You are on page 1of 64

Cisco LAN Management Solution 2.

6
Deployment Guide

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 64
Page 1 of
64

Deployment Guide

Table of Contents
Table of Contents .............................................................................................................................. 2
1. Cisco LAN Management Solution 2.6 Deployment Guide ............................................................. 4
Introduction................................................................................................................................... 4
Applications Included in LMS 2.6............................................................................................. 4
Versions Available for LMS 2.6................................................................................................ 5
LMS 2.6 Architecture .................................................................................................................... 5
Common Services and DCR.................................................................................................... 6
Device and LMS Workflow ........................................................................................................... 6
2. Setting up Devices on the Network ............................................................................................... 8
Device Setup Elements ................................................................................................................ 8
System Name .......................................................................................................................... 8
Domain Name.......................................................................................................................... 8
SNMP Settings ........................................................................................................................ 9
System Reload ...................................................................................................................... 10
Command Line Prompts ........................................................................................................ 10
Telnet/SSH ............................................................................................................................ 10
Syslog Messages................................................................................................................... 11
Remote Copy Protocol (rcp) .................................................................................................. 11
Configuring Protocols ................................................................................................................. 12
Cisco Discovery Protocol (CDP) ............................................................................................ 12
Secure Copy Protocol (scp) ................................................................................................... 13
HTTP and HTTPS Servers .................................................................................................... 13
Configuring Multiple Spanning-Tree ...................................................................................... 14
Configuring Multiple Instance Spanning-Tree ........................................................................ 15
Configuring Per-VLAN Spanning Tree+................................................................................. 16
Configuring VLAN Trunk Protocol (VTP)................................................................................ 17
3. Cisco LAN Management Solution 2.6 Installation Requirements ................................................ 20
Solaris OS Installation Requirements ......................................................................................... 20
Recommended Solaris Disk Layout ....................................................................................... 20
Windows OS Installation Requirements ..................................................................................... 21
Recommended Order for Installing LMS Applications ................................................................ 21
Ports Used by LMS Applications............................................................................................ 22
Licensing Terminology and Process3......................................................................................... 24
4. Initial Setup of the LAN Management Solution 2.6 Server .......................................................... 25
Application Mode Settings in LMS Applications.......................................................................... 25
Protocol Setup............................................................................................................................ 26
Configuration Management.................................................................................................... 26
Software Image Management................................................................................................ 27
Setting Up Security..................................................................................................................... 27
Certificate Setup .................................................................................................................... 27
Setting up the Cisco Secure Access Control Server .................................................................. 28
Integrating LMS Servers with ACS ........................................................................................ 28
Setting Permissions for Performing Tasks on Devices ............................................................... 30
Enabling HTTPS on an LMS Server ...................................................................................... 31
Single Sign-On....................................................................................................................... 31
5. Populating Devices in Cisco LAN Management Solution 2.6 ...................................................... 32
Campus Manager Device Discovery .......................................................................................... 32
Defining a Seed Device in Campus Manager ........................................................................ 32
Bulk Device Import to Device and Credentials Repository ......................................................... 33
Device Credentials Update......................................................................................................... 34
Device Management .................................................................................................................. 34
Adding Devices to RME From DCR ....................................................................................... 34
Viewing Configuration Collection Status in RME ................................................................... 35
Collecting Devices’ Startup and Running Config ................................................................... 35
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 64

Deployment Guide

Verification of Device Import Status in LMS Applications....................................................... 35
6. Server Administration in Cisco LAN Management Solution 2.6................................................... 37
Common Services ...................................................................................................................... 37
Creating User Defined Groups............................................................................................... 37
Backing Up LMS Data ................................................................................................................ 37
Restoring LMS Data ................................................................................................................... 38
Example Restore Operation (Solaris) .................................................................................... 38
Campus Manager....................................................................................................................... 38
Campus Manager Device Discovery...................................................................................... 39
Campus Manager Data Collection ......................................................................................... 40
User Tracking Module............................................................................................................ 40
Hierarchical Groups in Campus Manager .............................................................................. 41
Resource Manager Essentials.................................................................................................... 41
Inventory Collection/Polling.................................................................................................... 41
Configuration File Collection and Polling ............................................................................... 42
Purge Policies........................................................................................................................ 42
Syslog .................................................................................................................................... 43
Change Audit ......................................................................................................................... 44
SWIM Baseline Collection...................................................................................................... 44
Job Management ................................................................................................................... 45
Importing Devices into Internetwork Performance Monitor ......................................................... 46
Device Fault Manager ................................................................................................................ 46
Daily Purging Schedule.......................................................................................................... 46
Forwarding SNMP Traps ....................................................................................................... 46
Receiving SNMP Traps.......................................................................................................... 47
Default SMTP Server ............................................................................................................. 47
Rediscovery ........................................................................................................................... 47
Group Administration ............................................................................................................. 47
Polling and Threshold Management ...................................................................................... 47
View Management ................................................................................................................. 47
CiscoView................................................................................................................................... 48
Device Center ........................................................................................................................ 48
7. Network Management in Cisco LAN Management Solution 2.6.................................................. 50
Fault Monitoring.......................................................................................................................... 50
Set Up Tasks ......................................................................................................................... 50
Fault and Alerts Notification Services .................................................................................... 51
Fault History........................................................................................................................... 51
Alerts and Activities ............................................................................................................... 51
Baseline Configuration ............................................................................................................... 51
Preprovisioning Devices ........................................................................................................ 52
Data Extraction from LMS Applications ...................................................................................... 52
Campus Data Extraction Engine............................................................................................ 52
Possible Combinations of cmexport Commands ................................................................... 53
Resource Manager Essentials Data Extraction Engine.......................................................... 56
Internetwork Performance Monitor Export ............................................................................. 60
The DCR Command Line Interface........................................................................................ 61
UT Reports ................................................................................................................................. 61
Configuring Syslog on Devices................................................................................................... 62
VLAN Recommendations ........................................................................................................... 62
Ether Channel and Trunk Deployment ....................................................................................... 63
Ether Channel Configuration.................................................................................................. 63
Trunk Configuration ............................................................................................................... 63
Change Management ................................................................................................................. 63

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 64

1 and Integration Utility 1. ◦ CiscoView 6. Such increase in the number of network elements creates a challenge for network administrators. By using common centralized systems and network-inventory knowledge.0.6. Some concepts related to multi-server deployment that have been introduced in LMS 2.5 Common Services 3. All contents are Copyright © 1992–2008 Cisco Systems.6 Campus Manager provides the ability to visualize network topology. allowing users to easily interact with device components to change configuration parameters and monitor statistics. Cisco LAN Management Solution 2. All rights reserved.5 To support life cycle management.5 provides “front panel” graphical displays of Cisco devices.1. Page 4 of 64 . and provide Layer 2 and Layer 3 data and voice traces and end-host user information. RME provides the ability to manage device inventory and audit changes. With increasing reliance on networks to increase productivity.0. detect network discrepancies. ◦ Integration Utility 1. How does an enterprise effectively deploy and maintain their network devices? CiscoWorks LAN Management Solution (LMS) provides the integrated management tools needed to simplify the configuration.Deployment Guide 1. Applications Included in LMS 2. ● Resource Manager Essentials (RME) 4.0. configuration files. helping enterprises deploy and manage solutions. This document is Cisco Public Information. administration. and identification and localization of network trouble. Common Services 3.5 includes both CiscoView 6.0.6 LAN Management Solution (LMS) 2.6 Deployment Guide Introduction Network management is critical in today’s networks. ● Campus Manager (CM) 4. Inc.5 provides a set of shared application services that are used by all LMS applications. and software images—as well as Syslog analysis.0. monitoring. automation of device management tasks. and troubleshooting of Cisco networks. References will be provided for detailed discussions in the respective white papers. This deployment guide considers scenarios where all applications reside on a single server and provides tips and suggestions on configuring the server. It provides IT organizations an integrated system for sharing device information across management applications. enterprises are confronted with an ever growing network size. manage VLANs.6 is an integration module that supports third-party network management systems. CiscoWorks LMS delivers a unique platform of crossfunctional management capabilities that reduces network administration overhead and provides upper-layer systems integration. visibility into the health and capability of the network.6 will also be discussed.6 includes the following components: ● CiscoWorks Common Services 3.

All rights reserved.Deployment Guide ● Device Fault Manager (DFM) 2.x to LMS 2. called collectors. All contents are Copyright © 1992–2008 Cisco Systems.6 Device Fault Manager provides the ability to monitor device faults in real-time and determine the root cause by correlating device-level fault conditions.x to LMS 2.6 Internetwork Performance Monitor measures network performance based on the synthetic ® traffic generation technology within the Cisco IOS software. which is known as Cisco IOS IP SLA. Fault History lets the operator store and access historical information about alerts and faults that are detected and processed by DFM. in the router.6: ● Restricted Version The Restricted version of LMS 2.6 is for customers transitioning from LMS 1. Page 5 of 64 . LMS 2. ● Large Enterprise Version The Large Enterprise version is for customers transitioning from LMS 1. This document is Cisco Public Information.6 Architecture Figure 1 shows the architecture diagram of an LMS 2. Inc.0.x Unlimited version or from LMS 2. a target device and an operation type. Versions Available for LMS 2.6. ● Internetwork Performance Monitor (IPM) 2.x Unlimited version or from LMS 2. include a source router.6 server and how the applications residing on a single LMS server interact to obtain device information. These collectors.6 You can select one of the following two versions of LMS 2. This version has no limit on the number of devices it can support. DFM can issue notifications of critical network conditions via email or pager. This flexibility makes IPM a highly effective performance-troubleshooting tool. The device limit for this version is 300 devices. Using synthetic traffic gives the network manager a high degree of flexibility in selecting the end points in a network between which network performance will be measured.6. as part of their configuration. IPM takes advantage of Cisco IOS IP SLA3 technology by configuring network performance agents.

All rights reserved. see the Application Mode Settings in LMS Applications. Since there is a common device and credentials repository. Inc. LMS 2. Device Credential and Repository (DCR) is part of Common Services and acts as a central secure repository for all the device and credential information.Deployment Guide Figure 1. Page 6 of 64 .6 applications use Common Services as shown in Figure 1. All contents are Copyright © 1992–2008 Cisco Systems. This document only briefly describes some of the basic configuration that can be achieved in a multi-server setup. page 24. The Device and Credential Repository also helps in a multi-server setup.6 Architecture Common Services and DCR LMS 2. Device and LMS Workflow Figure 2 summarizes the device and LMS setup workflow. For more information on this. All applications within LMS request DCR for device credential information. This document is Cisco Public Information. Subsequent chapters describe the setup and workflow processes in detail. devices populated in DCR can be automatically populated in different applications.

Inc. This document is Cisco Public Information.Deployment Guide Figure 2. All rights reserved. Page 7 of 64 . Device and LMS Setup Workflow All contents are Copyright © 1992–2008 Cisco Systems.

Deployment Guide

2. Setting up Devices on the Network
LAN Management Solution (LMS) 2.6 helps to manage Cisco devices on the network. But before
LMS 2.6 can function correctly, the network devices it touches must be set up correctly. The
information provided in this chapter is a general description of the means and procedures
recommended to ensure that the network devices are set up correctly.
Note:

This chapter provides a great deal of information on the device configuration procedures

required to manage devices using CiscoWorks LAN Management Solution. But keep in mind that
this document is not intended to be a comprehensive configuration guide for LMS 2.6. For
additional configuration details, please contact a Cisco certified network engineer if possible and
refer to pertinent documents that are posted on Cisco.com.
Tip:

Prior to LMS deployment, in the case of Cisco IOS and Catalyst OS devices, all

configuration changes must be saved to non-volatile memory (NVRAM) using the following
commands:
write memory or copy running-config startup-config.
Please note that these two commands are provided to save pre-LMS deployment configuration
changes. After LMS is deployed, configuration changes are saved automatically where appropriate
and no user intervention is required. Newer versions of Catalyst OS devices have separate running
and startup configurations.

Device Setup Elements
This section describes each of the elements in the device setup that needs to be attended to.
System Name
Each Cisco IOS device in the network must have a unique system name (sysName) to discover all
devices. The system name is also populated in the Cisco Discovery Protocol (CDP) table. If there
are duplicate system names on the network, LMS will discover only one device by that name on the
network. On Cisco IOS devices, the domain name also affects the system name.
You can set up the system name by using the following commands:
Cisco IOS Devices
hostname <name>
Cisco Catalyst OS Devices
set system name <name>
Domain Name
You can set a domain name on a Cisco IOS or a Catalyst OS device. Set up the domain name by
using the following commands:
Cisco IOS Devices
ip domain-name <name>
Cisco Catalyst OS Devices
set system name <name with domain name>

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 8 of 64

Deployment Guide

SNMP Settings
LAN Management Solution uses Simple Network Management Protocol (SNMP) community strings
to read and write information from and to the devices.
Note:

LMS supports SNMP AuthNoPriv mode of SNMP v3.

Enabling SNMP v3 on Cisco IOS Devices
To enable SNMP v3 on Cisco IOS devices, follow these steps:
Step 1. Create a view.
snmp-server view campus oid-tree included
Step 2. Set the security model.
snmp-server group cmtest v3 auth read campus write campus access
access-list
Step 3. Create a user and specify the authentication protocol to be used.
snmp-server user cmtester campus v3 auth md5 password
Step 4. Create a group and associate the user with it.
snmp-server user cmtester cmtest v3
Enabling SNMP v3 on Catalyst OS Devices
To enable SNMP v3 on Catalyst OS devices, follow these steps:
Step 1. Create a view.
set snmp view campus 1.3.6.1 included nonvolatile
Step 2. Set the security model.
set snmp access cmtest security-model v3 authentication read campus
write campus nonvolatile
Step 3. Create a user and specify the authentication protocol to be used.
set snmp user cmtester authentication md5 cisco123
Step 4. Create a group and associate the user with it.
set snmp group cmtest user cmtester security-model v3 nonvolatile
Enabling SNMP v1 or v2c on Cisco IOS Devices
To enable SNMP v1 or v2 on Cisco IOS devices, follow these steps:
Step 1. snmp-server community <read-community-string> ro
Step 2. snmp-server community <write-community-string> rw
Enabling SNMP v1 or v2c on Cisco Catalyst OS Devices
To enable SNMP v1 or v2c on Cisco Catalyst OS devices, set as follows:
Step 1. set snmp community read-only <read-community-string>
Step 2. set snmp community read-write <write-community-string>
The community strings configured on the devices must match the community strings entered in the
DCR (Device Credential Repository) component in LMS.
Enabling Traps in Catalyst OS Devices to Be Sent to a Particular Host
To enable traps in Catalyst OS devices to be sent to a particular host, enter this command:
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 9 of 64

Deployment Guide

set snmp trap 192.168.124.24 public
Enabling Traps in IOS Devices to Be Sent to a Particular Host Using SNMP v2c
To enable traps in IOS devices to be sent to a particular host using SNMP v2c, enter t his
command:
snmp-server host 192.168.124.24 traps version 2c public
In these examples for enabling traps, the public community string helps selective processing of
traps on the trap-receiving side.
System Reload
After a software image distribution operation using Resource Manager Essentials (RME) is
completed, RME will reload the device if so specified in the Image Distribution job. RME will be able
to reload any device (IOS or Catalyst OS) only if an SNMP manager (in this case, RME) is allowed
to reset the agent.
The following command is needed on Cisco IOS devices only:
snmp-server system-shutdown
Command Line Prompts
To utilize the NetConfig capability to execute batch changes on devices, Cisco device command
line prompts must meet the requirements described in this section.
Note:

Customized prompts should also fulfill these requirements.

Cisco IOS Devices

The Login prompt should end with an angle bracket (>).

For example: Cisco>

The Enable prompt should end with a pound sign (#).

For example: Cisco#
Cisco Catalyst OS Devices
The Enable prompt must end with “(enable).”
For example: Cisco(enable)
Telnet/SSH
Telnet is one of the protocols that can be used by RME for configuration management. You can
enable Telnet using the following commands.
To enable Telnet on Cisco IOS devices and Catalyst OS devices, enter these commands:
line vty 0 4
password <password>
login
exec-timeout 0 0
Note:

More than four VTY lines can be selected for log in.

Different authentication on different VTY lines is not supported.SSH provides for a secure
communication with the device.

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 10 of 64

Remote Copy Protocol (rcp) Remote Copy Protocol (rcp) is one of the protocols that can be used by RME for configuration management and software image management. This All contents are Copyright © 1992–2008 Cisco Systems. especially RME. the server IP address entered here is the address of the RME server. Cisco IOS Devices Enable Syslog messages on Cisco IOS devices from global configuration mode: logging on logging <server-ip-address> logging trap <logging-level> Note: To limit the number of messages sent to the syslog servers. The default value is cwuser. Inc. use the logging trap configuration command above. In the case of remote Syslog Analyzer and Collector. Syslog Messages Syslog messages can be enabled on Cisco devices to further use the capability of LMS. This document is Cisco Public Information. Page 11 of 64 . Catalyst OS Devices To enable Syslog messages on Catalyst OS devices: set logging server enable set logging server <server-ip-address> set logging level all <logging-level> default Tip: The <server-ip-address> parameter is the IP address of the LMS server.17.246.221 cwuser enable ip rcmd remote-username cwuser Note: The value of <remote-username> and <local-username> entered in the device should match the RCP User value provided in the LMS server. rcp must be enabled on the network devices—rcp can be enabled only on devices running Cisco IOS as shown in the following sample commands: username cwuser password 7 000C1C0A05 ip rcmd rcp-enable ip rcmd remote-host cwuser 172. SSH configuration requires that the domain name must be configured. In case of multiple servers. All rights reserved. use TACACS. For LMS to be able to provide configuration and software management using rcp. this parameter is the IP address of the remote Syslog Analyzer and Collector.Deployment Guide Cisco IOS The following example configures SSH control parameters on a router running Cisco IOS: ip ssh timeout 120 ip ssh authentication-retries 3 Catalyst OS The following examples configure SSH in Catalyst OS: (enable) set crypto key rsa 1024 (enable) set ipNote: Note: For greater access control and logging facilities.

Page 12 of 64 . Enabling or Disabling CDP on Cisco IOS Devices CDP is enabled on Cisco IOS devices by default. Campus Manager can discover the network topology only when CDP is enabled on those devices. To enable CDP capability on IOS devices use the following commands. All rights reserved. This document is Cisco Public Information. Since it is a Layer 2 protocol. Enabling CDP on devices allows Campus Manager to learn information about neighboring devices. Enabling or Disabling CDP on Cisco Catalyst OS Devices CDP is enabled on Cisco Catalyst OS devices by default.Deployment Guide value can be reset by traversing through the following user interface links in the LMS server: CWHP > Common Services > Server > Admin > System Preferences. these packets (frames) are not routed. CDP is a Cisco proprietary Layer 2 protocol that is media and protocol independent. To enable CDP capability on Catalyst OS devices use the following commands. Campus Manager will use the following protocols in their respective technology: ILMI in LANE/ATM networks and ELMI on Stratacom Frame Relay networks. Inc. Configuring Protocols This section describes the basic configuration procedures for the following protocols: ● Cisco Discovery Protocol (CDP) ● Remote Copy Protocol (rcp) ● Secure Copy Protocol (scp) ● HTTP and HTTPS Protocols ● Multiple Spanning-Tree Protocol (MST) ● Multiple Instance Spanning-Tree Protocol (MIST) ● Per-VLAN Spanning Tree Protocol (PVST+) ● VLAN Trunk Protocol (VTP) Cisco Discovery Protocol (CDP) Cisco Campus Manager uses Cisco Discovery Protocol (CDP) to discover Cisco devices on the network. To enable CDP globally: set cdp enable To enable CDP on specific ports only: set cdp enable [mod/port] All contents are Copyright © 1992–2008 Cisco Systems. To enable CDP globally: cdp run To enable CDP on specific interfaces only: cdp enable Use the no command to disable CDP capability on Cisco IOS devices. and runs on all Cisco-manufactured equipment. A Cisco device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighbors. and to send SNMP queries to those devices.

For related information. but not encryption. The data that the client and server transmit to each other is not encrypted. do not enable CDP on links that are connected to non-Cisco devices. they will appear on the Campus map. for client connections. please refer to this URL: ● Configuring CDP on Catalyst 6500 Series switches: http://www. All rights reserved. To enable and configure a Cisco router for SCP server-side functionality. This document is Cisco Public Information. Page 13 of 64 . for example. Inc..cisco. Note: You may skip this step if a network-based authentication mechanism—such as TACACS+ or RADIUS—has already been configured.9186a00801a5b18. Enter your password if prompted.] aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} [method1 [method2. a connection to the Internet and end-host connection ports on access switches. Step 2: Router#configure terminal Enters global configuration mode. therefore. Secure Copy Protocol (scp) The Secure Copy feature was introduced in Cisco IOS 12. This leaves communication between clients and servers vulnerable to interception and attack.. Syntax: username name [privilege level] {password encryption-type encrypted-password} Step 7: Router (config)# ip scp server enable Enables SCP server-side functionality. use the set cdp disable command..]] Step 6: Router (config)# username superuser privilege 2 password 0 superpassword Establishes a username-based authentication system. Enabling http Mode Use the following command to enable http mode: ip http server All contents are Copyright © 1992–2008 Cisco Systems. Note: Certain non-Cisco devices support CDP. To protect from CDP DoS attacks.Deployment Guide To disable CDP on Catalyst OS devices.com/en/US/products/hw/switches/ps708/products_configuration_guide_cha pter0. The exec keyword runs authorization to determine if the user is allowed to run an Exec shell.2(2)T. Step 4: Router (config)#aaa authentication login default group tacacs+ Enables the AAA access control system. Tip: Do not run CDP on links that don’t need to be discovered by Campus Manager. If you enable CDP on the Cisco devices connected to non-Cisco devices. Complete syntax: Router (config)# aaa authorization exec default group tacacs+ Sets parameters that restrict user access to a network.html. Syntax: Step 5: aaa authentication login {default | list-name} method1 [method2. you must use it when you configure SCP.. Step 3: Router (config)#aaa new-model Sets AAA authentication at login. perform the following steps: Command Description Step 1: Router> enable Enables privileged EXEC mode. HTTP and HTTPS Servers The Cisco IOS HTTP server provides authentication.

openssl.20 By default. Step 4. Use the following commands to set the configuration and the revision number: ● set spantree MST configuration name <name> ● set spantree MST configuration revision <revision-number> Instances 1 to 15 operate only within the MST region. Inc. Define the VLAN-to-instance mappings. MST copies the port state from the IST. All contents are Copyright © 1992–2008 Cisco Systems. MST configuration name.6 release. another spanning-tree protocol. This document is Cisco Public Information. to put VLANs 1 to 10 and 20 into instance 10. such as PVST+. To enable HTTPS mode in a VPN 3000 concentrator. and other MST regions to form a loop-free topology. It uses Secure Sockets Layer (SSL)1 and Transport Layer Security (TLS) to provide device authentication and data encryption. Step 4 Commit the MST configuration to apply it on the switch. Use the following command: set spantree MST config commit 1 This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. such as Per-VLAN Spanning-Tree + (PVST+).org/. Note: Mapping a VLAN to an instance does not take effect until the configuration is committed. all VLANs are mapped to instance 0. Note: As of the LMS 2. Step 3. If any of these three fails. Enable MST on the Cisco switch. Use the following command to map VLANs to an instance: set spantree MST instance vlan <vlans> For example. For more details please visit the following website: http://www. HTTPS mode is supported only for Cisco VPN 3000 Series Concentrators. Use the set spantree mode mst command to set the spanning tree mode on the switch to MST. Step 3 Define the MST configuration name and revision number. Note: Before you can disable MST. Common Spanning-Tree (CST).1s): Step 1. and MST revision number. which communicates with the other spanning-tree protocols. access the following URL: http://www. Page 14 of 64 . you would enter this command: set spantree MST 10 vlan 1-10. MST-enabled switches form an MST region only if they have a matching VLAN-to-IST mapping.Deployment Guide The Secure HTTP (HTTPS) feature provides the capability to connect to the Cisco IOS HTTPS server securely.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter0 9186a008015ce28.html#999607. Step 2. the port will be flagged as a boundary port. must be configured. Configuring Multiple Spanning-Tree Use the following procedure to configure Multiple Spanning-Tree (MST) (802.cisco. On the boundary of the MST region. All rights reserved.

use the following command: set spantree portpri 2/12 40 All contents are Copyright © 1992–2008 Cisco Systems.cisco. the possible port cost range is from 1 to 200000000. The port with the lowest priority value forwards frames for all VLANs. the port with the lowest port number forwards frames. You can set 16 possible bridge priority values: 0. Page 15 of 64 . Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. The possible port priority values are from 0 to 63. Configure the MISTP bridge ID priority. 32768. 49152. 28672. To set the bridge ID priority. refer to the following URL: http://www. use this command: set spantree mode mistp Step 2. use the set spantree MST rollback force command. 20480. 24576. You can configure the port cost of switch ports. Step 1. If all ports have the same priority value.html. 53248. use this command: set spantree priority 8192 mistpinstance 1 Step 3. 4096. You can set the bridge ID priority for an MISTP instance when the switch is in MISTP or MISTP-PVST+ mode. use this command: set spantree portcost 2/12 22222222 Step 4. the possible cost range is from 1 to 65535. use the set spantree MST rollback command. ● When using the short method for calculating port cost. Configure the MISTP port priority. 40960. To set the port cost. the ID of the MISTP instance) to create the bridge ID priority. To set the spanning-tree mode on the switch to MST. Configure the MISTP port cost. This document is Cisco Public Information. You can configure the port priority of switch ports. Step 1 Enable MISTP on the switch.Deployment Guide ● If you find that you need to discard all edits made since the last commit. ● When using the long method for calculating port cost. 12288. For related configuration information. All rights reserved.com/warp/public/473/123. 45056. The ports with lower port costs are more likely to be chosen to forward frames. 8192. To set the port priority. 36864. ● If you need to clear changes to the MST configuration made by someone else using another session. the default is 32. The default cost differs for different media. The bridge priority value is combined with the system ID extension (that is. 16384. Inc. 57344. Configuring Multiple Instance Spanning-Tree Use the following steps to configure Multiple Instance Spanning-Tree (MISTP). and 61440.

The port with the lowest priority value forwards frames for all VLANs. 28672. 49152. When the switch is in PVST+ mode without MAC address reduction enabled. 53248.Deployment Guide Configuring Per-VLAN Spanning Tree+ Per VLAN Spanning Tree Plus (PVST+) maintains a spanning tree instance for each VLAN configured in the network and allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs. To set the port cost. If all ports have the same priority value. Page 16 of 64 . the possible port cost is from 1 to 65535. the port with the lowest port number forwards frames. To configure Per-VLAN Spanning Tree+. 12288. it has the ability to load balance traffic (at Layer 2) by forwarding some VLANs on one trunk and other VLANs on another trunk without causing a Spanning Tree loop.1Q trunking technology rather than ISL. The bridge ID priority is the priority of a VLAN when the switch is in PVST+ mode. Since PVST +treats each VLAN as a separate network. you can enter a bridge priority value between 0 to 65535. The VLAN bridge ID priority is then set to that value. PVST+ is an enhancement to the 802. 8192. The ports with lower port costs are more likely to be chosen to forward frames. Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. The bridge priority is combined with the system ID extension (that is. Configure the PVST+ bridge ID priority. To set bridge ID priority. the ID of the VLAN) to create the bridge ID priority for the VLAN. The default is 32. Enable PVST+ on the switch.1Q specification and is not supported on non-Cisco devices. enter this command: set spantree priority 30000 1 Step 3. To set the spanning tree mode to pvst+. 20480. 24576. This document is Cisco Public Information. 4096. Inc. The possible port priority value is 0 to 63. 57344. It uses 802. 16384. All contents are Copyright © 1992–2008 Cisco Systems. ● When using the short method for calculating port cost. 40960. use the following command: set spantree portcost 2/3 12 Step 4. the possible port cost is from 1 to 200000000. you can enter one of 16 bridge priority values: 0. When the switch is in PVST+ mode with MAC address reduction enabled. You can configure the port priority of switch ports in PVST+ mode. ● When using the long method for calculating port cost. All rights reserved. 36864. Configuring PVST+ port cost You can configure the port cost of switch ports. 45056. The default cost differs for different media. follow these steps: Step 1. enter this command: set spantree mode pvst+ Step 2. 32768. or 61440. Configure PVST+ port priority.

com/en/US/products/hw/switches/ps679/products_configuration_guide_cha pter09186a008007eeeb.cisco. Table 1.cisco.10 Trunks: http://www.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac. ● Configuring STP and IEEE 802.htm ● Spanning Tree Protocol Problems and Related Design Considerations: http://www. Inc.1D) Port VLAN priority Same as port priority but configurable on a per.cisco.html ● Financial Services Design for High Availability: http://www.Deployment Guide To set port priority.html#71577 Default Values for PVST+ Configuration Table 1 shows the default PVST+ configuration values in Cisco Catalyst 6000 devices. This reduces the need to configure the same VLAN everywhere.cisco. When you configure a new VLAN on one VTP server.com/en/US/tech/tk828/technologies_white_paper09186a008015a8ad. All rights reserved.shtm l ● Configuring Spanning-Tree Bridging for the Cisco Catalyst Switch: http://www.cisco. Page 17 of 64 . VTP is a CiscoAll contents are Copyright © 1992–2008 Cisco Systems.1s MST: http://www.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_ch apter09186a00801ee706.VLAN basis in PVST+ Port VLAN cost Same as port cost but configurable on a per.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/spantree. Default PVST+ Configuration Values for Catalyst 6000 Switches Feature Default Values VLAN 1 All ports assigned to VLAN 1 Enable state PVST+ enabled for all VLANs MAC address reduction Disabled Bridge priority 32768 Bridge ID priority 32769 (bridge priority plus system ID extension of VLAN 1) Port priority 32 Port cost ● Gigabit Ethernet: 4 ● Fast Ethernet: 191 ● DFFI/CDDI: 10 ● Ethernet: 1002 Default spantree port cost mode Short (802. This document is Cisco Public Information.s html ● Configuring FDDI 802. use this command: set spantree portpri 2/3 16 For More Information on the Spanning Tree Protocol The following links provide more information on Spanning Tree Protocol setup and recommendations. the VLAN is distributed through all switches in the domain.VLAN basis in PVST+ Maximum aging time 20 seconds Hello time 2 seconds Forward delay time 15 seconds Configuring VLAN Trunk Protocol (VTP) Virtual LAN (VLAN) Trunk Protocol (VTP) reduces administration in a switched network.

VTP is used to configure and communicate VLAN settings across multiple switches. use the following commands. Note: This protocol should be enabled and configured as part of the overall network design. VTP’s major benefit of providing uniform VLAN creation across multiple switches may be outweighed by the drawbacks of the same thing it’s supposed to simplify. All contents are Copyright © 1992–2008 Cisco Systems. The description of the modes is as follows: ● Server: Switch will maintain and communicate VLAN settings to all other switches in the VTP domain. and delete VLANs via the topology services application. Another major risk of the VTP client/server model is the possibility of new server versioning overriding the existing VTP Server and deleting VLANs unknown to the new master server from all switches within that domain. Each switch can be in only one VTP domain: set vtp domain <name> set vtp mode <client | server | transparent> set vtp v2 <enable | disable> Note: The set vtp v2 command is required for Token Ring networks. ● Transparent: Switch will not participate in VLANs advertised by server. A VTP domain must be established and the VTP mode must be defined on each device. This section is included for reference purposes only. modify. Discovering VLANs established on a switch using VTP Transparent mode is supported from Campus Manager 3. Page 18 of 64 . instead of the command line.1. and they cannot both run in the same domain. create. VTP versions 1 and 2 are not compatible. ● Client: Switch will synchronize VLAN configuration with advertisements received from VTP servers. In addition. All rights reserved. This does pose the risk of unenforced STP and its issues cross multiple switches. VTP must be configured on all switches in order to manage VLANs via Campus Manager.) Then Campus Manager can be used to view.Deployment Guide proprietary protocol that is available on most of the Cisco Catalyst Family products. and forward advertisements to neighbors. Inc. To set a VTP domain and the mode on a Cisco Catalyst switch. This document is Cisco Public Information. Any VLANs configured on a transparent switch will be local to that switch only. Though some of these risks can be reduced by VTP Authentication. VTP v2 must be used on Token Ring networks.x) instead of the typical VTP server/client model. at least one switch in each VTP domain must be defined as a VTP server in order for Campus Manager to create VLANs in that domain. which is the automatic extension of VLANs of all switches in a domain. General suggestions for enterprises preferring a cautious approach may include making use of VTP Transparent or VTP off (Catalyst OS 7. (The old restriction of requiring at least one server in a VTP domain to identify VLANs has been removed. but will forward advertisements to neighbors. Best Practice Recommendations The campus best practice recommendations emphasize campus stability and predictability (especially for protocols such as STP). Spanning tree is not a poor protocol—it’s the protocol’s defaults that are not ideal.

All contents are Copyright © 1992–2008 Cisco Systems.html. Enabling Trunking on Catalyst Switch Ports This protocol should be enabled and configured as part of the overall network design. You can use the optional vlans parameter to specify a specific range of VLANs to be allowed across the trunk (valid ranges are from 1 to 1005). ports on each side of the link must be set to trunk ports. To enable trunking on a Catalyst Switch port. This section is included for reference purposes only.1Q is the industry-standard protocol for performing the same function. In order to perform trunking.1Q protocol must be enabled. IEEE 802. IEEE 802.com/warp/public/473/21. the added complexity of these is not really worth it. Page 19 of 64 .1Q must be used on Token Ring networks. between two switches or a switch and a router. go to “Understanding and Configuring VLAN Trunk Protocol (VTP)”: http://www. For example: set trunk 2/1 on 2-10 For more information. Trunking is a method of carrying traffic for multiple VLANs over the same link. and VTP Pruning. use the following command: set trunk <module/port> on [vlans] This establishes the specified module/port as a trunk port and enables the ISL protocol. thus extending the VLANs across the network. This document is Cisco Public Information.cisco. Inc.Deployment Guide Trunk Clearing. and the Inter-Switch Link (ISL) or IEEE 802. All rights reserved. ISL is a Cisco proprietary protocol used to combine traffic from multiple VLANs over one link.

The backup partition should allow for multiple revisions. DFM. Backup partitions need to be large enough to store all application databases (for example. All contents are Copyright © 1992–2008 Cisco Systems. and the number of software images. Cisco also recommends that you verify all backups that may be needed in the future. This document is Cisco Public Information.) as well as device configurations. ● /tftpboot partition This partition holds configurations and software image images as they are downloaded from or uploaded to devices. The size grows in proportion to number of devices. software images. ● /var/adm/CSCOpx partition This partition holds log files. Table 2. and exported reports. Recommended Solaris Disk Layout The following layout for the Solaris disk is recommended: ● /opt/CSCOpx partition This partition holds application executables.S. or preferably. All rights reserved.8) and Solaris 9 (Solaris 2.9) Disk Space 20 GB or more free space for LMS applications and data Swap Space ● 4 GB swap space for Restricted license ● 8 GB swap space for Unrestricted license • UNIX file system recommended1 We recommend that you set swap space to twice the size of RAM. software images. on a separate disk. ANI. and the number of syslog messages. libraries. Component Recommended Server Requirements for Solaris Systems Recommended Server System Requirement ● Sun UltraSPARC IIIi or Sun UltraSPARC IIICu for Restricted license ● Dual Sun UltraSPARC IIIi or dual Sun UltraSPARC IIICu for Unrestricted license CPU ● Sun UltraSPARC IV ● 2 GB for Restricted license ● 4 GB for Unrestricted license RAM Software Solaris 8 (Solaris 2. 1 To verify the amount of available disk space in each of the specified partitions and directories. enter: df –k at the command prompt. and database files. amount of availability data. Backup Recommendations Cisco recommends that you store backups on a separate partition. Solaris OS Installation Requirements This section discusses the LMS requirements to install on the Solaris operation system. English and Japanese versions of the Windows and Solaris operating systems. Page 20 of 64 . verbosity of debugs. This partition must be large enough to handle the biggest SWIM job. device configurations. and user accounts. RME. Inc. Cisco LAN Management Solution 2. The growth of the partition depends on the number of archived configurations.Deployment Guide 3.6 Installation Requirements Cisco LAN Management Solution installation is supported in the U.

6 on an NTFS file system.8 GHz Intel Pentium 4 or 2.8 GHz Intel Xeon processor for Unrestricted license RAM ● 2 GB for Restricted license ● 4 GB for Unrestricted license Software1 2 3 Any one of the following: • Windows 2000 Professional with Service Pack 44 ● Windows 2000 Server with Service Pack 4 ● Windows 2000 Advanced Server with Service Pack 4 ● Windows Server 2003 Standard and Enterprise Editions with Service Pack 1 ● Windows 2003 R2 Server Standard and Enterprise Editions LAN Management Solution 2.3. All contents are Copyright © 1992–2008 Cisco Systems. However. Do not install LMS 2. The file system field appears in the General tab of the Properties dialog box. Install the LMS 2.0. Step 5.3. Installation might proceed in other locales. All rights reserved. open My Computer on the Windows desktop. Step 4.0. 5 Install LMS 2.6 on a system with Internet Information Services (IIS) enabled is not supported.3. Note: The only requirement is to install CiscoWorks Common Services 3.3 before installing any other application.6 applications on a system with Terminal Services enabled in Application mode is not supported. 3 Installation of LMS 2.6 Update.8 GHz Intel Xeon processor for Restricted license ● Dual 2. To verify the file system. then enter winver. IIS Service must be disabled on the server before installing the LMS 2. select Start > Run.See http://www. This document is Cisco Public Information.0. Recommended Order for Installing LMS Applications The recommended order for installing LMS applications is as follows.6 on a FAT file system.6 on a Windows 2000 operating system (all versions). 2 If you are using LMS 2. but there might be problems in the functionality of CiscoWorks. Inc. installation of LMS 2. Install CiscoWorks Common Services 3.6. Install Device Fault Manager 2.8 GHz Intel Pentium 4 or dual 2.6 applications on a system with Terminal Services enabled in Remote Administration mode is supported.3. Install Campus Manager 4. Step 1. Disk space Swap space 20 GB or more free space for LMS applications and data ● 4 GB virtual memory for Restricted license ● 8 GB virtual memory for Unrestricted license • NTFS file system5 required We recommend that you set virtual memory to twice the size of RAM. Recommended Server Requirements for Windows Systems Table 3.0. 4 To verify the Service Pack version on Windows. Install Resource Manager Essentials 4. Install Internetwork Performance Monitor 2. Step 2. Step 6.com/support/processors/sb/CS-017343.0. Component Recommended Server System Requirement CPU ● 2. Set the default locale to US-English for the US-English version and Japanese for the Japanese version. right-click the drive and select Properties from the popup menu. disable Hyper-Threading Technology (HTT). There is no need to follow the order recommended above if you are installing just one application in the CiscoWorks machine. Page 21 of 64 .htm.6 applications.Deployment Guide Windows OS Installation Requirements This section discusses the LMS requirements to install on the Windows operation system. 1 Installation of LMS 2.6 supports only the US English and Japanese versions of these operating systems. Step 3.intel.

such as OGS. RME Server Internal TCP 49 TACACS+ and ACS CiscoWorks Common Services. and DFM Server to Device TCP 22 Secure Shell (SSH) CiscoWorks Common Services and RME Server to Device TCP 23 Telnet CiscoWorks Common Services. Inc. and CM Server to Client TCP 1741 CiscoWorks HTTP Protocol CiscoWorks Common Services.Deployment Guide Ports Used by LMS Applications The following table lists the ports used by the various CiscoWorks components. and CM Client to Server TCP 1684 IIOP CiscoWorks Common Services. CiscoView Client to Server TCP 443 CiscoWorks HTTP server in SSL mode CiscoWorks Common Services Sever Internal TCP 514 Remote Copy Protocol CiscoWorks Common Services Server to Device TCP 1683 Internet Inter-ORB Protocol (IIOP) CiscoWorks Common Services. This document is Cisco Public Information. CiscoView. and RME Client to Server TCP 1783 IIOP for IPM Gatekeeper IPM Client to Server TCP 1784 IIOP for IPM Gatekeeper IPM Client to Server TCP 8088 HIOP CiscoWorks Common Services Server to Client Client to Server TCP 8898 Log Server DFM TCP 9007 Tomcat shutdown CiscoWorks Common Services Server Internal TCP 9009 Ajp13 connector used by Tomcat CiscoWorks Common Services Server Internal TCP 9088 HIOP port for IPM IPM gatekeeper Server Internal Server to Client Client to Server TCP 9191 HIOP port for IPM Gatekeeper IPM Server Internal TCP 9192 IIOP port for IPM Gatekeeper IPM Server Internal TCP 9193 IIOP port for IPM Gatekeeper IPM Server Internal TCP 9194 HIOP port for IPM Gatekeeper IPM Server Internal TCP 15000 Log server DFM Server Internal TCP 4005040070 CSTM ports used by CS applications. All rights reserved. Device and Credential Repository (DCR) CiscoWorks Common Services Server Internal TCP 40401 LicenseServer CiscoWorks Common Services Server Internal All contents are Copyright © 1992–2008 Cisco Systems. CM. Page 22 of 64 . Table 4. CiscoView. and RME Server to Device TCP 25 Simple Mail Transfer Protocol (SMTP) CiscoWorks Common Services (PSU). RME. CM. LAN Management Solution Port Usage Protocol Port Number Service Name Application(s) Direction (of Establishment) of Connection ICMP 7 Ping RME. and DFM Server to ACS TCP 80 HyperText Transfer Protocol (HTTP) CiscoWorks Common Services.

CiscoView. and DFM SNMP Traps (Standard Port) CiscoWorks Common Services. Server Internal Page 23 of 64 . and DFM UDP UDP 161 162 Server to Device Device to Server Server to Device Device to Server Server to Device Device to Server UDP 514 Syslog CiscoWorks Common Services and RME Device to Server UDP 9000 DFM trap receiving (if port 162 is occupied) DFM Client to Server UDP 9002 DFM trap listening DFM Client to Server UDP 14004 Lock port for ANI Server singlet on check CM Server Internal UDP 16236 UT Host acquisition CM Device to Server UDP 42342 OSAGENT CiscoWorks Common Services Server Internal (Common Services) UDP 42350 Event Services Software (ESS) (Alternate port is 44350/udp) CiscoWorks Common Services All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide TCP 42340 CiscoWorks Daemon Manager Tool for Server Processes CiscoWorks Common Services Server Internal TCP 42344 ANI HTTP Server CiscoWorks Common Services Server Internal TCP 42351 Event Services Software (ESS) Listening (Alternate port is 44351/tcp) CiscoWorks Common Services Server Internal TCP 42352 ESS HTTP (Alternate port is 44352/tcp) CiscoWorks Common Services Client to Server TCP 42353 ESS Routing (Alternate port is 44352/tcp) CiscoWorks Common Services Server Internal TCP 43441 CMF Database CiscoWorks Common Services Server Internal TCP 43455 RME Database RME Server Internal TCP 43443 ANIDbEngine CM Server Internal TCP 43445 Fault History Database DFM Server Internal TCP 43446 Inventory Service Database DFM Server Internal TCP 43447 Event Promulgation Module Database DFM Server Internal TCP 4350043530 CSTM Port for DFM DFM Server Internal TCP 44341 IPM Database IPM Server Internal TCP 44342 IPM Name Server (OSAGENT) IPM Client to Server (Applicable to IPM standalone client) TCP 4700047040 CSTM Port for RME RME Server Internal TCP 5500055020 CSTM Port for Campus Manager CM Server Internal TCP 57860 JRun . CM. RME. All rights reserved. This document is Cisco Public Information.JRun Server Manager Control Server CiscoWorks Common Services Server Internal UDP 69 Trivial File Transfer Protocol (TFTP) CiscoWorks Common Services and RME Simple Network Management Protocol (SNMP) CiscoWorks Common Services. Inc.

All contents are Copyright © 1992–2008 Cisco Systems. License File When you register your LMS purchase on the product licensing area of Cisco. Page 24 of 64 . You need to provide your PAK to receive your license file.com/go/license If you are not a registered user of Cisco. Inc. ● If you have received LMS as an evaluation copy.cisco. use the PIN to proceed with the installation. If the licensing information is provided during the installation of the first LMS application. not necessarily only at the time you install the product. get your license file from: http://www. This document is Cisco Public Information. Table 5.com. If a PIN only is entered. ● The first LMS application you install will prompt you to provide the LMS licensing information. or the PIN and PAK. You may obtain and install your license key at any time while you are working on LMS.com. If an authenticated license cannot be obtained during installation. you will not be prompted to register your PIN/PAK during the process. Product Authorization Key (PAK) The PAK is printed on the software claims certificate. LMS will run normally. you will receive a license file.Deployment Guide Licensing Terminology and Process3 The section describes the LMS 2. Licensing Items of Note ● When you first install CiscoWorks Common Services 3. use this site to get your license file: http://www.cisco. then it need not be provided during the installation of the other applications.com/go/license/public.com. you need not register the product during the 90-day evaluation period. All rights reserved.0. Licensing Terminology Licensing Term Description Product Identification Number (PIN) The PIN is printed on the software claims certificate. but you will be periodically be reminded to complete the license process. If you are a registered user of Cisco. Use the PAK to get a license from Cisco.com. The LMS installation program prompts you to enter the license file.6 software-based product registration and license key activation terminology and technologies. The LMS installation program prompts you to enter the PIN during installation.

This document is Cisco Public Information. choose Device Management > Device Selector. and fault monitoring on the modified devices. In response to the device updates. performance monitoring. Hence all devices added in DCR will automatically be managed in CM. and credential updates) from DCR. All devices added in DCR will automatically be managed in DFM. the applications may do data collection. Device Fault Manager. Application Mode Settings in LMS Applications Application mode settings are available in LMS applications to help control the flow of device and credential information to the applications from the Device Credential and Repository (DCR). All contents are Copyright © 1992–2008 Cisco Systems. ● Device Fault Manager (DFM): By default. Devices imported into Device Credential Repository (DCR) will be automatically added in RME. unless filters (such as IP address range or VTP domain) have been set up to override the application mode. b. In Auto Synchronize mode. delete and credential updates) from DCR.Deployment Guide 4. All rights reserved. DFM is also set up in an Auto Synchronize mode. the LMS applications (Campus Manager. The application mode in CM cannot be disabled. From Resource Manager Essentials. Note: Please note that you must specify the application mode in each of the applications user interfaces. This chapter also provides information on the default settings in the applications and how to update the application settings for easier management of devices across the LMS server. the LMS applications will automatically get device updates (device add. ● Internetwork Performance Monitor (IPM): IPM source and data collectors can be set up after DCR has been populated. To disable Auto Synchronize mode in RME: a. Deselect the Synchronize with Device Credential Repository option. Initial Setup of the LAN Management Solution 2. To disable Auto Synchronize mode in DFM: a. Then deselect the Automatically Manage Devices from Credential Repository option. From the Device Fault Manager. ● Campus Manager (CM): CM by default is in Auto Synchronize mode. ● Resource Manager Essentials (RME): By default. The two LMS application modes are: ● Manual mode ● Auto Synchronize mode In Manual mode. choose Administration > Device Management. delete. Page 25 of 64 . Inc. Resource Manager Essentials and Internetwork Performance Monitor) will not automatically get device updates (device add.6 Server This chapter will guide you through the initial setup of the LAN Management Solution server. RME is in Auto Synchronize mode. b.

Configuration Management You can set the protocols and order for Configuration Management applications such as Archive Management. To set up protocol ordering for Config Management: Step 1. Click Software Mgmt.Deployment Guide Note: For easier management of devices across all LMS applications. Manual mode should be enabled. When multiple CiscoWorks servers are installed and a large number of devices are to be managed between the CiscoWorks servers. Page 26 of 64 . Select the desired application from the Application Name drop-down list. Step 3. Network administrators can assign the protocols to be used in RME for Configuration Management and Software Management. Protocol Setup RME also uses various protocols for configuration and software management. and NetConfig jobs to download configurations and to fetch configurations. two instances of RME installed in two different servers can be managing the same set of devices. Select View/Edit Preferences from the Table of Contents. Config Editor. Config Editor. All rights reserved. then click Apply. This document is Cisco Public Information. From Resource Manager Essentials. If Auto Synchronize mode is enabled for RME to get devices from the DCR. and NetConfig. The available protocols are: ● Telnet ● TFTP (Trivial File Transport Protocol ● RCP (Remote Copy Protocol) ● SSH (Secure Shell) ● SCP (Secure Copy Protocol) ● HTTPS (Hyper Text Transfer Protocol Secured) Set Up Protocol Ordering Protocol ordering can be set up for these configuration applications: Archive Management. Step 2. All contents are Copyright © 1992–2008 Cisco Systems. Note: For secure communication between the server and a device. Step 2. use SSH. Step 3. choose Administration > Config Management. it is advisable to leave Auto Synchronize mode enabled. Use the Add and Remove buttons for selecting the protocol order. Select the protocol order by clicking Add or Remove. User intervention is required to select dissimilar set of devices to be managed by the two RME servers. Inc. To order the Software Management protocol: Step 1.

Page 27 of 64 . The supported protocols are: RCP. Step 3. From Resource Manager Essentials. A peer server account should have the System Identity user information of other CiscoWorks servers. ● Secure browser client communication to the server. A system identity user is set up by default when the CiscoWorks server is installed. Step 3. Step 2. Step 3. This document is Cisco Public Information. Use the Add and Remove buttons for selecting the protocol order. If the first protocol in the list fails. until Software Management finds a transport protocol for downloading the images. Edit the necessary details. LMS 2. All rights reserved.6 provides the following security features: ● Secure the user access to devices. Create a peer server account as described here and provide the credential information to the third-party user. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. every CiscoWorks server needs to have a peer server account set up. Inc. Setting Up a Peer Server Account If a CiscoWorks server has to exchange information (such as device credentials) with other CiscoWorks servers. In the View/Edit Preferences dialog box. Peer server accounts can also be used for providing access to a third-party application to access the CiscoWorks server and authenticate and authorize it. To define the protocol order that Software Management has to use for software image download: Step 1. Software Management uses the first protocol in the list.Deployment Guide Software Image Management Software Management downloads software images based on the protocol order specified. All contents are Copyright © 1992–2008 Cisco Systems. While downloading the images. choose Administration > Software Mgmt > View/EditPreferences. Select the System Identity Setup link. Step 2. define the protocol order. Select the Peer Server Account Setup link. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. these jobs use the second protocol and so on. Setting Up the System Identity User To view the System Identity User default settings or to change the default settings: Step 1. Certificate Setup Every CiscoWorks server needs to have a System Identity user set up for system processes to use while performing background tasks that are not user initiated. Setting Up Security By integrating with the Cisco Secure ACS server. Step 2. TFTP. To set up a peer server account: Step 1. SCP and HTTP. Create the System Identity user as described in the previous section.

or router. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. choose Add Entry. authorization. a. Add a System Identity User as a registered user in the ACS Server. Figure 3 shows the AAA client model. Inc. from the Network Configuration menu. If there are third-party applications integrating with the LMS server. Step 3. Step 6. Step 7. To add the CiscoWorks LMS server(s) as AAA client(s) of the ACS server.Deployment Guide Step 4. choose TACACS+.0 integrates with ACS server to leverage the AAA functionality for restricting user access to devices. Assign the CiscoWorks LMS server(s) to a new NDG group. follow these steps: Step 1. Make sure that the System Identity users of the other CiscoWorks servers are created. create a peer server account for this purpose because the third-party applications do not need to know the System Identity Setup credentials. Figure 3. follow these steps: Set Up the System Identity and Peer Server Account Users in the LMS Server To ensure that the System Identity User is set up: Step 1. For the Authentication method. Log in to the ACS Server. Setting up the Cisco Secure Access Control Server Cisco Secure Access Control Server provides authentication. To do this. PIX Firewall. To create a new NDG group. Step 5. Page 28 of 64 . and accounting (AAA) services to network devices that function as AAA clients. such as a network access server. Specify a secret Key. This document is Cisco Public Information. Common Services provides a way to configure secondary and tertiary ACS servers to support redundancy. Step 2. Provide the IP address and host name of the CiscoWorks LMS server(s) that you are going to set up. Step 8. Set Up the ACS Server To set up the Access Control Server. Step 3. Step 2. choose Add Entry. navigate to User Setup. Integrating LMS Servers with ACS To integrate LMS servers with ACS. All contents are Copyright © 1992–2008 Cisco Systems. Select the System Identity Setup link. from the Network Configuration menu. All rights reserved. AAA Client Model Common Services 3. Step 4.

follow these steps: Step 1. and Shared Secret Key Note: These values for these fields must be the same as the values entered in the ACS server. Enter the username. Note: The System Identity User is quite unique and not the same as any other user created in the ACS server.d/dmgtd stop command or the /etc/init. Navigate to Common Services Panel in CiscoWorks Home Page. then click Add/Edit. This document is Cisco Public Information. Page 29 of 64 . Resource Manager Essentials. Select the User Group. Navigate to Group Setup. Step 3. Step 5. enter the /etc/init. Step 4. Set Up the LMS Server to Communicate with the ACS Server To set up the LMS server to communicate with the ACS server. Note: The same procedure must be done to add any other peer server username (especially the user created for third-party applications) to the ACS server. Step 3. enter the password for the user. To configure Common Services to be in ACS login mode. The only difference between this setup and the peer server user setup is that the peer server username need not be assigned an Administrator privilege to the NDG group. Inc. enter either the net stop crmdmgtd command or the net start crmdmgtd command. c. follow these steps: Step 1. Browse to the applications CiscoWorks. Step 2. Add the group to Default Group. Step 4. ● If using a Solaris server. Device Fault Manager and CiscoWorks Campus Manager. Step 9. Step 2. Click Edit Settings. then click Submit (located on the lower frame). Restart the LMS server. and provide System Administrator privilege for the device group containing the LMS server. All rights reserved.Deployment Guide b. Configure the System Identity User in the ACS Server In this procedure. All contents are Copyright © 1992–2008 Cisco Systems. ● If using a Windows server. Note: Make sure the user is created with the same password as the password specified for the LMS servers. CiscoView. ACS Admin User Name and Password.d/dmgtd start command. Enter the primary ACS server IP address. Log in to LMS server. In the User Setup section. To configure the System Identity User in the ACS server. you will learn how to assign a System Administrator privilege to the User Group on the Device Group to which the LMS server is assigned. choose Server > Security > AAA Mode Setup > Select ACS Type.

click Group Setup. To change the task to role mapping. Log in to the ACS server. Step 1. click Group Setup. Setting Permissions for Performing Tasks on Devices If a Security Administrator wants to restrict a user to performing only a selected set of tasks (for example tasks t1. User Groups and Assign Roles to Network Device Groups in the ACS Server To create Network Device Groups. All rights reserved. click Shared Profile Components (in the navigation bar on the left). t2 and t3. etc. To add users to User Groups. Click Shared Profile Components.) on the various Network Device Groups. Network Administrator. Step 5. follow these steps: Step 1. To assign User Groups permissions (System Administrator. Step 1. Step 5. Page 30 of 64 . you can click CiscoWorks Common Services. Set up the Cisco Secure ACS server as described in “Setting Up the Cisco Secure Access Control Server” section on page 28. Step 4. Choose the application for which you need to set the task to role mapping. Log in to the ACS server. Make sure that a role (for example Network Administrator) is available so that it has permissions to perform only the restricted list of tasks. and assign roles to those groups. Step 3. and t3) on a device in the LMS server. For example. click Network Configuration (in the left navigation bar). Inc. then follow these steps. An ACS user can change the task to role mapping as required.Deployment Guide Configure the ACS Server to Change Default Permissions and Task to Role Mapping (Optional) There are five default roles defined by CiscoWorks: ● System Administrator ● Network Administrator ● Network Operator ● Approver ● Help Desk These roles are by default assigned permissions to various tasks in CiscoWorks. Put the LMS server(s) in ACS security mode Step 2. Step 3. then select an application that has tasks t1. then click Edit Settings. Step 2. Step 3. Step 2. To create Network Device Groups. Log in to the ACS server. t2. then click Users in Group. All contents are Copyright © 1992–2008 Cisco Systems. Create Network Device Groups. This document is Cisco Public Information. click on a user role and change the tasks assigned to that role. user groups. Add devices to the Network Device Group. Step 4.

Navigate to CWHP > Common Services > Server > Security > Multi Server Trust Management. t2 and t3 are present. then select the user group to which the user is assigned. Notes ● HTTPS communication will work only after restarting the LMS server. Step 1. Page 31 of 64 . Click Group Setup. ● To access the LMS server.d/dmgtd stop command or the /etc/init. Select Browser-Server Security Mode Setup. Step 7. Click Edit Settings. Enabling HTTPS on an LMS Server You can enable HTTPS on an LMS server to provide secure communication between the server and client.d/dmgtd start command. enter the /etc/init. The same link can be used to set up other CiscoWorks servers as slaves. Single Sign-On This task is optional and applicable in a multiple CiscoWorks server setup only. In SSO mode. All authentication is done by the master server for any access to slave or master servers. and t3 for this role. for example. One of the CiscoWorks servers should be set up as the authentication server. To setup Single Sign-on. ● To restart the LMS server. go to the application where the tasks t1. Step 3. This document is Cisco Public Information. Step 8. follow these steps: Step 1. Select Enable. Step 4. Step 2. Step 3. All contents are Copyright © 1992–2008 Cisco Systems. enter either the net stop crmdmgtd command or the net start crmdmgtd command. one of the CiscoWorks servers acts as the SSO Authentication server or master and all other CiscoWorks servers act as the slave or SSO regular server. Inc. Single Sign-on is the ability to log in into multiple computers or servers with a single action and the entry of a single password. ◦ If using a Solaris server. All rights reserved. Complete the security certificate setup described in the section above. SSL can be enabled on the server by going to Common Services > Server > Security > Single-Server Management. and assign the role Network Administrator to the user selected in the previous step. use https://server-url:1742. a user on a LAN or WAN requires access to a number of different servers. Click Network Administrator and enable only the tasks t1. ◦ If using a Windows server. Select the Single Sign-on Setup link. This is especially useful where. ● Any link and/or application registration will work fine after you change the CiscoWorks security mode from http to https. Choose the Master (SSO Authentication Server) mode. Step 2. t2.Deployment Guide Step 6.

Inc. select the SNMPV3 radio button. To populate SNMPv3. All rights reserved. page 33 ● Device Credentials Update. LMS is now ready to start importing devices for management. page 34 Campus Manager Device Discovery Campus Manager has the ability to discover Cisco devices present in the network using Cisco Discovery Protocol (CDP). This document is Cisco Public Information. Note: A seed device should generally be core device. If CDP is enabled on your network. To gather the list of devices. Populating Devices in Cisco LAN Management Solution 2. you can enter a single or multiple Seed Devices in Campus Manager. you musts first initiate the Device Discovery process. click Apply on the SNMP Settings screen. All contents are Copyright © 1992–2008 Cisco Systems. CDP should be enabled on the network. while the other is called Campus Data Collection. After editing the SNMP strings. Page 32 of 64 . To enter a seed device. A core switch (or switches) should be the seed device because this device will have a lot of CDP neighbors and this hastens the discovery process. Add or Edit the read community strings depending on the number of community strings configured in the network. follow these steps: Step 1. In LMS 2. Campus Manager populates the Device and Credentials Repository (DCR) with the list of discovered devices in the network.Deployment Guide 5. Information about the devices is fetched by Campus Manager only during the data collection process. page 32 ● Bulk Device Import to Device and Credentials Repository.6 Server” should complete the initial configuration on the LMS server.6. “Initial Setup of the LAN Management Solution 2. Step 2. Choose Administration. Device Discovery within Campus Manager uses seed devices to discover the network using CDP. Hence to have the ability to discover devices using Campus Manager. In the device discovery process. By default only the SNMPv2 read string is populated. Step 4. Devices can be populated in the LMS server through one of the three tasks listed below: ● Campus Manager Device Discovery. Step 5. Step 3. click the Discovery Settings link (under TOC). Note: Only the read community string needs to be entered in the SNMP Settings page. Campus Manager processing has been partitioned into two separate processes: one of the processes is called Device Discovery. Then select the SNMP Settings link. Defining a Seed Device in Campus Manager To define a seed device in Campus Manager.6 The tasks described in Chapter 4.

6. Refresh the page to update the device discovery status and verify the number of devices discovered when in Idle state. All rights reserved. devices in LMS would be populated only after Campus Manager Device Discovery has taken place. all device credentials can be provided along with the device name and IP address.Deployment Guide Step 6.x or IBM Tivoli NetView 7. Note: If the device discovery is scheduled. The input file should have the format as specified in the online help. Step 9. To verify the device discovery status. the importing devices is allowed only from a remote Unix NMS server or a remote Windows NMS server that supports the RSH protocol. Configure the seed devices. Bulk Device Import to Device and Credentials Repository LMS also supports bulk import into the Device and Credentials Repository.x installed in the same machine as the CiscoWorks server. You can then assign a device type to the device by selecting the device in Device Management screen and clicking Edit. Inc. click the Go to Campus Administration link. select the Local NMS option. To do bulk device import. select the Remote NMS option. then click Apply.x or IBM Tivoli NetView 7.x. This document is Cisco Public Information.x installed in a different machine from the CiscoWorks server. then it will be a member of the group /Device Type Groups/Unknown Device Type. You will have to provide the installation location of HP OpenView NNM 6. ● Local NMS Import To import devices from either HP OpenView Network Node Manager 6. Step 7. All the devices discovered by Campus Manager should now be populated in the DCR. Page 33 of 64 .x or IBM Tivoli NetView 7. This action triggers an immediate Device Discovery process. navigate through CWHP > Common Services > Device Management > Bulk Import. Step 8. Address filters are available to either to discover or not discover devices in a particular network. If the imported device does not have a device type associated with it. To configure the address filters. ● File Import Select the File option to import devices from a CSV or XML file. Bulk import into DCR can be done by one of the three formats listed below. Note: In LMS 2. click IP Address Range. In this case. All contents are Copyright © 1992–2008 Cisco Systems. ● Remote NMS Option To import devices from either HP OpenView Network Node Manager 6.

All applications within LMS should be populated with the imported devices. Step 3. ● If only a subset of devices available in DCR are to be managed in RME. Device Management Device discovery just populates devices in LMS. then click Edit. then click Finish. If you need to enter User Fields for devices. Additional information about the devices such as configuration files and software images on the network needs to be added. Page 34 of 64 . Step 5. the Auto Synchronize option in RME should be enabled. To perform credential update in DCR: Step 1. Step 2. device credentials other than the SNMP read credentials need to be entered in the Device and Credentials Repository. the Auto All contents are Copyright © 1992–2008 Cisco Systems. click Edit. This document is Cisco Public Information. Check Automatically Manage Devices from Credential Repository. b. use the above step to Edit their credentials. Step 7. if the devices have different credentials. All rights reserved. you can edit the credentials for these devices by selecting the groups to which the devices belong. click Next and enter up to four user-defined fields. Click Next. Note: Don’t select any device in the screen that follows. which will by default select all the devices.Deployment Guide Editing the Credentials for the Imported Devices Once the devices have been imported through the Local NMS or Remote NMS options. Inc. populating the Cisco devices through Campus Manager Device Discovery is recommended. If all the devices have the same credentials. Adding Devices to RME From DCR If RME has not been set up in Auto Synchronize mode. Device Credentials Update To utilize the complete functionality of LMS. Navigate to CWHP > Common Services > Device and Credentials > Device Management. Step 4. Note: If you have CDP enabled on your network. Enter the device credentials. However. then in the Device Management screen. You can enable Auto Synchronization by: a. devices can be added into RME from the Device and Credentials Repository using either of following procedures: ● If all the devices added in DCR are also to be managed by RME. create groups of devices having the same credentials by going to CWHP > Common Services > Groups. Select the devices under the All Devices group by checking the All Devices group. Going to the CiscoWorks Home Page and navigating to RME > Administration > Device Management > Device Management Settings. Create groups underneath the CS@server-name/User Defined Groups. Step 6.

3. If the devices have been populated through Campus Manager Device Discovery or a third party NMS and if the Auto Synchronize option on RME was enabled. Step 3. step through the verification process described in the following section. b. Taking these steps should populate the managed devices in the server. To view the archive collection status or view the job details. All contents are Copyright © 1992–2008 Cisco Systems. Go to TOC > Sync Archive. you would need to run the synchronize operation to collect the configuration files for the managed devices. This can be done only for the devices that failed the initial synchronize archive operation. All rights reserved. click the Number of Failed Devices link. This document is Cisco Public Information. To verify job status. the initial configuration collection of devices would fail since the credentials (SNMP write. go to Config Management.Deployment Guide Synchronize option can be left turned off. click View Credential Verification Report. select the devices under RME group. Telnet/SSH) needed for configuration collection were not available in LMS. then select the Archive Management link. Verification of Device Import Status in LMS Applications This section describes the verification of device import procedures in Resource Manager Essentials. Check device credentials by going to Resource Manager Essentials > Devices > Device Management > Device Credential Verification. Campus Manager. Resource Manager Essentials The following RME device verification tasks are described in this section: Confirm Configuration File Collection To confirm if the configuration files have been collected: 1. click Check Device Credential. To do so. Check Fetch Startup Config. You must schedule a Sync Archive job. Inc. To verify the type of device credentials to be checked. Check Device Credentials To check the device credentials: 1. Page 35 of 64 . Going to CWHP > Resource Manager Essentials > Config Management > Archive Management. Step 2. 2. Viewing Configuration Collection Status in RME You can view configuration collection status in RME by: a. and Device Fault Manager. Since the credentials have been updated in LMS. 2. refresh the screen. Collecting Devices’ Startup and Running Config To collect the startup and running configuration of devices: Step 1. To view the report and see if the device credentials are correct. To see the list of devices that failed the archive operation. To ensure that the applications are working properly.

Deployment Guide 4. This document is Cisco Public Information. All contents are Copyright © 1992–2008 Cisco Systems. All rights reserved. If you need to change the credentials on devices. ● You can view the data collection status of a device under Data Collection. ● Devices should be in status Known. ● You can find the discovery status of devices under Device Discovery. Page 36 of 64 . Campus Manager To get the current status of devices in Campus Manager: Navigate to CWHP > Campus Manager > Administration. Inc. Device Fault Manager To get the current status of devices in DFM: Navigate to CWHP > Device Fault Manager > Device Management > Discovery Status. ● DFM Processing should be Active. click Edit Device Credentials.

6 This chapter deals with server administration and configuration settings to optimally utilize the resources of the server while also maintaining a current status of the network topology. This newly created group can be accessed from any application screen in LMS. Backing Up LMS Data Cisco recommends that the backup data should not be stored in the directory where LMS is installed (by default. Step 5. Campus Manager.Deployment Guide 6. Step 4. then click Add Rule Expression and click Next. To create the new group under /CS@server-name/User Defined Groups. All the devices that match the criteria are shown in the right panel. To create user defined groups. Common Services Common Services provides an operating foundation that allows Cisco Works applications to share data and system resources. Creating User Defined Groups Grouping devices in Common Services is used to create user-defined groups based on the User Defined field defined by DCR for the devices. Step 2. please refer to the following documents: http://www. All rights reserved. Inc. It also provides a common desktop for launching Cisco Works applications and centralizes login. under the NMSROOT directory in Windows or Solaris). Step 7. click Finish. and access privileges. Server Administration in Cisco LAN Management Solution 2. These groups can then be used by Resource Manager Essentials. then click Create. and user_defined_field_3. user role definitions. Select the Variable drop-down box. Step 8. or Internetwork Performance Monitor to launch tools pertinent to that application. Click Next. In the Group Administration window. Periodic updates to Cisco Works Common Services are made available for download. For installation and user guide documentation. Step 6. Navigate to CWHP > Common Services > Groups. Enter a group name and click Next. All contents are Copyright © 1992–2008 Cisco Systems. user_defined_field_2. This document is Cisco Public Information. Step 3.ht ml. select /CS@server-name/User Defined Groups from the group selector. user_defined_field_1. Select the Group Admin link. follow these steps: Step 1. Please note that the DCR Master/Slave mode is also backed up.cisco. Select an operator and value that matches the device value in DCR. The Variable field offers four possible values: user_defined_field_0. Device Fault Manager.com/en/US/products/sw/cscowork/ps3996/tsd_products_support_series_home. Page 37 of 64 .

pl –d /tmp In the above command.d/dmgtd stop command.pl operation in a Solaris server is given below. Default TempDirectory for this Restore program: /opt/CSCOpx/tempBackupData Use -t TempDirectory to define your own temp directory. /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup. Example Restore Operation (Solaris) An example of the restorebackup. ● TempDirectory: Temporary directory for the Restore program. /tmp is the location of the backup directory. Inc. Restoring LMS Data Restoring LMS data can be done only via the command line interface. Step 2.0.pl. This document is Cisco Public Information. Restore Program Help The Help on the restorebackup Perl script provides the following information: To run the restore command. ● For a Solaris server: Execute the /etc/init. Change directory to NMSROOT/bin. Execute the script restorebackup. You can provide a backup directory name. the command syntax is: /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup. Step 3. ● GenerationNumber: Generation to be restored. Shutdown the daemon manager: ● For a Windows server: Execute the net stop crmdmgtd command. the discovery mechanism can be categorized into the following three areas: ● Device Discovery ● Data Collection ● User Tracking Major Acquisition All contents are Copyright © 1992–2008 Cisco Systems. Step 1. Step 3. To see a list of the Backed Up generations available.Deployment Guide To backup LMS data: Step 1.pl <-d BackupDirectory> [-gen GenerationNumber] [-t TempDirectory] [-help] ● BackupDirectory: Directory where the backup archive is present. Select the Backup link. Log in to the LMS server. The backup job can either be run immediately or be scheduled. Navigate to CWHP > Common Services > Admin. Step 2. All rights reserved. Page 38 of 64 . Step 4. use the following command line: /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup.pl -h -d BackupDirectory Campus Manager In Campus Manager 4.

Inc. Disabling DNS Lookup DNS lookup could be one potential area for device discovery to slow down. To set up IP filters: 1. Uncheck the DNS Lookup checkbox. Troubleshooting Device Discovery To troubleshoot device discovery: 1. It populates the Device and Credentials Repository with the following discovered information: ◦ Host name ◦ Domain name ◦ Management IP address ◦ Display name ◦ sysObjectID ◦ SNMP credentials Discovering a device is not equivalent to managing the device in Campus Manager. ● Devices in DCR and user-configured seed devices from Campus Manager are used by the device discovery process. Navigate to Campus Manager Administration > Admin > Device Discovery > Discovery Settings. ● Device Discovery determines the management IP address of the device. Under IP Address Range. IP address filters help a user to define IP address ranges inside of which devices need to be discovered. Optimizing Network Discovery To optimize the discovery of the network. This document is Cisco Public Information. Navigate to Campus Manager Administration > Admin > Device Discovery > Discovery Settings. 2. To disable DNS lookup: 1. All contents are Copyright © 1992–2008 Cisco Systems. click Configure. 2. 2. Page 39 of 64 . All rights reserved. the following tasks can be performed. so DNS lookup can be disabled. These IP address ranges typically fall inside the same subnet. The following are some key facts about Device Discovery: ● Device Discovery performs Network Discovery using Cisco Discovery Protocol as the discovery mechanism.Deployment Guide Campus Manager Device Discovery Device Discovery can be run on a predetermined schedule or initiated by an operator. Navigate to the Campus Manager Panel from CWHP > Campus Manager Administration > Reports > Discovery Reports. Check to see if the SNMP settings are correct for the devices to be discovered correctly. Setting up IP Filters IP filters can be set if only certain subnets need to be discovered.

Navigate to CWHP > Campus Manager > User Tracking > Admin > Acquisition. complete the following tasks: Setting IP Address or VTP Domain Filters You can set IP address or VTP domain filters by navigating to Campus Manager Administration > Admin > Campus Data Collection > Data Collection Filters. To modify the heap size in the ANIServer. edit the file NMSROOT/objects/dmgt/dmgtd. IP phones. the ANIServer process (Java based) reaches a threshold of 1. This entry has a string -Xmx1024. All contents are Copyright © 1992–2008 Cisco Systems. Modifying the heap size. Campus Manager Data Collection You can run Data Collection on a predetermined schedule or through operator action.Deployment Guide 3. In this file. User Tracking Module In addition to the Campus Manager data collection feature. You must restart the LMS server the edit to the dmgtd. Cisco recommends you increase the heap size for the ANIServer from –Xmx1024m to –Xmx1280m. The following are some key facts about Campus Manager Data Collection: A list of devices and corresponding credentials in Device and Credentials Repository are used for data collection.000 devices.024 MB. Optimizing Data Collection To optimize the data collection for devices in the network.conf file is complete. and subnets. then it cannot be managed by Campus Manager. Page 40 of 64 . Note: Any edits to dmgtd. There are two major types of acquisition in User Tracking: ● Major Acquisition: Collects data on end hosts. Initiate a UT Major Discovery. The filtering is based on either IP address or VTP domain. All rights reserved. ● If data collection is done for a device count close to 5. Initiating a UT Major Discovery 1. This document is Cisco Public Information. A filtering mechanism can be applied to manage a subset of devices found in Device and Credentials Repository. If a device is not in DCR. ● Minor Acquisition: Polls the end hosts and IP phones to keep the User Tracking data current. 2. you can increase SNMP Timeout and Retry values. there is an entry for starting the ANIServer process. If the log file shows any SNMP timeout exceptions. and subnets in the network. Optimizing According to the Number of Devices ● When data collection is done for more than 5.000. Change this string to -Xmx1280m.conf file can be done only after the LMS server is shutdown. Only devices in DCR are managed.conf file. Cisco IP phones. Inc. the User Tracking module in Campus Manager can acquire data on end hosts.

Step 2. Inventory Collection/Polling At the time of RME installation. You can click on the maps and choose to show aggregate links between two maps. A periodic inventory collection job collects inventory data from all All contents are Copyright © 1992–2008 Cisco Systems. Inc. All rights reserved. Page 41 of 64 . Setting a Schedule for a Major Acquisition To set a schedule for running a major acquisition: 1. Archives or jobs older than a particular date can also be purged: Navigate to CWHP > Campus Manager > User Tracking > Admin > Reports > User Tracking Purge Policy. This view shows the aggregate links between all devices contained inside those two maps.Deployment Guide The following is the list of some important options that can be selected for a major acquisition: ● Enable User Tracking for DHCP environment: This is an option for tracking the end hosts in case the IP address changes. system jobs are created for both Inventory collection and polling. select Topology Groups. Resource Manager Essentials This section describes the LMS server administration tasks for Resource Manager Essentials. This document is Cisco Public Information. Navigate to CWHP > Campus Manager. Hierarchical Groups in Campus Manager Hierarchical groups help users to visualize the topology implemented for user-defined groups. Step 4. The three immediate subgroups are shown as maps. Hierarchical groups are created on top of Topology groups. Select the Topology Services link. then right-click /Campus@server-name/System Defined Groups. 2. Ping Sweep on IP Addresses in a Subnet You can enable a ping sweep on all IP addresses in a subnet before starting a major acquisition. Then select the Schedule Acquisition link. Step 1. Purge Policies You can delete end hosts and IP phones from User Tracking either on demand or on a specified interval after major acquisition: Navigate to CWHP > Campus Manager > User Tracking > Admin > Acquisition > Delete Interval. ● IP phone acquisition on dot1q trunks for IOS switches: This is an option for fetching end hosts that are connected to a switch in Voice VLAN Setup. In the window that opens up. ● Use DNS to resolve host names: This is an option for resolving the host names. Step 3. Select the Display View option. Navigate to Campus Manager > User Tracking > Admin > Acquisition. with their own default schedules. There is an option to exclude certain subnets from the ping sweep.

● Periodic Collection Configuration is fetched without checking for any changes in the configuration. You can purge configurations based on two criteria: All contents are Copyright © 1992–2008 Cisco Systems. Select one or all the options. All rights reserved. ● Default Protocols used for Configuration Fetch and Deploy Many protocols are used for performing a configuration fetch and deploy. Inc. This frees disk space and keeps your archive at a manageable size. Page 42 of 64 .Deployment Guide devices (devices in the “All Devices” group) and updates inventory database. change the values and click Apply. no configuration is fetched. 1. The order of protocols that are used can be re-arranged or some protocols can be removed from the list if it is not relevant to your network. Note: The poller detects most changes in all devices. if there are no configuration changes detected in the devices. The periodic polling polls all devices to check inventory changes and collects and updates the inventory database only if there is a change. The System Job Schedule dialog box displays the current collection or polling schedule. This document is Cisco Public Information. You can modify how and when the configuration archive retrieves configurations by selecting one or all of the following: ● Periodic Polling Configuration archive performs a SNMP query on the device. To change the default settings. with much less impact on your network and on the LMS server. The default (out of the box) periodicity of the collector job is once a week and the default (out of the box) periodicity of the poller job is once a day. The default order of protocols used and the option to change the order can be accessed by navigating to Resource Manager Essentials > Administration > Config Mgmt. The system provides a default order of protocols that will be used to fetch or deploy the configuration on the device. Purge Policies Configuration Management You can specify when to purge archived configurations. 2. You can enable this using Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Collection Settings. Configuration File Collection and Polling The configuration archive can be updated with configuration changes by periodic configuration archival (with and without configuration polling). Select Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Collection Settings. navigate to Resource Manager Essentials > Administration > Inventory > System Job Schedule. It is best for the customer to select the periodic collection and polling. Note: A scheduled collection and polling are disabled by default as the customer’s network may have sporadic bursts of traffic and the NMS should not take up the existing bandwidth.

c. click Change. click Maximum Versions. To specify when to purge configuration files from the archive. The purged labeled files will be deleted only if it satisfies these conditions Maximum versions to retain and Purge versions older than. Collector allows only the syslogs that match any of the "Keep" filters. Configurations older than the number of days you specify are purged. the Common Syslog Collector drops the syslogs that match any of the "Drop" filters from further processing. To delete the labeled configuration files. select one or both of the following options: a. Click Apply. Choose Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Purge Settings. The Archive Purge Setup dialog box appears. then enter a number and select days. 5. 2. For example. Defining Message Filters You can exclude messages from Syslog Analyzer by creating filters. 3. Page 43 of 64 . Choose Resource Manager Essentials > Tools > Syslog > Message Filters. ● If you select the Drop option. All contents are Copyright © 1992–2008 Cisco Systems. To specify the default purge policy: 1. Specify the number of days in the Purge records older than field. By default. when the eleventh version of a configuration is archived. A list of all message filters is displayed in a dialog box. Only the records older than the number of days that you specify here. Specify whether the filters are for dropping the Syslog messages or for keeping them. 4. or months. Choose Resource Manager Essentials > Administration > Syslog > Set Purge Policy. ● The maximum number of versions of each configuration to keep. 1. 1. the purging jobs are disabled. All rights reserved. b. This document is Cisco Public Information. Click Purge versions older than. Note: The Drop or Keep option applies to all message filters and is not on a per-filter basis. or Disabled. To schedule a purge job. weeks. for further processing. will be purged. the first is purged to keep the total number of archived versions at 10.Deployment Guide ● Their age. Inc. To retain and then enter the number of configurations to retain. ● If you select the Keep option. if you set the maximum versions to keep to 10. The default value is 7 days. 2. Select Enable. 2. by selecting either Drop or Keep. The oldest configuration is purged when the maximum number is reached. click Purge labeled files. Syslog A default policy can be specified for the periodic purging of Syslog messages. and the status of each filter—Enabled. along with the names.

1. 5. Choose Resource Manager Essentials > Software Mgmt > Software Repository > Software Repository Synchronization. To save the purge policy that you have specified. you can create a job to import all software images on your network by following these steps: 4. If some devices are running software images not in the software repository then a synchronization report can be generated for these devices. then click Save. 2. then click Submit. You can set inventory filters by navigating to Resource Manager Essentials > Administration > Inventory > Inventory Change Filter. Import a baseline of all software images. 1. Setting Up Inventory Filters Certain inventory attributes can change often and these changes can get logged whenever there is a collection. All running images that are not in the software repository will appear.Deployment Guide Change Audit You can schedule a periodic purge or a forced purge of Change Audit data. Select Days of the week from the Day drop-down list box. The images act as a backup if any of your devices become corrupted and need a new software image or if an error occurs during an upgrade. This document is Cisco Public Information. Inc. enter the values for each field. Once the Software Repository Synchronization job finishes successfully. This frees disk space and maintains the Change Audit data at a manageable size. Select Network and Use generated Out-of-sync Report. 3. then click Add. Specify the start time and the end time from the Start Time and the End Time drop-down list box. 2. Enter the information. Select Resource Manager Essentials > Administration > ChangeAudit > Set Purge Policy. To prevent this inventory change filters can be enabled to not track change audits for these attributes. 3. Set the Exception period by navigating to Resource Manager Essentials > Tools > Change Audit > Exception Period Definition. The baseline imports a copy of each unique software image running on the network (the same image running on multiple devices is imported into the software library only once). SWIM Baseline Collection We recommend that you first import a baseline of all software images running on your network. All contents are Copyright © 1992–2008 Cisco Systems. 2. then click Next. Click Schedule. Choose Resource Manager Essentials > Software Mgmt > Software Repository. This may cause a lot of change audit messages to accumulate over a period of time. To schedule a Synchronization report: 1. Page 44 of 64 . Defining Exception Periods An Exceptions period is a time you specify when no network changes should occur. All rights reserved. then click Add.

The following are the logical steps to configure job approval. Select users from the list of available users field in the middle. d. Config Editor. Archive Management and Software Management. All contents are Copyright © 1992–2008 Cisco Systems. 2. Archive Management and Software Management. Save the configuration of approval lists. Archive Management and Software Management to be approved before being executed. The approver can either accept or reject the job. The list has to be named and assigned approvers. the status of the job is updated for the user who created the job. download of configuration and device IOS/CatOS image management. Note: If you do not select the Use generated Out-of-sync Report option.Deployment Guide 6. Config Editor. Configuring Job Approval RME allows approval of jobs before they are executed. You must create a list of approvers. Enable Approval policies on the various functions like NetConfig. Job Management Jobs need to be created for performing archive management. then click Finish. 1. 3. edit of configuration. This document is Cisco Public Information. it will take more time to show the software image selection dialog box. then click Add. Navigate to CWHP > Resource Manager Essentials > Administration > Approval > Create/Edit Approver Lists. All rights reserved. b. Specify Approver Lists. navigate to CWHP > Resource Manager Essentials > Job Mgmt > Job Approval. Click Next. Page 45 of 64 . All jobs can be searched on criteria such as status of the jobs and type of job. The central location can be accessed by navigating to CWHP > Resource Manager Essentials > Job Mgmt > RME Jobs. Navigate to CWHP > Resource Manager Essentials > Administration > Approval > Approver Details. The steps described above require all jobs created for NetConfig. Note: The user created here should have Approver role in the system (be it local security mode or ACS security mode ). Specify Approver Information. c. If a job is rejected. Enter the Job Control Information. then click Add. a. Config Editor. Inc. Provide an Approver name in the top left text field. 4. Viewing Jobs Pending Approval To view all jobs pending approval. click Next. Assign approval lists with the various functions such as NetConfig. There is a central location where all jobs created for various purposes in RME can be viewed. 7.

navigate to the DFM panel and choose Configuration > Other Configuration > Daily Purging Schedule. When you import devices from the Device and Credentials Repository. Page 46 of 64 . device attributes. Those devices in DCR that cannot be an IPM source will be not added and in the import log file there will be an error message for that device. All the devices in DCR will be imported into IPM. Note: Before you import devices from Device and Credential Repository. you can import devices from DCR into Internetwork Performance Monitor. Daily Purging Schedule Set up a daily purging schedule for fault history information in the DFM. IPM verifies whether the IP SLA responder is enabled or not on the target. All contents are Copyright © 1992–2008 Cisco Systems. ● Target IP devices When you import devices as Target IP Devices. and device credentials. You can import devices as: ● Sources When you import devices as Sources. Inc. To set up a purge schedule. IPM interacts with this repository to get the device list. IPM adds the device without either contacting the device or making any verification. the target’s IP SLA responder status is not verified. This document is Cisco Public Information.Deployment Guide Importing Devices into Internetwork Performance Monitor Once the devices are added into the Device and Credentials Repository. Import status log file IPM creates a separate log file for the Device and Credentials Repository Import status. ensure that there are devices in the repository. Device Fault Manager Administration of the DFM Server can be categorized into the following sections. Forwarding SNMP Traps This configuration can be made to blindly forward traps that come into the trap receiver of the DFM. You can view the log file in: IPMROOT/etc/source or IPMROOT/etc/target. IPM contacts the device and adds them only if they are running IOS image with IP SLA feature and if the Read and Write community strings are provided. ● Target IP SLA responders When devices are imported as Target IP SLA Responders. All rights reserved. there is no mechanism to import only selected devices from DCR into IPM. View the results of importing devices You can view the results of importing devices from the CiscoWorks home page by clicking View Import Source Log or View Import Target Log. Also. if the device has a read community string. they are updated. if the devices already exist in IPM. If there is not a read community string. These are traps that are received from the devices in the network.

navigate to the DFM panel and choose Configuration > Other Configuration > SMTP Default Server. navigate to DFM panel and choose Configuration > Other Configuration > SNMP Trap Receiving. polling and threshold parameters need to be set. navigate to Configuration > Other Configuration > Rediscovery Schedule. To set the SMTP Server information for sending emails. Note: Rediscovery does not add devices into the DCR as it would in Campus Manager. To create DFM groups. Polling and Threshold parameters can be set by navigating to CWHP > Device Fault Manager > Configuration > Polling and Threshold. A view can be created on a list of groups and this view will be visible in the Alerts and Activities Window under Device Fault Manager. To schedule a rediscovery. This document is Cisco Public Information. To set the port used for trap receiving. Note: It is not NB trap generation for applications like HP Open View Receiving SNMP Traps This configuration is made for setting the global port for receiving traps in DFM. These groups can be shared with other applications. Group Administration Group administration’s function is to create. You can schedule multiple rediscoveries. View Management View Management allows the user to see alerts and activities on a group of devices. Default SMTP Server DFM has an email notification service that can send emails when alerts or events are generated. ● Threshold Parameters are used to determine the thresholds for various devices. Rediscovery Rediscovery is limited to the list of devices that are known to DFM. navigate to Configuration > Other Configuration > Group Administration. Inc. All rights reserved. navigate to the DFM panel and choose Configuration > Other Configuration > SNMP Trap Forwarding. This email notification service needs SMTP Server information for forwarding emails. edit or delete groups internal to DFM. ● Polling parameters are used to make DFM Server poll the devices in the various groups in specified intervals. When these thresholds are crossed for the various types of devices alerts are raised in DFM Server.Deployment Guide To set up trap forwarding. All contents are Copyright © 1992–2008 Cisco Systems. Polling and Threshold Management For the faults and events to show up in DFM. Page 47 of 64 .

launch the Edit Device Credentials tool to edit the credentials. This document is Cisco Public Information. and any fault related alerts for the device and the neighboring devices. 24-hour Change Audit Summary. down or unused ports. you can launch the Switch Port Usage Report for recently up. ◦ If the device is a switch. Page 48 of 64 . ◦ Launch Credential Verification Report: Launch the Credential Verification Report to check for any missing credentials. ● You can look at the 24-hour reports on the device in the top half of the right frame and launch tools in the bottom half of the right frame. Last inventory and configuration collection times. Device Center Device Center is a portal within the LMS bundle that provides the ability to gather and debug information about a particular device. The procedure to launch debugging utilities on a particular device is given below. ◦ Launch the Fault History Report to view any faults that occurred in the last 24 hours or 31 days. It also incorporates IPv6 functionality with the manageability over IPv4 address. ◦ If some faults are found. Inc. ◦ You can synchronize the archive or download a previous archive of the configuration or All contents are Copyright © 1992–2008 Cisco Systems. image. navigate to Configuration > Other Configuration > Alerts and Activities Defaults. ● Browse through the group hierarchies to select a device or search for a particular device by typing in the name in the search utility provided above the group selector. flash. Device type. run reports on the device and any management tasks such as changing credentials. CiscoView Cisco View provides real time chassis view of the devices. This launches the summary and tools page for the device. ● A suggested list of tools to be launched in a particular order as follows. The list below is not complete but helps to understand some of the tools available in Device Center. go to the CiscoView tool to view the chassis and make some changes on the interfaces or ports. Device Center also provides a set of functions that help facilitate debugging. ◦ Launch the Detailed Device Report on the device to view memory. ◦ Ping: Ping the device to see if it is reachable from the LMS server. Cisco View now provides a light weight HTML-based client. Device Center is installed as part of the Common Services install and can be launched from CWHP > Device Troubleshooting > Device Center. All rights reserved. Syslog summary. To launch Cisco View.Deployment Guide To create views. IP address information. Click on the link on the device name after you have selected it. choose CWHP > Cisco View > Chassis View. ◦ If the credentials are missing. The “Summary” in device center provides information about the device IP address.

Inc. All rights reserved. All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide do an image upgrade. This document is Cisco Public Information. Page 49 of 64 .

2. ● You can choose to be notified by email. Set Up Tasks The following tasks must be completed before fault monitoring can be enabled in Device Fault Manager: Add List of Devices to the DCR A list of devices must be added from Device and Credentials Repository into DFM. Resource Manager Essentials. Page 50 of 64 . Fault Monitoring The Device Fault Manager (DFM) gives you the option of monitoring faults in three distinct ways: ● You can look at historic fault data using fault history. Network Management in Cisco LAN Management Solution 2. All rights reserved. or Syslog messages. This document is Cisco Public Information. Inc. Navigate to CWHP > Device Fault Manager > Device Management > Device Selector tool. All contents are Copyright © 1992–2008 Cisco Systems. To set the Polling and Threshold parameters: 1. ● You can look at the current faults in real-time in an alerts and activities window. Check Status of Devices The status of all devices should be in the Known state: Choose Device Fault Manager > Device Management > Device Summary. and Common Services. Threshold parameters determine the thresholds for various devices.Deployment Guide 7. Then select the Polling and Threshold link. This Polling and Threshold link provides an option to either change the default polling and threshold setting or to seta new polling and threshold setting for the user-defined device interface and port groups. Polling parameters are used to make the Device Fault Manager server poll the devices in the various groups at specified intervals. trap messages. Navigate to CWHP > Device Fault Manager > Configuration. Campus Manager. Polling and Threshold Configuration Faults and events show up automatically for all devices because default polling settings are used for polling the devices.6 This chapter provides more details on the network management tasks in LMS across the various applications: Device Fault Manager. Internetwork Performance Monitor. alerts are raised in the Device Fault Manager server. When these thresholds are crossed.

Baseline Configuration All enterprises need to enforce some standard policy across all the devices in the network. Step 4. Step 7. Provide the notification group name and click Next. To send traps to NB applications like HP Open View Network Node Manager when a notification needs to be raised per notification group. Step 6. Select a group from the group selector. click the Syslog Notification link. Step 1. All faults in the devices are automatically accumulated and can be viewed: Navigate to Device Fault Manager. Alerts and Activities The Alerts and Activities window shows the real-time display of faults on devices or views. then select the Fault History link. To launch the Alerts and Activities window: Navigate to CWHP > Device Fault Manager. then click the Alerts and Activities link. a fault ID. Create a Notification Group by clicking the Notification Groups link. Step 2. All rights reserved. Click Finish to create the notification group. a group of devices. Click Next. Navigate to CWHP > Device Fault Manager. To send email notification to a user when a notification needs to be raised per notification group. This document is Cisco Public Information. Step 10 To send syslog messages to other machines when a notification needs to be raised on a notification group. Select the Notification Services link. Step 8. With the RME Baseline template and compliance check you can execute this functionality: All contents are Copyright © 1992–2008 Cisco Systems. click the SNMP Trap Notification link. Fault History No configuration is needed in Fault History. click the E-Mail Notification link. Inc.Deployment Guide Fault and Alerts Notification Services Various notification services are available in Device Fault Manager to notify you of a fault or alert that occurred in the device. Step 3. then choose one of the following: ● Alert severity ● Event severity ● Alert status ● Event status for the devices in the group to send notification Step 5. You can view the faults by searching for a single device. or an event ID. Enterprise networks need to audit the policy periodically and enforce the policy if any devices are found in violation of it. Page 51 of 64 . Step 9.

If no core command is specified. Then create Baseline templates with those set of commands identified. ● Compare device configurations and generate a report that lists all the devices that are noncompliant to the baseline template. Page 52 of 64 . After creating the baseline templates. Certain RME tasks that don’t need prior device information can be performed on pre-deployed devices as they would on normal state devices. the device moves to a normal state. You must invoke the cmexport command with one of the core commands specified in Table 6. Inc. get baseline configurations. This document is Cisco Public Information. those tasks can be pushed to the devices.) in RME before the devices are online. and SSH). ● Schedule a compliance check job and deploy the baseline template on to the devices. All rights reserved. If RME successfully contacts the device through SNMP polling or pre-provisioned job completion. After the RME server can contact the devices. Data Extraction from LMS Applications This section describes the Campus Data Extraction Engine and the RME Data Extraction Engine. you can accomplish following tasks. the device has not been contacted by RME through protocols (such as SNMP. The pre-deployed device state indicates that the devices are not reachable from the management server (either they are not in the network or sufficient credentials have not been provided). Telnet.Deployment Guide First identify a set of standardized policy-based commands that you want to have on a set of devices. Preprovisioning Devices There is a new device status group in RME called pre-deployed devices. All contents are Copyright © 1992–2008 Cisco Systems. In the pre-deployed device state. The cmexport Utility You can access the command-line interface utility cmexport by going to the NMSROOT/campus/bin directory. So you could pre-provision all the tasks (write a software image. cmexport <-h | -v | commands> <arguments> Core Commands The core data extraction commands are described in Table 6. ● Deploy the baseline template to the same category of devices in the network. The top-level Help provides the following information. Campus Data Extraction Engine Campus Manager provides a data extraction engine to extract data about the following: ● User tracking data ● Layer 2 topology ● Discrepancies in the network configuration Data Extraction can be done either through the command-line interface or Servlet access. etc. cmexport can execute the -v or -h options only.

Core Commands: Campus Manager Data Extraction Core Command Description ut Generates User Tracking data in XML format. All contents are Copyright © 1992–2008 Cisco Systems. This parameter is applicable only when –host is chosen.xml ● For Discrepancy: PX_DATADIR/cmexport/Discrepancy/timestampDiscrepancy. -queryPhone User tracking phone data is exported in XML format for the query given in phonequeryname. l2topology Generates Layer 2 topology data in XML format. This parameter is applicable only when –phone is chosen. Possible Combinations of cmexport Commands User Tracking Table 7. This parameter is applicable only when –phone is chosen. All rights reserved. -view Specifies the format in which the user tracking XML data is presented. -v Displays the version of the cmexport utility. ● timestamp is the time at which the log was written in this format: YearMonthDateHourOfDayMinuteSecond format.xml ● For Layer 2 Topology: PX_DATADIR/cmexport/L2Topology/timestampL2Topology.Deployment Guide Table 6. You should delete these files when necessary. ● For User Tracking: PX_DATADIR/cmexport/ut/timestamput. Archival Locations Data generated through the cmexport command-line interface is archived at the following locations by default. This parameter is applicable only when –host is chosen -layoutPhone User tracking phone data is exported in XML format for the layout given in layoutPhone. This document is Cisco Public Information. This utility does not inherently delete the files created in the archive. It currently supports two options: ● switch: User tracking data is displayed based on the switch. Page 53 of 64 .xml Directory Locations ● The PX_DATADIR directory is at these locations: ◦ Windows: %NMSROOT%\files folder ◦ Solaris: /var/adm/CSCOpx/files ● NMSROOT is the directory where you installed Campus Manager. discrepancy Generates discrepancy data in XML format. -query User tracking host data is exported in XML format for the query given in queryname. -f Specify the filename and the directory for storing the Data Extraction Engine output. However. Inc. ● subnet: User tracking data is displayed based on the subnet in which they are present. -h (Null option) Lists the usage Help information for this utility. The layout is a custom layout defined by the user in UT. using the same filename and directory twice would cause the previous file to be overwritten. User Tracking cmexport Parameters Parameter Description -layout User tracking host data is exported in XML format for the layout given in layoutname.

and returns the results in XML format. topology. core command. Servlet access is used to extract data from a client system. Inc. The Servlet requires a payload file that contains details about the user’s credentials. and optional details.Deployment Guide Example Commands cmexport ut –u admin –p admin –host cmexport ut –u admin –p admin –phone cmexport ut –u admin –p admin –host -query dupMAC –layout all cmexport ut –u admin –p admin –host -query dupMAC –layout <name> cmexport ut –u admin –p admin –phone -queryPhone <name> –layoutPhone <name> cmexport ut –u admin –p admin –host -f ut. Use a script to perform a POST operation to the Servlet with the payload file. the command you want to execute. This document is Cisco Public Information. password. The Servlet is: http://Campus-Server:1741/CSCOnm/campus/servlet/CMExportServlet The HTTP response of the Servlet contains the XML file generated by executing the cmexport command on the server with the parameters provided in the payload file. such as log and debug options as inputs in XML format. performs the operations. discrepancy and L2 topology information -> All contents are Copyright © 1992–2008 Cisco Systems. The input XML file contains various tags for username. The Servlet accepts users request and authenticates the requesting user’s identity using Common Services authentication mechanism. While generating data through the Servlet. phone. The Servlet then parses the payload file encoded in XML.xml Servlet Access to the Data Extraction Engine The Servlet access to Campus Manager Data Extraction Engine is described below. Step 2. the output will be displayed at the client terminal. Page 54 of 64 . Sample Payload <payload> <!—The following element specifies the username (valid CiscoWorks or ACS user ID) of the person initiating this DEE call --> <username>username</username> <!— The following element specifies the valid password of the user ID --> <password>password</password> <!—The following element specifies the DEE command used for extracting UT host. Extracting the Export File From the Servlet The steps to extract the export file from the Servlet are as follows: Step 1. Typically. Generate the necessary payload XML file with the required data.xml cmexport ut –u admin –view switch –host Layer 2 Topology or Discrepancy Commands cmexport L2Topology|Discrepancy –u admin –p admin cmexport L2Topology|Discrepancy –u admin –p admin -f 013104L2. The command to export user tracking. All rights reserved. Extract the XML file from the content of the HTTP response and save it to a local file. and optional tags. and discrepancy can be sent as HTTP or HTTPS requests. Step 3.

$res->message. " : ". Page 55 of 64 . my $req = new HTTP::Request ('GET'. All contents are Copyright © 1992–2008 Cisco Systems. #-. my $ua = new LWP::UserAgent. } url_call($temp). "\n". my $result. $url. $temp = $ARGV[0] . my $res = $ua->request($req). $fname = $ARGV[1] ."$fname") || die "File open Failed $!". Inc. } close(FILE). $| = 1. $hdr). if ($res->is_error) { print "ERROR : ". if ( -f $fname ) { open (FILE.Deployment Guide <command>ut_host</command> <!—The following element specifies the logfile where all logs need to be output --> <logfile>filename</logfile> <!—The following element specifies the debug level at which the log is output. --> <debug>1</debug> <!—The following element specifies the custom report name created in the User Tracking user interface by navigating to CWHP > Campus Manager > User Tracking > Reports > Custom Reports. $res->code.Activate a CGI: sub url_call { my ($url) = @_. $result = ''.= $_ . my $hdr = new HTTP::Headers 'Content-Type' => 'text/html'.> <view></view> </payload> Sample Perl Script to Access the Servlet Note: Sample scripts are available in the Campus Manager Data Extraction Engine online Help. $ua->timeout(5000). #!/opt/CSCOpx/bin/perl use LWP::UserAgent. All rights reserved. This document is Cisco Public Information. $req->content($str). } else { $result = $res->content. while ( <FILE> ) { $str .

pl http://server:1741/campus/servlet/CMExportServlet payload. All contents are Copyright © 1992–2008 Cisco Systems. The command will look similar to these commands for HTTP and HTTPS modes: ● In HTTP mode . When using this option. This document is Cisco Public Information. for the username admin). All rights reserved. The top-level Help command cwcli –help provides the following information: General syntax to run a command with arguments is: cwcli <application/command> <arguments> For detailed help on a command and its arguments./perl script. Page 56 of 64 ./perl script. If no core command is specified.xml file. } else { print $result . Resource Manager Essentials Data Extraction Engine Resource Manager Essentials provides a data extraction engine to extract data about the following: ● Inventory ● Change audit ● A device’s configuration details Data extraction can be done by either through the command-line interface or Servlet access. run: cwcli <application/command> -help You must invoke the cwcli command with one of the core commands specified in Table 8. The command-line interface utility cwcli can be accessed by going to NMSROOT/bin directory. } } The Perl script listed above will invoke the servlet with the use of payload .pl https://server/campus/servlet/CMExportServlet payload. the CMEXPORTFILE environment variable should be set so it points to the file containing the credentials.xml ● In HTTPS mode: . The username and password are either provided as part of the command-line interface and Servlet call or the password is put in a password file for retrieval by the Data Extraction Engine.xml Any user using the Data Extraction Engine is authenticated and authorized. cwcli can execute the -v or -help options only. The access permissions to the file can be set to prevent any unauthorized access. Inc.Deployment Guide if($result =~ /Authorization error/) { print "Authorization error\n". The command should be entered in the following format: cmexport ut –u admin –host This syntax enables cmexport to find the relevant password associated with the username (in the example here.

which modify the behavior of the specific cwcli export core command. ● Command specifies which core operation is to be performed. The order of the arguments and options are not important. It also helps in importing or exporting the User Defined Template XML files -v Displays the version of the cwcli utility. All rights reserved. and changeaudit details into XML format. you can view the cwcli export man pages by setting the MANPATH to: /opt/CSCOpx/man/man1 The man pages to launch the cwcli export command are man cwcli-export to launch the cwcli export command. netconfig A command-line interface tool to create. Inc. On UNIX. delete. and cancel an inventory collection job. ● To launch the cwcli export changeaudit command: man export-changeaudit ● To launch the cwcli export config command: man export-config ● To launch the cwcli export inventory command: man export-inventory Data Archiving Location Data generated through the cwcli export command-line interface is archived at the following locations by default: ● ChangeAudit ◦ On Solaris: /var/adm/CSCOpx/files/rme/archive/YYYY-MM-DD-HH-MM-SSchangeaudit. and cancel a NetConfig job. inventory A command-line interface tool to create. delete. This document is Cisco Public Information.xml ◦ On Windows: NMSROOT\files\rme\archive\ YYYY-MM-DD-HH-MM-SS-changeaudit. invreport List all custom reports and generates CSV formatted inventory report(s) for given template(s). However. ● AppSpecificArguments are the optional parameters. Command-Line Syntax The command line syntax of the application is in the following format: cwcli export command GlobalArguments AppSpecificArguments ● cwcli export is the CiscoWorks command line interface for exporting inventory. -help (Null option) Lists the usage information for this utility.xml All contents are Copyright © 1992–2008 Cisco Systems. configuration.xml ● Config ◦ On Solaris: /var/adm/CSCOpx/files/rme/cwconfig/YYYY-MM-DD-HH-MM-SS-MSMSMSDevice_Display_Name. export Exports inventory/configuration/change audit data in XML. It also helps in importing or exporting the data in inventory as XML files. Page 57 of 64 . compare two different configurations. and reload the device. you must enter the core command immediately after cwcli export.Deployment Guide Table 8. delete the archived configuration files. Core Commands: Resource Manager Essentials Data Extraction Core Command Description config Provides a set of commands that are used to download and fetch configurations. ● GlobalArguments are the additional parameters required for each core command.

to execute the import command payload. Note: Use <arg> and <argval> tags when the argument is a file.Sir" </arg-val> </command> </payload> All contents are Copyright © 1992–2008 Cisco Systems.xml ◦ On Windows: NMSROOT\files\rme\archive\ YYYY-MM-DD-HH-MM-SS. Page 58 of 64 . The following is the Servlet to be invoked to execute any command: For a post request http://<rme-server>:<rme-port>/rme/cwcli <payload XML file> For a get request http://<rme-server>:<rme-port>/rme/cwcli?command=cwcli config <commandname>-u <user> p<BAse64 encoded pwd> -args1 <arg1value>. Inc.1.xml RME Servlet The details of Servlet access to RME Data Extraction Engine is given below.xml is as follows: <payload> <command> cwcli config import -u admin -p <Base64Encoded pwd> -device 10. The name of the Servlet is /rme/cwcli. <payload> <command> cwcli config export -u admin -p <Base64Encoded pwd> -device 1.1 xml </command> <arg> </arg> <arg-val> </arg-val> </payload> For example. The contents of the payload xml file are as follows.inventory.1.77..xml ● Inventory ◦ On Solaris: /var/adm/CSCOpx/files/rme/archive/YYYY-MM-DD-HH-MM-SS-inventory.106 <arg> -f </arg> <arg-val> banner motd "welcome. This document is Cisco Public Information..Deployment Guide ◦ On Windows: NMSROOT\files\rme\cwconfig\ YYYY-MM-DD-HH-MM-SSMSMSMSDevice_Display_Name. All rights reserved.240.

if($result =~ /Authorization error/) { print "Authorization error\n". This document is Cisco Public Information. $url. my $res = $ua->request ($req). } else { print $result . $ua->timeout(1000). if ($res->is_error) { print "ERROR : ". $temp = $ARGV[0] . For example: Perl samplescript. "\n". while ( <FILE> ) { $str .240. # you can set timeout value depending on number of devices my $hdr = new HTTP::Headers 'Content-Type' => 'text/html'. Inc. } else { $result = $res->content. my $ua = new LWP::UserAgent.Deployment Guide The Remote Access Servlet creates a temporary file with the contents specified between the arg val tags for the import command. Sir".= $_ ."$fname") || die "File open Failed $!". Sample Script to Invoke the Servlet #!/opt/CSCOpx/bin/perl use LWP::UserAgent. the port number is 443.pl http(s)://<rme-server>:<rme-port>/rme/cwcli <payload XML file> Note: For the secure mode (HTTPS). my $req = new HTTP::Request ('POST'. $req->content($str). $result = ''.106 -f tempfile Here the tempfile contains the line banner motd "welcome. $fname = $ARGV[1] . open (FILE. On the server. $res->code. " : ". my $result. $hdr). The default port for CiscoWorks server in HTTP mode is 1741.77. #-. the command is executed as cwcli config import -u admin -p <Base64Encoded pwd> -device 10. Page 59 of 64 . url_call($temp). } print $str . $res->message. All rights reserved. All contents are Copyright © 1992–2008 Cisco Systems.Activate a CGI: sub url_call { my ($url) = @_.

By default. this is set to a comma '. The IPM Export Command The following example shows the command syntax and help that is displayed when you use the ipm export Help command: You must be logged in as the root user (in Solaris) or administrator (in Windows) to use export IPM data using the ipm export command. -q Quiet output: Display no column headings. This is only applicable in plain text output format. This document is Cisco Public Information. The ipm export command line interface is the command to do IPM export. All rights reserved. ipm export [-q] [[-k <letter>] | -w] [-h] [ ( -c | -s | -t | -o | -cs) [<CollectorName>] ] | [ (-dh | -dd | -dw | -dm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ (-jh | -jd | -jw | -jm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ (-ph | -pd | -pw | -pm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ -r [<WhichDay>] ] | [ -all [<StartDate>] [<EndDate>]] General Options [ipmRoot] Root location of IPM.Deployment Guide } } } Internetwork Performance Monitor Export There has been no change in the way the data can be exported in Internetwork Performance Monitor from the previous version of the product.output this usage help Format: Time - <StartTime> and <EndTime> input as: MM/DD/YYYY-hh:mm:ss Date - <WhichDay> input as: MM/DD/YYYY <StartDate> and <EndDate> input as: MM/DD/YYYY All contents are Copyright © 1992–2008 Cisco Systems. -w HTML output: A web page will be generated from the output of this command.'. Only applicable in plain text output format. such as /opt/CSCOipm. Page 60 of 64 . Inc. -k Delimiter: Set the field delimiter to <letter>. -h Help .

Standalone. You can save the custom reports. Slave. ● UT can list the jobs that are run periodically to generate reports. Enter the password corresponding to the username. delete. impNms. or Standalone ● setmaster. or Slave mode ● impFile. This document is Cisco Public Information. The main command to launch is at: NMSROOT/bin/dcrcli The steps are as follows: Step 1. impACS: Imports device list from File. Local NMS. These jobs are for generating reports on end hosts. duplicate device entries and switch port usage. setstand. modify devices and change DCR modes. NMSROOT/bin/dcrcli –u username Step 2. Remote NMS and ACS ( AAA server ) ● exp: Exports to a file UT Reports You can generate UT Reports by navigating to CWHP > Campus Manager > User Tracking > Reports. The following reports can be generated. The switch port usage reports can be run for recently down. you can add. Step 3. evaluating a query on the group to subset the number of end hosts and IP Phones. You can generate Custom reports by navigating to User Tracking > Reports > Custom Reports. ● You can generate Custom Reports for end hosts and IP Phones by selecting a group. Inc. Select one of the various top level commands ● add: Adds a device ● del: Deletes a device ● mod: Modifies a device ● lsattr: Lists the attributes stored in DCR ● details: View device details ● lsmode: Lists the DCR mode as Master. IP Phones.Deployment Guide The DCR Command Line Interface Using the command line interface. All rights reserved. A simple query can be input to view a subset of the end hosts or IP Phones present in UT. ● UT can run reports on switch port usage statistics of the switches. You can also view the list of DCR attributes that can be stored in DCR. You can find the report job listing by navigating to User Tracking > Reports > Report Jobs. Page 61 of 64 . unused down and unused up ports. setslave: Sets the DCR to Master. and view the current DCR mode. All contents are Copyright © 1992–2008 Cisco Systems. ● UT provides the ability to quickly view reports on end hosts and IP Phones. impRNms.

All contents are Copyright © 1992–2008 Cisco Systems. All rights reserved.1s. Inc. or IEEE 802.1s Recommendations. 3. Cisco MISTP Recommendations. To run optimal root and instance reduction and instance recommendation reports. select Reports. The different types of spanning trees that are supported for recommendations are PVST. Traffic data Campus Manager also has the ability to recommend Root Bridge based on the traffic in the network. it is essential to have the proper switch designated as the root bridge. Least cost Least cost recommendation will provide a recommendation on a root that would be the least cost from all the nodes in the switch cloud. Go to Topology Services > Network Views > LAN Edge View. RME 4.Deployment Guide You can use the custom reports while generating detailed reports on end hosts or IP phones by going to User Tracking > Reports > Report Generator. A template for enabling Syslogs is built in NetConfig. The least depth spanning tree recommendation can be seen by the following sequence: a. Enabling syslogs provides a multi fold advantage: ● LMS will collect and update any configuration and inventory changes on the network. The spanning tree formed in this selection would have the minimum depth. Select the desired Switch Cloud and click Display View. Since most of the switched traffic is directed through the root bridge. You can access the template under Resource Manager Essentials > Config Mgmt > NetConfig. MIST and 802. Once the device configurations are being managed by RME. Create a NetConfig job by clicking NetConfig Jobs under the TOC. you can enable syslogs through NetConfig. Configuring Syslog on Devices LMS has the ability to collect and analyze syslogs received from devices in the network. c. This document is Cisco Public Information. b. Least depth The least depth method would help the user select a root for the particular VLAN that would provide the least from each node in the network to the root. Page 62 of 64 . in the Switch Cloud view. ● Received syslogs can be analyzed and can also be used for further triggering automated actions Syslogs can be enabled on devices using NetConfig. VLAN Recommendations Campus Manager provides the ability to view VLANs and the ability to get recommendations on spanning trees.0 provides the ability to schedule a single job for devices using Cisco IOS and Catalyst OS. The ability to collect syslogs helps manage the network more effectively. then select Per VLAN STP Recommendations. Campus Manager provides the ability to select the root bridge based on the following criteria: 1. 2.

You can select the links that should be part of the Ether channel. they will be notified that the file is already checked out and they can only open a “read-only” copy. The distribution protocol can be set to ip. or port and the distribution address type can be set to source. The NetConfig tool provides wizard-based templates to simplify and reduce the time it takes to roll out global changes to network devices. Inc. 2. The protocol for Ether Channel is PagP and the channel mode is Desirable. the file is locked so that no one else will be able to make changes to it at the same time. Select a link on the Layer 2 View. NetConfig Function The NetConfig function provides a set of command templates that can be used to update the device configuration on multiple devices all at once. The Ether Channel Configuration window also shows all the links between the two devices where the Ether channel is being set up. review changes. All rights reserved. and then download the changes to the device. The configuration window also provides the ability to copy running configuration to startup configuration. Trunk Configuration To configure Trunk configuration: 1. Page 63 of 64 . Ether Channel Configuration For channel configuration. The Ether Channel Configuration window appears. Change Management RME Config Editor The RME Config Editor function can be used to edit a device configuration stored in the configuration archive and download it to the device. or both. While the file is locked. All contents are Copyright © 1992–2008 Cisco Systems. 2. follow these steps: 1. destination. Ether Channel and Trunk Deployment Campus Manager Topology Services Layer 2 view also provides the ability to configure Ether channels and Trunks. right-click and select Configure Ether Channel. If other users attempt to open the file to edit it. When a configuration file is opened with Config Editor. Select the type of encapsulation 802. Enter the Allowed and Disallowed VLANs on that trunk. The file will remain locked until it is downloaded to the device or manually unlocked within Config Editor by the user who checked it out or by a user that has network administrator and system administrator privileges. The Config Editor tool allows the user to make changes to any version of a configuration file. one of the sources is NAM and the other source is the NetFlow collector. it is maintained in a “private” archive available only to the user who checked it out. 3. This document is Cisco Public Information. Right-click on a particular link and select Create Trunk. ISL or Negotiate.1Q. mac.Deployment Guide Campus Manager accepts traffic information from two sources.

Deployment Guide These templates can be used to execute one or more configuration commands on multiple devices at the same time. if a job fails on a device. Standard Report or Exception Period Report. These reports help manage the changes on the network. For example. 2. These predefined templates include corresponding rollback commands. Audit Trail provides a trail of all the changes that are being on the server. The report type can be either a 24-hour report. Select Change Audit as the application. Inc. Audit Trail Resource Manager Essentials also provides the capability to have an Audit Trail. the addition or deletion of devices. NetConfig comes with several predefined templates containing all necessary commands. therefore. A copy of all updated configurations will be automatically stored in the configuration archive. The user simply supplies the parameters for the command and NetConfig takes care of the actual command syntax. C07-400501-01 02/08 Page 64 of 64 . Printed in USA All contents are Copyright © 1992–2008 Cisco Systems. or a credential change. for example. Change Audit All changes made on the network through LMS are recorded as part of change audit. use the appropriate SNMP template to update community strings on all devices using the same job. any out-of-band changes made on the devices are also recorded as part of the change audit. the configuration will be returned to its original state. go to Resource Manager Essentials > Reports > Report Generator. To view Change Audit reports. 1. If syslogs are enabled on devices. This document is Cisco Public Information. to change SNMP community strings on a regular basis to increase security on devices. All rights reserved.