
and no user intervention is required. Newer versions of Catalyst OS devices have separate running
and startup configurations.

Device Setup Elements
This section describes each of the elements in the device setup that needs to be attended to.
System Name
Each Cisco IOS device in the network must have a unique system name (sysName) to discover all
devices. The system name is also populated in the Cisco Discovery Protocol (CDP) table. If there
are duplicate system names on the network, LMS will discover only one device by that name on the
network. On Cisco IOS devices, the domain name also affects the system name.
You can set up the system name by using the following commands:
Cisco IOS Devices
hostname <name>
Cisco Catalyst OS Devices
set system name <name>
Domain Name
You can set a domain name on a Cisco IOS or a Catalyst OS device. Set up the domain name by
using the following commands:
Cisco IOS Devices
ip domain-name <name>
Cisco Catalyst OS Devices
set system name <name with domain name>

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 8 of 64

Deployment Guide

SNMP Settings
LAN Management Solution uses Simple Network Management Protocol (SNMP) community strings
to read and write information from and to the devices.
Note:

LMS supports SNMP AuthNoPriv mode of SNMP v3.

Enabling SNMP v3 on Cisco IOS Devices
To enable SNMP v3 on Cisco IOS devices, follow these steps:
Step 1. Create a view.
snmp-server view campus oid-tree included
Step 2. Set the security model.
snmp-server group cmtest v3 auth read campus write campus access
access-list
Step 3. Create a user and specify the authentication protocol to be used.
snmp-server user cmtester campus v3 auth md5 password
Step 4. Create a group and associate the user with it.
snmp-server user cmtester cmtest v3
Enabling SNMP v3 on Catalyst OS Devices
To enable SNMP v3 on Catalyst OS devices, follow these steps:
Step 1. Create a view.
set snmp view campus 1.3.6.1 included nonvolatile
Step 2. Set the security model.
set snmp access cmtest security-model v3 authentication read campus
write campus nonvolatile
Step 3. Create a user and specify the authentication protocol to be used.
set snmp user cmtester authentication md5 cisco123
Step 4. Create a group and associate the user with it.
set snmp group cmtest user cmtester security-model v3 nonvolatile
Enabling SNMP v1 or v2c on Cisco IOS Devices
To enable SNMP v1 or v2 on Cisco IOS devices, follow these steps:
Step 1. snmp-server community <read-community-string> ro
Step 2. snmp-server community <write-community-string> rw
Enabling SNMP v1 or v2c on Cisco Catalyst OS Devices
To enable SNMP v1 or v2c on Cisco Catalyst OS devices, set as follows:
Step 1. set snmp community read-only <read-community-string>
Step 2. set snmp community read-write <write-community-string>
The community strings configured on the devices must match the community strings entered in the
DCR (Device Credential Repository) component in LMS.
Enabling Traps in Catalyst OS Devices to Be Sent to a Particular Host
To enable traps in Catalyst OS devices to be sent to a particular host, enter this command:
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 9 of 64

Deployment Guide

set snmp trap 192.168.124.24 public
Enabling Traps in IOS Devices to Be Sent to a Particular Host Using SNMP v2c
To enable traps in IOS devices to be sent to a particular host using SNMP v2c, enter t his
command:
snmp-server host 192.168.124.24 traps version 2c public
In these examples for enabling traps, the public community string helps selective processing of
traps on the trap-receiving side.
System Reload
After a software image distribution operation using Resource Manager Essentials (RME) is
completed, RME will reload the device if so specified in the Image Distribution job. RME will be able
to reload any device (IOS or Catalyst OS) only if an SNMP manager (in this case, RME) is allowed
to reset the agent.
The following command is needed on Cisco IOS devices only:
snmp-server system-shutdown
Command Line Prompts
To utilize the NetConfig capability to execute batch changes on devices, Cisco device command
line prompts must meet the requirements described in this section.
Note:

Customized prompts should also fulfill these requirements.

Cisco IOS Devices

The Login prompt should end with an angle bracket (>).

For example: Cisco>

The Enable prompt should end with a pound sign (#).

For example: Cisco#
Cisco Catalyst OS Devices
The Enable prompt must end with “(enable).”
For example: Cisco(enable)
Telnet/SSH
Telnet is one of the protocols that can be used by RME for configuration management. You can
enable Telnet using the following commands.
To enable Telnet on Cisco IOS devices and Catalyst OS devices, enter these commands:
line vty 0 4
password <password>
login
exec-timeout 0 0
Note:

More than four VTY lines can be selected for log in.

Different authentication on different VTY lines is not supported.SSH provides for a secure
communication with the device.

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 10 of 64

In the case of remote Syslog Analyzer and Collector. this parameter is the IP address of the remote Syslog Analyzer and Collector. rcp must be enabled on the network devices—rcp can be enabled only on devices running Cisco IOS as shown in the following sample commands: username cwuser password 7 000C1C0A05 ip rcmd rcp-enable ip rcmd remote-host cwuser 172. especially RME. All rights reserved. SSH configuration requires that the domain name must be configured. Cisco IOS Devices Enable Syslog messages on Cisco IOS devices from global configuration mode: logging on logging <server-ip-address> logging trap <logging-level> Note: To limit the number of messages sent to the syslog servers. For LMS to be able to provide configuration and software management using rcp.17. use the logging trap configuration command above. the server IP address entered here is the address of the RME server.221 cwuser enable ip rcmd remote-username cwuser Note: The value of <remote-username> and <local-username> entered in the device should match the RCP User value provided in the LMS server. This All contents are Copyright © 1992–2008 Cisco Systems. Remote Copy Protocol (rcp) Remote Copy Protocol (rcp) is one of the protocols that can be used by RME for configuration management and software image management. This document is Cisco Public Information. use TACACS. The default value is cwuser. Syslog Messages Syslog messages can be enabled on Cisco devices to further use the capability of LMS.246. Inc. Catalyst OS Devices To enable Syslog messages on Catalyst OS devices: set logging server enable set logging server <server-ip-address> set logging level all <logging-level> default Tip: The <server-ip-address> parameter is the IP address of the LMS server.Deployment Guide Cisco IOS The following example configures SSH control parameters on a router running Cisco IOS: ip ssh timeout 120 ip ssh authentication-retries 3 Catalyst OS The following examples configure SSH in Catalyst OS: (enable) set crypto key rsa 1024 (enable) set ipNote: Note: For greater access control and logging facilities. In case of multiple servers. Page 11 of 64 .

Enabling or Disabling CDP on Cisco IOS Devices CDP is enabled on Cisco IOS devices by default. CDP is a Cisco proprietary Layer 2 protocol that is media and protocol independent. and runs on all Cisco-manufactured equipment. All rights reserved. To enable CDP globally: cdp run To enable CDP on specific interfaces only: cdp enable Use the no command to disable CDP capability on Cisco IOS devices. This document is Cisco Public Information. these packets (frames) are not routed. Campus Manager will use the following protocols in their respective technology: ILMI in LANE/ATM networks and ELMI on Stratacom Frame Relay networks. Enabling or Disabling CDP on Cisco Catalyst OS Devices CDP is enabled on Cisco Catalyst OS devices by default. and to send SNMP queries to those devices.Deployment Guide value can be reset by traversing through the following user interface links in the LMS server: CWHP > Common Services > Server > Admin > System Preferences. A Cisco device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighbors. Campus Manager can discover the network topology only when CDP is enabled on those devices. To enable CDP capability on Catalyst OS devices use the following commands. Since it is a Layer 2 protocol. Inc. Page 12 of 64 . To enable CDP globally: set cdp enable To enable CDP on specific ports only: set cdp enable [mod/port] All contents are Copyright © 1992–2008 Cisco Systems. To enable CDP capability on IOS devices use the following commands. Configuring Protocols This section describes the basic configuration procedures for the following protocols: ● Cisco Discovery Protocol (CDP) ● Remote Copy Protocol (rcp) ● Secure Copy Protocol (scp) ● HTTP and HTTPS Protocols ● Multiple Spanning-Tree Protocol (MST) ● Multiple Instance Spanning-Tree Protocol (MIST) ● Per-VLAN Spanning Tree Protocol (PVST+) ● VLAN Trunk Protocol (VTP) Cisco Discovery Protocol (CDP) Cisco Campus Manager uses Cisco Discovery Protocol (CDP) to discover Cisco devices on the network. Enabling CDP on devices allows Campus Manager to learn information about neighboring devices.

For related information. Note: You may skip this step if a network-based authentication mechanism—such as TACACS+ or RADIUS—has already been configured. Step 3: Router (config)#aaa new-model Sets AAA authentication at login. Complete syntax: Router (config)# aaa authorization exec default group tacacs+ Sets parameters that restrict user access to a network. Step 4: Router (config)#aaa authentication login default group tacacs+ Enables the AAA access control system. perform the following steps: Command Description Step 1: Router> enable Enables privileged EXEC mode.com/en/US/products/hw/switches/ps708/products_configuration_guide_cha pter0.2(2)T. To enable and configure a Cisco router for SCP server-side functionality.Deployment Guide To disable CDP on Catalyst OS devices.. Page 13 of 64 . The data that the client and server transmit to each other is not encrypted. This leaves communication between clients and servers vulnerable to interception and attack. for client connections..cisco.] aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} [method1 [method2. Syntax: Step 5: aaa authentication login {default | list-name} method1 [method2. All rights reserved. but not encryption. do not enable CDP on links that are connected to non-Cisco devices. you must use it when you configure SCP. Enabling http Mode Use the following command to enable http mode: ip http server All contents are Copyright © 1992–2008 Cisco Systems. HTTP and HTTPS Servers The Cisco IOS HTTP server provides authentication. Syntax: username name [privilege level] {password encryption-type encrypted-password} Step 7: Router (config)# ip scp server enable Enables SCP server-side functionality.]] Step 6: Router (config)# username superuser privilege 2 password 0 superpassword Establishes a username-based authentication system.9186a00801a5b18. a connection to the Internet and end-host connection ports on access switches. This document is Cisco Public Information. If you enable CDP on the Cisco devices connected to non-Cisco devices. Step 2: Router#configure terminal Enters global configuration mode. To protect from CDP DoS attacks. they will appear on the Campus map.html. Enter your password if prompted. Tip: Do not run CDP on links that don’t need to be discovered by Campus Manager. for example. The exec keyword runs authorization to determine if the user is allowed to run an Exec shell. please refer to this URL: ● Configuring CDP on Catalyst 6500 Series switches: http://www. Note: Certain non-Cisco devices support CDP. Inc. Secure Copy Protocol (scp) The Secure Copy feature was introduced in Cisco IOS 12.. therefore. use the set cdp disable command..

If any of these three fails. to put VLANs 1 to 10 and 20 into instance 10.org/. access the following URL: http://www. such as PVST+. Use the set spantree mode mst command to set the spanning tree mode on the switch to MST. Step 3 Define the MST configuration name and revision number. To enable HTTPS mode in a VPN 3000 concentrator. another spanning-tree protocol. Define the VLAN-to-instance mappings.openssl. Note: Before you can disable MST.6 release.20 By default. Common Spanning-Tree (CST). HTTPS mode is supported only for Cisco VPN 3000 Series Concentrators. Step 3. It uses Secure Sockets Layer (SSL)1 and Transport Layer Security (TLS) to provide device authentication and data encryption. Page 14 of 64 .cisco. such as Per-VLAN Spanning-Tree + (PVST+). On the boundary of the MST region. the port will be flagged as a boundary port. Step 4. Use the following commands to set the configuration and the revision number: ● set spantree MST configuration name <name> ● set spantree MST configuration revision <revision-number> Instances 1 to 15 operate only within the MST region. and other MST regions to form a loop-free topology. Use the following command to map VLANs to an instance: set spantree MST instance vlan <vlans> For example. Step 2. Inc.Deployment Guide The Secure HTTP (HTTPS) feature provides the capability to connect to the Cisco IOS HTTPS server securely. Note: Mapping a VLAN to an instance does not take effect until the configuration is committed. all VLANs are mapped to instance 0. and MST revision number. MST-enabled switches form an MST region only if they have a matching VLAN-to-IST mapping. Configuring Multiple Spanning-Tree Use the following procedure to configure Multiple Spanning-Tree (MST) (802. All contents are Copyright © 1992–2008 Cisco Systems. For more details please visit the following website: http://www. All rights reserved.html#999607. This document is Cisco Public Information.1s): Step 1. Enable MST on the Cisco switch. MST copies the port state from the IST. Step 4 Commit the MST configuration to apply it on the switch. which communicates with the other spanning-tree protocols. you would enter this command: set spantree MST 10 vlan 1-10. Use the following command: set spantree MST config commit 1 This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter0 9186a008015ce28. Note: As of the LMS 2. must be configured. MST configuration name.

The ports with lower port costs are more likely to be chosen to forward frames. You can set 16 possible bridge priority values: 0. Configuring Multiple Instance Spanning-Tree Use the following steps to configure Multiple Instance Spanning-Tree (MISTP). All rights reserved. use the set spantree MST rollback force command. 57344. the possible port cost range is from 1 to 200000000. the port with the lowest port number forwards frames. refer to the following URL: http://www. Configure the MISTP port priority. You can configure the port priority of switch ports. use this command: set spantree portcost 2/12 22222222 Step 4. For related configuration information. 45056. the default is 32. ● When using the long method for calculating port cost.Deployment Guide ● If you find that you need to discard all edits made since the last commit. Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. use the following command: set spantree portpri 2/12 40 All contents are Copyright © 1992–2008 Cisco Systems. Step 1. This document is Cisco Public Information. 40960.cisco. You can configure the port cost of switch ports. 4096. If all ports have the same priority value. The port with the lowest priority value forwards frames for all VLANs. 32768. To set the port cost. To set the bridge ID priority. The possible port priority values are from 0 to 63. Step 1 Enable MISTP on the switch. To set the spanning-tree mode on the switch to MST. the ID of the MISTP instance) to create the bridge ID priority. 12288. To set the port priority. Configure the MISTP port cost. the possible cost range is from 1 to 65535. Inc. Configure the MISTP bridge ID priority. and 61440. The bridge priority value is combined with the system ID extension (that is. 20480. 28672. ● When using the short method for calculating port cost. 49152. use this command: set spantree priority 8192 mistpinstance 1 Step 3.com/warp/public/473/123. use the set spantree MST rollback command. 36864. ● If you need to clear changes to the MST configuration made by someone else using another session. 53248. The default cost differs for different media. use this command: set spantree mode mistp Step 2. You can set the bridge ID priority for an MISTP instance when the switch is in MISTP or MISTP-PVST+ mode. 8192. Page 15 of 64 .html. 24576. 16384.

The default is 32. 8192. the ID of the VLAN) to create the bridge ID priority for the VLAN.1Q trunking technology rather than ISL. When the switch is in PVST+ mode without MAC address reduction enabled. 4096. Configure PVST+ port priority. If all ports have the same priority value. use the following command: set spantree portcost 2/3 12 Step 4. 49152. Configure the PVST+ bridge ID priority. The possible port priority value is 0 to 63. you can enter a bridge priority value between 0 to 65535. When the switch is in PVST+ mode with MAC address reduction enabled. The ports with lower port costs are more likely to be chosen to forward frames. or 61440. Since PVST +treats each VLAN as a separate network. 32768. 57344. 53248. the port with the lowest port number forwards frames. The port with the lowest priority value forwards frames for all VLANs. 24576. All contents are Copyright © 1992–2008 Cisco Systems. enter this command: set spantree priority 30000 1 Step 3. Enable PVST+ on the switch. PVST+ is an enhancement to the 802. Page 16 of 64 . the possible port cost is from 1 to 200000000. The bridge priority is combined with the system ID extension (that is. it has the ability to load balance traffic (at Layer 2) by forwarding some VLANs on one trunk and other VLANs on another trunk without causing a Spanning Tree loop. you can enter one of 16 bridge priority values: 0. the possible port cost is from 1 to 65535. This document is Cisco Public Information.1Q specification and is not supported on non-Cisco devices. 16384.Deployment Guide Configuring Per-VLAN Spanning Tree+ Per VLAN Spanning Tree Plus (PVST+) maintains a spanning tree instance for each VLAN configured in the network and allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs. To set bridge ID priority. 28672. 40960. The VLAN bridge ID priority is then set to that value. Configuring PVST+ port cost You can configure the port cost of switch ports. follow these steps: Step 1. 20480. It uses 802. To set the spanning tree mode to pvst+. 36864. Inc. The default cost differs for different media. ● When using the long method for calculating port cost. The bridge ID priority is the priority of a VLAN when the switch is in PVST+ mode. You can configure the port priority of switch ports in PVST+ mode. All rights reserved. Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. 12288. 45056. ● When using the short method for calculating port cost. To configure Per-VLAN Spanning Tree+. enter this command: set spantree mode pvst+ Step 2. To set the port cost.

shtm l ● Configuring Spanning-Tree Bridging for the Cisco Catalyst Switch: http://www. Page 17 of 64 .cisco. Inc. All rights reserved. When you configure a new VLAN on one VTP server.htm ● Spanning Tree Protocol Problems and Related Design Considerations: http://www.com/en/US/tech/tk828/technologies_white_paper09186a008015a8ad.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/spantree.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac. VTP is a CiscoAll contents are Copyright © 1992–2008 Cisco Systems.VLAN basis in PVST+ Maximum aging time 20 seconds Hello time 2 seconds Forward delay time 15 seconds Configuring VLAN Trunk Protocol (VTP) Virtual LAN (VLAN) Trunk Protocol (VTP) reduces administration in a switched network.html ● Financial Services Design for High Availability: http://www.Deployment Guide To set port priority.cisco. ● Configuring STP and IEEE 802.10 Trunks: http://www.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_ch apter09186a00801ee706.cisco.1s MST: http://www.com/en/US/products/hw/switches/ps679/products_configuration_guide_cha pter09186a008007eeeb. use this command: set spantree portpri 2/3 16 For More Information on the Spanning Tree Protocol The following links provide more information on Spanning Tree Protocol setup and recommendations. Table 1. This document is Cisco Public Information. Default PVST+ Configuration Values for Catalyst 6000 Switches Feature Default Values VLAN 1 All ports assigned to VLAN 1 Enable state PVST+ enabled for all VLANs MAC address reduction Disabled Bridge priority 32768 Bridge ID priority 32769 (bridge priority plus system ID extension of VLAN 1) Port priority 32 Port cost ● Gigabit Ethernet: 4 ● Fast Ethernet: 191 ● DFFI/CDDI: 10 ● Ethernet: 1002 Default spantree port cost mode Short (802.html#71577 Default Values for PVST+ Configuration Table 1 shows the default PVST+ configuration values in Cisco Catalyst 6000 devices.cisco. This reduces the need to configure the same VLAN everywhere.VLAN basis in PVST+ Port VLAN cost Same as port cost but configurable on a per. the VLAN is distributed through all switches in the domain.cisco.1D) Port VLAN priority Same as port priority but configurable on a per.s html ● Configuring FDDI 802.

General suggestions for enterprises preferring a cautious approach may include making use of VTP Transparent or VTP off (Catalyst OS 7. All rights reserved. create. Spanning tree is not a poor protocol—it’s the protocol’s defaults that are not ideal. and delete VLANs via the topology services application. VTP versions 1 and 2 are not compatible. VTP must be configured on all switches in order to manage VLANs via Campus Manager.) Then Campus Manager can be used to view. A VTP domain must be established and the VTP mode must be defined on each device. Another major risk of the VTP client/server model is the possibility of new server versioning overriding the existing VTP Server and deleting VLANs unknown to the new master server from all switches within that domain. and forward advertisements to neighbors.x) instead of the typical VTP server/client model. (The old restriction of requiring at least one server in a VTP domain to identify VLANs has been removed. This does pose the risk of unenforced STP and its issues cross multiple switches. but will forward advertisements to neighbors. modify. VTP is used to configure and communicate VLAN settings across multiple switches. The description of the modes is as follows: ● Server: Switch will maintain and communicate VLAN settings to all other switches in the VTP domain. Each switch can be in only one VTP domain: set vtp domain <name> set vtp mode <client | server | transparent> set vtp v2 <enable | disable> Note: The set vtp v2 command is required for Token Ring networks. In addition. Note: This protocol should be enabled and configured as part of the overall network design. ● Transparent: Switch will not participate in VLANs advertised by server.1.Deployment Guide proprietary protocol that is available on most of the Cisco Catalyst Family products. This document is Cisco Public Information. All contents are Copyright © 1992–2008 Cisco Systems. Best Practice Recommendations The campus best practice recommendations emphasize campus stability and predictability (especially for protocols such as STP). VTP’s major benefit of providing uniform VLAN creation across multiple switches may be outweighed by the drawbacks of the same thing it’s supposed to simplify. instead of the command line. Inc. Discovering VLANs established on a switch using VTP Transparent mode is supported from Campus Manager 3. which is the automatic extension of VLANs of all switches in a domain. To set a VTP domain and the mode on a Cisco Catalyst switch. use the following commands. This section is included for reference purposes only. VTP v2 must be used on Token Ring networks. at least one switch in each VTP domain must be defined as a VTP server in order for Campus Manager to create VLANs in that domain. ● Client: Switch will synchronize VLAN configuration with advertisements received from VTP servers. Any VLANs configured on a transparent switch will be local to that switch only. Though some of these risks can be reduced by VTP Authentication. and they cannot both run in the same domain. Page 18 of 64 .

cisco. Inc.1Q must be used on Token Ring networks. This document is Cisco Public Information. ports on each side of the link must be set to trunk ports. In order to perform trunking. Trunking is a method of carrying traffic for multiple VLANs over the same link. This section is included for reference purposes only.html. ISL is a Cisco proprietary protocol used to combine traffic from multiple VLANs over one link. thus extending the VLANs across the network.com/warp/public/473/21. IEEE 802. go to “Understanding and Configuring VLAN Trunk Protocol (VTP)”: http://www. use the following command: set trunk <module/port> on [vlans] This establishes the specified module/port as a trunk port and enables the ISL protocol. All contents are Copyright © 1992–2008 Cisco Systems. the added complexity of these is not really worth it. All rights reserved. and the Inter-Switch Link (ISL) or IEEE 802. To enable trunking on a Catalyst Switch port. Page 19 of 64 .Deployment Guide Trunk Clearing. and VTP Pruning. Enabling Trunking on Catalyst Switch Ports This protocol should be enabled and configured as part of the overall network design. between two switches or a switch and a router.1Q protocol must be enabled. IEEE 802. For example: set trunk 2/1 on 2-10 For more information. You can use the optional vlans parameter to specify a specific range of VLANs to be allowed across the trunk (valid ranges are from 1 to 1005).1Q is the industry-standard protocol for performing the same function.

and the number of software images.S. This partition must be large enough to handle the biggest SWIM job. The backup partition should allow for multiple revisions. Table 2. Recommended Solaris Disk Layout The following layout for the Solaris disk is recommended: ● /opt/CSCOpx partition This partition holds application executables. on a separate disk. Backup partitions need to be large enough to store all application databases (for example.) as well as device configurations. ● /tftpboot partition This partition holds configurations and software image images as they are downloaded from or uploaded to devices. and the number of syslog messages. libraries. Cisco LAN Management Solution 2. and database files. English and Japanese versions of the Windows and Solaris operating systems. and user accounts. All rights reserved. DFM.6 Installation Requirements Cisco LAN Management Solution installation is supported in the U. Page 20 of 64 . Solaris OS Installation Requirements This section discusses the LMS requirements to install on the Solaris operation system. The size grows in proportion to number of devices. verbosity of debugs. or preferably. and exported reports. All contents are Copyright © 1992–2008 Cisco Systems. Cisco also recommends that you verify all backups that may be needed in the future. Backup Recommendations Cisco recommends that you store backups on a separate partition.Deployment Guide 3. software images. RME.9) Disk Space 20 GB or more free space for LMS applications and data Swap Space ● 4 GB swap space for Restricted license ● 8 GB swap space for Unrestricted license • UNIX file system recommended1 We recommend that you set swap space to twice the size of RAM. software images. amount of availability data. ANI. ● /var/adm/CSCOpx partition This partition holds log files. The growth of the partition depends on the number of archived configurations.8) and Solaris 9 (Solaris 2. enter: df –k at the command prompt. Component Recommended Server Requirements for Solaris Systems Recommended Server System Requirement ● Sun UltraSPARC IIIi or Sun UltraSPARC IIICu for Restricted license ● Dual Sun UltraSPARC IIIi or dual Sun UltraSPARC IIICu for Unrestricted license CPU ● Sun UltraSPARC IV ● 2 GB for Restricted license ● 4 GB for Unrestricted license RAM Software Solaris 8 (Solaris 2. 1 To verify the amount of available disk space in each of the specified partitions and directories. device configurations. Inc. This document is Cisco Public Information.

0.6 on a FAT file system.com/support/processors/sb/CS-017343.6 applications on a system with Terminal Services enabled in Remote Administration mode is supported. open My Computer on the Windows desktop. Recommended Order for Installing LMS Applications The recommended order for installing LMS applications is as follows. All rights reserved.8 GHz Intel Pentium 4 or 2. but there might be problems in the functionality of CiscoWorks. Step 5. Installation might proceed in other locales. To verify the file system. All contents are Copyright © 1992–2008 Cisco Systems.0.6 Update. Step 4.3 before installing any other application. The file system field appears in the General tab of the Properties dialog box. IIS Service must be disabled on the server before installing the LMS 2.0. Install the LMS 2. installation of LMS 2. Step 6. 5 Install LMS 2.6 supports only the US English and Japanese versions of these operating systems. Component Recommended Server System Requirement CPU ● 2. Do not install LMS 2.3. Disk space Swap space 20 GB or more free space for LMS applications and data ● 4 GB virtual memory for Restricted license ● 8 GB virtual memory for Unrestricted license • NTFS file system5 required We recommend that you set virtual memory to twice the size of RAM. 1 Installation of LMS 2. Step 1. Step 2. Recommended Server Requirements for Windows Systems Table 3.6 on a system with Internet Information Services (IIS) enabled is not supported.8 GHz Intel Xeon processor for Restricted license ● Dual 2.htm. Inc. Install Campus Manager 4. select Start > Run.6 applications on a system with Terminal Services enabled in Application mode is not supported.0. Install Device Fault Manager 2.6 on an NTFS file system. then enter winver. disable Hyper-Threading Technology (HTT). Install Internetwork Performance Monitor 2.8 GHz Intel Pentium 4 or dual 2. Install CiscoWorks Common Services 3. right-click the drive and select Properties from the popup menu.6.6 applications. There is no need to follow the order recommended above if you are installing just one application in the CiscoWorks machine. 3 Installation of LMS 2. 2 If you are using LMS 2. Set the default locale to US-English for the US-English version and Japanese for the Japanese version. 4 To verify the Service Pack version on Windows. Note: The only requirement is to install CiscoWorks Common Services 3.intel.See http://www.0.6 on a Windows 2000 operating system (all versions). Page 21 of 64 .3.8 GHz Intel Xeon processor for Unrestricted license RAM ● 2 GB for Restricted license ● 4 GB for Unrestricted license Software1 2 3 Any one of the following: • Windows 2000 Professional with Service Pack 44 ● Windows 2000 Server with Service Pack 4 ● Windows 2000 Advanced Server with Service Pack 4 ● Windows Server 2003 Standard and Enterprise Editions with Service Pack 1 ● Windows 2003 R2 Server Standard and Enterprise Editions LAN Management Solution 2. However. Install Resource Manager Essentials 4.3. This document is Cisco Public Information.Deployment Guide Windows OS Installation Requirements This section discusses the LMS requirements to install on the Windows operation system.3. Step 3.

and CM Server to Client TCP 1741 CiscoWorks HTTP Protocol CiscoWorks Common Services. This document is Cisco Public Information. and RME Client to Server TCP 1783 IIOP for IPM Gatekeeper IPM Client to Server TCP 1784 IIOP for IPM Gatekeeper IPM Client to Server TCP 8088 HIOP CiscoWorks Common Services Server to Client Client to Server TCP 8898 Log Server DFM TCP 9007 Tomcat shutdown CiscoWorks Common Services Server Internal TCP 9009 Ajp13 connector used by Tomcat CiscoWorks Common Services Server Internal TCP 9088 HIOP port for IPM IPM gatekeeper Server Internal Server to Client Client to Server TCP 9191 HIOP port for IPM Gatekeeper IPM Server Internal TCP 9192 IIOP port for IPM Gatekeeper IPM Server Internal TCP 9193 IIOP port for IPM Gatekeeper IPM Server Internal TCP 9194 HIOP port for IPM Gatekeeper IPM Server Internal TCP 15000 Log server DFM Server Internal TCP 4005040070 CSTM ports used by CS applications. All rights reserved. Inc. and DFM Server to ACS TCP 80 HyperText Transfer Protocol (HTTP) CiscoWorks Common Services. CiscoView.Deployment Guide Ports Used by LMS Applications The following table lists the ports used by the various CiscoWorks components. LAN Management Solution Port Usage Protocol Port Number Service Name Application(s) Direction (of Establishment) of Connection ICMP 7 Ping RME. CiscoView. and RME Server to Device TCP 25 Simple Mail Transfer Protocol (SMTP) CiscoWorks Common Services (PSU). such as OGS. and CM Client to Server TCP 1684 IIOP CiscoWorks Common Services. RME. Page 22 of 64 . Table 4. and DFM Server to Device TCP 22 Secure Shell (SSH) CiscoWorks Common Services and RME Server to Device TCP 23 Telnet CiscoWorks Common Services. CM. RME Server Internal TCP 49 TACACS+ and ACS CiscoWorks Common Services. Device and Credential Repository (DCR) CiscoWorks Common Services Server Internal TCP 40401 LicenseServer CiscoWorks Common Services Server Internal All contents are Copyright © 1992–2008 Cisco Systems. CM. CiscoView Client to Server TCP 443 CiscoWorks HTTP server in SSL mode CiscoWorks Common Services Sever Internal TCP 514 Remote Copy Protocol CiscoWorks Common Services Server to Device TCP 1683 Internet Inter-ORB Protocol (IIOP) CiscoWorks Common Services.

Server Internal Page 23 of 64 . This document is Cisco Public Information. CM.JRun Server Manager Control Server CiscoWorks Common Services Server Internal UDP 69 Trivial File Transfer Protocol (TFTP) CiscoWorks Common Services and RME Simple Network Management Protocol (SNMP) CiscoWorks Common Services. and DFM SNMP Traps (Standard Port) CiscoWorks Common Services. All rights reserved. and DFM UDP UDP 161 162 Server to Device Device to Server Server to Device Device to Server Server to Device Device to Server UDP 514 Syslog CiscoWorks Common Services and RME Device to Server UDP 9000 DFM trap receiving (if port 162 is occupied) DFM Client to Server UDP 9002 DFM trap listening DFM Client to Server UDP 14004 Lock port for ANI Server singlet on check CM Server Internal UDP 16236 UT Host acquisition CM Device to Server UDP 42342 OSAGENT CiscoWorks Common Services Server Internal (Common Services) UDP 42350 Event Services Software (ESS) (Alternate port is 44350/udp) CiscoWorks Common Services All contents are Copyright © 1992–2008 Cisco Systems. RME. Inc.Deployment Guide TCP 42340 CiscoWorks Daemon Manager Tool for Server Processes CiscoWorks Common Services Server Internal TCP 42344 ANI HTTP Server CiscoWorks Common Services Server Internal TCP 42351 Event Services Software (ESS) Listening (Alternate port is 44351/tcp) CiscoWorks Common Services Server Internal TCP 42352 ESS HTTP (Alternate port is 44352/tcp) CiscoWorks Common Services Client to Server TCP 42353 ESS Routing (Alternate port is 44352/tcp) CiscoWorks Common Services Server Internal TCP 43441 CMF Database CiscoWorks Common Services Server Internal TCP 43455 RME Database RME Server Internal TCP 43443 ANIDbEngine CM Server Internal TCP 43445 Fault History Database DFM Server Internal TCP 43446 Inventory Service Database DFM Server Internal TCP 43447 Event Promulgation Module Database DFM Server Internal TCP 4350043530 CSTM Port for DFM DFM Server Internal TCP 44341 IPM Database IPM Server Internal TCP 44342 IPM Name Server (OSAGENT) IPM Client to Server (Applicable to IPM standalone client) TCP 4700047040 CSTM Port for RME RME Server Internal TCP 5500055020 CSTM Port for Campus Manager CM Server Internal TCP 57860 JRun . CiscoView.

cisco. not necessarily only at the time you install the product. This document is Cisco Public Information.6 software-based product registration and license key activation terminology and technologies. or the PIN and PAK. License File When you register your LMS purchase on the product licensing area of Cisco.com. you will receive a license file. use this site to get your license file: http://www. All rights reserved. The LMS installation program prompts you to enter the license file. Product Authorization Key (PAK) The PAK is printed on the software claims certificate. If a PIN only is entered.com/go/license If you are not a registered user of Cisco. ● If you have received LMS as an evaluation copy. Licensing Items of Note ● When you first install CiscoWorks Common Services 3. Table 5. You may obtain and install your license key at any time while you are working on LMS.com. If an authenticated license cannot be obtained during installation. Use the PAK to get a license from Cisco. use the PIN to proceed with the installation. Licensing Terminology Licensing Term Description Product Identification Number (PIN) The PIN is printed on the software claims certificate.cisco. you need not register the product during the 90-day evaluation period. then it need not be provided during the installation of the other applications. All contents are Copyright © 1992–2008 Cisco Systems.com. LMS will run normally. get your license file from: http://www. The LMS installation program prompts you to enter the PIN during installation.0.Deployment Guide Licensing Terminology and Process3 The section describes the LMS 2. Page 24 of 64 . If the licensing information is provided during the installation of the first LMS application.com. ● The first LMS application you install will prompt you to provide the LMS licensing information. If you are a registered user of Cisco. You need to provide your PAK to receive your license file. Inc. but you will be periodically be reminded to complete the license process.com/go/license/public. you will not be prompted to register your PIN/PAK during the process.

and credential updates) from DCR. performance monitoring. This chapter also provides information on the default settings in the applications and how to update the application settings for easier management of devices across the LMS server. All contents are Copyright © 1992–2008 Cisco Systems. The application mode in CM cannot be disabled. b. ● Resource Manager Essentials (RME): By default. In response to the device updates. Inc. ● Campus Manager (CM): CM by default is in Auto Synchronize mode. Device Fault Manager. Hence all devices added in DCR will automatically be managed in CM. To disable Auto Synchronize mode in DFM: a. ● Device Fault Manager (DFM): By default. b. unless filters (such as IP address range or VTP domain) have been set up to override the application mode. To disable Auto Synchronize mode in RME: a. delete.6 Server This chapter will guide you through the initial setup of the LAN Management Solution server. Application Mode Settings in LMS Applications Application mode settings are available in LMS applications to help control the flow of device and credential information to the applications from the Device Credential and Repository (DCR). All rights reserved. Then deselect the Automatically Manage Devices from Credential Repository option. delete and credential updates) from DCR. Resource Manager Essentials and Internetwork Performance Monitor) will not automatically get device updates (device add. the LMS applications (Campus Manager. From the Device Fault Manager. the applications may do data collection. the LMS applications will automatically get device updates (device add. The two LMS application modes are: ● Manual mode ● Auto Synchronize mode In Manual mode. In Auto Synchronize mode. Deselect the Synchronize with Device Credential Repository option. DFM is also set up in an Auto Synchronize mode.Deployment Guide 4. choose Administration > Device Management. Devices imported into Device Credential Repository (DCR) will be automatically added in RME. Page 25 of 64 . This document is Cisco Public Information. ● Internetwork Performance Monitor (IPM): IPM source and data collectors can be set up after DCR has been populated. RME is in Auto Synchronize mode. choose Device Management > Device Selector. Initial Setup of the LAN Management Solution 2. and fault monitoring on the modified devices. Note: Please note that you must specify the application mode in each of the applications user interfaces. From Resource Manager Essentials. All devices added in DCR will automatically be managed in DFM.

Configuration Management You can set the protocols and order for Configuration Management applications such as Archive Management. Select the protocol order by clicking Add or Remove.Deployment Guide Note: For easier management of devices across all LMS applications. and NetConfig jobs to download configurations and to fetch configurations. From Resource Manager Essentials. To set up protocol ordering for Config Management: Step 1. use SSH. Network administrators can assign the protocols to be used in RME for Configuration Management and Software Management. The available protocols are: ● Telnet ● TFTP (Trivial File Transport Protocol ● RCP (Remote Copy Protocol) ● SSH (Secure Shell) ● SCP (Secure Copy Protocol) ● HTTPS (Hyper Text Transfer Protocol Secured) Set Up Protocol Ordering Protocol ordering can be set up for these configuration applications: Archive Management. Step 2. To order the Software Management protocol: Step 1. Step 3. User intervention is required to select dissimilar set of devices to be managed by the two RME servers. it is advisable to leave Auto Synchronize mode enabled. Page 26 of 64 . Inc. Use the Add and Remove buttons for selecting the protocol order. then click Apply. Click Software Mgmt. Manual mode should be enabled. and NetConfig. Config Editor. All contents are Copyright © 1992–2008 Cisco Systems. Select the desired application from the Application Name drop-down list. Note: For secure communication between the server and a device. Step 2. Select View/Edit Preferences from the Table of Contents. All rights reserved. Config Editor. This document is Cisco Public Information. choose Administration > Config Management. If Auto Synchronize mode is enabled for RME to get devices from the DCR. two instances of RME installed in two different servers can be managing the same set of devices. Protocol Setup RME also uses various protocols for configuration and software management. Step 3. When multiple CiscoWorks servers are installed and a large number of devices are to be managed between the CiscoWorks servers.

Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. these jobs use the second protocol and so on. Step 2.Deployment Guide Software Image Management Software Management downloads software images based on the protocol order specified. every CiscoWorks server needs to have a peer server account set up. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. ● Secure browser client communication to the server. define the protocol order. Create the System Identity user as described in the previous section. If the first protocol in the list fails. Use the Add and Remove buttons for selecting the protocol order. All contents are Copyright © 1992–2008 Cisco Systems. This document is Cisco Public Information. SCP and HTTP. Step 3. TFTP. From Resource Manager Essentials. Peer server accounts can also be used for providing access to a third-party application to access the CiscoWorks server and authenticate and authorize it. Certificate Setup Every CiscoWorks server needs to have a System Identity user set up for system processes to use while performing background tasks that are not user initiated. A system identity user is set up by default when the CiscoWorks server is installed. In the View/Edit Preferences dialog box. Setting Up Security By integrating with the Cisco Secure ACS server. Page 27 of 64 . Edit the necessary details. Step 3. Setting Up a Peer Server Account If a CiscoWorks server has to exchange information (such as device credentials) with other CiscoWorks servers. To define the protocol order that Software Management has to use for software image download: Step 1. Step 3. Inc. All rights reserved. Select the System Identity Setup link. Step 2. Create a peer server account as described here and provide the credential information to the third-party user. until Software Management finds a transport protocol for downloading the images. choose Administration > Software Mgmt > View/EditPreferences. To set up a peer server account: Step 1. Software Management uses the first protocol in the list. Select the Peer Server Account Setup link. A peer server account should have the System Identity user information of other CiscoWorks servers. Setting Up the System Identity User To view the System Identity User default settings or to change the default settings: Step 1. LMS 2. While downloading the images. The supported protocols are: RCP. Step 2.6 provides the following security features: ● Secure the user access to devices.

from the Network Configuration menu. Assign the CiscoWorks LMS server(s) to a new NDG group. Setting up the Cisco Secure Access Control Server Cisco Secure Access Control Server provides authentication. create a peer server account for this purpose because the third-party applications do not need to know the System Identity Setup credentials. Provide the IP address and host name of the CiscoWorks LMS server(s) that you are going to set up. Step 2. Make sure that the System Identity users of the other CiscoWorks servers are created. AAA Client Model Common Services 3. PIX Firewall. Add a System Identity User as a registered user in the ACS Server.Deployment Guide Step 4. Step 6. Page 28 of 64 . Step 8. Step 4. or router. choose TACACS+. Specify a secret Key. Step 3. To create a new NDG group. from the Network Configuration menu. Log in to the ACS Server. To add the CiscoWorks LMS server(s) as AAA client(s) of the ACS server. To do this. All contents are Copyright © 1992–2008 Cisco Systems. authorization. follow these steps: Set Up the System Identity and Peer Server Account Users in the LMS Server To ensure that the System Identity User is set up: Step 1. navigate to User Setup. such as a network access server.0 integrates with ACS server to leverage the AAA functionality for restricting user access to devices. Select the System Identity Setup link. Figure 3 shows the AAA client model. All rights reserved. Figure 3. Step 7. Step 2. Inc. Step 5. and accounting (AAA) services to network devices that function as AAA clients. For the Authentication method. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. choose Add Entry. Integrating LMS Servers with ACS To integrate LMS servers with ACS. Common Services provides a way to configure secondary and tertiary ACS servers to support redundancy. follow these steps: Step 1. This document is Cisco Public Information. If there are third-party applications integrating with the LMS server. Step 3. Set Up the ACS Server To set up the Access Control Server. choose Add Entry. a.

CiscoView. Step 2. and provide System Administrator privilege for the device group containing the LMS server. This document is Cisco Public Information. ACS Admin User Name and Password. ● If using a Windows server. Step 4. enter the /etc/init. then click Add/Edit. Step 4. Step 3. In the User Setup section. Configure the System Identity User in the ACS Server In this procedure. Step 5. and Shared Secret Key Note: These values for these fields must be the same as the values entered in the ACS server. Navigate to Common Services Panel in CiscoWorks Home Page. enter either the net stop crmdmgtd command or the net start crmdmgtd command. enter the password for the user. Device Fault Manager and CiscoWorks Campus Manager. Set Up the LMS Server to Communicate with the ACS Server To set up the LMS server to communicate with the ACS server. choose Server > Security > AAA Mode Setup > Select ACS Type. All rights reserved. ● If using a Solaris server. Navigate to Group Setup. Page 29 of 64 . Step 9. Step 2. Add the group to Default Group. you will learn how to assign a System Administrator privilege to the User Group on the Device Group to which the LMS server is assigned. Enter the username. Resource Manager Essentials. Step 3. follow these steps: Step 1.d/dmgtd stop command or the /etc/init. Click Edit Settings. c. The only difference between this setup and the peer server user setup is that the peer server username need not be assigned an Administrator privilege to the NDG group. Log in to LMS server. All contents are Copyright © 1992–2008 Cisco Systems. To configure Common Services to be in ACS login mode. Note: Make sure the user is created with the same password as the password specified for the LMS servers. Restart the LMS server.Deployment Guide b. Enter the primary ACS server IP address. Inc. follow these steps: Step 1.d/dmgtd start command. Note: The System Identity User is quite unique and not the same as any other user created in the ACS server. then click Submit (located on the lower frame). Note: The same procedure must be done to add any other peer server username (especially the user created for third-party applications) to the ACS server. To configure the System Identity User in the ACS server. Select the User Group. Browse to the applications CiscoWorks.

For example. Step 2. Step 4. Network Administrator. Make sure that a role (for example Network Administrator) is available so that it has permissions to perform only the restricted list of tasks. t2. Step 1. then select an application that has tasks t1. Choose the application for which you need to set the task to role mapping. and t3) on a device in the LMS server. Step 1. click Group Setup. user groups. To create Network Device Groups. click Network Configuration (in the left navigation bar). Log in to the ACS server. Click Shared Profile Components. Log in to the ACS server. An ACS user can change the task to role mapping as required. Add devices to the Network Device Group. Step 4. Step 3. Step 3. then follow these steps. click Group Setup. follow these steps: Step 1. etc. All rights reserved. Log in to the ACS server. Setting Permissions for Performing Tasks on Devices If a Security Administrator wants to restrict a user to performing only a selected set of tasks (for example tasks t1. you can click CiscoWorks Common Services. click on a user role and change the tasks assigned to that role. Step 5. then click Users in Group. Page 30 of 64 . Inc. Step 5. Set up the Cisco Secure ACS server as described in “Setting Up the Cisco Secure Access Control Server” section on page 28. All contents are Copyright © 1992–2008 Cisco Systems. To assign User Groups permissions (System Administrator. Create Network Device Groups. Put the LMS server(s) in ACS security mode Step 2. Step 2. User Groups and Assign Roles to Network Device Groups in the ACS Server To create Network Device Groups. then click Edit Settings. To change the task to role mapping. and assign roles to those groups. click Shared Profile Components (in the navigation bar on the left). To add users to User Groups.) on the various Network Device Groups. Step 3. t2 and t3.Deployment Guide Configure the ACS Server to Change Default Permissions and Task to Role Mapping (Optional) There are five default roles defined by CiscoWorks: ● System Administrator ● Network Administrator ● Network Operator ● Approver ● Help Desk These roles are by default assigned permissions to various tasks in CiscoWorks. This document is Cisco Public Information.

for example. and assign the role Network Administrator to the user selected in the previous step. Step 3. go to the application where the tasks t1. ◦ If using a Solaris server. All contents are Copyright © 1992–2008 Cisco Systems. t2 and t3 are present. Step 8. The same link can be used to set up other CiscoWorks servers as slaves. All authentication is done by the master server for any access to slave or master servers. Enabling HTTPS on an LMS Server You can enable HTTPS on an LMS server to provide secure communication between the server and client. ● Any link and/or application registration will work fine after you change the CiscoWorks security mode from http to https. then select the user group to which the user is assigned. This document is Cisco Public Information. enter the /etc/init. Click Group Setup. Click Edit Settings. enter either the net stop crmdmgtd command or the net start crmdmgtd command.d/dmgtd stop command or the /etc/init.d/dmgtd start command. All rights reserved. Choose the Master (SSO Authentication Server) mode. Single Sign-on is the ability to log in into multiple computers or servers with a single action and the entry of a single password.Deployment Guide Step 6. Complete the security certificate setup described in the section above. Select Browser-Server Security Mode Setup. Step 7. a user on a LAN or WAN requires access to a number of different servers. use https://server-url:1742. and t3 for this role. Step 2. Step 4. Click Network Administrator and enable only the tasks t1. Page 31 of 64 . one of the CiscoWorks servers acts as the SSO Authentication server or master and all other CiscoWorks servers act as the slave or SSO regular server. Notes ● HTTPS communication will work only after restarting the LMS server. ● To access the LMS server. ◦ If using a Windows server. ● To restart the LMS server. t2. Inc. One of the CiscoWorks servers should be set up as the authentication server. follow these steps: Step 1. Step 3. Single Sign-On This task is optional and applicable in a multiple CiscoWorks server setup only. Select Enable. Navigate to CWHP > Common Services > Server > Security > Multi Server Trust Management. To setup Single Sign-on. This is especially useful where. Step 2. Step 1. In SSO mode. SSL can be enabled on the server by going to Common Services > Server > Security > Single-Server Management. Select the Single Sign-on Setup link.

Note: Only the read community string needs to be entered in the SNMP Settings page. page 33 ● Device Credentials Update. All contents are Copyright © 1992–2008 Cisco Systems. Then select the SNMP Settings link. After editing the SNMP strings. page 32 ● Bulk Device Import to Device and Credentials Repository. follow these steps: Step 1. “Initial Setup of the LAN Management Solution 2. Step 2. Page 32 of 64 . Step 4. By default only the SNMPv2 read string is populated. Device Discovery within Campus Manager uses seed devices to discover the network using CDP. In the device discovery process. you musts first initiate the Device Discovery process. Information about the devices is fetched by Campus Manager only during the data collection process. Step 5. This document is Cisco Public Information. Populating Devices in Cisco LAN Management Solution 2. Add or Edit the read community strings depending on the number of community strings configured in the network. To gather the list of devices. select the SNMPV3 radio button. Note: A seed device should generally be core device. Hence to have the ability to discover devices using Campus Manager.6 The tasks described in Chapter 4. All rights reserved. while the other is called Campus Data Collection. click Apply on the SNMP Settings screen. Campus Manager processing has been partitioned into two separate processes: one of the processes is called Device Discovery.6 Server” should complete the initial configuration on the LMS server. To enter a seed device. Campus Manager populates the Device and Credentials Repository (DCR) with the list of discovered devices in the network. Devices can be populated in the LMS server through one of the three tasks listed below: ● Campus Manager Device Discovery.Deployment Guide 5. Step 3. you can enter a single or multiple Seed Devices in Campus Manager.6. If CDP is enabled on your network. Defining a Seed Device in Campus Manager To define a seed device in Campus Manager. LMS is now ready to start importing devices for management. A core switch (or switches) should be the seed device because this device will have a lot of CDP neighbors and this hastens the discovery process. page 34 Campus Manager Device Discovery Campus Manager has the ability to discover Cisco devices present in the network using Cisco Discovery Protocol (CDP). Choose Administration. To populate SNMPv3. click the Discovery Settings link (under TOC). CDP should be enabled on the network. In LMS 2. Inc.

Page 33 of 64 . To do bulk device import. Note: If the device discovery is scheduled. Step 8. In this case. To configure the address filters. devices in LMS would be populated only after Campus Manager Device Discovery has taken place. All rights reserved.Deployment Guide Step 6. Step 7. Configure the seed devices. navigate through CWHP > Common Services > Device Management > Bulk Import.6. The input file should have the format as specified in the online help. Step 9.x installed in the same machine as the CiscoWorks server. This document is Cisco Public Information. You will have to provide the installation location of HP OpenView NNM 6. Inc. the importing devices is allowed only from a remote Unix NMS server or a remote Windows NMS server that supports the RSH protocol. click IP Address Range. click the Go to Campus Administration link. All the devices discovered by Campus Manager should now be populated in the DCR. This action triggers an immediate Device Discovery process.x. then it will be a member of the group /Device Type Groups/Unknown Device Type. Refresh the page to update the device discovery status and verify the number of devices discovered when in Idle state. ● Local NMS Import To import devices from either HP OpenView Network Node Manager 6. Note: In LMS 2. select the Remote NMS option. ● Remote NMS Option To import devices from either HP OpenView Network Node Manager 6. then click Apply. All contents are Copyright © 1992–2008 Cisco Systems. all device credentials can be provided along with the device name and IP address. select the Local NMS option. Bulk import into DCR can be done by one of the three formats listed below. Bulk Device Import to Device and Credentials Repository LMS also supports bulk import into the Device and Credentials Repository.x or IBM Tivoli NetView 7. If the imported device does not have a device type associated with it. ● File Import Select the File option to import devices from a CSV or XML file. To verify the device discovery status. You can then assign a device type to the device by selecting the device in Device Management screen and clicking Edit.x or IBM Tivoli NetView 7. Address filters are available to either to discover or not discover devices in a particular network.x or IBM Tivoli NetView 7.x installed in a different machine from the CiscoWorks server.

you can edit the credentials for these devices by selecting the groups to which the devices belong. Additional information about the devices such as configuration files and software images on the network needs to be added. Page 34 of 64 . Step 5. Check Automatically Manage Devices from Credential Repository. Note: If you have CDP enabled on your network. use the above step to Edit their credentials. Step 7. Step 6. Navigate to CWHP > Common Services > Device and Credentials > Device Management. Inc.Deployment Guide Editing the Credentials for the Imported Devices Once the devices have been imported through the Local NMS or Remote NMS options. Note: Don’t select any device in the screen that follows. Create groups underneath the CS@server-name/User Defined Groups. If all the devices have the same credentials. Adding Devices to RME From DCR If RME has not been set up in Auto Synchronize mode. Step 3. ● If only a subset of devices available in DCR are to be managed in RME. Click Next. then click Finish. Going to the CiscoWorks Home Page and navigating to RME > Administration > Device Management > Device Management Settings. then in the Device Management screen. click Edit. devices can be added into RME from the Device and Credentials Repository using either of following procedures: ● If all the devices added in DCR are also to be managed by RME. All applications within LMS should be populated with the imported devices. Device Credentials Update To utilize the complete functionality of LMS. if the devices have different credentials. Select the devices under the All Devices group by checking the All Devices group. the Auto All contents are Copyright © 1992–2008 Cisco Systems. b. All rights reserved. which will by default select all the devices. the Auto Synchronize option in RME should be enabled. To perform credential update in DCR: Step 1. device credentials other than the SNMP read credentials need to be entered in the Device and Credentials Repository. create groups of devices having the same credentials by going to CWHP > Common Services > Groups. then click Edit. Step 4. Enter the device credentials. You can enable Auto Synchronization by: a. click Next and enter up to four user-defined fields. populating the Cisco devices through Campus Manager Device Discovery is recommended. If you need to enter User Fields for devices. However. This document is Cisco Public Information. Step 2. Device Management Device discovery just populates devices in LMS.

click the Number of Failed Devices link. To do so. Check Fetch Startup Config. Check device credentials by going to Resource Manager Essentials > Devices > Device Management > Device Credential Verification. Resource Manager Essentials The following RME device verification tasks are described in this section: Confirm Configuration File Collection To confirm if the configuration files have been collected: 1. Viewing Configuration Collection Status in RME You can view configuration collection status in RME by: a. select the devices under RME group. you would need to run the synchronize operation to collect the configuration files for the managed devices. then select the Archive Management link. This can be done only for the devices that failed the initial synchronize archive operation. click View Credential Verification Report. Campus Manager. step through the verification process described in the following section. Going to CWHP > Resource Manager Essentials > Config Management > Archive Management. If the devices have been populated through Campus Manager Device Discovery or a third party NMS and if the Auto Synchronize option on RME was enabled. b.Deployment Guide Synchronize option can be left turned off. To view the archive collection status or view the job details. You must schedule a Sync Archive job. and Device Fault Manager. refresh the screen. Telnet/SSH) needed for configuration collection were not available in LMS. Step 2. To ensure that the applications are working properly. Verification of Device Import Status in LMS Applications This section describes the verification of device import procedures in Resource Manager Essentials. Inc. To view the report and see if the device credentials are correct. All contents are Copyright © 1992–2008 Cisco Systems. Collecting Devices’ Startup and Running Config To collect the startup and running configuration of devices: Step 1. Step 3. Check Device Credentials To check the device credentials: 1. the initial configuration collection of devices would fail since the credentials (SNMP write. click Check Device Credential. go to Config Management. Go to TOC > Sync Archive. To verify job status. 2. 3. Taking these steps should populate the managed devices in the server. This document is Cisco Public Information. To verify the type of device credentials to be checked. Since the credentials have been updated in LMS. Page 35 of 64 . 2. To see the list of devices that failed the archive operation. All rights reserved.

● You can view the data collection status of a device under Data Collection. ● DFM Processing should be Active.Deployment Guide 4. If you need to change the credentials on devices. ● You can find the discovery status of devices under Device Discovery. This document is Cisco Public Information. All rights reserved. Campus Manager To get the current status of devices in Campus Manager: Navigate to CWHP > Campus Manager > Administration. ● Devices should be in status Known. All contents are Copyright © 1992–2008 Cisco Systems. Page 36 of 64 . click Edit Device Credentials. Device Fault Manager To get the current status of devices in DFM: Navigate to CWHP > Device Fault Manager > Device Management > Discovery Status. Inc.

Device Fault Manager. Campus Manager. or Internetwork Performance Monitor to launch tools pertinent to that application. Step 3. user_defined_field_1. To create the new group under /CS@server-name/User Defined Groups. This document is Cisco Public Information. Creating User Defined Groups Grouping devices in Common Services is used to create user-defined groups based on the User Defined field defined by DCR for the devices.Deployment Guide 6. and user_defined_field_3. Backing Up LMS Data Cisco recommends that the backup data should not be stored in the directory where LMS is installed (by default. Server Administration in Cisco LAN Management Solution 2. All contents are Copyright © 1992–2008 Cisco Systems. These groups can then be used by Resource Manager Essentials. It also provides a common desktop for launching Cisco Works applications and centralizes login. Step 7. Please note that the DCR Master/Slave mode is also backed up.cisco. follow these steps: Step 1. Step 6. To create user defined groups. user role definitions. For installation and user guide documentation. and access privileges. Step 2. Select the Group Admin link. user_defined_field_2. under the NMSROOT directory in Windows or Solaris). Common Services Common Services provides an operating foundation that allows Cisco Works applications to share data and system resources.6 This chapter deals with server administration and configuration settings to optimally utilize the resources of the server while also maintaining a current status of the network topology. All rights reserved. Step 8. Inc.ht ml.com/en/US/products/sw/cscowork/ps3996/tsd_products_support_series_home. Page 37 of 64 . In the Group Administration window. Click Next. please refer to the following documents: http://www. Step 5. All the devices that match the criteria are shown in the right panel. Navigate to CWHP > Common Services > Groups. click Finish. Periodic updates to Cisco Works Common Services are made available for download. Select the Variable drop-down box. then click Create. The Variable field offers four possible values: user_defined_field_0. This newly created group can be accessed from any application screen in LMS. then click Add Rule Expression and click Next. Enter a group name and click Next. select /CS@server-name/User Defined Groups from the group selector. Step 4. Select an operator and value that matches the device value in DCR.

Shutdown the daemon manager: ● For a Windows server: Execute the net stop crmdmgtd command.pl operation in a Solaris server is given below. This document is Cisco Public Information. use the following command line: /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup. Default TempDirectory for this Restore program: /opt/CSCOpx/tempBackupData Use -t TempDirectory to define your own temp directory. Log in to the LMS server. Restore Program Help The Help on the restorebackup Perl script provides the following information: To run the restore command. Restoring LMS Data Restoring LMS data can be done only via the command line interface. Step 2. All rights reserved. /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup.pl. Step 2. Step 3.pl –d /tmp In the above command. the command syntax is: /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup. Execute the script restorebackup. ● GenerationNumber: Generation to be restored. Example Restore Operation (Solaris) An example of the restorebackup. Page 38 of 64 .0. Step 4. Step 1.Deployment Guide To backup LMS data: Step 1. ● TempDirectory: Temporary directory for the Restore program. Step 3.pl -h -d BackupDirectory Campus Manager In Campus Manager 4. The backup job can either be run immediately or be scheduled.pl <-d BackupDirectory> [-gen GenerationNumber] [-t TempDirectory] [-help] ● BackupDirectory: Directory where the backup archive is present. To see a list of the Backed Up generations available. the discovery mechanism can be categorized into the following three areas: ● Device Discovery ● Data Collection ● User Tracking Major Acquisition All contents are Copyright © 1992–2008 Cisco Systems.d/dmgtd stop command. Select the Backup link. Inc. ● For a Solaris server: Execute the /etc/init. You can provide a backup directory name. /tmp is the location of the backup directory. Change directory to NMSROOT/bin. Navigate to CWHP > Common Services > Admin.

Inc. Page 39 of 64 . ● Devices in DCR and user-configured seed devices from Campus Manager are used by the device discovery process. Optimizing Network Discovery To optimize the discovery of the network. the following tasks can be performed. 2. 2. Navigate to Campus Manager Administration > Admin > Device Discovery > Discovery Settings. To disable DNS lookup: 1. Navigate to the Campus Manager Panel from CWHP > Campus Manager Administration > Reports > Discovery Reports. click Configure. ● Device Discovery determines the management IP address of the device. All rights reserved. It populates the Device and Credentials Repository with the following discovered information: ◦ Host name ◦ Domain name ◦ Management IP address ◦ Display name ◦ sysObjectID ◦ SNMP credentials Discovering a device is not equivalent to managing the device in Campus Manager. Setting up IP Filters IP filters can be set if only certain subnets need to be discovered. The following are some key facts about Device Discovery: ● Device Discovery performs Network Discovery using Cisco Discovery Protocol as the discovery mechanism. To set up IP filters: 1. so DNS lookup can be disabled. Navigate to Campus Manager Administration > Admin > Device Discovery > Discovery Settings. 2. Disabling DNS Lookup DNS lookup could be one potential area for device discovery to slow down. IP address filters help a user to define IP address ranges inside of which devices need to be discovered. Uncheck the DNS Lookup checkbox.Deployment Guide Campus Manager Device Discovery Device Discovery can be run on a predetermined schedule or initiated by an operator. This document is Cisco Public Information. These IP address ranges typically fall inside the same subnet. Under IP Address Range. All contents are Copyright © 1992–2008 Cisco Systems. Troubleshooting Device Discovery To troubleshoot device discovery: 1. Check to see if the SNMP settings are correct for the devices to be discovered correctly.

and subnets.000. A filtering mechanism can be applied to manage a subset of devices found in Device and Credentials Repository. you can increase SNMP Timeout and Retry values. 2. edit the file NMSROOT/objects/dmgt/dmgtd. Inc. Change this string to -Xmx1280m. Only devices in DCR are managed. Cisco recommends you increase the heap size for the ANIServer from –Xmx1024m to –Xmx1280m. IP phones.Deployment Guide 3.conf file. complete the following tasks: Setting IP Address or VTP Domain Filters You can set IP address or VTP domain filters by navigating to Campus Manager Administration > Admin > Campus Data Collection > Data Collection Filters. ● Minor Acquisition: Polls the end hosts and IP phones to keep the User Tracking data current. If a device is not in DCR. and subnets in the network. If the log file shows any SNMP timeout exceptions. Initiating a UT Major Discovery 1.024 MB. Cisco IP phones. This document is Cisco Public Information. In this file.conf file is complete. the ANIServer process (Java based) reaches a threshold of 1. then it cannot be managed by Campus Manager. You must restart the LMS server the edit to the dmgtd. User Tracking Module In addition to the Campus Manager data collection feature. Campus Manager Data Collection You can run Data Collection on a predetermined schedule or through operator action. Modifying the heap size. There are two major types of acquisition in User Tracking: ● Major Acquisition: Collects data on end hosts. Navigate to CWHP > Campus Manager > User Tracking > Admin > Acquisition. Initiate a UT Major Discovery.conf file can be done only after the LMS server is shutdown. The following are some key facts about Campus Manager Data Collection: A list of devices and corresponding credentials in Device and Credentials Repository are used for data collection. The filtering is based on either IP address or VTP domain. All contents are Copyright © 1992–2008 Cisco Systems.000 devices. Note: Any edits to dmgtd. ● If data collection is done for a device count close to 5. Page 40 of 64 . This entry has a string -Xmx1024. To modify the heap size in the ANIServer. All rights reserved. Optimizing According to the Number of Devices ● When data collection is done for more than 5. there is an entry for starting the ANIServer process. Optimizing Data Collection To optimize the data collection for devices in the network. the User Tracking module in Campus Manager can acquire data on end hosts.

system jobs are created for both Inventory collection and polling. Setting a Schedule for a Major Acquisition To set a schedule for running a major acquisition: 1. Hierarchical groups are created on top of Topology groups. Step 4. In the window that opens up. ● IP phone acquisition on dot1q trunks for IOS switches: This is an option for fetching end hosts that are connected to a switch in Voice VLAN Setup. There is an option to exclude certain subnets from the ping sweep. Step 1. select Topology Groups. Hierarchical Groups in Campus Manager Hierarchical groups help users to visualize the topology implemented for user-defined groups.Deployment Guide The following is the list of some important options that can be selected for a major acquisition: ● Enable User Tracking for DHCP environment: This is an option for tracking the end hosts in case the IP address changes. Resource Manager Essentials This section describes the LMS server administration tasks for Resource Manager Essentials. with their own default schedules. This document is Cisco Public Information. Navigate to CWHP > Campus Manager. Ping Sweep on IP Addresses in a Subnet You can enable a ping sweep on all IP addresses in a subnet before starting a major acquisition. Archives or jobs older than a particular date can also be purged: Navigate to CWHP > Campus Manager > User Tracking > Admin > Reports > User Tracking Purge Policy. 2. Step 3. Step 2. Navigate to Campus Manager > User Tracking > Admin > Acquisition. This view shows the aggregate links between all devices contained inside those two maps. A periodic inventory collection job collects inventory data from all All contents are Copyright © 1992–2008 Cisco Systems. Inventory Collection/Polling At the time of RME installation. Purge Policies You can delete end hosts and IP phones from User Tracking either on demand or on a specified interval after major acquisition: Navigate to CWHP > Campus Manager > User Tracking > Admin > Acquisition > Delete Interval. Page 41 of 64 . Then select the Schedule Acquisition link. All rights reserved. Inc. The three immediate subgroups are shown as maps. Select the Display View option. ● Use DNS to resolve host names: This is an option for resolving the host names. You can click on the maps and choose to show aggregate links between two maps. then right-click /Campus@server-name/System Defined Groups. Select the Topology Services link.

Deployment Guide devices (devices in the “All Devices” group) and updates inventory database. It is best for the customer to select the periodic collection and polling. ● Default Protocols used for Configuration Fetch and Deploy Many protocols are used for performing a configuration fetch and deploy. The System Job Schedule dialog box displays the current collection or polling schedule. Select Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Collection Settings. All rights reserved. You can purge configurations based on two criteria: All contents are Copyright © 1992–2008 Cisco Systems. with much less impact on your network and on the LMS server. no configuration is fetched. Purge Policies Configuration Management You can specify when to purge archived configurations. 1. This frees disk space and keeps your archive at a manageable size. This document is Cisco Public Information. The order of protocols that are used can be re-arranged or some protocols can be removed from the list if it is not relevant to your network. The system provides a default order of protocols that will be used to fetch or deploy the configuration on the device. navigate to Resource Manager Essentials > Administration > Inventory > System Job Schedule. Page 42 of 64 . To change the default settings. Configuration File Collection and Polling The configuration archive can be updated with configuration changes by periodic configuration archival (with and without configuration polling). The default (out of the box) periodicity of the collector job is once a week and the default (out of the box) periodicity of the poller job is once a day. The periodic polling polls all devices to check inventory changes and collects and updates the inventory database only if there is a change. Note: A scheduled collection and polling are disabled by default as the customer’s network may have sporadic bursts of traffic and the NMS should not take up the existing bandwidth. 2. change the values and click Apply. Select one or all the options. if there are no configuration changes detected in the devices. You can modify how and when the configuration archive retrieves configurations by selecting one or all of the following: ● Periodic Polling Configuration archive performs a SNMP query on the device. The default order of protocols used and the option to change the order can be accessed by navigating to Resource Manager Essentials > Administration > Config Mgmt. Inc. Note: The poller detects most changes in all devices. You can enable this using Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Collection Settings. ● Periodic Collection Configuration is fetched without checking for any changes in the configuration.

2. The oldest configuration is purged when the maximum number is reached. Specify the number of days in the Purge records older than field. To specify the default purge policy: 1. the Common Syslog Collector drops the syslogs that match any of the "Drop" filters from further processing. The purged labeled files will be deleted only if it satisfies these conditions Maximum versions to retain and Purge versions older than. then enter a number and select days. the first is purged to keep the total number of archived versions at 10. For example. 1. c. By default. To schedule a purge job. All rights reserved. weeks. Note: The Drop or Keep option applies to all message filters and is not on a per-filter basis. Choose Resource Manager Essentials > Administration > Syslog > Set Purge Policy. The Archive Purge Setup dialog box appears. Defining Message Filters You can exclude messages from Syslog Analyzer by creating filters. Choose Resource Manager Essentials > Tools > Syslog > Message Filters. Specify whether the filters are for dropping the Syslog messages or for keeping them. 5. 1. and the status of each filter—Enabled. All contents are Copyright © 1992–2008 Cisco Systems. will be purged. Inc. 2. the purging jobs are disabled. Click Apply. A list of all message filters is displayed in a dialog box. Page 43 of 64 . by selecting either Drop or Keep. Choose Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Purge Settings. or months. b. This document is Cisco Public Information. Configurations older than the number of days you specify are purged. for further processing. To specify when to purge configuration files from the archive. when the eleventh version of a configuration is archived. Select Enable. 4. Click Purge versions older than. Only the records older than the number of days that you specify here. The default value is 7 days. select one or both of the following options: a. if you set the maximum versions to keep to 10. 2. click Maximum Versions. Collector allows only the syslogs that match any of the "Keep" filters. ● The maximum number of versions of each configuration to keep.Deployment Guide ● Their age. ● If you select the Keep option. along with the names. 3. Syslog A default policy can be specified for the periodic purging of Syslog messages. To retain and then enter the number of configurations to retain. click Purge labeled files. ● If you select the Drop option. or Disabled. click Change. To delete the labeled configuration files.

Select Resource Manager Essentials > Administration > ChangeAudit > Set Purge Policy. Page 44 of 64 . 2. then click Next. To schedule a Synchronization report: 1. enter the values for each field. All running images that are not in the software repository will appear. This document is Cisco Public Information. Defining Exception Periods An Exceptions period is a time you specify when no network changes should occur. To save the purge policy that you have specified. All rights reserved. This frees disk space and maintains the Change Audit data at a manageable size. Select Network and Use generated Out-of-sync Report. Choose Resource Manager Essentials > Software Mgmt > Software Repository. Setting Up Inventory Filters Certain inventory attributes can change often and these changes can get logged whenever there is a collection. 5. then click Save. then click Add. The images act as a backup if any of your devices become corrupted and need a new software image or if an error occurs during an upgrade. 1. Enter the information. Choose Resource Manager Essentials > Software Mgmt > Software Repository > Software Repository Synchronization. then click Add. Once the Software Repository Synchronization job finishes successfully. Specify the start time and the end time from the Start Time and the End Time drop-down list box. Import a baseline of all software images. You can set inventory filters by navigating to Resource Manager Essentials > Administration > Inventory > Inventory Change Filter. All contents are Copyright © 1992–2008 Cisco Systems. Inc. The baseline imports a copy of each unique software image running on the network (the same image running on multiple devices is imported into the software library only once). 3. SWIM Baseline Collection We recommend that you first import a baseline of all software images running on your network.Deployment Guide Change Audit You can schedule a periodic purge or a forced purge of Change Audit data. 1. Set the Exception period by navigating to Resource Manager Essentials > Tools > Change Audit > Exception Period Definition. 3. To prevent this inventory change filters can be enabled to not track change audits for these attributes. then click Submit. This may cause a lot of change audit messages to accumulate over a period of time. Select Days of the week from the Day drop-down list box. you can create a job to import all software images on your network by following these steps: 4. If some devices are running software images not in the software repository then a synchronization report can be generated for these devices. Click Schedule. 2. 2.

Navigate to CWHP > Resource Manager Essentials > Administration > Approval > Create/Edit Approver Lists. Config Editor. Specify Approver Lists. then click Add. Assign approval lists with the various functions such as NetConfig. 3. a. click Next. This document is Cisco Public Information. Archive Management and Software Management to be approved before being executed. d. it will take more time to show the software image selection dialog box. Config Editor. All contents are Copyright © 1992–2008 Cisco Systems. Page 45 of 64 . 7. You must create a list of approvers. Configuring Job Approval RME allows approval of jobs before they are executed. b. Archive Management and Software Management. c. Provide an Approver name in the top left text field. If a job is rejected. Config Editor. Enter the Job Control Information. There is a central location where all jobs created for various purposes in RME can be viewed. Job Management Jobs need to be created for performing archive management. Select users from the list of available users field in the middle. then click Finish. The approver can either accept or reject the job. Specify Approver Information. Note: If you do not select the Use generated Out-of-sync Report option. Navigate to CWHP > Resource Manager Essentials > Administration > Approval > Approver Details. The list has to be named and assigned approvers. navigate to CWHP > Resource Manager Essentials > Job Mgmt > Job Approval. The central location can be accessed by navigating to CWHP > Resource Manager Essentials > Job Mgmt > RME Jobs. Click Next. 1. The steps described above require all jobs created for NetConfig. Viewing Jobs Pending Approval To view all jobs pending approval. the status of the job is updated for the user who created the job. All rights reserved. Inc. 2. Archive Management and Software Management. download of configuration and device IOS/CatOS image management. Note: The user created here should have Approver role in the system (be it local security mode or ACS security mode ). 4. then click Add. The following are the logical steps to configure job approval.Deployment Guide 6. edit of configuration. All jobs can be searched on criteria such as status of the jobs and type of job. Enable Approval policies on the various functions like NetConfig. Save the configuration of approval lists.

Inc. Import status log file IPM creates a separate log file for the Device and Credentials Repository Import status. All the devices in DCR will be imported into IPM. All rights reserved. the target’s IP SLA responder status is not verified. All contents are Copyright © 1992–2008 Cisco Systems. Also. IPM verifies whether the IP SLA responder is enabled or not on the target. ● Target IP SLA responders When devices are imported as Target IP SLA Responders. Daily Purging Schedule Set up a daily purging schedule for fault history information in the DFM. These are traps that are received from the devices in the network. IPM adds the device without either contacting the device or making any verification. Page 46 of 64 . navigate to the DFM panel and choose Configuration > Other Configuration > Daily Purging Schedule. When you import devices from the Device and Credentials Repository. Those devices in DCR that cannot be an IPM source will be not added and in the import log file there will be an error message for that device. Forwarding SNMP Traps This configuration can be made to blindly forward traps that come into the trap receiver of the DFM. and device credentials. ensure that there are devices in the repository. Device Fault Manager Administration of the DFM Server can be categorized into the following sections. IPM interacts with this repository to get the device list. View the results of importing devices You can view the results of importing devices from the CiscoWorks home page by clicking View Import Source Log or View Import Target Log. there is no mechanism to import only selected devices from DCR into IPM. IPM contacts the device and adds them only if they are running IOS image with IP SLA feature and if the Read and Write community strings are provided. You can import devices as: ● Sources When you import devices as Sources. if the device has a read community string. you can import devices from DCR into Internetwork Performance Monitor. ● Target IP devices When you import devices as Target IP Devices. Note: Before you import devices from Device and Credential Repository. This document is Cisco Public Information.Deployment Guide Importing Devices into Internetwork Performance Monitor Once the devices are added into the Device and Credentials Repository. You can view the log file in: IPMROOT/etc/source or IPMROOT/etc/target. To set up a purge schedule. they are updated. device attributes. if the devices already exist in IPM. If there is not a read community string.

navigate to Configuration > Other Configuration > Group Administration. Page 47 of 64 . Default SMTP Server DFM has an email notification service that can send emails when alerts or events are generated. Inc. Note: Rediscovery does not add devices into the DCR as it would in Campus Manager. View Management View Management allows the user to see alerts and activities on a group of devices. Polling and Threshold Management For the faults and events to show up in DFM. To schedule a rediscovery. All rights reserved. To set the port used for trap receiving.Deployment Guide To set up trap forwarding. You can schedule multiple rediscoveries. These groups can be shared with other applications. navigate to Configuration > Other Configuration > Rediscovery Schedule. To set the SMTP Server information for sending emails. A view can be created on a list of groups and this view will be visible in the Alerts and Activities Window under Device Fault Manager. All contents are Copyright © 1992–2008 Cisco Systems. Rediscovery Rediscovery is limited to the list of devices that are known to DFM. edit or delete groups internal to DFM. navigate to the DFM panel and choose Configuration > Other Configuration > SNMP Trap Forwarding. ● Polling parameters are used to make DFM Server poll the devices in the various groups in specified intervals. Note: It is not NB trap generation for applications like HP Open View Receiving SNMP Traps This configuration is made for setting the global port for receiving traps in DFM. To create DFM groups. This email notification service needs SMTP Server information for forwarding emails. navigate to DFM panel and choose Configuration > Other Configuration > SNMP Trap Receiving. navigate to the DFM panel and choose Configuration > Other Configuration > SMTP Default Server. polling and threshold parameters need to be set. When these thresholds are crossed for the various types of devices alerts are raised in DFM Server. This document is Cisco Public Information. ● Threshold Parameters are used to determine the thresholds for various devices. Polling and Threshold parameters can be set by navigating to CWHP > Device Fault Manager > Configuration > Polling and Threshold. Group Administration Group administration’s function is to create.

● You can look at the 24-hour reports on the device in the top half of the right frame and launch tools in the bottom half of the right frame. This launches the summary and tools page for the device. ◦ Launch the Fault History Report to view any faults that occurred in the last 24 hours or 31 days. Page 48 of 64 . IP address information. CiscoView Cisco View provides real time chassis view of the devices. launch the Edit Device Credentials tool to edit the credentials. This document is Cisco Public Information. The list below is not complete but helps to understand some of the tools available in Device Center. ◦ If some faults are found. To launch Cisco View. you can launch the Switch Port Usage Report for recently up. ◦ Launch the Detailed Device Report on the device to view memory. run reports on the device and any management tasks such as changing credentials. and any fault related alerts for the device and the neighboring devices. go to the CiscoView tool to view the chassis and make some changes on the interfaces or ports. navigate to Configuration > Other Configuration > Alerts and Activities Defaults. Device Center also provides a set of functions that help facilitate debugging. All rights reserved. Click on the link on the device name after you have selected it. 24-hour Change Audit Summary. ◦ If the device is a switch. Device Center Device Center is a portal within the LMS bundle that provides the ability to gather and debug information about a particular device. ◦ Ping: Ping the device to see if it is reachable from the LMS server.Deployment Guide To create views. choose CWHP > Cisco View > Chassis View. Last inventory and configuration collection times. Device type. Syslog summary. down or unused ports. The procedure to launch debugging utilities on a particular device is given below. ● Browse through the group hierarchies to select a device or search for a particular device by typing in the name in the search utility provided above the group selector. image. Inc. ● A suggested list of tools to be launched in a particular order as follows. The “Summary” in device center provides information about the device IP address. ◦ You can synchronize the archive or download a previous archive of the configuration or All contents are Copyright © 1992–2008 Cisco Systems. Cisco View now provides a light weight HTML-based client. flash. Device Center is installed as part of the Common Services install and can be launched from CWHP > Device Troubleshooting > Device Center. ◦ Launch Credential Verification Report: Launch the Credential Verification Report to check for any missing credentials. ◦ If the credentials are missing. It also incorporates IPv6 functionality with the manageability over IPv4 address.

Deployment Guide do an image upgrade. All rights reserved. All contents are Copyright © 1992–2008 Cisco Systems. Page 49 of 64 . This document is Cisco Public Information. Inc.

trap messages. Network Management in Cisco LAN Management Solution 2. Resource Manager Essentials. Polling and Threshold Configuration Faults and events show up automatically for all devices because default polling settings are used for polling the devices. or Syslog messages. ● You can look at the current faults in real-time in an alerts and activities window. To set the Polling and Threshold parameters: 1. Internetwork Performance Monitor. 2. Campus Manager. When these thresholds are crossed. Check Status of Devices The status of all devices should be in the Known state: Choose Device Fault Manager > Device Management > Device Summary. Threshold parameters determine the thresholds for various devices. Polling parameters are used to make the Device Fault Manager server poll the devices in the various groups at specified intervals. alerts are raised in the Device Fault Manager server. Navigate to CWHP > Device Fault Manager > Configuration. ● You can choose to be notified by email. Fault Monitoring The Device Fault Manager (DFM) gives you the option of monitoring faults in three distinct ways: ● You can look at historic fault data using fault history. Set Up Tasks The following tasks must be completed before fault monitoring can be enabled in Device Fault Manager: Add List of Devices to the DCR A list of devices must be added from Device and Credentials Repository into DFM. All contents are Copyright © 1992–2008 Cisco Systems.6 This chapter provides more details on the network management tasks in LMS across the various applications: Device Fault Manager.Deployment Guide 7. Inc. and Common Services. This document is Cisco Public Information. This Polling and Threshold link provides an option to either change the default polling and threshold setting or to seta new polling and threshold setting for the user-defined device interface and port groups. Navigate to CWHP > Device Fault Manager > Device Management > Device Selector tool. All rights reserved. Then select the Polling and Threshold link. Page 50 of 64 .

click the SNMP Trap Notification link. All faults in the devices are automatically accumulated and can be viewed: Navigate to Device Fault Manager. Fault History No configuration is needed in Fault History. To launch the Alerts and Activities window: Navigate to CWHP > Device Fault Manager. Step 10 To send syslog messages to other machines when a notification needs to be raised on a notification group. click the E-Mail Notification link. then choose one of the following: ● Alert severity ● Event severity ● Alert status ● Event status for the devices in the group to send notification Step 5. Step 3. This document is Cisco Public Information. Baseline Configuration All enterprises need to enforce some standard policy across all the devices in the network. Select a group from the group selector. With the RME Baseline template and compliance check you can execute this functionality: All contents are Copyright © 1992–2008 Cisco Systems. Click Next. Step 6. All rights reserved. then click the Alerts and Activities link. click the Syslog Notification link. Select the Notification Services link. To send email notification to a user when a notification needs to be raised per notification group. Step 8. Alerts and Activities The Alerts and Activities window shows the real-time display of faults on devices or views. Step 7. Click Finish to create the notification group. then select the Fault History link. a fault ID. You can view the faults by searching for a single device. a group of devices. Step 1. Navigate to CWHP > Device Fault Manager. Enterprise networks need to audit the policy periodically and enforce the policy if any devices are found in violation of it. Inc. Create a Notification Group by clicking the Notification Groups link. Step 9. or an event ID. Provide the notification group name and click Next. Page 51 of 64 .Deployment Guide Fault and Alerts Notification Services Various notification services are available in Device Fault Manager to notify you of a fault or alert that occurred in the device. Step 4. To send traps to NB applications like HP Open View Network Node Manager when a notification needs to be raised per notification group. Step 2.

the device has not been contacted by RME through protocols (such as SNMP. The pre-deployed device state indicates that the devices are not reachable from the management server (either they are not in the network or sufficient credentials have not been provided). cmexport can execute the -v or -h options only. Campus Data Extraction Engine Campus Manager provides a data extraction engine to extract data about the following: ● User tracking data ● Layer 2 topology ● Discrepancies in the network configuration Data Extraction can be done either through the command-line interface or Servlet access. All rights reserved. Inc.Deployment Guide First identify a set of standardized policy-based commands that you want to have on a set of devices. The cmexport Utility You can access the command-line interface utility cmexport by going to the NMSROOT/campus/bin directory. Telnet. get baseline configurations. ● Deploy the baseline template to the same category of devices in the network. So you could pre-provision all the tasks (write a software image. the device moves to a normal state. After creating the baseline templates.) in RME before the devices are online. ● Schedule a compliance check job and deploy the baseline template on to the devices. This document is Cisco Public Information. After the RME server can contact the devices. and SSH). etc. You must invoke the cmexport command with one of the core commands specified in Table 6. All contents are Copyright © 1992–2008 Cisco Systems. Page 52 of 64 . you can accomplish following tasks. If no core command is specified. If RME successfully contacts the device through SNMP polling or pre-provisioned job completion. In the pre-deployed device state. Then create Baseline templates with those set of commands identified. Certain RME tasks that don’t need prior device information can be performed on pre-deployed devices as they would on normal state devices. The top-level Help provides the following information. cmexport <-h | -v | commands> <arguments> Core Commands The core data extraction commands are described in Table 6. those tasks can be pushed to the devices. Data Extraction from LMS Applications This section describes the Campus Data Extraction Engine and the RME Data Extraction Engine. Preprovisioning Devices There is a new device status group in RME called pre-deployed devices. ● Compare device configurations and generate a report that lists all the devices that are noncompliant to the baseline template.

discrepancy Generates discrepancy data in XML format. This parameter is applicable only when –host is chosen -layoutPhone User tracking phone data is exported in XML format for the layout given in layoutPhone.xml ● For Layer 2 Topology: PX_DATADIR/cmexport/L2Topology/timestampL2Topology. -v Displays the version of the cmexport utility. User Tracking cmexport Parameters Parameter Description -layout User tracking host data is exported in XML format for the layout given in layoutname.xml Directory Locations ● The PX_DATADIR directory is at these locations: ◦ Windows: %NMSROOT%\files folder ◦ Solaris: /var/adm/CSCOpx/files ● NMSROOT is the directory where you installed Campus Manager. The layout is a custom layout defined by the user in UT. You should delete these files when necessary. This parameter is applicable only when –host is chosen. l2topology Generates Layer 2 topology data in XML format. All contents are Copyright © 1992–2008 Cisco Systems. Archival Locations Data generated through the cmexport command-line interface is archived at the following locations by default. -query User tracking host data is exported in XML format for the query given in queryname. -view Specifies the format in which the user tracking XML data is presented. Inc. -queryPhone User tracking phone data is exported in XML format for the query given in phonequeryname. Possible Combinations of cmexport Commands User Tracking Table 7. However. This document is Cisco Public Information. This utility does not inherently delete the files created in the archive. using the same filename and directory twice would cause the previous file to be overwritten. ● subnet: User tracking data is displayed based on the subnet in which they are present. -h (Null option) Lists the usage Help information for this utility. All rights reserved. It currently supports two options: ● switch: User tracking data is displayed based on the switch. -f Specify the filename and the directory for storing the Data Extraction Engine output. Page 53 of 64 . This parameter is applicable only when –phone is chosen. ● For User Tracking: PX_DATADIR/cmexport/ut/timestamput. This parameter is applicable only when –phone is chosen.Deployment Guide Table 6. Core Commands: Campus Manager Data Extraction Core Command Description ut Generates User Tracking data in XML format.xml ● For Discrepancy: PX_DATADIR/cmexport/Discrepancy/timestampDiscrepancy. ● timestamp is the time at which the log was written in this format: YearMonthDateHourOfDayMinuteSecond format.

Generate the necessary payload XML file with the required data. The Servlet accepts users request and authenticates the requesting user’s identity using Common Services authentication mechanism. Sample Payload <payload> <!—The following element specifies the username (valid CiscoWorks or ACS user ID) of the person initiating this DEE call --> <username>username</username> <!— The following element specifies the valid password of the user ID --> <password>password</password> <!—The following element specifies the DEE command used for extracting UT host. Use a script to perform a POST operation to the Servlet with the payload file. The input XML file contains various tags for username. core command. and optional details. the output will be displayed at the client terminal. Extracting the Export File From the Servlet The steps to extract the export file from the Servlet are as follows: Step 1. and returns the results in XML format. The Servlet requires a payload file that contains details about the user’s credentials. Step 3. phone. Servlet access is used to extract data from a client system. performs the operations. discrepancy and L2 topology information -> All contents are Copyright © 1992–2008 Cisco Systems. This document is Cisco Public Information. Page 54 of 64 . While generating data through the Servlet. and optional tags. All rights reserved.xml Servlet Access to the Data Extraction Engine The Servlet access to Campus Manager Data Extraction Engine is described below. the command you want to execute. The Servlet is: http://Campus-Server:1741/CSCOnm/campus/servlet/CMExportServlet The HTTP response of the Servlet contains the XML file generated by executing the cmexport command on the server with the parameters provided in the payload file. topology. such as log and debug options as inputs in XML format. The Servlet then parses the payload file encoded in XML. Step 2.Deployment Guide Example Commands cmexport ut –u admin –p admin –host cmexport ut –u admin –p admin –phone cmexport ut –u admin –p admin –host -query dupMAC –layout all cmexport ut –u admin –p admin –host -query dupMAC –layout <name> cmexport ut –u admin –p admin –phone -queryPhone <name> –layoutPhone <name> cmexport ut –u admin –p admin –host -f ut. The command to export user tracking. password.xml cmexport ut –u admin –view switch –host Layer 2 Topology or Discrepancy Commands cmexport L2Topology|Discrepancy –u admin –p admin cmexport L2Topology|Discrepancy –u admin –p admin -f 013104L2. and discrepancy can be sent as HTTP or HTTPS requests. Typically. Inc. Extract the XML file from the content of the HTTP response and save it to a local file.

while ( <FILE> ) { $str . This document is Cisco Public Information. Page 55 of 64 . $fname = $ARGV[1] . #-. $url. $temp = $ARGV[0] .Deployment Guide <command>ut_host</command> <!—The following element specifies the logfile where all logs need to be output --> <logfile>filename</logfile> <!—The following element specifies the debug level at which the log is output.> <view></view> </payload> Sample Perl Script to Access the Servlet Note: Sample scripts are available in the Campus Manager Data Extraction Engine online Help. All rights reserved. " : ". my $res = $ua->request($req). } url_call($temp). All contents are Copyright © 1992–2008 Cisco Systems. if ( -f $fname ) { open (FILE. my $ua = new LWP::UserAgent. $res->code. "\n". } else { $result = $res->content.Activate a CGI: sub url_call { my ($url) = @_. my $hdr = new HTTP::Headers 'Content-Type' => 'text/html'. Inc. $res->message. if ($res->is_error) { print "ERROR : ". my $result.= $_ . --> <debug>1</debug> <!—The following element specifies the custom report name created in the User Tracking user interface by navigating to CWHP > Campus Manager > User Tracking > Reports > Custom Reports. #!/opt/CSCOpx/bin/perl use LWP::UserAgent."$fname") || die "File open Failed $!". my $req = new HTTP::Request ('GET'. } close(FILE). $| = 1. $result = ''. $ua->timeout(5000). $hdr). $req->content($str).

The command will look similar to these commands for HTTP and HTTPS modes: ● In HTTP mode . the CMEXPORTFILE environment variable should be set so it points to the file containing the credentials. If no core command is specified.xml ● In HTTPS mode: . The command should be entered in the following format: cmexport ut –u admin –host This syntax enables cmexport to find the relevant password associated with the username (in the example here. Resource Manager Essentials Data Extraction Engine Resource Manager Essentials provides a data extraction engine to extract data about the following: ● Inventory ● Change audit ● A device’s configuration details Data extraction can be done by either through the command-line interface or Servlet access. } } The Perl script listed above will invoke the servlet with the use of payload . The username and password are either provided as part of the command-line interface and Servlet call or the password is put in a password file for retrieval by the Data Extraction Engine. Page 56 of 64 . The access permissions to the file can be set to prevent any unauthorized access. The top-level Help command cwcli –help provides the following information: General syntax to run a command with arguments is: cwcli <application/command> <arguments> For detailed help on a command and its arguments.xml Any user using the Data Extraction Engine is authenticated and authorized./perl script. When using this option.pl http://server:1741/campus/servlet/CMExportServlet payload. All contents are Copyright © 1992–2008 Cisco Systems. for the username admin). The command-line interface utility cwcli can be accessed by going to NMSROOT/bin directory. Inc./perl script.xml file. } else { print $result . All rights reserved. This document is Cisco Public Information.pl https://server/campus/servlet/CMExportServlet payload.Deployment Guide if($result =~ /Authorization error/) { print "Authorization error\n". cwcli can execute the -v or -help options only. run: cwcli <application/command> -help You must invoke the cwcli command with one of the core commands specified in Table 8.

Deployment Guide Table 8. and changeaudit details into XML format. It also helps in importing or exporting the User Defined Template XML files -v Displays the version of the cwcli utility.xml All contents are Copyright © 1992–2008 Cisco Systems. It also helps in importing or exporting the data in inventory as XML files. This document is Cisco Public Information. ● AppSpecificArguments are the optional parameters. inventory A command-line interface tool to create. which modify the behavior of the specific cwcli export core command. you must enter the core command immediately after cwcli export. export Exports inventory/configuration/change audit data in XML. ● To launch the cwcli export changeaudit command: man export-changeaudit ● To launch the cwcli export config command: man export-config ● To launch the cwcli export inventory command: man export-inventory Data Archiving Location Data generated through the cwcli export command-line interface is archived at the following locations by default: ● ChangeAudit ◦ On Solaris: /var/adm/CSCOpx/files/rme/archive/YYYY-MM-DD-HH-MM-SSchangeaudit. delete. Inc. Core Commands: Resource Manager Essentials Data Extraction Core Command Description config Provides a set of commands that are used to download and fetch configurations. compare two different configurations. -help (Null option) Lists the usage information for this utility. The order of the arguments and options are not important. and reload the device. you can view the cwcli export man pages by setting the MANPATH to: /opt/CSCOpx/man/man1 The man pages to launch the cwcli export command are man cwcli-export to launch the cwcli export command. and cancel a NetConfig job. Page 57 of 64 . Command-Line Syntax The command line syntax of the application is in the following format: cwcli export command GlobalArguments AppSpecificArguments ● cwcli export is the CiscoWorks command line interface for exporting inventory. and cancel an inventory collection job.xml ● Config ◦ On Solaris: /var/adm/CSCOpx/files/rme/cwconfig/YYYY-MM-DD-HH-MM-SS-MSMSMSDevice_Display_Name. ● GlobalArguments are the additional parameters required for each core command. On UNIX. However. netconfig A command-line interface tool to create. invreport List all custom reports and generates CSV formatted inventory report(s) for given template(s).xml ◦ On Windows: NMSROOT\files\rme\archive\ YYYY-MM-DD-HH-MM-SS-changeaudit. configuration. ● Command specifies which core operation is to be performed. delete. All rights reserved. delete the archived configuration files.

xml ● Inventory ◦ On Solaris: /var/adm/CSCOpx/files/rme/archive/YYYY-MM-DD-HH-MM-SS-inventory. This document is Cisco Public Information. The following is the Servlet to be invoked to execute any command: For a post request http://<rme-server>:<rme-port>/rme/cwcli <payload XML file> For a get request http://<rme-server>:<rme-port>/rme/cwcli?command=cwcli config <commandname>-u <user> p<BAse64 encoded pwd> -args1 <arg1value>.Deployment Guide ◦ On Windows: NMSROOT\files\rme\cwconfig\ YYYY-MM-DD-HH-MM-SSMSMSMSDevice_Display_Name. Page 58 of 64 .. Inc..inventory.77. All rights reserved. The name of the Servlet is /rme/cwcli.240.xml is as follows: <payload> <command> cwcli config import -u admin -p <Base64Encoded pwd> -device 10.xml RME Servlet The details of Servlet access to RME Data Extraction Engine is given below.106 <arg> -f </arg> <arg-val> banner motd "welcome.xml ◦ On Windows: NMSROOT\files\rme\archive\ YYYY-MM-DD-HH-MM-SS. to execute the import command payload. Note: Use <arg> and <argval> tags when the argument is a file.1 xml </command> <arg> </arg> <arg-val> </arg-val> </payload> For example.Sir" </arg-val> </command> </payload> All contents are Copyright © 1992–2008 Cisco Systems. The contents of the payload xml file are as follows. <payload> <command> cwcli config export -u admin -p <Base64Encoded pwd> -device 1.1.1.

77. The default port for CiscoWorks server in HTTP mode is 1741. the port number is 443. $ua->timeout(1000). $res->code. my $result.Deployment Guide The Remote Access Servlet creates a temporary file with the contents specified between the arg val tags for the import command. Page 59 of 64 . my $ua = new LWP::UserAgent.pl http(s)://<rme-server>:<rme-port>/rme/cwcli <payload XML file> Note: For the secure mode (HTTPS). $hdr). my $res = $ua->request ($req). This document is Cisco Public Information. } else { $result = $res->content.240.= $_ . open (FILE. } else { print $result . $req->content($str). $result = ''. $res->message. Inc. while ( <FILE> ) { $str . my $req = new HTTP::Request ('POST'. url_call($temp). # you can set timeout value depending on number of devices my $hdr = new HTTP::Headers 'Content-Type' => 'text/html'. $url. $temp = $ARGV[0] . Sir". For example: Perl samplescript. if ($res->is_error) { print "ERROR : ". All rights reserved. Sample Script to Invoke the Servlet #!/opt/CSCOpx/bin/perl use LWP::UserAgent.106 -f tempfile Here the tempfile contains the line banner motd "welcome. #-. On the server.Activate a CGI: sub url_call { my ($url) = @_."$fname") || die "File open Failed $!". All contents are Copyright © 1992–2008 Cisco Systems. if($result =~ /Authorization error/) { print "Authorization error\n". "\n". $fname = $ARGV[1] . } print $str . the command is executed as cwcli config import -u admin -p <Base64Encoded pwd> -device 10. " : ".

'. ipm export [-q] [[-k <letter>] | -w] [-h] [ ( -c | -s | -t | -o | -cs) [<CollectorName>] ] | [ (-dh | -dd | -dw | -dm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ (-jh | -jd | -jw | -jm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ (-ph | -pd | -pw | -pm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ -r [<WhichDay>] ] | [ -all [<StartDate>] [<EndDate>]] General Options [ipmRoot] Root location of IPM. All rights reserved. This document is Cisco Public Information. -k Delimiter: Set the field delimiter to <letter>. The ipm export command line interface is the command to do IPM export. Only applicable in plain text output format. -q Quiet output: Display no column headings. such as /opt/CSCOipm. This is only applicable in plain text output format. this is set to a comma '. Inc.Deployment Guide } } } Internetwork Performance Monitor Export There has been no change in the way the data can be exported in Internetwork Performance Monitor from the previous version of the product. The IPM Export Command The following example shows the command syntax and help that is displayed when you use the ipm export Help command: You must be logged in as the root user (in Solaris) or administrator (in Windows) to use export IPM data using the ipm export command. -w HTML output: A web page will be generated from the output of this command. -h Help . Page 60 of 64 . By default.output this usage help Format: Time - <StartTime> and <EndTime> input as: MM/DD/YYYY-hh:mm:ss Date - <WhichDay> input as: MM/DD/YYYY <StartDate> and <EndDate> input as: MM/DD/YYYY All contents are Copyright © 1992–2008 Cisco Systems.

The following reports can be generated. You can generate Custom reports by navigating to User Tracking > Reports > Custom Reports. A simple query can be input to view a subset of the end hosts or IP Phones present in UT. All contents are Copyright © 1992–2008 Cisco Systems. you can add. Page 61 of 64 . You can save the custom reports. You can find the report job listing by navigating to User Tracking > Reports > Report Jobs. Step 3. Remote NMS and ACS ( AAA server ) ● exp: Exports to a file UT Reports You can generate UT Reports by navigating to CWHP > Campus Manager > User Tracking > Reports. Inc. impNms. Local NMS. All rights reserved. The switch port usage reports can be run for recently down. impACS: Imports device list from File. or Slave mode ● impFile. and view the current DCR mode. NMSROOT/bin/dcrcli –u username Step 2. Select one of the various top level commands ● add: Adds a device ● del: Deletes a device ● mod: Modifies a device ● lsattr: Lists the attributes stored in DCR ● details: View device details ● lsmode: Lists the DCR mode as Master. ● UT can list the jobs that are run periodically to generate reports.Deployment Guide The DCR Command Line Interface Using the command line interface. Slave. evaluating a query on the group to subset the number of end hosts and IP Phones. ● UT can run reports on switch port usage statistics of the switches. unused down and unused up ports. These jobs are for generating reports on end hosts. Standalone. setslave: Sets the DCR to Master. ● You can generate Custom Reports for end hosts and IP Phones by selecting a group. or Standalone ● setmaster. duplicate device entries and switch port usage. You can also view the list of DCR attributes that can be stored in DCR. IP Phones. modify devices and change DCR modes. Enter the password corresponding to the username. setstand. impRNms. delete. ● UT provides the ability to quickly view reports on end hosts and IP Phones. This document is Cisco Public Information. The main command to launch is at: NMSROOT/bin/dcrcli The steps are as follows: Step 1.

or IEEE 802. Least cost Least cost recommendation will provide a recommendation on a root that would be the least cost from all the nodes in the switch cloud. The least depth spanning tree recommendation can be seen by the following sequence: a. Least depth The least depth method would help the user select a root for the particular VLAN that would provide the least from each node in the network to the root. A template for enabling Syslogs is built in NetConfig. 3. select Reports. b. Go to Topology Services > Network Views > LAN Edge View. in the Switch Cloud view. Page 62 of 64 . Since most of the switched traffic is directed through the root bridge. Enabling syslogs provides a multi fold advantage: ● LMS will collect and update any configuration and inventory changes on the network.Deployment Guide You can use the custom reports while generating detailed reports on end hosts or IP phones by going to User Tracking > Reports > Report Generator. c. Create a NetConfig job by clicking NetConfig Jobs under the TOC. Traffic data Campus Manager also has the ability to recommend Root Bridge based on the traffic in the network. This document is Cisco Public Information. you can enable syslogs through NetConfig. Cisco MISTP Recommendations. ● Received syslogs can be analyzed and can also be used for further triggering automated actions Syslogs can be enabled on devices using NetConfig. it is essential to have the proper switch designated as the root bridge. VLAN Recommendations Campus Manager provides the ability to view VLANs and the ability to get recommendations on spanning trees. 2. Select the desired Switch Cloud and click Display View. All rights reserved. The different types of spanning trees that are supported for recommendations are PVST. The ability to collect syslogs helps manage the network more effectively. Campus Manager provides the ability to select the root bridge based on the following criteria: 1. MIST and 802. then select Per VLAN STP Recommendations. Configuring Syslog on Devices LMS has the ability to collect and analyze syslogs received from devices in the network.1s Recommendations.0 provides the ability to schedule a single job for devices using Cisco IOS and Catalyst OS.1s. You can access the template under Resource Manager Essentials > Config Mgmt > NetConfig. To run optimal root and instance reduction and instance recommendation reports. All contents are Copyright © 1992–2008 Cisco Systems. RME 4. The spanning tree formed in this selection would have the minimum depth. Once the device configurations are being managed by RME. Inc.

1Q. follow these steps: 1. Change Management RME Config Editor The RME Config Editor function can be used to edit a device configuration stored in the configuration archive and download it to the device. The configuration window also provides the ability to copy running configuration to startup configuration. the file is locked so that no one else will be able to make changes to it at the same time.Deployment Guide Campus Manager accepts traffic information from two sources. The protocol for Ether Channel is PagP and the channel mode is Desirable. Ether Channel Configuration For channel configuration. Inc. Enter the Allowed and Disallowed VLANs on that trunk. If other users attempt to open the file to edit it. The Ether Channel Configuration window appears. mac. 2. ISL or Negotiate. The Ether Channel Configuration window also shows all the links between the two devices where the Ether channel is being set up. destination. All rights reserved. or port and the distribution address type can be set to source. While the file is locked. This document is Cisco Public Information. Page 63 of 64 . it is maintained in a “private” archive available only to the user who checked it out. NetConfig Function The NetConfig function provides a set of command templates that can be used to update the device configuration on multiple devices all at once. one of the sources is NAM and the other source is the NetFlow collector. When a configuration file is opened with Config Editor. Select a link on the Layer 2 View. All contents are Copyright © 1992–2008 Cisco Systems. right-click and select Configure Ether Channel. The distribution protocol can be set to ip. Trunk Configuration To configure Trunk configuration: 1. or both. The Config Editor tool allows the user to make changes to any version of a configuration file. The NetConfig tool provides wizard-based templates to simplify and reduce the time it takes to roll out global changes to network devices. review changes. 3. You can select the links that should be part of the Ether channel. The file will remain locked until it is downloaded to the device or manually unlocked within Config Editor by the user who checked it out or by a user that has network administrator and system administrator privileges. Select the type of encapsulation 802. Ether Channel and Trunk Deployment Campus Manager Topology Services Layer 2 view also provides the ability to configure Ether channels and Trunks. 2. they will be notified that the file is already checked out and they can only open a “read-only” copy. and then download the changes to the device. Right-click on a particular link and select Create Trunk.

if a job fails on a device. use the appropriate SNMP template to update community strings on all devices using the same job. These reports help manage the changes on the network. Select Change Audit as the application. the addition or deletion of devices. Change Audit All changes made on the network through LMS are recorded as part of change audit.Deployment Guide These templates can be used to execute one or more configuration commands on multiple devices at the same time. NetConfig comes with several predefined templates containing all necessary commands. C07-400501-01 02/08 Page 64 of 64 . for example. This document is Cisco Public Information. For example. A copy of all updated configurations will be automatically stored in the configuration archive. 1. Audit Trail Resource Manager Essentials also provides the capability to have an Audit Trail. Audit Trail provides a trail of all the changes that are being on the server. Printed in USA All contents are Copyright © 1992–2008 Cisco Systems. If syslogs are enabled on devices. The user simply supplies the parameters for the command and NetConfig takes care of the actual command syntax. These predefined templates include corresponding rollback commands. Standard Report or Exception Period Report. or a credential change. All rights reserved. the configuration will be returned to its original state. The report type can be either a 24-hour report. 2. Inc. To view Change Audit reports. any out-of-band changes made on the devices are also recorded as part of the change audit. to change SNMP community strings on a regular basis to increase security on devices. therefore. go to Resource Manager Essentials > Reports > Report Generator.