Cisco WAN Manager User's Guide, 12.0
Getting Started with Cisco WAN Manager
Downloads: This chapterpdf (PDF - 1.32MB) The complete bookPDF (PDF - 6.81MB) | Feedback

Getting Started with Cisco WAN Manager

Table Of Contents

Getting Started with Cisco WAN Manager

Initializing CWM

Performing a Warm Start of CWM

Performing a Cold Start of CWM

Launching CWM Server

Launching CWM Client

Exiting CWM

Navigating the Client Desktop

Menus and Toolbar

Menu Bar

Toolbar

Popup Menus

Network Topology View Popup Menus

Multiple Peer Group Navigation

Configuring CWM User Access

Understanding the Security Manager Requirements

Launching Security Manager

Navigating with Security Manager

Security Manager Menu Bar, Buttons, and Access Tabs

Creating New Users

Viewing Users

Modifying Users

Deleting Users

Creating New Profiles

Viewing Profiles

Modifying Profiles

Deleting Profiles

Logging and Tracking User Activities

Restricting User Access

Accessing the Audit Trail Log Files

Displaying the Server and Log File Configuration

Viewing the List of Active CWM Users

Viewing the Audit Trail Log

Monitoring the CWM Health Status

Configuring the SNMP Community String

Setting Up Nonstandard Community Strings

Accessing Community Strings and FTP Passwords

Changing Community Strings

Changing the FTP Passwords

Listing Node IDs, Names, and IP Addresses

Configuring Device Preferences

Configuring Nodes

Disabling the Automatic Node ID

Starting the Configurator

Navigating with the Configurator

Configurator Menu Bar

Adding Nodes

Deleting Nodes

Modifying Nodes

Starting HP OpenView


Getting Started with Cisco WAN Manager


This chapter describes how to get started with Cisco WAN Manager (CWM).

Contents of this chapter include:

Initializing CWM

Exiting CWM

Navigating the Client Desktop

Configuring CWM User Access

Logging and Tracking User Activities

Configuring the SNMP Community String

Configuring Nodes

Initializing CWM

This section provides information about initializing CWM.

The following procedures are described:

Performing a Warm Start of CWM

Performing a Cold Start of CWM

Launching CWM Server

Launching CWM Client


NoteThese procedures describe CWM startup from a workstation running the Sun Solaris 8 operating system.

CWM core processes running on a workstation can be stopped from any other workstation that is running a remote CWM session. For example, when you log into a workstation running the CWM core processes and select Stop Core (Option 2), you are terminating the CWM core processes for not only yourself, but for all others using those CWM core processes. Therefore, you must be careful not to select the Stop Core option when you are through. Take care to close only the windows you have opened remotely, and at the CWM main menu, select X to exit the application.

Performing a Warm Start of CWM

A warm start of CWM consists of stopping the application, then restarting it. When you perform a warm start of CWM, the application continues to use data in the existing Informix database.


Note System administrators should only perform a warm start.



Caution Before doing a warm start, you should not change any configuration parameters such as shared memory parameters or the number of instances that are used for processes. You can change only timeout, log, level, and session parameters. Network operations can be performed.

You can execute a warmstart only if the cold start is completed successfully. To verify if the cold start is completed successfully, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the vi command to edit the ~svplus/log/.DBKR_SYNCHUP_MESSAGE file as shown in the following example:

azure% vi ~svplus/log/.DBKR_SYNCHUP_MESSAGE

Step 3 Look for the sync-up complete message.

If the sync-up complete message is not found, you can execute a cold start again. The cold start complete message is normally printed on the console when the cold start sync-up completes.


Note Provisioning should be attempted only after a warm start cache rebuild is complete. You should look for a rebuild message on the console, which indicates that the rebuild is complete.


To perform a warm start of CWM, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter CWM at the prompt to display the CWM main menu.

Step 3 From the CWM main menu, enter option 2 (Stop Core) as follows:

Welcome to Cisco Wan Manager Release 12_Aug23.SOL28 Fri Aug 23 012
         Cisco Wan Manager is being run from the workstation, "azure". by svplus

              MAIN MENU 
              --------- 
             1) Start Core
             2) Stop Core
             3) Start Desktop
             X) Exit

  Core is running 

enter number or x to exit:2

You can verify the status of the core. The above example shows that the core is running.

Step 4 Enter y to confirm that you want to stop core.

Step 5 Press Return to redisplay the CWM main menu.

It should take less than three minutes for all of the processes and messages to end.


Note Message retrieval takes approximately three minutes to complete.


Step 6 From the main menu, enter option 1 (Start Core).


Performing a Cold Start of CWM

This section describes how to perform a cold start of CWM.


Note You can provision only after the cold start complete message appears on the console or look for verification in the .DBKR_SYNCHUP_MESSAGE file. Do not stop CWM till the complete message appears on the console; otherwise, you must start the cold start script again.


The following coldstart scripts are supported:

coldstart <opt>—Specifies a script to clean up both CWM and Statistics Collection Manager (SCM) data for both CWM and the SCM standalone workstations.

coldstartCWM <opt>—Specifies a script to clean up only CWM nonnetwork data in the CWM workstation. CWM nonnetwork data includes node_info (switch node IDs, community strings, FTP username, and password), service class templates (SCT) information, user profiles, security profiles, connection descriptors, and XPVC preferred.

coldstartSCM <opt>—Specifies a script to clean up only SCM nonnetwork data in the CWM workstation. SCM nonnetwork data includes enable information (nodes and cards), collection information (nodes and cards where stats collection is started), stats data (all the statistics that were uploaded and put into the database), and statistics templates.

You can replace the <opt> parameter with -F to remove all data that includes configuration data, user data, and network data. If no option is selected, network data is removed and nonnetwork data remains intact.


Caution If you perform a coldstart -F, connection templates, Service Class Templates (SCT) templates, stats data, and connection descriptors are deleted from the database.

To perform a cold start of CWM, complete the following steps:


Step 1 Open a terminal window.

Step 2 Enter CWM at the prompt to display the CWM main menu.

Step 3 From the CWM main menu, enter option 2 (Stop Core) as follows:

Welcome to Cisco Wan Manager Release 12_Aug23.SOL28 Fri Aug 23 012
         Cisco Wan Manager is being run from the workstation, "azure". by svplus

              MAIN MENU 
              --------- 
             1) Start Core
             2) Stop Core
             3) Start Desktop
             X) Exit

  Core is running 

enter number or x to exit:2

You can verify the status of the core. The above example shows that the core is running.

Step 4 Enter y to confirm that you want to stop core.

It should take several minutes for all of the processes and messages to end, depending upon the number of nodes in the network.

Step 5 Press Return to redisplay the CWM main menu.

Step 6 From the main menu, enter option (x) to exit the CWM application.

Step 7 At the prompt, enter the applicable coldstart script to cold start the system.

The following example shows the cold start script without the option -F parameter that removes all network data while preserving the existing user data:

azure% coldstart

Step 8 Enter CWM to redisplay the main menu.

Step 9 Enter option 1 (Start Core) from the CWM main menu.


Launching CWM Server

Upon launching CWM, the main menu is displayed. The CWM main menu enables you to initiate and terminate the CWM core processes and to access the CWM desktop window. You can also use the main menu to get the name of the current database.

To launch the CWM server, complete the following steps:


Step 1 Open a terminal window.

Step 2 When the login prompt appears, you must

a. Enter the login name svplus.

b. Enter the password svplus.

The following example is shown:

login: svplus
Password: 
Last login: Fri Oct 11 14:27:15 from 171.71.29.94
Sun Microsystems Inc.   SunOS 5.8       Generic February 2000
azure%

NoteThe default configured username is svplus and the password is svplus.

If you want to change the default configured password, you must:

Change the UNIX password by executing the passwd command.

Change the svplus password in the database by executing the updateftpinfo command. The following example illustrates the usage of the updateftpinfo command:

tballraker18% updateftpinfo
Usage: updateftpinfo <ftp user> [<ftp password>]
tballraker18%

Step 3 At the prompt, enter CWM. See the following screen.

azure% CWM

Welcome to Cisco Wan Manager Release 12_Aug23.SOL28 Fri Aug 23 012
         Cisco Wan Manager is being run from the workstation, "azure". by svplus

              MAIN MENU 
              --------- 
             1) Start Core
             2) Stop Core
             3) Start Desktop
             X) Exit

  Core is running 

enter number or x to exit:

If the error message Environment Variable DISPLAY not set is displayed when you attempt to start the main menu and the display is not being xhosted to another workstation, enter the following syntax:

azure% setenv DISPLAY machine_name:0.0

To select any of the CWM main menu options listed in Table 2-1, specify the number and press Return.

You can verify the status of the CWM core.


Note The Dump db data option is no longer supported. For information on saving the data in the Informix database, refer to the Cisco WAN Manager Database Interface Guide.


.

Table 2-1 CWM Main Menu Options 

Menu Option
Description

1) Start Core

Starts the CWM core and initiates CWM daemon processes.

2) Stop Core

Stops the CWM daemon processes.

3) Start Desktop

Displays the CWM desktop window.

X) Exit

Exits CWM without shutting down the CWM core processes.


Step 4 From the CWM main menu, enter option 1 (Start Core) to start the CWM Core process at the prompt.

Press Return.

Observe the messages that are displayed. Notice the gateway and standalone nodes socketed messages to the IP-LAN addresses.

Due to the nature of asynchronous behavior of ILOG client and server interaction, CWM client requests may be sent before the CWM server is ready. In this case, the following error messages are displayed on the workstation screen:

Ilb Error: Synchronous request to <unidentified actor failed by timeout>.


Note If the ILOG timeout situation persists for more than five minutes and the CWM workstation is not functioning normally, a service call is made.


A Link0 down message is displayed and followed by a Link0 up for each gateway node. If communication is established to the gateway node and everything is working correctly, a group of Link1 up messages for all nodes are displayed.

If displayed, you can disregard several ILOG RT-Broker messages, the EMSD dumping message, and any server EMDAEMON not registered messages. These messages are normal.


Note Additional messages are displayed for PNNI nodes.


After you see Link 0, Link 1, and gateway node messages indicating the connections are up, continue to the next step. If there is a problem with a Link connection, you will not see all connections come up.


Note Standalone Cisco MGX 8850 (PXM1E and PXM45) switches do not use Link protocol and will not show up in these messages. Feeder Cisco MGX 8850 switches act like Cisco MGX 8220 switches and do not display Link 1 messages.


Step 5 Press Return to redisplay the main menu.

Step 6 Enter option 3 (Start Desktop) to launch the CWM Desktop and to display the CWM Login window (see Figure 2-1).

Step 7 From the CWM Login window, you must:

a. Enter the login name svplus.

b. Enter the password svplus.

Figure 2-1 CWM Login Window

Step 8 Click OK or press Return.

Figure 2-2 displays the CWM Desktop.

Figure 2-2 CWM Desktop Window


Launching CWM Client

CWM Client is a software component that permits you to access and use the features of a CWM Server workstation from a network connected client system. It is designed to run on either Sun Solaris or a Windows 2000 based client machine under Sun Microsystem's WebStart utility. For more information on the requirements, refer to the instructions in the Cisco WAN Manager Installation Guide for
Solaris 8, Release 12.


Note It is highly recommended that you use the WebStart Client to start additional CWM GUIs.


CWM supports multiple GUIs.

To install the CWM Client, refer to the instructions in the Cisco WAN Manager Installation Guide for Solaris 8, Release 12. After the installation and if you are launching the CWM Client for the first time, perform the following steps:


Step 1 Start the web browser.

Step 2 Connect to the CWM Server by using the applicable workstation name followed by :1551.

For example, http://cwmhost:1551 or http://cwmhost.company.com:1551.


Note 1551 is the port number for the CWM Client web page.



After launching the CWM Client the second time, WebStart prompts you to create a desktop shortcut.

For subsequent launches, complete the following steps:


Step 1 Double-click the CWM desktop icon to launch the client desktop.


Note If you did not create a CWM desktop icon, choose Start > Programs > CWM 12.0 Network Topology or you can also access the CWM Server. For more information on launching the CWM Server, see the "Launching CWM Server" section.


Step 2 Enter the applicable password.

The default username and password is svplus.


Exiting CWM

This section provides information about exiting CWM.

To exit the CWM application, complete the following steps:


Step 1 Choose File > Exit to close the CWM Desktop.

Step 2 If the Statistics Manager is running, choose File > Quit.

Click OK when prompted to confirm the operation.

Step 3 Close all CWM applications that are currently running.

Step 4 From the CWM main menu, enter option 2 (Stop Core).

Step 5 Enter y to confirm that you want to stop core.

Depending upon the number of nodes in the network, it might take several minutes for all the processes and messages to end.

Step 6 Press Return to redisplay the CWM main menu.

Step 7 From the main menu, enter x to exit the CWM application.


Navigating the Client Desktop

The following sections are on how to navigate the client desktop:

Menus and Toolbar

Popup Menus

The client desktop provides a menu bar and a toolbar that correspond to the principal CWM applications. You click on a particular icon to launch the corresponding application you need for network management, monitoring, report generation, and administrative tasks. Figure 2-3 shows the Network Topology Main window.

Figure 2-3  Network Topology Main Window

1

Menu bar

2

Toolbar

3

Status bar

4

Topology view

5

View selection tabs

6

Browse window

7

Hierarchy view

8

Overview window


Menus and Toolbar

The configuration, managing, and monitoring options for configuring your switches are available from menus and a toolbar.

Figure 2-4 shows the menu bar and toolbar.

Figure 2-4 Menu Bar and Toolbar

1

Menu bar

2

Toolbar


Menu Bar

The menu bar provides a complete list of options for managing your switches. The options and functions are listed in Table 2-2.


Note To access the Network Configurator application, you must use the switch CLI. You can use the network configurator to add new nodes, modify, or delete existing nodes on your network. For more information, see the "Configuring Nodes" section.


Table 2-2 Menu Bar 

Menu-Bar Options
Keyboard Shortcut
Mnemonic Shortcut
Task
File

Alt-F

Save

Ctrl-S

Alt-S

Saves the current positions of the nodes, trunks, and group information in all of the views. Also, the current map, view size and view zoom level are all saved to the user.home directory. The files are parsed the next time CWM is launched.

Print

Ctrl-P

Alt-P

Prints the current view of the Network Topology window.

Exit

Alt-X

Exits the CWM application and closes the main window.

Edit

Alt-E

Group

Creates or deletes a node or group of nodes.

Search

Searches for a node by using the node name or the node IP address.

View

Alt-V

Layer

Turns on or turns off the display for the IP Address, Node Name, and Trunk Name.

Zoom

Provides different levels of zoom functions for resizing the view of the Network Topology window.

Background

Changes the color or map view of the Network Topology window.

Options

Displays the CWM Topology Option window.

PNNI Hierarchies

Displays the following levels of peer groups:

Expand All Peer Groups

Collapse All Peer Groups

Refresh

Refreshes the current Network Topology view.

Actions

Alt-A

Network

Displays the following network objects:

Display Link Status

VSI Consistency Check

Expand Network in View

Expand Network in Submap

Collapse Network in View

Collapse all Networks

Display Nodes

Display Trunks

PNNI Network

Displays the following PNNI network objects:

Expand All Networks

Collapse All Networks

Peer Groups

Displays the following peer groups:

Peer Group Info

Expand All Peer Groups

Collapse All Peer Groups

PNNI Node

Brings up a PNNI Node Information window for operations specific to a selected node.

Trunk

Provides information about an individual trunk.

Note For PNNI View, the Trunk menu option is replaced with PNNI Link to provide PNNI node information for MPG1 .

Stop Connection Trace

Stops a connection trace that is currently in progress.

Stop Showing Prefer Route

Stops the preferred route animation.

Apps

Alt-P

Connection Manager

Creates end-to-end connections or PVCs2 . For more information, see "Managing Connections."

Network Browser

Displays a hierarchical representation of network information in a table format. For more information, see "Monitoring Network Faults."

Service Class Template Manager

Creates the SCT3 files that are loaded to the nodes, and are associated with the interfaces on cards within these nodes. For more information, see "Configuring Service Class Templates."

Statistics Collection Manager

Controls and manages the statistics collection. For more information, see "Collecting Statistics."

Security Manager

Provides user access privileges to perform specific tasks such as viewing topology or establishing and managing connections. For more information, see the "Configuring CWM User Access" section.

CWM Administration

Monitors users, audit logs, and processes on the CWM Server. The following functions are

Shows the user information (username, client hostname, and application name) of all users logged in to the CWM client applications.

View audit logs.

View CWM Server process state.

For more information, see the "Viewing the List of Active CWM Users" section.

CiscoView

Supports card, line, and port configuration on the Cisco MGX 8220,
Cisco MGX 8230, Cisco MGX 8250, Cisco MGX 8950, Cisco MGX 8850, Cisco IGX 8400 Series, Cisco BPX 8600 Series, and Cisco BPX SES PNNI Controller. For more information, see the "Configuring Device Preferences" section.

The following functions are

Displays a graphical representation of the network device.

Displays configuration and performance information.

Performs minor configuration tasks.

Performs minor troubleshooting tasks.

Gateway Monitor

Provides you with CWM gateway information that includes the role of the CWM workstation as Primary CWM, Secondary CWM, or Tertiary CWM.

For more information, see "Cisco WAN Manager Peer-to-Peer Communication."

Tools

Alt-T

Config Save and Restore

Launches the Configuration Save and Restore application. For more information, see "Cisco WAN Manager Operations."

SW/FW Images

Launches the Image Downloader application. For more information, see "Cisco WAN Manager Operations."

Audible Alarm

Alt-U

Configuration

Configures the audible alarm.

Acknowledge

Acknowledges the audible alarm function and configuration.

Help

Alt-H

About

Displays information for the versions of the CWM Server and the CWM Client.

On Icons/Trunks

Displays information to interpret the icons and symbols that represent the network elements found in the Topology Graph window.

On Color

Interprets the color of the icons that are displayed in the Topology Graph window.

1 MPG = multiple peer groups

2 PVC = permanent virtual circuit

3 SCT = service class template


Toolbar

The toolbar buttons display the CWM applications, common usage tasks, and access to the layout of the network topology.

You can separate the toolbar from the network topology window or position it vertically instead of horizontally. To separate the toolbar, left-click in the toolbar position handler and drag the toolbar to the desired location. Move the pointer over an icon to display the feature.

Table 2-3 lists the toolbar functions, from left to right on the toolbar.

Table 2-3 Toolbar Buttons 

Toolbar Option
Task

Connection Manager

Creates end-to-end connections or PVCs1 .

Network Browser

Displays a hierarchical representation of network information in a table format.

Service Class Template Manager

Creates the SCT2 files that are loaded to the nodes, and are associated with the interfaces on cards within these nodes.

Statistics Collection Manager

Controls and manages the statistics collection.

Security Manager

Provides user access privileges to perform specific tasks such as viewing topology or establishing and managing connections.

CWM Administration

Monitors the users, audit logs, and processes on the CWM Server.

CiscoView

Supports only card, line, and port configuration. For more information, see Table 2-2.

Save Configuration

Saves the configurational or the selected node.

Print

Prints the Network Topology window.

Zoom In

Zooms into the current submap image.

Zoom Out

Zooms out of the current submap image.

Layout Tree

Displays a tree view of the selected node.

Layout Spring

Displays a spring view of the selected node.

Layout Circular

Displays a circular view of the selected node.

1 PVC = permanent virtual circuit

2 SCT = service class template


Popup Menus

The popup menus are available from the Network Topology window.

Network Topology View Popup Menus

The network topology view popup menus are navigation, network, and background. To display the navigation (see Figure 2-5) nd the network (see Figure 2-6) popup menus, click a specific network cloud, and right-click.

If you click a network from the hierarchy tree, you can also choose the network popup menu options.

For information about view references, see Figure 2-3.

Table 2-4 describes the options and tasks.


Note If you right-click away from the network to display different views of the network topology, the navigation popup menu options are different. You can also view the background popup menu (see Figure 2-7).


Table 2-4 Network Topology View Popup Menus 

Popup Menu Option
Task
Navigation

New Submap

Displays a New Submap window that contains an expanded view of the selected network.

Lock

Locks the selected network in place.

Navigation (right-click away from network)

Show Parent Map

Returns to the parent overlay submap.

Show Root Map

Returns to the root overlay submap.

Node Zoomable

Displays the zooming capability of the node when the network topology view is zoomed.

Network

Display Prefer Route

Displays all available SPVC preferred routes for a selected source node. For more information, see the "Displaying SPVC Preferred Route" section.

Display Link Status

Displays the link status of all nodes in the current submap.

Note This option is applicable only to AR1 networks.

VSI Consistency Check

Lists errors and VSI trunk end partition information.

Note This option is applicable only to AR networks.

Expand Network in View

Displays the expanded view of the network.

Expand Network in Submap

Displays the expanded view in a submap.

Collapse Network in View

Shows a collapsed view of the selected node in the Network Topology window.

Collapse all Networks

Shows a collapsed view of the entire network.

Display Nodes

Displays all nodes for the selected network.

Display Trunks

Displays all trunks for the selected network.

Background (right-click away from network)

Set Color

Selects or clears the background color of the current view.

Set Map

Selects and saves topology backgrounds for a directory of maps with a variety of ILV images.

Clear Map

Clears the background map.

1 AR = AutoRoute


Figure 2-5 displays the navigation popup menu.

Figure 2-5 Navigation Submenu Options

Figure 2-6 displays the network submenu options.

Figure 2-6 Network Submenu Options

Figure 2-7 displays the background popup menu. For information about view references, see Figure 2-3.

Figure 2-7 Background Submenu Options

Displaying SPVC Preferred Route

This section describes how to display a SPVC preferred route along with the animation.

For information about how to manage a SPVC preferred route, see "Managing Connections," "Managing a Preferred Route Connection" section.

To display the SPVC preferred route for a selected source node by using network topology, complete the following procedure:


Step 1 From the Integrated View browse window, right-click on the source node to choose Display Prefer Route. All the available preferred routes for the selected source node are shown.

For information about view references, see Figure 2-3.

Figure 2-8 Display Preferred Route

Step 2 From the Display Prefer Route window (see Figure 2-8), select the preferred route in the table.

Step 3 Click Show Route.

The preferred route path is shown with a colored, animated circle (see Figure 2-9) that matches the color from the selected Route ID column.

Figure 2-9 Preferred Route Animation

Step 4 To stop the animation, right-click the animated trunk. Choose Stop Showing Prefer Route or choose Action > Stop Showing Prefer Route.

Step 5 Select the animated source node in the Prefer Route Info column from the stop preferred route animated window (see Figure 2-10).

Figure 2-10 Stop Preferred Route Animation

Step 6 Click Stop to stop the animation.


Trunk Popup Menu

To display the trunk popup menus, right-click on a trunk.

For information about view references, see Figure 2-3.

Table 2-5 describes the options.

Table 2-5 Trunk Popup Menus

Popup Menu Option
Task

Expand Trunks

Displays all the trunks.

Display Trunks

Displays the selected trunk.

Stop Conn Trace

Stops a connection trace animation that is already in progress.



Note To see additional trunk options, right-click on a thick trunk versus a thin trunk.


Figure 2-11 shows the trunk popup menu.

Figure 2-11 Trunk Popup Menu

Navigation Popup Menu

To display the navigation popup menu, click a node, and right-click. For information about view references, see Figure 2-3.

Table 2-6 describes the options and tasks. If you click a node from the hierarchy tree, you can also choose the node popup menu options.


Note The Network submenu options are the same as Table 2-4.


Table 2-6 Navigation Popup Menu 

Popup Menu Option
Task
Navigation

Inplace Submap

Displays the selected network in place. A submap can have a different background image that simulates going down from a higher level geography to a lower level geography. For example, you can go down to a nation, down to a state, and down to a city.

New Submap

Displays a New Submap window.

Overlay Submap

Displays a routing node with all the child nodes. To exit this image configuration, click away from the configuration.

Group

Add Node

Adds a node to the group.

Delete Node

Deletes a node from the group.

Node

Display Shelf

Displays the shelves in a selected node.

Admin

Displays a telnet session to connect to the selected node in the current submap.

Node Resync

Displays the Node Resync Progress window for the selected node in the current submap. To begin the node resync process, click Start.

The following node resync types are:

Level 1—Resolves inconsistencies between the switch and equipment manager as well as between equipment manager and segment tables.

Level 2—Retrieves the full connection file from the switch and resolves inconsistencies between the equipment manager and equipment manager caches as well as between equipment caches and databroker caches. It also resolves inconsistencies between equipment manager and segment tables.

This option is used if the number of inconsistencies is large.

VSI Partition

Displays the VSI Partition dialog box for the selected node in the current submap.

CiscoView

Manages a device for a particular node.

XPVC Preferred Cnf

Adds, modifies, or deletes data to or from the xpvc_Pref table.


Multiple Peer Group Navigation

Network Topology displays a PNNI logical routing topology that consists of MPGs, which support multiple levels of peer groups.

MPG displays

Entire hierarchy of peer groups.

Logical nodes for each peer group.

Information for the logical node, peer group leaders, and peer groups.

Link information.

Status for the logical nodes and logical links.

Lines represent links between peer groups and nodes. The links between peer group leader (PGL) and the parent logical group node (LGN) in the upper peer group are shown in two dotted lines beside the node and peer group.

To monitor the PNNI network, click the PNNI view tab from the Network Topology main window. Figure 2-12 displays the PNNI view. For information about view references, see Figure 2-3.

Figure 2-12 PNNI View Window

The following browse functions are for the PNNI view:

Peer Groups—Displays an individual cloud icon for each peer group.

Links—Specifies links nodes between nodes.

Understanding MPG LED Colors

Each icon is a different color according to the corresponding status of the logical node representation.

Table 2-7 lists the colors and description for MPG display.

Table 2-7 MPG LED Colors 

Color
Description

green

Specifies PNNI status is up.

gray

Specifies that the corresponding physical node is unreachable.


MPG Popup Menus

To display MPG popup menus, right-click on a peer group cloud or a link. Table 2-8 describes the options.

Table 2-8 Multiple Peer Group Popup Menus 

Popup Menu Option
Task

Display Node Info

Displays the PNNI Node Information window.

Display Link Info

Displays the PNNI Up Links window.

Peer Group Info

Displays the Peer Group Information window.

Navigation

Expands a peer group by choosing the Inplace Submap.

Network (right-click away from a peer group or logical node)

Expand All Networks

Displays all the networks.

Collapse All Networks

Collapses the network into one cloud.

Peer Groups (right-click away from a peer group or logical node)

Expand All Peer Groups

Displays all the logical nodes in the peer group.

Collapse All Peer Groups

Collapses the peer group into one cloud.

Background (right-click away from a peer group or logical node)

Set Color

For a definition, see Table 2-4.

Set Map

For a definition, see Table 2-4.

Clear Map

For a definition, see Table 2-4.


Displaying Links

To display link information, complete the following procedure:


Step 1 Right-click a link to choose Display Link Info or choose Action > PNNI Link > PNNI Link Info.

The Display PNNI Up Links window (see Figure 2-13) shows the link information.

Figure 2-13 Display PNNI Up Links Window

Table 2-9 lists the parameter definitions.

Table 2-9 Link Information 

Field
Description

Local End

Specifies the local end of the link.

Remote End

Specifies the remote end of the link.

Derived Aggregation Token

Determines the links for a neighbor node that are aggregated and advertised as a single logical link.


Step 2 Click Close.


Displaying PNNI Nodes

To display PNNI nodes, complete the following procedure:


Step 1 Right-click on a node to choose Display Node Info or choose Action > PNNI Node> PNNI Node Info.

The PNNI Node Information window (see Figure 2-14) appears.

Figure 2-14 PNNI Node Information

Table 2-10 lists the parameter definitions.

Table 2-10 PNNI Node Parameters 

Name
Description

Node Name

Specifies the name of the PNNI node.

ATM Address

Specifies AESA1 or an ATM address prefix.

PNNI Node ID

Specifies the PNNI node ID of the PNNI node.

Peer Group ID

Specifies the peer group ID for the peer group of the PNNI node.

PGL Priority

Specifies the leadership priority value that the node can advertise for the nodal information group for the given peer group.

The value of 0 is used with nodes that are not capable to be PGL2 or LGN3 .

Peer Group Leader

Specifies whether the peer group is a leader.

Parent Node ID

Specifies the parent node ID of the parent.

Restricted Transit Flag

Specifies whether or not the node is restricted to support SVC4 transit for the node.

Complex Node Flag

Specifies whether or not the node uses the complex node representation.

Branching Restricted

Indicates whether the node supports additional point-to-multipoint branches.

Level

Specifies the PNNI level of the node.

Lowest Level

Specifies if the node acts as a lowest level node or if the node is a logical group node that is active when of the other nodes in the switch becomes a peer group leader.

1 AESA = ATM end system address

2 PGL = peer group leader

3 LGN = logical group node

4 SVC = switched virtual circuit


Step 2 Click Close.


Displaying Peer Groups

To display peer group information, complete the following procedure:


Step 1 Right-click a peer group node and choose Peer Groups > Peer Group Info or choose Actions > Peer Groups > Peer Group Info.

Figure 2-15 displays the Peer Group Information window.

Figure 2-15 Peer Group Information Window

Table 2-11 lists the parameters.

Table 2-11 Peer Group Information Parameters 

Name
Description

Name

Specifies the name of the peer group that is formatted as <Leader Node Name>_<Level>.

Peer Group ID

Specifies the peer group ID.

Peer Group Leader

Specifies the peer group leader within the group.

PGL Priority

Specifies the election priority of the peer group leader.

PNNI Level

Specifies the PNNI level of the peer group.

PNNI Nodes

Specifies the number of active nodes within the group.


Step 2 Click Close.


Configuring CWM User Access

The following tasks are used to configure CWM user access:

Understanding the Security Manager Requirements

Launching Security Manager

Navigating with Security Manager

Creating New Users

Creating New Profiles

You can configure user access by using the security manager application, which provides controlled access to multiple users of CWM, based on the user's UNIX user ID and password. The security manager application is launched from the CWM Client desktop.

By using security manager, you can

Provide user-access profiles that can be customized for each user. The user-access profile is a list of operations or actions a user can perform coupled with assigned access privileges for each action.

Assign access privileges to read, create (write), modify, and delete profiles.

By default, only the svplus user can start and stop the CWM core processes. The svplus user has sufficient access privileges to launch all CWM applications and administer security manager.

Other users are assigned access privileges that enable them to perform operations within security-controlled applications. Depending on the setting of access privileges by those who administer security management, the operations are limited. Without the proper access privileges, users cannot launch security-controlled applications.

Understanding the Security Manager Requirements

Before you can use security manager, you must:

Enter the addnewuser command as root to add a new UNIX userID and password.


Note Each CWM user in Security Manager must have a unique UNIX userID that exists on the CWM host. The UNIX userID and password are used only for authentication purposes.


Add the new user to the CWM Security system by svplus (or any other security administrator), and access privileges are assigned through the CWM Security Manager application.

To add a user, complete the following steps:


Step 1 From a console prompt, enter the su command to change to be the superuser at the command prompt.

Step 2 Enter the root password and the root prompt is displayed.

host% su
Password: 

Step 3 At the root prompt, enter the cd command to change to the /usr/users/svplus/tools directory:

host% cd /usr/users/svplus/tools

Step 4 Enter ./addnewuser username at the root prompt as shown in the following example:

host% # ./addnewuser <username>

For example, <username> is the name of the user to add. The username must be 1 to 8 alphanumeric characters.

Step 5 Enter the new user password.


Note If you want to change the password for the user created by the addnewuser command, enter the UNIX command passwd.


Step 6 Confirm the password, the user ID, and password are registered for UNIX.

Step 7 Use security manager to add the user as described in the "Creating New Users" section.


Launching Security Manager

To launch security manager, choose Apps > Security Manager or click the Security Manager icon from the toolbar.

After the Security Manager application is launched, the New User window is displayed by default as shown in Figure 2-18.

Navigating with Security Manager

This section describes the navigation of security manager.

Security Manager Menu Bar, Buttons, and Access Tabs

The configuration options (see Figure 2-16) for user access are available from the menu bar and access tabs.

Figure 2-16 Security Manager Configuration Options

1

Menu bar

2

Buttons

3

Access tabs


Security Manager Menu Bar

The menu bar provides a complete list of options for user access. The options and tasks are listed in Table 2-12.

Table 2-12 Security Manager Menu Bar 

Menu-Bar Options
Task
File

New

Allows you to choose the following submenu options:

User—Creates a new user.

Profile—Creates a new profile.

Exit

Gives you an opportunity to save the configuration with any unsaved changes before you exit the application.

View

Users

Displays the View User window.

Profiles

Displays the View Profile window.

Sort Users

Sorts the users from A to L or M to Z.

Sort Profiles

Sorts the profiles from A to L or M to Z.

Help

Selects the appropriate privileges for a profile.

About

Shows the CWM Security Manager version release.


Security Manager Button Options

The buttons and tasks are listed in Table 2-13.

Table 2-13 Security Manager Button Options 

Button Options
Task

All Profiles

Displays the All Profiles window.

All Users

Displays the All Users window that lists the users with Security Manager Administrative privileges.

Refresh

Refreshes user data.


Security Manager Access Tabs

The access tabs (see Table 2-14) display the configuration tasks that you need to configure CWM user access.

Table 2-14 Security Manager Access Tabs 

Access Tabs
Task

New User

Creates a new user.

New Profile

Creates a new access profile.

View User

Displays a list of all users and profiles.

View Profile

Displays a list of all profiles.

Modify User

Modifies the profile for the applicable user.

Modify Profile

Modifies the access privileges for the applicable profile.


Creating New Users

To create a new user, complete the following steps:


Step 1 Click the All Users tab to view the available users. The All Users window is displayed (see Figure 2-17).

Figure 2-17 All Users Window


NoteThe user defaults are svplus, secadmin, and newuser.

Although secadmin and newuser are created by default in CWM, secadmin and newuser do not have default passwords because the UNIX accounts are not created.

Step 2 From the Security Manager window, enter the applicable username in the Enter a User Name field as shown in Figure 2-18.

The username must be 1 to 8 alphanumeric characters.

Figure 2-18 Security Manager Window

Step 3 Choose a profile from the drop-down arrow. The standard access profiles are adminProf and userProf1.


Note Depending upon the profile of the user, the standard access profiles differ.


Step 4 Click Create to create a new user. The Create User dialog box appears (see Figure 2-19).

Step 5 Click OK.


Note Only those users who have Create permissions in Security Manager can create new users.


Figure 2-19 Create User Confirmation

Step 6 To display the updated user list, click the All Users tab.


Viewing Users

To view a new user in a list of all users, perform the following the steps:


Step 1 From the Security Manager window, click the View User tab to view the users (see Figure 2-20).

Figure 2-20 View User Window

1

Users

2

Profiles


Step 2 Choose the user that you want to view from the list of users in the left panel of the window.

The access privileges for the selected user are listed in the right panel of the window. All applications and access privileges are greyed out. Unchecked boxes indicate the absence of a particular privilege in a specific application.


Modifying Users

To modify a user, perform the following steps:


Step 1 From the Security Manager window, click the Modify User tab to modify a user (see Figure 2-21).

Figure 2-21 Modify User Window

Step 2 Choose the user to modify by dropping down the User Name-Current Profile arrow box
(see Figure 2-21).

Step 3 Choose a new profile by dropping down the Select New Profile arrow box.

Click Save.

Step 4 Click the View User tab to verify that the user is modified.


Deleting Users

To delete a user, perform the following procedure:


Step 1 Click the Modify User tab from the Security Manager window (see Figure 2-21).

Step 2 Delete the user by dropping down the User Name-Current Profile arrow box.

Click Delete.

Step 3 Click Yes to delete the selected the user from the Delete User dialog box (see Figure 2-22).

Figure 2-22 Delete User Dialog

Step 4 Click the View User tab to verify that the user is deleted.


Creating New Profiles

You can create profiles to allow users to perform specific tasks within CWM. Depending on their access privileges, users are granted access to controlled applications. You can create a security profile to give a user read, create, modify, or delete privileges to one or more of the controlled applications. For example, network browser is a read-only application; whereas, users can be given create and modify privileges for connection manager.

You can set up a profile to grant all privileges to one of the applications and some privileges to another application. A profile can be created for users who require only read access to observe an application but at the same time provide detailed security control.

Table 2-15 defines the access privileges.

Table 2-15 Access Privilege Definitions 

Access Privilege
Description

Read

View topology windows, list connections, and other functions where information is read. Read privileges are similar to the svplus -r account from earlier releases of CWM.

Create

Create and configure connections, perform associated backups, and add nodes, ports, and trunks.

Modify

Grant read privileges. You can modify connections, ports, and trunks. You can also add and delete nodes and groups. You are also granted read privileges.

Delete

Delete connections, ports, trunks, nodes, and groups. You are also granted read privileges.

Read-Audit

Enable auditing on read only operations.

Write-Audit

Enable auditing on create, modify, and delete operations.

Audit Override

Continue working even if the audit log services terminate.

All

Read, create, modify, and delete privileges for the associated application.

Note The All function includes the access privileges that are available for the specified application.


To create new profiles, perform the following procedure:


Step 1 Click the All Profiles tab to view the available profiles. The All Profiles window (see Figure 2-23) is displayed.

Figure 2-23 All Profiles Window

Step 2 Click the New Profile tab to create a new access profile. The Create New Profile window
(see Figure 2-24) is displayed.

Figure 2-24 New Profile Window

Step 3 Enter the name of the new profile that you want to define in the Enter a Profile Name field.


Note Profile names are case sensitive.


Step 4 Check all desired access privileges for the applicable applications.


Note If you choose Read-Audit or Write-Audit access privileges, an audit log is created the next time a user, assigned to that profile, logs in. See the Accessing the Audit Trail Log Files section for an example of an audit log.


Step 5 Click Create to create the new profile.


Viewing Profiles

To verify that the profile is created or modified, complete the following steps:


Step 1 From the Security Manager window, click the View Profile tab to view the profiles as shown in Figure 2-25.

Figure 2-25 View Profile Window

Step 2 Choose the profile from the list of profiles in the left pane of the window.

The access privileges are listed in the right pane of the window. All applications and access privileges are grayed out. Unchecked boxes indicate the absence of a particular privilege in a specific applications.


Modifying Profiles

To modify an existing profile, complete the following steps:


Step 1 From the Security Manager window, click the Modify Profile tab as shown in Figure 2-26.

Figure 2-26 Modify Profile Window

Step 2 Choose the profile that you want to modify.

Step 3 Choose the access privileges that you want to modify.


Note If you choose Read-Audit or Write-Audit access privileges, an audit log is created the next time a user assigned to that profile logs in.


Step 4 Click Save to save the modifications to the selected profile.

Click OK to confirm the request.

Step 5 Click the Users with Profile button to list users with the modified profile. The Users with Profile window is displayed (see Figure 2-27).

Figure 2-27 Users with Profile Window

Step 6 To verify modifications to the profile (see Figure 2-25), click the View Profile tab.


Deleting Profiles

To delete a profile, complete the following steps:


Step 1 From the Security Manager window, click the Modify Profile tab (see Figure 2-26).

Step 2 Choose the profile to delete.

Step 3 Click Delete.

Step 4 In the Delete Profile confirmation dialog, click Yes to delete the selected profile.

Step 5 Click the View Profile tab to verify that the profile is deleted.


Logging and Tracking User Activities

The following tasks are used to log and track user activities:

Restricting User Access

Accessing the Audit Trail Log Files

Viewing the List of Active CWM Users

Viewing the Audit Trail Log

Monitoring the CWM Health Status

For a list of supported applications under the application name parameter, see Table 2-24.

Restricting User Access

CWM Administration manages user security. CWM Administration allows restricted access logins to enable users to perform tasks based on detailed access privileges. The user svplus still exists and should be used by experienced and trusted system administrators.

CWM Administration provides controlled access through the user's UNIX userID and password by customizing user-access profiles. The user access profiles comprise a list of access privileges for users for a specific function (see Table 2-16).

For each action, a user is given privileges to read, create, modify, or delete functions, or a user may have all privileges to manage all or some actions. For definitions of the access privileges, see Table 2-15.


Note As in previous releases, only user svplus can start and stop the CWM core processes.


Table 2-16 lists the access privileges required for applications launched from the CWM desktop.

Table 2-16 Desktop Application Security Matrix 

Desktop Application
Read
Create
Modify
Delete
All

Network Topology

X

Image Download

X

Config Save & Restore

X

Security Manager

X

Wingz

X

Connection Manager GUI

X

Network Browser

X

CWM Administrator

Summary Reports

X

xpvc Preferred Configurator

X


Table 2-17 lists the access privileges required for applications launched from the HP OpenView.

Table 2-17 HP OpenView Applications Security Matrix 

HPOV Applications
Read
Create
Modify
Delete
All

SVOV Topology

Event Log

Image Download

X

Node Resync

X

Configuration Save

X

Configuration Restore

X


Table 2-18 lists the access privileges required for applications launched from the UNIX prompt.

Table 2-18 UNIX Prompt Applications Security Matrix 

UNIX Prompt Applications
Read
Create
Modify
Delete
All

Statistics Collection Manager

X

Cisco View Lines/Trunks

X

Connection Proxy

Port Proxy


Table 2-19 lists the access privileges required to perform security-controlled operations within the Connections Manager application.

Table 2-19 Connection Manager Access Privileges 

Access Privilege
Connection Manager Operations

Read

List connections and view multicast connections and templates.

Create

Configure connections and perform association backup

Modify

Modify connections; also able to list connections, view multicast connections and templates (read access privileges).

Delete

Delete connections; also able to list connections and view multicast connections and templates (read access privileges)


The CWM Network Topology application is linked to Security Manager which checks a user's access privileges before providing access to the Topology application on the CWM desktop. A user without access privileges will find the Topology icon on the CWM desktop to be grey, inactive, and unable to launch the Topology application. Table 2-20 lists the access privileges.

Table 2-20 Topology Access Privileges 

Access Privilege
Topology Operations

Read

View topology windows.

Create

Add nodes and view topology windows (read access privileges).

Modify

Make modifications to topology maps.

Delete

Delete nodes, delete groups, and view topology windows (read access privileges).


The CWM Statistics Collection Manager is linked to Security Manager, which checks a user's access privileges before providing access to SCM. A user without access privileges can not launch the SCM application.

Table 2-21 lists the access privileges required to perform security-controlled operations within the SCM application.

Table 2-21 SCM Access Privileges 

Access Privilege
SCM Operation

Read

Enables Show Collection Information option.

Create

Enables Stats Enable option.

Modify

Enables Start Collection option.

Delete

Enables Stop Collection option.


Table 2-22 lists the access privileges for all CWM applications. The "X" indicates that read, create, modify, or delete functions are available for the specified application; the All function is used for the purpose of including all access privileges that are available for the specified application.

Table 2-22 CWM Applications and Access Privileges 

Function
Read
Create
Modify
Delete
Read-
Audit
Write- Audit
Audit Override
All

Connection Manager1

X

X

X

X

X

X

X

X

Network Topology

X

X

X

X

X

X

Statistics Collection Manager

X

X

X

X

X

X

X

X

Service Class Template Manager

X

X

X

X

X

X

X

X

Image Download

X

X

X

X

X

Node Resync

X

X

X

X

X

Configuration Save and Restore

X

X

X

X

X

X

X

X

CWM Administration

X

X

X

X

X

Network Browser

X

X

X

X

X

Security Manager

X

X

X

X

X

X

X

X

xpvc Preferred Configurator

X

X

X

X

X

X

X

X

CiscoView

X

X

X

X

X

X

Configurator

X

X

X

X

X

X

X

X

BERT

X

X

X

X

X

X

CUG

X

X

X

X

X

X

X

X

1 Multiple delete and single delete columns are also shown.



Note Unless Network Topology has Read permissions, Config Save & Restore, Image Download, and Node Resync cannot be selected. Also, if any of these three applications are selected in a profile, Network Topology cannot be de-selected.


Accessing the Audit Trail Log Files

Audit trail allows CWM to record activities across different modules in a persistent file. Each audit trail record describes an event and are grouped by date. Only root and members of a specific user group have read permission to the audit trail log files through the UNIX shell on the CWM Server. The specific user group is a specific UNIX user group that is either an existing one or a new one. The audit trail log files are also shown through the CWM Administration GUI. If a CWM user has read access to the CWM Administration GUI, the user has read access to the audit trail log files. The name of the group is a configurable parameter. The user is allowed to retrieve the audit trail records.


Note Security and permission privileges are not enforced with the audit trail.


Displaying the Server and Log File Configuration

The audit trail server is a central CWM back-end server that is used to record audit trail records coming from CWM front-end applications to a central log file. The audit trail server also maintains the audit trail log files.

Audit trail log files have security restrictions for access and can be read only by users within a specified group, and can be modified or deleted only by root. Also, the audit trail is designed as a feature internally to CWM with no external dependencies or interdependencies with any ATM switch that is managed by CWM.

Before CWM is started, you can use the Network Configurator to configure nodes. For more information about using the Network Configurator, see the "Configuring Nodes" section. After CWM is started, you can use all CWM applications, for example, Connection Manager, Network Browser, and so forth. The audit service monitors all user activities.

After CWM is installed, the audit trail server is automatically started to provide audit service at all times.


Note If you do not need to run the audit service before CWM is started, you do not have to execute startorbix2000 and RunGuard.


After you reboot the CWM workstation, complete the following procedure if you want the audit service to run before CWM is started:


Step 1 Open a terminal window.

Step 2 When the login prompt appears, you must:

a. Enter the login name svplus.

b. Enter the password svplus.

Step 3 Enter the cd command to change to the /usr/users/svplus/scripts directory as shown in the following example:

tballraker18% cd /usr/users/svplus/scripts
tballraker18%

Step 4 Enter startorbix2000 to start Orbix at the prompt.

Step 5 Enter the cd command to change to the /usr/users/svplus/scripts/Install directory as shown in the following example:

tballraker18% cd /usr/users/svplus/scripts/Install
tballraker18%

Step 6 Enter RunGuard at the prompt.



Note You can choose an individual application along with the type of access such as add, modify, and delete. For a list of the applications, see Table 2-24.


Audit trail logging is done per CWM workstation and each CWM workstation performs an independent audit trail log. There is no communication or synchronization between CWM workstations regarding an audit trail.

All audit trail log files are in ASCII format and can be retrieved by any text editor. These files provide records that are logged to a central log file and separated by date, with one log file for each day. The following log file is configured:

The location of the log file. The default is the standard CWM log file directory ($CWM_HOME/log/AL).

The number of days. By defining the number of days for the audit trail log files to be kept, all other obsoleted audit trail logs will be deleted automatically.

The name of the user group whose member can read the audit trail log files.

The number of listener threads and processor threads. These parameters are used for compromising between scalability to serve more clients, and the efficiency to conserve less resources. A recommended set of numbers is obtained after performance benchmarking.

The configuration file follows the convention used by other CWM configuration files. The configuration file for the audit log is located in the $CWM_HOME/config/AuditLogger.conf directory. From the AuditLogger.conf file, you can set the directory to store the audit log file. The default setting is $CWM_HOME/log/AL.

The following example is from the AuditLogger.conf file:

#############################################################################
# Configuration settings for CWM audit trail server: AuditLogger.
# Descriptions:
# OUTPUT - The directory for storing audit trail log files.
# DATES - The number of dates to keep audit trail log files.
#         Obsolete log files are deleted automatically by AuditLogger.
# READGROUP - The name of the user group whose member can read the audit trail
#             log files. Only root and members from this group have read
#             permission for the audit trail log files.
# LISTENERS - The number of listener threads to serve AuditLogger's clients.
#             Valid range: 5 - 15.
# PROCESSORS - The number of processor threads to process client requests.
#              Valid range: 5 - 25.
# DBLEVEL - The level in setting up application logging.
#           Valid range: 1 - 5. (1 is the most serious).
#
# Notes:
# 1. Comment lines start with # as the 1st character.
# 2. While modifying, change only the value. Do not alter the parameter names.
# 3. The default settings:
#    OUTPUT: /usr/users/svplus/log/AL
#    DATES: 45
#    READGROUP: svplus
#    LISTENERS: 5
#    PROCESSORS: 5
#    DBLEVEL: 5
# 4. When reading, LISTENERS and PROCESSORS are confined to the valid range.
# 5. When reading, if invalid parameters are read for others, default are used.
# 6. Configuration parameters are read only once during AuditLogger start-up.
# 7. For modifications to take effect, restart CWM core (cold/warm) is needed.
#
##############################################################################

OUTPUT: /usr/users/svplus/log/AL
DATES: 45
READGROUP: svplus
LISTENERS: 5
PROCESSORS: 5
DBLEVEL: 5

If the audit log services terminate, the end user may or may not be notified, which depends on the settings in the AuditLoggerMsg.conf file as shown in the following example:


###################################################################
# Configuration settings for notification messages of Audit Trail
#
# SHOWMSG: 0 means not show anything to the end user, 1 means show
# something. The default value is 0.
#
# MSGCONTENT: XXXXXXX. The specified message will be shown to the end
# user if SHOWMSG is 1.
###################################################################

SHOWMSG: 1
MSGCONTENT: This is a system issue, please contact the administrator

Viewing the List of Active CWM Users

To view the list of active users along with the hostname and time logged on, choose Apps > CWM Administration. The CWM Administrator GUI window is displayed (see Figure 2-28).

Figure 2-28 CWM Administrator Window

Table 2-23 lists the parameters of the CWM Admin GUI window.

Table 2-23 CWM Administration User Parameter Definitions 

Name
Description

No. (session)

Specifies the total number of users.

User Name

Specifies the username.

Host Name

Specifies the host workstation name.

Application

Specifies the name of the application.


Viewing the Audit Trail Log

By using the audit trail viewer, you can view audit log files for specified days either as a whole file or portions of the file. The audit trail viewer allows you to sort, filter, and search for specific log entries. All read, create, modify, and delete activities are monitored and logged to a file.

To view the audit trail log files, complete the following procedure:


Step 1 From the CWM Administrator window, click the AuditTrailViewer tab to view the log files
(see Figure 2-29).

Figure 2-29 Audit Trail Viewer

Step 2 Enter the applicable fields.

Table 2-24 lists the parameter definitions.

Table 2-24 Audit Trail Parameter Definitions 

Name
Description

Date

Specifies the days the audit trail log is viewed. If the Date field is not checked, all files in the directory are checked. The format is YYYYMMDD and multiple days can be specified. The following is an example

20030310—Displays the audit trail log for March 10, 2003.

20030310 to 20030312—Displays the audit trail log from March 10, 2003 to March 12, 2003.

20030310 to 20030312,20030314—Displays the audit trail log from March 10, 2003 to March 12, 2003 and March 14, 2003.

Time

Specifies the start and end times. The format is HH:MM:SS. If the Time field is not checked, time is not set as a filter.

Host Name

Specifies the host workstation name that the audit trail log is generated.

Note If you run a CWM application by a remote login to a CWM server, the audit trail log displays the CWM server name instead of the remote terminal. If the Host Name field is not checked, all host names are used.

User Id

Specifies the user ID that is used to log into the CWM desktop. If the User Id field is not checked, all user IDs are used.

Application Name

Specifies the application name such as network topology or connection manager. If the Application Name field is not checked, all applications are used. The following are the application choices:

All

Network Topology

Network Browser

Configurator

Connection Manager

Service Class Template Manager

Statistics Collection Manager

CWM Administration

Security Manager

Node Resync

Image Download

Config/Save/Restore

Config/Save/Restore CLI

CiscoView

BERT

XPVC

CUG

Gateway Monitor

Event Type

Specifies the categories such as add or delete. If the Category field is not checked, all categories are used.

Max entries per page

Specifies the maximum entries that are displayed in the table each time.

Default: 50

Total

Displays the total entries found and the status of the current display.

<<

Displays the previous page entries.

Default: 50 entries per batch

>>

Displays the next page entries.


Step 3 To submit the specified criteria for the log file, click Submit. The result is returned.

Step 4 To reset all the fields to the default state, click Reset All.


Monitoring the CWM Health Status

You can monitor the current CWM status such as collecting health-related data, reporting significant events to network operators, and browsing through the historical status. For example, network management interface problems can also impact the functionality of CWM such as connection provisioning. The following types of network management health information are monitored:

Switch network management interfaces

CWM components

UNIX, Informix, Orbix, and so forth

Events are grouped into the following categories:

Network-related events—Specifies that CWM has no or little control, for example, IP unreachable, FTP timeouts, and so forth.

CWM internal events—Specifies that CWM has the capability to resolve process crashes, IPC link failures, and so forth.

System events—Causes problems in CWM and requires operator intervention, for example, disk full, low on swap space, and so forth.

To monitor the CWM health status, complete the following procedure:


Step 1 From the CWM Admin GUI window, click the Health Check tab to view health-related data
(see Figure 2-30).

Figure 2-30 Health Check

Step 2 Verify the state for each process. The states are listed in Table 2-25.

Table 2-25 Health States 

State
Definition

disabled

Indicates that the watchdog timer has not started.

enabled

Indicates that the watchdog timer did not start yet.

started

Specifies that the watchdog timer generated the process but did not receive an initialized message yet.

running

Specifies that the event is running in a healthy condition.

failed

Specifies that the event failed even after retries; therefore, the process cannot be regenerated.

stopping

Specifies that the process will shut down.



Configuring the SNMP Community String

The following tasks are used to configure the SNMP community string:

Setting Up Nonstandard Community Strings

Accessing Community Strings and FTP Passwords

Configuring Device Preferences

CWM configures the community strings for SNMP management and supports various multi-service-switching devices.


Caution The community strings on the devices and the community strings used by CWM do not sync up automatically (except at the initial stage when the community strings on the devices are at default). Users have to explicitly change them on both sides (using the Network Configurator on CWM or the command line interface (CLI) on the switch). If this is not done, all SNMP requests (including Robust Trap Management or Node Sync-up) fails, and the CWM database is inconsistent with the network.

The Network Configurator does not require the CWM core to be running; therefore, it is used when the CWM core is up and running or when the CWM core is down.

To configure the SNMP community string, you must change the community strings on the devices through the CLI. Telnet to the switch to configure the community strings at the switches. The community string are configured for the following nodes:

Cisco MGX 8850 PXM45-based

Cisco MGX 8950 PXM45-based

Cisco MGX PXM1E-based (Cisco MGX 8830 and Cisco MGX 8850)

Cisco MGX PXM1-based (Cisco MGX 8230, Cisco MGX 8250, and Cisco MGX 8850)

Cisco SES PNNI Controller

Cisco IGX 8400 series

Cisco BPX 8600 series

Cisco MGX 8220

Table 2-26 describes the various options involved in configuring the SNMP.

Table 2-26 SNMP Configuration Options 

Option
Description

Network Configurator

After saving the community strings information, the CWM processes use the new community strings for SNMP accesses. The Primary CWM also sends the configured community strings to other Secondary CWMs through the CWM Gateways.

For more information, see the "Configuring Nodes" section.

Prior to Release 12, CWM supported configurable community strings for Cisco BPX, Cisco IGX, Cisco MGX 8220, Cisco MGX 8850 (PXM1), and Cisco MGX 8850 (PXM45) nodes. The Network Configurator configures the SNMP community strings for all the nodes managed by CWM. If a node is not configured using the Network Configurator, the default SNMP community strings are used.

Note Adding, modifying, and deleting nodes in the Network Configurator can be done only from the primary CWM. You must enter community strings in the Network Configurator that pertains to the database of a primary CWM station.

Since users must configure the community strings on both the devices through CLI, and at the CWM stations through the Configurator, there is a possibility of typing in mismatched community strings. This results in the node with the mismatched community strings either not discovered or unreachable to CWM.

Note Configured community strings cannot contain underscore ( _ ) or at (@) signs. Also, spaces are not allowed in community strings and FTP passwords.

SNMP access security

Enter the nodeinfocfg command on CWM by using a secured shell to change the community strings and passwords.

For more information, see the "Accessing Community Strings and FTP Passwords" section.

CiscoView

Launch a device management platform called CiscoView to enter the read or write community string for a specified device from the Users Preference window (see Figure 2-32).

For more detailed information, see the "Configuring Device Preferences" section. For instructions on launching CiscoView through CWM, see "Managing Devices."


Setting Up Nonstandard Community Strings

The standard community strings are defined as default community strings. If you configure the standard community strings to a different value, the standard community strings are defined as nonstandard community strings.

To set up nonstandard community strings or to change an FTP password, enter the runConfigurator command at the CLI prompt to use the Configurator GUI to change nonstandard community strings or FTP passwords, which are used by CWM applications.

The following community string defaults for CiscoView are displayed in asterisks (*) from the User Preferences window (see Figure 2-32):

DEFAULT_RO_STRING=public 
DEFAULT_RW_STRING=private 

These strings are used only when

1. The device is not in the user's CV cache already.

2. The device is not in the CWM database.


Note This method will affect only CWM. You must make sure that community strings and passwords within CWM are in agreement with those on the switches.


Accessing Community Strings and FTP Passwords

By using a secured shell (SSH), the nodeinfocfg command sets the SNMP community strings and FTP passwords in CWM. The nodeinfocfg command provides authentication and secure communication on who is entering the command.


Note When CWM is online, all changes are performed only from the primary CWM.


All configuration changes for SNMP and FTP are made to the node_info table when CWM is online or offline. If primary CWM is online, all applications interested in the node_info changes are notified and propagated to all secondary CWMs. If CWM is offline, all changes to the node_info table are assigned only to the local database.


Note Only users with modify permission for the Configurator can change the community strings and passwords.


Table 2-27 lists the functions of the nodeinfocfg command.

Table 2-27 Functions for the nodeinfocfg Command 

Function
Definition

snmp

Configures the SNMP community strings for all nodes or selected nodes.

ftp

Configures the FTP password for all nodes or selected nodes.

list

Lists all node IDs, names, and IP addresses.

help

Prints out the help page for the nodeinfocfg command.


Table 2-28 lists the parameters of the nodeinfocfg command.

Table 2-28 Parameters for the nodeinfocfg Command 

Option
Definition

-m mode

Specifies the mode to change the applicable SNMP community strings. The following are the types of modes:

go—Configures the getString only.

so—Configures the setString only.

gs—Configures both getString and setString.

-u user

Specifies the FTP username for the provided password.

The default is the current username.

-s node_ids

Specifies the node_ids, node_id ranges, or both separated by commas. For example, 1,3,5-12 with no spaces between the comma and number. A range of nodes in the form of n-m is equivalent to listing the nodes as n,n+1,...,m-1,m.

The default is all nodes currently in the node_info table.

-o order-by

Specifies the order-by column name that is used for sorting the result.

The default is id.


The nodeinfocfg command returns 0 for success. If the nodeinfocfg command is not successful, a nonzero value is returned. Table 2-29 lists the exit values and error messages.

Table 2-29 Exit Values and Error Messages for the nodeinfocfg Command 

Exit Value
Description
Message
0

Specifies that the command executed successfully.

1

Specifies that this value is executed with the -s option. If the command was partially successful, some of the node_ids are invalid.

Display the invalid node_ids.
2

Specifies a syntax error.

Display the help page.
3

Specifies that the authentication failed.

Authentication failed.
4

Specifies that the authorization failed.

Permission denied.
5

Specifies that you attempted to run the command from a secondary CWM.

Please run this command from the Primary CWM.
6

Specifies all other errors.


Changing Community Strings

To change the SNMP get community strings for selected nodes, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to change the SNMP get community string for the selected nodes as follows:

azure% nodeinfocfg snmp -m go [-s <node_ids>]

To configure the SNMP get community string for the selected nodes, replace <node_ids> with your chosen node IDs. For parameter definitions, see Table 2-28.

The following example is shown:

tballraker18% nodeinfocfg snmp -m go -s 12-16
execute "snmp"
svplus@tballraker18's password:

Step 3 When you are prompted for a password, you must

a. Enter the applicable UNIX password for svplus.

b. Enter the new get community string.

c. Reenter the new get community string for confirmation.

The following example is shown:

svplus@tballraker18's password: 
ILOG RT-Broker 2.300, licensed to "CISCO Systems"
NewGetString: 
Re-enter NewGetString: 
>>>update through topod<<<
tballraker18%


To change the SNMP set community strings for all nodes, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to change the SNMP set community string for all nodes as follows:

tballraker18% nodeinfocfg snmp -m so
execute "snmp"
svplus@tballraker18's password:
tballraker18%

For parameter definitions, see Table 2-28.

Step 3 When you are prompted for a password, you must:

a. Enter the applicable UNIX password for svplus.

b. Enter the new set community string.

c. Reenter the new set community string for confirmation.

The following example is shown:

svplus@tballraker18's password: 
ILOG RT-Broker 2.300, licensed to "CISCO Systems"
NewSetString: 
Re-enter NewSetString:
>>>update through topod<<<
tballraker18%


To change SNMP set community string for all nodes remotely by using SSH, complete the following procedure:


Step 1 Open the terminal window.

Step 2 Enter both the ssh command and nodeinfocfg command to change the set community strings remotely.

The following example is shown:

tballraker18% ssh -t tballraker18 nodeinfocfg snmp -m so

Note The user entered community strings or password must be shown in asterisks (*); therefore, the -t option of SSH is mandatory when executing snmp or ftp.


For parameter definitions, see Table 2-28.

Step 3 When you are prompted for a password, you must

a. Enter the applicable UNIX password for svplus.

b. Enter the set community string.

c. Reenter the set community string for confirmation.

The following example is shown:

svplus@tballraker18's password: 
ILOG RT-Broker 2.300, licensed to "CISCO Systems"
NewSetString: 
Re-enter NewSetString: 
NewSetString: 
Re-enter NewSetString: 
>>>update through topod<<<
tballraker18%


Changing the FTP Passwords

To change the FTP password for the current FTP user for all nodes, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to change the FTP password for all nodes. The following example is shown:

tballraker18% nodeinfocfg ftp
execute "ftp"
svplus@tballraker18's password:

For parameter definitions, see Table 2-28.

Step 3 When you are prompted for a password, you must:

a. Enter the applicable UNIX password for svplus.

b. Enter the new FTP password.

c. Reenter the FTP password for confirmation.

The following example is shown:

ILOG RT-Broker 2.300, licensed to "CISCO Systems"
NewFtpPassword: 
Re-enter NewFtpPassword: 
>>>On-line mode: update through topod<<<
tballraker18%


To change both the FTP username and password for all nodes, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to change the FTP username as follows:

azure% nodeinfocfg ftp -u ftpuser

For parameter definitions, see Table 2-28.

Step 3 When you are prompted for a password, you must

a. Enter the applicable UNIX password for svplus.

b. Enter the new FTP password.

c. Reenter the FTP password for confirmation.

The following example is shown:

ILOG RT-Broker 2.300, licensed to "CISCO Systems"
NewFtpPassword: 
Re-enter NewFtpPassword: 
>>>On-line mode: update through topod<<<
tballraker18%


Listing Node IDs, Names, and IP Addresses

This section describes how to list node IDs, names, and IP addresses.

To list the node name, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to list the applicable node name.

mgx885013 is the node name that is used in the following example:

azure% nodeinfocfg list mgx885013

ID        NAME                            IP_ADDRESS      
==        ====                            ==========      
1         mgx885013                       172.29.23.116
azure%


To list the node with the applicable IP address, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to list the node with the applicable IP address.

The following example lists the IP address 172.29.23.117:

azure% nodeinfocfg list 172.29.23.117

ID        NAME                            IP_ADDRESS      
==        ====                            ==========      
2         nmsbpx12                        172.29.23.117

azure%


To list the node ID for all the nodes in the node_info table, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the nodeinfocfg command to list the node ID for all the nodes as shown in the following example:

azure% nodeinfocfg list

ID        NAME                            IP_ADDRESS      
==        ====                            ==========      
0         105p2cw3                        172.29.162.107  
1         105p2cw4                        172.29.162.108  
2         105p1cw1                        172.29.162.100  
3         105p1cw3                        172.29.161.104  
4         105p2cw2                        172.29.162.103  
5         105jup5                         172.29.162.119 
azure%

Configuring Device Preferences

To provide fault and configuration management for all the devices, use CiscoView by choosing
Apps > CiscoView. After you choose a device, the front view of the device is displayed
(see Figure 2-31).

Before you can manage your connections, set up you device configurations such as the polling frequency or the number of retries from the SNMP in the User Preferences window.

For information on the LED colors, see Table 5-15 of "Monitoring Network Faults."

Figure 2-31 CiscoView—Front View of Device

Table 2-30 lists the options and tasks for the device preferences.

Table 2-30 Definitions for Device Options 

Option
Task

Telnet

Launches a Telnet window to communicate with the switch.

CCO

Launches your browser and connects to the CCO web page.

Cisco Support

Opens a new case to TAC.

Preferences

Launches a User Preferences window to set SNMP and Community information.

About

Provides information on the version of CiscoView installed on your system.

Help

Launches CiscoView online help.


To configure the device preferences, perform the following procedure:


Step 1 Click Preferences from the CiscoView Main window (see Table 2-30).

The User Preferences window (see Figure 2-32) shows SNMP and Community tabs.

Figure 2-32 User Preferences Window

Step 2 Enter a value in the Chassis Polling Frequency (sec) field to change the polling frequency.

The default value varies by device.

A typical value is every 60 sec. To disable polling frequency, set the value to zero. If you set the polling frequency below 60 sec for a number of devices, it may slow down your network. It is advisable to use low polling frequencies in specific testing situations and increase them when you have finished testing. Do not poll faster than every 5 sec.

Step 3 Enter a new value in the SNMP Timeout (sec) field to change the timeout interval.

A timeout indicates the amount of time it takes to reach a device. If it takes longer than the time specified, the device is considered to be either unreachable or down. The interval value is specified in seconds. The default is 3 sec.

As a guideline, the timeout value should be set to twice the average end-to-end delay in your network. If you have a network with several slow links, you may need to set the timeout to a higher value. If you have only LAN links in your network, a value of 20 sec is reasonable to account for processing delays and timer accuracy. In high traffic situations, you may experience timeouts. You should not reduce the polling frequency because this may cause a general error. Increase the timeout interval if you consistently experience timeouts.

Step 4 Enter a new value in then SNMP Retry Count field to change the number of retries.

The retries value indicates how many times CiscoView retries an unresponsive device. In busy networks, SNMP datagrams can be discarded. The retries value allows the application to continue operation during network problems. A setting of 1 is considered a reasonable value.


Warning Do not increase the retries if the network is slow! The effect may halt the network.


Step 5 Enter the read or write community string in the appropriate field.

You can enter the write community string for a device after you display the device. For example, if you did not specify the write community string when you first opened the device display, you can make changes to a device or a port setting. You can enter the write community string in the Write Community field without exiting and reopening the window.

Step 6 Click the Show MIB Label as radio button to control how parameters appear in the dialogs or tables.

The Alias option displays text labels, which is the default. MIB textual labels are user-friendly aliases of the MIB descriptor. The Descriptor option displays actual variable names (MIB descriptors) used to manage devices, for example, locIfOutBitsSec, is output bits per second.

Step 7 Click OK to affect the changes you have made in the User Preferences window.


Configuring Nodes

To configure nodes, you must use the Network Configurator application. By using the Network Configurator, Java-based application of CWM, you can:

Enable users to add, modify, or delete standalone nodes.

Provide descriptor information, SNMP community strings, FTP information, node name, and IP address information for the nodes in your network.

Disabling the Automatic Node ID

If you are using the Configurator for the first time, you must edit the Topod.conf file located in the /usr/users/svplus/config directory to disable automatic unique node ID generation.

To disable the automatic unique node ID generation, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the cd command to change to the /usr/users/svplus/config directory. The following example is shown:

azure% cd /usr/users/svplus/config

Step 3 Enter the ls command to locate the Topod.conf file.

Step 4 To edit the Topod.conf file, enter the vi command to edit the Topod.conf file. The following example is shown:

azure% vi Topod.conf

# Set the Debug Level
Debug Level  2
#Auto Node Id Generation Flag
AutoNodeId         TRUE
# No of Children to be started by topod
Children linktopoc filetopoc ILMITopoc
# No of networks managed per svmain
NetworkNumber 1
# No of Core Clients
Core emsd rtm eventd

Step 5 To disable the automatic unique node ID generation, change the Auto Node ID Generation flag on line four from TRUE to FALSE.

The following example is shown:

# Set the Debug Level
Debug Level  2
#Auto Node Id Generation Flag
AutoNodeId        false
# No of Children to be started by topod
Children linktopoc filetopoc ILMITopoc
# No of networks managed per svmain
NetworkNumber 1
# No of Core Clients
Core emsd rtm eventd


Starting the Configurator

To start the Configurator, complete the following procedure:


Step 1 Open a terminal window.

Step 2 Enter the runConfigurator command at the prompt as shown in the following example:

azure% runConfigurator <machine name> <login> <password>

Replace <machine name> with the applicable machine. Replace <login> with the username. The default is svplus. Replace <password> with the applicable password. The default is svplus.

The Network Configurator main window (see Figure 2-33) appears that allows you to add, delete, and modify nodes.

Figure 2-33 Network Configurator Main Window


Navigating with the Configurator

This section describes the navigation of the Configurator.

Configurator Menu Bar

The configuration options for user access are available from the menu bar. Table 2-31 provides a complete list of options.

Table 2-31 Configurator Menu Bar 

Menu-Bar Options
Task
File

Save

Saves the node information and modifications.

Exit

Exits the application.

Edit

Node

Provides the following submenu options:

Add—Creates a new node.

Delete—Deletes a node from the node tree.

Modify—Modifies the fields for the SNMP community strings, FTP information, and custom information.


Adding Nodes

To add a new node, complete the following steps:


Step 1 Choose Edit > Node > Add or right-click on a node to choose Add to enter information about the new node from the Network Configurator window.

Step 2 Click the Node tab (see Figure 2-34) to enter the SNMP community string, FTP information, and the node Descriptor information in the appropriate fields.

Click Ok.

Figure 2-34 Node Dialog—Community Strings

Step 3 Click the Other Info tab (see Figure 2-35) to enter the mode, (Connected or Standalone), the MGX Model, the IP Address, and any Parent Information, including Feeder Slot, Feeder Port, Parent Name, Parent Slot, and Port.

Click Ok.

Figure 2-35 Node Dialog—Device Information

The Network Configurator validates the new node by ensuring its IP address and unique node name. The node is displayed in the Network Configurator main window if the node information is valid.

Close the Node Dialog window.

Step 4 Choose File > Save to add your new node information.


Note Changes made using the Network Configurator are not saved in the node_info table until you choose File > Save. If you click Cancel, no changes are made to the node_info table.



Deleting Nodes

To delete a node, complete the following steps:


Step 1 Choose Edit > Node > Delete or right-click on a node to choose Delete from the Network Configurator window.

Step 2 Choose File > Save to delete the node from the node tree.

If the node is successfully deleted, it disappears from the Network Configurator main window.


Note Only standalone nodes can be deleted.



Modifying Nodes

To modify a node, complete the following steps:


Step 1 Choose Edit > Node > Modify or right-click on a node to choose Modify from the expanded node tree from the Network Configurator window. The Node Dialog box appears (see Figure 2-34).

Step 2 Modify the fields for the SNMP community strings, FTP information, and Custom information.


Note You cannot modify the Mode and Model fields.


Click Ok.

Step 3 Choose File > Save to save the node information modifications.


NoteThe new node information is updated on the expanded node tree of the Network Configurator window. Contents of the node_info table can be displayed or edited only through the Network Configurator. Changes made using the Network Configurator are not saved in the node_info table of the database until you click Save. If you click Exit, no changes are made to the node_info table.

Only one instance of the Network Configurator can be used at a time for performing an operation. CWM provides tools that generate a unique node ID, but if multiple sessions of the Configurator are used at the same time, problems can occur.


Starting HP OpenView

To start the HP OpenView application, complete the following steps:


Step 1 From a C-shell window, enter CWM at the prompt.

Step 2 Enter option 1 (Start Core) to start the core process.

Step 3 From another C-shell window, start the HP OpenView application as shown in the following example:

azure% # ovw &

Several windows are displayed including warnings, Event Categories, and status updates. Eventually the Root window is displayed.


Note The WAN network icon in the network node manager is no longer automatically created when running CWM. Use the Network Topology map instead.


From the pull-down menus, you can launch all of the CWM features. Many menu items are disabled until an appropriate element is selected, such as a node in the topology.

The IP map contains the HPOV view of the attached IP network. The CWM map contains the CWM nodes, which are displayed directly from CWM.

Use the buttons in the Event Manager window to view desired event categories.