Installing and Getting Started With CiscoWorks LAN Management Solution 3.1
Getting Started with LAN Management Solution 3.1
Downloads: This chapterpdf (PDF - 1.02MB) The complete bookPDF (PDF - 5.81MB) | Feedback

Getting Started with LAN  Management Solution 3.1

Table Of Contents

Getting Started with LAN  Management Solution 3.1

Before You Start

Accessing CiscoWorks Server

Logging Into the CiscoWorks Server

Understanding the CiscoWorks LMS Portal Home Page

CiscoWorks LMS Portal Home Page

Views

Portlets

Launching LMS Applications

Launching LMS Workflow Demos

Configuring LMS Administration Parameters

Using LMS Setup Center

System Setup and Administrative Tasks

Setting Up CiscoWorks Server

Before You Begin CiscoWorks Server Setup

Understanding Single-Server and Multi-Server Setup

Understanding DCR and Device Management

Understanding Single Sign-On

Understanding AAA Modes

About CiscoWorks Assistant

Methods of Deploying CiscoWorks Server Setups

Setting Up a Single CiscoWorks Server

Manage LMS Server

Set up Device Management Mode

Set up Default Credentials

Add Devices

Manage Devices in the Applications Installed in the LMS Servers

Setting Up Multiple CiscoWorks Servers

Terms and Definitions

Before Setting Up Multi-Servers

Multi-Server Setup Tasks

Integrating CiscoWorks Server with ACS

CiscoSecure ACS Support

CiscoWorks Server Authentication Roles

Before You Begin ACS Integration

Setting Up ACS Server

Changing the AAA Mode to ACS Using the Server Setup Workflow

Assigning Roles to Users and User Groups In ACS

Impact of Installing CiscoWorks Applications in ACS Mode

Verifying LMS Applications and the Cisco Secure ACS Configuration

Managing Devices in CiscoWorks Server

Managing Devices and Credentials

Managing Devices in CiscoWorks Applications

RME Device Management Using cwcli Inventory Command

Adding Adhoc Target Devices to IPM

Preparing to Use LMS Applications

Preparing to Use Campus Manager

Processes and Settings

Data Collection Settings

User Tracking Settings

Starting Topology Services

Configuring SNMP Trap Listener for Dynamic UT to Work in Campus

Preparing to Use Device Fault Manager

Enabling Devices to Send Traps to DFM

Integrating DFM Trap Receiving with NMSs or Trap Daemons

Updating the SNMP Trap Receiving Port

Configuring SNMP Trap Forwarding

Preparing to Use Internetwork Performance Monitor

IPM Application Settings

Auto Allocation Settings

Managing IPM Operations

Working With Collectors

Preparing to Use Resource Manager Essentials

Setting Up Inventory

Setting Up Syslog Analyzer

Setting Up Software Management

Setting Up Configuration Management

Preparing to Use Health and Utilization Monitor

Creating a Poller

Creating a Threshold

Creating a Template

Using CiscoView

Using CiscoView Mini-RMON Manager

Using Device Center

Launching Device Center

Invoking Device Center

Using Integration Utility

Performing Maintenance on Your CiscoWorks Server

Performing Regular Backups

Purging the Data

Maintaining the Log Files

Using CiscoWorks LMS Applications Online Help


Getting Started with LAN  Management Solution 3.1


This chapter helps you to get started with CiscoWorks LMS 3.1.

CiscoWorks LMS 3.1 can be installed and deployed on a single server or multiple server environment.

Depending on the type of setup you select, the following sections explain the tasks that you need to perform to work with and understand the product.

The following sections helps you to use the LMS 3.1 interface effectively:

Before You Start

Accessing CiscoWorks Server

Logging Into the CiscoWorks Server

Understanding the CiscoWorks LMS Portal Home Page

Configuring LMS Administration Parameters

Setting Up CiscoWorks Server

Integrating CiscoWorks Server with ACS

Managing Devices in CiscoWorks Server

Preparing to Use LMS Applications

Performing Maintenance on Your CiscoWorks Server

Using CiscoWorks LMS Applications Online Help

Before You Start

Before you start using the LMS 3.1 applications, you must ensure that:

The network devices that interact with LMS 3.1 are set up correctly.

See Chapter 2, Setting Up Devices on the Network, in the CiscoWorks LAN Management Solution 3.0 Deployment Guide:

http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_white_papers_list.html

See the CiscoWorks LAN Management Solution 3.0 whitepaper for more information:

http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_white_papers_list.html

The license file is installed on your CiscoWorks server.

See the License Information.

Accessing CiscoWorks Server

LMS 3.1 uses port number 1741 to access the CiscoWorks Server in normal (HTTP) mode and port number 443 to access the server in secure (HTTPS) mode by default.

To access the server from a client system, enter any one of these URLs in your web browser:

If SSL is disabled and if you have installed LMS applications on the default port, and enter:

http://server_name:1741

If SSL is enabled, and if you have installed LMS applications on the default port, enter:

https://server_name:443

where server_name is the hostname of the server on which you installed LMS applications.

The CiscoWorks Login page appears.

You can also change the default web server port numbers (for HTTP and HTTPS modes) using the changeport utility. See User Guide for CiscoWorks Common Services 3.2 for more information.

On a Windows system, if you are using HPOV as your third party NMS application, you would require the IIS service to be enabled for HPOV to install and run. The IIS web server runs on SSL port 443, which is the default port for LMS web server, while installing the CiscoWorks applications.

To avoid this conflict, you should change the SSL port number of LMS web server from 443 to some other available port number within the range from 1026 to 65535.

Logging Into the CiscoWorks Server

After you have accessed the CiscoWorks server, to log in for the first time, do the following:


Step 1 Enter the username in the User ID field, and the password in the Password field of the Login page.

The CiscoWorks server administrator can set the passwords to admin and guest users during installation. Contact the CiscoWorks server administrator if you do not know the password.

Step 2 Click Login or press Enter.

You are now logged into CiscoWorks server.

The CiscoWorks LMS Portal home page appears.

See Understanding the CiscoWorks LMS Portal Home Page for more information.


Understanding the CiscoWorks LMS Portal Home Page

The following sections help you to understand the LMS Portal home page and the tasks that you can perform with it:

CiscoWorks LMS Portal Home Page

Views

Portlets

Launching LMS Applications

Launching LMS Workflow Demos

CiscoWorks LMS Portal Home Page

CiscoWorks LMS Portal is the first page that appears when you launch the LMS application. The LMS Portal is designed to give you quick access to important statistics and details of the LMS applications installed on your CiscoWorks server.

CiscoWorks LMS Portal allows you to launch the other LMS applications and provides top-level navigation for frequently-used functions in the LMS applications.

Figure 5-1 displays the CiscoWorks LMS Portal home page.

Figure 5-1 LMS Portal Home Page

1

Views—A page composed to display relevant information, appears as tabs in CiscoWorks LMS Portal.

4

Private Portal—Select the Portal as Private to configure and customize the portlets

2

Portlets—User Interface components that enable you to add information inside a view.

5

Manage Views—Click the Manage View icon to add Views or manage them.

3

Public Portal—Select the Portal as Public to view the portlets added into the Public Portal by the Administrator.

   

The LMS Portal application is built using light-weight GUI components. Hence, it does not require any download or installation of any plug-ins for launching the user interface.

See Table 5-1 for a description of each element.

Table 5-1 Portal Window Elements 

Element
Function

View

In LMS Portal, view is a page that displays a set of relevant information.

LMS Portal comes with four default views such as Functional, System, Network and CS (Common Services).

You can also create your own views and add content. The views are displayed as tabs at the top of the page.

See Configuring LMS Administration Parameters for more information.

Portlets

Enables you to organize information inside a View. The user interface components are managed and displayed in a view.

See Views for more information.

Home

Enables you to view the Portal home page.

Logout

Enables you to exit from the application.

Help

Enables you to view the Online help details. It opens a new window that displays context-sensitive help for the displayed page.

The window also contains buttons that take you to the overall help contents, index, and search tool.

About

Enables you to view the details about the licence information of the application. You can click the links displayed in the page to view the valid purchase licence information.

Private

LMS Portal can be a public portal or private portal. In the private mode you can customize and configure the Views and Portlets. To select Private Portal, go to CiscoWorks LMS Portal and select Private at the top right corner. By default, LMS portal is a private portal.

Public

LMS Portal can be a Public portal or Private portal. In the Public mode you can view all the portlets added by the Administrator.

To select Public Portal, go to CiscoWorks LMS Portal and select Public at the top right corner.

You can select the Public portal to view only the portlets added into the Public portal by the administrator.

Manage View

Enables you to add a View and customize a View using View Settings.

Add Portlet

Enables you to add Portlets and select a layout. You cannot add portlets in the Functional view.


Views

Views are the names of installed LMS applications displayed as tabs in CiscoWorks LMS Portal.


Note The number of Views or tabs vary based on the LMS applications installed on the CiscoWorks server.


Table 5-2 lists the four types of Views.

Table 5-2 Types of Views 

View Name
Description

Functional

Contains portlets that help you to launch the applications installed in the CiscoWorks server.

This view contains information that was displayed in the CiscoWorks home page for versions of LMS earlier than 3.1.

The Functional View contains remotely registered applications. You cannot add or remove portlets, configure or change the look and feel of the portlets in the Functional View.

When you log into CiscoWorks for the first time, the Functional View appears as the default View.

For subsequent logins, you can set any View as the default view.

Network

Contains network-based portlets from the LMS applications. For instance, if you have installed CM you will get the network view portlets from the CM applications.

System

Contains system-based portlets from CS application.

Common Services

By default CS (Common Services) View and its portlets appear when you launch CiscoWorks LMS Portal.

If you have installed RME application (Resource Manager Essentials) an RME View will be displayed along with RME portlets.


For further information on portlets and views, see the Online help or the User Guide for LMS Portal 1.1.

Portlets

Portlets are the basic units of the CiscoWorks LMS Portal. Portlets are application features that can be plugged into, displayed in, and managed using the portal.

You can add, remove, minimize, maximize, modify the look and feel and also configure the portlets in CiscoWorks LMS Portal. You cannot add or remove portlets in the Functional view.

You can also add portlets from a remote server.

You can save your settings on Portlets and Views across login sessions. If you exit out of a session and log into LMS Portal server later, the LMS Portal page displays the portlets according to your settings.


Note The Network Administrator or a System Administrator configures a list of default portlets in a Public Portal before you can view them.


Each portlet contains six icons on the top right corner and they are visible only when you move the mouse over the portlet name.

See Figure 5-2 to understand the Portlet Icons.

Figure 5-2

Portlet Icons

Table 5-3 lists the Portlet icons as indicated in the figure above.

Table 5-3 Portlet Icons

Number
Icon
Function

1

Look and Feel

Set the look and feel for each portlets. This feature is not available for Functional View portlets.

2

Configuration

Enables you to set the configuration, such as the refresh time, and number of jobs displayed and so on. This feature is not available for Functional View portlets.

3

Help

Opens the context-sensitive help for each portlet.

4

Minimize

Hides and restores the content of a portlet.

5

Maximize

Enlarges the size of the portlet.

6

Remove

Removes the portlet from the current view. This feature is not available for Functional View portlets.


For further information on portlets and views, see the Online help or User Guide for LMS Portal 1.1.

Launching LMS Applications

To launch any CiscoWorks application from the CiscoWorks LMS Portal home page:


Step 1 Launch the CiscoWorks Server in your browser as explained in Accessing CiscoWorks Server.

Step 2 Click the respective application link or the Home link of the application's portlet in the CiscoWorks LMS Portal home page.

The respective application's home page appears in a new window.

For example, if you select CiscoWorks Assistant from the LMS Portal home page, the CiscoWorks Assistant home page appears with the following TOC items:

Home

Workflows

Server Setup

Device Troubleshooting

End Host/IP Phone Down

Administration

Log level Settings


For more information on this, see the Online help or the User Guide for CiscoWorks LMS Portal 1.1.

Launching LMS Workflow Demos

The LMS Workflows Demo portlet displays the most frequently used workflows in LMS 3.1. Click on the workflow to view a demo of it.

The workflows that are listed in the portlet are:

Using Baseline templates

Building and exporting a network map using Campus Manager

Discovering the network

Using NetConfig to deploy mass configuration changes

Using SWIM to upgrade device images

Using User Tracking to find an end host by IP or MAC


Note You must enable JavaScript in the browser window and install the latest version of the Flash Player to view the demo.


Configuring LMS Administration Parameters

After you have installed the required applications and verified the installation, you must perform certain system setup and administrative tasks.

You can perform most of the basic system setup and administrative tasks using the LMS Setup Center.

This section explains the following:

Using LMS Setup Center

System Setup and Administrative Tasks

Using LMS Setup Center

LMS Setup Center is part of CiscoWorks LAN Management Solution. The LMS Setup Center also allows you to configure the necessary server settings, immediately after installing LMS software.

You can launch the LMS Setup Center, from the CiscoWorks LMS Portal home page.The LMS Setup Center link is enabled only if the LMS license is detected on the system. The following two menu options are available under LMS Setup Center:

Server Setup

Click on this menu option to launch the CiscoWorks Assistant Server Setup page. You can perform the following Server setup tasks:

Manage Servers

Set Default Credentials

Add Devices

Allocate Devices

Change ACS Setup

For more information on this, see the User Guide for CiscoWorks Assistant 1.1.

Server Settings

Click on this menu option to launch the Server settings page. You can do the following server settings:

System Settings — Configurations that the system needs to function. For example, Backup Schedule and SMTP Server.

Security Settings — Security related settings for the product. For example, Single Sign On and Authentication Mode.

Data Collection Settings — Settings to collect data from the devices. For example, SNMP Timeout and Seed Devices.

Data Collection Schedule — Schedule settings for collecting the data from the server. For example, CM Data Collection Schedule and Inventory Polling Schedule.

Data Purge Settings — Configurations that are necessary for the device to purge data. For example, Syslog Purge and Number Of Configurations To Keep.

For more information on this, see the LMS Setup Center Online help or the User Guide for CiscoWorks Common Services 3.2.

System Setup and Administrative Tasks

The administrative tasks you can perform from each application that you have installed are given below:

Application Name
Administrative Tasks
Launch Point From LMS Portal
Common Services

Manage the CiscoWorks users based on the respective user's access privileges.

You can perform this task using the Local User Setup page.

(Common Services > Server > Security > Single-Server Management > Local User Setup).

Configure the Browser-Server Security. Common Services Server uses Secure Socket Layer (SSL) encryption to provide secure access between the client browser and management server, and also between the management server and devices.

You can enable or disable SSL depending on the need to use secure access.

You can perform this task using the Browser-Server Security Mode Setup page.

(Common Services > Server > Security > Single-Server Management >
Browser-Server Security Mode Setup).

Configure the SMTP server to receive e-mails from the CiscoWorks server.

You can perform this task using the System Preferences page.

(Common Services > Server > Admin > System Preferences).

You can also configure this setting during the Server Setup using CiscoWorks Assistant workflow. See About CiscoWorks Assistant for more information.

Configure the Cisco.com credentials. This information is used while performing some tasks, such as downloading software images, downloading device packages and so on.

You can perform this task using the Cisco.com Connection Management page.

(Common Services > Server > Security > Cisco.com Connection Management > Cisco.com User Account Setup).

Common Services
(continued)

Configure the proxy URL to access the Internet from the CiscoWorks server, if your system is behind a firewall.

You can do this using the Proxy Server Setup page.

(Common Services > Server > Security > Cisco.com Connection Management > Proxy Server Setup).

Resource Manager Essentials

Assign the protocols to be used in RME for Configuration Management and Software Management.

To define the protocol order for fetching and deploying the configuration files, use the Configuration Management page.

(Resource Manager Essentials > Administration > Config
Management)

The available protocols are Telnet, TFTP, RCP, SSH, SCP, and HTTPS.

To define the protocol order for Software image import and distribution, use the View/Edit Preferences page.

(Resource Manager Essentials > Administration > Software Mgmt > View/Edit Preferences)

The supported protocols are: RCP, TFTP, SCP, and HTTP.

Schedule periodic archive of configuration files (with or without configuration polling).

By default, this is disabled.

You can enable this using the Collection Settings page.

(Resource Manager Essentials > Administration > Config Management > Archive Management > Collection
Settings).

Change the default schedule of the device inventory collection and polling.

You can do this by using the System Job Schedule page.

(Resource Manager Essentials > Administration > Inventory > System Job Schedule).

Campus Manager

Schedule Campus Manager Data
Collection.

You can schedule the day, time, and frequency of data collection.

You can define the periodicity for polling the network.

Polling helps you see updated devices and link information without running data collection. Polling is enabled by default.

The default poll interval is two hours.

You can perform this task from LMS Portal by selecting Campus Manager > Administration.

Click Administration and select Data Collection > Schedule Data Collection in the Schedule Data Collection page.

Set up Data Collection Filters.

You can specify IP Address ranges for data collection from LMS Portal using the Data Collection Filters page.

Select Campus Data Collection > Data Collection Filters.

Configure User Tracking acquisition actions.

User Tracking allows you to locate end-user hosts in the network. It collects and presents information gathered by the Asynchronous Network Interface (ANI) Server and held in the ANI database.

You can also use User Tracking to find duplicate connections that could indicate potential problems in your network.

To configure this, from LMS Portal, select Campus Manager > User Tracking and then select Acquisition > Actions in the Actions page.

Device Fault
Manager

Adjust polling and threshold settings.

The Common Services system-defined groups include groups, such as Broadband Cable, Routers, Switches and Hubs, and so on.

These groups have specific polling and threshold settings.

The DFM Polling and Threshold function creates its own corresponding groups based on Common Services and DFM groups. These are:

Polling groups that determine how often group members are polled for data.

Threshold groups that determine acceptable levels of performance and utilization for group members.

You can perform this task from LMS Portal using the Polling and Thresholds page.

Select Device Fault Manager > Configuration > Polling and Thresholds.

Set up notifications.

In addition to watching network conditions as they change on the Alerts and Activities display, you can use DFM notification services to automatically notify users and other systems when specific changes occur on selected devices.

You must create subscriptions for e-mail notifications, DFM-generated SNMP trap notifications, or Syslog
notifications.

You can perform this task from LMS Portal using Device Fault Manager > Notification Services in the Notification Services page.

You can also change event names to names that are more meaningful to you, and these names will appear in the DFM displays and notifications.

Device Fault
Manager
(continued)

Add views to the Alerts and Activities Display.

The Alerts and Activities display provides a consolidated real-time view of the operational status of your network.

When a fault occurs in your network, DFM generates an event (or events). All events occurring on the same device are rolled up into a single alert.

You can perform this task from LMS Portal using the Alerts and Activities Defaults page.

(Configuration > Other Configurations > Alerts and Activities Defaults).

Internetwork
Performance
Monitor

Set the log level.

From LMS Portal, select Internetwork Performance Monitor > Admin > Log Level Settings.

Automatically update the Common Services' Device Credential Repository (DCR) devices.

From LMS Portal, select Internetwork Performance Monitor > Admin >
Application Settings.

See the IP SLA (Internet Protocol Service Level Agreement) probes for the collectors that you configure.

From LMS Portal, select Internetwork Performance Monitor > Admin >
Application Settings.

Set the purge period for historical data and audit reports.

From LMS Portal, select Internetwork Performance Monitor > Admin > Purge Settings.

Health and Utilization Monitor

Set the log level.

From LMS Portal, select Health and Utilization Monitor > Admin > System Preferences > Log Level Settings.

Configure HUM to periodically purge job data that you no longer need.

From LMS Portal, select Health and Utilization Monitor > Admin > System Preferences > Job Purge.

Set Report Publish Location

HUM allows you to publish the PDF, HTML and CSV format of all the reports to a directory location of your choice. This is done by setting a default directory path.

From LMS Portal, select Health and Utilization Monitor > Admin > System Preferences > Report Location.

Health and Utilization Monitor (Continued)

Configure HUM to periodically purge polled data that you no longer need in the database. You can purge data records such as Summarization records, Poller failure records, Threshold violation records, Audit Trail records.

From LMS Portal, select Health and Utilization Monitor > Admin > System Preferences > Data Purge

Configure the frequency of generating Quick Reports

From LMS Portal, select Health and Utilization Monitor > Admin > System Preferences > Quick Report Schedule.

Configure the SNMP timeout and retries.

From LMS Portal, select Health and Utilization Monitor > Admin > System Preferences > Poll Settings

Configure the Notification Interval and the E-mail ID for updates about the Polling Failure

From LMS Portal, select Health and Utilization Monitor > Admin > System Preferences > Poll Settings

Load a new MIB file into HUM using the Load MIB option.

The new MIB file is compiled and stored in HUM. You can use the new MIB file to create new templates by grouping MIB variables.

From LMS Portal, select Health and Utilization Monitor > Admin > System Preferences > Load MIB.


For more information on this, see the individual application's User Guide or see the context-sensitive Online help.

Setting Up CiscoWorks Server

You can setup the CiscoWorks Server in a single-server or multi-server environment.

This section explains the following:

Before You Begin CiscoWorks Server Setup

Setting Up a Single CiscoWorks Server

Setting Up Multiple CiscoWorks Servers

Before You Begin CiscoWorks Server Setup

Before you start to set up your CiscoWorks Server, ensure that you understand the following topics:

Understanding Single-Server and Multi-Server Setup

Understanding DCR and Device Management

Understanding Single Sign-On

Understanding AAA Modes

About CiscoWorks Assistant

Methods of Deploying CiscoWorks Server Setups

Understanding Single-Server and Multi-Server Setup

When all the CiscoWorks applications are installed on a single LMS server, the setup is considered as a Single-server setup.

You can also install the CiscoWorks applications in more than one server for better performance and scalability. This setup is considered as a Multi-server setup. The Multi-server setup requires all servers in the setup to work in synchronization with one another.

To setup with multiple CiscoWorks servers, you must:

Set up Peer Server Account

Set up System Identity User

Set Up Peer Server Certificate

You can also enable Single-Sign On so that you can use your browser session to transparently navigate to multiple CiscoWorks Servers without authenticating to each of them. See Understanding Single Sign-On for more information.

See Setting Up Multiple CiscoWorks Servers for the information on the terms you need to know and the setup instructions.

Understanding DCR and Device Management

The Device and Credential Repository (DCR) is a common repository of devices, their attributes, and credentials, meant to be used by various network management applications.

DCR helps multiple applications share device lists and credentials using a client-server mechanism, with secured storage and communications. The applications can read or retrieve the information.

These applications can also update the information in DCR so that the updated information could be shared with other applications.

DCR also allows you to populate the repository by importing devices from many sources. It also allows you to export device data to be used with third-party network management systems such as NetView and HP OpenView Network Node Manager.

To understand DCR, see the following topics:

DCR Modes

Device Management Modes

See User Guide for CiscoWorks Common Services 3.2 for more information.

DCR Modes

The sharing of device list and credentials among various network management products is achieved through a Client-Server mechanism. The clients are network management applications that use DCR. The server is called the DCR Server.

DCR works based on a Master-Slave model. DCR Server can also be in Standalone mode.

Figure 5-3 explains the DCR Master-Slave interactions.

Figure 5-3 DCR Master-Slave Interaction

Master DCR

The master repository of device list and credential data. The Master hosts the authoritative, or a master-list of all devices and their credentials. All other DCRs in the same management domain that are running in Slave mode, normally shares this list.

There is only one Master repository for each management domain, and it contains the most up-to-date device list and credentials.

Slave DCR

The Slave DCR is a repository that is an exact replica of the Master.

DCR Slaves are slave instances of DCR in other servers and provide transparent access to applications installed in those servers.

Any change to the repository data occurs first in the Master, and those changes are propagated to multiple Slaves. There can be more than one Slave in a management domain.

The Slave:

Maintains an exact replica of the data managed by the Master for the management domain.

Has a mechanism to keep itself synchronized with the Master.

Will first update Master and then update its own repository data. This is in case of repository data updates.


Note If the AAA mode is set to ACS, ensure that all the servers within the DCR Master-Slave domain are in ACS mode.


Standalone DCR

In Standalone mode, DCR maintains an independent repository of device list and credential data. It does not participate in a management domain and its data is not shared with any other DCR. It does not communicate with or contain registration information about any other Master, Slave, or Standalone DCR.

The DCR mode is set to Standalone, by default, after a fresh installation of Common Services on the CiscoWorks Server.

DCR running in Master or Slave mode always has an associated DCR Group ID that indicates the Server's management domain. This Group ID is generated when a DCR is set to Master mode, and communicated to all Slaves that are later assigned to that Master.

In Single-Server Setup, the DCR mode is set to Standalone by default.

Device Management Modes

The Device Management mode determines whether the new devices are automatically managed by CiscoWorks applications.

The possible modes are:

Auto Allocation Off

In this mode, automatic addition of devices to LMS applications is disabled. You can use this option to:

Selectively add devices to the application from DCR.

Add the previously deleted devices back into the application.

You can manually add the devices to LMS applications even if you have selected other modes for device management.

Auto Allocation—All Devices

In this mode, all the devices in DCR are added to the selected LMS application. This is also limited by the LMS license you have purchased.

For example, if you bought a license that allows you to manage 300 devices, you will be able to add and manage only 330 devices (license limit + 10%) in the applications.

Auto Allocation—Allocate by Groups

In this mode, devices that belong to a specific group in Common Services are added to LMS applications. This is also limited by the LMS license you have purchased. You must select the group name for all applications installed in local and peer servers.

New devices added into the group after applying the settings, will be dynamically added into applications.


Note You can change the Device Management mode of LMS applications by either using the respective applications or by using CiscoWorks Assistant Server Setup workflow.


Table 5-4 helps you understand the Device Management modes for the respective applications.

Table 5-4 Device Management Modes

Application
Default Device Management Mode in Application
Description
Campus Manager

Auto Management—All Devices

The devices in DCR are automatically managed in Campus Manager Data Collection.

In Auto mode you can either manage all devices or manage devices in groups. To do so, select Campus Manager > Administration > Data Collection > Device Management > Mode And Policy Settings.

You can also add manually the devices to Campus by selecting Campus Manager > Admin > Data Collection > Device Management > Include Devices.

For more details on this, see the Administering Campus Manager chapter of the User Guide for Campus Manager 5.1.

Device Fault Manager

Auto Allocation Off

You must manually add the devices from DCR into DFM inventory.

To import the devices, select Device Management > Device Import from the DFM home page.

From the device import page, you can also:

Automatically import all devices from DCR.

Automatically import only the devices which you want to import from DCR using the device group filters.

For more information, see the User Guide for Device Fault Manager 3.1.

Internetwork Performance Monitor

Auto Allocation Off

To Manually import DCR devices, go to Internetwork Performance Monitor > Collector Management > Devices > Add Devices.

You can use the Auto Allocation Settings option to enable automatic allocation of devices to IPM from Device Credentials Repository (DCR).

To change the device management settings, go to LMS Portal and select Internetwork Performance Monitor > Admin > Auto Allocation Settings.

For more detailed information on this, see the User Guide for Internetwork Performance Monitor 4.1.

Resource Manager Essentials

Auto Management—All Devices

Whenever you add devices to Device and Credential Repository, RME triggers the Device Auto Management service.

The devices that are added to Device and Credential Repository get automatically added to RME.

You can enable the Device Auto Management setting from Resource Manager Essentials > Admin > Device Mgmt > Device Management Settings.

You can add devices to RME manually from Resource Manager Essentials > Devices > Device Management > RME Devices > Add Devices.

You can add devices to RME using the cwcli inventory command. See RME Device Management Using cwcli Inventory Command for more information.

For more detailed information on this, see the Online Help or see the User Guide for Resource Manager Essentials 4.2.


Understanding Single Sign-On

The Single Sign-On (SSO) feature helps you to use a single session to navigate to multiple CiscoWorks servers without having to authenticate to each of them.

SSO mode can be set as Standalone, Master or Slave. In a single-server setup, the SSO mode is usually set to Standalone.

The following tasks need to be done initially to enable SSO:

One of the CiscoWorks Servers should be set up as the authentication server. The SSO authentication server is called the Master, and the SSO regular server is called the Slave. If there is no SSO Master server configured in your setup, the local server is selected as SSO Master.

Trust should be built between the CiscoWorks Servers, using self signed certificate. You should configure Master's Self Signed Certificate in Slaves.

Each CiscoWorks Server should setup a shared secret with the authentication server. The System Identity user password acts as a secret key for SSO.

See the Enabling Single Sign-On section in User Guide for CiscoWorks Common Services 3.2 for more information.

Understanding AAA Modes

CiscoWorks Server has some built-in security features to authenticate and authorize users to perform the tasks in CiscoWorks applications. CiscoWorks Server also provides a way to select and configure pluggable authentication sources.

To get maximum security protection, CiscoWorks Server can be integrated with Access Control Server (ACS). When integrated all the authentication and authorization transactions are performed by that ACS server.

The following are the AAA modes in CiscoWorks Server:

Non-ACS — Also called CiscoWorks local mode. All the authentication services are provided by the login modules selected.

The available login modules are:

CiscoWorks Local

IBM SecureWay Directory

KerberosLogin

Local UNIX System

Local NT System

MS Active Directory

Netscape Directory

Radius

TACACS+

ACS — See Integrating CiscoWorks Server with ACS for more information.

About CiscoWorks Assistant

CiscoWorks Assistant is a web-based tool that provides workflows to help you to overcome network management and software deployment challenges.

CiscoWorks Assistant provides workflows which contain functionalities that are available across LMS applications. These functionalities are grouped logically to setup and configure the LMS server and to troubleshoot your network devices.

CiscoWorks Assistant supports the following workflows:

Server Setup

Server Setup workflow helps you to create a single or multi-server setup. It also assists you to add and manage devices, as well as configure the AAA mode to ACS.

You can add devices to Device and Credential Repository by performing bulk import from file or NMS, or by using the Common Services Device Discovery.

You can set the Device Management mode to determine whether the new devices added, are automatically managed by CiscoWorks applications.

Device Troubleshooting

You can identify the root cause for device unreachability. The generated Device Troubleshooting report contains the following details:

Device reachability

Alerts and Syslog messages

Differences between the two archived running configurations.

Changes in the device configuration file, inventory, and installed image

Details of the device topology

Check Device Attributes (CDA) information

Details on network inconsistencies, misconfiguration in the physical and logical layout in the discovered network.

End Host/IP Phone Down

You can get the information required to troubleshoot as well as analyze the connectivity issues.

Methods of Deploying CiscoWorks Server Setups

You can either deploy a single-server or multi-server setups:

Using Common Services and other LMS applications

This is a traditional method of deploying single-server setup or multi-server setup in your network. You should manually configure each and every server setup tasks.

Or

Using CiscoWorks Assistant Server Setup workflows

The Server Setup workflow in CiscoWorks Assistant helps you to setup and manage CiscoWorks LAN management Solution (LMS) servers. It helps you to simplify the deployment and setting up of single or multiple LMS servers using the wizard based dialog boxes.

With this workflow, you need not go to each application to perform the server setup tasks.

Figure 5-4 helps you to understand the workflow.

Figure 5-4 Workflow to Deploy a Single CiscoWorks Server

See User Guide for CiscoWorks Assistant 1.1 for instructions on how to navigate within a Server Setup workflow.

This document explains how to set up the CiscoWorks Server using the CiscoWorks Assistant Server Setup workflow.

See Setting Up a Single CiscoWorks Server and Setting Up Multiple CiscoWorks Servers for more information.

Setting Up a Single CiscoWorks Server

To deploy a single CiscoWorks Server in your network, you should perform the following tasks using CiscoWorks Assistant Server Setup workflows:

Manage LMS Server

Set up Device Management Mode

Set up Default Credentials

Add Devices

Manage Devices in the Applications Installed in the LMS Servers

Additionally, you can change the login module of CiscoWorks Server to ACS using the Server Setup workflow. See Integrating CiscoWorks Server with ACS for more information.

Manage LMS Server

The Manage Servers page displays the details of the local CiscoWorks Server that you have configured during CiscoWorks Installation or after the installation using the other CiscoWorks applications such as Common Services and LMS Setup Center.

To modify the server details:


Step 1 Select CiscoWorks Assistant > Workflows > Server Setup > Manage Servers.

Step 2 Select the server by clicking the Host Name/IP Address radio button, and click Edit.

The Edit Server dialog box appears.

This dialog box has pre-populated values in Hostname/IP address, Protocol, Port and Current SSO Settings fields. All fields in the Edit Server dialog box can be edited, except the Hostname/IP address, Protocol, Port, and Current SSO settings fields.

If the server is in SSO Slave mode, you can set is it as SSO Master, by selecting the Set as Master check box.

If the server is in SSO Master Mode, you can change it to Slave mode by selecting the Set as Slave check box. The Set as Slave check box is not present in the local server.

Step 3 Enter the Server Details and Setup parameters in the Edit Server dialog box, and click OK.

Step 4 Click Next.

The Current System Identity User pop-up appears.

In a Single-server setup, if you have provided the admin user name and password, you will not be prompted to enter System Identity User details.

Step 5 Click OK after you enter the System Identity User details.

The New System Identity User window appears.

You can either:

Enter the new System Identity Username and Password, Confirm Password, and click Next

Or

Click Skip to proceed, if you do not want to change the current System Identity User.


Note The System Identity Setup is required when you want to integrate the CiscoWorks Sever with ACS Server or when you want to setup the multi-server. Otherwise, you can skip this step.


The Device Management Mode page appears.

Step 6 Click Next, after you modify the Device Management mode.

If you do not want to change the settings, click Next when you get to this page without making any modifications to the existing Device Management mode. The Skip button is disabled in this page.

The workflow initiates after you click Next. The modifications you made are saved when the tasks are complete.


Set up Device Management Mode

The Device Management mode determines whether the new devices are automatically managed by CiscoWorks applications. By default, the mode is set to Auto Management mode for all installed applications except DFM and IPM. The default mode of DFM and IPM is manual allocation of devices.

However, you can change the Device Management mode when needed.

To set the Device Management mode:


Step 1 Click Next, after adding the server or setting up the System Identity User.

The Device Management Mode page appears.

The possible modes are:

Auto Allocation Off

Auto Allocation—All Devices

Auto Allocation—Allocate by Groups

For details on the above modes, see Device Management Modes.

By default, the Device Management mode shows the current status of device management mode of applications that have been set up in their respective Device Management Settings pages.

Step 2 Select any one of the following from the drop down list for each CiscoWorks server application:

Auto Allocation Off

Auto Allocation—All Devices

Auto Allocation—Allocate by Groups

Step 3 Click Next.

The workflow performs the assigned tasks when you click Next in the Device Management Mode page.

The Manage Servers Progress page appears with the Server Management Status.

The process of checking the status of various tasks might take some time.

You can either:

Set up CiscoWorks Assistant to send you an e-mail notification. You can then exit from the workflow before the tasks are complete. You can come back to view the status after you get the e-mail notification that the tasks have completed.

See Setting up E-mail Notification After Managing Server Tasks in the User Guide for CiscoWorks Assistant 1.1 for details.

Or

Wait until the status check has completed to view the status.

The status on the following tasks are displayed:

Configuring SMTP Server and e-mail.

Device Management mode configuration.

Step 4 Click on the relevant step link to view the detailed status report for that step.

If a step fails, the Last Accessed URL column in the report will display the shortcut URL for that particular step. The column will be blank, if the step is successful.


Set up Default Credentials

Devices added or imported into DCR do not contain all credentials required by the network management applications to manage them. Sometimes this could lead to the failure of application jobs.

The default credentials feature helps you to add or import devices into DCR with the default credentials and prevents the management applications from failing when the network management applications manage the devices added or imported in DCR.

Default credentials are stored in DCR and are not associated with any device. DCR maintains only one default credential set comprising the following credentials:

Primary Credentials (Username, Password, Enable Password)

Secondary Credentials (Username, Password, Enable Password)

SNMPv2c/SNMPv1Credentials (Read-Only Community String, Read-Write

Community String)

SNMPv3 Credentials (Username, Password, Authentication Algorithm, Privacy Password, Privacy Algorithm)

HTTP Credentials (Primary HTTP Username and Password, Secondary HTTP Username and Password, HTTP port, HTTPS port, Current Mode)

Auto Update Server Managed Device Credentials (Username and Password)

RxBoot Mode Credentials (Username, Password)

To set the default device credentials, select CiscoWorks Assistant > Workflows > Server Setup > Set Default Credentials. The Default Credentials page appears.

The following are the set of default credentials that you are required to set in order to complete the server setup:

Set Standard credentials

Set SNMP credentials

Set HTTP credentials

Set Auto Update Server managed Device credentials

Set RxBoot Mode credentials

You can subsequently configure the ACS mode and assign device groups.

For more details, see the Setting Default Credentials section in the User Guide for CiscoWorks Assistant 1.1

Add Devices

You can use this feature to add devices, device properties or attributes, and device credentials to the DCR.

You should have the required privileges to add devices to DCR. Your login determines whether you can use this option.

Methods of Adding Devices

You can add devices to the Device and Credentials Repository (DCR) using the following methods in CiscoWorks Assistant:

Bulk Import from File

You can import device lists, device properties or attributes, and device credentials to the DCR using CSV or XML files.

Bulk Import from Network Management Station (NMS)

You can import device lists and device credentials from the local or remote Network Management Systems.

Device Discovery

Device Discovery allows to discover the devices from the network starting from the seed devices. It updates the device information in DCR. Device Discovery data contains the information about the neighboring devices of seed devices that you have specified.

Note the following about Device Discovery:

You should have the Network Administrator privileges to configure Device Discovery settings and start Device Discovery.

However to view the Device Discovery summary, you should have any one of the following roles assigned to you:

Network Administrator

Network Operator

System Administrator

You can only discover Standard devices and Cluster Managed devices through the Device Discovery feature. You cannot discover AUS Managed and CNS Managed devices from the network.

When DCR or DCR Administration is down, you cannot start Device Discovery. However, you can configure Device Discovery settings.

Scheduled jobs that were started before DCR Administration went down, complete successfully. However, DCR is not updated with the new device credentials returned from Discovery.

You can run Device Discovery in ACS mode and in a Master-Slave setup.

Device Discovery populates the Device and Credentials Repository with the following discovered information:

Host name, System name, sysObjectID, IP Address of the neighboring devices, Status of the device, and the module used to discover the device.

You can configure Device Discovery from Common Services > Device and Credentials > Device Discovery > Discovery Settings.

For complete details on this, see User Guide for Common Services 3.2.

CiscoWorks Assistant allows you to add devices using multiple methods simultaneously. You can add devices using the Import from File feature, and Device Discovery at the same time.

Adding Devices Using Server Setup Workflow

You can use this feature to add devices, device properties or attributes, and device credentials to the Device and Credential Admin.

You should have the required privileges to add devices to DCR. Your login determines whether you can use this option.

Methods of Adding Devices

You can add devices to the Device and Credentials Repository (DCR) using the following methods in CiscoWorks Assistant:

Bulk Import from File

You can import device lists, device properties or attributes, and device credentials to the DCR using CSV or XML files.

Bulk Import from Network Management Station (NMS)

You can import device lists and device credentials from the local or remote Network Management Systems.

Device Discovery

Device Discovery allows you to discover the devices from the network starting from the seed devices. It updates the device information in DCR. Device Discovery data contains the information about the neighboring devices of seed devices that you have specified.

Adding Devices Using Server Setup Workflow

To add devices using the Server Setup Workflow in CiscoWorks Assistant:


Step 1 Go to CiscoWorks Assistant > Workflows > Server Setup > Add Devices.

The Add Devices page appears.

Step 2 Select one or more of the following methods to add devices:

Import From File

Import From NMS (either Local NMS or Remote NMS)

Run Discovery (Common Services Device Discovery)

If you select Import From File:

a. Enter the file name or use the browse button to select the file to import the devices.

b. Select a file format. You should select either CSV or XML.

c. Select either Use data from Import source or Use data from Device and Credential Repository, to resolve conflicts that may occur if the devices are present both in the import source and DCR, but differ in their attributes.

If you select Use data from Import source, the credentials from the import source will be used, and credentials for the device in DCR will be modified.

If you select Use data from Device and Credential Repository, the device credentials in DCR will be used.

d. Select the Use Default Credentials check box to use the default credentials to import the devices. See Set up Default Credentials to know about the default credentials.

If you select Import From NMS and want to import the devices from Local NMS:

a. Select the Network Management System type from the NMS type drop-down list. For the supported versions, see Supported Network Management Systems.

b. Enter the installation location of Network Management System in the Install Location field.

For example: C:\Program Files\HP OpenView

c. Select either Use data from Import source or Use data from Device and Credential Repository, to resolve conflicts that may occur if the devices are present both in the import source and DCR, but differ in their attributes.

If you select Use data from Import source, the credentials from the import source will be used, and credentials for the device in DCR will be modified.

If you select Use data from Device and Credential Repository, the device credentials in DCR will be used.

d. Select the Use Default Credentials check box to use the default credentials to import the devices. See Set up Default Credentials to know about the default credentials.

If you select Import From NMS and want to import the devices from Remote NMS:

a. Select the Remote NMS check box.

b. Select the Network Management System type from the NMS type drop-down list. For the supported versions, see Supported Network Management Systems.

c. Select the Operating System type from the OS type drop-down list.

d. Enter the host name, root username, and install location in the corresponding fields.

If you select the NMS type as ACS, enter the root password, port and protocol along with the hostname and root username in the corresponding fields.

e. Select either Use data from Import source or Use data from Device and Credential Repository, to resolve conflicts that may occur if the devices are present both in the import source and DCR, but differ in their attributes.

f. If you select Use data from Import source, the credentials from the import source will be used, and credentials for the device in DCR will be modified.

g. If you select Use data from Device and Credential Repository, the device credentials in DCR will be used.

h. Select the Use Default Credentials check box to use the default credentials to import the devices. See Set up Default Credentials to know about the default credentials.

If you select Run Discovery:

a. You need to select any one of the following Discovery modules :

Address Resolution Protocol

Border Gateway Protocol

Open Shortest Path First Protocol

Routing Table

Cisco Discovery Protocol

Ping Sweep On IP Range

Cluster Discovery

Hot Stand by Router Protocol

b. You need to give the following inputs for the Seed Devices Tab:

IP Address or hostname of the seed device

Number of hops in the Hop Count field

For Cisco Discovery Protocol, you can select the Jump Router Boundaries option, to extend Discovery beyond the boundaries set by routers on your network.

You must be cautious about enabling Discovery to occur beyond router boundaries. Discovery could take much longer if you do not selectively choose the boundaries by excluding specific IP addresses.

Enter the following fields that appear only for Ping Sweep On IP Range Discovery module.

ICMP Retry— No of retries to connect to a device using ICMP protocol if the device is not reachable or network is down. The default is 1 retry.

ICMP Timeout— Time within which the device should send its response to the network. The default timeout is 1000 milliseconds.

InterPacket Timeout—Time delay between two ICMP packets. The default timeout is 20 milliseconds.

c. In the SNMP Tab:

You can configure SNMP credentials to run Device Discovery. You must configure either SNMPv2 or SNMPv3 credentials.

For SNMP v2, enter the following details:

SNMP Version—Version of the SNMP protocol

Target—Target device.

Read Community—Read community string.

Time Outs—Time period after which the query times out.

Retries—Number of attempts.

Comments—Remarks, if any.

For SNMP v3, enter the following details:

Target—Target device.

User Name—Name of the user who has access to views configured on the device.

Auth Password—SNMP V3 authentication password used to operate the devices in AuthNoPriv and AuthPriv modes.

Auth Algorithm—SNMP V3 authentication algorithm used in AuthNoPriv and AuthPriv modes. The authentication algorithm can be MD5 or SHA-1.

Privacy Password—SNMP V3 privacy password of the device in AuthPriv mode.

Privacy Algorithm— SNMP V3 privacy algorithm used in AuthPriv mode. The privacy algorithm can be DES, 3DES, AES128, AES192, and AES256.

Time Outs—Time period after which the query times out.

Retries—Number of attempts.

Comments—Remarks, if any.

d. Filter Settings tab

Filters allow you to include or exclude devices from the network.

You can select a filter from the Use Filter drop-down list. The supported filters are:

IP Address

DNS Domain

SysObjectID

For SysObjectID filter, you can either enter the value manually or select a SysObjectID from the Device Type Selector. The Device Type Selector appears after you have selected a SysObjectID filter from the Use Filter drop-down list.

SysLocation

You can either include or exclude a filter by selecting either the Include or Exclude radio buttons. From the filter settings you can add and delete a filter.

e. Global Settings Tab:

Preferred DCR Display Name This can be any of these:

IP Address—Preferred management IP Address of the device.

Hostname—DNS resolvable name of preferred management IP Address.

FQDN — Fully Qualified Domain Name. This consists of a hostname and a domain name.

Preferred Management IP Address—This can be any of these:

Use LoopBack Address—Resolves the server name by loopback address. If the device has an IP address for LoopBack Interface, the device is managed using this IP address.

If there are multiple Loopback IP addresses, one of them is used to manage the device.

Resolve By Name—Select this option if you have configured the device with DNS Name. This name is fetched from DNS during Discovery.

Resolve By Sysname—Contacts the DNS server to get the device hostname.

None —Select this option if you do not want to manage the devices with the preferred management IP Address. If you select this option, the devices are added in DCR with their IP Addresses.

The Resolve By Name option is the default option for this field.

Add Discovered Devices to a Group— Select this checkbox to add the discovered devices to a group.

Group Name—Displays the name of the group you have selected already. You can also change the group name.

Click Select. The Select a Group popup window opens. You can specify a new group name or select an existing group. The Select button is enabled only when the Add Discovered Devices to a Group option is enabled.

Use Default Credentials—When you select this option, devices that are discovered and updated to DCR will be associated with the default credentials.

Update DCR Display Name—Select this option to update the Display Name of Device in DCR.

E-mail— Enter a valid e-mail ID in this field. Multiple e-mail IDs are not allowed in this field. The system uses the e-mail ID to notify you about the status of the Device Discovery jobs.

Step 3 Click Next to go to Manage Devices wizard.


Manage Devices in the Applications Installed in the LMS Servers

You can select devices from the device selector and add it to the application with which you want the device to be managed.

You can also:

View Device Management status

Use Device Selector to search for devices in DCR

To manage devices:


Step 1 Select CiscoWorks Assistant > Workflows > Server Setup > Allocate Devices.

The Manage Devices page appears.

Step 2 Go to the Device Selector and select the devices that you want to add.

Step 3 Select the applications to which you want to allocate the devices.

Initially, devices must be added to DCR. After a device is added to DCR, you can add it to the applications.

Step 4 Click Add Devices to add devices.

Or

Click Reset to reset the added devices in the application.

The Manage Devices screen displays:

LMS Server—LMS Server IP Address

Applications—Applications installed in the LMS Server

Selected Devices—Number of devices selected to add in that application

Step 5 Click Next to complete the Manage Devices tasks.

The Device Management Progress page appears. You can view the Device Management status in this page.

The Server Setup Summary page appears with a summary of Session details, Server Summary and the Operational details. For more details, see the Viewing Server Addition Summary section in the User Guide of CiscoWorks Assistant 1.1.

After adding devices, you can:

View Device Allocation Summary

Search for Supported Devices


View Device Allocation Summary

In the Device Allocation Summary portlet, you can view the summary of all the devices managed by each application. The portlet also displays the details of the devices that are not managed by the corresponding application.

In a Master- Slave setup when the same device is managed by both Master and Slave in an application, it creates a duplicate entry. However, the Device Allocation Summary portlet displays the count after deleting the duplicate entry.

Table 5-5 lists the Device Allocation Summary portlet details.

Table 5-5 Details of Device Allocation Summary

Field
Description

Application

Displays the name of the applications managing devices such as Resource Manager Essentials (RME), Device Fault Manager (DFM), Health and Utilization Monitor (HUM), Campus Manager (CM) and Internetwork Performance Monitor (IPM).

Managed Devices

Displays the number of devices managed by the corresponding application.

You can click Device Count to launch the devices managed by the Application report. The report displays the server name and the managed device count.

Total no.of devices in the server

Displays the total number of devices in the server.

Devices not managed by any application.

In Non-ACS mode:

Displays the total number of devices not managed by any of the application.

In ACS mode:

Displays the total number of devices neither configured in ACS nor managed by any of the application.


Search for Supported Devices

The Supported Device Finder portlet enables you to view the details of the devices that are supported in various LMS applications such as Resource Manager Essentials (RME), Campus Manager (CM), Device Fault Manager (DFM), and CiscoView.

By default the Supported Device Finder portlet is added in the System View.

This portlet enables you to:

Locate the supported devices in the LMS applications

Get the latest updates on devices that are supported and those that will be supported in the upcoming releases.

Raise a request through email to support a new device if it is not supported.

You can search the support of devices added to the DCR using the following search options:

IP Address

Host Name

Display Name

Model Name

SysObjectID

To search using Supported Device Finder portlet:


Step 1 Select an option from the drop-down list and enter the corresponding value in the field and click Submit.

For example, if you have selected SysObjectID as the option, enter the SysObjectID in the field.

If the device is supported, the following details appear in the portlet:

SysObjectID

Model Name

Application Name along with Support details and Comments.

If the device is not supported in the current installation the following message appears:

The device is not supported. Click here for more information.

If the requested device is supported in later releases, and not available with your present installation, the following message appears:

Not supported in Installed version <<version number>>.Support available in version << version number>>


Note If the device is currently not supported with your existing package, you can install the latest IDU from Cisco.com to get device support.


If the requested device is not supported in any releases, the following message appears:

The device is not supported. Click here for more information.

Step 2 Click the Click Here link.

A pop-up box appears with the following information:

OK button—To raise a request for the unsupported device.

Disclaimer : Please note that all efforts will be made to provide support to this request. However, we cannot commit to a time-period at present.

Links to the latest device updates on Campus Manager, Device Fault Manager and CiscoView

Link to the Supported Devices Table

Step 3 Click OK to raise a request for SysobjectID or Model name

The SysobjectID or the Model Name appears based on the entries made in the portlet.

The default mail client is launched.

The To field and Subject field have the following address and entries:

To field: lms-dev-supreq@external.cisco.com

Subject field: Request for new Device Support SysobjectID or Model name

Body: Lists the application names.

Step 4 Enter Yes against the respective application names for which device support is required.

Step 5 Click Send to send a request.


Setting Up Multiple CiscoWorks Servers

You can set up a multi-server environment by performing the following:

Terms and Definitions

Before Setting Up Multi-Servers

Multi-Server Setup Tasks

Terms and Definitions

Before you set up a multi-server environment you should know the following terms and definitions:

Peer Server Account Setup

System Identity Setup

Peer Server Certificate Setup

Peer Server Account Setup

Peer Server Account Setup helps you create users who can programmatically login to CiscoWorks servers and perform certain tasks. These users should be set up to enable communication among multiple CiscoWorks servers. You can set up the Peer Server account in Common Services.

See the Setting Up Peer Server Account section in User Guide for CiscoWorks Common Services 3.2 for more information.

System Identity Setup

Communication among multiple CiscoWorks servers is enabled by a trust model addressed by certificates and shared secrets. System Identity setup should be used to create a trust user on peer servers to facilitate communication in Multi-server scenarios. This trust user is called System Identity User.

A default System Identify User admin is created during installation. While installing, you must enter the password for System Identity user. This password can be different from the password you provide for the admin user to log in to CiscoWorks.

You can also create the System Identity User using Common Services or using the Server Setup workflow of CiscoWorks Assistant.

Peer Server Certificate Setup

Peer Server Certificates are used to allow one CiscoWorks server to communicate with another, using SSL. In a multi-server setup, you have two or more servers on which CiscoWorks applications are installed. CiscoWorks allows you to add the certificate of another CiscoWorks server (a peer server) into its trusted store.

Before Setting Up Multi-Servers

Before you begin to setup Multi Servers, you need to:

Decide on the DCR Master Server

Decide on the SSO Master Server

Import Peer Server Certificates in all the Servers in the Setup

Decide on the DCR Master Server

In a Multi-Server setup, Server Setup workflow runs only on the DCR Master server.

You can set up the DCR mode of the server which you want work as a Master and run the Server Setup workflow in that Master server.

In Server Setup workflow, the local server will be treated as DCR Master server if the setup is converted from Single-Server setup to Multi-Server setup. In other words, the DCR mode of the local server will be changed from Standalone to Master, if you add a new server to the local server.

Decide on the SSO Master Server

A Multi-Server setup must have one SSO Master. The other LMS servers must be in SSO Slave mode. If there is no SSO Master server configured in your setup, the local server is set as SSO Master.

You can configure any other server in the setup as a SSO Master. It is not mandatory that the local server serving as DCR Master be configured as SSO Master.

If the SSO Master is not reachable, you cannot perform any operation in the Server Setup workflow. Also, if any of the servers is unreachable, you cannot perform the Manage Servers and Change ACS Mode Setup steps.

Import Peer Server Certificates in all the Servers in the Setup

You should import the peer server certificate details in all other servers in the same domain. See Peer Server Certificate Setup for more information.

Multi-Server Setup Tasks

To deploy multiple CiscoWorks Server in your network, you should perform the following tasks using CiscoWorks Assistant Server Setup workflows:

Manage CiscoWorks Servers

Set up Device Management Mode For Applications in All Servers

Set up Default Credentials in DCR Master

Add Devices to DCR

Manage Devices in the Applications Installed in All DCR Servers


Note The Server Setup workflows runs only on DCR Master server.


Additionally, you can change the login module of CiscoWorks Server to ACS using the Server Setup workflow. See Integrating CiscoWorks Server with ACS for more information.

Manage CiscoWorks Servers

The Manage Servers page displays the CiscoWorks Server Details. This page allows you to:

Edit local server details

Add server details

View server details

Set up System Identity User

Set up the Device Management mode

Delete server

For more information on this, see the Online Help or the User Guide for CiscoWorks Assistant 1.1.

This section explains the following:

Editing Local Server

Adding Server Details

Editing Local Server

To edit a server:


Step 1 Select CiscoWorks Assistant > Workflows > Server Setup > Manage Servers.

Step 2 Select the server by clicking the Host Name/IP Address radio button, and click Edit.

The Edit Server dialog box appears.

This dialog box has pre-populated values in Hostname/IP address, Protocol, Port and Current SSO Settings fields. All fields in the Edit Server dialog box can be edited, except the Hostname/IP address, Protocol, Port, and Current SSO settings fields.

If the server is in SSO Slave mode, you can set it is as SSO Master, by selecting the Set as Master check box.

If the server is in SSO Master Mode, you can change it to Slave mode by selecting the Set as Slave check box. The Set as Slave check box is not present in the local server.

Step 3 Enter the Server Details and Setup parameters in Edit Server dialog box, and click OK.

Step 4 Click Next.

The Current System Identity User pop-up appears.

Step 5 Enter the System Identity User details.

In a Multi-server setup, if you have provided admin user name and password for all servers, you will not be prompted to enter System Identity User details.

Step 6 Click OK.

The New System Identity User window appears.

Step 7 Either:

Enter the new System Identity Username and Password, Confirm Password, and click Next.

Or

Click Skip if you do not want to change the current System Identity User.

The Device Management Mode page appears.

Step 8 Click Next, after you modify the Device Management Mode.

If you do not want to change the settings, click Next when you get to this page without making any modifications to the existing Device Management mode. The Skip button is disabled in this page.

The workflow initiates after you click Next. The modifications you made are saved when the tasks are complete.


For more information on this, see the Online Help or the User Guide for CiscoWorks Assistant 1.1.

Adding Server Details

To add a CiscoWorks server:


Step 1 Select CiscoWorks Assistant > Workflows > Server Setup > Manage Servers.

Step 2 Click Add.

The Add Server dialog box appears.

Step 3 Enter the following server details:

Hostname/IP Address—Hostname or IP Address of the CiscoWorks server. If the server you add is in DCR Master mode, or if it is the Slave of another DCR master, it will not allow you to add the server.

Administrator Username—Admin username for the server.

Administrator Password—Admin password for the server.

Protocol—Protocol of the server. Select HTTP or HTTPS from the drop-down list.

Port—Port Number of the CiscoWorks server.

If the DCR Master (local server) is in ACS mode, you should enter the Network Device Group (NDG) details.

This should be the NDG to which the DCR Master server is added. CiscoWorks Assistant will convert the server you add here into ACS mode, after the Manage Servers workflow has successfully completed.

After the workflow has successfully completed, if the server you are adding has already been integrated with another ACS server, it will get integrated to the ACS server to which the DCR Master (local server) is integrated.

If you add a server that is already registered with the same ACS server as the DCR Master (local server), CiscoWorks Assistant re-integrates the server with the same ACS server.

After integration, all custom roles that you have created in the ACS server for the CiscoWorks applications will be lost.

You must restart the Daemon Manager in the server that you have added, after the Manage Server Step is complete. If you have added multiple servers, you must restart the Daemon Manager in all servers that you have added.

If the DCR Master is in CiscoWorks Local mode, you cannot add a server that is in ACS mode.

Step 4 Click Next to continue.

CiscoWorks server is contacted to validate the Device and Credential Repository settings, and to fetch the Certificate information.


For more information on this, see the Online Help or the User Guide for CiscoWorks Assistant 1.1.

Set up Device Management Mode For Applications in All Servers

You can set up the device management mode of all applications in DCR Master and one or more DCR Slave servers from the DCR Master machine.

Setting up the device management mode for a multi-server setup is similar to the process followed in a single-server setup. See Set up Device Management Mode and perform the steps as indicated here.

Set up Default Credentials in DCR Master

Setting up the default credentials for a multi-server setup is similar to the process followed in a single-server setup. See Set up Default Credentials and perform the steps as indicated here.

You can set up Default Credentials only in DCR Master server.

Add Devices to DCR

Adding devices to the DCR for a multi-server setup is similar to the process followed in a single-server setup. See Add Devices and perform the steps as indicated here.

You can add devices to DCR using the Bulk Import From File and Bulk Import From NMS options only from DCR Master server.

Manage Devices in the Applications Installed in All DCR Servers

You can select devices from the device selector and add it to the application with which you want the device to be managed in a multi-server setup. It is similar to the process followed in a single-server setup. See Manage Devices in the Applications Installed in the LMS Servers and perform the steps as indicated here.

The Server Setup Summary page appears at the end with a summary of Session details, Server Summary and the Operational details. For more details, see the Viewing Server Addition Summary section in the User Guide of CiscoWorks Assistant 1.1.

Integrating CiscoWorks Server with ACS

CiscoWorks login modules allow administrators to add new users using a source of authentication other than the native CiscoWorks Server mechanism (that is, the CiscoWorks Local login module). You can use Cisco Secure ACS services for this purpose.

This section explains the following:

CiscoSecure ACS Support

CiscoWorks Server Authentication Roles

Before You Begin ACS Integration

Setting Up ACS Server

Changing the AAA Mode to ACS Using the Server Setup Workflow

Assigning Roles to Users and User Groups In ACS

Impact of Installing CiscoWorks Applications in ACS Mode

Verifying LMS Applications and the Cisco Secure ACS Configuration

CiscoSecure ACS Support

CiscoWorks Common Services supports ACS mode of authentication and authorization.

To use this mode, you must have a Cisco Secure ACS (Access Control Server), installed on your network. Common Services 3.2 supports the following versions of Cisco Secure ACS:

Cisco Secure ACS 3.2 for Windows Server

Cisco Secure ACS 3.2.3 for Windows Server

Cisco Secure ACS 3.3.2 for Windows Server

Cisco Secure ACS 3.3.3 for Windows Server

Cisco Secure ACS 3.3.4 for Windows Server

Cisco Secure ACS 4.0.1 for Windows Server

Cisco Secure ACS 4.1 for Windows Server

Cisco Secure ACS 4.1.1 for Windows Server

Cisco Secure ACS 4.1.4 for Windows Server

Cisco Secure ACS 4.2 for Windows Server

Cisco Secure Appliance 3.3.3

Cisco Secure Appliance 3.3.4

Cisco Secure Appliance 4.0.1

Cisco Secure Appliance 4.1

Cisco Secure Appliance 4.1.1

Cisco Secure Appliance 4.1.4

Cisco Secure Appliance 4.2

We recommend that you install the Admin HTTPS PSIRT patch, if you are using ACS 3.2.3.

To install the patch:


Step 1 Go to http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-acs-win.

You must enter Cisco.com username and password after you launch this URL.

Step 2 Click the Download CiscoSecure ACS Software (Windows) link.

You can find the link to the Admin HTTPS PSIRT patch, in the table.


CiscoWorks Server Authentication Roles

By default, the CiscoWorks server authentication provides the following roles. They are listed here from least privileged to most privileged:

1. Help Desk

2. Approver

3. Network Operator

4. Network Administrator

5. System Administrator

6. Super Admin (in ACS mode and on ACS Server only)


Note See User Guide for CiscoWorks Common Services 3.2 for information about CiscoWorks Server Authentication Roles.


The CiscoWorks Server provides the Super Admin role in ACS mode. This role can perform all CiscoWorks operations including the administration and approval tasks.

You cannot assign a local user with this role. You can assign this role to a user only on CiscoSecure ACS Server and only when your login module is set to ACS. This role is not visible in CiscoWorks local mode and during the local user setup in CiscoWorks Server.

We recommend that you do not modify the default CiscoWorks roles. However, you can create your own custom roles on Cisco Secure ACS. See Assigning Roles to Users and User Groups In ACS for more information.

For more information, see User Guide for CiscoWorks Common Services 3.2.

Before You Begin ACS Integration

Before you integrate the CiscoWorks Server with ACS, ensure that you:

1. Set up a System Identity User in CiscoWorks Server

You can either use the Common Services or the CiscoWorks Assistant Server Setup workflow to configure a System Identity User.

2. Assign all the local user privileges to System Identity User in CiscoWorks Server

You should add the System Identity User as a local user and assign all the privileges in CiscoWorks Server.

See the Setting up Local Users section in User Guide for CiscoWorks Common Services 3.2 to configure System Identity User configured as a local user and assign all privileges in CiscoWorks Server.

If System Identity User is not configured with all local user privileges, authorization fails when you try perform certain tasks in CiscoWorks Server.

Setting Up ACS Server

You should perform the tasks in ACS before you change the AAA mode of CiscoWorks Server to ACS.

1. Configure ACS Administrators in ACS Server

You should configure the ACS administrators with all privileges in ACS. The ACS administrator account in ACS is required to:

Access the ACS server from any remote machine.

Enter the login details during the AAA mode setup in Common Services.

Only then does authentication occur from the ACS Server.

Also, if you do not configure the ACS administrative user with all the privileges, the application registration with ACS will fail.

2. Create a Network Device Group

Network Device Groups (NDGs) are collection of AAA clients such as servers and network devices.

You should add the group of servers and network devices only under a NDG. You can use the existing NDGs or you can create a new NDG for this purpose.

If you want to use an existing NDG, this step is optional.

3. Add CiscoWorks Server and Network Devices as AAA Clients

You should configure the following as AAA Clients in ACS Server:

CiscoWorks Server

You should manually add the DCR Master server as an AAA client in ACS, before you change the mode to ACS.

When you use CiscoWorks Assistant Server Setup workflow, the workflow converts the AAA mode of other servers in the multi-server setup to ACS mode.

Devices managed by CiscoWorks Server

You should add the devices managed by CiscoWorks in ACS after you have configured the CiscoWorks Server as a AAA client.

If you do not configure the devices as AAA clients in ACS, the devices will not be visible in CiscoWorks Server after the integration.

If you use CiscoWorks Assistant Server Setup workflow to change the AAA mode to ACS, the missing devices are added to the NDG you specify.

4. Configure the CiscoWorks Administrative Users in ACS

You should add CiscoWorks System Identity User and other CiscoWorks administrators in ACS. Otherwise if you log in as a user configured only in Common Services, authentication will not happen.

You can create a user group in ACS and add all users to that user group.

See the following documents on Cisco.com for details how to perform each of the above tasks:

User Guide for Cisco Secure Access Control Server 3.x and 4.x

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_list.html

User Guide for CiscoWorks Common Services 3.2

http://www.cisco.com/en/US/products/sw/cscowork/ps3996/products_user_guide_list.html

CiscoWorks LMS Integration with Cisco Secure ACS whitepaper

http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_white_papers_list.html

Changing the AAA Mode to ACS Using the Server Setup Workflow

To change the mode to ACS:


Step 1 Select CiscoWorks Assistant > Workflows > Server Setup > Change ACS Setup.

CiscoWorks Assistant checks whether there are pending devices in DFM and RME. If CiscoWorks Assistant finds any pending devices, the Pending Device Count table is displayed with the following details:

Server—Server name.

Application—The application that contains pending devices. The values will be DFM or RME.

Pending Count—Number of pending devices.

Details—The reason why CiscoWorks Assistant could not fetch the pending device count. This column will be blank if the pending devices count is found.

Along with the table, a Notification pop up window appears with the following message:

Pending devices exist or could not check for pending devices in some LMS applications

Step 2 Click OK.

Step 3 Click Next.

A confirmation pop up appears with the following message:

LMS server(s) ACS configuration will not be proper if there are pending devices in the LMS applications. Make sure there are no pending devices and click OK to continue.

To get further details on pending devices in the applications, go to:

RME > Devices > Device Management > Pending Devices

Device Fault Manager > Device Management > Device Summary

See RME and Device Fault Manager User Guides for more information on pending devices.

Step 4 Click OK.

The Change ACS Setup page appears.

Step 5 Select the Change Mode to ACS check box and click Next to go the Configure ACS Mode page.


Note Ensure that the local server is an AAA client to ACS server.


Step 6 Click OK on the Notification pop-up window to continue with the ACS Mode change.

Step 7 Enter the required information in the ACS Mode Setup table to change the login mode to ACS.

If the DCR Master (local server) is already in ACS mode, the fields other than the passwords and secret keys will be pre-populated.

Step 8 Select Register all installed applications with ACS, if you are registering the applications for the first time.

In case an application is already registered with ACS, the current registration will overwrite the previous registration.

When you select the Register all installed applications with ACS check box, you are prompted to confirm whether you want to continue with the settings.

See Common Services Online Help for details.

Step 9 Select the HTTP or HTTPS radio button under Current ACS Administrative Access Protocol.

Step 10 Click Next to complete the mode change.

The Configure ACS Mode Progress page is displayed. You can view the ACS mode configuration status in this page.


Note Restart Daemon Manager after you configure ACS Mode for the changes to take effect.



Assigning Roles to Users and User Groups In ACS

After authentication, your authorization is based on the privileges that have been assigned to you. A privilege is a task or an operation defined within the application. The set of privileges assigned to you, defines your role.

You can either:

Assign predefined roles to CiscoWorks Users in ACS.

Or

Create custom roles and assign them to CiscoWorks Users in ACS.

You ensure that the CiscoWorks user or the user group has been assigned the proper privileges in ACS mode. You can assign a desired role to the user or user group, or assign roles on an NDG basis.

See the following topics in User Guide for CiscoWorks Common Services 3.2 for more information:

Roles in ACS

Assigning Roles to Users and User Groups in ACS

Impact of Installing CiscoWorks Applications in ACS Mode

We recommend that you integrate CiscoWorks server and Cisco Secure ACS after installing all of the LAN Management Solution applications.

If you install any application on the CiscoWorks Server when AAA mode is set to ACS, you might be prompted with a message to re-register the application with ACS.

For example, if you have integrated CiscoWorks server and Cisco Secure ACS before installing any application, you are prompted with this message at the time of installation of the selected application:

CiscoWorks Server is in ACS mode

The application that you are installing requires new tasks to be registered with ACS. If you have already registered this application with ACS from another server, you do not need to register it again. However if you re-register the application, you will lose any custom roles that you had created earlier for this application in ACS.

Enter (Y)es to Register, (N)o to continue without registering,

(Q)uit: [N]

If you enter Y, the application gets registered with ACS server.

If you enter N, the application does not get registered with ACS server.

After installation, you can register RME 4.2 with ACS server, using the AcsRegCli.pl script:

/opt/CSCOpx/bin/perl /opt/CSCOpx/bin/AcsRegCli.pl -register rme

When you re-register, the custom roles you have created may be lost.

If you have installed your application after configuring the CiscoWorks Login Module to ACS mode, the application users are not granted any permission.

However, the application is registered to the Cisco Secure ACS. On the
Cisco Secure ACS server, you must assign the appropriate permissions to the application.

Multiple instances of same application using same Cisco Secure ACS will share settings. Any changes will affect all instances of that application.

If application is configured with Cisco Secure ACS and then the application is reinstalled, the application will inherit the old settings.

Verifying LMS Applications and the Cisco Secure ACS Configuration

After performing the above mentioned tasks on Cisco Secure ACS server, login to CiscoWorks with the username as defined in the Cisco Secure ACS.

Based on your privilege on the Cisco Secure ACS, you can perform only certain tasks on the CiscoWorks Server.

For example, if your privilege is of Help Desk, you can only view the Device Summary.

You can view only certain devices in the CiscoWorks Server. This depends on the Network Device setting for the User/Group on the Cisco Secure ACS.

Managing Devices in CiscoWorks Server

This section contains the following:

Managing Devices and Credentials

Managing Devices in CiscoWorks Applications

Managing Devices and Credentials

You can also add devices to DCR using the Device Management page (Common Services > Device and Credentials > Device Management).

You can use the Device and Credential Repository Administration to:

Edit device identity

Edit device credentials

Import bulk devices

View the list of devices on CiscoWorks Server

Export devices

Exclude devices

Delete devices

You can use the device selector to search and select the devices for performing device management tasks.

For more information on the Device and Credential Repository, see the Online Help or the User Guide for CiscoWorks Common Services 3.2.

Managing Devices in CiscoWorks Applications

You can manage the devices and allocate them to be managed by the applications installed in the CiscoWorks servers.

See the following sections for information on managing devices in CiscoWorks applications using CiscoWorks Assistant.

Device Management Modes

Setting Up a Single CiscoWorks Server

Setting Up Multiple CiscoWorks Servers

Apart from the device management tasks you perform as part of CiscoWorks Assistant Server Setup, you can manage the devices in the applications.

See Table 5-4 to understand about:

Default Device Management modes of CiscoWorks applications.

Brief description on how to change the device management mode and manage devices in the applications.

Additionally, you can manage the devices in:

RME, using cwcli Inventory Command. See RME Device Management Using cwcli Inventory Command.

IPM, using Adhoc Target Devices. See Adding Adhoc Target Devices to IPM.

RME Device Management Using cwcli Inventory Command

The cwcli inventory is a RME Device Management application command line tool. It allows you to:

Check the specified device credentials for the RME devices.

Export device credentials of one or more RME devices in clear text.

Delete the specified RME devices.

View the RME devices state.

The cwcli inventory command is located in the following directories, where install_dir is the directory in which CiscoWorks is installed:

On Solaris systems, /opt/CSCOpx/bin

On Windows systems, install_dir\CSCOpx\bin

The default install directory is System_Drive:\Program Files.

For more detailed information on this, refer the Online Help or see the User Guide for Resource Manager Essentials 4.2.

Adding Adhoc Target Devices to IPM

You can add adhoc target devices from the IPM Devices page other than managing the devices automatically or manually in IPM (Internetwork Performance Monitor > Collector Management > Devices).

For more detailed information on this, see the User Guide for Internetwork Performance Monitor 4.1.

Preparing to Use LMS Applications

You must perform some configuration activities in few applications to get started with them to be able to use the functions they provide.

The following are some of the important configuration operations you must perform.

This section contains:

Preparing to Use Campus Manager

Preparing to Use Device Fault Manager

Preparing to Use Internetwork Performance Monitor

Preparing to Use Resource Manager Essentials

Preparing to Use Health and Utilization Monitor

Using CiscoView

Using Device Center

Using Integration Utility

Preparing to Use Campus Manager

The following sections will help you prepare to use Campus Manager:

Processes and Settings

Data Collection Settings

User Tracking Settings

Starting Topology Services

Configuring SNMP Trap Listener for Dynamic UT to Work in Campus

For details on the new features introduced in Campus Manager 5.1, see the Whats New section in the User Guide for Campus Manager 5.1.

Processes and Settings

The following are the two main processes in Campus Manager:

Data Collection

Fetches the device list from DCR and collects the following data from the network:

Ports available in a device

VLANs present in the network/ device

Subnets in the network

Discrepancies in the network

Neighbor data for each device

Details about STP running in the network

User Tracking Major Acquisition

The data collected by the above processes is used by Campus Manager to generate reports about the network.

Data Collection Settings

Using the Data Collection option, you can:

Specify the time period at which SNMP queries time out, and the number of retries that can be attempted by Campus Manager before it stops querying the device.

Include or exclude devices for Data Collection by setting appropriate filters.

Schedule the time intervals at which Data Collection runs.

You can configure the Device Discovery Settings, either using LMS Setup Center or using Campus Manager Administration.

Go to Campus Manager > Admin > Data Collection and configure these settings. See User Guide for Campus Manager 5.1 for more information.

User Tracking Settings

You can configure the following options based on which data on end-hosts and IP phones in the network are collected:

Acquisition Settings

Before you start collecting information about the hosts in your network, you can set various options that control the way in which Acquisition happens.

For example, you can set Campus Manager to perform DNS lookup, while resolving the IP address of a host.

Schedule Acquisition

You can set the day and time of the week when you want to run Major Acquisition. The time interval at which Minor Acquisition happens in the network can also be set.

Specifying Report Purge Policy

You can specify the intervals when you want old reports and jobs to be purged. You can save the Purge Policy, so that the older jobs and archives are purged at the specified intervals.

Specifying Report Domain Name Display

You can specify the way in which domain names are displayed in User Tracking Reports.

Configuring Ping Sweep Options For UT Acquisition

You can configure Campus Manager to perform Ping Sweep on selected subnets, during Acquisition.

Configuring Subnet Acquisition

You can trigger acquisition on a single subnet or a select set of subnets. Subnet based acquisition collects details about the end hosts that are connected to a particular subnet or a select set of subnets. This Acquisition completes faster, since it is not run on all devices managed by Campus Manager.

Configuring End Host and IP Phone Data Delete Interval

You can modify the time interval for deleting entries from the End Host Table, IP Phone Table, or the History Table from the database.

Importing Information on End Hosts

You can import user names and notes for end hosts that are already discovered by User Tracking, from a file.

Enabling Dynamic User Tracking

Dynamic Updates are asynchronous updates that are based on SNMP MAC notifications traps. Campus Manager tracks changes about the end hosts and users on the network to provide real-time updates, based on these traps.

Go to Campus Manager User Tracking > Administration from the Campus Manager home page to configure the User Tracking Settings.

See User Guide for Campus Manager 5.1 for more information.

Starting Topology Services

You must install the Java plug-in to access Topology Services from a client. If you are prompted to install the Java plug-in, download and install it using the installation screens displayed. The next time you start the application, it automatically uses the plug-in.

Launching Topology Services From Solaris Client

The Topology_Services.jnlp file has to be associated with the correct Java application for Topology services to launch properly. You need to associate the jnlp file only once, when you access Topology Services for the first time.

To associate the jnlp file with the correct Java application:


Step 1 Select Campus Manager > Visualization > Topology Services from LMS Portal.

A popup window displays prompting you to save or cancel Topology_Services.jnlp file.

Step 2 Click Save.

Step 3 Go to the folder where you saved the file, right -click the file and choose Open with.

A popup window appears.

Step 4 Click Go here.

Another popup window appears.

Step 5 Click Browse and locate the jre folder.

For example, if your Java plugin version is jre1.6.0_05, the directory can be /usr/java/jre1.6.0_05/bin

Step 6 Associate the file with javaws, by choosing javaws from the above path.

Step 7 Click Apply and close the pop up window.

Step 8 Click on the Topology_Services.jnlp file to launch Topology services.


Configuring SNMP Trap Listener for Dynamic UT to Work in Campus

Before you start using this application, you should configure the SNMP Trap Listener for Dynamic UT to work in Campus Manager.

User Tracking Dynamic Updates tracks changes of the end hosts and users in the network with minimal time delay. In addition to polling the network at regular intervals, Campus Manager tracks the changes in the network whenever they occur.

In Dynamic UT, the devices send traps to Campus Manager whenever changes occur in the network. This implies that you need not wait till next UTMajor Acquisition cycle to see the changes that have happened in your network.

As a result of Dynamic updates, the following reports contain the latest information:

End-Host Report - Contains information from UT Major Acquisition and the recently added end-hosts.

History Report - Contains information from UT Major Acquisition and the recently disconnected end-hosts/end-hosts that have moved between ports or VLANs.

Switch Port reports - Contains information about the utilization of switch ports.

SNMP Traps are generated when a host is connected to the network, disconnected from the network or when it moves among VLANs or ports in the network.

To enable Dynamic Updates feature, switches must be managed by Campus Manager.

You must configure Campus Manager as a primary or secondary receiver of the MAC notifications.

You must also configure SNMP Trap Listener. To do this:


Step 1 Select Campus Manager > Administration from CiscoWorks home page.

Step 2 Select Dynamic Updates > Trap Listener Configuration.

The Trap Listener Configuration dialog box appears.

Step 3 Check Listen traps from Device to configure the trap reception directly from the devices.

or

Check Listen traps from DFM/HPOV to receive the traps through these applications.

Step 4 Enter the port number of the port through which you want to receive the traps, in the Trap Listener Port field.

The default trap listener port number of the Campus Manager server is 1431.

Step 5 Click Apply to save the details.


Configure all devices to send traps to the Trap Listener port of the Campus Manager server. This is the port number that you would have configured on Campus Manager Administration screen.

For more information, see the Online Help or see the Enabling SNMP Traps on Switch Ports section in the User Guide for Campus Manager 5.1.

Configure DHCP snooping on the switches.

For more detailed information on this, see the Administering Campus Manager section in the User Guide for Campus Manager 5.1.

Preparing to Use Device Fault Manager

This section contains:

Enabling Devices to Send Traps to DFM

Integrating DFM Trap Receiving with NMSs or Trap Daemons

Updating the SNMP Trap Receiving Port

Configuring SNMP Trap Forwarding

DFM can receive traps on any available port and forward them to other NMSs (specified by IP addresses and ports). This capability enables DFM to easily work with other trap processing applications.

DFM will only forward SNMP traps from devices in the DFM inventory. It will not change the trap format. It will only forward the raw trap in the format in which the trap was received from the device.

However, you must enable SNMP on your devices and you must do one of the following:

Configure SNMP to send traps directly to DFM

Integrate SNMP trap receiving with an NMS or a trap daemon

To send traps directly to DFM, perform the tasks in Enabling Devices to Send Traps to DFM.

To integrate SNMP trap receiving with an NMS or a trap daemon, follow the instructions in Integrating DFM Trap Receiving with NMSs or Trap Daemons.

For details on the new features introduced in DFM 3.1, see the Whats New section in the User Guide for Device Fault Manager 3.1.

Enabling Devices to Send Traps to DFM

Since DFM uses SNMP MIB variables and traps to determine device health, you must configure your devices to provide this information.

For any Cisco devices that you want DFM to monitor, SNMP must be enabled and the device must be configured to send SNMP traps to the DFM server.

Make sure your devices are enabled to send traps to DFM. You can verify whether the devices are enabled using the command line or GUI interface appropriate for your device. This is explained in the following sections:

Enabling Cisco IOS-Based Devices to Send Traps to DFM

Enabling Catalyst Devices to Send SNMP Traps to DFM

Enabling Cisco IOS-Based Devices to Send Traps to DFM

For devices running Cisco IOS software, enter the following commands:

(config)# snmp-server [community string] ro
(config)# snmp-server enable traps
(config)# snmp-server host [a.b.c.d] traps [community string]

where [community string] indicates an SNMP read-only community string and [a.b.c.d] indicates the SNMP trap receiving host (the DFM server).

For more information, see the appropriate command reference guide.

To enable the devices to send traps to DFM:


Step 1 Log into Cisco.com.

Step 2 Select Products & Solutions > Cisco IOS Software.

Step 3 Select the Cisco IOS Software release version used by your Cisco IOS-based devices.

Step 4 Select Technical Documentation and select the appropriate command reference guide.


Enabling Catalyst Devices to Send SNMP Traps to DFM

For devices running Catalyst software, enter the following commands:

(enable)# set snmp community read-only [community string]
(enable)# set snmp trap enable all
(enable)# set snmp trap [a.b.c.d] [community string]

Where [community string] indicates an SNMP read-only community string and [a.b.c.d] indicates the SNMP trap receiving host (the DFM server).

For more information, see the appropriate command reference guide.

To enable the devices to send traps to DFM:


Step 1 Log in to Cisco.com.

Step 2 Select Products & Solutions > Switches.

Step 3 Select the appropriate Cisco Catalyst series switch.

Step 4 Select Technical Documentation and select the appropriate command reference guide.


Integrating DFM Trap Receiving with NMSs or Trap Daemons

You might need to complete one or more of the following steps to integrate SNMP trap receiving with other trap daemons and other Network Management Systems (NMSs):

If you are integrating DFM with a remote version of HP OpenView or NetView, you must install the appropriate adapter on the remote HP OpenView or NetView. You do not need to install any adapters if HP OpenView or NetView is installed locally. For more information on this, see the User Guide for Device Fault Manager.

Add the host where DFM is running to the list of trap destinations in your network devices. See Enabling Devices to Send Traps to DFM.

Specify port 162 as the destination trap port. (If another NMS is already listening for traps on the standard UDP trap port (162), use port 9000, which DFM will use by default.)

If your network devices are already sending traps to another management application, configure that application to forward traps to DFM.


Note For integration of DFM with HP OpenView or NetView, it is suggested that you install HPOV/NetView before installing LMS.


Table 5-6 describes scenarios for SNMP trap receiving and lists the advantages of each.

Table 5-6 Configuring Scenarios For DFM Trap Receiving

Scenario
Advantages

Network devices send traps to port 162 of the host where DFM is running. DFM receives the traps and forwards them to the NMS.

No reconfiguration of the NMS is required.

No reconfiguration of network devices is required.

DFM provides a reliable trap reception and forwarding mechanism.

NMS continues to receive traps on port 162.

Network devices continue to send traps to port 162.

The NMS receives traps on default port 162 and forwards them to port 162 on the host where DFM is running.

No reconfiguration of the NMS is required.

No reconfiguration of network devices is required.

DFM does not receive traps dropped by the NMS.


Updating the SNMP Trap Receiving Port

By default, DFM receives SNMP traps on port 162 (or, if port 162 is occupied, port 9000). If you need to change the port, you can do so. DFM supports SNMP V1, V2, and V3 traps for trap receiving (although DFM only supports authNoPriv for V3 traps).


Step 1 Select Configuration > Other Configurations > SNMP Trap Receiving from the configuration tab of the DFM home page.

Step 2 Enter the port number in the Receiving Port entry box.

Step 3 Click Apply.


See LAN Management Solution Port Usage for information of port that are already in use. If you have two instances of the DfmServer process running, traps will be forwarded from the first instance to the second instance.

Configuring SNMP Trap Forwarding

DFM will only forward SNMP traps from devices in the DFM inventory. DFM will not change the trap format. It will forward the raw trap in the format in which it was received from the device. All traps are forwarded in V1 format.


Step 1 Select Configurations > Other Configurations > SNMP Trap Forwarding from the Configuration tab of the DFM home page.

Step 2 For each host, enter:

An IP address or DNS name for the hostname.

A port number on which the host can receive traps.

Step 3 Click Apply.


Preparing to Use Internetwork Performance Monitor

The following sections explain you how to get started and work with Internetwork Performance Monitor.

IPM Application Settings

Auto Allocation Settings

Managing IPM Operations

Working With Collectors

For details on the new features introduced in IPM 4.1, see the Whats New section in User Guide for Internetwork Performance Monitor 4.1

IPM Application Settings

You can perform the application setup tasks in the Application Settings page.

Select Internetwork Performance Monitor > Admin > Application Settings to launch this page.

The following are the application setup tasks in IPM:

Copy IPSLA Configuration to running-config.

You can see the IP SLA (Internet Protocol Service Level Agreement) probes for the collectors that you configure in IPM at the command line interface of the router in the running configuration.

It does this by selecting the Copy IP SLA Configuration to running-config option on the Application Settings page.

This option is not selected by default. You cannot view the IP SLA probes in the running configuration of the source router if this option is not set.


Note The IP SLA probes are automatically reconfigured when you reboot if you have selected this option and saved the IP SLA probes of the IPM collectors in the startup configuration.


Use Managed Source Interface Address

Managed Source Interface configures the source router with the appropriate IP address for sending or receiving the IP SLA (Internet Protocol Service Level Agreement) operation packets.

You can set a source interface address for the source router by selecting the Use Managed Source Interface Address option on the Application Settings page. After this option is set, the source router uses the managed interface address while configuring the collectors on the source device.

However, you can also specify a source interface address while configuring a collector. In that case, the source router uses the specified interface.

If the Use Managed Source Interface option is not set, then by default, the source router selects the source interface for the collector from the Routing Table, based on the IP address of the destination.

For more information on this, see the Online Help or see the User Guide for Internetwork Performance Monitor 4.1.

Auto Allocation Settings

Before adding devices to IPM, you can use the Auto Allocation Settings option to enable automatic allocation of devices to IPM from Device Credentials Repository (DCR).

To change the device management settings, go to LMS Portal and select Internetwork Performance Monitor > Admin > Auto Allocation Settings.

The Auto Allocation Settings page consists of the following settings:

Enable Auto Mode

Automatically adds all devices that are added into DCR, to IPM, as well.

Since this option is disabled by default, you must enable it if you want to automatically add devices to IPM. The number of devices added into IPM depends on the license limit.

Manage All Devices

Allows you to add devices from DCR and manage them in IPM.

This allocation method is dynamic. The devices added to DCR after applying this setting, are also added into IPM at runtime. The number of devices added into IPM depends on the license limit.

You can use this option only if you have checked Enable Auto Mode. If you select this option and you delete a device from DCR, the device is also deleted from IPM.

Manage By Groups

Allows you to add devices from DCR and manage them in IPM, based on groups. The devices that are part of the selected groups, are added into IPM.

This allocation method is dynamic. The devices added to DCR after applying this setting, are also added into IPM at runtime. The number of devices added into IPM, depends on the license limit.

You can use this option only if you have selected Enable Auto Mode.

Group Selector

Lists the groups available for Auto Allocation. Select one or more groups so that devices in those groups are added into IPM automatically.

You can use this option only if you have checked Enable Auto Mode.

Devices that do not Match the Policy

Allows you to generate a report for devices that are managed by IPM but do not satisfy the grouping rule criteria.

You can use this option only if you have selected Manage By Groups.

For more information on this, see the Online Help or see the User Guide for Internetwork Performance Monitor 4.1.

Managing IPM Operations

IPM supports the following IP SLA operations:

Echo Operations

Echo

Path Echo

UDP Echo (User Data Protocol)

Jitter Operations

ICMP Jitter (Internet Control Message Protocol)

UDP Jitter (User Data Protocol)

VoIP Operations

Call Setup Post Dial Delay

Gatekeeper Registration Delay

RTP (Real-time Transfer Protocol)

Operation based on Services

DNS (Domain Name System)

DHCP (Dynamic Host Configuration Protocol)

HTTP (HyperText Transfer Protocol)

FTP (File Transfer Protocol)

DLSw (Data-link Switching)

TCP Connect

Metro Ethernet Operations

Ethernet Ping

Ethernet Jitter

Ethernet Ping Auto IP SLA

Ethernet Jitter Auto IP SLA

When you install IPM, a group of predefined operations are provided. You can define one or more new operations to suit your needs. Although, you cannot modify the default operations, you can use them as templates for your own operations.

You can perform the Operation management tasks using the IPM Operation Management page.

To launch this page, go to Internetwork Performance Monitor > Collector Mgmt > Operations.

The various Operation management tasks include:

Viewing the details of predefined or user-defined operations

Creating user-defined operations

Editing user-defined operations

Deleting user-defined operations

Filtering the list of operations displayed based on certain filtering criteria

See User Guide for Internetwork Performance Monitor 4.1 for more information.

Working With Collectors

The Collector Configuration page in Internetwork Performance Monitor (IPM) allows you to configure collectors. You can configure collectors by specifying the collector information, a source device, target devices, and operations.

The number of collectors you create in IPM depends on your device license. The IPM Collector license limit applies only to historical collectors and not to real-time collectors. You are allowed to create real-time collectors even after the license limit is reached.

However, we recommend that you create collectors based on the polling interval for better performance of the IPM server.

To create collectors:


Step 1 Go to the LMS Portal and select Internetwork Performance Monitor > Collector Management > Collectors.

The Collector Management page appears.

Step 2 Click Create.

The Collector Configuration page appears.

Step 3 Specify the following details in the Collector Info section:

The collector name in the Collector Name field.

A brief description of the collector in the Description field.

Though the Collector Name field allows you to enter more than 15 characters, the Source device and trap PDUs display only the first 15 characters for the IOS version.

The IPM database, however, will contain the complete collector name you have entered.

Step 4 Select the source router from the Source Devices list.

Step 5 Select one or more target devices from the Target Devices list.

Step 6 Select one or more operations from the Operations list.

Step 7 Enter a valid IP address in the Source Interface field. This is optional.

This is the IP address of the source device interface to which the packets are returned from the destination. The Source Interface field is an optional field.

Step 8 Click Next.

Step 9 The Select Collector page appears.


You can then select the collectors and perform various functions such as scheduling, viewing collector summary, editing collectors, importing and exporting collectors that helps you manage these collectors effectively.

For more information on this, see the Online Help or see the User Guide for Internetwork Performance Monitor 4.1.

Preparing to Use Resource Manager Essentials

The following sections helps you to get started with Resource Manager Essentials:

Setting Up Inventory

Setting Up Syslog Analyzer

Setting Up Software Management

Setting Up Configuration Management

Several important items must be configured correctly on every Cisco device that will be managed and monitored through RME. See Required Device Credentials for LMS Applications for information on the required device credentials for RME applications.

For details on the new features introduced in RME 4.2, see the Whats New section in the User Guide for Resource Manager Essentials 4.2.

Setting Up Inventory

This section describes the tasks that you must perform to set up the Inventory application.

To set up RME Inventory, you should perform the following tasks:

Create network inventory by either adding device information by adding one device at a time or performing Bulk Import from DCR.

Obtain the login privileges to Cisco.com. See Logging Into Cisco.com for Software Management Tasks for more information.

Schedule inventory polling and collection.

Set change report filters.

Display a detailed device report

Set Cisco.com Fetch Interval.

See User Guide for Resource Manager Essentials 4.2 for more information.

Setting Up Syslog Analyzer

In RME, you should configure the devices to send Syslogs before starting to use this application.

The Syslog Analyzer allows you to centrally log and track Syslogs (such as system error messages, exceptions, and other information such as device configuration changes etc.) from devices, that you can use to analyze device and network performance.

You must configure devices to forward messages to the RME server or to a system on which you have installed the Common Syslog Collector.

Before you can use Syslog Analyzer, you must configure devices to forward messages to RME or a system on which you have installed the distributed Syslog Analyzer Collector.

For more information about setting up devices for message logging, see the Syslog Online help, the Cisco IOS Software Documentation on Cisco.com (for Cisco IOS devices), and the appropriate guides.

To configure the device using Telnet, perform the tasks for each type of devices:

IOS Devices

Catalyst Devices

See User Guide for CiscoWorks Resource Manager Essentials 4.2 for details on how to configure the other device types using Telnet.

IOS Devices

To configure IOS devices using Telnet:


Step 1 Connect to the device using Telnet and log in.

The prompt changes to host.

Step 2 Enter enable and the enable password.

The prompt changes to host#.

Step 3 Enter configure terminal.

You are now in configuration mode, and the prompt changes to host(config)#.

To make sure logging is enabled, enter logging on.

To specify the RME server to receive the router Syslog messages, enter logging IP address, where IP address is the server IP address.

To limit the types of messages that can be logged to the RME server, enter logging trap informational to set the appropriate logging trap level by, where informational signifies severity level 6.

This means all messages from level 0-6 (from emergencies to informational) will be logged to the RME server.


Catalyst Devices

To configure Catalyst devices using Telnet:


Step 1 Connect to the device using Telnet and log in.

The prompt changes to host.

Step 2 Enter enable and the enable password.

The prompt changes to host#.

To make sure logging is enabled, enter set logging server enable.

To specify the RME server that is to receive the Catalyst devices Syslog messages, enter set logging server IP address, where IP address is the server IP address.

To limit the types of messages that can be logged to the RME server, enter set logging level all 6 default.

This means that all messages from level 0-5 (from emergencies to notifications) will be logged to the RME server.

See the appropriate Catalyst reference manual for more information.


For more information on this, see the Online Help or the User Guide for Resource Manager Essentials 4.2.

Setting Up Software Management

Software Management application performs system software upgrades, boot loader upgrades, and software configuration operations on groups of routers and switches.

Before you can use Software Management, you must have sufficient space to store the software image files. Depending upon the software image, you should have
4 MB to 150 MB of free space.

To set up Software Management, you must:

Set up File Transfer Servers

The supported protocols for image import or distribution are rcp, TFTP, SCP and HTTP. The file transfer servers that the Software Management application uses to transfer software files are installed by Common Services.

Set Software Management Preferences

Select Resource Manager Essentials > Admin > Software Mgmt > View/Edit Preferences to set your Software Management Preferences such as image distribution, import and so on.

Create a baseline of the devices in your network and populate the software image library.

To do this, go to Resource Manager Essentials > Software Mgmt > Software Repository and click Add and select Device.

Schedule the Synchronize Library job to run periodically.

To do this, go to Resource Manager Essentials > Software Mgmt > Software Repository > Software Repository Synchronization.

Create one or more approver lists if you want to use the Job Approval option.

To enable Job Approval, use Resource Manager Essentials > Admin > Approval.

Distribute a software image to a device or group of devices

Depending on system complexity, you can configure upgrades for groups of devices to the same software image or to different software images.

You can specify these groups manually, using your RME groups and search criteria. You can also use some other selection criterion, such as the current software version or hardware type.

You can run the device upgrades job sequentially or in parallel. After upgrading the devices, you can also specify the reboot order.

To do the Software Distribution, go to Resource Manager Essentials > Software Mgmt > Software Distribution.

Logging Into Cisco.com for Software Management Tasks

Login privileges are required for all Software Management tasks that access Cisco.com.

If you do not have a user account and password on Cisco.com, contact your channel partner or enter a request on the main Cisco web site.

To get access you must have a Cisco.com account. You can register by going to the following URL: http://tools.cisco.com/RPF/register/register.do

To download cryptographic images from Cisco.com, you must have a Cisco.com account with cryptographic access.

To obtain the eligibility to download strong encryption software images:


Step 1 Go to the following URL:

http://tools.cisco.com/legal/k9/controller/do/k9Check.x?eind=Y&return_url=http://www.cisco.com

Step 2 Enter your Cisco.com username and password, and click Log In.

Follow the instructions provided in the page and update the user details.

Step 3 Click Accept to submit the form.

To verify whether you have obtained the eligibility to download encrypted software:

a. Go to the following URL:

http://tools.cisco.com/legal/k9/controller/do/k9Check.x?eind=Y&return_url=http://www.cisco.com

b. Enter your username and password, and click Log In.

The following confirmation message is displayed:

You have been registered for download of Encrypted Software.


On CiscoWorks server, you can enter two types of Cisco.com credentials:

Common Cisco.com credentials for all users of CiscoWorks server.

Individual user Cisco.com credentials.

To configure common Cisco.com credentials for all users of CiscoWorks server:


Step 1 Select Common Services > Server > Security > Cisco.com Connection Management > Cisco.com User Account Setup.

The Cisco.com User Account Setup dialog box appears.

Step 2 Enter the following:

Username—Login ID of the Cisco.com User.

Password—Password of the Cisco.com User.

Verify Password—Password to confirm.

Step 3 Click Apply to save the user details.


You can enter your individual Cisco.com credentials when you perform any Software Management tasks that need access to the Cisco.com server.

If you are accessing Cisco.com over a proxy server, you must enter the proxy server details in the Proxy Server Setup dialog box (Common Services > Server > Security > Cisco.com Connection Management > Proxy Server Setup).

For more information on this, see the Online Help or see the User Guide for Resource Manager Essentials 4.2.

Setting Up Configuration Management

The Configuration Management application stores the current, and a user-specified number of previous versions, of the configuration files for all supported Cisco devices maintained in the RME. It tracks changes to configuration files and updates the database if a change is made.

You should perform the following tasks:

Modify Device Configurations and Device Security

You must modify your device configurations to enable Configuration Management to gather the configurations. After your devices become managed, the configuration files are collected and stored in the configuration archive.

Set up NetConfig

The NetConfig function provides wizard-based templates to simplify and reduce the time it takes to roll out global changes to network devices. These templates can be used to run one or more configuration commands on multiple devices at the same time.

For example, if you want to change passwords on a regular basis to increase security on devices, you can use the appropriate password template to update passwords on all devices at once. A copy of all updated configurations will be stored in the configuration archive.

Setting up Netconfig involves:

Verifying Device Configuration

Verifying Device Prompts

Setting up Transport Protocol Order for Configuration Management

For more information on this, see the Online Help or see the User Guide for Resource Manager Essentials 4.2.

Preparing to Use Health and Utilization Monitor

Before using HUM, you need to:

Create Pollers to monitor the CPU, memory and interface utilization levels. See Creating a Poller.

Create and set Threshold rules for all the devices selected for polling. See Creating a Threshold.

You can also create Custom Templates for Polling certain performance parameters in a device. See Creating a Template.

For details on the new features introduced in HUM 1.1, see the Whats New section in the User Guide for Health and Utilization Monitor 1.1.

Creating a Poller

You can create a Poller by adding devices and selecting appropriate templates to poll the devices. You can also set polling frequencies to poll the devices. The Poller polls the devices for the template MIB variable and collects the device data.

You can use the polled data to analyze the utilization and availability of devices through reports.

To create Pollers, go to Health and Utilization Monitor > Poller and Template Management > Poller Management.

For complete details, see the User Guide for Health and Utilization Monitor 1.1.

Creating a Threshold

You can set and monitor the optimal value for a MIB variable by defining threshold rules. To do this select a template, choose an appropriate MIB variable, select MIB variable instances and apply a threshold criteria.

You can configure the threshold criteria based on your requirement.

To setup Threshold values go to Health and Utilization Monitor > Threshold Management > Threshold Setup.

For complete details, see the User Guide for Health and Utilization Monitor 1.1.

Creating a Template

Templates are a logical group of MIB variables that allow you to monitor the performance parameters of a device (such as CPU, memory, interface) for utilization and availability levels.

From the Template Management page you can create a user-defined template, modify the configuration of a user-defined template, export and import a template, delete a user-defined template, and so on.

You can create a user-defined template by grouping new MIB variables. You can also create user-defined templates during Poller creation. To do this use the Add User Defined Template option.

To create a template, go to LMS Portal and select Health and Utilization Monitor > Poller and Template Management > Template Management.

For complete details, see the User Guide for Health and Utilization Monitor 1.1.

Using CiscoView

CiscoView is a graphical SNMP-based device management tool that provides real-time views of networked Cisco Systems devices.

You can use CiscoView to:

View a graphical representation of the device, including component (interface, card, power supply, LED) status.

Configure parameters for devices, cards, and interfaces.

Monitor real-time statistics for interfaces, resource utilization, and device performance.

Set user preferences.

Perform device-specific operations as defined in each device package.

Manage groups of stackable devices.

For details on the new features introduced in CV 6.1.8, see the User Guide for Cisco View 6.1.8.

Using CiscoView Mini-RMON Manager

CiscoView Mini-RMON Manager provides web-enabled real-time remote monitoring (RMON) information to users to facilitate troubleshooting and improve network availability.

If you use CiscoView Mini-RMON Manager with certain Cisco devices, it provides visibility into network issues/problems before they become critical.

See User Guide for CiscoView 6.1.8 for information about launching and using CiscoView.

Using Device Center

The Device Center provides a device-centric view for CiscoWorks applications and a device-oriented navigation paradigm which provides you device-centric features and information from a single location.

Device Center provides a central point from where you can see a summary and reports for the selected device, invoke various tools on the selected device, and perform the tasks that can be performed on the selected device.

After launching device center, you can perform device-centric activities, such as changing device attributes, updating inventory, Telnet etc. depending on the applications that are installed on the Common Services Server.

You can also launch Element Management tools, reports, and management tasks from the Device Center.

In LMS 3.1, Device Center is enhanced to:

Display a device in Device Selector although it is not managed by applications that are installed on the local server.

Display the aggregated summary of a device that is managed in all applications installed on all servers in a DCR domain.

You must set up all the servers in SSO domain to get maximum benefit from this functionality. You can use tools, view reports and perform management tasks according to your privileges.

Using Device Center involves:

Launching Device Center

Invoking Device Center

Launching Device Center

You can launch Device Center in any of the following ways:

Launch from the CiscoWorks home page.

Launch the Device Center main page from the CiscoWorks home page and select a device.

To launch device center from CiscoWorks home page, select Device Diagnostic Tools > Device Center.

Launch from CiscoWorks LMS Portal.

Launch the Device Center main page from the LMS Portal home page if you have installed the LMS Portal application on CiscoWorks Server.

Bookmark the Device Center URL and launch directly from the browser window.

Launch Device Center for a device from one of the application functions such as Reports.

For example, you can launch Device Center by clicking the Device name from RME Inventory Reports.

Launch From Third-Party applications by passing the device context as a parameter.

Invoking Device Center

You can invoke Device Center from CiscoWorks home page and perform device-centric activities such as:

Changing device attributes

Updating inventory

Telnet

Launch Element Management tools

Generate reports

Management tasks from the Device Center

To invoke Device Center:


Step 1 Go to the CiscoWorks home page and select Device Diagnostic Tools > Device Center.

The Device Center page appears with the Device Selector in the left pane and Device Center overview information in the right pane.

Step 2 Enter the IP address or device name of the device and click Go.

Or

Select a device from the list-tree, in the Device Selector field.

The Device Summary, and Functions Available panes appear.

Step 3 Click any of the links under the Functions Available pane to launch the corresponding application function.

The links are launched in a separate window.

If you enter the device name or IP address of a device not managed by any of the applications installed on the Common Services server, the Functions Available pane displays only the default connectivity tools from Common Services.


For further information on this, see the Using Device Center section in the User Guide for CiscoWorks Common Services 3.2 or refer the Online Help.

Using Integration Utility

The Integration Utility allows you to launch CiscoView as well as Device Center from an NMS platform even when CiscoView is running on a different system than the NMS. It also allows you to integrate other applications into NMS menu.

See the User Guide for CiscoWorks Integration Utility 1.7 for information about configuring the Integration Utility.

For details on the NMS supported by the Integration Utility 1.8, see Supported Network Management Systems

Performing Maintenance on Your CiscoWorks Server

As an administrator, you need to perform maintenance to keep your information updated and to get rid of unnecessary or outdated reports and data on the system.

The CiscoWorks server maintenance tasks include:

Performing Regular Backups

Purging the Data

Maintaining the Log Files

Performing Regular Backups

You can schedule immediate, daily, weekly, or monthly automatic database backups. You should back up the database regularly so that you have a safe copy of the database.

Common Services uses multiple databases to store client application data. These databases are backed up whenever you backup Common Services.

To back up data:


Step 1 Go to the CiscoWorks Home Page and select Common Services > Server > Admin > Backup.

The Set Backup Schedule dialog box appears.

Step 2 Enter the following:

Backup Directory—Location of the backup directory.

Generations—Maximum number of backups to be stored in the backup directory.

Time—From the lists, select the time period during which you want the backup to occur. Use a 24-hour format.

The Time field is not enabled if you have selected Immediate as the Frequency.

E-mail—Enter a valid e-mail ID in this field.

You can enter multiple e-mail IDs separated by comma.

The system uses the e-mail ID or e-mail IDs to notify you the following:

New backup schedules.

Status of immediate or scheduled backup jobs upon their completion.

Cancelled backup schedules.


Warning There may be a problem in sending e-mails when you have enabled virus scanner in the CiscoWorks Server.


Frequency—Select the backup schedule:

Immediately—The database is backed up immediately.

Daily— The database is backed up every day at the specified time.

Weekly—The database is backed up once a week on the specified day and time. Select a day from the Day of week list.

Monthly—The database is backed up once a month on the specified day and time. Select a day from the Day of month list.

Step 3 Click Apply.

The Schedule Backup message verifies your schedule and provides the location of backup log files.

You can verify backup status by examining the log file at the following location:

On Solaris:

var/adm/CSCopx/log/dbbackup.log

On Windows:

NMSROOT\log\dbbackup.log

Where NMSROOT is the CiscoWorks installed directory.


To restore the backup data, see the Restoring Data Online help or the "Configuring the Server" section of the User Guide for CiscoWorks  Common Services 3.2.

Purging the Data

Data purging is deleting data that you no longer want. You can purge the data for the following reasons:

Databases are growing at an uncontrollable rate.

System performance is affecting the efficiency.

It is expensive to upgrade hardware.

To speed up migrations by reducing the volume of data to convert.

To ensure agility in the disaster recovery plan.

Every LMS application has its own purge policies. You can define these policies by performing these tasks:

Resource Manager Essentials

You can purge RME data by performing these tasks:

To purge the archived configurations, select
Resource Manager Essentials > Administration > Config Mgmt > Archive Mgmt > Purge Settings.

The Purge Settings page appears from where you can purge the required configurations.

To purge the Syslog messages, select
Resource Manager Essentials > Administration > Syslog > Set Purge Policy.

The Set Purge Policy page appears from where you can purge the required messages.

To purge the Change Audit data, select
Resource Manager Essentials > Administration > ChangeAudit > Set Purge Policy.

The Set Purge Policy page appears from where you can purge the required data.

To schedule purge operations for the RME jobs, select
Resource Manager Essentials > Admin > System Preferences > Job Purge.

The Job Purge page appears from where you can schedule the required purge activities.

Campus Manager

You can purge Campus Manager data by performing these tasks:

To delete end hosts and IP phones from User Tracking either on demand or on a specified interval after major acquisition, from the CiscoWorks LMS Home Page select
Campus Manager > User Tracking > Admin > Acquisition > Delete Interval.

The Delete Interval page appears from where you can delete the required end hosts and IP phones.

To purge archives or jobs older than a particular date, from the CiscoWorks LMS Home Page select
Campus Manager > User Tracking > Admin > Reports > User Tracking Purge Policy.

The User Tracking Purge Policy page appears from where you can perform the specified purge activities.

Device Fault Manager

To set up a purge schedule for fault history information, from the CiscoWorks LMS Home Page, select
Device Fault Manager > Configuration > Other Configuration > Daily Purging Schedule.

The Daily Purging Schedule page appears from where you can set the purge schedule.

Internetwork Performance Monitor

You can purge the database data in IPM with the Purging Report Data option.

To purge report data:


Step 1 Go to the CiscoWorks LMS Home Page select Internetwork Performance Management > Admin > System Preferences > Purge Settings.

The Purge Settings page appears.

Step 2 Specify the purge period and click Apply.

Table 5-7 lists the purge periods and the settings.

Table 5-7 Purging Report Data

Granularity
Purge Settings

Hourly

Runs scheduled purge jobs hourly at the specified time.

The default is 32 days.

Daily

Runs scheduled purge jobs daily at the specified time.

The default is 180 days.

Weekly

Runs scheduled purge jobs weekly at the specified time.

The default is 12 weeks.

Monthly

Runs scheduled purge jobs monthly at the specified time.

The default is 12 months.



Health and Utilization Monitor

You can purge HUM data records such as summarization records, Poller failure records, threshold violation records, audit trail records.

HUM stores only the last 24 hours data in the database. Background tasks in HUM summarize this polled data and categorizes the data as 5-minute summarization record, 30-minute summarization record, 3-hour summarization record and 12-hour summarization record.

The summarization of polled data happens every hour. You can purge the summarized data at regular intervals using the Data Purge option.

Data Purge allows you to schedule purging for the following HUM data records:

5 Minute Summarization records—Purge all 5-minute summarization data records older than the specified number of days.

30 Minute Summarization records—Purge all 30-minute summarization data records older than the specified number of days.

3 Hour Summarization records—Purge all 3-hour summarization data records older than the specified number of days.

12 Hour Summarization records—Purge all 12-hour summarization data records older than the specified number of days.

Poller failure records—Purge all failure data records older than the specified number of days.

Threshold violation records—Purge all threshold violation data records older than the specified number of days.

Audit trail records—Purge all audit trail data records older than the specified number of days.

By default, all Summarization jobs older than seven days are purged by CiscoWorks HUM.

To schedule Data Purge:


Step 1 Go to LMS Portal and select Health and Utilization Monitor > Admin > System Preferences.

Step 2 Select Data Purge.


For more details, see the User Guide for Health and Utilization Monitor.

Maintaining the Log Files

The Logrot utility helps you manage the log files in a better fashion. Logrot is a log rotation program that can:

Rotate log when CiscoWorks is running.

Optionally archive and compress rotated logs.

Rotate log only when it has reached a particular size.

Logrot helps you add new files easily. Logrot should be installed on the same machine where you have installed Common Services.

You can configure the log files rotation in Common Services > Server > Admin > Log Rotation.

For complete details on configuring Logrot, User Guide for CiscoWorks Common Services 3.2.

Using CiscoWorks LMS Applications Online Help

On the CiscoWorks LMS Portal Home Page, click Help to Launch the CiscoWorks Online help.

This Help button is at the top right corner of your CiscoWorks LMS Portal Home Page. The CiscoWorks Online help is launched in a separate browser window.

The CiscoWorks Online help window contains the following buttons and links:

Button
Description

Contents

(Button)

Displays the Online help table of contents for the launched LMS applications.

If you have launched Common Services Online help, the table of contents for the Common Services application appears.

Index

(Button)

Displays the index entries for the launched LMS applications.

If you have launched Common Services Online help, the index entries for the Common Services application appears.

Search

(Button)

Allows you to search for key words within the launched LMS applications.

If you have launched Common Services Online help, you can search for any key words within the Common Services Online help.

If you want to search for key words in all of the installed LMS applications, you must select All in the application drop-down box (second drop-down box).

If you want to search for key words in a specific LMS application, you must select the application name in the application drop-down box (second drop-down box).

That is, if you want to search in RME, select Resource Manager Essentials from the application drop-down box.

Main

(Link)

This link is at the top right corner of the CiscoWorks Online help window. See Figure 5-5 for details.

Launches the home page of LMS applications Online help.

Based on your installed LMS applications, the table of contents area lists the LMS application Online help. See Figure 5-5 for details.

If you have installed all the LMS applications, the table of contents lists the following:

Campus Manager—Launches the Campus Manager Online help.

CiscoWorks Assistant—Launches the CiscoWorks Assistant Online help.

CiscoWorks Common Services—Launches the Common Services Online help.

Device Fault Manager—Launches the Device Fault Manager Online help.

Device Manager—Launches the CiscoView application (Basic) and CiscoView device packages (ATM Manager, AP1100, Catalyst 4000 IOS, etc.) Online help.

Internetwork Performance Monitor—Launches the Internetwork Performance Monitor Online help.

LMS Portal—Launches the LMS Portal Online help.

Resource Manager Essentials—Launches the Resource Manager Essentials application (RME User Guide) and device packages (Cisco 10000 Series Routes, Cisco 2600XM Multiservice Router, etc.) Online help.

Health and Utilization Monitor—Launches the Health and Utilization Monitor Online Help.

LMS Glossary (PDF)—Prompts you to open or save the PDF version of LAN Management Solution Glossary that contain the definition for the terms and keywords used in LMS applications.


Figure 5-5 Launching LMS Application Online Help