Cisco LAN Management Solution 2.

6
Deployment Guide

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 64
Page 1 of
64

Deployment Guide

Table of Contents
Table of Contents .............................................................................................................................. 2
1. Cisco LAN Management Solution 2.6 Deployment Guide ............................................................. 4
Introduction................................................................................................................................... 4
Applications Included in LMS 2.6............................................................................................. 4
Versions Available for LMS 2.6................................................................................................ 5
LMS 2.6 Architecture .................................................................................................................... 5
Common Services and DCR.................................................................................................... 6
Device and LMS Workflow ........................................................................................................... 6
2. Setting up Devices on the Network ............................................................................................... 8
Device Setup Elements ................................................................................................................ 8
System Name .......................................................................................................................... 8
Domain Name.......................................................................................................................... 8
SNMP Settings ........................................................................................................................ 9
System Reload ...................................................................................................................... 10
Command Line Prompts ........................................................................................................ 10
Telnet/SSH ............................................................................................................................ 10
Syslog Messages................................................................................................................... 11
Remote Copy Protocol (rcp) .................................................................................................. 11
Configuring Protocols ................................................................................................................. 12
Cisco Discovery Protocol (CDP) ............................................................................................ 12
Secure Copy Protocol (scp) ................................................................................................... 13
HTTP and HTTPS Servers .................................................................................................... 13
Configuring Multiple Spanning-Tree ...................................................................................... 14
Configuring Multiple Instance Spanning-Tree ........................................................................ 15
Configuring Per-VLAN Spanning Tree+................................................................................. 16
Configuring VLAN Trunk Protocol (VTP)................................................................................ 17
3. Cisco LAN Management Solution 2.6 Installation Requirements ................................................ 20
Solaris OS Installation Requirements ......................................................................................... 20
Recommended Solaris Disk Layout ....................................................................................... 20
Windows OS Installation Requirements ..................................................................................... 21
Recommended Order for Installing LMS Applications ................................................................ 21
Ports Used by LMS Applications............................................................................................ 22
Licensing Terminology and Process3......................................................................................... 24
4. Initial Setup of the LAN Management Solution 2.6 Server .......................................................... 25
Application Mode Settings in LMS Applications.......................................................................... 25
Protocol Setup............................................................................................................................ 26
Configuration Management.................................................................................................... 26
Software Image Management................................................................................................ 27
Setting Up Security..................................................................................................................... 27
Certificate Setup .................................................................................................................... 27
Setting up the Cisco Secure Access Control Server .................................................................. 28
Integrating LMS Servers with ACS ........................................................................................ 28
Setting Permissions for Performing Tasks on Devices ............................................................... 30
Enabling HTTPS on an LMS Server ...................................................................................... 31
Single Sign-On....................................................................................................................... 31
5. Populating Devices in Cisco LAN Management Solution 2.6 ...................................................... 32
Campus Manager Device Discovery .......................................................................................... 32
Defining a Seed Device in Campus Manager ........................................................................ 32
Bulk Device Import to Device and Credentials Repository ......................................................... 33
Device Credentials Update......................................................................................................... 34
Device Management .................................................................................................................. 34
Adding Devices to RME From DCR ....................................................................................... 34
Viewing Configuration Collection Status in RME ................................................................... 35
Collecting Devices’ Startup and Running Config ................................................................... 35
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 64

Deployment Guide

Verification of Device Import Status in LMS Applications....................................................... 35
6. Server Administration in Cisco LAN Management Solution 2.6................................................... 37
Common Services ...................................................................................................................... 37
Creating User Defined Groups............................................................................................... 37
Backing Up LMS Data ................................................................................................................ 37
Restoring LMS Data ................................................................................................................... 38
Example Restore Operation (Solaris) .................................................................................... 38
Campus Manager....................................................................................................................... 38
Campus Manager Device Discovery...................................................................................... 39
Campus Manager Data Collection ......................................................................................... 40
User Tracking Module............................................................................................................ 40
Hierarchical Groups in Campus Manager .............................................................................. 41
Resource Manager Essentials.................................................................................................... 41
Inventory Collection/Polling.................................................................................................... 41
Configuration File Collection and Polling ............................................................................... 42
Purge Policies........................................................................................................................ 42
Syslog .................................................................................................................................... 43
Change Audit ......................................................................................................................... 44
SWIM Baseline Collection...................................................................................................... 44
Job Management ................................................................................................................... 45
Importing Devices into Internetwork Performance Monitor ......................................................... 46
Device Fault Manager ................................................................................................................ 46
Daily Purging Schedule.......................................................................................................... 46
Forwarding SNMP Traps ....................................................................................................... 46
Receiving SNMP Traps.......................................................................................................... 47
Default SMTP Server ............................................................................................................. 47
Rediscovery ........................................................................................................................... 47
Group Administration ............................................................................................................. 47
Polling and Threshold Management ...................................................................................... 47
View Management ................................................................................................................. 47
CiscoView................................................................................................................................... 48
Device Center ........................................................................................................................ 48
7. Network Management in Cisco LAN Management Solution 2.6.................................................. 50
Fault Monitoring.......................................................................................................................... 50
Set Up Tasks ......................................................................................................................... 50
Fault and Alerts Notification Services .................................................................................... 51
Fault History........................................................................................................................... 51
Alerts and Activities ............................................................................................................... 51
Baseline Configuration ............................................................................................................... 51
Preprovisioning Devices ........................................................................................................ 52
Data Extraction from LMS Applications ...................................................................................... 52
Campus Data Extraction Engine............................................................................................ 52
Possible Combinations of cmexport Commands ................................................................... 53
Resource Manager Essentials Data Extraction Engine.......................................................... 56
Internetwork Performance Monitor Export ............................................................................. 60
The DCR Command Line Interface........................................................................................ 61
UT Reports ................................................................................................................................. 61
Configuring Syslog on Devices................................................................................................... 62
VLAN Recommendations ........................................................................................................... 62
Ether Channel and Trunk Deployment ....................................................................................... 63
Ether Channel Configuration.................................................................................................. 63
Trunk Configuration ............................................................................................................... 63
Change Management ................................................................................................................. 63

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 64

By using common centralized systems and network-inventory knowledge.5 provides a set of shared application services that are used by all LMS applications. allowing users to easily interact with device components to change configuration parameters and monitor statistics. and troubleshooting of Cisco networks. This deployment guide considers scenarios where all applications reside on a single server and provides tips and suggestions on configuring the server. visibility into the health and capability of the network. This document is Cisco Public Information. ◦ CiscoView 6. and software images—as well as Syslog analysis. and provide Layer 2 and Layer 3 data and voice traces and end-host user information. and identification and localization of network trouble. detect network discrepancies.5 includes both CiscoView 6. administration. enterprises are confronted with an ever growing network size.0.6 includes the following components: ● CiscoWorks Common Services 3.Deployment Guide 1. All contents are Copyright © 1992–2008 Cisco Systems. ● Campus Manager (CM) 4. configuration files. With increasing reliance on networks to increase productivity.0. monitoring. How does an enterprise effectively deploy and maintain their network devices? CiscoWorks LAN Management Solution (LMS) provides the integrated management tools needed to simplify the configuration.0.1.0.1 and Integration Utility 1. Page 4 of 64 . It provides IT organizations an integrated system for sharing device information across management applications. Applications Included in LMS 2. Common Services 3.6 will also be discussed.6 is an integration module that supports third-party network management systems. Cisco LAN Management Solution 2.5 provides “front panel” graphical displays of Cisco devices. automation of device management tasks. helping enterprises deploy and manage solutions. Some concepts related to multi-server deployment that have been introduced in LMS 2.6 Campus Manager provides the ability to visualize network topology. ◦ Integration Utility 1. All rights reserved.6 LAN Management Solution (LMS) 2. Such increase in the number of network elements creates a challenge for network administrators.6 Deployment Guide Introduction Network management is critical in today’s networks. RME provides the ability to manage device inventory and audit changes.5 Common Services 3. ● Resource Manager Essentials (RME) 4. CiscoWorks LMS delivers a unique platform of crossfunctional management capabilities that reduces network administration overhead and provides upper-layer systems integration.5 To support life cycle management.0. References will be provided for detailed discussions in the respective white papers. Inc. manage VLANs.6.

called collectors. The device limit for this version is 300 devices. in the router. Fault History lets the operator store and access historical information about alerts and faults that are detected and processed by DFM. include a source router. This document is Cisco Public Information. IPM takes advantage of Cisco IOS IP SLA3 technology by configuring network performance agents. These collectors. Page 5 of 64 .x to LMS 2. DFM can issue notifications of critical network conditions via email or pager.6 Architecture Figure 1 shows the architecture diagram of an LMS 2. a target device and an operation type.6 Device Fault Manager provides the ability to monitor device faults in real-time and determine the root cause by correlating device-level fault conditions.6: ● Restricted Version The Restricted version of LMS 2. which is known as Cisco IOS IP SLA. as part of their configuration.6 Internetwork Performance Monitor measures network performance based on the synthetic ® traffic generation technology within the Cisco IOS software.6. Versions Available for LMS 2.Deployment Guide ● Device Fault Manager (DFM) 2.x Unlimited version or from LMS 2. Inc. LMS 2. ● Internetwork Performance Monitor (IPM) 2. Using synthetic traffic gives the network manager a high degree of flexibility in selecting the end points in a network between which network performance will be measured.6 server and how the applications residing on a single LMS server interact to obtain device information. This version has no limit on the number of devices it can support. This flexibility makes IPM a highly effective performance-troubleshooting tool.6. ● Large Enterprise Version The Large Enterprise version is for customers transitioning from LMS 1.x Unlimited version or from LMS 2.6 is for customers transitioning from LMS 1.x to LMS 2. All rights reserved.0. All contents are Copyright © 1992–2008 Cisco Systems.6 You can select one of the following two versions of LMS 2.

This document is Cisco Public Information. Since there is a common device and credentials repository. Inc. Device and LMS Workflow Figure 2 summarizes the device and LMS setup workflow.Deployment Guide Figure 1. devices populated in DCR can be automatically populated in different applications. Device Credential and Repository (DCR) is part of Common Services and acts as a central secure repository for all the device and credential information. For more information on this.6 applications use Common Services as shown in Figure 1. The Device and Credential Repository also helps in a multi-server setup. All applications within LMS request DCR for device credential information. Subsequent chapters describe the setup and workflow processes in detail. Page 6 of 64 .6 Architecture Common Services and DCR LMS 2. All rights reserved. see the Application Mode Settings in LMS Applications. All contents are Copyright © 1992–2008 Cisco Systems. This document only briefly describes some of the basic configuration that can be achieved in a multi-server setup. LMS 2. page 24.

Deployment Guide Figure 2. Page 7 of 64 . This document is Cisco Public Information. Device and LMS Setup Workflow All contents are Copyright © 1992–2008 Cisco Systems. All rights reserved. Inc.

Deployment Guide

2. Setting up Devices on the Network
LAN Management Solution (LMS) 2.6 helps to manage Cisco devices on the network. But before
LMS 2.6 can function correctly, the network devices it touches must be set up correctly. The
information provided in this chapter is a general description of the means and procedures
recommended to ensure that the network devices are set up correctly.
Note:

This chapter provides a great deal of information on the device configuration procedures

required to manage devices using CiscoWorks LAN Management Solution. But keep in mind that
this document is not intended to be a comprehensive configuration guide for LMS 2.6. For
additional configuration details, please contact a Cisco certified network engineer if possible and
refer to pertinent documents that are posted on Cisco.com.
Tip:

Prior to LMS deployment, in the case of Cisco IOS and Catalyst OS devices, all

configuration changes must be saved to non-volatile memory (NVRAM) using the following
commands:
write memory or copy running-config startup-config.
Please note that these two commands are provided to save pre-LMS deployment configuration
changes. After LMS is deployed, configuration changes are saved automatically where appropriate
and no user intervention is required. Newer versions of Catalyst OS devices have separate running
and startup configurations.

Device Setup Elements
This section describes each of the elements in the device setup that needs to be attended to.
System Name
Each Cisco IOS device in the network must have a unique system name (sysName) to discover all
devices. The system name is also populated in the Cisco Discovery Protocol (CDP) table. If there
are duplicate system names on the network, LMS will discover only one device by that name on the
network. On Cisco IOS devices, the domain name also affects the system name.
You can set up the system name by using the following commands:
Cisco IOS Devices
hostname <name>
Cisco Catalyst OS Devices
set system name <name>
Domain Name
You can set a domain name on a Cisco IOS or a Catalyst OS device. Set up the domain name by
using the following commands:
Cisco IOS Devices
ip domain-name <name>
Cisco Catalyst OS Devices
set system name <name with domain name>

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 8 of 64

Deployment Guide

SNMP Settings
LAN Management Solution uses Simple Network Management Protocol (SNMP) community strings
to read and write information from and to the devices.
Note:

LMS supports SNMP AuthNoPriv mode of SNMP v3.

Enabling SNMP v3 on Cisco IOS Devices
To enable SNMP v3 on Cisco IOS devices, follow these steps:
Step 1. Create a view.
snmp-server view campus oid-tree included
Step 2. Set the security model.
snmp-server group cmtest v3 auth read campus write campus access
access-list
Step 3. Create a user and specify the authentication protocol to be used.
snmp-server user cmtester campus v3 auth md5 password
Step 4. Create a group and associate the user with it.
snmp-server user cmtester cmtest v3
Enabling SNMP v3 on Catalyst OS Devices
To enable SNMP v3 on Catalyst OS devices, follow these steps:
Step 1. Create a view.
set snmp view campus 1.3.6.1 included nonvolatile
Step 2. Set the security model.
set snmp access cmtest security-model v3 authentication read campus
write campus nonvolatile
Step 3. Create a user and specify the authentication protocol to be used.
set snmp user cmtester authentication md5 cisco123
Step 4. Create a group and associate the user with it.
set snmp group cmtest user cmtester security-model v3 nonvolatile
Enabling SNMP v1 or v2c on Cisco IOS Devices
To enable SNMP v1 or v2 on Cisco IOS devices, follow these steps:
Step 1. snmp-server community <read-community-string> ro
Step 2. snmp-server community <write-community-string> rw
Enabling SNMP v1 or v2c on Cisco Catalyst OS Devices
To enable SNMP v1 or v2c on Cisco Catalyst OS devices, set as follows:
Step 1. set snmp community read-only <read-community-string>
Step 2. set snmp community read-write <write-community-string>
The community strings configured on the devices must match the community strings entered in the
DCR (Device Credential Repository) component in LMS.
Enabling Traps in Catalyst OS Devices to Be Sent to a Particular Host
To enable traps in Catalyst OS devices to be sent to a particular host, enter this command:
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 9 of 64

Deployment Guide

set snmp trap 192.168.124.24 public
Enabling Traps in IOS Devices to Be Sent to a Particular Host Using SNMP v2c
To enable traps in IOS devices to be sent to a particular host using SNMP v2c, enter t his
command:
snmp-server host 192.168.124.24 traps version 2c public
In these examples for enabling traps, the public community string helps selective processing of
traps on the trap-receiving side.
System Reload
After a software image distribution operation using Resource Manager Essentials (RME) is
completed, RME will reload the device if so specified in the Image Distribution job. RME will be able
to reload any device (IOS or Catalyst OS) only if an SNMP manager (in this case, RME) is allowed
to reset the agent.
The following command is needed on Cisco IOS devices only:
snmp-server system-shutdown
Command Line Prompts
To utilize the NetConfig capability to execute batch changes on devices, Cisco device command
line prompts must meet the requirements described in this section.
Note:

Customized prompts should also fulfill these requirements.

Cisco IOS Devices

The Login prompt should end with an angle bracket (>).

For example: Cisco>

The Enable prompt should end with a pound sign (#).

For example: Cisco#
Cisco Catalyst OS Devices
The Enable prompt must end with “(enable).”
For example: Cisco(enable)
Telnet/SSH
Telnet is one of the protocols that can be used by RME for configuration management. You can
enable Telnet using the following commands.
To enable Telnet on Cisco IOS devices and Catalyst OS devices, enter these commands:
line vty 0 4
password <password>
login
exec-timeout 0 0
Note:

More than four VTY lines can be selected for log in.

Different authentication on different VTY lines is not supported.SSH provides for a secure
communication with the device.

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 10 of 64

For LMS to be able to provide configuration and software management using rcp. The default value is cwuser.Deployment Guide Cisco IOS The following example configures SSH control parameters on a router running Cisco IOS: ip ssh timeout 120 ip ssh authentication-retries 3 Catalyst OS The following examples configure SSH in Catalyst OS: (enable) set crypto key rsa 1024 (enable) set ipNote: Note: For greater access control and logging facilities. use the logging trap configuration command above. the server IP address entered here is the address of the RME server. Syslog Messages Syslog messages can be enabled on Cisco devices to further use the capability of LMS.221 cwuser enable ip rcmd remote-username cwuser Note: The value of <remote-username> and <local-username> entered in the device should match the RCP User value provided in the LMS server. Page 11 of 64 . Catalyst OS Devices To enable Syslog messages on Catalyst OS devices: set logging server enable set logging server <server-ip-address> set logging level all <logging-level> default Tip: The <server-ip-address> parameter is the IP address of the LMS server.17. This All contents are Copyright © 1992–2008 Cisco Systems. use TACACS. SSH configuration requires that the domain name must be configured. especially RME. All rights reserved. This document is Cisco Public Information. Remote Copy Protocol (rcp) Remote Copy Protocol (rcp) is one of the protocols that can be used by RME for configuration management and software image management. In case of multiple servers.246. this parameter is the IP address of the remote Syslog Analyzer and Collector. Inc. In the case of remote Syslog Analyzer and Collector. Cisco IOS Devices Enable Syslog messages on Cisco IOS devices from global configuration mode: logging on logging <server-ip-address> logging trap <logging-level> Note: To limit the number of messages sent to the syslog servers. rcp must be enabled on the network devices—rcp can be enabled only on devices running Cisco IOS as shown in the following sample commands: username cwuser password 7 000C1C0A05 ip rcmd rcp-enable ip rcmd remote-host cwuser 172.

and to send SNMP queries to those devices. CDP is a Cisco proprietary Layer 2 protocol that is media and protocol independent. All rights reserved. Campus Manager can discover the network topology only when CDP is enabled on those devices. Inc. A Cisco device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighbors. Configuring Protocols This section describes the basic configuration procedures for the following protocols: ● Cisco Discovery Protocol (CDP) ● Remote Copy Protocol (rcp) ● Secure Copy Protocol (scp) ● HTTP and HTTPS Protocols ● Multiple Spanning-Tree Protocol (MST) ● Multiple Instance Spanning-Tree Protocol (MIST) ● Per-VLAN Spanning Tree Protocol (PVST+) ● VLAN Trunk Protocol (VTP) Cisco Discovery Protocol (CDP) Cisco Campus Manager uses Cisco Discovery Protocol (CDP) to discover Cisco devices on the network.Deployment Guide value can be reset by traversing through the following user interface links in the LMS server: CWHP > Common Services > Server > Admin > System Preferences. Since it is a Layer 2 protocol. To enable CDP globally: set cdp enable To enable CDP on specific ports only: set cdp enable [mod/port] All contents are Copyright © 1992–2008 Cisco Systems. This document is Cisco Public Information. Page 12 of 64 . To enable CDP capability on Catalyst OS devices use the following commands. To enable CDP capability on IOS devices use the following commands. Campus Manager will use the following protocols in their respective technology: ILMI in LANE/ATM networks and ELMI on Stratacom Frame Relay networks. Enabling CDP on devices allows Campus Manager to learn information about neighboring devices. these packets (frames) are not routed. and runs on all Cisco-manufactured equipment. Enabling or Disabling CDP on Cisco IOS Devices CDP is enabled on Cisco IOS devices by default. To enable CDP globally: cdp run To enable CDP on specific interfaces only: cdp enable Use the no command to disable CDP capability on Cisco IOS devices. Enabling or Disabling CDP on Cisco Catalyst OS Devices CDP is enabled on Cisco Catalyst OS devices by default.

perform the following steps: Command Description Step 1: Router> enable Enables privileged EXEC mode. This document is Cisco Public Information. use the set cdp disable command. they will appear on the Campus map. please refer to this URL: ● Configuring CDP on Catalyst 6500 Series switches: http://www.Deployment Guide To disable CDP on Catalyst OS devices.2(2)T. For related information. Note: Certain non-Cisco devices support CDP. All rights reserved. The exec keyword runs authorization to determine if the user is allowed to run an Exec shell.9186a00801a5b18. The data that the client and server transmit to each other is not encrypted. Inc. To protect from CDP DoS attacks. you must use it when you configure SCP..]] Step 6: Router (config)# username superuser privilege 2 password 0 superpassword Establishes a username-based authentication system.com/en/US/products/hw/switches/ps708/products_configuration_guide_cha pter0. To enable and configure a Cisco router for SCP server-side functionality.] aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} [method1 [method2. Complete syntax: Router (config)# aaa authorization exec default group tacacs+ Sets parameters that restrict user access to a network.. for client connections. This leaves communication between clients and servers vulnerable to interception and attack. Tip: Do not run CDP on links that don’t need to be discovered by Campus Manager. Step 3: Router (config)#aaa new-model Sets AAA authentication at login. Secure Copy Protocol (scp) The Secure Copy feature was introduced in Cisco IOS 12. Step 4: Router (config)#aaa authentication login default group tacacs+ Enables the AAA access control system.html. HTTP and HTTPS Servers The Cisco IOS HTTP server provides authentication. Page 13 of 64 .. If you enable CDP on the Cisco devices connected to non-Cisco devices. Step 2: Router#configure terminal Enters global configuration mode. Syntax: username name [privilege level] {password encryption-type encrypted-password} Step 7: Router (config)# ip scp server enable Enables SCP server-side functionality. Enabling http Mode Use the following command to enable http mode: ip http server All contents are Copyright © 1992–2008 Cisco Systems. for example. a connection to the Internet and end-host connection ports on access switches. Syntax: Step 5: aaa authentication login {default | list-name} method1 [method2. but not encryption.cisco. Enter your password if prompted. Note: You may skip this step if a network-based authentication mechanism—such as TACACS+ or RADIUS—has already been configured.. do not enable CDP on links that are connected to non-Cisco devices. therefore.

6 release. It uses Secure Sockets Layer (SSL)1 and Transport Layer Security (TLS) to provide device authentication and data encryption. Page 14 of 64 . Note: As of the LMS 2. such as PVST+. Step 3 Define the MST configuration name and revision number.1s): Step 1. Common Spanning-Tree (CST). For more details please visit the following website: http://www. MST-enabled switches form an MST region only if they have a matching VLAN-to-IST mapping. Enable MST on the Cisco switch. MST copies the port state from the IST. Configuring Multiple Spanning-Tree Use the following procedure to configure Multiple Spanning-Tree (MST) (802. Use the following commands to set the configuration and the revision number: ● set spantree MST configuration name <name> ● set spantree MST configuration revision <revision-number> Instances 1 to 15 operate only within the MST region.openssl. HTTPS mode is supported only for Cisco VPN 3000 Series Concentrators.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter0 9186a008015ce28. and other MST regions to form a loop-free topology. must be configured. another spanning-tree protocol. Step 3. This document is Cisco Public Information. Define the VLAN-to-instance mappings. Step 2. to put VLANs 1 to 10 and 20 into instance 10. access the following URL: http://www. which communicates with the other spanning-tree protocols. If any of these three fails. To enable HTTPS mode in a VPN 3000 concentrator. Inc.20 By default. All rights reserved. Use the set spantree mode mst command to set the spanning tree mode on the switch to MST.Deployment Guide The Secure HTTP (HTTPS) feature provides the capability to connect to the Cisco IOS HTTPS server securely. Step 4 Commit the MST configuration to apply it on the switch. All contents are Copyright © 1992–2008 Cisco Systems. the port will be flagged as a boundary port. Note: Mapping a VLAN to an instance does not take effect until the configuration is committed. Use the following command to map VLANs to an instance: set spantree MST instance vlan <vlans> For example. Use the following command: set spantree MST config commit 1 This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.cisco. MST configuration name. Step 4. all VLANs are mapped to instance 0. such as Per-VLAN Spanning-Tree + (PVST+). you would enter this command: set spantree MST 10 vlan 1-10. On the boundary of the MST region.html#999607. Note: Before you can disable MST. and MST revision number.org/.

36864. 4096. This document is Cisco Public Information. To set the bridge ID priority. 49152. use this command: set spantree portcost 2/12 22222222 Step 4. You can set the bridge ID priority for an MISTP instance when the switch is in MISTP or MISTP-PVST+ mode. ● When using the short method for calculating port cost. You can set 16 possible bridge priority values: 0. Configure the MISTP port priority. 28672. Step 1. the port with the lowest port number forwards frames. use the set spantree MST rollback force command. You can configure the port cost of switch ports. use the following command: set spantree portpri 2/12 40 All contents are Copyright © 1992–2008 Cisco Systems. The default cost differs for different media. Inc. and 61440. The bridge priority value is combined with the system ID extension (that is. Configure the MISTP bridge ID priority. To set the spanning-tree mode on the switch to MST. 40960. the possible port cost range is from 1 to 200000000. Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. All rights reserved. 8192. To set the port cost. ● When using the long method for calculating port cost. 20480. 45056. 24576.com/warp/public/473/123. the default is 32. the ID of the MISTP instance) to create the bridge ID priority. The possible port priority values are from 0 to 63. Configure the MISTP port cost.Deployment Guide ● If you find that you need to discard all edits made since the last commit. 16384. For related configuration information. To set the port priority. the possible cost range is from 1 to 65535. Step 1 Enable MISTP on the switch. ● If you need to clear changes to the MST configuration made by someone else using another session. refer to the following URL: http://www. 57344. use the set spantree MST rollback command. Page 15 of 64 . Configuring Multiple Instance Spanning-Tree Use the following steps to configure Multiple Instance Spanning-Tree (MISTP). 32768. If all ports have the same priority value. use this command: set spantree mode mistp Step 2.cisco. 12288.html. 53248. You can configure the port priority of switch ports. The port with the lowest priority value forwards frames for all VLANs. use this command: set spantree priority 8192 mistpinstance 1 Step 3. The ports with lower port costs are more likely to be chosen to forward frames.

you can enter one of 16 bridge priority values: 0. 36864. Enable PVST+ on the switch. The port with the lowest priority value forwards frames for all VLANs. 45056. Configure the PVST+ bridge ID priority. you can enter a bridge priority value between 0 to 65535. To set the spanning tree mode to pvst+. 20480. or 61440. You can configure the port priority of switch ports in PVST+ mode. When the switch is in PVST+ mode without MAC address reduction enabled. use the following command: set spantree portcost 2/3 12 Step 4. To set the port cost. The VLAN bridge ID priority is then set to that value. the possible port cost is from 1 to 200000000. 49152. it has the ability to load balance traffic (at Layer 2) by forwarding some VLANs on one trunk and other VLANs on another trunk without causing a Spanning Tree loop. PVST+ is an enhancement to the 802. 57344. This document is Cisco Public Information. To set bridge ID priority. The ports with lower port costs are more likely to be chosen to forward frames. The bridge ID priority is the priority of a VLAN when the switch is in PVST+ mode. To configure Per-VLAN Spanning Tree+. 4096. 12288. The default is 32. 28672.1Q trunking technology rather than ISL. The bridge priority is combined with the system ID extension (that is. 32768. enter this command: set spantree priority 30000 1 Step 3. ● When using the long method for calculating port cost. 53248. the port with the lowest port number forwards frames. Configure PVST+ port priority.1Q specification and is not supported on non-Cisco devices. All contents are Copyright © 1992–2008 Cisco Systems. The default cost differs for different media. All rights reserved. Page 16 of 64 . enter this command: set spantree mode pvst+ Step 2. the possible port cost is from 1 to 65535. 16384. Since PVST +treats each VLAN as a separate network. follow these steps: Step 1. 8192. The possible port priority value is 0 to 63.Deployment Guide Configuring Per-VLAN Spanning Tree+ Per VLAN Spanning Tree Plus (PVST+) maintains a spanning tree instance for each VLAN configured in the network and allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs. Configuring PVST+ port cost You can configure the port cost of switch ports. the ID of the VLAN) to create the bridge ID priority for the VLAN. If all ports have the same priority value. 40960. 24576. Inc. When the switch is in PVST+ mode with MAC address reduction enabled. It uses 802. Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. ● When using the short method for calculating port cost.

com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac.VLAN basis in PVST+ Port VLAN cost Same as port cost but configurable on a per.cisco. Default PVST+ Configuration Values for Catalyst 6000 Switches Feature Default Values VLAN 1 All ports assigned to VLAN 1 Enable state PVST+ enabled for all VLANs MAC address reduction Disabled Bridge priority 32768 Bridge ID priority 32769 (bridge priority plus system ID extension of VLAN 1) Port priority 32 Port cost ● Gigabit Ethernet: 4 ● Fast Ethernet: 191 ● DFFI/CDDI: 10 ● Ethernet: 1002 Default spantree port cost mode Short (802. Inc.htm ● Spanning Tree Protocol Problems and Related Design Considerations: http://www.shtm l ● Configuring Spanning-Tree Bridging for the Cisco Catalyst Switch: http://www.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_ch apter09186a00801ee706.Deployment Guide To set port priority.1s MST: http://www. All rights reserved. VTP is a CiscoAll contents are Copyright © 1992–2008 Cisco Systems. This document is Cisco Public Information.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/spantree.html#71577 Default Values for PVST+ Configuration Table 1 shows the default PVST+ configuration values in Cisco Catalyst 6000 devices. the VLAN is distributed through all switches in the domain.VLAN basis in PVST+ Maximum aging time 20 seconds Hello time 2 seconds Forward delay time 15 seconds Configuring VLAN Trunk Protocol (VTP) Virtual LAN (VLAN) Trunk Protocol (VTP) reduces administration in a switched network. Page 17 of 64 . This reduces the need to configure the same VLAN everywhere.cisco.cisco.com/en/US/products/hw/switches/ps679/products_configuration_guide_cha pter09186a008007eeeb.cisco.10 Trunks: http://www.com/en/US/tech/tk828/technologies_white_paper09186a008015a8ad. When you configure a new VLAN on one VTP server.s html ● Configuring FDDI 802. use this command: set spantree portpri 2/3 16 For More Information on the Spanning Tree Protocol The following links provide more information on Spanning Tree Protocol setup and recommendations. Table 1.1D) Port VLAN priority Same as port priority but configurable on a per.html ● Financial Services Design for High Availability: http://www.cisco. ● Configuring STP and IEEE 802.

VTP versions 1 and 2 are not compatible. General suggestions for enterprises preferring a cautious approach may include making use of VTP Transparent or VTP off (Catalyst OS 7. and delete VLANs via the topology services application. This section is included for reference purposes only. ● Client: Switch will synchronize VLAN configuration with advertisements received from VTP servers. but will forward advertisements to neighbors. and forward advertisements to neighbors. This document is Cisco Public Information. All contents are Copyright © 1992–2008 Cisco Systems. Page 18 of 64 . Discovering VLANs established on a switch using VTP Transparent mode is supported from Campus Manager 3. ● Transparent: Switch will not participate in VLANs advertised by server. The description of the modes is as follows: ● Server: Switch will maintain and communicate VLAN settings to all other switches in the VTP domain.1. Spanning tree is not a poor protocol—it’s the protocol’s defaults that are not ideal. and they cannot both run in the same domain. which is the automatic extension of VLANs of all switches in a domain. (The old restriction of requiring at least one server in a VTP domain to identify VLANs has been removed. All rights reserved. Though some of these risks can be reduced by VTP Authentication. VTP’s major benefit of providing uniform VLAN creation across multiple switches may be outweighed by the drawbacks of the same thing it’s supposed to simplify. Inc.Deployment Guide proprietary protocol that is available on most of the Cisco Catalyst Family products. VTP must be configured on all switches in order to manage VLANs via Campus Manager. Another major risk of the VTP client/server model is the possibility of new server versioning overriding the existing VTP Server and deleting VLANs unknown to the new master server from all switches within that domain.) Then Campus Manager can be used to view. at least one switch in each VTP domain must be defined as a VTP server in order for Campus Manager to create VLANs in that domain. VTP v2 must be used on Token Ring networks. modify. A VTP domain must be established and the VTP mode must be defined on each device. instead of the command line. Note: This protocol should be enabled and configured as part of the overall network design. create. Each switch can be in only one VTP domain: set vtp domain <name> set vtp mode <client | server | transparent> set vtp v2 <enable | disable> Note: The set vtp v2 command is required for Token Ring networks. To set a VTP domain and the mode on a Cisco Catalyst switch. In addition. VTP is used to configure and communicate VLAN settings across multiple switches. Any VLANs configured on a transparent switch will be local to that switch only. This does pose the risk of unenforced STP and its issues cross multiple switches. Best Practice Recommendations The campus best practice recommendations emphasize campus stability and predictability (especially for protocols such as STP). use the following commands.x) instead of the typical VTP server/client model.

In order to perform trunking. For example: set trunk 2/1 on 2-10 For more information. and the Inter-Switch Link (ISL) or IEEE 802. use the following command: set trunk <module/port> on [vlans] This establishes the specified module/port as a trunk port and enables the ISL protocol. IEEE 802. IEEE 802. To enable trunking on a Catalyst Switch port. You can use the optional vlans parameter to specify a specific range of VLANs to be allowed across the trunk (valid ranges are from 1 to 1005). All rights reserved. go to “Understanding and Configuring VLAN Trunk Protocol (VTP)”: http://www. This document is Cisco Public Information. ISL is a Cisco proprietary protocol used to combine traffic from multiple VLANs over one link. Inc. between two switches or a switch and a router. All contents are Copyright © 1992–2008 Cisco Systems. Enabling Trunking on Catalyst Switch Ports This protocol should be enabled and configured as part of the overall network design.1Q must be used on Token Ring networks.Deployment Guide Trunk Clearing. the added complexity of these is not really worth it. Trunking is a method of carrying traffic for multiple VLANs over the same link. and VTP Pruning. ports on each side of the link must be set to trunk ports.html.1Q protocol must be enabled. Page 19 of 64 . This section is included for reference purposes only.1Q is the industry-standard protocol for performing the same function.cisco.com/warp/public/473/21. thus extending the VLANs across the network.

English and Japanese versions of the Windows and Solaris operating systems. device configurations. or preferably. Recommended Solaris Disk Layout The following layout for the Solaris disk is recommended: ● /opt/CSCOpx partition This partition holds application executables. All rights reserved. Inc. The size grows in proportion to number of devices. amount of availability data. ● /var/adm/CSCOpx partition This partition holds log files. on a separate disk. RME. and the number of syslog messages. Page 20 of 64 . software images. ANI. 1 To verify the amount of available disk space in each of the specified partitions and directories. Backup partitions need to be large enough to store all application databases (for example. software images. and user accounts. The growth of the partition depends on the number of archived configurations. enter: df –k at the command prompt. Component Recommended Server Requirements for Solaris Systems Recommended Server System Requirement ● Sun UltraSPARC IIIi or Sun UltraSPARC IIICu for Restricted license ● Dual Sun UltraSPARC IIIi or dual Sun UltraSPARC IIICu for Unrestricted license CPU ● Sun UltraSPARC IV ● 2 GB for Restricted license ● 4 GB for Unrestricted license RAM Software Solaris 8 (Solaris 2. Backup Recommendations Cisco recommends that you store backups on a separate partition. Table 2.S. Cisco LAN Management Solution 2.6 Installation Requirements Cisco LAN Management Solution installation is supported in the U. libraries. Solaris OS Installation Requirements This section discusses the LMS requirements to install on the Solaris operation system. and the number of software images. Cisco also recommends that you verify all backups that may be needed in the future. This partition must be large enough to handle the biggest SWIM job. This document is Cisco Public Information.) as well as device configurations. and exported reports. and database files. DFM.8) and Solaris 9 (Solaris 2. ● /tftpboot partition This partition holds configurations and software image images as they are downloaded from or uploaded to devices. The backup partition should allow for multiple revisions. All contents are Copyright © 1992–2008 Cisco Systems.9) Disk Space 20 GB or more free space for LMS applications and data Swap Space ● 4 GB swap space for Restricted license ● 8 GB swap space for Unrestricted license • UNIX file system recommended1 We recommend that you set swap space to twice the size of RAM. verbosity of debugs.Deployment Guide 3.

8 GHz Intel Xeon processor for Unrestricted license RAM ● 2 GB for Restricted license ● 4 GB for Unrestricted license Software1 2 3 Any one of the following: • Windows 2000 Professional with Service Pack 44 ● Windows 2000 Server with Service Pack 4 ● Windows 2000 Advanced Server with Service Pack 4 ● Windows Server 2003 Standard and Enterprise Editions with Service Pack 1 ● Windows 2003 R2 Server Standard and Enterprise Editions LAN Management Solution 2. 4 To verify the Service Pack version on Windows. Install Device Fault Manager 2. but there might be problems in the functionality of CiscoWorks.6 applications on a system with Terminal Services enabled in Remote Administration mode is supported. The file system field appears in the General tab of the Properties dialog box. Install Campus Manager 4. Step 5.3.3. then enter winver. Step 2. 3 Installation of LMS 2. There is no need to follow the order recommended above if you are installing just one application in the CiscoWorks machine.6 on a FAT file system. 2 If you are using LMS 2. right-click the drive and select Properties from the popup menu. Do not install LMS 2. All rights reserved.6 on an NTFS file system. Page 21 of 64 .com/support/processors/sb/CS-017343. Step 3. Note: The only requirement is to install CiscoWorks Common Services 3. installation of LMS 2. Step 6.8 GHz Intel Pentium 4 or dual 2. To verify the file system.6 on a system with Internet Information Services (IIS) enabled is not supported. Install Internetwork Performance Monitor 2.6 Update.See http://www.0.htm. Recommended Server Requirements for Windows Systems Table 3. open My Computer on the Windows desktop. Install Resource Manager Essentials 4. However.6 supports only the US English and Japanese versions of these operating systems.6 on a Windows 2000 operating system (all versions). 1 Installation of LMS 2. Set the default locale to US-English for the US-English version and Japanese for the Japanese version.8 GHz Intel Pentium 4 or 2. disable Hyper-Threading Technology (HTT).6 applications on a system with Terminal Services enabled in Application mode is not supported.8 GHz Intel Xeon processor for Restricted license ● Dual 2.3.6 applications. Inc. select Start > Run.6. All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide Windows OS Installation Requirements This section discusses the LMS requirements to install on the Windows operation system. IIS Service must be disabled on the server before installing the LMS 2.0.intel. Step 1.0.0. This document is Cisco Public Information. Install the LMS 2.3 before installing any other application. Recommended Order for Installing LMS Applications The recommended order for installing LMS applications is as follows.0.3. Step 4. 5 Install LMS 2. Component Recommended Server System Requirement CPU ● 2. Installation might proceed in other locales. Disk space Swap space 20 GB or more free space for LMS applications and data ● 4 GB virtual memory for Restricted license ● 8 GB virtual memory for Unrestricted license • NTFS file system5 required We recommend that you set virtual memory to twice the size of RAM. Install CiscoWorks Common Services 3.

RME Server Internal TCP 49 TACACS+ and ACS CiscoWorks Common Services. CiscoView Client to Server TCP 443 CiscoWorks HTTP server in SSL mode CiscoWorks Common Services Sever Internal TCP 514 Remote Copy Protocol CiscoWorks Common Services Server to Device TCP 1683 Internet Inter-ORB Protocol (IIOP) CiscoWorks Common Services. and DFM Server to ACS TCP 80 HyperText Transfer Protocol (HTTP) CiscoWorks Common Services. and RME Server to Device TCP 25 Simple Mail Transfer Protocol (SMTP) CiscoWorks Common Services (PSU). Table 4. such as OGS. Device and Credential Repository (DCR) CiscoWorks Common Services Server Internal TCP 40401 LicenseServer CiscoWorks Common Services Server Internal All contents are Copyright © 1992–2008 Cisco Systems. and CM Server to Client TCP 1741 CiscoWorks HTTP Protocol CiscoWorks Common Services. CM. Page 22 of 64 . and CM Client to Server TCP 1684 IIOP CiscoWorks Common Services. CiscoView. This document is Cisco Public Information. and DFM Server to Device TCP 22 Secure Shell (SSH) CiscoWorks Common Services and RME Server to Device TCP 23 Telnet CiscoWorks Common Services.Deployment Guide Ports Used by LMS Applications The following table lists the ports used by the various CiscoWorks components. Inc. LAN Management Solution Port Usage Protocol Port Number Service Name Application(s) Direction (of Establishment) of Connection ICMP 7 Ping RME. CiscoView. and RME Client to Server TCP 1783 IIOP for IPM Gatekeeper IPM Client to Server TCP 1784 IIOP for IPM Gatekeeper IPM Client to Server TCP 8088 HIOP CiscoWorks Common Services Server to Client Client to Server TCP 8898 Log Server DFM TCP 9007 Tomcat shutdown CiscoWorks Common Services Server Internal TCP 9009 Ajp13 connector used by Tomcat CiscoWorks Common Services Server Internal TCP 9088 HIOP port for IPM IPM gatekeeper Server Internal Server to Client Client to Server TCP 9191 HIOP port for IPM Gatekeeper IPM Server Internal TCP 9192 IIOP port for IPM Gatekeeper IPM Server Internal TCP 9193 IIOP port for IPM Gatekeeper IPM Server Internal TCP 9194 HIOP port for IPM Gatekeeper IPM Server Internal TCP 15000 Log server DFM Server Internal TCP 4005040070 CSTM ports used by CS applications. All rights reserved. CM. RME.

JRun Server Manager Control Server CiscoWorks Common Services Server Internal UDP 69 Trivial File Transfer Protocol (TFTP) CiscoWorks Common Services and RME Simple Network Management Protocol (SNMP) CiscoWorks Common Services. Inc. and DFM UDP UDP 161 162 Server to Device Device to Server Server to Device Device to Server Server to Device Device to Server UDP 514 Syslog CiscoWorks Common Services and RME Device to Server UDP 9000 DFM trap receiving (if port 162 is occupied) DFM Client to Server UDP 9002 DFM trap listening DFM Client to Server UDP 14004 Lock port for ANI Server singlet on check CM Server Internal UDP 16236 UT Host acquisition CM Device to Server UDP 42342 OSAGENT CiscoWorks Common Services Server Internal (Common Services) UDP 42350 Event Services Software (ESS) (Alternate port is 44350/udp) CiscoWorks Common Services All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide TCP 42340 CiscoWorks Daemon Manager Tool for Server Processes CiscoWorks Common Services Server Internal TCP 42344 ANI HTTP Server CiscoWorks Common Services Server Internal TCP 42351 Event Services Software (ESS) Listening (Alternate port is 44351/tcp) CiscoWorks Common Services Server Internal TCP 42352 ESS HTTP (Alternate port is 44352/tcp) CiscoWorks Common Services Client to Server TCP 42353 ESS Routing (Alternate port is 44352/tcp) CiscoWorks Common Services Server Internal TCP 43441 CMF Database CiscoWorks Common Services Server Internal TCP 43455 RME Database RME Server Internal TCP 43443 ANIDbEngine CM Server Internal TCP 43445 Fault History Database DFM Server Internal TCP 43446 Inventory Service Database DFM Server Internal TCP 43447 Event Promulgation Module Database DFM Server Internal TCP 4350043530 CSTM Port for DFM DFM Server Internal TCP 44341 IPM Database IPM Server Internal TCP 44342 IPM Name Server (OSAGENT) IPM Client to Server (Applicable to IPM standalone client) TCP 4700047040 CSTM Port for RME RME Server Internal TCP 5500055020 CSTM Port for Campus Manager CM Server Internal TCP 57860 JRun . and DFM SNMP Traps (Standard Port) CiscoWorks Common Services. This document is Cisco Public Information. Server Internal Page 23 of 64 . CiscoView. All rights reserved. CM. RME.

com.com. The LMS installation program prompts you to enter the license file. Table 5. LMS will run normally.0. You may obtain and install your license key at any time while you are working on LMS. Licensing Terminology Licensing Term Description Product Identification Number (PIN) The PIN is printed on the software claims certificate. you will receive a license file.Deployment Guide Licensing Terminology and Process3 The section describes the LMS 2. Inc. If the licensing information is provided during the installation of the first LMS application. you need not register the product during the 90-day evaluation period. If you are a registered user of Cisco. Use the PAK to get a license from Cisco. You need to provide your PAK to receive your license file. This document is Cisco Public Information. All rights reserved. If a PIN only is entered. use this site to get your license file: http://www. not necessarily only at the time you install the product.com/go/license/public.cisco. If an authenticated license cannot be obtained during installation. use the PIN to proceed with the installation. get your license file from: http://www. The LMS installation program prompts you to enter the PIN during installation. Product Authorization Key (PAK) The PAK is printed on the software claims certificate. ● The first LMS application you install will prompt you to provide the LMS licensing information.com. All contents are Copyright © 1992–2008 Cisco Systems. then it need not be provided during the installation of the other applications.com. Page 24 of 64 . License File When you register your LMS purchase on the product licensing area of Cisco.com/go/license If you are not a registered user of Cisco. you will not be prompted to register your PIN/PAK during the process.cisco. or the PIN and PAK.6 software-based product registration and license key activation terminology and technologies. Licensing Items of Note ● When you first install CiscoWorks Common Services 3. ● If you have received LMS as an evaluation copy. but you will be periodically be reminded to complete the license process.

RME is in Auto Synchronize mode. ● Internetwork Performance Monitor (IPM): IPM source and data collectors can be set up after DCR has been populated. delete and credential updates) from DCR. Deselect the Synchronize with Device Credential Repository option. From Resource Manager Essentials. All rights reserved. ● Campus Manager (CM): CM by default is in Auto Synchronize mode. choose Administration > Device Management. To disable Auto Synchronize mode in RME: a.6 Server This chapter will guide you through the initial setup of the LAN Management Solution server. b. delete. In Auto Synchronize mode. unless filters (such as IP address range or VTP domain) have been set up to override the application mode. the LMS applications will automatically get device updates (device add. DFM is also set up in an Auto Synchronize mode. Device Fault Manager. Hence all devices added in DCR will automatically be managed in CM. Page 25 of 64 . Inc. Application Mode Settings in LMS Applications Application mode settings are available in LMS applications to help control the flow of device and credential information to the applications from the Device Credential and Repository (DCR). ● Device Fault Manager (DFM): By default.Deployment Guide 4. To disable Auto Synchronize mode in DFM: a. The two LMS application modes are: ● Manual mode ● Auto Synchronize mode In Manual mode. the applications may do data collection. Then deselect the Automatically Manage Devices from Credential Repository option. ● Resource Manager Essentials (RME): By default. choose Device Management > Device Selector. All devices added in DCR will automatically be managed in DFM. Note: Please note that you must specify the application mode in each of the applications user interfaces. b. In response to the device updates. and fault monitoring on the modified devices. performance monitoring. Devices imported into Device Credential Repository (DCR) will be automatically added in RME. From the Device Fault Manager. This chapter also provides information on the default settings in the applications and how to update the application settings for easier management of devices across the LMS server. All contents are Copyright © 1992–2008 Cisco Systems. This document is Cisco Public Information. Resource Manager Essentials and Internetwork Performance Monitor) will not automatically get device updates (device add. The application mode in CM cannot be disabled. the LMS applications (Campus Manager. and credential updates) from DCR. Initial Setup of the LAN Management Solution 2.

Select View/Edit Preferences from the Table of Contents. Manual mode should be enabled. Note: For secure communication between the server and a device. To set up protocol ordering for Config Management: Step 1. Page 26 of 64 . This document is Cisco Public Information. From Resource Manager Essentials. choose Administration > Config Management. and NetConfig jobs to download configurations and to fetch configurations. Step 2. Network administrators can assign the protocols to be used in RME for Configuration Management and Software Management. Use the Add and Remove buttons for selecting the protocol order. and NetConfig. Config Editor. Protocol Setup RME also uses various protocols for configuration and software management. To order the Software Management protocol: Step 1. Step 3. use SSH. If Auto Synchronize mode is enabled for RME to get devices from the DCR. then click Apply. User intervention is required to select dissimilar set of devices to be managed by the two RME servers. Step 2. Step 3. All rights reserved. All contents are Copyright © 1992–2008 Cisco Systems. two instances of RME installed in two different servers can be managing the same set of devices.Deployment Guide Note: For easier management of devices across all LMS applications. Configuration Management You can set the protocols and order for Configuration Management applications such as Archive Management. Config Editor. When multiple CiscoWorks servers are installed and a large number of devices are to be managed between the CiscoWorks servers. Select the desired application from the Application Name drop-down list. Inc. The available protocols are: ● Telnet ● TFTP (Trivial File Transport Protocol ● RCP (Remote Copy Protocol) ● SSH (Secure Shell) ● SCP (Secure Copy Protocol) ● HTTPS (Hyper Text Transfer Protocol Secured) Set Up Protocol Ordering Protocol ordering can be set up for these configuration applications: Archive Management. Click Software Mgmt. Select the protocol order by clicking Add or Remove. it is advisable to leave Auto Synchronize mode enabled.

Step 3. All rights reserved. until Software Management finds a transport protocol for downloading the images. every CiscoWorks server needs to have a peer server account set up. To define the protocol order that Software Management has to use for software image download: Step 1. Create the System Identity user as described in the previous section. Software Management uses the first protocol in the list.Deployment Guide Software Image Management Software Management downloads software images based on the protocol order specified. ● Secure browser client communication to the server. Edit the necessary details. If the first protocol in the list fails. Setting Up the System Identity User To view the System Identity User default settings or to change the default settings: Step 1. define the protocol order. these jobs use the second protocol and so on. Setting Up a Peer Server Account If a CiscoWorks server has to exchange information (such as device credentials) with other CiscoWorks servers. The supported protocols are: RCP. Setting Up Security By integrating with the Cisco Secure ACS server. Step 3. To set up a peer server account: Step 1. Step 2. In the View/Edit Preferences dialog box. Use the Add and Remove buttons for selecting the protocol order. LMS 2. SCP and HTTP. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. Step 2. A peer server account should have the System Identity user information of other CiscoWorks servers. TFTP. choose Administration > Software Mgmt > View/EditPreferences. Page 27 of 64 . This document is Cisco Public Information. Peer server accounts can also be used for providing access to a third-party application to access the CiscoWorks server and authenticate and authorize it. All contents are Copyright © 1992–2008 Cisco Systems. Certificate Setup Every CiscoWorks server needs to have a System Identity user set up for system processes to use while performing background tasks that are not user initiated. A system identity user is set up by default when the CiscoWorks server is installed. From Resource Manager Essentials. While downloading the images. Select the System Identity Setup link. Step 2. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. Create a peer server account as described here and provide the credential information to the third-party user.6 provides the following security features: ● Secure the user access to devices. Inc. Step 3. Select the Peer Server Account Setup link.

a. Step 2. follow these steps: Set Up the System Identity and Peer Server Account Users in the LMS Server To ensure that the System Identity User is set up: Step 1. navigate to User Setup. Set Up the ACS Server To set up the Access Control Server. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. Log in to the ACS Server. create a peer server account for this purpose because the third-party applications do not need to know the System Identity Setup credentials. Step 7. PIX Firewall. Common Services provides a way to configure secondary and tertiary ACS servers to support redundancy. AAA Client Model Common Services 3. Step 5. or router. All contents are Copyright © 1992–2008 Cisco Systems. Specify a secret Key. All rights reserved. For the Authentication method. from the Network Configuration menu. Add a System Identity User as a registered user in the ACS Server. Step 2. Step 3. If there are third-party applications integrating with the LMS server. Make sure that the System Identity users of the other CiscoWorks servers are created. Step 6. To add the CiscoWorks LMS server(s) as AAA client(s) of the ACS server. Step 4. Step 3. Inc. Setting up the Cisco Secure Access Control Server Cisco Secure Access Control Server provides authentication. choose TACACS+. choose Add Entry. authorization. Assign the CiscoWorks LMS server(s) to a new NDG group.Deployment Guide Step 4.0 integrates with ACS server to leverage the AAA functionality for restricting user access to devices. To create a new NDG group. This document is Cisco Public Information. choose Add Entry. Page 28 of 64 . To do this. Select the System Identity Setup link. such as a network access server. Integrating LMS Servers with ACS To integrate LMS servers with ACS. Figure 3. follow these steps: Step 1. Figure 3 shows the AAA client model. and accounting (AAA) services to network devices that function as AAA clients. from the Network Configuration menu. Provide the IP address and host name of the CiscoWorks LMS server(s) that you are going to set up. Step 8.

Enter the username.Deployment Guide b. Note: The same procedure must be done to add any other peer server username (especially the user created for third-party applications) to the ACS server. Step 5. The only difference between this setup and the peer server user setup is that the peer server username need not be assigned an Administrator privilege to the NDG group. Step 4. enter the password for the user. you will learn how to assign a System Administrator privilege to the User Group on the Device Group to which the LMS server is assigned. Browse to the applications CiscoWorks. All rights reserved. Note: Make sure the user is created with the same password as the password specified for the LMS servers. Select the User Group. To configure Common Services to be in ACS login mode. To configure the System Identity User in the ACS server. then click Add/Edit. Step 2. Step 4. follow these steps: Step 1. then click Submit (located on the lower frame). enter either the net stop crmdmgtd command or the net start crmdmgtd command. and Shared Secret Key Note: These values for these fields must be the same as the values entered in the ACS server.d/dmgtd start command. This document is Cisco Public Information. CiscoView. ● If using a Solaris server. Add the group to Default Group. and provide System Administrator privilege for the device group containing the LMS server. Resource Manager Essentials. c.d/dmgtd stop command or the /etc/init. follow these steps: Step 1. Enter the primary ACS server IP address. Page 29 of 64 . All contents are Copyright © 1992–2008 Cisco Systems. enter the /etc/init. Step 3. Step 9. Configure the System Identity User in the ACS Server In this procedure. Step 3. Set Up the LMS Server to Communicate with the ACS Server To set up the LMS server to communicate with the ACS server. Click Edit Settings. Log in to LMS server. Restart the LMS server. Note: The System Identity User is quite unique and not the same as any other user created in the ACS server. choose Server > Security > AAA Mode Setup > Select ACS Type. ● If using a Windows server. Inc. Navigate to Common Services Panel in CiscoWorks Home Page. Step 2. Navigate to Group Setup. In the User Setup section. Device Fault Manager and CiscoWorks Campus Manager. ACS Admin User Name and Password.

Log in to the ACS server. Set up the Cisco Secure ACS server as described in “Setting Up the Cisco Secure Access Control Server” section on page 28. Step 1. Step 2. Step 3. User Groups and Assign Roles to Network Device Groups in the ACS Server To create Network Device Groups. Step 5. user groups. Put the LMS server(s) in ACS security mode Step 2. Create Network Device Groups. you can click CiscoWorks Common Services. follow these steps: Step 1. click Group Setup. then select an application that has tasks t1. To change the task to role mapping. For example. Log in to the ACS server. Setting Permissions for Performing Tasks on Devices If a Security Administrator wants to restrict a user to performing only a selected set of tasks (for example tasks t1. An ACS user can change the task to role mapping as required. Step 3. Click Shared Profile Components. t2 and t3. Choose the application for which you need to set the task to role mapping. Page 30 of 64 . Step 4.Deployment Guide Configure the ACS Server to Change Default Permissions and Task to Role Mapping (Optional) There are five default roles defined by CiscoWorks: ● System Administrator ● Network Administrator ● Network Operator ● Approver ● Help Desk These roles are by default assigned permissions to various tasks in CiscoWorks. click Group Setup. All rights reserved. then click Edit Settings. t2. then click Users in Group. To add users to User Groups. Add devices to the Network Device Group. Step 5. Inc. Step 2. Make sure that a role (for example Network Administrator) is available so that it has permissions to perform only the restricted list of tasks. Log in to the ACS server. then follow these steps. Step 4. click on a user role and change the tasks assigned to that role. click Shared Profile Components (in the navigation bar on the left). etc. To create Network Device Groups. All contents are Copyright © 1992–2008 Cisco Systems. Network Administrator. click Network Configuration (in the left navigation bar). and assign roles to those groups. To assign User Groups permissions (System Administrator. Step 1. Step 3.) on the various Network Device Groups. and t3) on a device in the LMS server. This document is Cisco Public Information.

Click Group Setup. then select the user group to which the user is assigned. one of the CiscoWorks servers acts as the SSO Authentication server or master and all other CiscoWorks servers act as the slave or SSO regular server. Notes ● HTTPS communication will work only after restarting the LMS server. SSL can be enabled on the server by going to Common Services > Server > Security > Single-Server Management.Deployment Guide Step 6. Step 2. Navigate to CWHP > Common Services > Server > Security > Multi Server Trust Management. Single Sign-On This task is optional and applicable in a multiple CiscoWorks server setup only. This document is Cisco Public Information. Step 1. Single Sign-on is the ability to log in into multiple computers or servers with a single action and the entry of a single password. All rights reserved. Inc. Enabling HTTPS on an LMS Server You can enable HTTPS on an LMS server to provide secure communication between the server and client. Select the Single Sign-on Setup link. The same link can be used to set up other CiscoWorks servers as slaves. for example. Step 3. Click Network Administrator and enable only the tasks t1. This is especially useful where. enter either the net stop crmdmgtd command or the net start crmdmgtd command. Page 31 of 64 . ◦ If using a Windows server. use https://server-url:1742. To setup Single Sign-on. Select Enable. ● Any link and/or application registration will work fine after you change the CiscoWorks security mode from http to https. Step 2. and assign the role Network Administrator to the user selected in the previous step. t2 and t3 are present. go to the application where the tasks t1. Choose the Master (SSO Authentication Server) mode. One of the CiscoWorks servers should be set up as the authentication server. Step 8. ● To restart the LMS server. a user on a LAN or WAN requires access to a number of different servers. Complete the security certificate setup described in the section above. ● To access the LMS server.d/dmgtd stop command or the /etc/init. Click Edit Settings. Step 3. and t3 for this role. Step 4. t2.d/dmgtd start command. Select Browser-Server Security Mode Setup. All authentication is done by the master server for any access to slave or master servers. follow these steps: Step 1. All contents are Copyright © 1992–2008 Cisco Systems. In SSO mode. Step 7. ◦ If using a Solaris server. enter the /etc/init.

6 The tasks described in Chapter 4. To enter a seed device.6 Server” should complete the initial configuration on the LMS server. page 34 Campus Manager Device Discovery Campus Manager has the ability to discover Cisco devices present in the network using Cisco Discovery Protocol (CDP). follow these steps: Step 1. Campus Manager populates the Device and Credentials Repository (DCR) with the list of discovered devices in the network. A core switch (or switches) should be the seed device because this device will have a lot of CDP neighbors and this hastens the discovery process. “Initial Setup of the LAN Management Solution 2. page 32 ● Bulk Device Import to Device and Credentials Repository. If CDP is enabled on your network. Device Discovery within Campus Manager uses seed devices to discover the network using CDP. Inc. Populating Devices in Cisco LAN Management Solution 2. Choose Administration. Note: Only the read community string needs to be entered in the SNMP Settings page. Page 32 of 64 . while the other is called Campus Data Collection. To populate SNMPv3. All rights reserved. Step 2. you can enter a single or multiple Seed Devices in Campus Manager. Note: A seed device should generally be core device. select the SNMPV3 radio button. you musts first initiate the Device Discovery process. Step 5. This document is Cisco Public Information. Step 4. Then select the SNMP Settings link.6. page 33 ● Device Credentials Update. In LMS 2. To gather the list of devices. Devices can be populated in the LMS server through one of the three tasks listed below: ● Campus Manager Device Discovery. click Apply on the SNMP Settings screen. Step 3. Defining a Seed Device in Campus Manager To define a seed device in Campus Manager. LMS is now ready to start importing devices for management. In the device discovery process. Information about the devices is fetched by Campus Manager only during the data collection process. After editing the SNMP strings. Hence to have the ability to discover devices using Campus Manager. All contents are Copyright © 1992–2008 Cisco Systems. Campus Manager processing has been partitioned into two separate processes: one of the processes is called Device Discovery. click the Discovery Settings link (under TOC). By default only the SNMPv2 read string is populated. CDP should be enabled on the network. Add or Edit the read community strings depending on the number of community strings configured in the network.Deployment Guide 5.

Page 33 of 64 .x installed in the same machine as the CiscoWorks server. This document is Cisco Public Information. click IP Address Range. select the Local NMS option. navigate through CWHP > Common Services > Device Management > Bulk Import.x or IBM Tivoli NetView 7.6. ● Local NMS Import To import devices from either HP OpenView Network Node Manager 6. To configure the address filters. You will have to provide the installation location of HP OpenView NNM 6.Deployment Guide Step 6. Step 7. devices in LMS would be populated only after Campus Manager Device Discovery has taken place. ● File Import Select the File option to import devices from a CSV or XML file. then it will be a member of the group /Device Type Groups/Unknown Device Type. all device credentials can be provided along with the device name and IP address. All rights reserved.x or IBM Tivoli NetView 7. All contents are Copyright © 1992–2008 Cisco Systems.x installed in a different machine from the CiscoWorks server. ● Remote NMS Option To import devices from either HP OpenView Network Node Manager 6. Step 8. If the imported device does not have a device type associated with it. This action triggers an immediate Device Discovery process. You can then assign a device type to the device by selecting the device in Device Management screen and clicking Edit.x. select the Remote NMS option.x or IBM Tivoli NetView 7. then click Apply. Bulk import into DCR can be done by one of the three formats listed below. Refresh the page to update the device discovery status and verify the number of devices discovered when in Idle state. The input file should have the format as specified in the online help. click the Go to Campus Administration link. Step 9. To verify the device discovery status. the importing devices is allowed only from a remote Unix NMS server or a remote Windows NMS server that supports the RSH protocol. Bulk Device Import to Device and Credentials Repository LMS also supports bulk import into the Device and Credentials Repository. All the devices discovered by Campus Manager should now be populated in the DCR. Address filters are available to either to discover or not discover devices in a particular network. Note: If the device discovery is scheduled. Inc. Note: In LMS 2. To do bulk device import. In this case. Configure the seed devices.

create groups of devices having the same credentials by going to CWHP > Common Services > Groups. which will by default select all the devices. Step 2. click Edit. Step 6. Page 34 of 64 . Adding Devices to RME From DCR If RME has not been set up in Auto Synchronize mode. Create groups underneath the CS@server-name/User Defined Groups. Step 3. then in the Device Management screen. click Next and enter up to four user-defined fields. Step 5. devices can be added into RME from the Device and Credentials Repository using either of following procedures: ● If all the devices added in DCR are also to be managed by RME. All applications within LMS should be populated with the imported devices. Additional information about the devices such as configuration files and software images on the network needs to be added. Select the devices under the All Devices group by checking the All Devices group. Click Next. if the devices have different credentials. populating the Cisco devices through Campus Manager Device Discovery is recommended. you can edit the credentials for these devices by selecting the groups to which the devices belong. Navigate to CWHP > Common Services > Device and Credentials > Device Management. device credentials other than the SNMP read credentials need to be entered in the Device and Credentials Repository. Going to the CiscoWorks Home Page and navigating to RME > Administration > Device Management > Device Management Settings. Inc. then click Finish. If you need to enter User Fields for devices. You can enable Auto Synchronization by: a. All rights reserved. Device Credentials Update To utilize the complete functionality of LMS. To perform credential update in DCR: Step 1. Note: If you have CDP enabled on your network. the Auto Synchronize option in RME should be enabled. Note: Don’t select any device in the screen that follows. Enter the device credentials.Deployment Guide Editing the Credentials for the Imported Devices Once the devices have been imported through the Local NMS or Remote NMS options. This document is Cisco Public Information. b. Step 7. ● If only a subset of devices available in DCR are to be managed in RME. Device Management Device discovery just populates devices in LMS. then click Edit. use the above step to Edit their credentials. Check Automatically Manage Devices from Credential Repository. Step 4. However. If all the devices have the same credentials. the Auto All contents are Copyright © 1992–2008 Cisco Systems.

To verify the type of device credentials to be checked. the initial configuration collection of devices would fail since the credentials (SNMP write. then select the Archive Management link. step through the verification process described in the following section. To do so. b. click Check Device Credential. Page 35 of 64 . and Device Fault Manager. Telnet/SSH) needed for configuration collection were not available in LMS. you would need to run the synchronize operation to collect the configuration files for the managed devices.Deployment Guide Synchronize option can be left turned off. Collecting Devices’ Startup and Running Config To collect the startup and running configuration of devices: Step 1. This document is Cisco Public Information. Check Device Credentials To check the device credentials: 1. 2. click View Credential Verification Report. Step 3. go to Config Management. All contents are Copyright © 1992–2008 Cisco Systems. To see the list of devices that failed the archive operation. select the devices under RME group. Step 2. This can be done only for the devices that failed the initial synchronize archive operation. Viewing Configuration Collection Status in RME You can view configuration collection status in RME by: a. Campus Manager. Check device credentials by going to Resource Manager Essentials > Devices > Device Management > Device Credential Verification. Check Fetch Startup Config. If the devices have been populated through Campus Manager Device Discovery or a third party NMS and if the Auto Synchronize option on RME was enabled. Resource Manager Essentials The following RME device verification tasks are described in this section: Confirm Configuration File Collection To confirm if the configuration files have been collected: 1. refresh the screen. To view the report and see if the device credentials are correct. All rights reserved. 2. click the Number of Failed Devices link. To verify job status. You must schedule a Sync Archive job. 3. Go to TOC > Sync Archive. Inc. To view the archive collection status or view the job details. To ensure that the applications are working properly. Verification of Device Import Status in LMS Applications This section describes the verification of device import procedures in Resource Manager Essentials. Since the credentials have been updated in LMS. Going to CWHP > Resource Manager Essentials > Config Management > Archive Management. Taking these steps should populate the managed devices in the server.

If you need to change the credentials on devices. Page 36 of 64 . All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide 4. This document is Cisco Public Information. ● Devices should be in status Known. Inc. All rights reserved. ● You can view the data collection status of a device under Data Collection. ● DFM Processing should be Active. click Edit Device Credentials. Campus Manager To get the current status of devices in Campus Manager: Navigate to CWHP > Campus Manager > Administration. Device Fault Manager To get the current status of devices in DFM: Navigate to CWHP > Device Fault Manager > Device Management > Discovery Status. ● You can find the discovery status of devices under Device Discovery.

Common Services Common Services provides an operating foundation that allows Cisco Works applications to share data and system resources. Step 2. then click Add Rule Expression and click Next. Select the Variable drop-down box. Step 4.Deployment Guide 6. In the Group Administration window. All contents are Copyright © 1992–2008 Cisco Systems. follow these steps: Step 1. or Internetwork Performance Monitor to launch tools pertinent to that application. It also provides a common desktop for launching Cisco Works applications and centralizes login. Enter a group name and click Next. Select an operator and value that matches the device value in DCR. then click Create. Step 7. This document is Cisco Public Information. The Variable field offers four possible values: user_defined_field_0. Click Next. Inc. Periodic updates to Cisco Works Common Services are made available for download. Creating User Defined Groups Grouping devices in Common Services is used to create user-defined groups based on the User Defined field defined by DCR for the devices. click Finish. user_defined_field_2.cisco. These groups can then be used by Resource Manager Essentials. user role definitions. Server Administration in Cisco LAN Management Solution 2. Please note that the DCR Master/Slave mode is also backed up. and access privileges. Step 6. All the devices that match the criteria are shown in the right panel. Step 8. To create the new group under /CS@server-name/User Defined Groups.ht ml. All rights reserved. Backing Up LMS Data Cisco recommends that the backup data should not be stored in the directory where LMS is installed (by default. under the NMSROOT directory in Windows or Solaris). and user_defined_field_3. Page 37 of 64 . To create user defined groups.6 This chapter deals with server administration and configuration settings to optimally utilize the resources of the server while also maintaining a current status of the network topology. please refer to the following documents: http://www. user_defined_field_1. select /CS@server-name/User Defined Groups from the group selector. Step 3. Navigate to CWHP > Common Services > Groups. Device Fault Manager. This newly created group can be accessed from any application screen in LMS. Step 5. Select the Group Admin link. Campus Manager. For installation and user guide documentation.com/en/US/products/sw/cscowork/ps3996/tsd_products_support_series_home.

pl operation in a Solaris server is given below. /tmp is the location of the backup directory. Step 3. This document is Cisco Public Information. Shutdown the daemon manager: ● For a Windows server: Execute the net stop crmdmgtd command. Step 2. Default TempDirectory for this Restore program: /opt/CSCOpx/tempBackupData Use -t TempDirectory to define your own temp directory.0. Inc.pl -h -d BackupDirectory Campus Manager In Campus Manager 4. All rights reserved. Navigate to CWHP > Common Services > Admin.Deployment Guide To backup LMS data: Step 1. Step 1.d/dmgtd stop command. Select the Backup link. ● For a Solaris server: Execute the /etc/init. /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup. Restore Program Help The Help on the restorebackup Perl script provides the following information: To run the restore command. Example Restore Operation (Solaris) An example of the restorebackup. Change directory to NMSROOT/bin. the command syntax is: /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup.pl. Log in to the LMS server. Step 3. ● TempDirectory: Temporary directory for the Restore program. The backup job can either be run immediately or be scheduled. Step 4. Restoring LMS Data Restoring LMS data can be done only via the command line interface. use the following command line: /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup.pl –d /tmp In the above command. Execute the script restorebackup. To see a list of the Backed Up generations available. Page 38 of 64 . the discovery mechanism can be categorized into the following three areas: ● Device Discovery ● Data Collection ● User Tracking Major Acquisition All contents are Copyright © 1992–2008 Cisco Systems.pl <-d BackupDirectory> [-gen GenerationNumber] [-t TempDirectory] [-help] ● BackupDirectory: Directory where the backup archive is present. Step 2. ● GenerationNumber: Generation to be restored. You can provide a backup directory name.

IP address filters help a user to define IP address ranges inside of which devices need to be discovered. so DNS lookup can be disabled. It populates the Device and Credentials Repository with the following discovered information: ◦ Host name ◦ Domain name ◦ Management IP address ◦ Display name ◦ sysObjectID ◦ SNMP credentials Discovering a device is not equivalent to managing the device in Campus Manager. Troubleshooting Device Discovery To troubleshoot device discovery: 1. To disable DNS lookup: 1. Optimizing Network Discovery To optimize the discovery of the network. All rights reserved. This document is Cisco Public Information. Under IP Address Range. ● Device Discovery determines the management IP address of the device. the following tasks can be performed. Check to see if the SNMP settings are correct for the devices to be discovered correctly. Uncheck the DNS Lookup checkbox. ● Devices in DCR and user-configured seed devices from Campus Manager are used by the device discovery process. Navigate to the Campus Manager Panel from CWHP > Campus Manager Administration > Reports > Discovery Reports. 2. Setting up IP Filters IP filters can be set if only certain subnets need to be discovered. click Configure. Navigate to Campus Manager Administration > Admin > Device Discovery > Discovery Settings. Page 39 of 64 . The following are some key facts about Device Discovery: ● Device Discovery performs Network Discovery using Cisco Discovery Protocol as the discovery mechanism. To set up IP filters: 1.Deployment Guide Campus Manager Device Discovery Device Discovery can be run on a predetermined schedule or initiated by an operator. Navigate to Campus Manager Administration > Admin > Device Discovery > Discovery Settings. Disabling DNS Lookup DNS lookup could be one potential area for device discovery to slow down. All contents are Copyright © 1992–2008 Cisco Systems. 2. 2. These IP address ranges typically fall inside the same subnet. Inc.

All contents are Copyright © 1992–2008 Cisco Systems. IP phones. 2. you can increase SNMP Timeout and Retry values. The following are some key facts about Campus Manager Data Collection: A list of devices and corresponding credentials in Device and Credentials Repository are used for data collection. the User Tracking module in Campus Manager can acquire data on end hosts. ● If data collection is done for a device count close to 5.conf file can be done only after the LMS server is shutdown. If the log file shows any SNMP timeout exceptions. In this file. Optimizing According to the Number of Devices ● When data collection is done for more than 5. User Tracking Module In addition to the Campus Manager data collection feature. the ANIServer process (Java based) reaches a threshold of 1. there is an entry for starting the ANIServer process.000 devices. Navigate to CWHP > Campus Manager > User Tracking > Admin > Acquisition. Initiate a UT Major Discovery. and subnets in the network.conf file is complete. ● Minor Acquisition: Polls the end hosts and IP phones to keep the User Tracking data current. Only devices in DCR are managed. Optimizing Data Collection To optimize the data collection for devices in the network. edit the file NMSROOT/objects/dmgt/dmgtd.024 MB. All rights reserved. There are two major types of acquisition in User Tracking: ● Major Acquisition: Collects data on end hosts. complete the following tasks: Setting IP Address or VTP Domain Filters You can set IP address or VTP domain filters by navigating to Campus Manager Administration > Admin > Campus Data Collection > Data Collection Filters. Cisco IP phones. Inc. Note: Any edits to dmgtd. To modify the heap size in the ANIServer. then it cannot be managed by Campus Manager. Page 40 of 64 . Change this string to -Xmx1280m. The filtering is based on either IP address or VTP domain.conf file.000.Deployment Guide 3. Cisco recommends you increase the heap size for the ANIServer from –Xmx1024m to –Xmx1280m. Modifying the heap size. Campus Manager Data Collection You can run Data Collection on a predetermined schedule or through operator action. You must restart the LMS server the edit to the dmgtd. This entry has a string -Xmx1024. This document is Cisco Public Information. and subnets. Initiating a UT Major Discovery 1. If a device is not in DCR. A filtering mechanism can be applied to manage a subset of devices found in Device and Credentials Repository.

Hierarchical groups are created on top of Topology groups. with their own default schedules. All rights reserved. Step 2. system jobs are created for both Inventory collection and polling. Ping Sweep on IP Addresses in a Subnet You can enable a ping sweep on all IP addresses in a subnet before starting a major acquisition. A periodic inventory collection job collects inventory data from all All contents are Copyright © 1992–2008 Cisco Systems. There is an option to exclude certain subnets from the ping sweep. Setting a Schedule for a Major Acquisition To set a schedule for running a major acquisition: 1. Purge Policies You can delete end hosts and IP phones from User Tracking either on demand or on a specified interval after major acquisition: Navigate to CWHP > Campus Manager > User Tracking > Admin > Acquisition > Delete Interval. then right-click /Campus@server-name/System Defined Groups. Then select the Schedule Acquisition link. Inventory Collection/Polling At the time of RME installation. Page 41 of 64 . Navigate to Campus Manager > User Tracking > Admin > Acquisition. Select the Topology Services link. Hierarchical Groups in Campus Manager Hierarchical groups help users to visualize the topology implemented for user-defined groups. Step 1. select Topology Groups. Resource Manager Essentials This section describes the LMS server administration tasks for Resource Manager Essentials. The three immediate subgroups are shown as maps. You can click on the maps and choose to show aggregate links between two maps. Step 3. This view shows the aggregate links between all devices contained inside those two maps. ● Use DNS to resolve host names: This is an option for resolving the host names. Select the Display View option. 2. In the window that opens up. Inc. ● IP phone acquisition on dot1q trunks for IOS switches: This is an option for fetching end hosts that are connected to a switch in Voice VLAN Setup. This document is Cisco Public Information. Navigate to CWHP > Campus Manager.Deployment Guide The following is the list of some important options that can be selected for a major acquisition: ● Enable User Tracking for DHCP environment: This is an option for tracking the end hosts in case the IP address changes. Step 4. Archives or jobs older than a particular date can also be purged: Navigate to CWHP > Campus Manager > User Tracking > Admin > Reports > User Tracking Purge Policy.

This document is Cisco Public Information. Note: The poller detects most changes in all devices. The default order of protocols used and the option to change the order can be accessed by navigating to Resource Manager Essentials > Administration > Config Mgmt. Configuration File Collection and Polling The configuration archive can be updated with configuration changes by periodic configuration archival (with and without configuration polling). This frees disk space and keeps your archive at a manageable size. no configuration is fetched. All rights reserved. The system provides a default order of protocols that will be used to fetch or deploy the configuration on the device. 2. The periodic polling polls all devices to check inventory changes and collects and updates the inventory database only if there is a change. You can enable this using Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Collection Settings. if there are no configuration changes detected in the devices. 1.Deployment Guide devices (devices in the “All Devices” group) and updates inventory database. Select Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Collection Settings. Page 42 of 64 . with much less impact on your network and on the LMS server. Note: A scheduled collection and polling are disabled by default as the customer’s network may have sporadic bursts of traffic and the NMS should not take up the existing bandwidth. It is best for the customer to select the periodic collection and polling. You can purge configurations based on two criteria: All contents are Copyright © 1992–2008 Cisco Systems. ● Default Protocols used for Configuration Fetch and Deploy Many protocols are used for performing a configuration fetch and deploy. Purge Policies Configuration Management You can specify when to purge archived configurations. You can modify how and when the configuration archive retrieves configurations by selecting one or all of the following: ● Periodic Polling Configuration archive performs a SNMP query on the device. The System Job Schedule dialog box displays the current collection or polling schedule. Select one or all the options. change the values and click Apply. navigate to Resource Manager Essentials > Administration > Inventory > System Job Schedule. Inc. The default (out of the box) periodicity of the collector job is once a week and the default (out of the box) periodicity of the poller job is once a day. ● Periodic Collection Configuration is fetched without checking for any changes in the configuration. To change the default settings. The order of protocols that are used can be re-arranged or some protocols can be removed from the list if it is not relevant to your network.

will be purged. Click Apply. 2. for further processing. when the eleventh version of a configuration is archived. To delete the labeled configuration files. Page 43 of 64 . Click Purge versions older than. weeks. and the status of each filter—Enabled. Defining Message Filters You can exclude messages from Syslog Analyzer by creating filters. ● The maximum number of versions of each configuration to keep. the purging jobs are disabled. by selecting either Drop or Keep. All rights reserved. The purged labeled files will be deleted only if it satisfies these conditions Maximum versions to retain and Purge versions older than. Only the records older than the number of days that you specify here. 5. then enter a number and select days. click Purge labeled files. 4. or months. 2. select one or both of the following options: a. By default. 3. Choose Resource Manager Essentials > Administration > Syslog > Set Purge Policy. the Common Syslog Collector drops the syslogs that match any of the "Drop" filters from further processing. the first is purged to keep the total number of archived versions at 10.Deployment Guide ● Their age. click Maximum Versions. 2. The oldest configuration is purged when the maximum number is reached. Inc. Select Enable. ● If you select the Drop option. or Disabled. Note: The Drop or Keep option applies to all message filters and is not on a per-filter basis. 1. The default value is 7 days. ● If you select the Keep option. Specify the number of days in the Purge records older than field. All contents are Copyright © 1992–2008 Cisco Systems. The Archive Purge Setup dialog box appears. if you set the maximum versions to keep to 10. A list of all message filters is displayed in a dialog box. Choose Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Purge Settings. This document is Cisco Public Information. Syslog A default policy can be specified for the periodic purging of Syslog messages. along with the names. click Change. 1. To schedule a purge job. To specify the default purge policy: 1. To retain and then enter the number of configurations to retain. Specify whether the filters are for dropping the Syslog messages or for keeping them. Collector allows only the syslogs that match any of the "Keep" filters. c. b. For example. Choose Resource Manager Essentials > Tools > Syslog > Message Filters. Configurations older than the number of days you specify are purged. To specify when to purge configuration files from the archive.

Specify the start time and the end time from the Start Time and the End Time drop-down list box. SWIM Baseline Collection We recommend that you first import a baseline of all software images running on your network. Enter the information. 3. Select Days of the week from the Day drop-down list box. To prevent this inventory change filters can be enabled to not track change audits for these attributes. All running images that are not in the software repository will appear. All rights reserved. Choose Resource Manager Essentials > Software Mgmt > Software Repository > Software Repository Synchronization. 2. 2. This document is Cisco Public Information. If some devices are running software images not in the software repository then a synchronization report can be generated for these devices. 1. Choose Resource Manager Essentials > Software Mgmt > Software Repository. This may cause a lot of change audit messages to accumulate over a period of time. The baseline imports a copy of each unique software image running on the network (the same image running on multiple devices is imported into the software library only once). then click Add. Page 44 of 64 . then click Add. 1. Click Schedule. Setting Up Inventory Filters Certain inventory attributes can change often and these changes can get logged whenever there is a collection. then click Submit. Inc. 2. Import a baseline of all software images. To schedule a Synchronization report: 1. Select Network and Use generated Out-of-sync Report. then click Next. enter the values for each field. You can set inventory filters by navigating to Resource Manager Essentials > Administration > Inventory > Inventory Change Filter. 3. Once the Software Repository Synchronization job finishes successfully. Defining Exception Periods An Exceptions period is a time you specify when no network changes should occur. you can create a job to import all software images on your network by following these steps: 4. This frees disk space and maintains the Change Audit data at a manageable size. To save the purge policy that you have specified. Select Resource Manager Essentials > Administration > ChangeAudit > Set Purge Policy. then click Save. The images act as a backup if any of your devices become corrupted and need a new software image or if an error occurs during an upgrade.Deployment Guide Change Audit You can schedule a periodic purge or a forced purge of Change Audit data. 5. Set the Exception period by navigating to Resource Manager Essentials > Tools > Change Audit > Exception Period Definition. All contents are Copyright © 1992–2008 Cisco Systems.

Configuring Job Approval RME allows approval of jobs before they are executed. it will take more time to show the software image selection dialog box. edit of configuration. Select users from the list of available users field in the middle. Specify Approver Lists. Config Editor. Archive Management and Software Management. Viewing Jobs Pending Approval To view all jobs pending approval. 4. click Next. The central location can be accessed by navigating to CWHP > Resource Manager Essentials > Job Mgmt > RME Jobs. Config Editor. Save the configuration of approval lists. All contents are Copyright © 1992–2008 Cisco Systems. Inc. then click Add. The approver can either accept or reject the job. Page 45 of 64 . download of configuration and device IOS/CatOS image management. If a job is rejected. then click Add. a. then click Finish. b. c. the status of the job is updated for the user who created the job. Archive Management and Software Management. Provide an Approver name in the top left text field. This document is Cisco Public Information. All rights reserved. Archive Management and Software Management to be approved before being executed. 3. The following are the logical steps to configure job approval. navigate to CWHP > Resource Manager Essentials > Job Mgmt > Job Approval. Note: The user created here should have Approver role in the system (be it local security mode or ACS security mode ). 2. All jobs can be searched on criteria such as status of the jobs and type of job. You must create a list of approvers. Specify Approver Information. There is a central location where all jobs created for various purposes in RME can be viewed. Enter the Job Control Information. 7. Navigate to CWHP > Resource Manager Essentials > Administration > Approval > Create/Edit Approver Lists. Note: If you do not select the Use generated Out-of-sync Report option. Assign approval lists with the various functions such as NetConfig.Deployment Guide 6. The steps described above require all jobs created for NetConfig. Enable Approval policies on the various functions like NetConfig. Click Next. Job Management Jobs need to be created for performing archive management. d. 1. Navigate to CWHP > Resource Manager Essentials > Administration > Approval > Approver Details. The list has to be named and assigned approvers. Config Editor.

IPM adds the device without either contacting the device or making any verification. Those devices in DCR that cannot be an IPM source will be not added and in the import log file there will be an error message for that device. Device Fault Manager Administration of the DFM Server can be categorized into the following sections. All contents are Copyright © 1992–2008 Cisco Systems. View the results of importing devices You can view the results of importing devices from the CiscoWorks home page by clicking View Import Source Log or View Import Target Log. ● Target IP devices When you import devices as Target IP Devices. Note: Before you import devices from Device and Credential Repository. Also. Inc. If there is not a read community string. All rights reserved. you can import devices from DCR into Internetwork Performance Monitor. Daily Purging Schedule Set up a daily purging schedule for fault history information in the DFM. To set up a purge schedule. When you import devices from the Device and Credentials Repository. IPM verifies whether the IP SLA responder is enabled or not on the target. Forwarding SNMP Traps This configuration can be made to blindly forward traps that come into the trap receiver of the DFM. they are updated. if the devices already exist in IPM. navigate to the DFM panel and choose Configuration > Other Configuration > Daily Purging Schedule. device attributes. the target’s IP SLA responder status is not verified. IPM interacts with this repository to get the device list. You can view the log file in: IPMROOT/etc/source or IPMROOT/etc/target. All the devices in DCR will be imported into IPM. Page 46 of 64 . ● Target IP SLA responders When devices are imported as Target IP SLA Responders. there is no mechanism to import only selected devices from DCR into IPM. These are traps that are received from the devices in the network. Import status log file IPM creates a separate log file for the Device and Credentials Repository Import status. if the device has a read community string. ensure that there are devices in the repository. IPM contacts the device and adds them only if they are running IOS image with IP SLA feature and if the Read and Write community strings are provided. This document is Cisco Public Information. and device credentials. You can import devices as: ● Sources When you import devices as Sources.Deployment Guide Importing Devices into Internetwork Performance Monitor Once the devices are added into the Device and Credentials Repository.

● Threshold Parameters are used to determine the thresholds for various devices. Default SMTP Server DFM has an email notification service that can send emails when alerts or events are generated. To schedule a rediscovery. navigate to DFM panel and choose Configuration > Other Configuration > SNMP Trap Receiving. Inc. To set the SMTP Server information for sending emails. edit or delete groups internal to DFM. You can schedule multiple rediscoveries. Polling and Threshold Management For the faults and events to show up in DFM. Page 47 of 64 . ● Polling parameters are used to make DFM Server poll the devices in the various groups in specified intervals. polling and threshold parameters need to be set. These groups can be shared with other applications. All rights reserved. Note: Rediscovery does not add devices into the DCR as it would in Campus Manager. When these thresholds are crossed for the various types of devices alerts are raised in DFM Server. A view can be created on a list of groups and this view will be visible in the Alerts and Activities Window under Device Fault Manager. To set the port used for trap receiving. navigate to Configuration > Other Configuration > Group Administration. navigate to the DFM panel and choose Configuration > Other Configuration > SMTP Default Server. View Management View Management allows the user to see alerts and activities on a group of devices. This document is Cisco Public Information. All contents are Copyright © 1992–2008 Cisco Systems. This email notification service needs SMTP Server information for forwarding emails. Group Administration Group administration’s function is to create. Polling and Threshold parameters can be set by navigating to CWHP > Device Fault Manager > Configuration > Polling and Threshold. Rediscovery Rediscovery is limited to the list of devices that are known to DFM.Deployment Guide To set up trap forwarding. Note: It is not NB trap generation for applications like HP Open View Receiving SNMP Traps This configuration is made for setting the global port for receiving traps in DFM. navigate to Configuration > Other Configuration > Rediscovery Schedule. To create DFM groups. navigate to the DFM panel and choose Configuration > Other Configuration > SNMP Trap Forwarding.

Click on the link on the device name after you have selected it. you can launch the Switch Port Usage Report for recently up. Device Center also provides a set of functions that help facilitate debugging. Page 48 of 64 . To launch Cisco View. ◦ If the device is a switch. and any fault related alerts for the device and the neighboring devices. go to the CiscoView tool to view the chassis and make some changes on the interfaces or ports. Device Center is installed as part of the Common Services install and can be launched from CWHP > Device Troubleshooting > Device Center. Last inventory and configuration collection times. Inc. run reports on the device and any management tasks such as changing credentials. ◦ If some faults are found. This launches the summary and tools page for the device. Cisco View now provides a light weight HTML-based client. ◦ Ping: Ping the device to see if it is reachable from the LMS server. choose CWHP > Cisco View > Chassis View. down or unused ports. The list below is not complete but helps to understand some of the tools available in Device Center. This document is Cisco Public Information. All rights reserved. navigate to Configuration > Other Configuration > Alerts and Activities Defaults. ◦ You can synchronize the archive or download a previous archive of the configuration or All contents are Copyright © 1992–2008 Cisco Systems. The procedure to launch debugging utilities on a particular device is given below. Syslog summary. launch the Edit Device Credentials tool to edit the credentials.Deployment Guide To create views. ◦ If the credentials are missing. CiscoView Cisco View provides real time chassis view of the devices. Device Center Device Center is a portal within the LMS bundle that provides the ability to gather and debug information about a particular device. The “Summary” in device center provides information about the device IP address. IP address information. image. ● Browse through the group hierarchies to select a device or search for a particular device by typing in the name in the search utility provided above the group selector. It also incorporates IPv6 functionality with the manageability over IPv4 address. ◦ Launch the Detailed Device Report on the device to view memory. ◦ Launch Credential Verification Report: Launch the Credential Verification Report to check for any missing credentials. ◦ Launch the Fault History Report to view any faults that occurred in the last 24 hours or 31 days. ● You can look at the 24-hour reports on the device in the top half of the right frame and launch tools in the bottom half of the right frame. flash. 24-hour Change Audit Summary. Device type. ● A suggested list of tools to be launched in a particular order as follows.

This document is Cisco Public Information.Deployment Guide do an image upgrade. All rights reserved. Inc. All contents are Copyright © 1992–2008 Cisco Systems. Page 49 of 64 .

alerts are raised in the Device Fault Manager server. Page 50 of 64 . ● You can choose to be notified by email. Resource Manager Essentials. This Polling and Threshold link provides an option to either change the default polling and threshold setting or to seta new polling and threshold setting for the user-defined device interface and port groups. Internetwork Performance Monitor.Deployment Guide 7. This document is Cisco Public Information. To set the Polling and Threshold parameters: 1. ● You can look at the current faults in real-time in an alerts and activities window. 2. trap messages. Navigate to CWHP > Device Fault Manager > Device Management > Device Selector tool. Campus Manager. Inc. Threshold parameters determine the thresholds for various devices. Set Up Tasks The following tasks must be completed before fault monitoring can be enabled in Device Fault Manager: Add List of Devices to the DCR A list of devices must be added from Device and Credentials Repository into DFM. and Common Services. All rights reserved. Polling and Threshold Configuration Faults and events show up automatically for all devices because default polling settings are used for polling the devices. All contents are Copyright © 1992–2008 Cisco Systems. Navigate to CWHP > Device Fault Manager > Configuration. or Syslog messages.6 This chapter provides more details on the network management tasks in LMS across the various applications: Device Fault Manager. Network Management in Cisco LAN Management Solution 2. Fault Monitoring The Device Fault Manager (DFM) gives you the option of monitoring faults in three distinct ways: ● You can look at historic fault data using fault history. Then select the Polling and Threshold link. Check Status of Devices The status of all devices should be in the Known state: Choose Device Fault Manager > Device Management > Device Summary. Polling parameters are used to make the Device Fault Manager server poll the devices in the various groups at specified intervals. When these thresholds are crossed.

Create a Notification Group by clicking the Notification Groups link. With the RME Baseline template and compliance check you can execute this functionality: All contents are Copyright © 1992–2008 Cisco Systems. Inc. To launch the Alerts and Activities window: Navigate to CWHP > Device Fault Manager. You can view the faults by searching for a single device. click the E-Mail Notification link. Step 7. a fault ID. Baseline Configuration All enterprises need to enforce some standard policy across all the devices in the network. Step 8. Navigate to CWHP > Device Fault Manager. Select a group from the group selector. or an event ID. Provide the notification group name and click Next. Select the Notification Services link. Step 6. Alerts and Activities The Alerts and Activities window shows the real-time display of faults on devices or views. Step 10 To send syslog messages to other machines when a notification needs to be raised on a notification group. Step 1. then choose one of the following: ● Alert severity ● Event severity ● Alert status ● Event status for the devices in the group to send notification Step 5. Step 9.Deployment Guide Fault and Alerts Notification Services Various notification services are available in Device Fault Manager to notify you of a fault or alert that occurred in the device. All faults in the devices are automatically accumulated and can be viewed: Navigate to Device Fault Manager. To send traps to NB applications like HP Open View Network Node Manager when a notification needs to be raised per notification group. Step 2. then click the Alerts and Activities link. Fault History No configuration is needed in Fault History. Enterprise networks need to audit the policy periodically and enforce the policy if any devices are found in violation of it. a group of devices. click the SNMP Trap Notification link. This document is Cisco Public Information. click the Syslog Notification link. All rights reserved. then select the Fault History link. Click Finish to create the notification group. Step 4. To send email notification to a user when a notification needs to be raised per notification group. Click Next. Step 3. Page 51 of 64 .

● Deploy the baseline template to the same category of devices in the network. Inc. the device moves to a normal state. Then create Baseline templates with those set of commands identified. Certain RME tasks that don’t need prior device information can be performed on pre-deployed devices as they would on normal state devices. All rights reserved. Preprovisioning Devices There is a new device status group in RME called pre-deployed devices. you can accomplish following tasks. ● Compare device configurations and generate a report that lists all the devices that are noncompliant to the baseline template. The pre-deployed device state indicates that the devices are not reachable from the management server (either they are not in the network or sufficient credentials have not been provided). After creating the baseline templates. etc. ● Schedule a compliance check job and deploy the baseline template on to the devices.) in RME before the devices are online. Campus Data Extraction Engine Campus Manager provides a data extraction engine to extract data about the following: ● User tracking data ● Layer 2 topology ● Discrepancies in the network configuration Data Extraction can be done either through the command-line interface or Servlet access.Deployment Guide First identify a set of standardized policy-based commands that you want to have on a set of devices. those tasks can be pushed to the devices. In the pre-deployed device state. Data Extraction from LMS Applications This section describes the Campus Data Extraction Engine and the RME Data Extraction Engine. cmexport <-h | -v | commands> <arguments> Core Commands The core data extraction commands are described in Table 6. The top-level Help provides the following information. Telnet. The cmexport Utility You can access the command-line interface utility cmexport by going to the NMSROOT/campus/bin directory. and SSH). cmexport can execute the -v or -h options only. If no core command is specified. All contents are Copyright © 1992–2008 Cisco Systems. Page 52 of 64 . If RME successfully contacts the device through SNMP polling or pre-provisioned job completion. You must invoke the cmexport command with one of the core commands specified in Table 6. the device has not been contacted by RME through protocols (such as SNMP. This document is Cisco Public Information. So you could pre-provision all the tasks (write a software image. After the RME server can contact the devices. get baseline configurations.

● For User Tracking: PX_DATADIR/cmexport/ut/timestamput. This utility does not inherently delete the files created in the archive. All contents are Copyright © 1992–2008 Cisco Systems. -f Specify the filename and the directory for storing the Data Extraction Engine output. -v Displays the version of the cmexport utility. Page 53 of 64 . -query User tracking host data is exported in XML format for the query given in queryname. l2topology Generates Layer 2 topology data in XML format. -view Specifies the format in which the user tracking XML data is presented. Archival Locations Data generated through the cmexport command-line interface is archived at the following locations by default. It currently supports two options: ● switch: User tracking data is displayed based on the switch. ● subnet: User tracking data is displayed based on the subnet in which they are present. -queryPhone User tracking phone data is exported in XML format for the query given in phonequeryname.xml Directory Locations ● The PX_DATADIR directory is at these locations: ◦ Windows: %NMSROOT%\files folder ◦ Solaris: /var/adm/CSCOpx/files ● NMSROOT is the directory where you installed Campus Manager. -h (Null option) Lists the usage Help information for this utility. You should delete these files when necessary.xml ● For Discrepancy: PX_DATADIR/cmexport/Discrepancy/timestampDiscrepancy. ● timestamp is the time at which the log was written in this format: YearMonthDateHourOfDayMinuteSecond format. User Tracking cmexport Parameters Parameter Description -layout User tracking host data is exported in XML format for the layout given in layoutname.xml ● For Layer 2 Topology: PX_DATADIR/cmexport/L2Topology/timestampL2Topology. This parameter is applicable only when –phone is chosen. The layout is a custom layout defined by the user in UT. Possible Combinations of cmexport Commands User Tracking Table 7.Deployment Guide Table 6. using the same filename and directory twice would cause the previous file to be overwritten. discrepancy Generates discrepancy data in XML format. This document is Cisco Public Information. All rights reserved. This parameter is applicable only when –phone is chosen. This parameter is applicable only when –host is chosen. However. Inc. Core Commands: Campus Manager Data Extraction Core Command Description ut Generates User Tracking data in XML format. This parameter is applicable only when –host is chosen -layoutPhone User tracking phone data is exported in XML format for the layout given in layoutPhone.

All rights reserved. and returns the results in XML format. While generating data through the Servlet. password. the command you want to execute. the output will be displayed at the client terminal. The Servlet is: http://Campus-Server:1741/CSCOnm/campus/servlet/CMExportServlet The HTTP response of the Servlet contains the XML file generated by executing the cmexport command on the server with the parameters provided in the payload file. The command to export user tracking. Page 54 of 64 . Step 3. and discrepancy can be sent as HTTP or HTTPS requests. Typically. The Servlet requires a payload file that contains details about the user’s credentials. The Servlet accepts users request and authenticates the requesting user’s identity using Common Services authentication mechanism. Extract the XML file from the content of the HTTP response and save it to a local file.Deployment Guide Example Commands cmexport ut –u admin –p admin –host cmexport ut –u admin –p admin –phone cmexport ut –u admin –p admin –host -query dupMAC –layout all cmexport ut –u admin –p admin –host -query dupMAC –layout <name> cmexport ut –u admin –p admin –phone -queryPhone <name> –layoutPhone <name> cmexport ut –u admin –p admin –host -f ut. phone. such as log and debug options as inputs in XML format. The input XML file contains various tags for username. The Servlet then parses the payload file encoded in XML. Step 2. performs the operations. discrepancy and L2 topology information -> All contents are Copyright © 1992–2008 Cisco Systems.xml Servlet Access to the Data Extraction Engine The Servlet access to Campus Manager Data Extraction Engine is described below. Extracting the Export File From the Servlet The steps to extract the export file from the Servlet are as follows: Step 1. Inc. and optional tags. Sample Payload <payload> <!—The following element specifies the username (valid CiscoWorks or ACS user ID) of the person initiating this DEE call --> <username>username</username> <!— The following element specifies the valid password of the user ID --> <password>password</password> <!—The following element specifies the DEE command used for extracting UT host. topology. Generate the necessary payload XML file with the required data. Servlet access is used to extract data from a client system. Use a script to perform a POST operation to the Servlet with the payload file. core command.xml cmexport ut –u admin –view switch –host Layer 2 Topology or Discrepancy Commands cmexport L2Topology|Discrepancy –u admin –p admin cmexport L2Topology|Discrepancy –u admin –p admin -f 013104L2. and optional details. This document is Cisco Public Information.

$hdr). my $result. $temp = $ARGV[0] . if ($res->is_error) { print "ERROR : ". } close(FILE). All rights reserved.Activate a CGI: sub url_call { my ($url) = @_. } else { $result = $res->content. #-. my $req = new HTTP::Request ('GET'. } url_call($temp). All contents are Copyright © 1992–2008 Cisco Systems. my $hdr = new HTTP::Headers 'Content-Type' => 'text/html'. $res->message. while ( <FILE> ) { $str . " : ". Inc. $res->code. --> <debug>1</debug> <!—The following element specifies the custom report name created in the User Tracking user interface by navigating to CWHP > Campus Manager > User Tracking > Reports > Custom Reports. $req->content($str). $ua->timeout(5000). $result = ''.Deployment Guide <command>ut_host</command> <!—The following element specifies the logfile where all logs need to be output --> <logfile>filename</logfile> <!—The following element specifies the debug level at which the log is output. $url."$fname") || die "File open Failed $!". $| = 1. $fname = $ARGV[1] . my $ua = new LWP::UserAgent. "\n". Page 55 of 64 . my $res = $ua->request($req). This document is Cisco Public Information.= $_ . #!/opt/CSCOpx/bin/perl use LWP::UserAgent. if ( -f $fname ) { open (FILE.> <view></view> </payload> Sample Perl Script to Access the Servlet Note: Sample scripts are available in the Campus Manager Data Extraction Engine online Help.

Inc. All contents are Copyright © 1992–2008 Cisco Systems.xml Any user using the Data Extraction Engine is authenticated and authorized. run: cwcli <application/command> -help You must invoke the cwcli command with one of the core commands specified in Table 8.pl http://server:1741/campus/servlet/CMExportServlet payload. The command should be entered in the following format: cmexport ut –u admin –host This syntax enables cmexport to find the relevant password associated with the username (in the example here. All rights reserved. The top-level Help command cwcli –help provides the following information: General syntax to run a command with arguments is: cwcli <application/command> <arguments> For detailed help on a command and its arguments.xml ● In HTTPS mode: . This document is Cisco Public Information. The access permissions to the file can be set to prevent any unauthorized access./perl script. Page 56 of 64 . } else { print $result . When using this option./perl script.pl https://server/campus/servlet/CMExportServlet payload.xml file. If no core command is specified. The command will look similar to these commands for HTTP and HTTPS modes: ● In HTTP mode .Deployment Guide if($result =~ /Authorization error/) { print "Authorization error\n". the CMEXPORTFILE environment variable should be set so it points to the file containing the credentials. } } The Perl script listed above will invoke the servlet with the use of payload . The command-line interface utility cwcli can be accessed by going to NMSROOT/bin directory. cwcli can execute the -v or -help options only. Resource Manager Essentials Data Extraction Engine Resource Manager Essentials provides a data extraction engine to extract data about the following: ● Inventory ● Change audit ● A device’s configuration details Data extraction can be done by either through the command-line interface or Servlet access. The username and password are either provided as part of the command-line interface and Servlet call or the password is put in a password file for retrieval by the Data Extraction Engine. for the username admin).

● To launch the cwcli export changeaudit command: man export-changeaudit ● To launch the cwcli export config command: man export-config ● To launch the cwcli export inventory command: man export-inventory Data Archiving Location Data generated through the cwcli export command-line interface is archived at the following locations by default: ● ChangeAudit ◦ On Solaris: /var/adm/CSCOpx/files/rme/archive/YYYY-MM-DD-HH-MM-SSchangeaudit. On UNIX. delete the archived configuration files. inventory A command-line interface tool to create. The order of the arguments and options are not important. It also helps in importing or exporting the data in inventory as XML files. you must enter the core command immediately after cwcli export.xml ● Config ◦ On Solaris: /var/adm/CSCOpx/files/rme/cwconfig/YYYY-MM-DD-HH-MM-SS-MSMSMSDevice_Display_Name. All rights reserved. delete. and changeaudit details into XML format. you can view the cwcli export man pages by setting the MANPATH to: /opt/CSCOpx/man/man1 The man pages to launch the cwcli export command are man cwcli-export to launch the cwcli export command. and cancel a NetConfig job. ● Command specifies which core operation is to be performed. -help (Null option) Lists the usage information for this utility. and reload the device. export Exports inventory/configuration/change audit data in XML. Core Commands: Resource Manager Essentials Data Extraction Core Command Description config Provides a set of commands that are used to download and fetch configurations. It also helps in importing or exporting the User Defined Template XML files -v Displays the version of the cwcli utility. delete. ● GlobalArguments are the additional parameters required for each core command. This document is Cisco Public Information.xml All contents are Copyright © 1992–2008 Cisco Systems. invreport List all custom reports and generates CSV formatted inventory report(s) for given template(s).Deployment Guide Table 8. Command-Line Syntax The command line syntax of the application is in the following format: cwcli export command GlobalArguments AppSpecificArguments ● cwcli export is the CiscoWorks command line interface for exporting inventory. and cancel an inventory collection job. which modify the behavior of the specific cwcli export core command. configuration.xml ◦ On Windows: NMSROOT\files\rme\archive\ YYYY-MM-DD-HH-MM-SS-changeaudit. Inc. ● AppSpecificArguments are the optional parameters. netconfig A command-line interface tool to create. However. Page 57 of 64 . compare two different configurations.

Note: Use <arg> and <argval> tags when the argument is a file. All rights reserved.. The following is the Servlet to be invoked to execute any command: For a post request http://<rme-server>:<rme-port>/rme/cwcli <payload XML file> For a get request http://<rme-server>:<rme-port>/rme/cwcli?command=cwcli config <commandname>-u <user> p<BAse64 encoded pwd> -args1 <arg1value>. <payload> <command> cwcli config export -u admin -p <Base64Encoded pwd> -device 1.xml is as follows: <payload> <command> cwcli config import -u admin -p <Base64Encoded pwd> -device 10. The contents of the payload xml file are as follows. Inc.106 <arg> -f </arg> <arg-val> banner motd "welcome.. The name of the Servlet is /rme/cwcli.1 xml </command> <arg> </arg> <arg-val> </arg-val> </payload> For example.xml ● Inventory ◦ On Solaris: /var/adm/CSCOpx/files/rme/archive/YYYY-MM-DD-HH-MM-SS-inventory.xml ◦ On Windows: NMSROOT\files\rme\archive\ YYYY-MM-DD-HH-MM-SS.1. Page 58 of 64 .inventory. to execute the import command payload.Sir" </arg-val> </command> </payload> All contents are Copyright © 1992–2008 Cisco Systems.240.77.Deployment Guide ◦ On Windows: NMSROOT\files\rme\cwconfig\ YYYY-MM-DD-HH-MM-SSMSMSMSDevice_Display_Name. This document is Cisco Public Information.xml RME Servlet The details of Servlet access to RME Data Extraction Engine is given below.1.

$hdr).= $_ . Sample Script to Invoke the Servlet #!/opt/CSCOpx/bin/perl use LWP::UserAgent. $url. The default port for CiscoWorks server in HTTP mode is 1741. " : ". my $res = $ua->request ($req)."$fname") || die "File open Failed $!". } else { print $result . All rights reserved. $temp = $ARGV[0] . my $ua = new LWP::UserAgent. Inc. Sir".pl http(s)://<rme-server>:<rme-port>/rme/cwcli <payload XML file> Note: For the secure mode (HTTPS).240. url_call($temp). #-. $req->content($str). All contents are Copyright © 1992–2008 Cisco Systems. the port number is 443. "\n". my $result.77. $res->code.Activate a CGI: sub url_call { my ($url) = @_. open (FILE. $result = ''. if($result =~ /Authorization error/) { print "Authorization error\n". For example: Perl samplescript. $ua->timeout(1000). $fname = $ARGV[1] . if ($res->is_error) { print "ERROR : ". my $req = new HTTP::Request ('POST'. # you can set timeout value depending on number of devices my $hdr = new HTTP::Headers 'Content-Type' => 'text/html'.106 -f tempfile Here the tempfile contains the line banner motd "welcome. Page 59 of 64 .Deployment Guide The Remote Access Servlet creates a temporary file with the contents specified between the arg val tags for the import command. } print $str . On the server. } else { $result = $res->content. This document is Cisco Public Information. while ( <FILE> ) { $str . $res->message. the command is executed as cwcli config import -u admin -p <Base64Encoded pwd> -device 10.

Only applicable in plain text output format. -h Help . ipm export [-q] [[-k <letter>] | -w] [-h] [ ( -c | -s | -t | -o | -cs) [<CollectorName>] ] | [ (-dh | -dd | -dw | -dm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ (-jh | -jd | -jw | -jm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ (-ph | -pd | -pw | -pm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ -r [<WhichDay>] ] | [ -all [<StartDate>] [<EndDate>]] General Options [ipmRoot] Root location of IPM. this is set to a comma '. The ipm export command line interface is the command to do IPM export. -k Delimiter: Set the field delimiter to <letter>. such as /opt/CSCOipm. Page 60 of 64 . All rights reserved. The IPM Export Command The following example shows the command syntax and help that is displayed when you use the ipm export Help command: You must be logged in as the root user (in Solaris) or administrator (in Windows) to use export IPM data using the ipm export command. This is only applicable in plain text output format. Inc.'. -w HTML output: A web page will be generated from the output of this command. -q Quiet output: Display no column headings. By default.output this usage help Format: Time - <StartTime> and <EndTime> input as: MM/DD/YYYY-hh:mm:ss Date - <WhichDay> input as: MM/DD/YYYY <StartDate> and <EndDate> input as: MM/DD/YYYY All contents are Copyright © 1992–2008 Cisco Systems. This document is Cisco Public Information.Deployment Guide } } } Internetwork Performance Monitor Export There has been no change in the way the data can be exported in Internetwork Performance Monitor from the previous version of the product.

All contents are Copyright © 1992–2008 Cisco Systems. ● You can generate Custom Reports for end hosts and IP Phones by selecting a group. Inc. The switch port usage reports can be run for recently down. or Slave mode ● impFile. unused down and unused up ports. Standalone. Slave. All rights reserved. Page 61 of 64 . setslave: Sets the DCR to Master. Local NMS. The following reports can be generated. NMSROOT/bin/dcrcli –u username Step 2. Remote NMS and ACS ( AAA server ) ● exp: Exports to a file UT Reports You can generate UT Reports by navigating to CWHP > Campus Manager > User Tracking > Reports. ● UT can run reports on switch port usage statistics of the switches. evaluating a query on the group to subset the number of end hosts and IP Phones. The main command to launch is at: NMSROOT/bin/dcrcli The steps are as follows: Step 1. impACS: Imports device list from File. You can save the custom reports. duplicate device entries and switch port usage. Step 3. impRNms. You can also view the list of DCR attributes that can be stored in DCR. ● UT can list the jobs that are run periodically to generate reports. Select one of the various top level commands ● add: Adds a device ● del: Deletes a device ● mod: Modifies a device ● lsattr: Lists the attributes stored in DCR ● details: View device details ● lsmode: Lists the DCR mode as Master. IP Phones. impNms. ● UT provides the ability to quickly view reports on end hosts and IP Phones. or Standalone ● setmaster. setstand. you can add. Enter the password corresponding to the username. You can generate Custom reports by navigating to User Tracking > Reports > Custom Reports. These jobs are for generating reports on end hosts.Deployment Guide The DCR Command Line Interface Using the command line interface. You can find the report job listing by navigating to User Tracking > Reports > Report Jobs. This document is Cisco Public Information. modify devices and change DCR modes. A simple query can be input to view a subset of the end hosts or IP Phones present in UT. and view the current DCR mode. delete.

Select the desired Switch Cloud and click Display View.1s Recommendations. The spanning tree formed in this selection would have the minimum depth. All rights reserved. The ability to collect syslogs helps manage the network more effectively. VLAN Recommendations Campus Manager provides the ability to view VLANs and the ability to get recommendations on spanning trees.0 provides the ability to schedule a single job for devices using Cisco IOS and Catalyst OS. The least depth spanning tree recommendation can be seen by the following sequence: a. Create a NetConfig job by clicking NetConfig Jobs under the TOC. To run optimal root and instance reduction and instance recommendation reports. A template for enabling Syslogs is built in NetConfig. ● Received syslogs can be analyzed and can also be used for further triggering automated actions Syslogs can be enabled on devices using NetConfig. 2. Least depth The least depth method would help the user select a root for the particular VLAN that would provide the least from each node in the network to the root. RME 4. Since most of the switched traffic is directed through the root bridge. 3.Deployment Guide You can use the custom reports while generating detailed reports on end hosts or IP phones by going to User Tracking > Reports > Report Generator. you can enable syslogs through NetConfig. MIST and 802. Campus Manager provides the ability to select the root bridge based on the following criteria: 1. The different types of spanning trees that are supported for recommendations are PVST. or IEEE 802. Inc.1s. This document is Cisco Public Information. All contents are Copyright © 1992–2008 Cisco Systems. then select Per VLAN STP Recommendations. b. Least cost Least cost recommendation will provide a recommendation on a root that would be the least cost from all the nodes in the switch cloud. c. it is essential to have the proper switch designated as the root bridge. in the Switch Cloud view. select Reports. Configuring Syslog on Devices LMS has the ability to collect and analyze syslogs received from devices in the network. Enabling syslogs provides a multi fold advantage: ● LMS will collect and update any configuration and inventory changes on the network. Once the device configurations are being managed by RME. Go to Topology Services > Network Views > LAN Edge View. Cisco MISTP Recommendations. Traffic data Campus Manager also has the ability to recommend Root Bridge based on the traffic in the network. You can access the template under Resource Manager Essentials > Config Mgmt > NetConfig. Page 62 of 64 .

2. they will be notified that the file is already checked out and they can only open a “read-only” copy. This document is Cisco Public Information. You can select the links that should be part of the Ether channel. The Config Editor tool allows the user to make changes to any version of a configuration file. NetConfig Function The NetConfig function provides a set of command templates that can be used to update the device configuration on multiple devices all at once. The file will remain locked until it is downloaded to the device or manually unlocked within Config Editor by the user who checked it out or by a user that has network administrator and system administrator privileges. or both. The configuration window also provides the ability to copy running configuration to startup configuration. Select a link on the Layer 2 View. When a configuration file is opened with Config Editor.1Q. mac. 2. The Ether Channel Configuration window appears. Change Management RME Config Editor The RME Config Editor function can be used to edit a device configuration stored in the configuration archive and download it to the device. one of the sources is NAM and the other source is the NetFlow collector. If other users attempt to open the file to edit it. While the file is locked. ISL or Negotiate. review changes. Ether Channel and Trunk Deployment Campus Manager Topology Services Layer 2 view also provides the ability to configure Ether channels and Trunks. Enter the Allowed and Disallowed VLANs on that trunk. destination. right-click and select Configure Ether Channel. Ether Channel Configuration For channel configuration. Trunk Configuration To configure Trunk configuration: 1. Page 63 of 64 . Select the type of encapsulation 802. the file is locked so that no one else will be able to make changes to it at the same time. All contents are Copyright © 1992–2008 Cisco Systems. Inc. The distribution protocol can be set to ip. The protocol for Ether Channel is PagP and the channel mode is Desirable. it is maintained in a “private” archive available only to the user who checked it out.Deployment Guide Campus Manager accepts traffic information from two sources. and then download the changes to the device. The NetConfig tool provides wizard-based templates to simplify and reduce the time it takes to roll out global changes to network devices. 3. or port and the distribution address type can be set to source. Right-click on a particular link and select Create Trunk. The Ether Channel Configuration window also shows all the links between the two devices where the Ether channel is being set up. All rights reserved. follow these steps: 1.

use the appropriate SNMP template to update community strings on all devices using the same job. NetConfig comes with several predefined templates containing all necessary commands. For example. for example. All rights reserved. Audit Trail Resource Manager Essentials also provides the capability to have an Audit Trail. 1. Audit Trail provides a trail of all the changes that are being on the server. or a credential change. These reports help manage the changes on the network. go to Resource Manager Essentials > Reports > Report Generator. If syslogs are enabled on devices. The report type can be either a 24-hour report. 2. Change Audit All changes made on the network through LMS are recorded as part of change audit. A copy of all updated configurations will be automatically stored in the configuration archive. Printed in USA All contents are Copyright © 1992–2008 Cisco Systems. C07-400501-01 02/08 Page 64 of 64 . therefore. Standard Report or Exception Period Report. These predefined templates include corresponding rollback commands.Deployment Guide These templates can be used to execute one or more configuration commands on multiple devices at the same time. if a job fails on a device. to change SNMP community strings on a regular basis to increase security on devices. The user simply supplies the parameters for the command and NetConfig takes care of the actual command syntax. the addition or deletion of devices. This document is Cisco Public Information. To view Change Audit reports. the configuration will be returned to its original state. Select Change Audit as the application. Inc. any out-of-band changes made on the devices are also recorded as part of the change audit.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.