Cisco LAN Management Solution 2.

6
Deployment Guide

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 64
Page 1 of
64

Deployment Guide

Table of Contents
Table of Contents .............................................................................................................................. 2
1. Cisco LAN Management Solution 2.6 Deployment Guide ............................................................. 4
Introduction................................................................................................................................... 4
Applications Included in LMS 2.6............................................................................................. 4
Versions Available for LMS 2.6................................................................................................ 5
LMS 2.6 Architecture .................................................................................................................... 5
Common Services and DCR.................................................................................................... 6
Device and LMS Workflow ........................................................................................................... 6
2. Setting up Devices on the Network ............................................................................................... 8
Device Setup Elements ................................................................................................................ 8
System Name .......................................................................................................................... 8
Domain Name.......................................................................................................................... 8
SNMP Settings ........................................................................................................................ 9
System Reload ...................................................................................................................... 10
Command Line Prompts ........................................................................................................ 10
Telnet/SSH ............................................................................................................................ 10
Syslog Messages................................................................................................................... 11
Remote Copy Protocol (rcp) .................................................................................................. 11
Configuring Protocols ................................................................................................................. 12
Cisco Discovery Protocol (CDP) ............................................................................................ 12
Secure Copy Protocol (scp) ................................................................................................... 13
HTTP and HTTPS Servers .................................................................................................... 13
Configuring Multiple Spanning-Tree ...................................................................................... 14
Configuring Multiple Instance Spanning-Tree ........................................................................ 15
Configuring Per-VLAN Spanning Tree+................................................................................. 16
Configuring VLAN Trunk Protocol (VTP)................................................................................ 17
3. Cisco LAN Management Solution 2.6 Installation Requirements ................................................ 20
Solaris OS Installation Requirements ......................................................................................... 20
Recommended Solaris Disk Layout ....................................................................................... 20
Windows OS Installation Requirements ..................................................................................... 21
Recommended Order for Installing LMS Applications ................................................................ 21
Ports Used by LMS Applications............................................................................................ 22
Licensing Terminology and Process3......................................................................................... 24
4. Initial Setup of the LAN Management Solution 2.6 Server .......................................................... 25
Application Mode Settings in LMS Applications.......................................................................... 25
Protocol Setup............................................................................................................................ 26
Configuration Management.................................................................................................... 26
Software Image Management................................................................................................ 27
Setting Up Security..................................................................................................................... 27
Certificate Setup .................................................................................................................... 27
Setting up the Cisco Secure Access Control Server .................................................................. 28
Integrating LMS Servers with ACS ........................................................................................ 28
Setting Permissions for Performing Tasks on Devices ............................................................... 30
Enabling HTTPS on an LMS Server ...................................................................................... 31
Single Sign-On....................................................................................................................... 31
5. Populating Devices in Cisco LAN Management Solution 2.6 ...................................................... 32
Campus Manager Device Discovery .......................................................................................... 32
Defining a Seed Device in Campus Manager ........................................................................ 32
Bulk Device Import to Device and Credentials Repository ......................................................... 33
Device Credentials Update......................................................................................................... 34
Device Management .................................................................................................................. 34
Adding Devices to RME From DCR ....................................................................................... 34
Viewing Configuration Collection Status in RME ................................................................... 35
Collecting Devices’ Startup and Running Config ................................................................... 35
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 64

Deployment Guide

Verification of Device Import Status in LMS Applications....................................................... 35
6. Server Administration in Cisco LAN Management Solution 2.6................................................... 37
Common Services ...................................................................................................................... 37
Creating User Defined Groups............................................................................................... 37
Backing Up LMS Data ................................................................................................................ 37
Restoring LMS Data ................................................................................................................... 38
Example Restore Operation (Solaris) .................................................................................... 38
Campus Manager....................................................................................................................... 38
Campus Manager Device Discovery...................................................................................... 39
Campus Manager Data Collection ......................................................................................... 40
User Tracking Module............................................................................................................ 40
Hierarchical Groups in Campus Manager .............................................................................. 41
Resource Manager Essentials.................................................................................................... 41
Inventory Collection/Polling.................................................................................................... 41
Configuration File Collection and Polling ............................................................................... 42
Purge Policies........................................................................................................................ 42
Syslog .................................................................................................................................... 43
Change Audit ......................................................................................................................... 44
SWIM Baseline Collection...................................................................................................... 44
Job Management ................................................................................................................... 45
Importing Devices into Internetwork Performance Monitor ......................................................... 46
Device Fault Manager ................................................................................................................ 46
Daily Purging Schedule.......................................................................................................... 46
Forwarding SNMP Traps ....................................................................................................... 46
Receiving SNMP Traps.......................................................................................................... 47
Default SMTP Server ............................................................................................................. 47
Rediscovery ........................................................................................................................... 47
Group Administration ............................................................................................................. 47
Polling and Threshold Management ...................................................................................... 47
View Management ................................................................................................................. 47
CiscoView................................................................................................................................... 48
Device Center ........................................................................................................................ 48
7. Network Management in Cisco LAN Management Solution 2.6.................................................. 50
Fault Monitoring.......................................................................................................................... 50
Set Up Tasks ......................................................................................................................... 50
Fault and Alerts Notification Services .................................................................................... 51
Fault History........................................................................................................................... 51
Alerts and Activities ............................................................................................................... 51
Baseline Configuration ............................................................................................................... 51
Preprovisioning Devices ........................................................................................................ 52
Data Extraction from LMS Applications ...................................................................................... 52
Campus Data Extraction Engine............................................................................................ 52
Possible Combinations of cmexport Commands ................................................................... 53
Resource Manager Essentials Data Extraction Engine.......................................................... 56
Internetwork Performance Monitor Export ............................................................................. 60
The DCR Command Line Interface........................................................................................ 61
UT Reports ................................................................................................................................. 61
Configuring Syslog on Devices................................................................................................... 62
VLAN Recommendations ........................................................................................................... 62
Ether Channel and Trunk Deployment ....................................................................................... 63
Ether Channel Configuration.................................................................................................. 63
Trunk Configuration ............................................................................................................... 63
Change Management ................................................................................................................. 63

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 64

0. and troubleshooting of Cisco networks. administration. Some concepts related to multi-server deployment that have been introduced in LMS 2. It provides IT organizations an integrated system for sharing device information across management applications. configuration files. With increasing reliance on networks to increase productivity. Such increase in the number of network elements creates a challenge for network administrators.5 provides a set of shared application services that are used by all LMS applications. automation of device management tasks. By using common centralized systems and network-inventory knowledge. and software images—as well as Syslog analysis. visibility into the health and capability of the network.1 and Integration Utility 1.5 Common Services 3. enterprises are confronted with an ever growing network size. Inc.0. Page 4 of 64 .0.6 LAN Management Solution (LMS) 2.6.5 includes both CiscoView 6. This deployment guide considers scenarios where all applications reside on a single server and provides tips and suggestions on configuring the server. ● Resource Manager Essentials (RME) 4. manage VLANs.6 Deployment Guide Introduction Network management is critical in today’s networks. and identification and localization of network trouble.6 Campus Manager provides the ability to visualize network topology. detect network discrepancies. helping enterprises deploy and manage solutions.5 To support life cycle management. Applications Included in LMS 2.0. RME provides the ability to manage device inventory and audit changes. How does an enterprise effectively deploy and maintain their network devices? CiscoWorks LAN Management Solution (LMS) provides the integrated management tools needed to simplify the configuration. All contents are Copyright © 1992–2008 Cisco Systems.6 will also be discussed. allowing users to easily interact with device components to change configuration parameters and monitor statistics. All rights reserved. References will be provided for detailed discussions in the respective white papers.0.6 is an integration module that supports third-party network management systems. ◦ CiscoView 6. Cisco LAN Management Solution 2. CiscoWorks LMS delivers a unique platform of crossfunctional management capabilities that reduces network administration overhead and provides upper-layer systems integration. ◦ Integration Utility 1. Common Services 3.1. monitoring. and provide Layer 2 and Layer 3 data and voice traces and end-host user information. ● Campus Manager (CM) 4. This document is Cisco Public Information.Deployment Guide 1.5 provides “front panel” graphical displays of Cisco devices.6 includes the following components: ● CiscoWorks Common Services 3.

a target device and an operation type. Fault History lets the operator store and access historical information about alerts and faults that are detected and processed by DFM. This document is Cisco Public Information. as part of their configuration.0. Using synthetic traffic gives the network manager a high degree of flexibility in selecting the end points in a network between which network performance will be measured. in the router.6 You can select one of the following two versions of LMS 2. All contents are Copyright © 1992–2008 Cisco Systems. which is known as Cisco IOS IP SLA. DFM can issue notifications of critical network conditions via email or pager. This version has no limit on the number of devices it can support.6 is for customers transitioning from LMS 1. include a source router.6.6: ● Restricted Version The Restricted version of LMS 2.x to LMS 2. The device limit for this version is 300 devices. LMS 2. ● Large Enterprise Version The Large Enterprise version is for customers transitioning from LMS 1.6 Device Fault Manager provides the ability to monitor device faults in real-time and determine the root cause by correlating device-level fault conditions. This flexibility makes IPM a highly effective performance-troubleshooting tool.6.x Unlimited version or from LMS 2. ● Internetwork Performance Monitor (IPM) 2. These collectors.x to LMS 2.x Unlimited version or from LMS 2. IPM takes advantage of Cisco IOS IP SLA3 technology by configuring network performance agents.6 Internetwork Performance Monitor measures network performance based on the synthetic ® traffic generation technology within the Cisco IOS software.6 Architecture Figure 1 shows the architecture diagram of an LMS 2.Deployment Guide ● Device Fault Manager (DFM) 2. Versions Available for LMS 2.6 server and how the applications residing on a single LMS server interact to obtain device information. Page 5 of 64 . called collectors. Inc. All rights reserved.

Inc.6 Architecture Common Services and DCR LMS 2. For more information on this. page 24. All rights reserved. All contents are Copyright © 1992–2008 Cisco Systems. Subsequent chapters describe the setup and workflow processes in detail. Since there is a common device and credentials repository. The Device and Credential Repository also helps in a multi-server setup. LMS 2. Device and LMS Workflow Figure 2 summarizes the device and LMS setup workflow. This document only briefly describes some of the basic configuration that can be achieved in a multi-server setup. All applications within LMS request DCR for device credential information. see the Application Mode Settings in LMS Applications.Deployment Guide Figure 1. This document is Cisco Public Information. devices populated in DCR can be automatically populated in different applications. Page 6 of 64 .6 applications use Common Services as shown in Figure 1. Device Credential and Repository (DCR) is part of Common Services and acts as a central secure repository for all the device and credential information.

All rights reserved. This document is Cisco Public Information. Inc. Page 7 of 64 .Deployment Guide Figure 2. Device and LMS Setup Workflow All contents are Copyright © 1992–2008 Cisco Systems.

Deployment Guide

2. Setting up Devices on the Network
LAN Management Solution (LMS) 2.6 helps to manage Cisco devices on the network. But before
LMS 2.6 can function correctly, the network devices it touches must be set up correctly. The
information provided in this chapter is a general description of the means and procedures
recommended to ensure that the network devices are set up correctly.
Note:

This chapter provides a great deal of information on the device configuration procedures

required to manage devices using CiscoWorks LAN Management Solution. But keep in mind that
this document is not intended to be a comprehensive configuration guide for LMS 2.6. For
additional configuration details, please contact a Cisco certified network engineer if possible and
refer to pertinent documents that are posted on Cisco.com.
Tip:

Prior to LMS deployment, in the case of Cisco IOS and Catalyst OS devices, all

configuration changes must be saved to non-volatile memory (NVRAM) using the following
commands:
write memory or copy running-config startup-config.
Please note that these two commands are provided to save pre-LMS deployment configuration
changes. After LMS is deployed, configuration changes are saved automatically where appropriate
and no user intervention is required. Newer versions of Catalyst OS devices have separate running
and startup configurations.

Device Setup Elements
This section describes each of the elements in the device setup that needs to be attended to.
System Name
Each Cisco IOS device in the network must have a unique system name (sysName) to discover all
devices. The system name is also populated in the Cisco Discovery Protocol (CDP) table. If there
are duplicate system names on the network, LMS will discover only one device by that name on the
network. On Cisco IOS devices, the domain name also affects the system name.
You can set up the system name by using the following commands:
Cisco IOS Devices
hostname <name>
Cisco Catalyst OS Devices
set system name <name>
Domain Name
You can set a domain name on a Cisco IOS or a Catalyst OS device. Set up the domain name by
using the following commands:
Cisco IOS Devices
ip domain-name <name>
Cisco Catalyst OS Devices
set system name <name with domain name>

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 8 of 64

Deployment Guide

SNMP Settings
LAN Management Solution uses Simple Network Management Protocol (SNMP) community strings
to read and write information from and to the devices.
Note:

LMS supports SNMP AuthNoPriv mode of SNMP v3.

Enabling SNMP v3 on Cisco IOS Devices
To enable SNMP v3 on Cisco IOS devices, follow these steps:
Step 1. Create a view.
snmp-server view campus oid-tree included
Step 2. Set the security model.
snmp-server group cmtest v3 auth read campus write campus access
access-list
Step 3. Create a user and specify the authentication protocol to be used.
snmp-server user cmtester campus v3 auth md5 password
Step 4. Create a group and associate the user with it.
snmp-server user cmtester cmtest v3
Enabling SNMP v3 on Catalyst OS Devices
To enable SNMP v3 on Catalyst OS devices, follow these steps:
Step 1. Create a view.
set snmp view campus 1.3.6.1 included nonvolatile
Step 2. Set the security model.
set snmp access cmtest security-model v3 authentication read campus
write campus nonvolatile
Step 3. Create a user and specify the authentication protocol to be used.
set snmp user cmtester authentication md5 cisco123
Step 4. Create a group and associate the user with it.
set snmp group cmtest user cmtester security-model v3 nonvolatile
Enabling SNMP v1 or v2c on Cisco IOS Devices
To enable SNMP v1 or v2 on Cisco IOS devices, follow these steps:
Step 1. snmp-server community <read-community-string> ro
Step 2. snmp-server community <write-community-string> rw
Enabling SNMP v1 or v2c on Cisco Catalyst OS Devices
To enable SNMP v1 or v2c on Cisco Catalyst OS devices, set as follows:
Step 1. set snmp community read-only <read-community-string>
Step 2. set snmp community read-write <write-community-string>
The community strings configured on the devices must match the community strings entered in the
DCR (Device Credential Repository) component in LMS.
Enabling Traps in Catalyst OS Devices to Be Sent to a Particular Host
To enable traps in Catalyst OS devices to be sent to a particular host, enter this command:
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 9 of 64

Deployment Guide

set snmp trap 192.168.124.24 public
Enabling Traps in IOS Devices to Be Sent to a Particular Host Using SNMP v2c
To enable traps in IOS devices to be sent to a particular host using SNMP v2c, enter t his
command:
snmp-server host 192.168.124.24 traps version 2c public
In these examples for enabling traps, the public community string helps selective processing of
traps on the trap-receiving side.
System Reload
After a software image distribution operation using Resource Manager Essentials (RME) is
completed, RME will reload the device if so specified in the Image Distribution job. RME will be able
to reload any device (IOS or Catalyst OS) only if an SNMP manager (in this case, RME) is allowed
to reset the agent.
The following command is needed on Cisco IOS devices only:
snmp-server system-shutdown
Command Line Prompts
To utilize the NetConfig capability to execute batch changes on devices, Cisco device command
line prompts must meet the requirements described in this section.
Note:

Customized prompts should also fulfill these requirements.

Cisco IOS Devices

The Login prompt should end with an angle bracket (>).

For example: Cisco>

The Enable prompt should end with a pound sign (#).

For example: Cisco#
Cisco Catalyst OS Devices
The Enable prompt must end with “(enable).”
For example: Cisco(enable)
Telnet/SSH
Telnet is one of the protocols that can be used by RME for configuration management. You can
enable Telnet using the following commands.
To enable Telnet on Cisco IOS devices and Catalyst OS devices, enter these commands:
line vty 0 4
password <password>
login
exec-timeout 0 0
Note:

More than four VTY lines can be selected for log in.

Different authentication on different VTY lines is not supported.SSH provides for a secure
communication with the device.

All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 10 of 64

Remote Copy Protocol (rcp) Remote Copy Protocol (rcp) is one of the protocols that can be used by RME for configuration management and software image management. especially RME. This document is Cisco Public Information. rcp must be enabled on the network devices—rcp can be enabled only on devices running Cisco IOS as shown in the following sample commands: username cwuser password 7 000C1C0A05 ip rcmd rcp-enable ip rcmd remote-host cwuser 172. Cisco IOS Devices Enable Syslog messages on Cisco IOS devices from global configuration mode: logging on logging <server-ip-address> logging trap <logging-level> Note: To limit the number of messages sent to the syslog servers. This All contents are Copyright © 1992–2008 Cisco Systems. this parameter is the IP address of the remote Syslog Analyzer and Collector. use TACACS. Inc.221 cwuser enable ip rcmd remote-username cwuser Note: The value of <remote-username> and <local-username> entered in the device should match the RCP User value provided in the LMS server. In case of multiple servers. Catalyst OS Devices To enable Syslog messages on Catalyst OS devices: set logging server enable set logging server <server-ip-address> set logging level all <logging-level> default Tip: The <server-ip-address> parameter is the IP address of the LMS server. In the case of remote Syslog Analyzer and Collector. use the logging trap configuration command above. the server IP address entered here is the address of the RME server.Deployment Guide Cisco IOS The following example configures SSH control parameters on a router running Cisco IOS: ip ssh timeout 120 ip ssh authentication-retries 3 Catalyst OS The following examples configure SSH in Catalyst OS: (enable) set crypto key rsa 1024 (enable) set ipNote: Note: For greater access control and logging facilities. SSH configuration requires that the domain name must be configured. For LMS to be able to provide configuration and software management using rcp. The default value is cwuser. Syslog Messages Syslog messages can be enabled on Cisco devices to further use the capability of LMS.17.246. All rights reserved. Page 11 of 64 .

Campus Manager can discover the network topology only when CDP is enabled on those devices.Deployment Guide value can be reset by traversing through the following user interface links in the LMS server: CWHP > Common Services > Server > Admin > System Preferences. Inc. To enable CDP globally: set cdp enable To enable CDP on specific ports only: set cdp enable [mod/port] All contents are Copyright © 1992–2008 Cisco Systems. CDP is a Cisco proprietary Layer 2 protocol that is media and protocol independent. All rights reserved. Campus Manager will use the following protocols in their respective technology: ILMI in LANE/ATM networks and ELMI on Stratacom Frame Relay networks. Configuring Protocols This section describes the basic configuration procedures for the following protocols: ● Cisco Discovery Protocol (CDP) ● Remote Copy Protocol (rcp) ● Secure Copy Protocol (scp) ● HTTP and HTTPS Protocols ● Multiple Spanning-Tree Protocol (MST) ● Multiple Instance Spanning-Tree Protocol (MIST) ● Per-VLAN Spanning Tree Protocol (PVST+) ● VLAN Trunk Protocol (VTP) Cisco Discovery Protocol (CDP) Cisco Campus Manager uses Cisco Discovery Protocol (CDP) to discover Cisco devices on the network. Since it is a Layer 2 protocol. To enable CDP globally: cdp run To enable CDP on specific interfaces only: cdp enable Use the no command to disable CDP capability on Cisco IOS devices. Enabling or Disabling CDP on Cisco Catalyst OS Devices CDP is enabled on Cisco Catalyst OS devices by default. these packets (frames) are not routed. and to send SNMP queries to those devices. Enabling or Disabling CDP on Cisco IOS Devices CDP is enabled on Cisco IOS devices by default. and runs on all Cisco-manufactured equipment. To enable CDP capability on Catalyst OS devices use the following commands. This document is Cisco Public Information. A Cisco device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighbors. Page 12 of 64 . To enable CDP capability on IOS devices use the following commands. Enabling CDP on devices allows Campus Manager to learn information about neighboring devices.

. for example.. Page 13 of 64 .]] Step 6: Router (config)# username superuser privilege 2 password 0 superpassword Establishes a username-based authentication system. HTTP and HTTPS Servers The Cisco IOS HTTP server provides authentication. Step 2: Router#configure terminal Enters global configuration mode. Complete syntax: Router (config)# aaa authorization exec default group tacacs+ Sets parameters that restrict user access to a network. you must use it when you configure SCP.com/en/US/products/hw/switches/ps708/products_configuration_guide_cha pter0. a connection to the Internet and end-host connection ports on access switches. therefore. Enter your password if prompted. To enable and configure a Cisco router for SCP server-side functionality. For related information. Syntax: username name [privilege level] {password encryption-type encrypted-password} Step 7: Router (config)# ip scp server enable Enables SCP server-side functionality. but not encryption. Note: You may skip this step if a network-based authentication mechanism—such as TACACS+ or RADIUS—has already been configured. Syntax: Step 5: aaa authentication login {default | list-name} method1 [method2. If you enable CDP on the Cisco devices connected to non-Cisco devices. This document is Cisco Public Information... do not enable CDP on links that are connected to non-Cisco devices. The exec keyword runs authorization to determine if the user is allowed to run an Exec shell. Inc. Tip: Do not run CDP on links that don’t need to be discovered by Campus Manager. Step 4: Router (config)#aaa authentication login default group tacacs+ Enables the AAA access control system. Enabling http Mode Use the following command to enable http mode: ip http server All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide To disable CDP on Catalyst OS devices. To protect from CDP DoS attacks. The data that the client and server transmit to each other is not encrypted. This leaves communication between clients and servers vulnerable to interception and attack. use the set cdp disable command.2(2)T. Note: Certain non-Cisco devices support CDP.9186a00801a5b18. perform the following steps: Command Description Step 1: Router> enable Enables privileged EXEC mode. please refer to this URL: ● Configuring CDP on Catalyst 6500 Series switches: http://www. they will appear on the Campus map. for client connections. Step 3: Router (config)#aaa new-model Sets AAA authentication at login. Secure Copy Protocol (scp) The Secure Copy feature was introduced in Cisco IOS 12. All rights reserved.cisco.] aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} [method1 [method2.html.

6 release. MST-enabled switches form an MST region only if they have a matching VLAN-to-IST mapping. access the following URL: http://www.Deployment Guide The Secure HTTP (HTTPS) feature provides the capability to connect to the Cisco IOS HTTPS server securely. Enable MST on the Cisco switch. Step 4. Use the set spantree mode mst command to set the spanning tree mode on the switch to MST. all VLANs are mapped to instance 0. Inc. All contents are Copyright © 1992–2008 Cisco Systems. Configuring Multiple Spanning-Tree Use the following procedure to configure Multiple Spanning-Tree (MST) (802. Define the VLAN-to-instance mappings. For more details please visit the following website: http://www. All rights reserved. such as Per-VLAN Spanning-Tree + (PVST+). Note: Mapping a VLAN to an instance does not take effect until the configuration is committed.20 By default.1s): Step 1. On the boundary of the MST region. If any of these three fails. Note: Before you can disable MST.html#999607. and other MST regions to form a loop-free topology.org/. HTTPS mode is supported only for Cisco VPN 3000 Series Concentrators. which communicates with the other spanning-tree protocols. It uses Secure Sockets Layer (SSL)1 and Transport Layer Security (TLS) to provide device authentication and data encryption.openssl. Step 3. you would enter this command: set spantree MST 10 vlan 1-10. Page 14 of 64 . the port will be flagged as a boundary port. To enable HTTPS mode in a VPN 3000 concentrator. another spanning-tree protocol. Use the following command to map VLANs to an instance: set spantree MST instance vlan <vlans> For example. MST copies the port state from the IST. must be configured. Step 2. Common Spanning-Tree (CST). to put VLANs 1 to 10 and 20 into instance 10. such as PVST+. Note: As of the LMS 2.cisco. MST configuration name. Use the following commands to set the configuration and the revision number: ● set spantree MST configuration name <name> ● set spantree MST configuration revision <revision-number> Instances 1 to 15 operate only within the MST region. Step 3 Define the MST configuration name and revision number. Step 4 Commit the MST configuration to apply it on the switch. Use the following command: set spantree MST config commit 1 This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. This document is Cisco Public Information. and MST revision number.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter0 9186a008015ce28.

Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. Page 15 of 64 . To set the port cost. 4096. 32768.html.com/warp/public/473/123. the ID of the MISTP instance) to create the bridge ID priority. 8192. 40960. The default cost differs for different media. Step 1 Enable MISTP on the switch. the default is 32. use the following command: set spantree portpri 2/12 40 All contents are Copyright © 1992–2008 Cisco Systems. and 61440. the possible cost range is from 1 to 65535. use the set spantree MST rollback force command. Configuring Multiple Instance Spanning-Tree Use the following steps to configure Multiple Instance Spanning-Tree (MISTP).Deployment Guide ● If you find that you need to discard all edits made since the last commit. 45056. You can configure the port cost of switch ports. ● If you need to clear changes to the MST configuration made by someone else using another session. The ports with lower port costs are more likely to be chosen to forward frames. 53248. For related configuration information. 57344.cisco. use the set spantree MST rollback command. To set the port priority. To set the spanning-tree mode on the switch to MST. You can set the bridge ID priority for an MISTP instance when the switch is in MISTP or MISTP-PVST+ mode. All rights reserved. You can set 16 possible bridge priority values: 0. This document is Cisco Public Information. use this command: set spantree mode mistp Step 2. 49152. The possible port priority values are from 0 to 63. 12288. 36864. use this command: set spantree priority 8192 mistpinstance 1 Step 3. the port with the lowest port number forwards frames. refer to the following URL: http://www. Configure the MISTP port priority. The bridge priority value is combined with the system ID extension (that is. Inc. If all ports have the same priority value. the possible port cost range is from 1 to 200000000. To set the bridge ID priority. 16384. You can configure the port priority of switch ports. 24576. Configure the MISTP port cost. 20480. use this command: set spantree portcost 2/12 22222222 Step 4. ● When using the long method for calculating port cost. The port with the lowest priority value forwards frames for all VLANs. Configure the MISTP bridge ID priority. Step 1. ● When using the short method for calculating port cost. 28672.

49152. 20480. To set the spanning tree mode to pvst+. Enable PVST+ on the switch.1Q trunking technology rather than ISL. you can enter a bridge priority value between 0 to 65535. The possible port priority value is 0 to 63. 32768. ● When using the long method for calculating port cost. Assign lower numbers to ports that are attached to faster media (such as full duplex) and higher numbers to ports that are attached to slower media. or 61440. you can enter one of 16 bridge priority values: 0. follow these steps: Step 1. The bridge ID priority is the priority of a VLAN when the switch is in PVST+ mode. ● When using the short method for calculating port cost. Configuring PVST+ port cost You can configure the port cost of switch ports. 53248. To set bridge ID priority. use the following command: set spantree portcost 2/3 12 Step 4. the ID of the VLAN) to create the bridge ID priority for the VLAN. 16384. 28672. To configure Per-VLAN Spanning Tree+. You can configure the port priority of switch ports in PVST+ mode.1Q specification and is not supported on non-Cisco devices. the possible port cost is from 1 to 65535. When the switch is in PVST+ mode with MAC address reduction enabled. the port with the lowest port number forwards frames. The default is 32. When the switch is in PVST+ mode without MAC address reduction enabled. PVST+ is an enhancement to the 802. 8192. 40960. To set the port cost. enter this command: set spantree mode pvst+ Step 2. 36864. 57344. the possible port cost is from 1 to 200000000. The default cost differs for different media. The bridge priority is combined with the system ID extension (that is. Inc. 12288. Since PVST +treats each VLAN as a separate network. 4096. The port with the lowest priority value forwards frames for all VLANs. All rights reserved.Deployment Guide Configuring Per-VLAN Spanning Tree+ Per VLAN Spanning Tree Plus (PVST+) maintains a spanning tree instance for each VLAN configured in the network and allows a VLAN trunk to be forwarding for some VLANs while blocking for other VLANs. Configure the PVST+ bridge ID priority. All contents are Copyright © 1992–2008 Cisco Systems. This document is Cisco Public Information. If all ports have the same priority value. Page 16 of 64 . 45056. 24576. It uses 802. The ports with lower port costs are more likely to be chosen to forward frames. enter this command: set spantree priority 30000 1 Step 3. it has the ability to load balance traffic (at Layer 2) by forwarding some VLANs on one trunk and other VLANs on another trunk without causing a Spanning Tree loop. The VLAN bridge ID priority is then set to that value. Configure PVST+ port priority.

● Configuring STP and IEEE 802.com/en/US/tech/tk828/technologies_white_paper09186a008015a8ad. Inc.html ● Financial Services Design for High Availability: http://www.1D) Port VLAN priority Same as port priority but configurable on a per. Table 1.cisco.shtm l ● Configuring Spanning-Tree Bridging for the Cisco Catalyst Switch: http://www.htm ● Spanning Tree Protocol Problems and Related Design Considerations: http://www.VLAN basis in PVST+ Maximum aging time 20 seconds Hello time 2 seconds Forward delay time 15 seconds Configuring VLAN Trunk Protocol (VTP) Virtual LAN (VLAN) Trunk Protocol (VTP) reduces administration in a switched network.Deployment Guide To set port priority.s html ● Configuring FDDI 802. When you configure a new VLAN on one VTP server.cisco.VLAN basis in PVST+ Port VLAN cost Same as port cost but configurable on a per.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/spantree. the VLAN is distributed through all switches in the domain.cisco.10 Trunks: http://www. This document is Cisco Public Information.html#71577 Default Values for PVST+ Configuration Table 1 shows the default PVST+ configuration values in Cisco Catalyst 6000 devices. This reduces the need to configure the same VLAN everywhere.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_ch apter09186a00801ee706. use this command: set spantree portpri 2/3 16 For More Information on the Spanning Tree Protocol The following links provide more information on Spanning Tree Protocol setup and recommendations.cisco. Default PVST+ Configuration Values for Catalyst 6000 Switches Feature Default Values VLAN 1 All ports assigned to VLAN 1 Enable state PVST+ enabled for all VLANs MAC address reduction Disabled Bridge priority 32768 Bridge ID priority 32769 (bridge priority plus system ID extension of VLAN 1) Port priority 32 Port cost ● Gigabit Ethernet: 4 ● Fast Ethernet: 191 ● DFFI/CDDI: 10 ● Ethernet: 1002 Default spantree port cost mode Short (802. All rights reserved.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac.com/en/US/products/hw/switches/ps679/products_configuration_guide_cha pter09186a008007eeeb.cisco. VTP is a CiscoAll contents are Copyright © 1992–2008 Cisco Systems.1s MST: http://www. Page 17 of 64 .

which is the automatic extension of VLANs of all switches in a domain. and delete VLANs via the topology services application. Inc. use the following commands. To set a VTP domain and the mode on a Cisco Catalyst switch. VTP is used to configure and communicate VLAN settings across multiple switches. Best Practice Recommendations The campus best practice recommendations emphasize campus stability and predictability (especially for protocols such as STP). VTP v2 must be used on Token Ring networks. VTP versions 1 and 2 are not compatible. ● Client: Switch will synchronize VLAN configuration with advertisements received from VTP servers. instead of the command line. This document is Cisco Public Information. Though some of these risks can be reduced by VTP Authentication. All rights reserved. modify. All contents are Copyright © 1992–2008 Cisco Systems. create. This section is included for reference purposes only. and they cannot both run in the same domain. but will forward advertisements to neighbors. Each switch can be in only one VTP domain: set vtp domain <name> set vtp mode <client | server | transparent> set vtp v2 <enable | disable> Note: The set vtp v2 command is required for Token Ring networks.) Then Campus Manager can be used to view. General suggestions for enterprises preferring a cautious approach may include making use of VTP Transparent or VTP off (Catalyst OS 7. The description of the modes is as follows: ● Server: Switch will maintain and communicate VLAN settings to all other switches in the VTP domain.1. VTP must be configured on all switches in order to manage VLANs via Campus Manager. Discovering VLANs established on a switch using VTP Transparent mode is supported from Campus Manager 3. A VTP domain must be established and the VTP mode must be defined on each device. In addition. and forward advertisements to neighbors. VTP’s major benefit of providing uniform VLAN creation across multiple switches may be outweighed by the drawbacks of the same thing it’s supposed to simplify. at least one switch in each VTP domain must be defined as a VTP server in order for Campus Manager to create VLANs in that domain. Any VLANs configured on a transparent switch will be local to that switch only. Spanning tree is not a poor protocol—it’s the protocol’s defaults that are not ideal. Page 18 of 64 . Another major risk of the VTP client/server model is the possibility of new server versioning overriding the existing VTP Server and deleting VLANs unknown to the new master server from all switches within that domain.Deployment Guide proprietary protocol that is available on most of the Cisco Catalyst Family products. Note: This protocol should be enabled and configured as part of the overall network design. ● Transparent: Switch will not participate in VLANs advertised by server. This does pose the risk of unenforced STP and its issues cross multiple switches.x) instead of the typical VTP server/client model. (The old restriction of requiring at least one server in a VTP domain to identify VLANs has been removed.

and the Inter-Switch Link (ISL) or IEEE 802.cisco. All contents are Copyright © 1992–2008 Cisco Systems. IEEE 802. ISL is a Cisco proprietary protocol used to combine traffic from multiple VLANs over one link. Enabling Trunking on Catalyst Switch Ports This protocol should be enabled and configured as part of the overall network design. For example: set trunk 2/1 on 2-10 For more information. This document is Cisco Public Information. and VTP Pruning. In order to perform trunking.1Q is the industry-standard protocol for performing the same function.1Q protocol must be enabled. All rights reserved.Deployment Guide Trunk Clearing. ports on each side of the link must be set to trunk ports. use the following command: set trunk <module/port> on [vlans] This establishes the specified module/port as a trunk port and enables the ISL protocol.html. Trunking is a method of carrying traffic for multiple VLANs over the same link.com/warp/public/473/21. thus extending the VLANs across the network. the added complexity of these is not really worth it. Page 19 of 64 . go to “Understanding and Configuring VLAN Trunk Protocol (VTP)”: http://www. To enable trunking on a Catalyst Switch port. between two switches or a switch and a router. Inc. IEEE 802. This section is included for reference purposes only.1Q must be used on Token Ring networks. You can use the optional vlans parameter to specify a specific range of VLANs to be allowed across the trunk (valid ranges are from 1 to 1005).

Inc. The size grows in proportion to number of devices. ● /var/adm/CSCOpx partition This partition holds log files.6 Installation Requirements Cisco LAN Management Solution installation is supported in the U. libraries. amount of availability data. and database files. enter: df –k at the command prompt. RME. All contents are Copyright © 1992–2008 Cisco Systems. Cisco also recommends that you verify all backups that may be needed in the future. device configurations. Recommended Solaris Disk Layout The following layout for the Solaris disk is recommended: ● /opt/CSCOpx partition This partition holds application executables. software images. ANI.8) and Solaris 9 (Solaris 2. and the number of software images. ● /tftpboot partition This partition holds configurations and software image images as they are downloaded from or uploaded to devices. The growth of the partition depends on the number of archived configurations. and the number of syslog messages. Component Recommended Server Requirements for Solaris Systems Recommended Server System Requirement ● Sun UltraSPARC IIIi or Sun UltraSPARC IIICu for Restricted license ● Dual Sun UltraSPARC IIIi or dual Sun UltraSPARC IIICu for Unrestricted license CPU ● Sun UltraSPARC IV ● 2 GB for Restricted license ● 4 GB for Unrestricted license RAM Software Solaris 8 (Solaris 2. This document is Cisco Public Information. on a separate disk. Backup partitions need to be large enough to store all application databases (for example. All rights reserved. The backup partition should allow for multiple revisions.S. Cisco LAN Management Solution 2. DFM. Backup Recommendations Cisco recommends that you store backups on a separate partition.9) Disk Space 20 GB or more free space for LMS applications and data Swap Space ● 4 GB swap space for Restricted license ● 8 GB swap space for Unrestricted license • UNIX file system recommended1 We recommend that you set swap space to twice the size of RAM. software images. and exported reports.) as well as device configurations. verbosity of debugs. English and Japanese versions of the Windows and Solaris operating systems. Solaris OS Installation Requirements This section discusses the LMS requirements to install on the Solaris operation system. Page 20 of 64 . or preferably. and user accounts. 1 To verify the amount of available disk space in each of the specified partitions and directories.Deployment Guide 3. This partition must be large enough to handle the biggest SWIM job. Table 2.

4 To verify the Service Pack version on Windows. There is no need to follow the order recommended above if you are installing just one application in the CiscoWorks machine. Install Device Fault Manager 2.3 before installing any other application.6 on a system with Internet Information Services (IIS) enabled is not supported.6 on a Windows 2000 operating system (all versions). Install CiscoWorks Common Services 3. 2 If you are using LMS 2.6 applications on a system with Terminal Services enabled in Application mode is not supported. Install Internetwork Performance Monitor 2. This document is Cisco Public Information. disable Hyper-Threading Technology (HTT). The file system field appears in the General tab of the Properties dialog box. All rights reserved. Recommended Order for Installing LMS Applications The recommended order for installing LMS applications is as follows.3. Do not install LMS 2. 3 Installation of LMS 2. select Start > Run.3.intel. Note: The only requirement is to install CiscoWorks Common Services 3.Deployment Guide Windows OS Installation Requirements This section discusses the LMS requirements to install on the Windows operation system.htm.8 GHz Intel Pentium 4 or dual 2. then enter winver. right-click the drive and select Properties from the popup menu. Step 6.6 applications on a system with Terminal Services enabled in Remote Administration mode is supported. Component Recommended Server System Requirement CPU ● 2.8 GHz Intel Xeon processor for Restricted license ● Dual 2. open My Computer on the Windows desktop.3. Recommended Server Requirements for Windows Systems Table 3. Install the LMS 2. However. IIS Service must be disabled on the server before installing the LMS 2. Disk space Swap space 20 GB or more free space for LMS applications and data ● 4 GB virtual memory for Restricted license ● 8 GB virtual memory for Unrestricted license • NTFS file system5 required We recommend that you set virtual memory to twice the size of RAM. Inc.See http://www. Step 1.0. Step 2.0.8 GHz Intel Xeon processor for Unrestricted license RAM ● 2 GB for Restricted license ● 4 GB for Unrestricted license Software1 2 3 Any one of the following: • Windows 2000 Professional with Service Pack 44 ● Windows 2000 Server with Service Pack 4 ● Windows 2000 Advanced Server with Service Pack 4 ● Windows Server 2003 Standard and Enterprise Editions with Service Pack 1 ● Windows 2003 R2 Server Standard and Enterprise Editions LAN Management Solution 2. 1 Installation of LMS 2.0. Step 5. To verify the file system.0. All contents are Copyright © 1992–2008 Cisco Systems.3.6. installation of LMS 2.6 applications.com/support/processors/sb/CS-017343. Installation might proceed in other locales. Install Campus Manager 4.8 GHz Intel Pentium 4 or 2.6 on a FAT file system. Step 3.6 Update.6 on an NTFS file system. but there might be problems in the functionality of CiscoWorks. Page 21 of 64 . Step 4. Set the default locale to US-English for the US-English version and Japanese for the Japanese version. Install Resource Manager Essentials 4.6 supports only the US English and Japanese versions of these operating systems. 5 Install LMS 2.0.

RME Server Internal TCP 49 TACACS+ and ACS CiscoWorks Common Services. LAN Management Solution Port Usage Protocol Port Number Service Name Application(s) Direction (of Establishment) of Connection ICMP 7 Ping RME. CM. such as OGS. and DFM Server to Device TCP 22 Secure Shell (SSH) CiscoWorks Common Services and RME Server to Device TCP 23 Telnet CiscoWorks Common Services.Deployment Guide Ports Used by LMS Applications The following table lists the ports used by the various CiscoWorks components. and RME Server to Device TCP 25 Simple Mail Transfer Protocol (SMTP) CiscoWorks Common Services (PSU). CiscoView. Page 22 of 64 . and RME Client to Server TCP 1783 IIOP for IPM Gatekeeper IPM Client to Server TCP 1784 IIOP for IPM Gatekeeper IPM Client to Server TCP 8088 HIOP CiscoWorks Common Services Server to Client Client to Server TCP 8898 Log Server DFM TCP 9007 Tomcat shutdown CiscoWorks Common Services Server Internal TCP 9009 Ajp13 connector used by Tomcat CiscoWorks Common Services Server Internal TCP 9088 HIOP port for IPM IPM gatekeeper Server Internal Server to Client Client to Server TCP 9191 HIOP port for IPM Gatekeeper IPM Server Internal TCP 9192 IIOP port for IPM Gatekeeper IPM Server Internal TCP 9193 IIOP port for IPM Gatekeeper IPM Server Internal TCP 9194 HIOP port for IPM Gatekeeper IPM Server Internal TCP 15000 Log server DFM Server Internal TCP 4005040070 CSTM ports used by CS applications. and DFM Server to ACS TCP 80 HyperText Transfer Protocol (HTTP) CiscoWorks Common Services. CM. and CM Server to Client TCP 1741 CiscoWorks HTTP Protocol CiscoWorks Common Services. RME. and CM Client to Server TCP 1684 IIOP CiscoWorks Common Services. All rights reserved. CiscoView. CiscoView Client to Server TCP 443 CiscoWorks HTTP server in SSL mode CiscoWorks Common Services Sever Internal TCP 514 Remote Copy Protocol CiscoWorks Common Services Server to Device TCP 1683 Internet Inter-ORB Protocol (IIOP) CiscoWorks Common Services. Device and Credential Repository (DCR) CiscoWorks Common Services Server Internal TCP 40401 LicenseServer CiscoWorks Common Services Server Internal All contents are Copyright © 1992–2008 Cisco Systems. Inc. This document is Cisco Public Information. Table 4.

Server Internal Page 23 of 64 . Inc. and DFM UDP UDP 161 162 Server to Device Device to Server Server to Device Device to Server Server to Device Device to Server UDP 514 Syslog CiscoWorks Common Services and RME Device to Server UDP 9000 DFM trap receiving (if port 162 is occupied) DFM Client to Server UDP 9002 DFM trap listening DFM Client to Server UDP 14004 Lock port for ANI Server singlet on check CM Server Internal UDP 16236 UT Host acquisition CM Device to Server UDP 42342 OSAGENT CiscoWorks Common Services Server Internal (Common Services) UDP 42350 Event Services Software (ESS) (Alternate port is 44350/udp) CiscoWorks Common Services All contents are Copyright © 1992–2008 Cisco Systems. and DFM SNMP Traps (Standard Port) CiscoWorks Common Services. All rights reserved. This document is Cisco Public Information. CiscoView. RME.Deployment Guide TCP 42340 CiscoWorks Daemon Manager Tool for Server Processes CiscoWorks Common Services Server Internal TCP 42344 ANI HTTP Server CiscoWorks Common Services Server Internal TCP 42351 Event Services Software (ESS) Listening (Alternate port is 44351/tcp) CiscoWorks Common Services Server Internal TCP 42352 ESS HTTP (Alternate port is 44352/tcp) CiscoWorks Common Services Client to Server TCP 42353 ESS Routing (Alternate port is 44352/tcp) CiscoWorks Common Services Server Internal TCP 43441 CMF Database CiscoWorks Common Services Server Internal TCP 43455 RME Database RME Server Internal TCP 43443 ANIDbEngine CM Server Internal TCP 43445 Fault History Database DFM Server Internal TCP 43446 Inventory Service Database DFM Server Internal TCP 43447 Event Promulgation Module Database DFM Server Internal TCP 4350043530 CSTM Port for DFM DFM Server Internal TCP 44341 IPM Database IPM Server Internal TCP 44342 IPM Name Server (OSAGENT) IPM Client to Server (Applicable to IPM standalone client) TCP 4700047040 CSTM Port for RME RME Server Internal TCP 5500055020 CSTM Port for Campus Manager CM Server Internal TCP 57860 JRun . CM.JRun Server Manager Control Server CiscoWorks Common Services Server Internal UDP 69 Trivial File Transfer Protocol (TFTP) CiscoWorks Common Services and RME Simple Network Management Protocol (SNMP) CiscoWorks Common Services.

If a PIN only is entered.Deployment Guide Licensing Terminology and Process3 The section describes the LMS 2. Use the PAK to get a license from Cisco. The LMS installation program prompts you to enter the license file. All contents are Copyright © 1992–2008 Cisco Systems. then it need not be provided during the installation of the other applications.com. Inc. get your license file from: http://www. Table 5. Licensing Terminology Licensing Term Description Product Identification Number (PIN) The PIN is printed on the software claims certificate. Page 24 of 64 . you need not register the product during the 90-day evaluation period.com/go/license If you are not a registered user of Cisco. not necessarily only at the time you install the product.0.com. You need to provide your PAK to receive your license file. or the PIN and PAK.com. but you will be periodically be reminded to complete the license process. use this site to get your license file: http://www. You may obtain and install your license key at any time while you are working on LMS.cisco. This document is Cisco Public Information. All rights reserved. License File When you register your LMS purchase on the product licensing area of Cisco. If an authenticated license cannot be obtained during installation. use the PIN to proceed with the installation. Licensing Items of Note ● When you first install CiscoWorks Common Services 3.com.6 software-based product registration and license key activation terminology and technologies. If you are a registered user of Cisco. The LMS installation program prompts you to enter the PIN during installation.com/go/license/public. LMS will run normally. you will not be prompted to register your PIN/PAK during the process. If the licensing information is provided during the installation of the first LMS application. ● If you have received LMS as an evaluation copy. you will receive a license file. ● The first LMS application you install will prompt you to provide the LMS licensing information. Product Authorization Key (PAK) The PAK is printed on the software claims certificate.cisco.

Devices imported into Device Credential Repository (DCR) will be automatically added in RME. b. performance monitoring. ● Campus Manager (CM): CM by default is in Auto Synchronize mode. To disable Auto Synchronize mode in RME: a. b. the applications may do data collection. Note: Please note that you must specify the application mode in each of the applications user interfaces. RME is in Auto Synchronize mode. All devices added in DCR will automatically be managed in DFM. ● Device Fault Manager (DFM): By default. In Auto Synchronize mode. ● Internetwork Performance Monitor (IPM): IPM source and data collectors can be set up after DCR has been populated. delete. ● Resource Manager Essentials (RME): By default. The application mode in CM cannot be disabled. Deselect the Synchronize with Device Credential Repository option. Then deselect the Automatically Manage Devices from Credential Repository option. From Resource Manager Essentials. The two LMS application modes are: ● Manual mode ● Auto Synchronize mode In Manual mode. All rights reserved. Resource Manager Essentials and Internetwork Performance Monitor) will not automatically get device updates (device add. the LMS applications will automatically get device updates (device add. Hence all devices added in DCR will automatically be managed in CM. choose Device Management > Device Selector. This chapter also provides information on the default settings in the applications and how to update the application settings for easier management of devices across the LMS server. Initial Setup of the LAN Management Solution 2. DFM is also set up in an Auto Synchronize mode. Page 25 of 64 . To disable Auto Synchronize mode in DFM: a.6 Server This chapter will guide you through the initial setup of the LAN Management Solution server. Inc. Device Fault Manager. delete and credential updates) from DCR. and fault monitoring on the modified devices. unless filters (such as IP address range or VTP domain) have been set up to override the application mode. Application Mode Settings in LMS Applications Application mode settings are available in LMS applications to help control the flow of device and credential information to the applications from the Device Credential and Repository (DCR). All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide 4. In response to the device updates. From the Device Fault Manager. This document is Cisco Public Information. the LMS applications (Campus Manager. choose Administration > Device Management. and credential updates) from DCR.

Select View/Edit Preferences from the Table of Contents. Protocol Setup RME also uses various protocols for configuration and software management. Inc. Step 3. it is advisable to leave Auto Synchronize mode enabled. The available protocols are: ● Telnet ● TFTP (Trivial File Transport Protocol ● RCP (Remote Copy Protocol) ● SSH (Secure Shell) ● SCP (Secure Copy Protocol) ● HTTPS (Hyper Text Transfer Protocol Secured) Set Up Protocol Ordering Protocol ordering can be set up for these configuration applications: Archive Management. Page 26 of 64 . Note: For secure communication between the server and a device. Click Software Mgmt. All contents are Copyright © 1992–2008 Cisco Systems. two instances of RME installed in two different servers can be managing the same set of devices. choose Administration > Config Management. Manual mode should be enabled. Use the Add and Remove buttons for selecting the protocol order. Step 2. From Resource Manager Essentials. then click Apply. and NetConfig jobs to download configurations and to fetch configurations. If Auto Synchronize mode is enabled for RME to get devices from the DCR. Select the protocol order by clicking Add or Remove. When multiple CiscoWorks servers are installed and a large number of devices are to be managed between the CiscoWorks servers.Deployment Guide Note: For easier management of devices across all LMS applications. Configuration Management You can set the protocols and order for Configuration Management applications such as Archive Management. This document is Cisco Public Information. All rights reserved. To order the Software Management protocol: Step 1. Step 2. User intervention is required to select dissimilar set of devices to be managed by the two RME servers. use SSH. Config Editor. Select the desired application from the Application Name drop-down list. Network administrators can assign the protocols to be used in RME for Configuration Management and Software Management. To set up protocol ordering for Config Management: Step 1. Step 3. and NetConfig. Config Editor.

SCP and HTTP. Certificate Setup Every CiscoWorks server needs to have a System Identity user set up for system processes to use while performing background tasks that are not user initiated. Edit the necessary details. Setting Up a Peer Server Account If a CiscoWorks server has to exchange information (such as device credentials) with other CiscoWorks servers. All rights reserved. Inc. Use the Add and Remove buttons for selecting the protocol order. Step 2. Software Management uses the first protocol in the list. Create a peer server account as described here and provide the credential information to the third-party user. define the protocol order. these jobs use the second protocol and so on.6 provides the following security features: ● Secure the user access to devices. Step 3. until Software Management finds a transport protocol for downloading the images. To set up a peer server account: Step 1. Select the Peer Server Account Setup link. every CiscoWorks server needs to have a peer server account set up. choose Administration > Software Mgmt > View/EditPreferences. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. If the first protocol in the list fails. Create the System Identity user as described in the previous section. While downloading the images. TFTP. The supported protocols are: RCP. ● Secure browser client communication to the server. Setting Up the System Identity User To view the System Identity User default settings or to change the default settings: Step 1. To define the protocol order that Software Management has to use for software image download: Step 1. Peer server accounts can also be used for providing access to a third-party application to access the CiscoWorks server and authenticate and authorize it. Step 2. Page 27 of 64 . In the View/Edit Preferences dialog box. From Resource Manager Essentials. All contents are Copyright © 1992–2008 Cisco Systems.Deployment Guide Software Image Management Software Management downloads software images based on the protocol order specified. Step 3. Select the System Identity Setup link. Setting Up Security By integrating with the Cisco Secure ACS server. A peer server account should have the System Identity user information of other CiscoWorks servers. This document is Cisco Public Information. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. Step 3. A system identity user is set up by default when the CiscoWorks server is installed. LMS 2. Step 2.

For the Authentication method. To add the CiscoWorks LMS server(s) as AAA client(s) of the ACS server. To create a new NDG group. choose TACACS+. Step 7. If there are third-party applications integrating with the LMS server. Figure 3.Deployment Guide Step 4. Integrating LMS Servers with ACS To integrate LMS servers with ACS. follow these steps: Set Up the System Identity and Peer Server Account Users in the LMS Server To ensure that the System Identity User is set up: Step 1. Step 6. Figure 3 shows the AAA client model. Step 2. a. Page 28 of 64 . Step 3. Step 5. authorization. Navigate to CWHP > Common Services > Server > Security > Multi-Server Trust Management. Log in to the ACS Server. and accounting (AAA) services to network devices that function as AAA clients. All rights reserved. follow these steps: Step 1. create a peer server account for this purpose because the third-party applications do not need to know the System Identity Setup credentials. All contents are Copyright © 1992–2008 Cisco Systems. such as a network access server. Select the System Identity Setup link. Assign the CiscoWorks LMS server(s) to a new NDG group. Set Up the ACS Server To set up the Access Control Server. navigate to User Setup. Common Services provides a way to configure secondary and tertiary ACS servers to support redundancy.0 integrates with ACS server to leverage the AAA functionality for restricting user access to devices. This document is Cisco Public Information. choose Add Entry. Step 8. from the Network Configuration menu. from the Network Configuration menu. PIX Firewall. AAA Client Model Common Services 3. Step 2. Setting up the Cisco Secure Access Control Server Cisco Secure Access Control Server provides authentication. or router. Step 4. Step 3. Provide the IP address and host name of the CiscoWorks LMS server(s) that you are going to set up. Add a System Identity User as a registered user in the ACS Server. Inc. Specify a secret Key. choose Add Entry. Make sure that the System Identity users of the other CiscoWorks servers are created. To do this.

Step 3. choose Server > Security > AAA Mode Setup > Select ACS Type. All rights reserved. then click Submit (located on the lower frame). Step 5. Resource Manager Essentials. Inc. Step 4. enter either the net stop crmdmgtd command or the net start crmdmgtd command. All contents are Copyright © 1992–2008 Cisco Systems. and provide System Administrator privilege for the device group containing the LMS server.d/dmgtd start command. Enter the username. then click Add/Edit. ● If using a Solaris server. Enter the primary ACS server IP address. Step 2. Page 29 of 64 . Navigate to Group Setup. Set Up the LMS Server to Communicate with the ACS Server To set up the LMS server to communicate with the ACS server. Device Fault Manager and CiscoWorks Campus Manager.d/dmgtd stop command or the /etc/init. Log in to LMS server. To configure the System Identity User in the ACS server. enter the /etc/init. In the User Setup section. enter the password for the user. ACS Admin User Name and Password. follow these steps: Step 1. Add the group to Default Group. Navigate to Common Services Panel in CiscoWorks Home Page. you will learn how to assign a System Administrator privilege to the User Group on the Device Group to which the LMS server is assigned.Deployment Guide b. Click Edit Settings. Step 4. Note: Make sure the user is created with the same password as the password specified for the LMS servers. c. and Shared Secret Key Note: These values for these fields must be the same as the values entered in the ACS server. Select the User Group. follow these steps: Step 1. Step 9. Step 3. Note: The same procedure must be done to add any other peer server username (especially the user created for third-party applications) to the ACS server. Restart the LMS server. Configure the System Identity User in the ACS Server In this procedure. This document is Cisco Public Information. Step 2. The only difference between this setup and the peer server user setup is that the peer server username need not be assigned an Administrator privilege to the NDG group. ● If using a Windows server. To configure Common Services to be in ACS login mode. Browse to the applications CiscoWorks. Note: The System Identity User is quite unique and not the same as any other user created in the ACS server. CiscoView.

Step 4. Setting Permissions for Performing Tasks on Devices If a Security Administrator wants to restrict a user to performing only a selected set of tasks (for example tasks t1. Step 5. Choose the application for which you need to set the task to role mapping. Log in to the ACS server. t2. and t3) on a device in the LMS server. Page 30 of 64 . follow these steps: Step 1. Step 1. click Shared Profile Components (in the navigation bar on the left). click on a user role and change the tasks assigned to that role. To create Network Device Groups. Create Network Device Groups. Step 3. All contents are Copyright © 1992–2008 Cisco Systems. click Network Configuration (in the left navigation bar). Set up the Cisco Secure ACS server as described in “Setting Up the Cisco Secure Access Control Server” section on page 28. All rights reserved. To change the task to role mapping. Step 2. Step 3. Step 4. User Groups and Assign Roles to Network Device Groups in the ACS Server To create Network Device Groups. Network Administrator. Step 1.Deployment Guide Configure the ACS Server to Change Default Permissions and Task to Role Mapping (Optional) There are five default roles defined by CiscoWorks: ● System Administrator ● Network Administrator ● Network Operator ● Approver ● Help Desk These roles are by default assigned permissions to various tasks in CiscoWorks. then follow these steps. Log in to the ACS server. Step 5. For example. Put the LMS server(s) in ACS security mode Step 2. To add users to User Groups. click Group Setup. user groups. Step 2. Click Shared Profile Components. Step 3. etc. Inc. then click Edit Settings. Add devices to the Network Device Group. This document is Cisco Public Information. To assign User Groups permissions (System Administrator. and assign roles to those groups. click Group Setup. then click Users in Group. An ACS user can change the task to role mapping as required. you can click CiscoWorks Common Services.) on the various Network Device Groups. then select an application that has tasks t1. t2 and t3. Make sure that a role (for example Network Administrator) is available so that it has permissions to perform only the restricted list of tasks. Log in to the ACS server.

The same link can be used to set up other CiscoWorks servers as slaves. Complete the security certificate setup described in the section above. a user on a LAN or WAN requires access to a number of different servers. enter either the net stop crmdmgtd command or the net start crmdmgtd command. Page 31 of 64 . Step 1. Step 3. Single Sign-On This task is optional and applicable in a multiple CiscoWorks server setup only. and t3 for this role. use https://server-url:1742. All contents are Copyright © 1992–2008 Cisco Systems. t2.d/dmgtd stop command or the /etc/init. Step 4. ● To restart the LMS server. Single Sign-on is the ability to log in into multiple computers or servers with a single action and the entry of a single password. one of the CiscoWorks servers acts as the SSO Authentication server or master and all other CiscoWorks servers act as the slave or SSO regular server. Click Group Setup. To setup Single Sign-on. follow these steps: Step 1. Enabling HTTPS on an LMS Server You can enable HTTPS on an LMS server to provide secure communication between the server and client. Step 3. One of the CiscoWorks servers should be set up as the authentication server.d/dmgtd start command. for example. This is especially useful where. In SSO mode. then select the user group to which the user is assigned. All rights reserved. Step 7. Select Browser-Server Security Mode Setup. Select the Single Sign-on Setup link. and assign the role Network Administrator to the user selected in the previous step. ● To access the LMS server. t2 and t3 are present. ◦ If using a Windows server. Click Edit Settings. SSL can be enabled on the server by going to Common Services > Server > Security > Single-Server Management. Notes ● HTTPS communication will work only after restarting the LMS server. Navigate to CWHP > Common Services > Server > Security > Multi Server Trust Management. go to the application where the tasks t1. All authentication is done by the master server for any access to slave or master servers.Deployment Guide Step 6. Select Enable. This document is Cisco Public Information. Click Network Administrator and enable only the tasks t1. ◦ If using a Solaris server. Step 2. Choose the Master (SSO Authentication Server) mode. Inc. Step 2. enter the /etc/init. Step 8. ● Any link and/or application registration will work fine after you change the CiscoWorks security mode from http to https.

while the other is called Campus Data Collection. LMS is now ready to start importing devices for management. you can enter a single or multiple Seed Devices in Campus Manager.6 The tasks described in Chapter 4. Campus Manager processing has been partitioned into two separate processes: one of the processes is called Device Discovery. page 34 Campus Manager Device Discovery Campus Manager has the ability to discover Cisco devices present in the network using Cisco Discovery Protocol (CDP). “Initial Setup of the LAN Management Solution 2.6 Server” should complete the initial configuration on the LMS server. page 33 ● Device Credentials Update. All rights reserved. Note: Only the read community string needs to be entered in the SNMP Settings page. Populating Devices in Cisco LAN Management Solution 2. Campus Manager populates the Device and Credentials Repository (DCR) with the list of discovered devices in the network. Devices can be populated in the LMS server through one of the three tasks listed below: ● Campus Manager Device Discovery. Page 32 of 64 . Information about the devices is fetched by Campus Manager only during the data collection process. After editing the SNMP strings. Device Discovery within Campus Manager uses seed devices to discover the network using CDP. In the device discovery process.6. To gather the list of devices. Step 4. Inc. A core switch (or switches) should be the seed device because this device will have a lot of CDP neighbors and this hastens the discovery process. select the SNMPV3 radio button. All contents are Copyright © 1992–2008 Cisco Systems. Step 3. In LMS 2. Step 5. CDP should be enabled on the network. By default only the SNMPv2 read string is populated. page 32 ● Bulk Device Import to Device and Credentials Repository. To enter a seed device. Hence to have the ability to discover devices using Campus Manager. follow these steps: Step 1. If CDP is enabled on your network. you musts first initiate the Device Discovery process. Then select the SNMP Settings link. To populate SNMPv3. Choose Administration. This document is Cisco Public Information. Step 2. Note: A seed device should generally be core device. Add or Edit the read community strings depending on the number of community strings configured in the network. Defining a Seed Device in Campus Manager To define a seed device in Campus Manager. click Apply on the SNMP Settings screen. click the Discovery Settings link (under TOC).Deployment Guide 5.

Bulk Device Import to Device and Credentials Repository LMS also supports bulk import into the Device and Credentials Repository. Address filters are available to either to discover or not discover devices in a particular network. ● Local NMS Import To import devices from either HP OpenView Network Node Manager 6.x or IBM Tivoli NetView 7.Deployment Guide Step 6. In this case. Bulk import into DCR can be done by one of the three formats listed below. You will have to provide the installation location of HP OpenView NNM 6. Note: If the device discovery is scheduled. devices in LMS would be populated only after Campus Manager Device Discovery has taken place.x installed in the same machine as the CiscoWorks server. Note: In LMS 2. Refresh the page to update the device discovery status and verify the number of devices discovered when in Idle state. select the Local NMS option. This document is Cisco Public Information. navigate through CWHP > Common Services > Device Management > Bulk Import. ● Remote NMS Option To import devices from either HP OpenView Network Node Manager 6. click IP Address Range. You can then assign a device type to the device by selecting the device in Device Management screen and clicking Edit. To do bulk device import.x or IBM Tivoli NetView 7. ● File Import Select the File option to import devices from a CSV or XML file. then it will be a member of the group /Device Type Groups/Unknown Device Type. the importing devices is allowed only from a remote Unix NMS server or a remote Windows NMS server that supports the RSH protocol. All the devices discovered by Campus Manager should now be populated in the DCR.x.6. select the Remote NMS option. All contents are Copyright © 1992–2008 Cisco Systems.x or IBM Tivoli NetView 7. then click Apply. Configure the seed devices. All rights reserved. This action triggers an immediate Device Discovery process. Step 7. To configure the address filters. To verify the device discovery status. Step 8. all device credentials can be provided along with the device name and IP address. The input file should have the format as specified in the online help. click the Go to Campus Administration link. If the imported device does not have a device type associated with it. Page 33 of 64 . Inc. Step 9.x installed in a different machine from the CiscoWorks server.

if the devices have different credentials. populating the Cisco devices through Campus Manager Device Discovery is recommended. Step 4. Inc. If all the devices have the same credentials. To perform credential update in DCR: Step 1. devices can be added into RME from the Device and Credentials Repository using either of following procedures: ● If all the devices added in DCR are also to be managed by RME. device credentials other than the SNMP read credentials need to be entered in the Device and Credentials Repository. the Auto All contents are Copyright © 1992–2008 Cisco Systems. then click Finish. Note: If you have CDP enabled on your network. Device Credentials Update To utilize the complete functionality of LMS. Check Automatically Manage Devices from Credential Repository. Going to the CiscoWorks Home Page and navigating to RME > Administration > Device Management > Device Management Settings. All rights reserved. Step 3. However. Click Next. Step 2. create groups of devices having the same credentials by going to CWHP > Common Services > Groups. Step 7. All applications within LMS should be populated with the imported devices. which will by default select all the devices. click Edit. Device Management Device discovery just populates devices in LMS. Create groups underneath the CS@server-name/User Defined Groups. Page 34 of 64 . b. then click Edit. you can edit the credentials for these devices by selecting the groups to which the devices belong. If you need to enter User Fields for devices. Navigate to CWHP > Common Services > Device and Credentials > Device Management. Enter the device credentials. Note: Don’t select any device in the screen that follows.Deployment Guide Editing the Credentials for the Imported Devices Once the devices have been imported through the Local NMS or Remote NMS options. click Next and enter up to four user-defined fields. use the above step to Edit their credentials. the Auto Synchronize option in RME should be enabled. ● If only a subset of devices available in DCR are to be managed in RME. Adding Devices to RME From DCR If RME has not been set up in Auto Synchronize mode. Additional information about the devices such as configuration files and software images on the network needs to be added. This document is Cisco Public Information. Select the devices under the All Devices group by checking the All Devices group. Step 5. then in the Device Management screen. Step 6. You can enable Auto Synchronization by: a.

Collecting Devices’ Startup and Running Config To collect the startup and running configuration of devices: Step 1. This can be done only for the devices that failed the initial synchronize archive operation. To view the archive collection status or view the job details. Inc. Verification of Device Import Status in LMS Applications This section describes the verification of device import procedures in Resource Manager Essentials. select the devices under RME group. Go to TOC > Sync Archive. Viewing Configuration Collection Status in RME You can view configuration collection status in RME by: a. 2. you would need to run the synchronize operation to collect the configuration files for the managed devices. To ensure that the applications are working properly. 3. Step 3. This document is Cisco Public Information. step through the verification process described in the following section. go to Config Management. Check Device Credentials To check the device credentials: 1. then select the Archive Management link. Going to CWHP > Resource Manager Essentials > Config Management > Archive Management. click the Number of Failed Devices link. Campus Manager. To see the list of devices that failed the archive operation. and Device Fault Manager. All rights reserved. You must schedule a Sync Archive job. b. To do so. the initial configuration collection of devices would fail since the credentials (SNMP write. Check device credentials by going to Resource Manager Essentials > Devices > Device Management > Device Credential Verification. click View Credential Verification Report. To view the report and see if the device credentials are correct. refresh the screen. All contents are Copyright © 1992–2008 Cisco Systems. Step 2. To verify the type of device credentials to be checked. To verify job status. Resource Manager Essentials The following RME device verification tasks are described in this section: Confirm Configuration File Collection To confirm if the configuration files have been collected: 1. Page 35 of 64 .Deployment Guide Synchronize option can be left turned off. 2. If the devices have been populated through Campus Manager Device Discovery or a third party NMS and if the Auto Synchronize option on RME was enabled. Taking these steps should populate the managed devices in the server. Telnet/SSH) needed for configuration collection were not available in LMS. Check Fetch Startup Config. click Check Device Credential. Since the credentials have been updated in LMS.

click Edit Device Credentials. All rights reserved. This document is Cisco Public Information. ● Devices should be in status Known. Campus Manager To get the current status of devices in Campus Manager: Navigate to CWHP > Campus Manager > Administration.Deployment Guide 4. Page 36 of 64 . Inc. Device Fault Manager To get the current status of devices in DFM: Navigate to CWHP > Device Fault Manager > Device Management > Discovery Status. ● DFM Processing should be Active. If you need to change the credentials on devices. ● You can view the data collection status of a device under Data Collection. All contents are Copyright © 1992–2008 Cisco Systems. ● You can find the discovery status of devices under Device Discovery.

To create the new group under /CS@server-name/User Defined Groups.com/en/US/products/sw/cscowork/ps3996/tsd_products_support_series_home. Common Services Common Services provides an operating foundation that allows Cisco Works applications to share data and system resources. To create user defined groups.Deployment Guide 6. Device Fault Manager. then click Create.6 This chapter deals with server administration and configuration settings to optimally utilize the resources of the server while also maintaining a current status of the network topology. click Finish. Click Next. then click Add Rule Expression and click Next. Navigate to CWHP > Common Services > Groups. Step 2. The Variable field offers four possible values: user_defined_field_0. and user_defined_field_3. Campus Manager. under the NMSROOT directory in Windows or Solaris). In the Group Administration window. follow these steps: Step 1. Step 5. Creating User Defined Groups Grouping devices in Common Services is used to create user-defined groups based on the User Defined field defined by DCR for the devices. Step 6.ht ml. Step 8. user_defined_field_2. All rights reserved. Step 3. All contents are Copyright © 1992–2008 Cisco Systems. Server Administration in Cisco LAN Management Solution 2. Page 37 of 64 . Periodic updates to Cisco Works Common Services are made available for download. This newly created group can be accessed from any application screen in LMS. Inc. All the devices that match the criteria are shown in the right panel. These groups can then be used by Resource Manager Essentials. This document is Cisco Public Information. Select the Group Admin link. Step 4. please refer to the following documents: http://www. It also provides a common desktop for launching Cisco Works applications and centralizes login. Backing Up LMS Data Cisco recommends that the backup data should not be stored in the directory where LMS is installed (by default. user_defined_field_1. Please note that the DCR Master/Slave mode is also backed up. user role definitions. For installation and user guide documentation. Step 7. Select an operator and value that matches the device value in DCR.cisco. Select the Variable drop-down box. Enter a group name and click Next. select /CS@server-name/User Defined Groups from the group selector. and access privileges. or Internetwork Performance Monitor to launch tools pertinent to that application.

● For a Solaris server: Execute the /etc/init. /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup. /tmp is the location of the backup directory. Change directory to NMSROOT/bin. Inc. Page 38 of 64 . To see a list of the Backed Up generations available. the command syntax is: /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup. ● GenerationNumber: Generation to be restored. Step 2. Step 1. Navigate to CWHP > Common Services > Admin. Step 2. ● TempDirectory: Temporary directory for the Restore program. Restoring LMS Data Restoring LMS data can be done only via the command line interface.pl operation in a Solaris server is given below.pl –d /tmp In the above command.d/dmgtd stop command.Deployment Guide To backup LMS data: Step 1. Default TempDirectory for this Restore program: /opt/CSCOpx/tempBackupData Use -t TempDirectory to define your own temp directory. The backup job can either be run immediately or be scheduled. Step 3.0. All rights reserved. Shutdown the daemon manager: ● For a Windows server: Execute the net stop crmdmgtd command. Step 3. the discovery mechanism can be categorized into the following three areas: ● Device Discovery ● Data Collection ● User Tracking Major Acquisition All contents are Copyright © 1992–2008 Cisco Systems. Log in to the LMS server. use the following command line: /opt/CSCOpx/bin/perl /opt/CSCOpx/bin/restorebackup. Restore Program Help The Help on the restorebackup Perl script provides the following information: To run the restore command. Select the Backup link.pl <-d BackupDirectory> [-gen GenerationNumber] [-t TempDirectory] [-help] ● BackupDirectory: Directory where the backup archive is present. Execute the script restorebackup. Example Restore Operation (Solaris) An example of the restorebackup. This document is Cisco Public Information. You can provide a backup directory name.pl -h -d BackupDirectory Campus Manager In Campus Manager 4. Step 4.pl.

2. the following tasks can be performed. ● Device Discovery determines the management IP address of the device. 2. Optimizing Network Discovery To optimize the discovery of the network. All contents are Copyright © 1992–2008 Cisco Systems. Navigate to Campus Manager Administration > Admin > Device Discovery > Discovery Settings. This document is Cisco Public Information. Navigate to the Campus Manager Panel from CWHP > Campus Manager Administration > Reports > Discovery Reports. Uncheck the DNS Lookup checkbox. ● Devices in DCR and user-configured seed devices from Campus Manager are used by the device discovery process. All rights reserved. Navigate to Campus Manager Administration > Admin > Device Discovery > Discovery Settings. Page 39 of 64 . Disabling DNS Lookup DNS lookup could be one potential area for device discovery to slow down. so DNS lookup can be disabled. click Configure. It populates the Device and Credentials Repository with the following discovered information: ◦ Host name ◦ Domain name ◦ Management IP address ◦ Display name ◦ sysObjectID ◦ SNMP credentials Discovering a device is not equivalent to managing the device in Campus Manager. Troubleshooting Device Discovery To troubleshoot device discovery: 1. To disable DNS lookup: 1. To set up IP filters: 1. IP address filters help a user to define IP address ranges inside of which devices need to be discovered. Under IP Address Range.Deployment Guide Campus Manager Device Discovery Device Discovery can be run on a predetermined schedule or initiated by an operator. Setting up IP Filters IP filters can be set if only certain subnets need to be discovered. These IP address ranges typically fall inside the same subnet. Check to see if the SNMP settings are correct for the devices to be discovered correctly. 2. Inc. The following are some key facts about Device Discovery: ● Device Discovery performs Network Discovery using Cisco Discovery Protocol as the discovery mechanism.

edit the file NMSROOT/objects/dmgt/dmgtd. IP phones. and subnets. Navigate to CWHP > Campus Manager > User Tracking > Admin > Acquisition. Cisco recommends you increase the heap size for the ANIServer from –Xmx1024m to –Xmx1280m. If a device is not in DCR. In this file. Optimizing According to the Number of Devices ● When data collection is done for more than 5.000.Deployment Guide 3. Only devices in DCR are managed. ● If data collection is done for a device count close to 5. ● Minor Acquisition: Polls the end hosts and IP phones to keep the User Tracking data current. Change this string to -Xmx1280m. Note: Any edits to dmgtd.024 MB. To modify the heap size in the ANIServer. All rights reserved. Page 40 of 64 .conf file is complete. Initiate a UT Major Discovery. the ANIServer process (Java based) reaches a threshold of 1. and subnets in the network. there is an entry for starting the ANIServer process. This document is Cisco Public Information.conf file can be done only after the LMS server is shutdown. 2. This entry has a string -Xmx1024. User Tracking Module In addition to the Campus Manager data collection feature.000 devices. The following are some key facts about Campus Manager Data Collection: A list of devices and corresponding credentials in Device and Credentials Repository are used for data collection. you can increase SNMP Timeout and Retry values.conf file. Optimizing Data Collection To optimize the data collection for devices in the network. Initiating a UT Major Discovery 1. Campus Manager Data Collection You can run Data Collection on a predetermined schedule or through operator action. Cisco IP phones. The filtering is based on either IP address or VTP domain. If the log file shows any SNMP timeout exceptions. There are two major types of acquisition in User Tracking: ● Major Acquisition: Collects data on end hosts. complete the following tasks: Setting IP Address or VTP Domain Filters You can set IP address or VTP domain filters by navigating to Campus Manager Administration > Admin > Campus Data Collection > Data Collection Filters. Inc. Modifying the heap size. A filtering mechanism can be applied to manage a subset of devices found in Device and Credentials Repository. All contents are Copyright © 1992–2008 Cisco Systems. the User Tracking module in Campus Manager can acquire data on end hosts. then it cannot be managed by Campus Manager. You must restart the LMS server the edit to the dmgtd.

Hierarchical groups are created on top of Topology groups. select Topology Groups. system jobs are created for both Inventory collection and polling. This document is Cisco Public Information. Ping Sweep on IP Addresses in a Subnet You can enable a ping sweep on all IP addresses in a subnet before starting a major acquisition.Deployment Guide The following is the list of some important options that can be selected for a major acquisition: ● Enable User Tracking for DHCP environment: This is an option for tracking the end hosts in case the IP address changes. Navigate to Campus Manager > User Tracking > Admin > Acquisition. Archives or jobs older than a particular date can also be purged: Navigate to CWHP > Campus Manager > User Tracking > Admin > Reports > User Tracking Purge Policy. Purge Policies You can delete end hosts and IP phones from User Tracking either on demand or on a specified interval after major acquisition: Navigate to CWHP > Campus Manager > User Tracking > Admin > Acquisition > Delete Interval. with their own default schedules. Then select the Schedule Acquisition link. This view shows the aggregate links between all devices contained inside those two maps. All rights reserved. The three immediate subgroups are shown as maps. Page 41 of 64 . Setting a Schedule for a Major Acquisition To set a schedule for running a major acquisition: 1. then right-click /Campus@server-name/System Defined Groups. A periodic inventory collection job collects inventory data from all All contents are Copyright © 1992–2008 Cisco Systems. Resource Manager Essentials This section describes the LMS server administration tasks for Resource Manager Essentials. Navigate to CWHP > Campus Manager. ● Use DNS to resolve host names: This is an option for resolving the host names. In the window that opens up. You can click on the maps and choose to show aggregate links between two maps. Select the Display View option. Select the Topology Services link. There is an option to exclude certain subnets from the ping sweep. Step 2. ● IP phone acquisition on dot1q trunks for IOS switches: This is an option for fetching end hosts that are connected to a switch in Voice VLAN Setup. Hierarchical Groups in Campus Manager Hierarchical groups help users to visualize the topology implemented for user-defined groups. Inventory Collection/Polling At the time of RME installation. 2. Step 4. Inc. Step 3. Step 1.

The order of protocols that are used can be re-arranged or some protocols can be removed from the list if it is not relevant to your network. Purge Policies Configuration Management You can specify when to purge archived configurations. You can purge configurations based on two criteria: All contents are Copyright © 1992–2008 Cisco Systems. The default (out of the box) periodicity of the collector job is once a week and the default (out of the box) periodicity of the poller job is once a day. if there are no configuration changes detected in the devices. The System Job Schedule dialog box displays the current collection or polling schedule. Configuration File Collection and Polling The configuration archive can be updated with configuration changes by periodic configuration archival (with and without configuration polling). with much less impact on your network and on the LMS server. ● Default Protocols used for Configuration Fetch and Deploy Many protocols are used for performing a configuration fetch and deploy. This document is Cisco Public Information. It is best for the customer to select the periodic collection and polling. Note: A scheduled collection and polling are disabled by default as the customer’s network may have sporadic bursts of traffic and the NMS should not take up the existing bandwidth. The periodic polling polls all devices to check inventory changes and collects and updates the inventory database only if there is a change. navigate to Resource Manager Essentials > Administration > Inventory > System Job Schedule. The system provides a default order of protocols that will be used to fetch or deploy the configuration on the device. 1. Note: The poller detects most changes in all devices. no configuration is fetched. You can enable this using Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Collection Settings. To change the default settings. The default order of protocols used and the option to change the order can be accessed by navigating to Resource Manager Essentials > Administration > Config Mgmt. Page 42 of 64 . This frees disk space and keeps your archive at a manageable size. All rights reserved. Inc. Select Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Collection Settings. 2. ● Periodic Collection Configuration is fetched without checking for any changes in the configuration.Deployment Guide devices (devices in the “All Devices” group) and updates inventory database. Select one or all the options. change the values and click Apply. You can modify how and when the configuration archive retrieves configurations by selecting one or all of the following: ● Periodic Polling Configuration archive performs a SNMP query on the device.

The purged labeled files will be deleted only if it satisfies these conditions Maximum versions to retain and Purge versions older than. To specify when to purge configuration files from the archive. The Archive Purge Setup dialog box appears. and the status of each filter—Enabled. Inc. or months. Collector allows only the syslogs that match any of the "Keep" filters. For example. weeks. select one or both of the following options: a. if you set the maximum versions to keep to 10. Select Enable. All contents are Copyright © 1992–2008 Cisco Systems. the first is purged to keep the total number of archived versions at 10. 3. the Common Syslog Collector drops the syslogs that match any of the "Drop" filters from further processing. 2. along with the names. To specify the default purge policy: 1. by selecting either Drop or Keep. ● If you select the Keep option. Click Purge versions older than. the purging jobs are disabled. click Change. Configurations older than the number of days you specify are purged. Syslog A default policy can be specified for the periodic purging of Syslog messages. Note: The Drop or Keep option applies to all message filters and is not on a per-filter basis. or Disabled. 2. 1. 2. To schedule a purge job. then enter a number and select days. b. c. when the eleventh version of a configuration is archived. Page 43 of 64 . click Purge labeled files.Deployment Guide ● Their age. To retain and then enter the number of configurations to retain. 5. Specify the number of days in the Purge records older than field. for further processing. To delete the labeled configuration files. Choose Resource Manager Essentials > Tools > Syslog > Message Filters. ● The maximum number of versions of each configuration to keep. 4. click Maximum Versions. The oldest configuration is purged when the maximum number is reached. Specify whether the filters are for dropping the Syslog messages or for keeping them. Choose Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Purge Settings. Defining Message Filters You can exclude messages from Syslog Analyzer by creating filters. ● If you select the Drop option. 1. This document is Cisco Public Information. A list of all message filters is displayed in a dialog box. By default. Choose Resource Manager Essentials > Administration > Syslog > Set Purge Policy. Click Apply. The default value is 7 days. will be purged. All rights reserved. Only the records older than the number of days that you specify here.

2. enter the values for each field. To save the purge policy that you have specified. This document is Cisco Public Information. Enter the information. you can create a job to import all software images on your network by following these steps: 4. Import a baseline of all software images. 1. then click Save. Setting Up Inventory Filters Certain inventory attributes can change often and these changes can get logged whenever there is a collection. Choose Resource Manager Essentials > Software Mgmt > Software Repository > Software Repository Synchronization. then click Next. This may cause a lot of change audit messages to accumulate over a period of time. Select Network and Use generated Out-of-sync Report. The images act as a backup if any of your devices become corrupted and need a new software image or if an error occurs during an upgrade. 3. 2. then click Add. All running images that are not in the software repository will appear. Inc. You can set inventory filters by navigating to Resource Manager Essentials > Administration > Inventory > Inventory Change Filter. Once the Software Repository Synchronization job finishes successfully. To prevent this inventory change filters can be enabled to not track change audits for these attributes. SWIM Baseline Collection We recommend that you first import a baseline of all software images running on your network. Specify the start time and the end time from the Start Time and the End Time drop-down list box. If some devices are running software images not in the software repository then a synchronization report can be generated for these devices. All contents are Copyright © 1992–2008 Cisco Systems. To schedule a Synchronization report: 1. 1. 3. then click Add. Page 44 of 64 . Select Resource Manager Essentials > Administration > ChangeAudit > Set Purge Policy.Deployment Guide Change Audit You can schedule a periodic purge or a forced purge of Change Audit data. Choose Resource Manager Essentials > Software Mgmt > Software Repository. This frees disk space and maintains the Change Audit data at a manageable size. 5. All rights reserved. Click Schedule. then click Submit. Select Days of the week from the Day drop-down list box. The baseline imports a copy of each unique software image running on the network (the same image running on multiple devices is imported into the software library only once). Set the Exception period by navigating to Resource Manager Essentials > Tools > Change Audit > Exception Period Definition. 2. Defining Exception Periods An Exceptions period is a time you specify when no network changes should occur.

All rights reserved. 2. You must create a list of approvers. All contents are Copyright © 1992–2008 Cisco Systems. Navigate to CWHP > Resource Manager Essentials > Administration > Approval > Create/Edit Approver Lists. navigate to CWHP > Resource Manager Essentials > Job Mgmt > Job Approval. The steps described above require all jobs created for NetConfig. download of configuration and device IOS/CatOS image management. Config Editor. then click Finish. 1. c. b. The list has to be named and assigned approvers. Note: The user created here should have Approver role in the system (be it local security mode or ACS security mode ). Inc. The approver can either accept or reject the job. Specify Approver Lists. then click Add. click Next. the status of the job is updated for the user who created the job. d.Deployment Guide 6. The central location can be accessed by navigating to CWHP > Resource Manager Essentials > Job Mgmt > RME Jobs. Assign approval lists with the various functions such as NetConfig. Page 45 of 64 . 4. Click Next. There is a central location where all jobs created for various purposes in RME can be viewed. Specify Approver Information. Enable Approval policies on the various functions like NetConfig. Job Management Jobs need to be created for performing archive management. a. Configuring Job Approval RME allows approval of jobs before they are executed. All jobs can be searched on criteria such as status of the jobs and type of job. The following are the logical steps to configure job approval. Enter the Job Control Information. 7. Viewing Jobs Pending Approval To view all jobs pending approval. Save the configuration of approval lists. then click Add. edit of configuration. Navigate to CWHP > Resource Manager Essentials > Administration > Approval > Approver Details. Select users from the list of available users field in the middle. This document is Cisco Public Information. Archive Management and Software Management. Note: If you do not select the Use generated Out-of-sync Report option. Config Editor. If a job is rejected. 3. Config Editor. Archive Management and Software Management to be approved before being executed. it will take more time to show the software image selection dialog box. Archive Management and Software Management. Provide an Approver name in the top left text field.

if the device has a read community string. These are traps that are received from the devices in the network. Also. All rights reserved. if the devices already exist in IPM. IPM adds the device without either contacting the device or making any verification. you can import devices from DCR into Internetwork Performance Monitor. Page 46 of 64 . You can import devices as: ● Sources When you import devices as Sources. IPM interacts with this repository to get the device list. IPM contacts the device and adds them only if they are running IOS image with IP SLA feature and if the Read and Write community strings are provided. there is no mechanism to import only selected devices from DCR into IPM. Import status log file IPM creates a separate log file for the Device and Credentials Repository Import status. they are updated. If there is not a read community string. navigate to the DFM panel and choose Configuration > Other Configuration > Daily Purging Schedule. and device credentials. You can view the log file in: IPMROOT/etc/source or IPMROOT/etc/target. Device Fault Manager Administration of the DFM Server can be categorized into the following sections. When you import devices from the Device and Credentials Repository. Note: Before you import devices from Device and Credential Repository. View the results of importing devices You can view the results of importing devices from the CiscoWorks home page by clicking View Import Source Log or View Import Target Log. IPM verifies whether the IP SLA responder is enabled or not on the target. ● Target IP devices When you import devices as Target IP Devices. Inc. Daily Purging Schedule Set up a daily purging schedule for fault history information in the DFM. ensure that there are devices in the repository. Forwarding SNMP Traps This configuration can be made to blindly forward traps that come into the trap receiver of the DFM. device attributes.Deployment Guide Importing Devices into Internetwork Performance Monitor Once the devices are added into the Device and Credentials Repository. the target’s IP SLA responder status is not verified. All the devices in DCR will be imported into IPM. All contents are Copyright © 1992–2008 Cisco Systems. ● Target IP SLA responders When devices are imported as Target IP SLA Responders. This document is Cisco Public Information. Those devices in DCR that cannot be an IPM source will be not added and in the import log file there will be an error message for that device. To set up a purge schedule.

Deployment Guide To set up trap forwarding. navigate to the DFM panel and choose Configuration > Other Configuration > SMTP Default Server. polling and threshold parameters need to be set. navigate to DFM panel and choose Configuration > Other Configuration > SNMP Trap Receiving. navigate to Configuration > Other Configuration > Rediscovery Schedule. Group Administration Group administration’s function is to create. View Management View Management allows the user to see alerts and activities on a group of devices. ● Polling parameters are used to make DFM Server poll the devices in the various groups in specified intervals. This email notification service needs SMTP Server information for forwarding emails. All contents are Copyright © 1992–2008 Cisco Systems. When these thresholds are crossed for the various types of devices alerts are raised in DFM Server. Polling and Threshold Management For the faults and events to show up in DFM. To create DFM groups. Note: It is not NB trap generation for applications like HP Open View Receiving SNMP Traps This configuration is made for setting the global port for receiving traps in DFM. navigate to the DFM panel and choose Configuration > Other Configuration > SNMP Trap Forwarding. ● Threshold Parameters are used to determine the thresholds for various devices. edit or delete groups internal to DFM. Inc. Rediscovery Rediscovery is limited to the list of devices that are known to DFM. All rights reserved. A view can be created on a list of groups and this view will be visible in the Alerts and Activities Window under Device Fault Manager. To set the port used for trap receiving. To schedule a rediscovery. These groups can be shared with other applications. Note: Rediscovery does not add devices into the DCR as it would in Campus Manager. This document is Cisco Public Information. Page 47 of 64 . Polling and Threshold parameters can be set by navigating to CWHP > Device Fault Manager > Configuration > Polling and Threshold. Default SMTP Server DFM has an email notification service that can send emails when alerts or events are generated. navigate to Configuration > Other Configuration > Group Administration. You can schedule multiple rediscoveries. To set the SMTP Server information for sending emails.

● You can look at the 24-hour reports on the device in the top half of the right frame and launch tools in the bottom half of the right frame. you can launch the Switch Port Usage Report for recently up. Cisco View now provides a light weight HTML-based client. Device Center also provides a set of functions that help facilitate debugging. ◦ You can synchronize the archive or download a previous archive of the configuration or All contents are Copyright © 1992–2008 Cisco Systems. ◦ Launch Credential Verification Report: Launch the Credential Verification Report to check for any missing credentials. Device Center is installed as part of the Common Services install and can be launched from CWHP > Device Troubleshooting > Device Center. ◦ Launch the Detailed Device Report on the device to view memory. The list below is not complete but helps to understand some of the tools available in Device Center. IP address information. Last inventory and configuration collection times. 24-hour Change Audit Summary. ◦ If some faults are found. Syslog summary. ◦ Ping: Ping the device to see if it is reachable from the LMS server. Click on the link on the device name after you have selected it. and any fault related alerts for the device and the neighboring devices. ● A suggested list of tools to be launched in a particular order as follows. The procedure to launch debugging utilities on a particular device is given below. image. ◦ If the device is a switch.Deployment Guide To create views. Inc. All rights reserved. It also incorporates IPv6 functionality with the manageability over IPv4 address. ● Browse through the group hierarchies to select a device or search for a particular device by typing in the name in the search utility provided above the group selector. go to the CiscoView tool to view the chassis and make some changes on the interfaces or ports. flash. choose CWHP > Cisco View > Chassis View. down or unused ports. This launches the summary and tools page for the device. launch the Edit Device Credentials tool to edit the credentials. The “Summary” in device center provides information about the device IP address. ◦ Launch the Fault History Report to view any faults that occurred in the last 24 hours or 31 days. ◦ If the credentials are missing. CiscoView Cisco View provides real time chassis view of the devices. run reports on the device and any management tasks such as changing credentials. This document is Cisco Public Information. Device type. To launch Cisco View. Device Center Device Center is a portal within the LMS bundle that provides the ability to gather and debug information about a particular device. Page 48 of 64 . navigate to Configuration > Other Configuration > Alerts and Activities Defaults.

Deployment Guide do an image upgrade. All contents are Copyright © 1992–2008 Cisco Systems. Page 49 of 64 . All rights reserved. This document is Cisco Public Information. Inc.

Then select the Polling and Threshold link. Fault Monitoring The Device Fault Manager (DFM) gives you the option of monitoring faults in three distinct ways: ● You can look at historic fault data using fault history. alerts are raised in the Device Fault Manager server. All rights reserved. Polling and Threshold Configuration Faults and events show up automatically for all devices because default polling settings are used for polling the devices. Set Up Tasks The following tasks must be completed before fault monitoring can be enabled in Device Fault Manager: Add List of Devices to the DCR A list of devices must be added from Device and Credentials Repository into DFM. To set the Polling and Threshold parameters: 1. ● You can look at the current faults in real-time in an alerts and activities window. 2. This Polling and Threshold link provides an option to either change the default polling and threshold setting or to seta new polling and threshold setting for the user-defined device interface and port groups. Network Management in Cisco LAN Management Solution 2. Resource Manager Essentials. or Syslog messages. Inc. trap messages. All contents are Copyright © 1992–2008 Cisco Systems. Page 50 of 64 . Navigate to CWHP > Device Fault Manager > Device Management > Device Selector tool. Check Status of Devices The status of all devices should be in the Known state: Choose Device Fault Manager > Device Management > Device Summary. and Common Services.6 This chapter provides more details on the network management tasks in LMS across the various applications: Device Fault Manager. Internetwork Performance Monitor. Navigate to CWHP > Device Fault Manager > Configuration. Threshold parameters determine the thresholds for various devices.Deployment Guide 7. Campus Manager. When these thresholds are crossed. This document is Cisco Public Information. Polling parameters are used to make the Device Fault Manager server poll the devices in the various groups at specified intervals. ● You can choose to be notified by email.

Step 9. Select the Notification Services link. Step 4. a group of devices. Step 8. Inc. Navigate to CWHP > Device Fault Manager. All rights reserved. Click Next.Deployment Guide Fault and Alerts Notification Services Various notification services are available in Device Fault Manager to notify you of a fault or alert that occurred in the device. You can view the faults by searching for a single device. then choose one of the following: ● Alert severity ● Event severity ● Alert status ● Event status for the devices in the group to send notification Step 5. To send traps to NB applications like HP Open View Network Node Manager when a notification needs to be raised per notification group. click the E-Mail Notification link. To launch the Alerts and Activities window: Navigate to CWHP > Device Fault Manager. Page 51 of 64 . Step 3. a fault ID. click the Syslog Notification link. Fault History No configuration is needed in Fault History. With the RME Baseline template and compliance check you can execute this functionality: All contents are Copyright © 1992–2008 Cisco Systems. then click the Alerts and Activities link. Provide the notification group name and click Next. This document is Cisco Public Information. Step 10 To send syslog messages to other machines when a notification needs to be raised on a notification group. Step 1. Step 2. Baseline Configuration All enterprises need to enforce some standard policy across all the devices in the network. Create a Notification Group by clicking the Notification Groups link. Select a group from the group selector. All faults in the devices are automatically accumulated and can be viewed: Navigate to Device Fault Manager. Click Finish to create the notification group. Step 6. Step 7. or an event ID. click the SNMP Trap Notification link. Enterprise networks need to audit the policy periodically and enforce the policy if any devices are found in violation of it. then select the Fault History link. Alerts and Activities The Alerts and Activities window shows the real-time display of faults on devices or views. To send email notification to a user when a notification needs to be raised per notification group.

and SSH). This document is Cisco Public Information. The pre-deployed device state indicates that the devices are not reachable from the management server (either they are not in the network or sufficient credentials have not been provided). Then create Baseline templates with those set of commands identified. cmexport can execute the -v or -h options only. Campus Data Extraction Engine Campus Manager provides a data extraction engine to extract data about the following: ● User tracking data ● Layer 2 topology ● Discrepancies in the network configuration Data Extraction can be done either through the command-line interface or Servlet access. After the RME server can contact the devices. you can accomplish following tasks. cmexport <-h | -v | commands> <arguments> Core Commands The core data extraction commands are described in Table 6. If RME successfully contacts the device through SNMP polling or pre-provisioned job completion.) in RME before the devices are online. Telnet. the device has not been contacted by RME through protocols (such as SNMP. You must invoke the cmexport command with one of the core commands specified in Table 6. those tasks can be pushed to the devices. After creating the baseline templates. The top-level Help provides the following information. So you could pre-provision all the tasks (write a software image. Data Extraction from LMS Applications This section describes the Campus Data Extraction Engine and the RME Data Extraction Engine.Deployment Guide First identify a set of standardized policy-based commands that you want to have on a set of devices. Certain RME tasks that don’t need prior device information can be performed on pre-deployed devices as they would on normal state devices. In the pre-deployed device state. etc. ● Deploy the baseline template to the same category of devices in the network. Inc. All contents are Copyright © 1992–2008 Cisco Systems. The cmexport Utility You can access the command-line interface utility cmexport by going to the NMSROOT/campus/bin directory. get baseline configurations. If no core command is specified. the device moves to a normal state. All rights reserved. ● Compare device configurations and generate a report that lists all the devices that are noncompliant to the baseline template. ● Schedule a compliance check job and deploy the baseline template on to the devices. Preprovisioning Devices There is a new device status group in RME called pre-deployed devices. Page 52 of 64 .

You should delete these files when necessary. Page 53 of 64 . All rights reserved. User Tracking cmexport Parameters Parameter Description -layout User tracking host data is exported in XML format for the layout given in layoutname. All contents are Copyright © 1992–2008 Cisco Systems.xml ● For Layer 2 Topology: PX_DATADIR/cmexport/L2Topology/timestampL2Topology. l2topology Generates Layer 2 topology data in XML format. This parameter is applicable only when –phone is chosen.Deployment Guide Table 6. ● For User Tracking: PX_DATADIR/cmexport/ut/timestamput. This parameter is applicable only when –host is chosen -layoutPhone User tracking phone data is exported in XML format for the layout given in layoutPhone. using the same filename and directory twice would cause the previous file to be overwritten. ● timestamp is the time at which the log was written in this format: YearMonthDateHourOfDayMinuteSecond format. Core Commands: Campus Manager Data Extraction Core Command Description ut Generates User Tracking data in XML format. -query User tracking host data is exported in XML format for the query given in queryname. The layout is a custom layout defined by the user in UT. This parameter is applicable only when –host is chosen. -f Specify the filename and the directory for storing the Data Extraction Engine output. This document is Cisco Public Information. -h (Null option) Lists the usage Help information for this utility. This utility does not inherently delete the files created in the archive. However. -queryPhone User tracking phone data is exported in XML format for the query given in phonequeryname.xml Directory Locations ● The PX_DATADIR directory is at these locations: ◦ Windows: %NMSROOT%\files folder ◦ Solaris: /var/adm/CSCOpx/files ● NMSROOT is the directory where you installed Campus Manager. ● subnet: User tracking data is displayed based on the subnet in which they are present. discrepancy Generates discrepancy data in XML format.xml ● For Discrepancy: PX_DATADIR/cmexport/Discrepancy/timestampDiscrepancy. -v Displays the version of the cmexport utility. -view Specifies the format in which the user tracking XML data is presented. This parameter is applicable only when –phone is chosen. It currently supports two options: ● switch: User tracking data is displayed based on the switch. Archival Locations Data generated through the cmexport command-line interface is archived at the following locations by default. Possible Combinations of cmexport Commands User Tracking Table 7. Inc.

Servlet access is used to extract data from a client system. and discrepancy can be sent as HTTP or HTTPS requests. The Servlet accepts users request and authenticates the requesting user’s identity using Common Services authentication mechanism. The Servlet is: http://Campus-Server:1741/CSCOnm/campus/servlet/CMExportServlet The HTTP response of the Servlet contains the XML file generated by executing the cmexport command on the server with the parameters provided in the payload file. Generate the necessary payload XML file with the required data. Page 54 of 64 .Deployment Guide Example Commands cmexport ut –u admin –p admin –host cmexport ut –u admin –p admin –phone cmexport ut –u admin –p admin –host -query dupMAC –layout all cmexport ut –u admin –p admin –host -query dupMAC –layout <name> cmexport ut –u admin –p admin –phone -queryPhone <name> –layoutPhone <name> cmexport ut –u admin –p admin –host -f ut. Step 3. discrepancy and L2 topology information -> All contents are Copyright © 1992–2008 Cisco Systems. topology. Use a script to perform a POST operation to the Servlet with the payload file. Step 2. performs the operations. The input XML file contains various tags for username. the output will be displayed at the client terminal. core command. the command you want to execute. Extract the XML file from the content of the HTTP response and save it to a local file. While generating data through the Servlet. Inc. and returns the results in XML format. The Servlet then parses the payload file encoded in XML. Sample Payload <payload> <!—The following element specifies the username (valid CiscoWorks or ACS user ID) of the person initiating this DEE call --> <username>username</username> <!— The following element specifies the valid password of the user ID --> <password>password</password> <!—The following element specifies the DEE command used for extracting UT host. phone. Extracting the Export File From the Servlet The steps to extract the export file from the Servlet are as follows: Step 1. All rights reserved. and optional tags. password. Typically.xml cmexport ut –u admin –view switch –host Layer 2 Topology or Discrepancy Commands cmexport L2Topology|Discrepancy –u admin –p admin cmexport L2Topology|Discrepancy –u admin –p admin -f 013104L2.xml Servlet Access to the Data Extraction Engine The Servlet access to Campus Manager Data Extraction Engine is described below. such as log and debug options as inputs in XML format. The command to export user tracking. This document is Cisco Public Information. and optional details. The Servlet requires a payload file that contains details about the user’s credentials.

my $hdr = new HTTP::Headers 'Content-Type' => 'text/html'. if ( -f $fname ) { open (FILE. --> <debug>1</debug> <!—The following element specifies the custom report name created in the User Tracking user interface by navigating to CWHP > Campus Manager > User Tracking > Reports > Custom Reports. } close(FILE)."$fname") || die "File open Failed $!". #!/opt/CSCOpx/bin/perl use LWP::UserAgent. Page 55 of 64 . my $result. $temp = $ARGV[0] . $| = 1. my $ua = new LWP::UserAgent. This document is Cisco Public Information. $fname = $ARGV[1] . $result = ''. $req->content($str).Activate a CGI: sub url_call { my ($url) = @_. $url. $ua->timeout(5000). All rights reserved. $res->code.Deployment Guide <command>ut_host</command> <!—The following element specifies the logfile where all logs need to be output --> <logfile>filename</logfile> <!—The following element specifies the debug level at which the log is output. my $res = $ua->request($req). my $req = new HTTP::Request ('GET'.= $_ . "\n". while ( <FILE> ) { $str . } else { $result = $res->content. #-. " : ". $res->message. All contents are Copyright © 1992–2008 Cisco Systems.> <view></view> </payload> Sample Perl Script to Access the Servlet Note: Sample scripts are available in the Campus Manager Data Extraction Engine online Help. } url_call($temp). if ($res->is_error) { print "ERROR : ". $hdr). Inc.

/perl script. The command will look similar to these commands for HTTP and HTTPS modes: ● In HTTP mode . the CMEXPORTFILE environment variable should be set so it points to the file containing the credentials. All rights reserved. run: cwcli <application/command> -help You must invoke the cwcli command with one of the core commands specified in Table 8. All contents are Copyright © 1992–2008 Cisco Systems. The command-line interface utility cwcli can be accessed by going to NMSROOT/bin directory.Deployment Guide if($result =~ /Authorization error/) { print "Authorization error\n". Resource Manager Essentials Data Extraction Engine Resource Manager Essentials provides a data extraction engine to extract data about the following: ● Inventory ● Change audit ● A device’s configuration details Data extraction can be done by either through the command-line interface or Servlet access.pl https://server/campus/servlet/CMExportServlet payload. The username and password are either provided as part of the command-line interface and Servlet call or the password is put in a password file for retrieval by the Data Extraction Engine. This document is Cisco Public Information./perl script. Inc. The top-level Help command cwcli –help provides the following information: General syntax to run a command with arguments is: cwcli <application/command> <arguments> For detailed help on a command and its arguments.xml file. Page 56 of 64 . The access permissions to the file can be set to prevent any unauthorized access. If no core command is specified. cwcli can execute the -v or -help options only.xml ● In HTTPS mode: . } } The Perl script listed above will invoke the servlet with the use of payload . } else { print $result .xml Any user using the Data Extraction Engine is authenticated and authorized. for the username admin). When using this option.pl http://server:1741/campus/servlet/CMExportServlet payload. The command should be entered in the following format: cmexport ut –u admin –host This syntax enables cmexport to find the relevant password associated with the username (in the example here.

Page 57 of 64 . delete. and changeaudit details into XML format. you must enter the core command immediately after cwcli export. The order of the arguments and options are not important. delete the archived configuration files. It also helps in importing or exporting the data in inventory as XML files.xml ◦ On Windows: NMSROOT\files\rme\archive\ YYYY-MM-DD-HH-MM-SS-changeaudit.xml All contents are Copyright © 1992–2008 Cisco Systems. ● GlobalArguments are the additional parameters required for each core command. It also helps in importing or exporting the User Defined Template XML files -v Displays the version of the cwcli utility. compare two different configurations. inventory A command-line interface tool to create. invreport List all custom reports and generates CSV formatted inventory report(s) for given template(s). netconfig A command-line interface tool to create. Inc. ● Command specifies which core operation is to be performed. All rights reserved. However. delete. and cancel a NetConfig job. Core Commands: Resource Manager Essentials Data Extraction Core Command Description config Provides a set of commands that are used to download and fetch configurations. This document is Cisco Public Information.xml ● Config ◦ On Solaris: /var/adm/CSCOpx/files/rme/cwconfig/YYYY-MM-DD-HH-MM-SS-MSMSMSDevice_Display_Name. configuration. ● AppSpecificArguments are the optional parameters. you can view the cwcli export man pages by setting the MANPATH to: /opt/CSCOpx/man/man1 The man pages to launch the cwcli export command are man cwcli-export to launch the cwcli export command. Command-Line Syntax The command line syntax of the application is in the following format: cwcli export command GlobalArguments AppSpecificArguments ● cwcli export is the CiscoWorks command line interface for exporting inventory. and reload the device. -help (Null option) Lists the usage information for this utility. ● To launch the cwcli export changeaudit command: man export-changeaudit ● To launch the cwcli export config command: man export-config ● To launch the cwcli export inventory command: man export-inventory Data Archiving Location Data generated through the cwcli export command-line interface is archived at the following locations by default: ● ChangeAudit ◦ On Solaris: /var/adm/CSCOpx/files/rme/archive/YYYY-MM-DD-HH-MM-SSchangeaudit. and cancel an inventory collection job. export Exports inventory/configuration/change audit data in XML.Deployment Guide Table 8. On UNIX. which modify the behavior of the specific cwcli export core command.

xml is as follows: <payload> <command> cwcli config import -u admin -p <Base64Encoded pwd> -device 10. Note: Use <arg> and <argval> tags when the argument is a file.xml RME Servlet The details of Servlet access to RME Data Extraction Engine is given below.. The contents of the payload xml file are as follows..xml ◦ On Windows: NMSROOT\files\rme\archive\ YYYY-MM-DD-HH-MM-SS.77.1.xml ● Inventory ◦ On Solaris: /var/adm/CSCOpx/files/rme/archive/YYYY-MM-DD-HH-MM-SS-inventory. This document is Cisco Public Information. Inc. Page 58 of 64 .106 <arg> -f </arg> <arg-val> banner motd "welcome. <payload> <command> cwcli config export -u admin -p <Base64Encoded pwd> -device 1. The following is the Servlet to be invoked to execute any command: For a post request http://<rme-server>:<rme-port>/rme/cwcli <payload XML file> For a get request http://<rme-server>:<rme-port>/rme/cwcli?command=cwcli config <commandname>-u <user> p<BAse64 encoded pwd> -args1 <arg1value>.Sir" </arg-val> </command> </payload> All contents are Copyright © 1992–2008 Cisco Systems. The name of the Servlet is /rme/cwcli.240. All rights reserved.inventory.1.Deployment Guide ◦ On Windows: NMSROOT\files\rme\cwconfig\ YYYY-MM-DD-HH-MM-SSMSMSMSDevice_Display_Name.1 xml </command> <arg> </arg> <arg-val> </arg-val> </payload> For example. to execute the import command payload.

Inc. my $res = $ua->request ($req). } else { print $result . $temp = $ARGV[0] . if ($res->is_error) { print "ERROR : ".106 -f tempfile Here the tempfile contains the line banner motd "welcome. url_call($temp). my $result. This document is Cisco Public Information.240.= $_ . the command is executed as cwcli config import -u admin -p <Base64Encoded pwd> -device 10. # you can set timeout value depending on number of devices my $hdr = new HTTP::Headers 'Content-Type' => 'text/html'. } print $str . the port number is 443. " : ". open (FILE. } else { $result = $res->content. Page 59 of 64 . $res->code.77. All rights reserved. "\n". if($result =~ /Authorization error/) { print "Authorization error\n". my $req = new HTTP::Request ('POST'. All contents are Copyright © 1992–2008 Cisco Systems.Activate a CGI: sub url_call { my ($url) = @_. while ( <FILE> ) { $str . The default port for CiscoWorks server in HTTP mode is 1741."$fname") || die "File open Failed $!". $res->message. $fname = $ARGV[1] . $ua->timeout(1000). Sir".pl http(s)://<rme-server>:<rme-port>/rme/cwcli <payload XML file> Note: For the secure mode (HTTPS). #-. On the server.Deployment Guide The Remote Access Servlet creates a temporary file with the contents specified between the arg val tags for the import command. $hdr). $req->content($str). $result = ''. my $ua = new LWP::UserAgent. For example: Perl samplescript. $url. Sample Script to Invoke the Servlet #!/opt/CSCOpx/bin/perl use LWP::UserAgent.

Page 60 of 64 . -q Quiet output: Display no column headings. This is only applicable in plain text output format. -w HTML output: A web page will be generated from the output of this command. -k Delimiter: Set the field delimiter to <letter>.output this usage help Format: Time - <StartTime> and <EndTime> input as: MM/DD/YYYY-hh:mm:ss Date - <WhichDay> input as: MM/DD/YYYY <StartDate> and <EndDate> input as: MM/DD/YYYY All contents are Copyright © 1992–2008 Cisco Systems. The ipm export command line interface is the command to do IPM export. ipm export [-q] [[-k <letter>] | -w] [-h] [ ( -c | -s | -t | -o | -cs) [<CollectorName>] ] | [ (-dh | -dd | -dw | -dm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ (-jh | -jd | -jw | -jm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ (-ph | -pd | -pw | -pm) <StartTime> <EndTime> [ <CollectorName> ] ] | [ -r [<WhichDay>] ] | [ -all [<StartDate>] [<EndDate>]] General Options [ipmRoot] Root location of IPM. this is set to a comma '. Inc. By default. Only applicable in plain text output format. -h Help . The IPM Export Command The following example shows the command syntax and help that is displayed when you use the ipm export Help command: You must be logged in as the root user (in Solaris) or administrator (in Windows) to use export IPM data using the ipm export command.'. This document is Cisco Public Information. such as /opt/CSCOipm.Deployment Guide } } } Internetwork Performance Monitor Export There has been no change in the way the data can be exported in Internetwork Performance Monitor from the previous version of the product. All rights reserved.

Standalone. impACS: Imports device list from File. Inc. duplicate device entries and switch port usage. modify devices and change DCR modes. NMSROOT/bin/dcrcli –u username Step 2. ● UT can list the jobs that are run periodically to generate reports. Slave.Deployment Guide The DCR Command Line Interface Using the command line interface. delete. You can save the custom reports. Remote NMS and ACS ( AAA server ) ● exp: Exports to a file UT Reports You can generate UT Reports by navigating to CWHP > Campus Manager > User Tracking > Reports. impRNms. The main command to launch is at: NMSROOT/bin/dcrcli The steps are as follows: Step 1. unused down and unused up ports. ● UT can run reports on switch port usage statistics of the switches. ● You can generate Custom Reports for end hosts and IP Phones by selecting a group. The following reports can be generated. All contents are Copyright © 1992–2008 Cisco Systems. setslave: Sets the DCR to Master. A simple query can be input to view a subset of the end hosts or IP Phones present in UT. You can find the report job listing by navigating to User Tracking > Reports > Report Jobs. Enter the password corresponding to the username. or Standalone ● setmaster. You can generate Custom reports by navigating to User Tracking > Reports > Custom Reports. ● UT provides the ability to quickly view reports on end hosts and IP Phones. you can add. The switch port usage reports can be run for recently down. setstand. Step 3. or Slave mode ● impFile. evaluating a query on the group to subset the number of end hosts and IP Phones. You can also view the list of DCR attributes that can be stored in DCR. These jobs are for generating reports on end hosts. This document is Cisco Public Information. Select one of the various top level commands ● add: Adds a device ● del: Deletes a device ● mod: Modifies a device ● lsattr: Lists the attributes stored in DCR ● details: View device details ● lsmode: Lists the DCR mode as Master. All rights reserved. Page 61 of 64 . impNms. IP Phones. and view the current DCR mode. Local NMS.

A template for enabling Syslogs is built in NetConfig. Select the desired Switch Cloud and click Display View. To run optimal root and instance reduction and instance recommendation reports. Cisco MISTP Recommendations. Once the device configurations are being managed by RME. Go to Topology Services > Network Views > LAN Edge View. or IEEE 802. 3. All contents are Copyright © 1992–2008 Cisco Systems. The ability to collect syslogs helps manage the network more effectively. you can enable syslogs through NetConfig. select Reports. Campus Manager provides the ability to select the root bridge based on the following criteria: 1. VLAN Recommendations Campus Manager provides the ability to view VLANs and the ability to get recommendations on spanning trees. Traffic data Campus Manager also has the ability to recommend Root Bridge based on the traffic in the network. it is essential to have the proper switch designated as the root bridge.1s Recommendations. Enabling syslogs provides a multi fold advantage: ● LMS will collect and update any configuration and inventory changes on the network. Page 62 of 64 .Deployment Guide You can use the custom reports while generating detailed reports on end hosts or IP phones by going to User Tracking > Reports > Report Generator. Least cost Least cost recommendation will provide a recommendation on a root that would be the least cost from all the nodes in the switch cloud. RME 4. Inc. The spanning tree formed in this selection would have the minimum depth. Since most of the switched traffic is directed through the root bridge. MIST and 802. All rights reserved. ● Received syslogs can be analyzed and can also be used for further triggering automated actions Syslogs can be enabled on devices using NetConfig.0 provides the ability to schedule a single job for devices using Cisco IOS and Catalyst OS. This document is Cisco Public Information. The different types of spanning trees that are supported for recommendations are PVST. Configuring Syslog on Devices LMS has the ability to collect and analyze syslogs received from devices in the network. c. Least depth The least depth method would help the user select a root for the particular VLAN that would provide the least from each node in the network to the root. in the Switch Cloud view. 2. The least depth spanning tree recommendation can be seen by the following sequence: a. then select Per VLAN STP Recommendations. You can access the template under Resource Manager Essentials > Config Mgmt > NetConfig.1s. Create a NetConfig job by clicking NetConfig Jobs under the TOC. b.

Ether Channel and Trunk Deployment Campus Manager Topology Services Layer 2 view also provides the ability to configure Ether channels and Trunks. While the file is locked. mac. The Ether Channel Configuration window appears. or both. 2. All rights reserved. Select the type of encapsulation 802. 3. All contents are Copyright © 1992–2008 Cisco Systems.1Q. Right-click on a particular link and select Create Trunk. The Ether Channel Configuration window also shows all the links between the two devices where the Ether channel is being set up. The protocol for Ether Channel is PagP and the channel mode is Desirable. The distribution protocol can be set to ip.Deployment Guide Campus Manager accepts traffic information from two sources. right-click and select Configure Ether Channel. ISL or Negotiate. Inc. If other users attempt to open the file to edit it. and then download the changes to the device. Trunk Configuration To configure Trunk configuration: 1. Ether Channel Configuration For channel configuration. Page 63 of 64 . 2. destination. The NetConfig tool provides wizard-based templates to simplify and reduce the time it takes to roll out global changes to network devices. Change Management RME Config Editor The RME Config Editor function can be used to edit a device configuration stored in the configuration archive and download it to the device. This document is Cisco Public Information. or port and the distribution address type can be set to source. the file is locked so that no one else will be able to make changes to it at the same time. one of the sources is NAM and the other source is the NetFlow collector. The file will remain locked until it is downloaded to the device or manually unlocked within Config Editor by the user who checked it out or by a user that has network administrator and system administrator privileges. they will be notified that the file is already checked out and they can only open a “read-only” copy. Select a link on the Layer 2 View. When a configuration file is opened with Config Editor. NetConfig Function The NetConfig function provides a set of command templates that can be used to update the device configuration on multiple devices all at once. review changes. it is maintained in a “private” archive available only to the user who checked it out. Enter the Allowed and Disallowed VLANs on that trunk. follow these steps: 1. The Config Editor tool allows the user to make changes to any version of a configuration file. The configuration window also provides the ability to copy running configuration to startup configuration. You can select the links that should be part of the Ether channel.

for example. or a credential change. 1. For example. These predefined templates include corresponding rollback commands. To view Change Audit reports. All rights reserved. Standard Report or Exception Period Report. The report type can be either a 24-hour report. the addition or deletion of devices. Audit Trail provides a trail of all the changes that are being on the server. C07-400501-01 02/08 Page 64 of 64 . if a job fails on a device. any out-of-band changes made on the devices are also recorded as part of the change audit. Inc. 2. therefore. Change Audit All changes made on the network through LMS are recorded as part of change audit. These reports help manage the changes on the network. the configuration will be returned to its original state. A copy of all updated configurations will be automatically stored in the configuration archive.Deployment Guide These templates can be used to execute one or more configuration commands on multiple devices at the same time. use the appropriate SNMP template to update community strings on all devices using the same job. The user simply supplies the parameters for the command and NetConfig takes care of the actual command syntax. If syslogs are enabled on devices. Audit Trail Resource Manager Essentials also provides the capability to have an Audit Trail. go to Resource Manager Essentials > Reports > Report Generator. NetConfig comes with several predefined templates containing all necessary commands. This document is Cisco Public Information. Select Change Audit as the application. Printed in USA All contents are Copyright © 1992–2008 Cisco Systems. to change SNMP community strings on a regular basis to increase security on devices.