Configuration Management with Cisco Prime LAN Management Solution 4.1
Chapter 4: Making and Deploying Configuration Changes Using NetConfig
Downloads: This chapterpdf (PDF - 1.29MB) The complete bookPDF (PDF - 7.53MB) | Feedback

Making and Deploying Configuration Changes Using NetConfig

Table Of Contents

Making and Deploying Configuration Changes Using NetConfig

NetConfig Tasks

Preparing to Use NetConfig

Verifying Device Credentials

Modifying Device Security

Verifying Device Prompts

Configuring Default Job Policies (Optional)

Assigning Task Access Privileges to Users (Optional)

Enabling Job Approval (Optional)

Rolling Back Configuration Changes

Creating Rollback Commands

Configuring a Job to Roll Back on Failure

Understanding NetConfig User Permissions

Job Approval Permissions

User-defined Tasks Permissions

Administrator Task Permissions

Job Editing Permissions

Using NetConfig

Starting a New NetConfig Job

Create a NetConfig Job based on Device

Create a NetConfig Job based on Module or Port

Browsing and Editing Jobs Using the NetConfig Job Browser

Viewing Job Details

Creating and Editing User-defined Tasks

Parameterized Templates

Creating a Parameters File (XML file)

Parameters File: More Examples

Assigning Tasks to Users

Handling Interactive Commands

Using NetConfig User-defined Templates and Adhoc Tasks

Handling Multi-line Commands

Using System-defined Tasks

Understanding the System-defined Task User Interface (Dialog Box)

Adhoc Task

Authentication Proxy Task

Banner Task

CDP Task

Certification Authority Task

Crypto Map Task

DNS Task

Enable Password Task

HTTP Server Task

Local Username Task

IGMP Configuration Task

Interface IP Address Configuration Task

Internet Key Exchange (IKE) Configuration Task

NTP Server Configuration Task

RADIUS Server Configuration Task

RCP Configuration Task

Reload Task

SNMP Community Configuration Task

SNMP Security Configuration Task

SNMP Traps Configuration Task

Smart Call Home Task

Syslog Task

SSH Configuration Task

TACACS Configuration Task

TACACS+ Configuration Task

Telnet Password Configuration Task

Transform System-Defined Task

Web User Task

User-defined Protocol Task

Cable BPI/BPI+ Task

Cable DHCP-GiAddr and Helper Task

Cable Downstream Task

Cable Upstream Task

Cable Interface Bundling Task

Cable Spectrum Management Task

Cable Trap Source Task

Support for Auto Smartports and Smartports

Auto Smartports

Manage Auto Smartports

Smartports

PoE Task

Catalyst Integrated Security Features

EEM Environmental Variables Task

Embedded Event Manager Task

EnergyWise Configuration Task

EnergyWise Parameters Task

EnergyWise Events Task

GOLD Boot Level Task

GOLD Monitoring Test Task

GOLD Health Monitoring Test Task

SRE Operation Task

cwcli netconfig

Use Case: Using NetConfig Templates to change Configurations for many Devices


Making and Deploying Configuration Changes Using NetConfig


Netconfig is one of the Configuration Management applications that provides you with easy access to the configuration files of all supported devices. It allows you to change the configuration of network devices, provided the configurations are archived. Netconfig automatically updates the archive when it changes the configuration.

The advantages of using Netconfig instead of CLI configuration commands include but are not limited to:

Scheduling jobs

Using jobs to run multiple commands on multiple devices

Using tasks to carry out easy and reliable configuration changes

Mandating approval before running a job

Rolling back configuration changes when a job fails

This section contains:

Preparing to Use NetConfig

Rolling Back Configuration Changes

Understanding NetConfig User Permissions

Using NetConfig

Starting a New NetConfig Job

Browsing and Editing Jobs Using the NetConfig Job Browser

Assigning Tasks to Users

Using System-defined Tasks

Creating and Editing User-defined Tasks

Handling Interactive Commands

Handling Multi-line Commands

cwcli netconfig

NetConfig Tasks

As a NetConfig user, you can:

Define and schedule NetConfig jobs

Use the configuration tasks (system-defined or user-defined) to create the configuration commands that you want to apply to devices.

Browse and edit NetConfig jobs

Browse all NetConfig jobs on your system and edit, copy, stop, retry or delete them. For information about a particular job, click the hyperlink of the Job ID in the NetConfig Job Browser.

Use the command line interface for NetConfig jobs

Use the cwcli command line interface to create and schedule NetConfig jobs from the command line.

As a NetConfig administrator, you can:

Create User-defined tasks

Create your own user-defined tasks containing configuration or rollback commands, and download them to a set of selected devices. You can enter the configuration commands by typing them or by importing them from a file.

User-defined tasks can be parameterized, that is, they can contain variables that take values from a specified file that resides on the LMS server.

Assign tasks

Provide selected network operators the rights to execute configuration tasks. You can assign more than one task to one or more users. By default, only network administrators can use configuration tasks.

Specify the order of the protocol to deploy the configuration and fetch operations

Specify the protocol order separately for configuration download and update operations of NetConfig jobs. This enables you to use preferred protocols for downloading and fetching configurations.

For example, you can use Telnet to download configuration to the device, and TFTP to fetch the configuration, thus improving the overall performance of NetConfig.

Set default NetConfig job policies

Each NetConfig job has job properties (including enabling job password) that defines how the job will be executed. You can configure defaults for these properties that will be applied to all future jobs. For each property, you can specify if users can change the default when creating a job.

See Understanding NetConfig User Permissions.


Note You can select the log level settings for the NetConfig application at Admin > System > Debug Settings > Log Level Settings.


Preparing to Use NetConfig

This section details the following pre-requisites for using NetConfig:

Verifying Device Credentials.

Modifying Device Security

Verifying Device Prompts

Configuring Default Job Policies (Optional)

Assigning Task Access Privileges to Users (Optional)

Enabling Job Approval (Optional)

Verifying Device Credentials

NetConfig needs access to device credentials to make device configuration changes. The device credentials are available in the Device and Credential repository. Use Inventory > Device Administration > Add / Import / Manage Devices to verify if the devices that you want to configure are having the correct credentials.

Modifying Device Security

To configure devices, you must disable security that prohibits NetConfig job from running the commands on the devices. For the list of commands, see Administration of Cisco Prime LAN Management Solution 4.1.

Verifying Device Prompts

Table 4-1 describes the CLI prompt formats for NetConfig.

Table 4-1 NetConfig CLI Prompt Formats

Transport Mechanism
Format

Telnet

For IOS-based devices, Content Engine devices, and Content Service Switch devices

The login prompt must end with a greater-than symbol (>).

The enable prompt must end with a pound sign (#).

For Catalyst devices

The login prompt must end with a greater-than symbol (>).

The enable prompt must end with the text (enable).

SSH

For IOS-based devices, Content Engine devices, and Content Service Switch devices

The login prompt may end with (>), (#), (:), (%).

The enable prompt must end with a pound sign (#).

For Catalyst devices

The login prompt may end with (>), (#), (:), (%).

The enable prompt must end with the text (enable).


Default prompts use these formats. If the defaults formats have been changed, ensure that the prompts meet these requirements.

Configuring Default Job Policies (Optional)

NetConfig jobs have properties that determine how they run. You can configure the default job policies (Admin > Network > Configuration Job Settings > Config Job Policies) that apply to all NetConfig jobs.

Assigning Task Access Privileges to Users (Optional)

You can assign task access privileges that determine the configuration tasks each user can use to create NetConfig jobs. See Understanding NetConfig User Permissions.

Enabling Job Approval (Optional)

Netconfig jobs require approval before they can run. See the section "Setting Up Job Approval" in Administration of Cisco Prime LAN Management Solution 4.1.

Rolling Back Configuration Changes

NetConfig lets you roll back (undo) the configuration changes made to network devices if a job does not gets completed. Rollback commands (the configuration commands that are used to roll back the configuration changes) are created based on how the job was created.

You must configure a NetConfig job to automatically roll back configuration changes, if the job fails to complete.

NetConfig can rollback configurations only if the device configurations are archived in Configuration Archive. See Archiving Configurations and Managing them using Configuration Archive.

This section contains:

Creating Rollback Commands

Configuring a Job to Roll Back on Failure

Creating Rollback Commands

For system-defined tasks, the rollback commands are automatically created by the task. For user-defined tasks, you can enter the rollback commands while creating the task.

Configuring a Job to Roll Back on Failure

You can define a job failure policy so that it automatically rolls back configuration changes, if the job fails to run. You can select one of the three rollback options:

Rollback device and stop—Rolls back the changes on the failed device and stops the job.

Rollback device and continue—Rolls back the changes on the failed device and continues the job.

Rollback job on failure—Rolls back the changes on all devices and stops the job.

Understanding NetConfig User Permissions

Access to NetConfig functionality is controlled by permissions. Users having only Help Desk permissions cannot access NetConfig. Other users can access NetConfig, but their access to functionality is controlled.

In the Permission Report (Reports > System > Users > Permission) check if you have the required privileges to perform the required NetConfig task.

This section details:

Job Approval Permissions

User-defined Tasks Permissions

Administrator Task Permissions

Job Editing Permissions

Job Approval Permissions

Users with Approver permissions can approve NetConfig jobs. Jobs must be approved before they are scheduled to run if Job Approval is enabled on the system. See the section "Setting Up Job Approval" in Administration of Cisco Prime LAN Management Solution 4.1.

User-defined Tasks Permissions

By default, only users with Network Administrator permissions can create user-defined configuration tasks. For more information, see Creating and Editing User-defined Tasks. A Network Administrator can give other users the required permissions on a task-by-task basis.

Administrator Task Permissions

Network Administrators can perform the tasks listed in the Admin menu.

Administrator tasks are:

Assigning tasks to users

Configuring default job properties

Creating and editing user-defined tasks

For user permissions, see Understanding NetConfig User Permissions.

Job Editing Permissions

After a NetConfig job is created, the owner, or a user with the owner privileges, or a network administrator can:

Copy a job

Edit a job

Retry a job

Delete a job

Stop a job while it is running

Using NetConfig

NetConfig allows you to do the following tasks:

Create and manage NetConfig jobs using the NetConfig job browser. See:

Starting a New NetConfig Job

Browsing and Editing Jobs Using the NetConfig Job Browser

Create your own NetConfig tasks and run them on a selected set of devices. See Creating and Editing User-defined Tasks.

Assign tasks to users. You can assign one or more tasks to one or more users. See Assigning Tasks to Users.

Starting a New NetConfig Job

You can create and schedule:

Device-based jobs

Module-based jobs

Port-based jobs

This section tells you how to:

Create a NetConfig Job based on Device

Create a NetConfig Job based on Module or Port

To manage Netconfig jobs using NetConfig job browser, see Browsing and Editing Jobs Using the NetConfig Job Browser.

Ensure that you have set the:

Transport protocol order for your job using Admin > Collection Settings > Config > Config Transport Settings. See Administration of Cisco Prime LAN Management Solution 4.1.

Job and password policy for your job using Admin > Network > Configuration Job Settings before starting a new NetConfig job. See Administration of Cisco Prime LAN Management Solution 4.1.


Note View the Permission Report (Reports > System > Users > Permission) to check if you have the required privileges to perform this task.


Create a NetConfig Job based on Device

To create a new NetConfig job based on Device:


Step 1 Select either:

Configuration > Tools > NetConfig > Deploy

Or

Configuration > Job Browsers > NetConfig

The NetConfig Job Browser appears.

Step 2 Click Create.

The Netconfig Job Type page appears, displaying the following job types:

Device Based

Module Based

Port Based

Step 3 Select Device Based and click Go.

The Devices and Tasks dialog box appears, with these panes:

Pane
Description

Device Selector

Select devices on which the NetConfig job has to run. You can select multiple device categories. For cable devices, you should select only one device for which you are creating the job.

Task Selector

Select the System-defined tasks or User-defined tasks that you want to run on the selected devices.

All System-defined and User-defined tasks are categorized into various task groups. To select the tasks, expand the corresponding Task Group node.

You can also search for a task or a group of tasks in the Task Selector by entering the Search expressions in the Search field.

You can use the wildcard character "*" along with the Search expression. When you click the Search icon, the results are displayed in the Search Results tab.

For descriptions of System-defined tasks and the device categories they support, see Using System-defined Tasks.

For creating and using User-defined tasks, see Creating and Editing User-defined Tasks.


Step 4 Select the devices from the Device Selector pane. See Inventory Management with Cisco Prime LAN Management Solution 4.1 for information on how to use the Device Selector.

Step 5 Select the tasks from the the Task Selector.

You can select one or more tasks at a time. Your selection will appear in the Selection pane.

Step 6 Click Next.

The Add Tasks dialog box appears with these panes:

Pane
Description

Applicable Tasks

Allows you to add a task. The tasks that you had selected using the Task Selector appear here.

Note Of the tasks selected, only tasks that apply to the devices selected appear here.

Select a task and click Add to create an instance for the task (see Step 7).

Added Instances

Allows you to edit the task instance you have added, view its CLI, or delete it. Select the instance of the task and click the required button (see Table 4-2).


The buttons available in this page are:

Table 4-2 Tasks Performed by Buttons in the Added Instances Pane 

Buttons
Description

Edit

Task pop-up opens with previously assigned values. You can modify these values and click Save.

View CLI

Opens the Device Commands pop-up with the list of applicable devices and the corresponding CLI commands. Devices in your selection for which the commands are not applicable, are also displayed as Non-Applicable Devices.

You can modify an instance of a configuration task (and its configuration commands) any time before the job is run.

Delete

Deletes the selected task instance.


Step 7 Select an applicable task and click Add.

The pop-up for the selected task appears.

Step 8 Set the parameters in the task dialog box and click Save.

(To reset the values that you have selected click Reset. Click Cancel to return to the previous dialog box, without saving your changes.)

You will see the instance of the task in the Added Tasks pane. The instance appears in the format:

Taskname_n, where Taskname is the name of the task you have added, and n is the number of the instance. For example, the first instance of a Banner task is Banner_1.

You can add as many instances as required, for a task.

Step 9 Click Next.

The Job Schedule and Options dialog box appears.

Step 10 Set the schedule for the job, in the Scheduling pane:

Field
Description
Scheduling

Run Type

Select the run type or frequency of the job—Immediate, Once, Daily, Weekly, Monthly, or Last Day of Month.

If Job Approval is enabled, the Immediate option is not available.

Date

Select the start date for the job.

At

Select the start time for the job from the hour and minute drop-down lists.

Job Info

Job Description

Enter the Job Description.

This is mandatory.

Make each description unique so you can easily identify jobs.

E-mail

Enter the e-mail addresses to which the status notices of the job will be sent. Separate multiple addresses with commas or semicolons.

You must configure the SMTP server to send e-mails (Admin > System > System Preferences).

Notification e-mails include a URL that displays the job details (see Viewing Job Details for more information on the details displayed). You need to be logged in to view the job details.

Comments

Enter your comments for the job. Comments appear in the job work order and are stored in the configuration archive.

Approver Comments

Enter comments for the job approver. This field is displayed only if you have enabled job approval for NetConfig. See Administration of Cisco Prime LAN Management Solution 4.1 for more information.

Maker E-mail

Enter the E-mail ID of the job creator. This field is displayed only if you have enabled job approval for NetConfig. This is a mandatory field. See Administration of Cisco Prime LAN Management Solution 4.1 for more information.


Step 11 Set the job options, in the Job Options pane.

Field
Description

Fail on Mismatch of Config Versions

Select to consider the job to be a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.

Sync Archive before Job Execution

Directs LMS archive running configuration before applying configuration changes.

Copy Running Config to Startup

Directs LMS to write the running configuration to the startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Enable Job Password

Login Username

Enter the Login Username.

This option is available to you if you have set the appropriate job password policy in the Configuration Management module.

This option overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of LMS.

Login Password

Enter the job password.

This option is available to you if you have set the appropriate job password policy in the Configuration Management module.

This option overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of LMS.

Enable Password

Enter the Enable password. This option is available to you if you have set the appropriate job password policy in the Configuration Management module.

This option overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of LMS.

Failure Policy

Select one of these options to specify what the job should do if it fails to run on a device.

Stop on failure—If the job fails to execute on a device, the job is stopped. The database is updated only for the devices on which the job was executed successfully.

Ignore failure and continue—If the job fails on a device, the job skips the device and continues with the remaining devices. The database is updated only for the devices on which the job was executed successfully.

Rollback device and stop—Rolls back the changes on the failed device and stops the job.

Rollback device and continue—Rolls back the changes on the failed device and continues the job.

Rollback job on failure—Rolls back the changes on all devices and stops the job. See Configuring a Job to Roll Back on Failure.

Execution

Specify the order in which the job should run on the devices.

Parallel—Allows the job to run on multiple devices at the same time. By default, the job runs on five devices at a time.

Sequential—Allows the job to run on only one device at a time. If you select sequential execution, you can click Set Device Order to set the order of the devices.

In the Device Ordering dialog box:

a. Select a device name

b. Click Move Up or Move Down to change its place in the order.

c. Click OK to save the current order and close the dialog box

or

Click Cancel to close the dialog box without making any changes.


Step 12 Click Device Order to view the device order.

The Set Device Order pop-up appears. You can reset the order in which the job should be executed on the devices using the Up and Down arrows.

When you are done, click Done. The pop-up closes.

Step 13 Click Next.

The Job Work Order dialog box appears with the general information about the job, the job policies, the job approval details (if you have enabled job approval), the device details, the task, and the CLI commands that will be executed on the selected devices as part of this job.

Step 14 Click Finish after you review the details of your job in the Job Work Order dialog box.

A notification message appears along with the Job ID. The newly created job appears in the NetConfig Job Browser.


Create a NetConfig Job based on Module or Port

You can create a NetConfig job for ports or modules by selecting a port or module group from the Group Selector page in the NetConfig job flow.

You can create a NetConfig job for all devices in the port or module group, which is the default, or for a few devices in the port or module group. If devices are not available in the port or module groups, then Netconfig job will not be created and displays the following message No devices in selected group

To run the job for a few select devices, you need to select the devices from the Devices and Groups page and the port or module from the Group Selector page. The job will run for the selected devices provided the devices are available in the port or module selected. If there are no devices in Devices and Groups page, then the Netconfig job will be created only for the devices that are part of port or module groups.

To start a new NetConfig job based on Modules or Ports:


Step 1 Select either:

Configuration > Tools > NetConfig > Deploy

Or

Configuration > Job Browsers > NetConfig

The NetConfig Job Browser appears.

Step 2 Click Create.

The Netconfig Job Type page appears, displaying the following job flows:

Device Based

Module Based

Port Based

Step 3 Either select:

Module Based—To create a NetConfig job based on modules.

Or

Port Based—To create a Netconfig job based on ports.

Step 4 Click Go.

The Device and Group Selector dialog box appears, with these options:

Options
Description

Device Selector

Allows you to select the devices on which the NetConfig job has to run. You can select multiple devices.

Group Selector

Allows you to select the device groups on which the NetConfig job has to run. You can select multiple device groups.


Step 5 Either:

Select the devices using the Device Selector option.

Or

Select the device groups using the Group Selector option.

You can also skip this page by clicking Next and directly go to Group Selector page.

Step 6 Click Next.

The Group Selector page appears displaying the Port or Module Groups dialog box with these options:

Options
Field/Button
Descriptions

Select Custom Group

Select the group on which the NetConfig job has to run. You can select multiple groups.

Module groups are displayed for a Module based NetConfig job.

Port groups are displayed for a Port based NetConfig job.

Define an Adhoc Rule

Allows you to define Adhoc rules for a specific NetConfig job.

Object Type

Select the Object Type to form a group.

Module—This Object Type is listed only if you are creating a NetConfig job for modules.

Port—This Object Type is listed only if you are creating a NetConfig job for ports.

Variable

Object type attributes, based on which you can define the group.

Operator

Operator to be used in the rule. The list of possible operators changes based on the Variable selected.

When using the equals operator the rule is case-sensitive.

Value

Value of the rule expression. The possible values depend upon the variable and operator that you have selected. The value may be free-form text or a list of values.

Wildcard characters are not supported.

Add Rule Expression

(Button)

Used to add the rule expression to the group rules.

Rule Text

Displays the rule.

Check Syntax

(Button)

Verifies that the rule syntax is correct.

Include

(Button)

Lists all the modules or ports from the selected devices that are not matching the rule. You can later choose to include the modules or ports for group creation.

Click Include to launch the Include List window.

Exclude

(Button)

Lists all the modules or ports from the selected devices that are matching the rule. You can later choose to exclude those modules or ports for group creation.

Click Exclude to launch the Exclude List window.


Step 7 Click Next.

The Port or Module Tasks page appears.

Step 8 Select the following task using the Task Selector:

Port/Module Tasks
Description

GOLD Health Monitoring Test Task

Configure GOLD Health Monitoring tests on modules.

Adhoc Task

Configures user-defined commands on selected interfaces within a port group.

Manage Auto Smartports

Enables or disables Auto Smartports macros at port level.

Smartports

Applies Smartports macros at port level.

Catalyst Integrated Security Features

Configures port security features.

PoE Task

Configures power policies in ports.

EnergyWise Parameters Task

Configures EnergyWise in ports.

EnergyWise Events Task

Configures EnergyWise events in ports.

SRE Operation Task

Configures the following operations on Services Ready Engine (SRE) supported devices at port level:

Install—Install application in service modules.

Uninstall—Uninstall application from service modules.

Status—Displays the following:

Status of the service module

The applicable running on the module

Status of the installation and uninstallation being performed in the service module

Abort—Stop installation on a set of service modules in a SRE device.

Shutdown—Shutdown the set of service modules in a SRE device

Reset—Reset service modules in a SRE device.


Your selection appears in the Selection pane.

Step 9 Click Next.

The Add Tasks dialog box appears with these panes:

Pane
Description

Applicable Tasks

Allows you to add a task. The task that you selected using the Task Selector, appears here.

From your selection, only the tasks that are applicable to at least one device that you have selected, appear here.

Select a task and click Add Instance to create an instance for the task (see Step 10).

Added Instances

Allows you to edit the task instance you have added, view its CLI, or delete it. Select the instance of the task, and click the required button (see Table 4-3).


The buttons available in this page are:

Table 4-3 Tasks Performed by Buttons in the Added Instances Pane 

Buttons
Description

Edit

Task pop-up opens with previously assigned values. You can modify the values.

View CLI

Device Commands pop-up opens with the list of applicable devices and their corresponding CLI commands. Devices in your selection for which the commands are not applicable, are also displayed as Non-Applicable Devices.

View Ports

Port Details pop-up opens showing the list of devices, their corresponding ports and the port group rule.

For example,

Port Group: 100 Mbps Ethernet Ports


Port Group Rule: Port.Speed = "100000000" AND Port.Type = "6" IN Port.GROUP_ID = "/RME@rme-ch-dev-sf4/All Devices"


Ports matching the port group rule:

4/1

4/2

4/3

4/4

4/5

4/6

4/7

Delete

Deletes the selected task instance.


Step 10 Select the applicable task and click Add.

The pop-up for the selected task appears.

Step 11 Set the parameters in the Task dialog box and click Save.

You will see the instance of the task in the Added Tasks pane of the Add Tasks dialog box. The instance appears in the format:

Taskname_n, where Taskname is the name of the task you have added, and n is the number of the instance. For example, the first instance of a Banner task is Banner_1.

You can add as many instances as required, for a task.

Step 12 Click Next.

The Job Schedule and Options dialog box appears.

Step 13 Set the schedule for the job, in the Scheduling pane:

Field
Description
Scheduling

Run Type

Select the run type or frequency for the job—Immediate, Once, Daily, Weekly, Monthly, or Last Day of Month.

Date

Select the start date for the job.

at

Select the start time for the job from the hour and minute drop-down lists.

Job Info

Job Description

Enter the Job Description. Make each description unique so you can easily identify jobs. This is mandatory.

E-mail

Enter e-mail addresses to which the job will send status notices. Separate multiple addresses with commas or semicolons.

You must configure the SMTP server to send e-mails (Admin > System > System Preferences).

Notification e-mails include a URL that displays the job details. See Viewing Job Details. If you are not logged in, you must log in using the provided login panel to view the job details.

Comments

Enter your comments for the job. Comments appear in job work order and are stored in configuration archive.

Approver Comments

Enter comments for the job approver. This field is displayed only if you have enabled job approval for NetConfig. See Administration of Cisco Prime LAN Management Solution 4.1 for more information.

Maker E-mail

Enter the e-mail-ID of the job creator. This field is displayed only if you have enabled job approval for NetConfig. This is a mandatory field. See Administration of Cisco Prime LAN Management Solution 4.1 for more information.


Step 14 Set the job options, in the Job Options pane.

Field
Description

Fail on Mismatch of Config Versions

Select to cause job to be considered a failure when the most recent configuration version in the archive is not identical to the most recent configuration version that was in the archive when you created the job.

Sync Archive before Job Execution

Select to cause job to archive running configuration before making configuration changes.

Copy Running Config to Startup

Select to cause job to write the running configuration to the startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Enable Job Password

Login Username

Enter the Login Username. This option is available if you have set the appropriate job password policy in the Configuration Management module.

This option overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of LMS.

Login Password

Enter the job password. This option is available if you have set the appropriate job password policy in the Configuration Management module.

This option overrides the credentials that you entered at the time of adding the device in the Device and Credentials Administration module of LMS.

Enable Password

Enter the Enable password. This option is available if you have set the appropriate job password policy in the Configuration Management module.

This option overrides the credentials that you entered at the time of adding the device in the Device and Credentials Administration module of LMS.

Failure Policy

Select one of these options to specify what the job should do if it fails to run on a device.

Stop on failure—If the job fails to execute on a device, the job is stopped. The database is updated only for the devices on which the job was executed successfully.

Ignore failure and continue—If the job fails on a device, the job skips the device and continues with the remaining devices. The database is updated only for the devices on which the job was executed successfully.

Rollback device and stop—Rolls back the changes on the failed device and stops the job.

Rollback device and continue—Rolls back the changes on the failed device and continues the job.

Rollback job on failure—Rolls back the changes on all devices and stops the job. See Configuring a Job to Roll Back on Failure

Execution

Specify the order in which the job should run on the devices.

Parallel—Allows the job to run on multiple devices at the same time. By default, the job runs on five devices at a time.

Sequential—Allows the job to run on only one device at a time. If you select sequential execution, you can click Set Device Order to set the order of the devices.

In the Device Ordering dialog box:

a. Select a device name

b. Click Move Up or Move Down to change its place in the order.

c. Click OK to save the current order and close the dialog box

or

Click Cancel to close the dialog box without making any changes.


Step 15 Click Device Order to view the device order. The Set Device Order pop-up appears.

You can reset the order in which the job should be executed on the devices using the up and down arrows.

Step 16 Click Next.

The Job Work Order dialog box appears with:

General information about the job

Job policies

Job approval details (if you have enabled job approval)

Device details

Task

CLI commands that will be executed on the selected devices as part of this job

Rule Expression (applicable for Adhoc groups).

Step 17 Click Finish after you review the details of your job in the Job Work Order dialog box.

A notification message appears along with the Job ID. The newly created job appears in the NetConfig Job Browser.


Browsing and Editing Jobs Using the NetConfig Job Browser

You can browse the NetConfig jobs that are registered on the system. Using the NetConfig Job Browser, you can also manage NetConfig jobs (create, edit, copy, retry, stop, or delete).

To create and start a new NetConfig job, see Starting a New NetConfig Job.


Note View Permission Report (Reports > System > Users > Permission) to check whether you have the required privileges to perform this task.


To invoke the NetConfig Job browser that lists all the scheduled report jobs, select either:

Configuration > Tools > NetConfig > Deploy

Or

Configuration > Job Browsers > NetConfig

.The columns in the NetConfig job browser displays the following information:

Column
Description

Job ID

Unique number assigned to a job when it is created.

For periodic jobs such as Daily, Weekly, the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.

Click on the hyperlink to view the Job details. See Viewing Job Details.

Status

Status of the job:

Successful—When the job is successful.

Failed—When the job has failed.

The number, within brackets, next to Failed status indicates the count of the devices that had failed for that job. This count is displayed only if the status is Failed.

For example, If the status displays Failed(5), then the count of devices that had failed amounts to 5.

Cancelled—When the job has been stopped.

Running—When the job is in progress.

Waiting—When the job is waiting for approval (if job approval has been enabled).

Rejected—When the job has been rejected (if job approval has been enabled).

Description

Description of the job, entered at the time of job creation.

Owner

Username of the job creator.

Scheduled at

Date and time at which the job was scheduled.

Completed at

Date and time at which the job was completed.

Flow Type

Type of the job flow—Port, Module, Device.

Schedule Type

Type of job schedule—Immediate, Once, Daily, Weekly, Monthly, Last day of the month.

You can specify when you want to run the NetConfig job.

To do this, select one of these options from the drop-down menu:

Immediate—Runs the report immediately.

Once—Runs the report once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

Last Day of the Month—Runs the job on the last day of the month, beginning with the month that you specify.

For periodic jobs, the subsequent instances will run only after the earlier instance of the job is complete.

For example: If you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the November 1 job has completed. If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, then the next job will start only at 10:00 a.m. on November 3.


You can filter the jobs using the Filter by field in the NetConfig Job Browser using any of the following criteria:

Filter Criteria
Description

All

Select All to display all jobs in the job browser

Job ID

Select Job ID and enter the Job ID that you want to display. For non-periodic jobs, the specified Job ID appears in the browser. For periodic jobs, all the instances of the selected Job ID will also be displayed in the browser.

Status

Select Status and then select any one of these:

Successful

Failed

Cancelled

Running

Scheduled

Approved

Waiting

Rejected

Description

Select Description and enter the first few letters or the complete description.

Owner

Select Owner and enter the user ID or the beginning of the user ID.

Schedule Type

Select the schedule type and select any one of these:

Immediate

Once

Daily

Weekly

Monthly

Last day of the month

Flow Type

Select Flow Type and then select any one of these:

Device

Port

Module

Refresh

(Icon)

Click this icon to refresh the NetConfig job browser.


You can schedule a default purge job to purge the records of NetConfig jobs.

You can perform the following operations using the NetConfig job browser. (See Table 4-4):

Table 4-4 Operations Using the NetConfig Job Browser 

Button
Description
Usage Notes

Edit

Edits the selected pending job.

For Device based jobs, the Job definition opens at the Devices and Tasks dialog box, with current information about the job.

For Module based jobs, the Job definition opens at the Devices and Groups dialog box, with current information about the job.

For Port based jobs, the Job definition opens at the Devices and Groups dialog box, with current information about the job.

You can edit a job the same way you define and schedule a new job. See Starting a New NetConfig Job.

The Job ID of an edited job remains unchanged.

Unless you own a job, your login ID determines whether you can use this option.

If the job start time occurs during editing, it runs without edits. You can complete the edits and schedule the job to run again, but you cannot re-edit the job.

To prevent the job from running without edits, either:

Complete your edits before the job start time.

Or

Cancel the job and create a new one.

Copy

Copies selected job.

You can copy a job and give it a new schedule.

For Device based jobs, the Job definition opens at the Devices and Tasks dialog box, with all the selections for the job that you are copying.

For Module based jobs, the Job definition opens at the Devices and Groups dialog box, with all the selections for the job that you are copying.

For Port based jobs, the Job definition opens at the Devices and Groups dialog box, with all the selections for the job that you are copying.

You can copy a job in the same way you define and schedule a new job. See Starting a New NetConfig Job.

A new Job ID with the copied job details is created.

-

Retry

Retry a failed job.

For Device based jobs, the Job definition opens at the Devices and Tasks dialog box.

You can edit the job the same way as you would define and schedule a new job. However, you cannot add new devices or change the tasks for the job that you are retrying.

You can select a few of the failed devices to retry the job.

For Module based jobs, the Job definition opens at the Devices and Groups dialog box.

You can edit the job the same way as you would define and schedule a new job. However, you cannot add new devices, modules or change the tasks for the job that you are retrying.

You can select a few of the failed devices to retry the job.

For Device based jobs, the Job definition opens at the Devices and Groups dialog box.

You can edit the job the same way as you would define and schedule a new job. However, you cannot add new devices, ports or change the tasks for the job that you are retrying.

You can select a few of the failed devices to retry the job.

Unless you own the job, your login determines whether you can use this option.

There may be some devices whose configuration has been downloaded. However, their running configuration has not been written to the Startup configuration.

You can perform Retry Job on these devices just as you can on a failed job.

Stop

Stops or cancels a running job.

You will be asked to confirm the cancellation of the job. However, the job will be stopped only after the devices currently being processed are successfully completed. This is to ensure that no device is left in an inconsistent state.

If the job that you want to stop is a periodic job, you will also be asked whether you want to cancel all the instances of the job.

Click OK to cancel all instances.

If you click Cancel, only the selected instance of the job is cancelled. The next instance of the job will appear in the Job browser with the status Scheduled.

Unless you own the job, your login determines whether you can use this option.

You cannot restart the stopped job. You can however copy the stopped job and Job ID.

Delete

Deletes the selected job from the job browser. You can select more than one job to delete.

You will be asked to confirm the deletion. If the job that you have selected for deletion is a periodic job, this message appears:

If you delete periodic jobs, or instances of a periodic job, that are yet to be run, the jobs will no longer run, nor will they be scheduled to be run again. You must then recreate the deleted jobs. Do you want to continue?

Click OK to confirm the deletion. The selected job will be deleted.

You can delete a job that has been successful, failed, or stopped, but you cannot delete a running job.

Unless you own the job, your login determines whether you can use this option.

You must stop a running job before you can delete it.


Viewing Job Details

You can learn more about any job by viewing its details.


Step 1 Go to the NetConfig Job Browser and click the Job ID hyperlink. See Starting a New NetConfig Job to invoke the NetConfig Job Browser.

The Job Details pop-up appears, displaying the day, date and time details in the header at the top of the report. The Job ID and the Status appear in the header of the report.

The Job Details dialog box has two panes. The left pane contains a table of contents for the job results. The results appear in the right pane.

Step 2 Click a content in the left pane to view its corresponding report in the right pane.

Step 3 Click expand and collapse icons to open and close the folder tree in the left pane.

If a folder has subfolders, the next level of subfolders appears under it. Otherwise, its corresponding report appears in the right pane.

The contents of the left pane depends on the state of the job. The left pane can contain:

Job Summary (in the Job Details folder).

Downloaded Devices (in the Device Details folder).

Work Order

Page/Folder
Description
 

Job Details

Job Summary

Click to display summary of completed job:

Job Summary:

Status

Start Time

End Time

Job Messages:

Pre-job Execution

Post-job Execution

Device Update:

Successful

Failed

Not attempted

Pending

Devices Pending Registration for Smart Call Home (SCH)

The URL https://tools.cisco.com/sch/pendingDevices.do is displayed only for SCH NetConfig jobs. Click the URL to register the devices that are pending to process SCH messages at Cisco.com.

For more information on Devices Pending Registration for SCH, see the Smart Call Home User Guide at:

http://www.cisco.com/en/US/services/ps2827/ps2978/ps7334/networking_solutions_products_genericcontent0900aecd806f52c2.pdf

Device Details

Downloaded Devices

Contains detailed job results for each device in a table:

Device—List of devices on which the job ran.

Status—Status of job (success, failure, etc.)

Message—A message about the status of a job.

If the job failed on the device, the reason for failure is displayed.

If the job was successful on the device, the message Deploy Successful is displayed.

You can filter the devices by selecting a status and clicking Filter.

This page displays the number of rows you have set for display in the Rows per Page field. You can increase the rows up to 500 in each page.

You can navigate among the pages of the report using the navigation icons at the right bottom of this table.

Click on a device to view the details such as protocol, status and reason when applicable, task used and the CLI output for that device. These details appear in a pop-up window.

Double-click to display status folders that correspond to possible device status.

StatusFolder

Update Successful

Devices that were successfully updated.

Update Failed

Devices that were not updated.

Includes devices on which rollback was attempted, regardless of whether the rollback was successful.

Not Attempted

Job did not try to update devices, even though they were selected.

Usually occurs when a previous device failed and failure property was set to Stop on Failure.

Work Order

Click to display Job Work Order, which contains the same information as the workorder that was displayed when the job was created. (For the workorder details, see Step 16 in Starting a New NetConfig Job).

For retried jobs, the job definitions are not updated. For such jobs, the original job definitions are retained.

ViewPorts

(button)

Port Details pop-up opens showing the list of devices, their corresponding ports and the group rule.

The View Ports button is available only for jobs that are either in Scheduled, Waiting for Approval, or in Rejected states.


To perform actions, click one of the following (For detailed descriptions of these operations see Operations Using the NetConfig Job Browser in Table 4-4):

Edit

Copy

Retry

Stop

Delete


Creating and Editing User-defined Tasks

You can create User-defined Tasks and add one or more templates to each task.

The template, in turn, is associated with the Meta-Data Framework (MDF) categories of devices, for which these templates will be applicable.

The templates contain configuration commands and rollback commands (see Creating Rollback Commands). You can enter the configuration commands either by typing them or by importing them from a file.

You can create a new task and add one or more templates to it. You can also add templates to an existing task. Name a task when you create it and as it is saved for future use. You can copy, edit, and reuse your tasks. You can assign access privileges to tasks while or after you create them (see Assigning Tasks to Users).

You cannot add User Defined Templates to System Defined Tasks.

After you have successfully created a User-defined Task, this task will appear under the User-defined Tasks group in the Task Selector of the NetConfig Job creation wizard. You can create a NetConfig job using the User-defined task. For details on the Task Selector and job creation, see Step 2 in Starting a New NetConfig Job.

For each template, you should specify all the information including the configuration commands, rollback commands (see Rolling Back Configuration Changes), mode (Config or Enable), and the device category for which these commands will be applicable.

At the time of job creation, you should ensure that the User-defined task that you have selected is applicable to the MDF categories of the devices that you have selected.

If the task that you have selected does not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane of the NetConfig job wizard, during job creation.

For example, if you have selected an CatalystOS category of device, but selected a user-defined task that is applicable to a Cable device, then the task will not appear in the Applicable Tasks pane of the job wizard and you will not be able to proceed further with the job creation. For details on the Applicable Tasks pane and job creation, see Step 6 in Starting a New NetConfig Job


Caution NetConfig does not validate the commands you enter in a user-defined template within a task. If you enter incorrect commands you might misconfigure or disable the devices on which the job using the template runs.

View the Permission Report (Reports > System > Users > Permission) to check whether you have the required privileges to perform this task.


Step 1 Select Configuration > Tools > NetConfig > User Defined Tasks.

The User-defined Tasks dialog box appears. If you are creating a task for the first time, the system displays a message that there are no user-defined tasks.

The User-defined Tasks dialog box has a Tasks browser in its left pane. After you create a task, the task is displayed in the Tasks browser along with its templates.

Step 2 Define or edit a User-defined task by entering the following information in the dialog box.

Area/Field/Button
Description
Usage Notes

Name

Enter name for the new task. This is a mandatory field.

To create new task from a copy of an existing task:

1. Select the name from Templates list,

2. Enter the new name.

3. Save the task.

To modify a task, select it from the tasks list but do not modify its name.

You can modify a task by adding or deleting templates, modifying existing templates and changing other details.

Template Name

Enter the template name. This is a mandatory field.

Template Name is provided for User Defined Tasks when you create a template for more than one device category which has different commands to execute.

Command Mode

Select mode (config or enable) in which commands will run.

Each user-defined template can run commands in one mode only.

If you select Enable, enter Rollback Commands area is disabled because only config commands can be rolled back.

Parameterized

Select Parameterized if you want to create a parameterized template.

The template parameters will be picked up from a file that you specify, at the time of scheduling a job using this task. See "Parameterized Templates".

Device Type

Select device category template will configure.

You can associate any number of MDF categories with a template, if the command is applicable to them.

CLI Commands

Enter configuration commands or select the configuration commands file.

The configuration commands file should reside in the default location:

On Solaris and Soft Appliance:

/var/adm/CSCOpx/files/rme/netconfig/cmdFiles/

On Windows:

NMSROOT\files\rme\netconfig\cmdFiles

Where, NMSROOT is the LMS install directory.

If you want to import the configuration commands from an existing file, enter the default file location in the Import from File field.

Alternatively, when you click on the Browse button, a file browser opens with the default location of the configuration commands file. You cannot change this default import directory.

To enter configuration commands, do any of the following:

Type in larger text box, one command in each line.

Or

Enter enter the default file location of the configuration command files in the Import from File field.

Click Browse.

A file browser opens with the default location of the configuration commands file. You cannot change this default import directory.

You can also enter interactive commands and multi-line commands. See Handling Interactive Commands.

Rollback Commands

Enter configuration commands for the template to run when the job fails and the failure policy is set to the rollback option.

If you want to import the rollback commands from an existing file, enter the file location in the Import from File field.

The rollback commands file should reside in the default location:

On Solaris and Soft Appliance:

/var/adm/CSCOpx/files/rme/netconfig/cmdFiles/

On Windows:

NMSROOT\files\rme\netconfig\cmdFiles

Where, NMSROOT is the LMS install directory.

Alternatively, when you click on the Browse button, a file browser opens with the default location of the rollback commands file. You cannot change this default import directory.

To enter rollback commands, do any of the following:

Type in larger text box, one command in each line.

Enter the default file location of the rollback command files in the Import from File field.

Click Browse.

A file browser opens with the default location of the configuration commands file. You cannot change this default import directory.


Click Save to save the task with the current information.

Or

Click Delete to delete the current task from the system.


To cancel the user-defined task you are creating, select a command from the Jobs or Admin menu (or a corresponding button) and click Yes in the resulting dialog box.

To add a user-defined task, select Select Configuration > Tools > NetConfig > User Defined Tasks. The User-defined Tasks dialog box appears with no values.

To copy a user-defined task:


Step 1 Select the task from the Tasks browser.

The details appear in the right pane of the User-defined Tasks dialog box.

Step 2 Change the name of the Task and click Save.


To modify a user-defined task:


Step 1 Select the task from the Tasks browser.

The details appear in the right pane of the User-defined Tasks dialog box.

Step 2 Select templates associated with the task from the Task browser, and modify them

You can change details such as the command mode, parameterization option, the device type, the CLI commands or the rollback commands.


You can add a template or delete an existing one. When you click Save, a message appears that the task is modified.

This section contains:

Parameterized Templates

Creating a Parameters File (XML file)

Parameters File: More Examples

Parameterized Templates

You can include parameterized templates within User-defined tasks. A parameterized template allows the configuration commands in the templates to contain user-defined variables.

Multiline feature of parameterized templates is not supported. However, interactive command deploy is supported.

You can select the Parameterized option when you create a User-defined task (see Creating and Editing User-defined Tasks).

If you select the Parameterized option, you should enter the actual values for the parameters in the template in a separate Parameters file (see Creating a Parameters File (XML file)) when you create a NetConfig job (see Creating and Editing User-defined Tasks). The Parameters file is the XML file that contains the parameter values.

The Parameters file should reside on the server at this location:

NMSROOT\files\rme\netconfig\cmdFiles (On Windows)

/var/adm/CSCOpx/files/rme/netconfig/cmdFiles/ (On Solaris and Soft Appliance)

where NMSROOT is the LMS install directory.

To create a Parameterized User-defined task and apply this in a NetConfig job:


Step 1 Create a User defined Task with variables embedded in the command body. For details see Creating and Editing User-defined Tasks.

For example:

You can enter the command ntp server $ntpServer in the CLI Commands text box in the User-defined Tasks dialog box.

Step 2 Select the Parameterized check box in the User-defined Tasks dialog box.

Step 3 Click Save to save your User-defined Parameterized task.

Step 4 Create the Parameters file (XML file) containing the values for $ntpServer task. For details, see Creating a Parameters File (XML file).

For example:

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>mytimeserver</value>

</CMDPARAM>

</DEVICE>

Step 5 Repeat the above step in the Parameters file, for all the devices that you plan to include in the job, if each device refers to a different ntpServer.

Alternatively, you can have a global section if that variable does not change for each device. For details, see Creating a Parameters File (XML file).

Step 6 Store the Parameters file in:

NMSROOT\files\rme\netconfig\cmdFiles directory (On Windows)

/var/adm/CSCOpx/files/rme/netconfig/cmdFiles/ (On Solaris and Soft Appliance)

where NMSROOT is the LMS install directory.

Step 7 Create a NetConfig job and select your User-defined Parameterized task. For details see Starting a New NetConfig Job.

You are prompted to enter the filename while adding the task to the NetConfig job.

You can check the syntax of the text file that contains the parameters. To do this, select Check Syntax.

Step 8 Complete the job creation. For details, see Creating and Editing User-defined Tasks.


Creating a Parameters File (XML file)

A specific format is defined for embedding variables in User-defined tasks and the corresponding Parameters file that contains the values for the parameters.

The variables in the User-defined tasks, which you enter in the CLI Commands text area of the User-defined Tasks dialog box (see Creating and Editing User-defined Tasks), should be preceded by $.

For example, for an NTP server parameter, it should be: $ntpServer

Similarly, the Parameters file also follows a specified format.

Here is the sample format and example of the Parameters file (the XML command file that contains the values for the parameters) for a parameterized template:

<GLOBAL>

<CMDPARAM NAME = password>

<value>abc</value>

</CMDPARAM>

<CMDPARAM NAME = message>

<value>test all</value>

</CMDPARAM>

</GLOBAL>

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>ServerName</value>

</CMDPARAM>

</DEVICE>

You can assign the device-specific values to variables in the <DEVICE> area. If there are no device-specific values, the default values in the <GLOBAL> area are considered as actual values for these variables. You do not need to add a <GLOBAL> area in the Parameters file if you are referencing each device explicitly (using the <DEVICE> area for each device).

Parameters File: More Examples

This section gives more examples of the format of the text to be entered in the CLI Commands body at the time of creating a User-defined Task, and the commands to be entered in the corresponding Parameters file.

For example, you can enter these parameters while creating a User-defined task, in the CLI Commands text box:

ntp server ntpServer

ip http port portValue

ip address ipAddress

In the corresponding Parameters file, which is stored under:

NMSROOT\files\rme\netconfig\cmdFiles directory (On Windows)

/var/adm/CSCOpx/files/rme/netconfig/cmdFiles/ (On Solaris and Soft Appliance)

where NMSROOT is the LMS install directory, enter:

 
   

<GLOBAL>

<CMDPARAM NAME = ntpServer>

<value>10.10.10.10</value>

</CMDPARAM>

<CMDPARAM NAME = portValue>

<value>90</value>

</CMDPARAM>

<CMDPARAM NAME = ipAddress>

<value>1.1.1.1</value>

</CMDPARAM>

</GLOBAL>

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>20.20.20.20</value>

</CMDPARAM>

<CMDPARAM NAME = portValue>

<value>55</value>

</CMDPARAM>

</DEVICE>

<DEVICE NAME = 10.77.202.229>

<CMDPARAM NAME = ntpServer>

<value>30.30.30.30</value>

</CMDPARAM>

</DEVICE>

In such a case, when the NetConfig job contains the device 10.76.38.54, the following commands are generated:

ntp server 20.20.20.20 (taken from the device-specific section of the Parameters file) 
ip http port 55 (taken from the device-specific section of the Parameters file) 
ip address 1.1.1.1 (taken from the global section of the Parameters file)

When the job contains the device 10.77.202.229, the following commands are generated:

ntp server 30.30.30.30 (taken from the device-specific section of the Parameters file) 
ip http port 90 (taken from the global section of the Parameters file) 
ip address 1.1.1.1 (taken from the global section of the Parameters file)

When the job contains other devices, all the values are taken from the global section of the XML file, and the following commands are generated:

ntp server 10.10.10.10

ip http port 90

ip address 1.1.1.1

If the value for a parameter is not found in the command file, the syntax check (in the job creation flow) displays an error.

You can enter any special character, except <, >, and $, that is accepted by the device as the value for a parameter in the command file. This is because NetConfig does not process the parameter values. NetConfig only reads the value given between <value> and </value> tags and generates the command.

Assigning Tasks to Users

You can assign access privileges to NetConfig tasks, to users with Network Operator privileges or lesser. All other users with privileges higher than Network Operator are assigned all tasks by default.

A network administrator must assign task access privileges to other users. See Understanding NetConfig User Permissions section for details.


Note View the Permission Report (Reports > System > Users > Permission) to check whether you have the required privileges to perform this task.


To assign tasks to users:


Step 1 Select Configuration > Tools > NetConfig > Assigning Tasks.

The Assign Tasks dialog box appears.

Step 2 Enter the username of the user to whom you want to assign the tasks.

This should be a valid LMS user.

Step 3 Select the task that you want to allocate to the user from the Available tasks list box and click Add.

You can select more than one task, by holding down the Shift key while selecting the task.

The selected tasks appear in the Selected Tasks list box.

To remove assigned tasks, select the tasks from the Selected Tasks list box and click Remove.

Step 4 Add all the required tasks to the Selected Tasks list box.

Step 5 Click Assign to assign the task access privileges to the specified user.

For a specified user, to see the assigned tasks, enter the username in the Username field and click Show Assigned.

The tasks assigned to the user appear in the Selected Tasks list box.

Step 6 Click Report to generate the User Task Report.

The User Task Report shows the list of users and the tasks assigned for each user.


Note By default, all the tasks are assigned to admin users. Therefore, the User Task Report will not list the users with Admin privileges.



Handling Interactive Commands

An interactive command is the input you will have to enter, following the execution of a command.

For example, on a Catalyst device, a clear counters command on a Cat 5000 will give the following output:

c5000# (enable) clear counters. This command will reset all MAC and port counters reported in CLI and SNMP. Do you want to continue (y/n) [n]?

In LMS, such commands can be included in config jobs executed via NetConfig or ConfigEditor. For more details also see Editing and Deploying Configurations Using Config Editor.

You can handle interactive commands using NetConfig user-defined templates, and by using Adhoc tasks. See Using NetConfig User-defined Templates and Adhoc Tasks.

You cannot run interactive commands through NetConfig CLI.

Using NetConfig User-defined Templates and Adhoc Tasks

You can enter an interactive command in the Enter CLI Commands area, using the following syntax:

CLI Command<R>command response 1 <R>command response 2

<R> tag is case-sensitive and this must be entered in uppercase only.

Example

For a Catalyst device, a clear counters command will give the following output

c5000# (enable) clear counters This command will reset all MAC and port counters reported in CLI and SNMP. Do you want to continue (y/n) [n]?

To clear the counter, the syntax is:

clear counters <R>y

To accept the default, the syntaxes are:

clear counters <R>n

or

clear counters <R>

To accept the default value, you do not need to enter any values after the tag <R>.

Handling Multi-line Commands

You can enter multi-line commands as a part of User-defined and Adhoc tasks. The multi-line commands must be within the tag <MLTCMD> and </MLTCMD>.

These tags are case-sensitive and you must enter them only in uppercase. You cannot start this tag with a space.

Example

<MLTCMD> banner login "Welcome to

Cisco Prime LMS

Essentials - you are using

Multi-line commands" </MLTCMD>

You can have a blank line within a multi-line command. The commands within the MLTCMD tags are considered as a single command and will be downloaded as a single command onto the device.

Using System-defined Tasks

NetConfig provides System-defined configuration tasks. You can create configuration commands by using these tasks (see Understanding the System-defined Task User Interface (Dialog Box)).

Each task supports one or more device categories (see Table 4-5). Table 4-5 displays a comprehensive list of all templates available and a brief description of each.

For Device-based jobs, the System-defined tasks are available in the Devices and Tasks dialog box of the NetConfig job wizard.

For Port-based jobs, the System-defined tasks are available in the Port Tasks page of the NetConfig job wizard.

For Module-based jobs, the System-defined tasks are available in the Module Tasks page of the NetConfig job wizard.

All System-defined tasks are categorized into various task groups in the Tasks Selector. To select the tasks, you must expand the corresponding Task Group node.

After you select the devices and the tasks and click Next (see Starting a New NetConfig Job), the selected tasks appear in the Applicable Tasks pane of the Add Tasks dialog box (in the Job wizard).

When you select an applicable task and click Add Instance, a dialog box appears for the selected System-defined configuration task.

This is a dynamic user interface. The task dialog box displays parameters, based on the devices that you selected in Device Selector.

For example, if you have selected IOS devices, you can specify IOS parameters in this dialog box. If not, this section will not be available to you.

When you enter information in the fields of the task and click Save, the task appears as a numbered instance in the Added Instances pane of the Add Tasks dialog box.

For the detailed procedure and for information on how to edit the task instances, view CLI, or delete the instances, see Starting a New NetConfig Job.

You can add multiple instances of a configuration task to a job by selecting an applicable task, adding information, and saving this information. You need to do this whenever you add instances. However, you can include only one instance of a task in a job.

Each System-defined task also creates Rollback commands that you can use to roll back the changes to devices if the job fails.

View the Permission Report (Reports > System > Users > Permission) to check whether you have the required privileges to perform this task.

If you use TFTP protocol to deploy NetConfig templates to devices, the DCR does not reflect the updates.

Table 4-5 NetConfig System-Defined Tasks Supported by LMS Device Categories

Task Group
Task
Description
IOS
CatOS
CSS
CE
NAM
PIX
Cable

General

Adhoc Task

Enter any configuration commands as required.

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Authentication Proxy Task

Configure Authentication Proxy.

Yes

-

-

 

-

-

Yes

Banner Task

Add, remove, or edit banners.

Yes

Yes

-

 

-

-

Yes

CDP Task

Configure Cisco Discovery Protocol (CDP).

Yes

Yes

-

Yes

-

-

Yes

DNS Task

Configure DNS.

Yes

Yes

Yes

Yes

Yes

-

Yes

HTTP Server Task

Configure HTTP access on VPN devices.

Yes

Yes

-

-

-

 

Yes

IGMP Configuration Task1

Configure IGMP of selected cable interfaces.

-

-

-

-

-

-

Yes

Internet Key Exchange (IKE) Configuration Task2

Configure IP security (IPSec).

Yes

-

-

-

-

Yes

Yes

Interface IP Address Configuration Task

Configure IP interface address of selected interface.

-

-

-

-

-

-

Yes

 

NTP Server Configuration Task

Configure Network Time Protocol (NTP).

Yes

Yes

Yes

Yes

-

-

Yes

RCP Configuration Task

Configure rcp

Yes

-

-

-

-

-

Yes

Reload Task

Reload devices

Yes

-

-

Yes

Yes

-

Yes

Smart Call Home Task

Register devices with Cisco Smart Call Home

Yes

-

-

-

-

-

-

Syslog Task

Configure Syslog message logging.

Yes

Yes

Yes

Yes

-

Yes

Yes

Transform System-Defined Task

Configure IPSec.

Yes

-

-

-

-

Yes

Yes

User-defined Protocol Task

Configure the User-defined protocol on NAM devices.

-

-

-

-

Yes

-

-

Web User Task

Configure the web user for NAM devices

-

-

-

-

Yes

-

-

Cable

Cable BPI/BPI+ Task

Assign self-signed certificate, configure cable interface, and set BPI/BPI+ options.

-

-

-

-

-

-

Yes

Cable DHCP-GiAddr and Helper Task1

Configure DCHP-GiAddr and Helper Address of the selected cable interface.

-

-

-

-

-

-

Yes

Cable Downstream Task1

Activate/Deactivate DS Ports, Interleave Depth, MPEG Framing Format, Modulations, Channel ID and Frequency of the selected cable interfaces.

-

-

-

-

-

-

Yes

Cable Interface Bundling Task1

Configure Interface Bundling on selected cable interface.

-

-

-

-

-

-

Yes

Cable Spectrum Management Task

Assign Spectrum Groups and Interfaces on a selected cable interface.

-

-

-

-

-

-

Yes

Cable Trap Source Task

Configure SNMP Traps hosts, notification, message and notification of SNMP Traps on a cable interface.

-

-

-

-

-

-

Yes

Cable Upstream Task1

Activate and configure upstream on selected cable interfaces.

-

-

-

-

-

-

Yes

Credential

Enable Password Task

Configure, or change enable or secret password to enter in enable mode on devices.

Yes

Yes

-

-

-

Yes

Yes

Local Username Task

Configure local username and password authentication on devices.

Yes

-

Yes

-

-

-

Yes

SSH Configuration Task

Configure SSH.

Yes

-

Yes

Yes

Yes

 

Yes

Telnet Password Configuration Task

Add, remove, and edit Telnet passwords.

Yes

Yes

-

-

-

Yes

Yes

Encryption

Certification Authority Task2

Create, or modify Certification Authority. Provides manageability and scalability for IP security (IPSec) standards on VPN devices.

Yes

-

-

 

-

-

Yes

Crypto Map Task2

Configure IPSec.

Yes

-

-

-

-

Yes

Yes

EEM

Embedded Event Manager Task

Configure EEM Scripts or Applets on the devices

Yes

-

-

-

-

-

-

EEM Environmental Variables Task

Configure EEM Environmental Variables on the devices

Yes

-

-

-

-

-

-

EnergyWise

EnergyWise Configuration Task

Configure EnergyWise in Devices

Yes

-

-

-

-

-

-

GOLD

GOLD Boot Level Task

Configure Boot Level Diagnositc tests on the devices

Yes

-

-

-

-

-

-

GOLD Monitoring Test Task

Configure GOLD Monitoring tests on devices

Yes

-

-

-

-

-

-

SNMP

SNMP Community Configuration Task

Add, remove, and edit SNMP community strings

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Security Configuration Task

Configure SNMP Security feature on devices.

Yes

-

-

Yes

-

-

Yes

SNMP Traps Configuration Task

Configure SNMP traps.

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Port Macros

Auto Smartports

Configure Auto Smartport macros on devices.

Yes

-

-

-

-

-

-

TACACS

TACACS Configuration Task

Configure TACACS authentication.

Yes

-

-

 

-

-

Yes

TACACS+ Configuration Task

Configure TACACS+ authentication

Yes

Yes

-

Yes

Yes

-

Yes

RADIUS Server Configuration Task

Configure RADIUS server and task.

Yes

-

Yes

Yes

-

-

Yes

User-defined Tasks

Lists all user-defined tasks

             

1 You can apply this task only to a single device, at a time because cable templates configure interfaces on devices.

2 You must follow this sequence to complete the configuration of the IPSec on devices:

2 a. IKE configuration System-defined task.

2 b. Transform System-defined task.

2 c. Crypto Map System-defined task.


Understanding the System-defined Task User Interface (Dialog Box)

NetConfig tasks support devices in the following device categories:

IOS

Catalyst OS

Content Engine

CSS

NAM

PIX OS

Cable

Each of the system-defined tasks have their own dynamic user interface, or dialog box, that displays fields for a specified category of devices only if you have selected that category of device.

The dialog boxes for system-defined tasks may have these groups, links, and buttons:

Common Parameters—This group of fields appears at the top of the task dialog box. In the fields under this group, you can enter the parameters that are common to all the categories of devices that you have selected.

Device Category-specific Parameters—This group of fields is specific to a device category. If, for a specified device category, only the common parameters are applicable, this message appears in the user interface:

No Category-specific Commands
 
   

Applicable Devices—This link is available in the device category-specific group of fields and enables you to view the devices in your selection, to which the device-specific parameters apply.

Buttons in the system-defined tasks interface:

Button
Action

Save

Saves the information that you have entered in the fields in the task dialog box.

Reset

Clears all the fields.

Cancel

Cancels your changes, and closes the task dialog box.


For the cable devices, you can apply a task only to a single device at a time, because cable templates configure interfaces on devices.

Also, for the cable tasks to work correctly, you must have valid SNMP credentials in Device and Credential Repository (DCR). See Administration of Cisco Prime LAN Management Solution 4.1 for more information on setting valid SNMP credentials.

Therefore, if you have selected more than one cable device and selected tasks for them, the task may not appear in the Applicable Tasks pane of the Add Tasks dialog box. For the tasks that are applicable to cable devices, see Table 4-5.

Understanding the NetConfig Credentials Configuration Tasks

NetConfig provides for tasks to configure credentials on devices. These tasks are:

Enable Password (See Enable Password Task.)

Local Username (See Local Username Task.)

Radius Server (See RADIUS Server Configuration Task.)

TACACS TACACS Configuration Task

TACACS+ (See TACACS+ Configuration Task.)

SNMP Community (See SNMP Community Configuration Task.)

SNMP Security (See SNMP Security Configuration Task.)

The credential store allows only one set of login credentials per device - Primary username and primary password, irrespective of the authentication type.

Hence, this imposes certain limitations on the NetConfig templates, especially, when you are configuring/modifying the authentication method on the device.

To overcome this, an option to specifically update the credential store is provided in the credential tasks. The credential store is updated only when this option is chosen with the values specified.

The usage of NetConfig credentials tasks to configure the credentials on a device should be based on the active credentials (e.g. Telnet, TACACS, etc.) in the device. For example if the device is configured with TACACS+, you should use only TACACS+ template to configure the credentials.

Example

When you remove the TACACS+ authentication for the device, the device reverts to the authentication method that was earlier configured on it. For example, the local username.

However, LMS is unaware of the fallback authentication method, and the respective credentials. If Device and Credential Repository is not updated with the right credentials, the subsequent device operations from LMS will fail.

In this case, you should select the option to update the local credential store and specify the local username credentials. When the job runs, NetConfig updates Device and Credential Repository with this set of credentials, so that for subsequent devices, access from LMS will be successful.

Adhoc Task

You can use the Adhoc system-defined task to add configuration commands to a job, during job definition.

You cannot save an instance of an Adhoc task, for future use. If you need to reuse a template that provides capabilities unavailable from the system-defined tasks, you can create a user-defined tasks (see Creating and Editing User-defined Tasks).


Caution NetConfig does not validate commands you enter in the Adhoc task. If you enter incorrect commands, you might misconfigure or disable devices on which jobs that use the task run.

Groups for each of the device categories that you have selected, appear in the Adhoc Configuration dialog box. To invoke the Adhoc Configuration dialog box, see Starting a New NetConfig Job.

You can enter configuration and rollback commands for these device categories:

IOS (including Cable devices)

Catalyst OS

Content Engine

CSS

NAM

PIX OS

For more details, see Table 4-5.


Note As Cable devices fall under the IOS category, you can enter adhoc commands in the IOS group of fields in the Adhoc Configuration dialog box.


For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Adhoc Configuration dialog box are:

Group
Field
Description

Commands

CLI Command

Enter configuration commands.

You can also enter interactive commands (see Handling Interactive Commands) and multi-line commands see Handling Multi-line Commands).

 

Rollback Command

Enter rollback commands.

Command Mode

Config or Enable

Select the mode (config or enable) in which the task configuration commands will run.

If you have selected Catalyst OS, or NAM devices, then the enable mode is preselected, and you do not have the option to select the config mode.

The Command Mode group is not available for the Adhoc Task selected in the Port Based flow of the NetConfig job.


If you enter any credential command in the CLI Commands or Rollback Commands fields, then those credentials will be masked in the job work order and the job results page.

For example, the command, snmp-server community public ro will be displayed as snmp-server community ***** ro.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Authentication Proxy Task

The Authentication Proxy feature helps users to log into the network or access the Internet using HTTP. Their specific profiles are automatically retrieved and applied from a CiscoSecure ACS, or other RADIUS, or TACACS+ authentication server.

The Cisco Secure Integrated Software authentication proxy feature allows network administrators to apply specific security policies on a user to user basis. You can use the Authentication Proxy system-defined configuration Task on IOS devices, which have been configured for VPN functionality.

The IOS category of devices (including Cable devices) are supported by this task.

For more details, see Table 4-5.

You can enter the details of this task in the Authentication Proxy Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Authentication Proxy Configuration dialog box are:

Group
Sub-Group
Field
Description

IOS Parameters

Authorization (AAA)

Action

Select the required option to enable, disable or make no change to the authorization configuration.

   

Method 1

Select either TACACS+ or RADIUS as your first method of authorization.

   

Method 2

Select either TACACS+ or RADIUS as your second method of authorization, based on your selection in the first method

 

Cache Timeout

Minutes (1-2147483647)

Timeout value. The default timeout value can be in the range of 1 and 2,147,483,647.

   

Set to default

Select this to set the default cache timeout value of 60 seconds.

 

Banner

Action

Select Enable or Disable to set or reset Banner display in the login page.

If you select Enable, the router name is displayed in the login page.

If you select Disable, then the router name is not displayed.

If you do not want to make any changes to the banner, select No Change.

   

Banner Text (Optional)

Enter the text that you want displayed in the banner. If you enter the banner text, then this text is displayed instead of the router name in the login page.

This is an optional field.

 

Authentication Proxy Rule

Action

Select Enable or Disable an authentication proxy rule.

If you select Enable, a named authentication proxy rule is created and associated with access list.

If you select Disable, the associated proxy rule is removed.

Select No Change if you do not want to make changes to the Authentication Proxy Rule group of fields.

   

Name

Enter a name for the authentication proxy rule.

The name can be up to 16 alphanumeric characters.

   

Overriding Timeout [optional(1-2147483647)]:

Enter a timeout value to override the default cache timeout.

This is an optional field. The overriding timeout value should be in the range of 1 and 2,147,483,647.

   

ACL Number/Name [optional]:

Enter a Standard Access list to be used with the Authentication proxy.

This is an optional field.

 

New Model

Action

Select to enable, disable, or make no change to new model state.


Click on Applicable Devices to view the devices in your selection, to which this task applies.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows the xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the number 56 or Kn, where n is a number between 1 and 9, then this is a VPN image.

For example, C7100-IS56I-M is a VPN image, since it contains the number 56.

Banner Task

You can use the Banner system-defined, configuration task to change banners on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

For more details, see Table 4-5.

You can enter the details of this task in the Banner Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Banner Configuration dialog box are:

Group
Sub Group
Field
Description
Common Parameters

Motd Banner

Action

Select the appropriate option to add or remove a message of the day banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

IOS Parameters

Exec Banner

Action

Select the appropriate option to add or remove an Exec banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

 

Incoming Banner

Action

Select the appropriate option to add or remove an Incoming banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

 

Login Banner

Action

Select the appropriate option to add or remove a Login banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

 

Slip-PPP Banner

Action

Select the appropriate option to add or remove a Slip/PPP banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

CatOS Parameters

No category-specific commands.

-

This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

CDP Task

You can use the CDP system-defined task to configure Cisco Discovery Protocol (CDP) on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

Content Engine

For more details, see Table 4-5.

You can enter the details of this task in the CDP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the CDP Configuration dialog box are:

Group
Sub Group
Field
Description

Common Parameters

Run

Action

Select to enable, disable, or make no change to the CDP state.

 

Hold Time

Seconds (10-255)

Enter holdtime in seconds.

The CDP holdtime specifies how much time can pass between CDP messages from neighboring devices before the device is no longer considered connected and the neighboring entry is aged out.

Value must be greater than value in Update Time field.

   

Set to Default

Select this for the default hold time of 60 seconds

 

Update Time

Seconds (5-254)

Enter time between CDP updates, in seconds.

Value must be less than value in Hold Time field.

   

Set to Default

Select this for the default update time of 60 seconds

 

CDP Version

Run

Select the CDP Version (CDPv1 or CDPv2. CDP version 2 is the default value.

If you are modifying the CDP Task and you do not want to change this field, select No Change.

IOS Parameters

No category-specific commands.

-

This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.

CatOS Parameters

Mod/Ports

Mod/Ports (Ex:2/1-12,3/5)

Enter modules and ports on which to enable or disable CDP.

You can enter a single module and port or a range of ports, for example, 2/1-12,3/5-12.

   

All mod/ports

Select to enable or disable CDP in all ports in all modules.

 

CDP Format

Format

The options are:

No Change (Does not allow you to make any modifications to the specified CDP format.)

MAC

Other

Select the required option.

CE Parameters

No category-specific commands.

-

This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Certification Authority Task

You can use the Certification Authority (CA) system-defined configuration task to provide manageability and scalability for IP Security (IPSec) standards. The Certification Authority task can be used only on IOS devices configured for VPN functionality.

This task is applicable to IOS devices (including Cable devices).

For more details, see Table 4-5.

You can enter the details of this task in the Certification Authority Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For this task to work correctly, you must use a CLI-based protocol (Telnet or SSH) as the download protocol.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Certification Authority Configuration dialog box are:

Group
Sub-Group
Field
Description

IOS Parameters

Declare CA

Action

Select Enable or Disable to activate/deactivate Certification Authority (CA).

If you select Enable you can create or modify CA.

If you select Disable, you can delete the CA.

Select No Change, to leave the CA Name unchanged.

   

CA Name

Enter the CA name. This name is used to identify the certification authority to be configured.

This name is the CA domain name.

 

Enrollment URL

Action

Select Enable to allow router to connect to the CA, using the URL specified in the Value field.

Select Disable, if you do not want to connect to the CA.

Select No Change to leave the Enrollment URL field unchanged.

   

Value

Enter the URL of the CA.

The URL should include any available non-standard cgi-bin script location.

 

Enrollment Mode

Action

Select Enable if the CA provides a Registration Authority (RA).

Select Disable to disable the specified LDAP Server.

Select No Change to leave the Enrollment Mode field unchanged.

   

LDAP Server

Enter the LDAP server of the CA, if your CA system provides an RA.

LDAP server contains the location of CRLs (certification revocation lists) and certificates.

 

Enrollment Retry Period

Minutes [1- 60]

Enter the wait period between certification request retries.

The wait period is between 1 to 60.

   

Set to Default

Select this option to set the default wait period to 1 minute.

 

Enrollment Retry Count

Number [1- 100]

Enter the certification request retry number.

The retry number must be between 1 and 100.

   

Set to Default

Select this option to set the default retry period to 1 minute.

 

CRL Optional

Action

Select Enable to bypass the Certificate Revocation List.

If you select Disable, Certificate Revocation list is checked.

 

Certificate Query

Action

Select an option to enable, disable or make no change to certificate query.

If you select Enable, certificate query will be added to all trust points on the router.

If you select Disable, the certificate will not be queried.

 

RSA Key pairs

Action

Select an option to generate, delete or make no change to the RSA key pairs. This feature allows you to configure a Cisco IOS router to have multiple key pairs.

Thus, the Cisco IOS software can maintain a different key pair for each identity certificate.

   

Key Type

Specify the key type:

General Purpose—To generate a general purpose key pair that is used for both encryption and signature.

Usage—To generate separate usage key pairs for encrypting and signing documents.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows the xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the number 56 or Kn, where n is a number between 1 and 9, then this is a VPN image.

For example, C7100-IS56I-M is a VPN image, since it contains the number 56.

Crypto Map Task

You can use the Crypto Map Server system-defined task to configure IPSec on devices.


Note You must configure the IKE configuration system-defined task (see Internet Key Exchange (IKE) Configuration Task) and Transform system-defined task (see Transform System-Defined Task) before configuring the Crypto Map system-defined task.


The following device categories are supported by this task:

IOS (including Cable devices)

PIX OS

For more details, see Table 4-5.

You can enter the details of this task in the Crypto Map Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Crypto Map Configuration dialog box are:

Group
Sub-Group
Field
Descriptions

IOS Parameters

Configuration

Action

Select an option to add, remove, or make no change to the IOS configuration.

   

Map Name

Enter the name for the Crypto Map.

   

Map Number

Enter the number for the Crypto Map.

The value must be between 1 and 65535.

   

Map Type

Select the map type (manual or isakmp) for the Crypto Map.

   

Map Description

Enter the description for the Crypto Map.

   

Crypto ACL

Enter the extended access list for Crypto Map.

   

IPSec Peer

Enter the IPSec peer to be associated with the Crypto Map.

   

Transform Set name

Enter the transform set name to be used with the Crypto Map.

PIX Parameters

Configuration

Action

Select an option to add, remove, or make no change to the PIX configuration.

   

Map Name

Enter the name for the Crypto Map.

   

Map Number

Enter the number for the Crypto Map.

Value must be between 1 and 65535.

   

Map Type

Select the type (manual or isakmp) for the Crypto Map.

   

Crypto ACL

Enter the extended access list for Crypto Map.

   

IPSec Peer

Enter the IPSec peer to be associated with the Crypto Map.

   

Transform Set name

Enter the transform set name to be used with the Crypto Map.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

DNS Task

You can use the DNS system-defined task to configure DNS (Domain Name Server) on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

Content Engine

CSS

NAM

PIX OS

For more details, see Table 4-5.

You can enter the details of this task in the DNS Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the DNS Configuration dialog box are:

Group
Sub-Group
Field
Description

Common Parameters

DNS Server

Add

Enter the IP addresses of DNS name server(s) that you want to add.

Separate multiple addresses with commas.

If the device accepts only one DNS server, then the first address will be considered.

   

Remove

Enter the IP addresses of DNS name server(s) that you want to remove.

Separate multiple addresses with commas.

 

Domain Name

Name

Enter the domain names to complete unqualified hostnames.

If a device has a domain list enabled, it will be used to complete unqualified hostnames instead of the domain name.

Separate multiple addresses with commas. If the device accepts only one domain name, then the first entry will be considered.

   

Remove

Select this option to remove the domain names.

IOS Parameters

 

Domain Lookup

Select to enable or disable IP DNS-based hostname-to-address translation.

   

CLNS NSAP

Select to enable or disable or make no change to the CLNS NSAP option. If this option is enabled, any packet with the specified CLNS NSAP prefix causes CLNS (Connectionless Network Service) protocol to behave as if no route were found.

   

OSPF

Select to enable or disable or make no change to the OSPF (Open Shortest Path First) protocol option.

 

Domain List

Action

Select an option to add, remove, or make no change to the domain list.

   

Domain List

Enter domain names to complete unqualified hostnames, or add to the existing list.

Separate multiple domain names with commas.

Do not include an initial period before domain names.

CatOS Parameters

 

1st Server Primary

Select to have a DNS name server entered in Add field, as the default or the primary name server.

   

Domain Lookup

Select an option to enable, disable, or make no change to the domain lookup.

Content Engine Parameters

 

Serial Lookup

Select an option to enable, disable, or make no change to the serial lookup.

CSS Parameters

Secondary DNS Server

Add (Hostname or IP Address)

Enter the hostname or an IP address of a secondary server, that you want to add.

A maximum of two IP addresses are allowed. The order in which you enter them is the order in which they are used if the primary DNS server fails.

Separate multiple addresses with a comma.

   

Remove (Hostname or IP Address)

Enter a hostname or an IP address of a secondary server, that you want to remove.

A maximum of two IP addresses are allowed.
Separate multiple addresses with a comma

NAM Parameters

 

Disable Nameservers

Select to disable domain name servers.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Enable Password Task

You can use the Enable Password system-defined, configuration task to change the enable and secret passwords, which allow users to enter the enable mode on devices.

When you enable or disable an enable password, the change is made on the device and in Device and Credential Repository.


Note If you disable the enable password on a device, you cannot enter the enable mode on that device unless you previously enabled an alternative type of enable mode authentication.


The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

PIX OS

For more details, see Table 4-5.

You can enter the details of this task in the Enable Password Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note If you change the enable password on a Catalyst device with an RSM module using this task, the RSM enable password is also changed.


The fields in the Enable Password Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Setup

Action

Select an option to enable, disable or make no change to the enable password.

   

Password

Enter the enable password.

   

Verify

Re-enter the password.

IOS Parameters

Password

Level (1-15)

Set the Enable Password level. The level can be between 1 and 15. 15 is the default level.

For an IOS device, it is advisable not to disable both Enable Password and Enable Secret password.

This is because the IOS device will not allow you to go into the Enable mode of the device. You can do this only if you have the console password for the device.

If you have selected Enable Password as No Change in the Common Parameters pane, and selected Disable for Enable Secret in the IOS Parameters pane, then Enable Secret Password is updated in the Device and Credentials database.

If you have selected Enable Password as Disable in the Common Parameters pane, and selected No Change for Enable Secret in the IOS Parameters pane, then Enable Password is updated in the Device and Credentials database.

   

Encrypted

Select this option to encrypt the password.

   

Update Credentials

Select this to update credentials. For details see Understanding the NetConfig Credentials Configuration Tasks

 

Secret

Action

Select an option to enable, disable or make no change to the secret password.

   

Secret

Enter the secret password.

   

Verify

Re-enter the password.

   

Level (1-15)

Set the password level. The level can be between 1 and 15. 15 is the default level.

   

Encrypted

Select this option to encrypt the password.

CatOS Parameters

Password

Apply Command on Modules

Select to apply the command on the modules.

If you have selected Disable as the action in the Common Parameters group, then the password will be removed.

PIX Parameters

 

Level(0-15)

Set the password level. The level can be between 0 and 15. 15 is the default level.

   

Encrypted (Password should be 16 characters)

Select this option if the password you are entering is already encrypted. If you select this option ensure that your password is 16 characters.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

HTTP Server Task

You can use HTTP Sever to configure HTTP access on IOS devices, which have been configured for VPN functionality.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

For more details, see Table 4-5.

You can enter the details of this task in the HTTP Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the HTTP Server Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Server

Action

Select an option to enable, disable or make no change to the HTTP access on the device.

 

Port

Number [0-65535]

Specify the HTTP server port number.

   

Set to Default

Select this option to set the default port (80).

IOS Parameters

Authentication

Action

Select an option to enable, disable or make no change to the authentication method.

   

Method

Select an authentication method:

AAA

enable

local

TACACS

 

Access List

Action

Select an option to enable, disable or make no change to the access list.

   

ACL Number/Name

Enter the Access Control List number or name to be used. The access list number must be between 1 to 99.

CatOS Parameters

   

No category-specific commands.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

You will lose Telnet access to the device if you configure HTTP Server. The Device may require TACACS/RADIUS/Local username and password after configuring HTTP Server. You should make sure that the device has the appropriate login configured. The username and password has to be stored in the LMS Database.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the number 56 or Kn, where n is a number between 1 and 9, then this is a VPN image.

For example, C7100-IS56I-M is a VPN image, since it contains the number 56

Local Username Task

You can use the Local Username system-defined task configure local username and password authentication on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

CSS

For more details, see Table 4-5.

You can enter the details of this task in the Local Username Task Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Local Username Task Configuration dialog box are:

Group
Sub-Group
Field
Description

Common Parameters

Local User Setup

Action

Select an option to add, remove or make no change to the local username setup.

Username

Enter the local username.

Password

Enter local username password.

Verify

Re-enter the password.

IOS Parameters

Local User Setup

Privilege Level [0-15]

Set the required privilege level.

Local User Setup

 

Privilege Level [0-15]

Set the required privilege level.

No HangUp

Select this option to enable No Hang Up mode.

No Escape

Select this option to enable No Escape mode.

Local User Login Authentication

 

Action

Select to enable, disable or make no change to the local user authentication group of fields.

Local Username Credentials

Username

Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

 

Password

Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

 

Verify

Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

CSS Parameters

 

For CSS devices:

The username length should be between 1 and 16 characters.

The local password length should be between 6 and 16 characters.

The DES-Encrypted password length should be between 6 and 64 characters.

Local User Setup

 

SuperUser

Select this option to designate the local user as superuser.

 

Password Type

Select the password type from these options:

Local

Encrypted

DES_Encrypted

Directory Access

 

Configure Directory Access

Select this option if you want to configure directory access. Defines the CSS directory access levels.

By default, CSS assigns users with read and write access to the directories. Changing the access level also affects the use of the CLI commands associated with the directories.

 

Directories

Script

Select the required access option to the Script directory:

No Access

Read And Write

Read

Write

   

Log

Select the required access option to the Log directory:

No Access

Read And Write

Read

Write

   

Root

Select the required access option to the Root directory:

No Access

Read And Write

Read

Write

   

Archive

Select the required access option to the Archive directory:

No Access

Read And Write

Read

Write

   

Release Root

Select the required access option to the Release Root directory:

No Access

Read And Write

Read

Write

   

Core

Select the required access option to the Core directory:

No Access

Read And Write

Read

Write

   

MIB

Select the required access option to the MIB directory:

No Access

Read And Write

Read

Write


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

IGMP Configuration Task

You can use this task to configure the Internet Group Management Protocol (IGMP) on a cable interface.


Note You can apply this task only on a single IOS device at a time. For details, see Table 4-5.


You can enter the details of this task in the IGMP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the IGMP Configuration dialog box are:

Group
Sub-group
Field
Description

IOS Parameters

     

IGMP Configuration

Interface

Interfaces

Select the required option to specify the interface to be configured for IGMP, or to make no change to the existing interface selection:

Not Selected

FastEthernet0/0

FastEthernet0/

Cable1/0

   

Action

Select the required option to enable, disable, or make no change to the Interface sub-group of fields.

   

PIM Mode

Select the required PIM mode option. Select No Change to retain any previous mode selection:

No Change

dense-mode

sparse-mode

sparse-dense-mode

IGMP Parameters

 

Action

Select the required option to replace the values in, or to make no change to the IGMP Parameters group of fields.

   

IGMP Version

Select the required IGMP version from the supported versions:

1

2

3

   

Last Memory Query Interval [100-25500 in msec]

Enter the time interval between the IGMP specific messages sent by the router.

Enter the last memory query interval in seconds. You can enter an interval between 100 and 25500 milliseconds. The default is 1000 milliseconds.

   

Query Maximum Response Time[1-25 in sec]

Enter the maximum response time advertised in the IGMP queries. This option is enabled when IGMP version 2 is configured.

You can enter a response time between 1 and 25 seconds. The default is 10 seconds.

   

Query Interval [1-65535 in sec]

Indicates a time interval when the Cisco IOS software sends IGMP host queries. Enter a query interval between 1 and 65535 seconds. The default is 60 seconds.

   

Query Timeout [60-300 in sec]

Indicates the timeout period when the router takes the query of an interface after the previous query has stopped querying.

You can enter a value between 60 and 300 seconds. The default is 2* Query Interval second.

   

Helper Address (Should be in IP address format)

Indicates the IP address that will receive all IGMP host reports, and also where you can leave messages. This option is enabled when IGMP version 2 is configured.

Enter the Helper Address in the IP Address format.

Group Configuration

 

Action

Select the required option to add values to, or to make no change to the Group Configuration group of fields.

   

ACL to control joining of Multicast Group

Allows you to control the multicast groups. You can enter either the IP access list name or number. The valid range is between 1 and 99.

   

Join Group Multicast Address (multiple addresses should be separated by commas)

Adds Join Group Multicast Address to the Multicast Address table. Enter the addresses, separated by commas.

   

Static Group Multicast Address (multiple addresses should be separated by comma)

Adds Static Group Multicast Address to the Multicast Address table. Enter the addresses, separated by commas.

   

Populate for all Groups

Allows you to apply the configuration to all groups.


Click on Applicable Devices to view the devices in your selection, to which this task applies.

Interface IP Address Configuration Task

You can use this task to configure the IP address of a cable interface.


Note You can apply this task only on a single IOS device at a time. For details, see Table 4-5.


You can enter the details of this task in the Interface IP Address Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Interface IP Address Configuration dialog box are:

Group
Sub-group
Field
Description

Cable Parameters

     

Interface IP Configuration

 

Cable Interface

Select the required cable interface for configuring the IP address, or select Not Selected to make no change to the previous selection:

Not Selected

FastEthernet0/0

FastEthernet0/1

Cable1/0

   

Action

Select the following action:

No Change—Makes no change to the IP Addresses

Replace—Replaces the IP Addresses

Remove Primary—Removes the primary IP Address.

Remove Secondary—Removes the secondary IP Address.

Remove All—Removes both primary and secondary IP Addresses.

 

IPAddress

Primary

Enter the primary IP address.

   

Secondary

Enter the secondary IP address.

 

Subnet Mask

Primary

Enter the primary subnet mask.

   

Secondary

Enter the secondary subnet mask.



Note The values for interfaces are as returned by device.


Click on Applicable Devices to view the devices in your selection, to which this task applies.

Internet Key Exchange (IKE) Configuration Task

Use the Internet Key Exchange (IKE) Configuration System task to configure IPSec on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

PIX OS

For more details, see Table 4-5.

You can enter the details of this task in the IKE Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

IOS Parameters

     

ISAKMP

Action

Select to enable, disable, or make no change to ISAKMP.

ISAKMP Policy

ISAKMP Policy Priority

Action

Select to add, remove, or make no change to ISAKMP policy priority.

   

Priority [1-10000]

Enter the policy priority number

Value must be between 1 and 10000.

 

Encryption

Action

Select to enable, disable, or make no change to encryption type.

   

Type

Select the type of encryption for the policy:

3des

des

 

Hash

Action

Select to enable, disable, or make no change to the hash algorithm.

   

Algorithm

Select the type of hash algorithm:

sha

md5

 

Authentication

Action

Select to enable, disable, or make no change to the authentication method.

 

Method

Select the type of authentication method:

rsa-sig

rsa-encr

pre-share

 

Group

Action

Select to enable, disable, or make no change to the Diffie-Hellman group identifier.

   

Value

Enter the Diffie-Hellman group identifier.

Value must be 1 or 2.

 

Lifetime

Action

Select to enable, disable, or make no change to the lifetime value.

   

Seconds [60-86400]

Enter the lifetime value in seconds.

Value must be between 60 and 86400 seconds.

PIX Parameters

     

ISAKMP

Action

Select to enable, disable, or make no change to ISAKMP.

   

Interface

Select the interface:

Inside

Outside

ISAKMP Policy

ISAKMP Policy Priority

Action

Select to add, remove, or make no change to ISAKMP policy priority.

   

Priority [1-65534]

Enter the policy priority number

Value must be between 1 and 10000.

 

Encryption

Action

Select to enable, disable, or make no change to encryption type.

   

Type:

Select the type of encryption:

aes

aes-192

aes-256

des

3des

 

Hash

Action

Select to enable, disable, or make no change to the hash algorithm.

   

Algorithm

Select type of hash algorithm:

sha

md5

 

Authentication

Action

Select to enable, disable, or make no change to the authentication method.

 

Method

Select the type of authentication method:

rsa-sig

pre-share

 

Group

Action

Select to enable, disable, or make no change to the Diffie-Hellman group identifier.

   

Value

Enter the Diffie-Hellman group identifier.

Value must be 1, 2 or 5.

 

Lifetime

Action

Select to enable, disable, or make no change to the lifetime value.

   

Seconds [120-86400]

Enter the lifetime in seconds.

Value must be between 120 and 86400 seconds.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

NTP Server Configuration Task

You can use the NTP Server system-defined task to configure Network Time Protocol (NTP) on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

CSS

CE

For more details, see Table 4-5.

You can enter the details of this task in the NTP Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

Common Parameters

NTP Server

Action

Select to add, remove, or make no change to Network Time Protocol.

   

Host Name/IP Address

Enter the IP address of the NTP server to which devices will send time-of day requests.

IOS Parameters

NTP Server

Server Type

Select the required server type.

   

Version

Select the server version.

   

Server Key (0-4294967295)

Enter the NTP server Key. The value must be between 0 and 4294967295.

   

Verify Server Key

Re-enter the Key to confirm.

   

Source Interface (Interface Name)

Enter the source interface name.

   

Preferred

Select an option to specify whether the interface is a preferred interface.

 

NTP Authentication Key

Action

Select to add, remove, or make no change to the NTP authentication Key.

   

Number [1 to 4294967295]

Enter the number of Key bits. The value must be between 1 and 4294967295 Key bits.

   

Verify Number

Re-enter the number to confirm.

   

MD5 Number (Max 8 chars)

Enter the MD5 number which can contain a maximum of 8 characters.

 

NTP Authentication

NTP Authentication

Select to enable, disable, or make no change to NTP authentication.

 

NTP Calendar

Action

Select to add, remove, or make no change to the NTP calendar.

 

NTP Access Group

Action

Select to add, remove, or make no change to the NTP access group.

   

Access Type

Select the required action type:

QueryOnly

ServeOnly

Serve

Peer

   

ACL Number [1-99]

Enter the ACL number which should be a value between 1 and 99.

 

NTP Trusted Key

Action

Select to add, remove, or make no change to the NTP trusted Key.

   

Key Number [1-4294967295]

Enter the Key number whcih must be a value between 1 and 4294967295.

   

Verify Key Number

Re-enter the Key number to verify.

CatOS Parameters

NTP Server

Server Key [Range:1 to 4292945295]

Enter the NTP server Key which must be between 1 to 4292945295.

   

Verify Server Key

Re-enter the Key to confirm.

 

NTP Client

Client Action

Select to enable, disable, or make no change to NTP client.

 

NTP Authentication

NTP Authentication

Select to enable, disable, or make no change to NTP authentication.

 

NTP Key

Action

Select to add, remove, or make no change to the NTP Key.

   

Key Number [1 to 4292945295]

Enter the NTP server Key and the value must be between 1 to 4292945295.

   

Verify Key Number

Re-enter the Key to confirm.

   

Type

Select the required Key type.

   

MD5 Number [Max 32 chars]

Enter the MD5 number which should be a maximum of 32 characters.

CE Parameters

NTP Server

Action

Select to enable, disable, or make no change to the NTP server.

   

Server Type

Select the required server type.

CSS Parameters

 

NTP Server Version

Select the required NTP server version.

 

NTP Server Poll Interval

Action

Select to add, remove, or make no change to the NTP poll interval.

   

Poll Interval [16-16284 seconds]

Specify the poll interval. The value must be between 16 and 16284 seconds.


RADIUS Server Configuration Task

You can you use the RADIUS system-defined task to configure RADIUS on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

CSS

CE

For more details, see Table 4-5.

You can enter the details of this task in the RADIUS Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

Common Parameters

     

Host Configuration

 

Action

Select to enable, disable, or make no change to the server configuration.

   

Server Name

Enter the server name.

   

Auth Port (0-65536)

Enter port used for authentication by RADIUS server.

Key Configuration

 

Action

Select to enable, disable, or make no change to the key configuration.

   

Key

Enter RADIUS authentication and encryption key string used by server specified in Host area.

   

Verify

Re-enter RADIUS key.

Login Authentication

Action

Select to enable, disable, or make no change to the login authentication.

The Login Authentication is not applicable for CSS

 

RADIUS Credentials

Username

Enter the username. For details see Understanding the NetConfig Credentials Configuration Tasks.

In case of CSS devices, this value will be used to update the Primary login details.

   

Password

Enter the password. For details see Understanding the NetConfig Credentials Configuration Tasks.

In case of CSS devices, this value will be used to update the Primary login details.

   

Verify

Re-enter the password to verify. For details see Understanding the NetConfig Credentials Configuration Tasks.

In case of CSS devices, this value will be used to update the Primary login details.

IOS Parameters

     

Login Authentication

List

Name

Enter default or named list.

   

Set to Default

Select to set the default list.

 

Type

Options

(Drop-down list 1)

Select the required option:

No Choice

radius

tacacs+

line

enable

local

none

Similarly, select the type from the other three drop-down lists.

New Model

 

Action

Select to enable, disable, or make no change to new model state.

Enable mode Authentication

 

Action

Select to add, remove, or make no change to the enable mode authentication.

 

Credentials

Username

Enter the enable username.

   

Password

Enter the enable password.

   

Verify

Re-enter the enable password.

 

Type

Options

(Drop-down list 1)

Select the required option:

No Choice

radius

tacacs+

line

enable

local

none

Similarly, select the type from the other three drop-down lists.

Content Engine Parameters

   

No category-specific commands.

CSS Parameters

Host Configuration

Action

Select to enable, disable, or make no change to the host configuration.

   

Secondary Server Name (Host Name or IP Address)

Enter the secondary server hostname or IP address.

   

Secondary Server Key

Enter the key for the secondary server. Defines the secret string for authentication transactions between the RADIUS server and the CSS. Enter a case-sensitive string with a maximum of 16 characters.

   

Verify

Re-enter the key to verify.

   

Authentication Port (1-65535)

Enter custom authentication port of the RADIUS server. Value must be between 0 and 65535.

Optional field. Defines the UDP port on the secondary RADIUS server that receives authentication packets from clients. Enter a number from 0 to 65535. The default is 1645.

Other Parameters

 

Dead Time in seconds (1-255)

Enter the dead time in seconds. The value must be between 0 and 255.

Enter a number from 0 to 255. The default is 5.

If you enter 0, the dead time is disabled and the CSS does not send probe access-request packets to the non-responsive server. This command applies to primary and secondary servers.

   

Remove

Select to remove the dead time specification. Use the no form of this command to reset the dead-time period to its default of 5 seconds.

   

Retransmit (1-30)

Enter the retransmit value (between 1 and 30) number of times that the CSS retransmits an authentication request. Enter a number from 1 to 30. The default number is 3.

   

Remove

Use the no form of this command to reset the retransmission of authentication request to its default of 3.

   

Source Interface Host (Host Name or IP Address)

Enter the source interface hostname or IP address.

Source Interface Host configuration is required to accept authentication from the RADIUS client. Note that this IP interface address is used for the NAS-IP-Address RADIUS attribute in the RADIUS Authentication Request.

   

Remove

Select to remove the source interface specification.

   

Timeout (1-255):

Enter the timeout value (between 1 and 2555). Timeout specifies the period of which the CSS waits for a reply to a RADIUS request before retransmitting requests to the RADIUS server.

   

Remove

Select the remove option to reset the interval to its default of 10 seconds.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

RCP Configuration Task

You can use the RCP system-defined configuration task to configure RCP on devices.

This task supports the IOS category of devices including Cable devices.

For more details, see Table 4-5.

You can enter the details of this task in the RCP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box)

The fields in the RCP Configuration dialog box are:

Group
Sub-group
Field
Description

IOS Parameters

Enable

Action

Select to enable or disable rcp state.

To make rcp setup changes without enabling or disabling rcp, select No Change.

 

RCP User Setup

Action

Select the required option to add to, or to remove current user from rcp authentication list.

To make rcp setup changes without enabling or disabling rcp, select No Change.

   

Local Username

Enter local name of user whose rcp access you are modifying.

   

Remote Host

Enter IP address of remote host from which local device will accept remotely executed commands.

   

Remote Username

Enter username on remote host from which device will accept remote commands.

   

Enable Mode Commands

Click to allow remote user to run enable commands using rsh or to copy files to device using rcp.

   

add/remove

Click Add to add current user to rcp authentication list.

Click Remove to remove current user from rcp authentication list.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Reload Task

You can use the Reload task to schedule reload of devices. This task supports the IOS, Cat OS, SFS, NAM, CE, FastSwitch, PIX, CSS and Cable categories of devices. For more details, see Table 4-5.

You can enter the details of this task in the Reload Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box)

The fields in the Reload Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Reload

Action

Select either:

Reload to enable reloading selected devices.

or

No Change if you do not want to schedule a reload for the selected devices.

IOS Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.

CatOS Parameters

   

No category-specific parameters.

CE Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.

NAM Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.

SFS Parameters

   

No category-specific parameters.

Fast Switch parameters

   

No category-specific parameters.

PIX Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.

CSS Parameters

   

No category-specific parameters.

Cable Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.


For each device category, click on Applicable Devices to view the devices in your selection, to which the reload task applies.

SNMP Community Configuration Task

You can use the SNMP Community Configuration system-defined task to replace, add, and remove device SNMP community strings.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

Content Engine

CSS

NAM

PIX OS

For more details, see Table 4-5.

You can enter the details of this task in the SNMP Community Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Community Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Read-only

Action

Select an option to replace, add, remove, or make no change to a read-only SNMP community string.

If you select Replace, the new community string replaces the corresponding community string in the Device and Credential Repository (DCR). This action also deletes the current SNMP credentials on the device.

If you select the Add or Remove option, the new SNMP community strings are configured in the device alone and DCR is untouched.

However if you select Replace, then the new SNMP community strings replace the community strings in the device as well as in DCR.

If you select No Change, no change will be made to the Read-only Community string.

   

Community String

Enter the community string.

   

Verify

Re-enter the community string.

 

Read-write

Action

Select an option to replace, add, remove, or make no change to a read-write SNMP community string.

If you select Replace, the new community string replaces the corresponding community string in the Device and Credential Repository.

If you select Add or Remove, the new SNMP community strings are configured in the device alone and DCR is untouched.

However if you select Replace, then the new SNMP community strings replace the community strings in the device as well as in DCR.

If you select No Change, no change will be made to the Read-write Community string.

   

Community String

Enter the community string.

   

Verify

Re-enter the community string.

IOS Parameters

Setup View (Optional)

MIB View (Optional)

Enter name of a previously defined view that defines objects available to community.

Optional field.

   

OID -Tree

Indicates the Object Identifier of ASN.1 subtree that is to be included or excluded from the view.

To identify an Object Identifier ASN.1 subtree, enter a numerical string such as 1.3.6.2.4 or a word such as system.
To identify a subtree family, enter a wildcard, for example an asterisk (*), where the string will read 1.3.*.4.

Enter the MIB OID-Tree name.

   

Type

Include or exclude all the objects specified in the MIB OID subtree you identified in the previous field. Select Included or Excluded from the drop down list.

 

Access List (Optional)

Access List (Optional)

Enter an integer from 1 to 99 to specify a named or numbered access list of IP addresses that are allowed to use the community string to access SNMP agent.

Optional field.

CatOS Parameters

   

No category-specific parameters.

CE Parameters

   

No category-specific parameters.

PIX Parameters

   

No category-specific parameters.

CSS Parameters

   

No category-specific parameters.

NAM Parameters

   

No category-specific parameters.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

SNMP Security Configuration Task

You can use this task to configure the SNMP Security feature on the following device categories:

IOS (including Cable devices)

Content Engine

For more details, see Table 4-5.

You can enter the details of this task in the SNMP Security Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Security Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

 

Action

Select an option, to add, remove, or make no change to the common parameters.

   

(Drop-down list)

Select the required option for SNMP Groups/Users:

Group & Users

Group

Users

When you select the Group option while adding task instances for this task, the user fields will not be disabled. This is because NetConfig needs the user information for configuring SNMP group commands in Catalyst OS devices.

   

Group Name

Enter the group name. Indicates the SNMP Group in the SNMP protocol context.

   

SNMP Versions

Select the SNMP version.

SNMP version 1 and version 2 have No Auth and No Privacy. Version 3 has all levels of security.

 

Users *

- The entries in the first row will be updated in Device and Credential Repository

User Names

Authen Pswds

Authen Algorithm

Privacy Paswds

Username—Indicates the name of the user in the SNMPv3 protocol.

Authenticating Passwords—Indicates that the user is part of the group that is assigned Auth No Privacy or Auth Privacy security level.

Authenticating Algorithm—Indicates the authenticating algorithm is assigned to a group with Auth No Privacy or Auth Privacy security levels.

Privacy passwords—Indicates user is part of a group assigned Auth Privacy level of security.

You can specify up to five usernames, for which you can enter authentication passwords, select the authentication algorithm, and specify the privacy passwords.

 

Config Access Control [optional]

 

This section allows you to configure access options for an SNMP group.

   

Read View

Specify the read view. This view is for users assigned to a specified group. Indicates an alphanumeric label, not exceeding 64 characters, for the SNMP view entry you are creating or updating.

   

Write View

Specify the write view. Allows all users in the specified group to add, modify, or create a configuration.

   

Notify View

Specify the notify view. This view notifies all the users in the specified group.

IOS Parameters

Access Control (optional)

Access List [1-99]

Enter the number of an Access List (1 and 99).

 

Engine ID [optional]

Action

Select to add, remove, or make no change to the engine configuration. SNMP Engine ID is an identification name for the local or remote SNMP engine.

   

Type

Select the type of engine:

Local—Local SNMP server engine.

Remote—Remote SNMP server engine.

   

ID

Enter the Engine ID (identification name for the local or remote SNMP engine).

   

Remote host

Enter the hostname or IP address of the remote SNMP entity to which the user belongs.

Content Engine Parameters

 

Remote Engine ID [Optional]

Enter the remote engine ID. This is an optional field.


The SNMP Security template enables you to configure Groups as well as Users with certain privileges. These Groups can be rolled back but the Users cannot be rolled back.

This is because the User details will not be available in the running configuration. Since NetConfig uses the running config to do roll back, rolling back Users is not possible.You should run a separate job to remove or add Users as required.

For each device category, click on Applicable Devices to view the devices in your selection.

SNMP Traps Configuration Task

You can use this task to configure the host, trap notification, and trap/inform parameters. You can specify security parameters to communicate securely with the SNMP host. See SNMP Security Configuration Task to configure the SNMP security.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

Content Engine

CSS

NAM

For more details, see Table 4-5.

You can enter the details of this task in the SNMP Traps Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Traps Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Traps Notification

Action

Select to enable, disable, or make no change to the traps notification configuration.

If you select Enable, the server will receive SNMP traps.

If you select Disable the server will not receive any SNMP traps.

IOS Parameters

   

Traps Notification Options

Type

Environmental

Select to send only environmental traps to the host.

   

SNMP

Select to send the SNMP traps to the host.

Host Configuration

 

Action

Select to add, remove, or make no change to the host configuration.

   

Username

Specifies the user name that is used for authentication. This field is available when No Authentication, Authentication or Privacy are selected.

   

Host

Enter the hostname or IP address.

   

SNMP Security

Select the SNMP security method:

SecureV2c

NoAuthenticationV3

AuthenticationV3

PrivacyV3

None

   

Notification Type

Select the notification type:

Trap

Inform

   

UDP Port [0-65535]

Indicates the port that will receive the SNMP requests.

The range for a valid port number between 0 and 65535. The default is 162.

 

Community String

String

Enter the community string.

   

Verify

Re-enter the community string to confirm.

 

Direct Traps To Host

Environmental

Select to send only environmental traps to the host.

   

SNMP

Select to send the SNMP traps to the host.

Trap/Inform Configuration

Traps Message

Action

Select to change, replace, disable or make no change to the trap configuration.

   

Trap Timeout [1-1000 s]:

Specify the trap timeout value. This value must be between 1 and 1000 seconds.

   

Trap Queue Length [1-1000 events]:

Specify the trap queue length. The number of events that you specify must be between 1 and 1000.

 

Inform Request

Action

Select to replace, disable, or make no change to the inform request.

   

Inform Retries [0-100]

Enter the inform retires. The value should be between 0 and 100.

   

Inform Timeout [0-4294967295]

Specify the inform timeout value. This value must be between 0 and 4294967295.

   

Inform Pending [0-4294967295]

Specify the inform pending value. This value must be between 0 and 4294967295.

CatOS Parameters

Host Configuration

Action

Select to add, remove, or make no change to the host configuration.

   

Host

Enter the hostname or IP address.

   

Community String

Enter the community string.

   

Verify

Re-enter the community string to confirm.

ContentEngine Parameters

Host Configuration

Action

Select to add, remove, or make no change to the host configuration.

   

Host

Enter the hostname or IP address.

   

Community String

Enter the community string.

   

Verify

Re-enter the community string to confirm.

   

SNMP Security

Select the SNMP security method.

PIX Parameters

Host Configuration

Action

Select to add, remove, or make no change to the host configuration.

   

Host

Specify an IP address of the SNMP management station to which traps should be sent and/or from which the SNMP requests come. You can specify up to five SNMP management stations.

   

Interface

Select the interface:

Inside [default]

Outside

   

Notification Type

Select the notification type:

Trap & Poll [default]—Allows both traps and polls to be acted upon.

Trap—Only traps will be sent. This host will not be allowed to poll.

Poll—Traps will not be sent. This host will be allowed to poll.

CSS Parameters

 

Action

Select to add, remove, or make no change to the parameters such as host name or IP address, trap community, source IP address in traps, specific host, trap type, and event.

   

Host Name or IP Address

Enter the hostname or IP address of an SNMP host that has been configured to receive traps. A maximum of 5 hosts can be configured.

   

Trap Community

Enter the trap community string/name to be used when sending traps to the specified SNMP host. Enter an unquoted text string with no spaces and with maximum length of 12 characters.

   

Verify

Re-enter the trap community string to confirm.

   

Source IP Address in Traps

Select the source IP address in traps. To set the source IP address in the traps generated by CSS select one of these options:

Egress Port—Obtains the source IP address for the SNMP traps from the VLAN circuit IP address configured on the egress port used to send the trap.

You do not need to enter an IP address because the address is determined dynamically by the CSS.

Management—Places the management port IP address in the source IP field of the trap. This is the default setting.

Specific Host—Allows the user to enter the IP address to be used in the, source IP field of the traps.

Enter the IP address in dotted-decimal notation (for example, 192.168.11.1) in the Specific Host field (the next field).

No Change (No change will be made to the source IP address if you select this option.)

   

Specific Host

In the previous field, that is, Source IP Address in Traps, if you have selected the Specific Host option, then specify the IP Address of the specific host in this field.

   

Trap Type

Select the trap type:

No Change (No change will be made to the trap type if you select this option).

Enterprise—When you use this keyword alone, it enables enterprise traps. You must enable enterprise traps before you configure an enterprise trap option.

Generic—The generic SNMP traps consist of cold start, warm start, link down, and link up.

   

Event

Select the event:

None

Module Transition

Power Supply Transition

Illegal Packet DOS attack

LAND DOS attack

Smurf DOS attack

SYN DOS attack

Lifetick message failure

Login Failure

System reload

Reporter state transitions

Service transition

NAM Syslog Host Configuration Parameters

 

Action

Select to add, remove, or make no change to the syslog host configuration.

   

Index[1-65535]

Enter the syslog host index. The value should be between 1 and 65535.

   

Host IP Address

Enter the host name or IP address.

   

Community String

Enter the community string.

   

Verify

Verify the community string.

   

UDP Port[1-65535]

Enter the UDP port. The value should be between 1 and 65535.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Smart Call Home Task

You can use the Smart Call Home task to configure the LMS managed Cisco Catalyst 6500 devices with the Call Home feature.

You can enter the details for this task in the Smart Call Home Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

The fields in the Smart Call Home Configuration dialog box are:

Field/Button
Description
General Configuration

Call Home Service

Select any of these:

Enable — Enables Smart Call Home service.

Disable — Disables Smart Call Home service.

No Change — No change is made to Smart Call Home Service.

Contact E-mail Addresses

Action

Select any of these:

Add — Adds the contact e-mail addresses

Remove — Removes the contact e-mail addresses

No Change — The contact e-mail addresses is not changed. This is the default option.

Contact E-mail Address

Enter contact email address. You can enter one or more e-mail IDs. Each e-mail ID to be entered on a separate line.

E-mail Server

Action

Select any of these:

Add — Adds one or more e-mail servers.

You can add a maximum of five e-mail servers.

Replace — Adds new e-mail servers after removing all earlier e-mail servers.

Remove — Removes one or more e-mail servers

No Change —The e-mail servers are not changed. This is the default option.

E-mail Servers

Enter one or more e-mail servers. Enter each e-mail server on a separate line and specify priority for each of them. The priority can be between 1 and 100.

Sender From Email Address

Action

Select any of these:

Add — Adds a sender e-mail address

Remove — Removes the sender e-mail address

No Change —The sender e-mail address is not changed. This is the default option.

Sender E-mail Address (from)

Enter the e-mail address from which the mail is sent.

Sender Reply-to Address

Action

Select any of these:

Add — Adds a sender reply-to e-mail address

Remove — Removes the sender reply-to e-mail address

No Change —Not to change the sender reply-to e-mail address. This is the default option.

Sender Reply-to Address

Enter a sender reply to e-mail ID.

Install Cisco Security Certificate

Install Cisco Security Certificate

Check to install the HTTP certificate.

Profile Configuration

Profile

Select either:

CiscoTAC-1 Profile

Or

Other Profiles

Profile Name

Enter a profile name.

This option is activated only if you have selected Other Profiles option in the Profile field.

Activate Profile

Select any of these:

Enable — Activates the selected profile.

Disable — Deactivates the selected profile.

No Change —Not to add or remove a profile. This is the default option

Transport Options

Connect To

Select:

Cisco.com if you want to connect to Smart Call Home using Cisco.com

Transport Gateway, if you want to connect to Smart Call Home using a transport gateway.

Other, if you want to connect to Smart Call Home using transport option other than Cisco.com or Transport Gateway.

CiscoTAC-1 profile does not support the Transport Gateway and Other option. So this option is not activated when you select CiscoTAC-1 profile.

Transport Details

Transport Method

Select:

No Change — To make no change to the transport settings

E-mail— To use e-mail as the transport method. This option is selected if Transport Gateway is selected as the Connect to option and the HTTPS option is not activated.

HTTPS — To use HTTPS as the transport method.

E-mail Address

Enter the e-mail address, if you have selected E-mail as the transport method.

HTTPS URLs

Enter the HTTPS URL, if you have selected HTTPS as the transport method.

Alert Groups

Inventory

Select any of the following:

Enable if you want to subscribe to the Inventory Alert Group.

Disable if you do not want to subscribe to the Inventory Alert Group.

No Change if you do not want to subscribe to or unsubscribe from Inventory Alert Groups. This is the default option.

If you have selected CiscoTAC-1 Profile, you cannot change the Alert groups or Alert group settings.

If you have selected Other Profiles, you can change the Alert groups and Alert group settings.

Periodicity

Specify the periodicity for receiving these Inventory alerts. You can select:

Asynchronous — To receive the Inventory alerts on a specified day or time. In other words, not in a periodic manner.

Daily — To receive the Inventory alerts every day

Weekly — To receive the weekly consolidated Inventory alerts.

Monthly— To receive the monthly consolidated Inventory alerts

DOW

DOW refers to Date of Week.

This list box is activated only if you select Weekly as the periodicity for receiving the Inventory alerts.

Select any of the following days of the week:

Sun

Mon

Tue

Wed

Thu

Fri

Sat

Sun is the default value.

For example:

Select Tue if you want to receive Inventory alerts every Tuesday.

DOM

DOM refers to Date of Month.

This list box is activated only if you select Monthly as the periodicity for receiving the Inventory alerts.

Select any value from 1 and 31 to receive Inventory alerts every month on the specified date.

Day 1 is the default value.

For example:

Select 5, if you want to receive Inventory alerts on the 5th day of every month.

Begin Time

Specify the date and time at which you want to receive the Inventory alerts.

The format supported is hh:mm, where hh refers to hours and mm refers to minutes.

Configuration

Select any of the following:

Enable if you want to subscribe to the Configuration Alert Group.

Disable if you do not want to subscribe to the Configuration Alert Group.

No Change if you do not want to subscribe to or unsubscribe from Configuration Alert Groups. This is the default option.

If you have selected CiscoTAC-1 Profile, you cannot change the Alert groups or Alert group settings.

If you have selected Other Profiles, you can change the Alert groups and Alert group settings.

Periodicity

Specify the periodicity for receiving these Configuration alerts. You can select:

Asynchronous — To receive the Configuration alerts on a specified day or time. In other words, not in a periodic manner.

Daily — To receive the Configuration alerts every day.

Weekly — To receive the weekly consolidated Configuration alerts.

Monthly — To receive the monthly consolidated Configuration alerts

DOW

DOW refers to Date of Week.

This list box is activated only if you select Weekly as the periodicity for receiving the Configuration alerts.

Select any of the following days of the week:

Sun

Mon

Tue

Wed

Thu

Fri

Sat

Sun is the default value.

For example:

Select Tue if you want to receive Configuration alerts every Tuesday.

DOM

DOM refers to Date of Month.

This list box is activated only if you select Monthly as the periodicity for receiving the Configuration alerts.

Select any value from 1 and 31 to receive Configuration alerts every month on the specified date.

Day 1 is the default value.

For example:

Select 5, if you want to receive Inventory alerts on the 5th day of every month.

Begin Time

Specify the date and time at which you want to receive the Configuration alerts.

The format supported is hh:mm, where hh refers to hours and hh refers to minutes.

Syslog

Select any of the following:

Enable if you want to subscribe to the Syslog Alert Group.

Disable if you do not want to subscribe to the Syslog Alert Group.

No Change if you do not want to subscribe to or unsubscribe from Syslog Alert Groups. This is the default option.

If you have selected CiscoTAC-1 Profile, you cannot change the Alert groups or Alert group settings.

If you have selected Other Profiles, you can change the Alert groups and Alert group settings.

Severity

Select from any of these severities:

catastrophic

disaster

fatal

critical

major

minor

warning

notification

normal

debugging

You will be notified when a syslog of the selected severity occurs.

Patterns

Specify a pattern of Syslogs for which you want to receive alerts.

Environment

Select any of the following:

Enable if you want to subscribe to the Environmental Alert Group.

Disable if you do not want to subscribe to the Environmental Alert Group.

No Change if you do not want to subscribe to or unsubscribe from Environment Alert Groups. This is the default option.

If you have selected CiscoTAC-1 Profile, you cannot change the Alert groups or Alert group settings.

If you have selected Other Profiles, you can change the Alert groups and Alert group settings.

Severity

Select from any of these severities:

catastrophic

disaster

fatal

critical

major

minor

warning

notification

normal

debugging

You will be notified when an environment event of the selected severity occurs.

Diagnostics

Select any of the following:

Enable if you want to subscribe to the Diagnostics Alert Group.

Disable if you do not want to subscribe to the Diagnostics Alert Group.

No Change if you do not want to subscribe to or unsubscribe from the Diagnostics Alert Groups. This is the default option.

If you have selected CiscoTAC-1 Profile, you cannot change the Alert groups or Alert group settings.

If you have selected Other Profiles, you can change the Alert groups and Alert group settings.

Severity

Select from any of these severities:

catastrophic

disaster

fatal

critical

major

minor

warning

notification

normal

debugging

You will be notified when a diagnostics alert of the selected severity occurs.

Applicable Devices

Allows you to view the IOS devices in your selection.

Save

Saves the information you have specified.

Reset

Clears all fields and reverts to the default settings.

Cancel

Ignores your changes.


Syslog Task

You can use the Syslog system-defined task to configure the collection of syslog messages from devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Content Engine

CSS

NAM

PIX OS

For more details, see Table 4-5.

You can enter the details of this task in the Syslog Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Syslog Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Logging Host

Action

Select the required option to enable, disable, or make no change to list of hosts that receive syslog messages.

   

Ex: host1.domain,host2,1.2.3.4:

Enter the IP addresses of hosts to be added to or removed from the list of hosts that receive syslog messages.

Separate multiple addresses with commas.

IOS Parameters

     

Logging On

 

Action

Select the required option to enable, disable, or make no change to syslog state.

Select No Change to make syslog setup changes without enabling or disabling syslog logging.

Logging Facility

 

Action

Select the required option to enable, disable, or make no change to syslog logging facility.

   

Parameter

Select the logging facility to which the syslog messages are logged.

Logging Level

Buffered

Action

Select the required option to enable, disable, or make no change to the buffered logging level.

   

Conditions

Select the required logging level from the drop-down list:

Default

alerts

critical

debugging

emergencies

errors

informational

notifications

warnings

 

Console

Action

Select the required option to enable, disable, or make no change to the console logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Monitor

Action

Select the required option to enable, disable, or make no change to the monitor logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Trap

Action

Select the required option to enable, disable, or make no change to the trap logging level.

   

Conditions

Select the required logging level from the drop-down list.

CatOS Parameters

     

Console Logging On

 

Action

Select the required option to enable, disable, or make no change to console logging.

Server Logging On

 

Action

Select the required option to enable, disable, or make no change to server logging.

Logging Level

 

Action

Select the required option to enable, disable, or make no change to the logging level.

   

Facility

Select the logging facility to which the syslog messages are logged.

   

Level

Select the required logging level from the drop-down list.

Content Engine Parameters

     

Logging On

 

Action

Select the required option to enable, disable, or make no change to logging.

Destination

 

Console

Select this option to specify the console as the logging destination.

   

Disk

Select this option to specify the disk as the logging destination.

Logging Facility

 

Action

Select the required option to enable, disable, or make no change to syslog logging facility.

   

Parameter

Select the logging facility to which the syslog messages are to be logged.

Logging Priority

Console

Action

Select the required option to enable, disable, or make no change to the console logging priority.

   

Conditions

Select the required logging priority from the drop-down list.

 

Disk

Action

Select the required option to enable, disable, or make no change to the disk logging priority.

   

Conditions

Select the required logging priority from the drop-down list.

 

Host

Action

Select the required option to enable, disable, or make no change to the host logging priority.

   

Conditions

Select the required logging priority from the drop-down list.

PIX Parameters

 

Time Stamp

Select the required option to enable, disable, or make no change to the time stamp specification.

   

Logging On

 

Logging Facility

 

Action

Select the required option to enable, disable, or make no change to syslog logging facility.

   

Parameter

Select the logging facility to which the syslog messages are to be logged.

Message

 

Action

Select the required option to enable, disable, or make no change to the syslog message configuration.

   

Syslog Message ID

Enter the syslog message ID.

   

Conditions

Select the required logging level from the drop-down list.

Logging Level

Buffered

Clear Buffer

Select to clear the buffer.

   

Action

Select the required option to enable, disable, or make no change to the buffered logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Console

Action

Select the required option to enable, disable, or make no change to the console logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Monitor

Action

Select the required option to enable, disable, or make no change to the monitor logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Trap

Action

Select the required option to enable, disable, or make no change to the trap logging level.

   

Conditions

Select the required logging level from the drop-down list.

CSS Parameters

 

Facility

Select the logging facility to which to log syslog messages.

   

Logging Level

Select the required logging level from the drop-down list.

   

CLI Command

Select the required option to add, remove, or make no change to the CLI commands.

 

Logging to Disk

Disk

Select the required option to add, remove, or make no change to the option of logging to disk.

   

Logfile Name

Enter the log file name.

   

Buffer

Select the required option to add, remove, or make no change to the buffer configuration.

   

Size [0-64000]

Enter the size of the buffer. Enter a value between 0 and 64000 bytes.

   

To sys.log

Select the required option to add, remove, or make no change to the option of logging to a file called sys.log.

 

Logging to Line

Line

Choose this option to send the log activity of a subsystem to an active CSS session.

   

Active Session Name

Enter the name of the active session. Enter a case-sensitive unquoted text string with a maximum length of 32 characters.

 

Logging to Mail

Send Mail

Select the required option to add, remove, or make no change to the e-mail option.

   

Mail Address

Enter the e-mail IDs (comma separated).

   

SMTP Host (Name or IP Address)

Enter the SMTP hostname or the IP address.

   

Logging Level

Select the required logging level from the drop-down list.

   

Domain Name (Optional)

Enter the domain name of the SMTP host. This is an optional field.

NAM Parameters

MIB Threshold

Local

Select the required option to enable, disable, or make no change to the local MIB threshold.

   

Remote

Select the required option to enable, disable, or make no change to the remote MIB threshold.

 

Voice

Local

Select the required option to enable, disable, or make no change to the voice (local).

   

Remote

Select the required option to enable, disable, or make no change to the voice (remote).

 

System

Local

Select the required option to enable, disable, or make no change to the system (local).

   

Remote

Select the required option to enable, disable, or make no change to the system (remote).

 

Debug

System

Select the required option to enable, disable, or make no change to the Debug (system).


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

SSH Configuration Task

You can use the SSH system-defined task to configure SSH on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Content Engine

CSS

NAM

For more details, see Table 4-5.

You can enter the details of this task in the SSH Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For this task to work correctly, you must use a CLI-based protocol (Telnet or SSH) as the download protocol.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Group
Sub-group
Field
Description

Common Parameters

Key Configuration

Action

Select the required option to enable, disable, or make no change to the key configuration.

IOS Parameters

Prerequisites

 

The Hostname and Domain name need to be configured for the devices.

 

Key Configuration

Number of Key Bits [360-2048]

Enter the number of Key bits to be used for Key generation. The value must be between 360 and 2048 Key bits.

 

Timeout

Action

Select the required option to add, remove, or make no change to the timeout value.

   

Timeout Value [1-120):]

Enter timeout value for SSH sessions. The value should be between 1 and 120.

 

Retries

Action

Select the required option to add, remove, or make no change to the number of retries.

   

Number of Retries [1-5]

Enter the number of retries allowed. The number must be between 1 and 5.

CE Parameters

SSH Prerequisites

SSH Daemon

Select the required option to enable, disable, or make no change to the SSH daemon.

   

Number of Key Bits [512-2048]

Enter the number of Key bits to be used for Key generation. The value must be between 512 and 2048 Key bits.

   

SSH Timeout

Enter login grace time for SSH sessions, in seconds. Value must be between 1 and 99999.

   

Password-guesses [1-99]

Specify the number of password retries allowed. The value must be between 1 and 99.

CSS Parameters

 

Number of Server Key Bits [512-32768]

Enter the number of Key bits to be used for Key generation. The value must be between 512 and 32768 Key bits.

 

Port

Action

Select the required option to enable, disable, or make no change to the port configuration.

   

Port Number [22-65535]

Enter the port number. This value can be between 22 and 65535.

   

KeepAlive

Select the required option to add, remove, or make no change to keepalive.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

TACACS Configuration Task

You can use the TACACS system-defined task to configure TACACS authentication.

This task supports the IOS device category including Cable devices.

For more details, see Table 4-5.

You can enter the details of this task in the TACACS Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

Common Parameters

     

Server Configuration

 

Action

Select to enable, disable, or make no change to the TACACS Server configuration.

   

Hostname or IP Address

Enter the hostname or the IP address of the TACACS server.

Login Authentication

 

Action

Select to enable, disable, or make no change to the login authentication details.

 

Credentials

Username

Enter the username. These values are entered only in the Device and Credential Repository. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

   

Password

Enter the enable password. For details see Understanding the NetConfig Credentials Configuration Tasks.

   

Verify

Re-enter the enable password. For details see Understanding the NetConfig Credentials Configuration Tasks.

IOS Parameters

     

Server Retransmit

 

Action

Select to enable, disable, or make no change to the server retransmit configuration.

   

Retries [0-100]

Enter the number of re-tries.

Server Timeout

 

Action

Select to enable, disable, or make no change to the server timeout value.

   

Timeout [1-1000]

Enter the timeout value.

Enable mode Authentication

 

Action

Select to enable, disable, or make no change to the enable mode authentication.

 

Credentials

Username

Enter the username

   

Password

Enter the enable password.

   

Verify

Re-enter the enable password.


TACACS+ Configuration Task

You can use the TACACS+ system-defined template to configure TACACS+ on devices.

This task supports the following device categories:

IOS (including Cable devices)

Catalyst OS

Content Engine

NAM

For more details, see Table 4-5.

You can enter the details of this task in the TACACS+ Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

Common Parameters

   

TACACS Server Configuration

Server

Action

Select to enable, disable, or make no change to the TACACS Server configuration.

   

Hostname or IP Address

Enter the hostname or the IP address of the TACACS server.

 

Key

Action

Select to add, remove, or make no change to the TACACS encryption Key.

   

Key

Enter the TACACS encryption key. The key is used to set authentication and encryption. This key must match the key used on the TACACS+ daemon. The key can be of any size.

   

Verify Key

Re-enter the Key to confirm.

Login Authentication

Action

Select to enable, disable, or make no change to the TACACS+ authentication.

If login authentication is enabled, then when you try to login to the device, you are authenticated by the TACACS server.

If login authentication is disabled, then you are not authenticated by the TACACS server when you log in to the device.

 

Credentials

Username

Enter TACACS+ username. These values are entered only in the Device and Credential Repository. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

   

Password

Enter TACACS+ password. For details see Understanding the NetConfig Credentials Configuration Tasks.

   

Verify

Re-enter the password to confirm. For details see Understanding the NetConfig Credentials Configuration Tasks.

IOS Parameters

     

Enable mode Authentication

 

Action

Select to enable, disable, or make no change to the enable mode authentication.

 

Credentials

Password

Enter the enable password.

   

Verify

Re-enter the enable password.

 

List

Name

Enter default or named list.

   

Set to Default

Select to set the default list.

 

Type

(Drop-down list 1)

Select the required option:

No Choice

radius

tacacs+

line

enable

local

none

Similarly, select the type from the other three drop-down lists.

 

New Model

Action

Select to enable, disable, or make no change to the new model state.

CatOS Parameters

     

Enable mode Authentication

 

Action

Select to add, remove, or make no change to the enable mode authentication.

 

Credentials

Password

Enter the enable password.

   

Verify

Re-enter the enable password.

 

Server Options

Primary

Click to designate specified server as primary TACACS server.

   

All

Click to clear all hosts from the list of TACACS servers, if you selected remove in Action field.

ContentEngine Parameters

Server Option

Primary

Select to specify the server as primary.

 

Password Option

ASCII Password

Select for an ACSII password.

 

Connection Options

Timeout

Enter the timeout value.

   

Retries

Enter the number of retries.

NAM Parameters

   

No category-specific commands

The TACACS Server Key should be DES encrypted for NAM devices.


At the time of enabling login authentication or enable mode authentication, it is mandatory for you to enter the username and password.

At the time of disabling login authentication or enable mode authentication, these fields are optional. While disabling login authentication or enable mode authentication, if username and password are not provided, then the corresponding fields in DCR are cleared and left blank. This may make the device unreachable. Therefore we recommend that you provide the username and password at the time of disabling login authentication.

Telnet Password Configuration Task

You can use the Telnet Password system-defined configuration task to change the Telnet password on devices.

This task supports the following device categories:

IOS (including Cable devices)

Catalyst OS

PIX OS

For more details, see Table 4-5.

You can enter the details of this task in the Telnet Password Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

For details on the NetConfig credentials configuration tasks, see Understanding the NetConfig Credentials Configuration Tasks.

If you change the Telnet password on a Catalyst device with an RSM module using this template, the RSM Telnet password is also changed.

The fields in the Telnet Password Configuration dialog box are:

Group
Sub-group
Field
Description

IOS Parameters

Vty Lines

Action

Select an option to enable, disable, or make no change to the Vty Line password.

   

Password

Enter the Vty Line password. If you select vty, the change affects all device vty lines, and the Device and Credential Repository is updated with the new password.

   

Verify

Re-enter the Vty Line password to confirm.

 

Console Line

Action

Select an option to enable, disable, or make no change to the Console Line password.

   

Password

Enter the Console Line password.

   

Verify

Re-enter the Console Line password to confirm.

 

Aux Line

Action

Select an option to enable, disable, or make no change to the Auxiliary (AUX) Line password.

   

Password

Enter the Aux Line password.

   

Verify

Re-enter the Aux Line password to confirm.

CatOS Parameters

Telnet Password

Action

Select an option to enable, disable, or make no change to the Telnet password.

The Device and Credential Repository is updated with the new password.

   

Password

Enter the Telnet password.

   

Verify

Re-enter the Telnet password to confirm.

   

Apply command on modules

Disable will set an empty password

Select this option to update only the non IP addressable modules.

If you select the Action as Disable, the password will be removed.

PIX Parameters

 

Action

Select the required option to replace, reset, or make no change to the password.

   

Password

Enter the password.

   

Verify

Re-enter the password to confirm.

   

Encrypted Password

Select this option, if the password you are entering is already encrypted.


Transform System-Defined Task

You can use the Transform system-defined task to configure IPSec on devices. You must configure the IKE configuration system-defined task before configuring the Transform system-defined task.

This task supports the following device categories:

IOS (including Cable devices)

PIX OS

For more details, see Table 4-5.

You can enter the details of this task in the Transform Set Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Transform Set Configuration dialog box are:

Group
Sub-Group
Field
Description

IOS Parameters

     

Security Association Configuration

Seconds Configuration

Seconds [120-86400]

Enter the number of seconds that will be used for negotiating IPSec security association (SA).

   

Remove

Select this option to remove previously specified seconds value, if any.

 

Kilo Bytes Configuration

Kilo Bytes [2560-536870912]

Enter the amount of traffic in kilobytes that will be used for negotiating IPSec SA.

Value must be between 2560 and 536870912.

   

Remove

Select this option to remove previously specified value, if any.

 

IPSec Transform Set Configuration

Note: Only for IOS 12.1 and higher.

Action

Select the required option to add, remove or make no change to transform set configuration.

This sub-group of fields is applicable only to IOS version 12.1 and above.

   

Transform Set Name

Enter a name for the transform set.

   

Auth Header

Select the type of authentication algorithm.

   

ESP Encryption

Select the type of encryption algorithm with ESP.

   

ESP Authentication

Choose the type of authentication algorithm with ESP.

   

IP Compression

Select to use IP compression with LZS algorithm.

   

Transport Mode

Select the mode of transport.

PIX Parameters

     

Security Association Configuration

 

Seconds [120-86400]

Enter the number of seconds that will be used for negotiating IPSec SA.

The value must be between 120 and 86400 seconds.

   

Kilo Bytes

Enter the amount of traffic in kilobytes that will be used for negotiating IPSec SA.

The value must be between 2560 and 536870912 kilo bytes.

IPSec Transform Set Configuration

 

Action

Select the required option to add, remove or make no change to transform set configuration.

   

Transform Set Name

Enter the name for the transform set.

   

Auth Header

Select the type of authentication algorithm.

   

ESP Encryption

Select the type of encryption algorithm with ESP.

   

ESP Authentication

Select the type of authentication algorithm with ESP.

   

IP Compression

Select to use IP compression with LZS algorithm.

   

Transport

Select the mode of transport.


Web User Task

You can use the Web User configuration task to configure the web user for NAM devices. This is a System-defined task. For more details, see Table 4-5. You can enter the details of this task in the Web User Configuration dialog box.

To invoke this dialog box, see Starting a New NetConfig Job.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).. The fields in the in the Web User Configuration dialog box are:

Group
Sub-group
Field
Description

NAM Parameters

Web User

Action

Select an option to add, remove, or make no change to the web user group of fields.

   

Username

Enter the username of the web user.

   

Password

Enter the password for the username.

   

Verify

Re-enter the password to confirm.

 

Privileges

Account Management

Select the required option to enable, disable or make no change to account management.

   

System Config

Select the required option to enable, disable or make no change to system configuration.

   

Capture

Select the required option to enable, disable or make no change to the capture configuration.

   

Alarm Config

Select the required option to enable, disable or make no change to the alarm configuration.

   

Collection Config

Select the required option to enable, disable or make no change to the collection configuration.


Click Applicable Devices to view the devices in your selection to which this task applies.

User-defined Protocol Task

You can use the User-defined Protocol task to configure the user-defined protocol on NAM devices. This is a system-defined task.

For more details, see Table 4-5.

You can enter the details of this task in the User-defined Protocol Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the in the User-defined Protocol Configuration dialog box are:

Group
Sub-group
Field
Description

NAM Parameters

User Defined Protocol

Action

Select an option to add, remove or replace the user-defined protocol.

   

Protocol

Select the protocol:

TCP

UDP

   

Port [0 - 65535]

Enter the port number. You can enter any port number in the range of 0—65535.

   

Name

Enter the name of the user-defined protocol.

 

Affected Stats

Host

Select this option to enable host—Examines a stream of packets; produces a table of all network addresses observed in those packets (also known as the collection data).

Each entry records the total number of packets and bytes sent and received by that host and the number of non-unicast packets sent by that host.

   

Conversations

Select this option to enable host conversations.

   

ART

Select this option to enable Application Response Time.


Click Applicable Devices to view the devices in your selection to which this task applies.

Cable BPI/BPI+ Task

You can use the Cable BPI/BPI+ Task to assign BPI/BPI+ options.

This task is applicable to the Cable device category. For more details, see Table 4-5.

You can enter the details of this task in the Cable BPI/BPI+ Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Cable BPI/BPI+ Configuration dialog box are:

Group
Sub-Group
Field
Description

BPI/BPI+

Interface Configuration

Cable Interface

Allows you to select an interface to modify the other fields. You must select at least one interface.

Select the cable interface that you want to change.

   

BPI

Select the appropriate option:

No Change—Does not change the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

 

Key Lifetime

Action

Select the appropriate option:

No ChangeDoes not modify this option.

ReplaceModifies this option to your specification.

Default—Resets this option to the system default.

   

KEK Lifetime [300 - 604800]

Replaces the time (in seconds) using the specified values or resets the time using the system default.

Enter time in seconds to reset the time.

Enter a value from 300—604800 seconds. The default is 604800 seconds.

Select the check box to reset the field to system default.

   

TEK Lifetime [180 - 604800]

Replaces the time (in seconds) using your values or resets the time using the system default.

Enter time in seconds to reset the time using your values.

The range is 180 - 604,800 seconds and the default is 43,200 seconds.

Select the check box to reset the field to system default.

 

BPI/BPI+ Options

Action

Select the required options:

No Change—Does not change the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

   

Mandatory

Select to force all modems to use BPI.

   

Authenticate Modem

Select to turn the BPI modem authentication on or off.

   

Authorize Multicast

Select to turn BPI Multicast option on or off.

   

OAEP Support

Select to enable or disable Optimal Asymmetric Encryption Padding (OAEP) BPI+ encryption.

   

DSX Support

Select to enable or disable encryption for dynamic services SIDs.

   

40 Bit Des

Select to indicate that you have chosen the 40 bit DES encryption.

The system default is 56 DES encryption. This is the Cisco recommended encryption.


Click Applicable Devices to see the devices in your selection, to which this task applies.

Cable DHCP-GiAddr and Helper Task

You can use this task to configure the GiAddr field of DHCPDISCOVER and DHCPREQUEST packets with a relay IP address before they are forwarded to the DHCP server. You can apply this task only for a single Cable-CMTS device at a time.

This task is applicable to the Cable device category. For more details, see Table 4-5.

You can enter the details of this task in the Cable DHCP-GiAddr and Helper Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note You can apply this task only to a single device at a time because cable templates configure interfaces on devices.


The fields in the Cable DHCP-GiAddr and Helper Configuration dialog box are:

Group
Sub-Group
Field
Description

Config Setup

 

Cable Interface

Select a cable interface to make the configuration changes to the selected interface, from the drop-down list.

If there are no interfaces available, you will see the option No Interfaces Found in the drop-down list. You should make sure that the device is reachable and then select a valid interface.

   

Action

Select an option from the drop-down list.

The options are:

No Change—Does not change the current configuration.

Add/Modify—Adds a new GiAddr or Helper Address or both, or modifies an existing GiAddr or Helper Address or both.·

Remove—Removes the GiAddr or Helper Address or both.

     

Select an option to Add or Modify, from the drop-down list:

DHCP-Giaddr & Helper-Address—Enables you to set the DHCP GiAddr to Policy or Primary. You can also specify values for the fields in the Cable Helper Addresses group.

DHCP-Giaddr—Enables you to set the DHCP GiAddr to Policy or Primary.

Helper-Address—Enables you to specify values for the fields in the Cable Helper Addresses group.

 

Cable DHCP Giaddr

Policy

Primary

Allows you to set the DHCP GiAddr to Policy or Primary:

Policy—Selects the control policy, so the primary address is used for cable modems and secondary addresses are used for hosts.

Primary—Always selects the primary address for GiAddr field.

Enable this field by selecting Helper Address.

 

Cable Helper Addresses

Helper Address

Allows you to enter the Helper Address to Cable Modem, Host or Host & Cable Modem.

   

Cable-Modem

Host

Host & Cable-Modem

Cable-Modem—Specifies that only Cable Modem UDP broadcasts are forwarded.

Host—Specifies that only host UDP broadcasts are forwarded.

Host & Cable Modem—Specifies that both host and cable modem broadcasts are forwarded.

Enable this field by selecting Action as DHCP GiAddr & Helper Address or by selecting Action as Helper Address.


Click Applicable Devices to view the devices in your selection to which this task applies.

Cable Downstream Task

You can use this task to configure the Annex, Channel-ID, Frequency, Modulation, Interleave depth, and Set rate limit of a downstream cable interface. You can also configure the Radio Frequency (RF) output of a downstream cable interface on a Cisco uBR7100 router.

This task is applicable only to Cable devices.

For more details, see Table 4-5.

You can enter the details of this task in the Downstream Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note You can apply this task to a maximum of one Cable-CMTS device at a time.


The fields in the Downstream Configuration dialog box are:

Group
Sub-Group
Field
Description

Cable Parameters

 

Cable Interface

Select the required option from the drop-down list. Select a cable interface to make the required configuration changes. If you do not want to select any cable interface, choose the Not Selected option.

Activate/

Configure

Shutdown

Action

Allows you to shutdown or activate the selected interface.

The options are:

No Change—Does not allow modification of any fields in this sub-group of fields.

Shutdown—Deactivates the DS port.

No Shutdown—Activates the DS port.

 

Interleave Depth

Interleave Depth

Allows you to select the interleave depth of a channel. The depth can be between 8 and 128. The default is 32.

Specify the interleave depth by selecting the appropriate option from the drop-down list.

   

Remove

Select to remove the interleave depth configuration.

 

Framing Format

MPEG Framing Format

Select the MPEG framing format from the drop-down list. The options are:

No Change—Does not allow modification of any fields in this sub-group of fields.

Annex A—For Cisco uBR-MC16E cable interface card and Cisco uBR7111E and Cisco uBR7114E Universal Broadband Routers.

Annex B—For all other Cisco cable interface cards.

   

Remove

Select to remove a previously-specified MPEG framing format configuration.

 

Modulation

Modulation

Sets the modulation for a downstream port on a cable interface.

Select the required option. The options are:

No Change—Does not allow modification of any fields in this sub-group of fields.

64 qam

256 qam

   

Remove

Select to remove a previously-specified modulation configuration.

 

Channel

Channel ID (0-255):

Channel-ID can be from 0 and 255. Specify the channel-ID.

   

Remove

Select to remove the Channel ID.

 

Frequency

Frequency (54-858 MHz)

Frequency range can be from
54MHz -1,000MHz. Enter the frequency.

   

Remove

Select to remove a previously-specified frequency range.

Traffic Shaping

 

Rate Limit

Select the required option from the drop-down list. The options are:

No Change—Does not allow modification of any fields in this group of fields.

Enable—Enables this option.

Disable—Disables this option.

   

Rate Limit Algorithm (Optional):

None—Does not modify the rest of the fields.

Token-bucket with DS Traffic Shaping—Modifies the Token Bucket Algorithm option.

Token-bucket without DS Traffic Shaping—Modifies the Token Bucket without DS Traffic Shaping Algorithm option

Weighted-discard—Modifies the Weighted Discard option.

 

Token Bucket (Optional)

Granularity in Milli seconds (Optional):

Specifies traffic shaping granularity in milliseconds.

This field is enabled only if you have selected the Rate Limit Algorithm as Token-bucket with DS Traffice Shaping.

Select the required value from the drop-down list. You can choose a value between 1 and 16 msec.

   

Max Delay in Milli seconds (Optional):

Sets the maximum buffering delay in milliseconds.

This field is enabled only if you have selected the Rate Limit Algorithm as Token-bucket with DS Traffice Shaping.

Select the required value from the drop-down list. You can choose a value between 128 and 1024.

 

Weighted Discard (1-4) (Optional)

Weight for the exponential moving average of loss rate

Sets the weighted discard algorithm.

This field is enabled only if you have selected the Rate Limit Algorithm as Weighted Discard.

Enter a weight between 1 and 4.


Click Available Devices to view the list of devices from your selection, to which this task applies.

Cable Upstream Task

Use this task to configure the frequency, minislot size, power level and admission control on upstream cable interfaces. You can apply this task to a maximum of one Cable-CMTS device at a time.

This task is applicable only to Cable devices.

For more details, see Table 4-5.

You can enter the details of this task in the Upstream Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note You can apply this task to a maximum of one cable device at a time.


The fields in the Upstream Configuration dialog box are:

Group
Sub-Group
Field
Description

Config Setup

 

Cable Interface

Allows you to select cable interfaces for configuration.

Select the cable interfaces from the drop-down list.

 

Activate/
Deactivate US Port

Activate/Deactivate

Select one of these options from the drop-down list.

The options are:

No Change—Does not change the existing configuration.

Shutdown—Deactivates this port.

No Shutdown—Activates this port.

Frequency

 

Value [5-42 MHz]

Enter the required frequency value in the range 5—42 MHz.

The range for the frequency is:

5—65 MHz for Cisco uBR-MC16E cable interface line card

5—42 MHz for all other cable interface line cards.

   

Set to Default

Select this option to set the default frequency. A negation command is generated to remove the frequency value and set the default.

This is because the default frequency value is dynamic and varies from device to device.

Power Configuration

Power Level

Value [-10-+25 dBmV]:

Enter the power level.

The valid range for the power level is between -10dBmV and +25dBmV.

   

Set to Default

Select this option to set the default power level. The default is 0dBmV.

 

Power Adjustment

Continue [2-15 dB]

Enter the power adjustment value.

The valid range for power adjustment value is between 2dB and 15dB.

   

Set to Default

Select this option to set the default power adjustment value. The default is 2dB.

   

Noise

Enter the power adjustment noise level.

The valid range for the power adjustment noise value between 10 and 100%.

   

Set to Default

Select this option to set the default noise value. The default is 30%.

   

Threshold [0-10 dB]

Enter the power adjustment threshold value.

The valid range for the power adjustment threshold value is between 1dB and 10dB.

   

Set to Default

Select this option to set the default power adjustment threshold value. The default is 1dB.

Admission Control

 

Value [0 - 1000%]

Indicates the maximum cumulative bandwidth reservation allowed before new CMs are rejected.

The valid range is between 10% and 1000%.

   

Set to Default

Select this option to set the default admission control value. The default value is 100%.

Minislot Size

 

Size

Select the required options. The options are:

No Change

2

4

8

16

32

64

128

[default]

Select No Change to make no changes in this field.

Channel Width(Hz)

 

Size

Select the required channel width option. The options are:

No Change—Does not modify the existing configuration.

200000

400000

800000

1600000 (default)

3200000

Select No Change to make no changes in this field.

Concatenation

 

Concatenation

Select one of these options:

No Change—Does not modify the existing configuration

Enable—Enables this option.

Disable—Disables this option.

FEC

 

FEC

Select one of the following options for Enable Forward Error Correction (FEC):

No Change - Does not modify the existing configuration.

Enable - Enables this option.

Disable - Disables this option.

Fragmentation

 

Fragmentation

Select the required fragmentation option. The options are:

No Change—Does not modify the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

Rate Limit

 

Rate Limit

Select the required rate limit option. The options are:

No Change—Does not modify the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

   

Apply Token Bucket Algorithm

Click the check box to apply this option.

   

Enable Traffic Shaping

Click the check box to apply this option.

Data Backoff

 

Data Backoff

Select the required data backoff option. The options are:

No Change—Does not modify the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

If you choose Enable, you can perform data back off automatically, or manually by entering the start and end values.

   

Automatic

Choose this to apply a default value for data automatically.

   

Start Value [0-15]

Enter the start value.

The valid range for the start value is 0 and 15. There is no default value.

   

End Value [0-15]

Enter the end value.

The valid range for the end value is 0 and 15. There is no default value.

Range Backoff

 

Range Backoff

Select one of these options:

No Change—Does not modify the existing configuration.

Enable—Allows you to perform data back off automatically, or manually by entering the start and end values.

Disable—Disables this option.

   

Automatic

Select this, to apply a range back-off value automatically.

   

Start Value (0-15)

Enter the start value.

The valid range for the start value is 0-15. There is no default value.

   

End Value (0-15)

Enter the end value.

The valid range for the end value is 0-15. There is no default value.


Click Available Devices to view the list of devices from your selection, to which this task applies

Cable Interface Bundling Task

You can use this task to configure the interface bundling. You can apply this task only to a single Cable-CMTS device at a time.

This task is applicable to the Cable device category. For more details, see Table 4-5.

You can enter the details of this task in husbanded Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note At a time, you can apply this task only to a single device, because cable templates configure interfaces on devices.


The fields in the Bundle Configuration dialog box are:

Group
Field
Description

Cable Parameters

Action

Select one of these options:

No Change—Does not modify the existing parameters.

Add—Enables you to configure an interface as a master interface or a slave interface.

Remove—Enables you to change the previous configuration of the interface (master to slave or vice versa).

Choose the option from the drop down list.

 

Bundle ID (1-255)

Indicates the bundle identifier.

Enter a bundle ID between 1 and 255.

 

Master Interface

Allows you to configure the primary interfaces.

Select the cable interface from the list of primary interfaces.

Select Not Selected if you do not want to select a primary interface.

 

Slave Interface

Allows you to configure the secondary interfaces.

Select the cable interface from the list of secondary interfaces.

Select Not Selected if you do not want to select a secondary interface.


Click Applicable Devices to view the devices in your selection to which this task applies.

Cable Spectrum Management Task

You can use this task to create and assign spectrum groups to cable interfaces and upstream interfaces.

This task supports cable devices.

For more details, see Table 4-5.

You can enter the details of this task in the Cable Spectrum Management Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Cable Spectrum Management Configuration dialog box are:

Group
Sub-Group
Field
Description

Spectrum Management

Spectrum Group

Action

Select one of these options:

No Change—Does not allow you to make any changes in the Spectrum group of fields.

Add—Allows you to add options.

Remove—Allows you to remove options.

   

Spectrum Group ID [1 - 32]

Enter the Spectrum Group ID. The range for Spectrum Group ID is 1—32.

   

Frequency Setting

Select one of these frequency settings:

Band—Enter a range of frequencies.

Fix—Enter a fixed frequency.

   

Start Frequency [5 - 42 MHz]

Enter the start frequency.

The range of frequencies is:

uBR-MC16E cable interface card

5MHz—65MHz for Cisco

5MHz—42MHz for all other cable interface cards

   

End Frequency [5 - 42 MHz]

Enter the end frequency.

The range of frequencies is:

uBR-MC16E cable interface card

5MHz—65MHz for Cisco

5MHz—42MHz for all other cable interface cards.

This field is enabled only if you choose Fix as the value in the Frequency Setting filed, in the Spectrum Group.

 

Optional Configuration

Power Level [-10 - 25 dBmV]

Enter the Power Level.

The valid power levels are between -10dBmV and +25dBmV. The default is 0dBmV.

   

Hop Period [5 - 300 Sec]

Enter the Hop period.

The valid range for a Hop Period (in seconds) is between 1 and 3600. The default for Advanced Spectrum Management is 25 seconds. For all others, the default is 300 seconds.

This field is enabled only if you choose Add as the value in the Action field, in the Spectrum Group.

   

Hop Threshold [0 - 100%]

Enter the Hop Threshold.

The valid range for Hop Threshold is between 1 and 100%. The default is 20%.

This field is enabled only if you select Add as the value in the Action field, in the Spectrum Group.

   

Shared RF Spectrum Group Configuration

Indicates that the upstream ports in a spectrum group can share the same upstream frequency.

 

Schedule

Schedule

Select one of these options from the drop down list:

No Change—Does not allow you to enter the scheduling information.

Add—Allows you to add a scheduled task.

Delete—Allows you to delete a scheduled task.

   

Schedule Day

Select the schedule day from the drop-down list.

   

Schedule Time (hh:mm:ss)

Enter the schedule time in the hh:mm:ss format.

 

Interface Assignment

Action

Select one of these option from the drop-down list:

No Change—Does not allow changes to the existing assignment.

Assign—Allows you to assign an interface.

Unassign—Allows you to unassign an interface.

   

Cable Interface

Select a cable interface from the drop-down list.

   

Spectrum ID [1 - 32]:

Enter the Spectrum ID. The range for Spectrum ID is between 1 and 32.

This field is disabled if you chose Unassign as the value in the Action field, in the Interface Assignment sub-group.


Click Applicable Devices to view the devices in your selection to which this task applies.

Cable Trap Source Task

You can use this task to configure SNMP Traps hosts, notification, message and notification of SNMP Traps on a cable interface.

This task supports cable devices.

For more details, see Table 4-5.

You can enter the details of this task in the Trap Source Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Trap Source Configuration dialog box are:

Group
Sub-Group
Field
Description

Trap Source Configuration

Trap Source Interface

Action

Select the required option to add, remove or make no change to a Trap Source interface.

   

Trap Source Interface

Select the required trap source interface from the drop-down list.

 

CM On/Off Trap Interval

Cable Interface

Select the cable interface on which to specify the trap interval.

   

Interval [0 - 86400]

Specify a value for the trap interval in the range 0 and 86400 seconds.

   

Set to Default

Select this to set the trap interval to the default value of 600 seconds.


Click Applicable Devices to view the devices in your selection to which this task applies.

Support for Auto Smartports and Smartports

Smartport macros provide an easy way to save and share common configurations. Each Smartport macro is a group of CLI commands. When you apply a Smartport macro on a port, the CLI commands within the macro will be deployed on the port. If the command fails when applying a macro, either due to a syntax error or a configuration error, the macro continues to apply the remaining commands on the port.

Auto Smartports macros apply the configuration commands on a port automatically based on the policy definitions configured in the device.

As part of provisioning Smartports and Auto Smartports, LMS provides the following Netconfig tasks:

Auto Smartports—Task applicable for Device based Netconfig flow

Manage Auto Smartports—Task applicable for Port based Netconfig flow

Smartports—Task applicable for Port based Netconfig flow

Auto Smartports

LMS allows you to configure Auto Smartports macro policies on a device.

If Auto Smartports macro is enabled at device level, all the available ports in the device will be enabled for auto smartports, except for the ports that are in disabled state.

You can use the Auto Smartports task to:

Enable or disable auto smartports functionality at device level

Apply or remove auto smartports policy definitions

You can enter the details of this task in the Auto Smartports Configuration dialog box.

To invoke this dialog box, see Starting a New NetConfig Job.


Note The Auto Smartports task is available only in the Device based flow of a NetConfig job. For applying Auto Smartports task, the minimum supported version of the IOS image should be 12.2(50) SE.


The fields in the Auto Smartports Configuration dialog box are:

Group
Field
Description
IOS Parameters

Enable/Disable Auto Smartports

Action

You can select the following actions to enable or disable auto smartports functionality at device level:

Enable—Select this action to enable auto smartports

Disable—Select this action to disable auto smartports

Enable CDP fallback

Check to enable CDP fallback.

Built-in Auto Smartports macro

Event trigger identifier

Select the following event trigger identifier from the drop-down list:

CISCO_PHONE_EVENT

CISCO_ROUTER_EVENT

CISCO_SWITCH_EVENT

CISCO_WIRELESS_AP_EVENT

CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT

 

Associated macro

The macro associated with the event trigger identifier.

The field is automatically populated based on the event trigger identifier selected.

The following are the macros associated with the event trigger identifier:

CISCO_PHONE_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_PHONE_EVENT

CISCO_SWITCH_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_SWITCH_EVENT

CISCO_ROUTER_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_ROUTER_EVENT

CISCO_AP_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_WIRELESS_AP_EVENT

CISCO_LWAP_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT

 

Access VLAN

Enter the Access VLAN value.

The value entered must be greater than zero. For example, 2.

By default, the value for Access VLAN will be 1.

This field is enabled only if you have selected the following event trigger identifier:

CISCO_PHONE_EVENT

CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT

 

Voice VLAN

Enter the Voice VLAN value.

The value entered must be greater than zero. For example, 1.

By default, the value for Voice VLAN will be 2.

This field is enabled only if you have selected the event trigger identifier CISCO_PHONE_EVENT

 

Native VLAN

Enter the Native VLAN value.

The value entered must be greater than zero. For example, 1.

By default, the value for Native VLAN will be 1.

This field is enabled only if you have selected the following event trigger identifier:

CISCO_ROUTER_EVENT

CISCO_SWITCH_EVENT

CISCO_WIRELESS_AP_EVENT

CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT

User-defined Auto Smartports macro

Action

You can select the following actions to apply or remove auto smartports policy:

Apply—Select this action to define auto smartports policy

Remove—Select this action to remove the existing auto smartports policy

 

Event trigger type

Select the following event trigger type:

Pre-defined trigger—To associate the auto smartports macro with a pre-defined event trigger.

User-defined trigger—To associate the auto smartports macro with a user-defined event trigger.

 

Event trigger identifier

Select the following event trigger identifier from the drop-down list:

CISCO_PHONE_EVENT

CISCO_ROUTER_EVENT

CISCO_SWITCH_EVENT

CISCO_WIRELESS_AP_EVENT

CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT

This drop-down list is enabled only if you have selected the Event trigger type as Pre-defined trigger.

 

User-defined event trigger identifier

Enter the name of the event trigger identifier.

This field is enabled only if you have selected the Event trigger type as User-defined trigger.

 

User defined macro input mode

Enter the auto smartports CLI commands either through CLI command interface or import from a file (.txt) that has CLI commands. You can select the following options:

CLI command

Import CLI command from the file

 

Macro command(s)

Enter the CLI commands.

For example,

if [[ $LINKUP -eq YES ]]; then

conf t

interface $INTERFACE

macro description $TRIGGER

switchport access vlan 1

exit

end

fi

if [[ $LINKUP -eq NO ]]; then

conf t

interface $INTERFACE

no macro description

no switchport access vlan 1

exit

end

fi

This field is enabled only if you have selected the User-defined macro input mode as CLI command.

Select macro command input file from the server

Files

Click Browse and select the file (.txt) that has the CLI commands.

The CLI command file (.txt) should reside in the default location:

On Solaris and Soft Appliance:

/var/adm/CSCOpx/files/rme/netconfig/

On Windows:

NMSROOT\files\rme\netconfig\

Where, NMSROOT is the LMS install directory.

Applicable Devices

(Button)

Allows you to view the IOS devices in your selection on which you want to configure Auto Smartports macros.

Save

(Button)

Saves the information you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


Manage Auto Smartports

You can use the Manage Auto Smartports task to enable or disable auto smartports functionality on a port.

You can enter the details of this task in the Manage Auto Smartports Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.


Note The Manage Auto Smartports task is available only in the Port based flow of a NetConfig job.


The fields in the Manage Auto Smartports Configuration dialog box are:

Group
Field
Description
IOS Parameters
 

Action

Select the following actions:

Enable—Enables auto smartports functionality on the port.

Disable—Disables auto smartports functionality on the port.

Enable Auto Smartports at device level

Check the checkbox to enable auto smartports at a device level.

Enable CDP fallback

Check to enable CDP fallback.

Applicable Devices

(Button)

Allows you to view the IOS devices in your selection on which you want to configure auto smartports macros.

Save

(Button)

Saves the information you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


When you schedule a NetConfig job for Manage Auto Smartports task and if you have selected any of the following Failure Policies, in the Job Schedule and Options dialog box, the rollback functionality will happen only if the archived configuration contains the command macro auto global processing [cdp-fallback].

Rollback device and stop

Rollback device and continue

Rollback job on failure

Smartports

You can use the Smartports task to apply Smartports to a port by selecting the predefined smartports macros.

You can enter the details of this task in the Smartports Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.


Note The Smartports task is available only in the Port based flow of a NetConfig job.


The fields in the Smartports Configuration dialog box are:

Group
Field
Description
IOS Parameters

Built-in Smartport Macro

Smartport Macro

Select the following predefined smartport macros from the drop-down list:

cisco-desktop

cisco-phone

cisco-switch

cisco-router

cisco-wireless

 

Access VLAN

Enter the Access VLAN value.

The value entered must be greater than zero. For example, 2.

This field is enabled only if you have selected the following smartports macros:

cisco-desktop

cisco-phone

 

Voice VLAN

Enter the Voice VLAN value.

The value entered must be greater than zero. For example, 1.

This field is enabled only if you have selected cisco-phone as the smartports macro.

 

Native VLAN

Enter the Native VLAN value.

The value entered must be greater than zero. For example, 1.

This field is enabled only if you have selected the following smartports macro:

cisco-switch

cisco-router

cisco-wireless

Applicable Devices

(Button)

 

Allows you to view the IOS devices in your selection on which you want to configure auto smartports macros.

Save

(Button)

 

Saves the information you have specified.

Reset

(Button)

 

Clears all fields and reverts to the default setting.

Cancel

(Button)

 

Ignores your changes.


When you schedule a NetConfig job for Smartports task and if you have selected any of the following Failure Policies, in the Job Schedule and Options dialog box, the rollback functionality will not happen.

Rollback device and stop

Rollback device and continue

Rollback job on failure

PoE Task

You can use the PoE task to configure Power and Power Policing in ports. Power Policing allows you to turn off power while generating syslogs. This is needed if the real-time power consumption exceeds the maximum power allocation on the port.

Power policing and ePoE are supported only on Catalyst 3750-E and Catalyst 3560-E switches with PoE ports.

You can enter the details of this task in the PoE Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.


Note The PoE task is available only in the Port based flow of a NetConfig job.


The fields in the PoE Configuration dialog box are:

Field
Description
Power Management

Power Mode

Select the following power modes:

Auto

Static

Disable

If you select Disable as the power mode, the detection and power for the inline power capable interface will be disabled.

Max Power

Enter the maximum power for the selected mode.

Maximum power can be upto 20,000 milliwatts.

Power Policing

Policing

Select the following options for power policing:

Enable

Disable

On Violation

Select the following to either generate a Syslog or to turn off power to the device.

Generate Syslog

Turn-Off Power

Applicable Devices

Allows you to view the IOS devices in your selection on which you want to configure PoE policies.

Save

(Button)

Saves the information you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


You can generate PoE MAX Power Violation syslog report for this task. See Reports Management with Cisco Prime LAN Management Solution 4.1 for more information.

Catalyst Integrated Security Features

You can use the Catalyst Integrated Security Features task to configure Port Security, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard and Security Violation on ports.

The Catalyst Integrated Security Feature is supported only on Catalyst 2960, 3560, 3560E, 3750, 3750E switches.

You can enter the details of this task in the Catalyst Integrated Security Features Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.


Note The Catalyst Integrated Security Features task is available only in the Port based flow of a NetConfig job.


The fields in the Catalyst Integrated Security Features Configuration dialog box are:

Field
Description
IOS Parameters
Port Security

Action

Select the following actions to limit the number of MAC addresses that can be learned through a port:

Change

Disable

Maximum Number of MAC Addresses

Enter the number of MAC addresses.

This field is enabled only if the action Change is selected.

Security Violation

Select the following security violation modes for a port:

Protect—Packets with unknown source addresses are dropped until the sufficient number of secure MAC addresses drops below the maximum value.

Restrict—Packets with unknown source addresses are dropped until the sufficient number of secure MAC addresses drops below the maximum value, and the Security Violation counter is incremented.

Shutdown—Interface immediately goes into an error-disabled state and sends an SNMP trap notification.

Disable—Disables security violations

DHCP Snooping

Global DHCP Snooping

Enables or disables DHCP Snooping globally.

VLAN DHCP Snooping

Enables or disables DHCP Snooping only on VLAN.

VLAN ID or VLAN Range

Enter the VLAN ID or VLAN range or both.

For example,

You can enter the VLAN ID as 10.

You can enter the VLAN range separated by a space or a hypen as 1 4,4-8.

You can enter both VLAN ID and VLAN range as 10, 4-8.

Port Trusting

Configure port trusting by selecting the following options:

Trust

UnTrust

DHCP Messages Per Second

Configure the DHCP messages rate limit for the ports and enter the number of DHCP messages that can be received per second.

Dynamic ARP Inspection

VLAN Dynamic ARP Inspection

Enables or disables Dynamic ARP Inspection only on VLAN.

VLAN ID or VLAN Range

Enter the VLAN ID or VLAN range or both.

For example,

You can enter the VLAN ID as 10.

You can enter the VLAN range separated by a space or a hypen as 1 4,4-8.

You can enter both VLAN ID and VLAN range as 10, 4-8.

Port Trusting

Configure port trusting by selecting the following options:

Trust

UnTrust

ARP Messages Per Second

Configure the ARP messages rate limit for the ports and enter the number of ARP request messages that can be received per second.

IP Source Guard

Action

Configure the IP souce guard by selecting the following actions:

Enable Filter By Source IP

Enable Filter By Source IP and MAC Address

Disable Filter By Source IP

Disable Filter By Source IP and MAC Address

Applicable Devices

Allows you to view the IOS devices in your selection on which you want to configure Catalyst Integrated Security Features on the ports.

Save

(Button)

Saves the information you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


You can generate a Syslog Analyzer report for this task, which lists only the Syslogs that are specific to Catalyst Integrated Security Features. See Reports Management with Cisco Prime LAN Management Solution 4.1 for more information.

EEM Environmental Variables Task

You can use this task to configure EEM Environmental Variables (that are used by the TCL script) on Cisco Catalyst 6500, 2900XL, 2970, 2960, 3550, 3560, 3750, and 3750E switches.

You can enter the details for this task in the Environmental Variables Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

The fields in the EEM Environmental Variables Configuration dialog box are:

Field/Button
Description
IOS Parameters
EEM Environmental Variables

Action

Select either:

Add - to add one or more variables.

Or

Remove - to remove one or more variables.

Variable Name

Enter the name for the variable.

Example:

my_counter

You can create a maximum of five variables at a time. If you want to create more variables, create another instance by clicking Add Instance Button.

Value

Enter the value for the variable.

Example:

15

Now the variable my_counter will have the value 15.

Applicable Devices

Allows you to view the IOS devices in your selection, to which these variables would be applied to.

Save

Saves the information you have specified.

Reset

Clears all fields and reverts to the default setting.

Cancel

Ignores your changes.


Embedded Event Manager Task

You can use this task to configure EEM Scripts or Applets on Cisco Catalyst 6500, 2900XL, 2970, 2960, 3550, 3560, 3750, and 3750E switches.

You can enter the details for this task in the Embedded Event Manager Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

The fields in the Embedded Event Manager Configuration dialog box are:

Field/Button
Description
IOS Parameters
EEM Configuration

Policy Type

Select either Script or Applet as the policy.

Action

Select Register or Unregister to register or unregister a script or applet.

Device Directory Options

Create New Directory

Check this option if you want to create a new directory on the device to copy the applet or script.

If you select this checkbox, the input given in the Directory Name textbox is used to create a new directory.

This option is activated only when the Script Policy and Register Action options are selected.

Directory Name

Enter the absolute path of the directory where the file needs to be placed on the device.

Example:

disk0:/Testing

Here a new directory Testing is created in the device under disk0 Partition.

Ensure that the selected directory has enough space before the script files are copied.

This option is activated only when the Script Policy and Register Action options are selected.

Upload Script/Applet files from Server

Files

Use this option to either:

Enter the file location to upload the scripts to deploy on the device.

Ensure that you enter the absolute path along with the filename.

You can specify multiple filenames separated by commas.

Or

Browse to the directory and select one or more scripts to deploy on the device.

Use CTRL to select more than one file.

Use Browse to browse to the directory.

You cannot combine tcl files and applet files in a single NetConfig task.

Applicable Devices

Allows you to view the IOS devices in your selection, to which the scripts or applets apply.

Save

Saves the information you have specified.

Reset

Clears all fields and reverts to the default setting.

Cancel

Ignores your changes.


For more information, see Monitoring and Troubleshooting with Cisco Prime LAN Management Solution 4.1.

EnergyWise Configuration Task

You can use the EnergyWise Configuration Task to configure EnergyWise on devices.

You can enter the details of this task in the EnergyWise dialog box. To invoke this dialog box, see Starting a New NetConfig Job.


Note The EnergyWise Configuration task is available only in the Device based flow of a NetConfig job.


The fields in the EnergyWise Configuration dialog box are:

Field
Description
IOS Parameters
Enable/Disable EnergyWise

Configure EnergyWise

Select the following options to enable or disable EnergyWise configuration on the devices:

Enable—To enable EnergyWise configuration on the devices

Disable—To disable EnergyWise configuration on the devices

No Change—To make no change to the EnergyWise configuration on the device.

Domain Configuration

EnergyWise Entity Domain

Enter an EnergyWise domain name. For example, myDomain

This field is disabled if you have selected Disable as the Configure EnergyWise option.

EnergyWise Entity Secret

Enter the EnergyWise Entity secret name.

This field is disabled if you have selected Disable as the Configure EnergyWise option.

Advanced Configuration

Entity Importance (1-100)

Enter the value for EnergyWise Importance.

Importance allows you to differentiate among devices in the domain. The value for Importance ranges from 1 to 100, where a value of 1 is the lowest and a value of 100 is the highest.

This field is disabled if you have selected Disable as the Configure EnergyWise option.

Entity Keywords (comma separated)

Enter the keyword. For example, myLobbyphones.

You can set Keyword to identify a specific device or group of devices. You can use these keywords to query the devices for specific data.

This field is disabled if you have selected Disable as the Configure EnergyWise option.

Entity Role

Enter the role for a specific device or device group access.

This field is disabled if you have selected Disable as the Configure EnergyWise option.

EnergyWise Level

Select the following EnergyWise level to be configured on the devices:

0 - Shut

1 - Hibernate

2 - Sleep

3 - Standby

4 - Ready

5 - Low

6 - Frugal

7 - Medium

8 - Reduced

9 - High

10 - Full

This drop-down list is disabled if you have selected Disable as the Configure EnergyWise option.

Management Configuration

EnergyWise Port Number

Enter the EnergyWise port number that sends and receives queries.

The range is from 1 to 65000. The default is 43440.

After entering the EnergyWise port number, you must select either:

Interface—Select Interface and specify the EnergyWise Interface ID.

Or

IP Address—Select IP Address and specify the EnergyWise IP Address.

Or

Use Mgmt IP Address of Devices—Select to use the management IP Address of devices added in the DCR.

EnergyWise Interface

Specify the EnergyWise Interface ID from which the EnergyWise messages are sent. For example, FastEthernet0/2.

EnergyWise IP Address

Specify the EnergyWise IP Address from which the EnergyWise messages are sent.

Applicable Devices

(Button)

Allows you to view the IOS devices in your selection on which you want to configure EnergyWise.

Save

(Button)

Saves the information you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


For more information, see Monitoring and Troubleshooting with Cisco Prime LAN Management Solution 4.1.

EnergyWise Parameters Task

You can use the EnergyWise Parameters task to configure EnergyWise on ports. You can enter the details of this task in the EnergyWise Parameters Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.


Note The EnergyWise Parameters task is available only in the Port based flow of a NetConfig job.


The fields in the EnergyWise Parameters Configuration dialog box are:

Field
Description
Configure EnergyWise Parameters

Entity Keywords (comma separated)

Enter the keyword name.

Keywords can be set to identify a specific interface or group of interfaces. For example, lab1

Entity Role

Enter the role for a specific device or device group access. For example, lobbyaccess

Entity Importance (1-100)

Enter the value for Importance.

Allows you to differentiate among devices in the domain. The value for Importance ranges from 1 to 100, where a value of 1 is the lowest and a value of 100 is the highest.

Applicable Devices

(Button)

Allows you to view the IOS devices in your selection on which you want to configure EnergyWise.

Save

(Button)

Saves the information that you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


EnergyWise Events Task

You can use the EnergyWise Events task to configure EnergyWise events on ports of EnergyWise supported devices.

You can enter the details of this task in the EnergyWise Events Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.


Note The EnergyWise Events task is available only in the Port-based flow of a NetConfig job.


The fields in the EnergyWise Events Configuration dialog box are:

Field
Description
IOS Parameters

Action

Select the following actions to enable or disable EnergyWise events on ports:

Enable—To enable EnergyWise events configurations on ports

Disable—To disable EnergyWise events configurations on ports

EnergyWise Level

Select the following EnergyWise event levels:

0 - Shut

1 - Hibernate

2 - Sleep

3 - Standby

4 - Ready

5 - Low

6 - Frugal

7 - Medium

8 - Reduced

9 - High

10 - Full

This drop-down list is disabled if you have selected Disable as the Action.

Recurrence

Configure Recurrence level

Check the checkbox to configure event recurrence level.

Importance (1-100)

Enter the value for Importance.

Allows you to differentiate among devices in the domain. The value for Importance ranges from 1 to 100, where a value of 1 is the lowest and a value of 100 is the highest.

Hour [00 - 23]

Select the hour interval to configure the event recurrence interval.

You can select the hourly time between 00 and 23 hours.

Minute [00 - 59]

Select the minute interval to configure event recurrence interval.

You can select the minute interval between 00 and 59 minutes

Month [1 - 12]

Enter the month in number format, separated by comma.

You can enter the value for one month [3], or for a range of months [7-9], or both [3, 7-9].

If this field is left blank, the Netconfig job considers the value as applied for all the months [1-12].

Day of the Month [1 - 31]

Enter the day of the month in number format, separated by comma.

You can enter the value for one day [20], or for range of days [15-19], or both [10, 15-20].

If this field is left blank, the Netconfig job considers the value applied for all the days of a month [1-31].

Day of the Week

Select the day of the week by checking the checkbox.

If all the days of the week are left unchecked, the Netconfig job considers the value being checked for all the days of a week [Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday].

Time Range

Enter the EnergyWise IOS time-range configured in the Global Config mode.

For example, if you have configured the time range "Periodic Friday 07:00 to 20:00" to a time-range name "Friday" in the Global Config mode in the EnergyWise IOS, you must enter "Friday" in this Time Range field.

This option is applicable for EnergyWise enabled devices running EnergyWise 2.0 software image.

Applicable Devices

(Button)

Allows you to view the IOS devices in your selection.

Save

(Button)

Saves the information that you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


GOLD Boot Level Task

You can use this task to configure Boot Level Diagnositc tests on the following device category:

Cisco Catalyst 6500 devices

You can enter the details for this task in the GOLD Boot Level Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

The fields in the GOLD Bootup Level Configuration dialog box are:

Field/Button
Description

Action

Select either Enable to enable the actions or Disable to disable the actions

Level

Select either Complete to set the boot level to Complete or Minimal to set the boot level to Minimal

This option is activated only if the Action option is enabled. This option is not activated, if you have selected Disable in the Action field.

Save

Saves the information you have specified.

Reset

Clears all fields and reverts to the default setting.

Cancel

Ignores your changes.


For more information, see Monitoring and Troubleshooting with Cisco Prime LAN Management Solution 4.1.

GOLD Monitoring Test Task

You can use this task to configure GOLD Monitoring tests on the following device categories:

Cisco Catalyst 6500 IOS switches

Cisco Catalyst 2900XL, 2970, 2960, 3550, 3560, 3750, and 3750E Switches

You can enter the details of this task in the GOLD Monitoring Tests Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

The fields in the GOLD Monitoring Test Configuration dialog box are:

Pane
Description
GOLD Monitoring Test Configuration
Configuring Health Monitoring Diagnostics

Action

Select any of the following:

Add Interval - To add an interval

No Interval. - To not add an interval

No Change - To make no change

Enter Vendor Type or Name

Enter the Vendor type or Module Name. You can enter one or more comma separated module names.

Example:

cevCat6kVsS72010G

This is a mandatory field and is available only if you select Cisco Catalyst 6500 devices.

Enter Switch ID

Enter the Switch ID.

You can enter a single switch ID or a number of switch IDs separated by comma.

Example 1:

Enter 2 if you want to include switch with ID 2.

Example 2:

Enter 3, 6 if you want to include switches with IDs 3 and 6.

This is a mandatory field and is available only if you select Cisco Catalyst 2900XL, 2970, 2960, 3550, 3560, 3750, or 3750E stack switches.

Enable/Disable Health Monitoring Diagnostics Test

Action

Select any of the following:

Enable - To start the Health Monitoring tests

Disable - To stop the running Health Monitoring tests.

The tests once stopped, will not start again until the Action is enabled.

No Change - No change to Action

Test Details

All

Allows you to configure all diagnostic tests.

Enter Testnames

Allows you to manually enter the test names.

Enter one or more test names separated by comma.

This option is activated only if the Enable Action is selected.

Range

Allows you to enter a range for tests to be run.

This option is activated only if the Enable Action is selected.

Example:

Enter 2-8 if you want to run tests with IDs from 2 to 8.

Configure Health Monitoring Interval

No. of Days

Enter the number of days till which you require the tests to be run on the devices.

The number of days can be any value between 0 - 20.

The default value is 1 day.

Hours

Select the hour frequency at which the tests should be run. You can enter any value between 00 and 23 for hour.

This is a mandatory field and is enabled only if you have selected Add Interval.

Minutes

Select the minute frequency at which the tests should be run. You can enter any value between 00 and 59 for the minute.

This is a mandatory field and is enabled only if you have selected Add Interval.

Seconds

Enter the seconds frequency at which the tests should be run. You can enter any value between 00 and 59 for the second.

This is a mandatory field and is enabled only if you have selected Add Interval.

Milliseconds

Enter the millisecond frequency at which the tests should be run. You can enter any value between 0 and 999 for the second.

This is a mandatory field and is enabled only if you have selected Add Interval.

Applicable Devices

Allows you to view the IOS devices in your selection that you want to monitor with GOLD Monitoring Tests.

Save

Saves the information you have specified.

Reset

Clears all fields and reverts to the default setting.

Cancel

Ignores your changes.


For more information, see Monitoring and Troubleshooting with Cisco Prime LAN Management Solution 4.1.

GOLD Health Monitoring Test Task

You can use this task to configure GOLD Health Monitoring tests on Cisco Catalyst 6500 IOS switches device categories.

This task is available only for the Module-based netconfig job wizard.

You can enter the details of this task in the Gold Health Monitoring Test Configuration dialog box. To invoke this dialog box, see Create a NetConfig Job based on Module or Port.

The fields in the GOLD Health Monitoring Test Configuration dialog box are:

Pane
Description
GOLD Health Monitoring Test Configuration
Configuring Health-Monitoring Diagnostics for Cat6k Devices

Action

Select any of the following:

Run Test - To run a test

Add Test - To add a test

Remove Test - To remove a test

Test Details

All

Allows you to configure all diagnostic tests.

Pre-defined

Allows you to select the following pre-defined tests:

TestLoopback

TestNetflowInlineRewrite

TestEobcStressPing

TestFirmwareDiagStatus

TestAsicSync

Enter Testnames

Allows you to manually enter the test names.

Enter one or more test names separated by comma.

Range

Allows you to enter a range for tests to be run.

Example:

Enter 2-8 if you want to run tests with IDs from 2 to 8.

Configure Health Monitoring Interval

No. of Days

Enter the number of days till which you require the tests to be run on the devices.

The number of days can be any value between 0 - 20.

The default value is one day.

This field is enabled only if you have selected Add Test.

Hours

Select the hour frequency at which the tests should be run. You can enter any value between 00 and 23 for the hour.

This field is enabled only if you have selected Add Test.

Minutes

Select the minute frequency at which the tests should be run. You can enter any value between between 00 and 59 for the minute.

This field is enabled only if you have selected Add Test.

Seconds

Enter the seconds frequency at which the tests should be run. You can enter any value between 00 and 59 for the second.

This field is enabled only if you have selected Add Test.

Milliseconds

Enter the millisecond frequency at which the tests should be run. You can enter any value between 0 and 999 for the millisecond.

This field is enabled only if you have selected Add Test.

Apply the Monitoring Test

Run the above monitoring test case

Check the checkbox to run the above monitoring test case.

Configure Syslog

Check the checkbox and select the following options to enable or disable Syslog:

Enable

Disable

Applicable Devices

(Button)

Allows you to view the IOS devices in your selection that you want to monitor with GOLD Health Monitoring Tests.

Save

(Button)

Saves the information you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


For more information, see Monitoring and Troubleshooting with Cisco Prime LAN Management Solution 4.1.

SRE Operation Task

You can use the SRE Operation task to perform the following operations in the service modules of SRE supported devices:

Install application in service modules

Uninstall application from service modules

Understand:

Status of the service module

Application that is running on the module

Status of the current installation in the service module

Status of uninstallation in the service module

Stop the installation on a set of service modules in a SRE device

Reset service modules in a SRE device

Shutdown the set of service modules in a SRE device

You can enter the details of the SRE Operation task in the SRE Operation Configuration dialog box. To invoke this dialog box, see Create a NetConfig Job based on Module or Port.

The fields in the SRE Operation Configuration dialog box are:

Field
Description

Action

Select the following actions:

Install—Install application in service modules.

Uninstall—Uninstall application from service modules.

Status—Displays the following:

Status of the service module

The applicable running on the module

Status of the installation and uninstallation being performed in the service module

Abort—Stop installation on a set of service modules in a SRE device.

Shutdown—Shutdown the set of service modules in a SRE device

Reset—Reset service modules in a SRE device.

Script Name [Optional]

Name of the script file that should be picked up during installation.

This field is optional and is enabled only if the Install action is selected.

Argument to the Script [Optional]

String argument passed to the script.

The string argument must be entered within quotes. For example, "argument".

This field is optional and enabled only if Install action is selected.

URL of the installation source directory

URL path of the package from where the device needs to download the image for installation.

For example, ftp://180.180.180.80/nibbler/012609/pkg1/foundation.sme.1.4.40.18.pkg

This is a mandatory field. If this field is blank, an error message appears.

Applicable Devices

Allows you to view the devices in your selection that you want to configure SRE operation.

Save

(Button)

Saves the information you have specified.

Reset

(Button)

Clears all fields and reverts to the default setting.

Cancel

(Button)

Ignores your changes.


cwcli netconfig

This command is described in the cwcli framework chapter. For details see Running the cwcli netconfig Command.

Use Case: Using NetConfig Templates to change Configurations for many Devices

Case

As a Network Administrator, you would want to change configuration for a set of devices in few simple steps.

Solution

You can use NetConfig to change the configurations of many devices in one step. You can select the devices and the corresponding system-defined or user-defined tasks and schedule a NetConfig job.

Let us say, you want to change the Local Username and Telnet password for a few devices. To perform this:


Step 1 Go to Configuration > Configuration > NetConfig.

The Devices And Tasks dialog box appears.

Step 2 Select the required devices from the Device Selector.

Step 3 Select the Local Username and Telnet Password tasks from the Task Selector.

NetConfig Tasks are also referred to as NetConfig templates.

Step 4 Click Next.

From your selection, only the tasks that are applicable to at least one device that you have selected, appear here. If the task that you have selected do not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane.

Step 5 Select a task and click Add to create an instance for the task.

Step 6 After creating the instances, select the Local Username_1 instance and click View CLI button to view the CLI commands that will be deployed onto the applicable and non applicable devices.

Alternatively, you can click Edit to edit the selected instance or click Delete to delete an instance. You can only delete one instance at a time.

Step 7 Click Next.

The Job Schedule and Options page appears.

For more information on how to schedule a NetConfig job, see Starting a New NetConfig Job.

Step 8 Provide the required information in the Job Schedule and Options dialog box and click Finish.

The Job Work Order screen appears.

Step 9 Click Finish.

A notification indicating the successful creation of a job appears.

Example

Job 1007 was created successfully.

The NetConfig job will be executed at the scheduled date and time. The Local Username Configuration and Telnet Password Configuration changes effected will be deployed on the selected applicable devices.

To know the status of the job scheduled, go to Configuration > Configuration > NetConfig > NetConfig Jobs.