Guest

CiscoWorks Network Compliance Manager

Release Notes for CiscoWorks Network Compliance Manager, 1.5

  • Viewing Options

  • PDF (313.8 KB)
  • Feedback
Release Notes for CiscoWorks Network Compliance Manager, 1.5

Table Of Contents

Release Notes for CiscoWorks Network Compliance Manager, 1.5

Contents

What's Been Fixed in CiscoWorks NCM 1.5

What's New in CiscoWorks NCM 1.5

Supported Platforms

Supported Databases

Additional CiscoWorks NCM Configurations

Additional Required Applications

Hardware Requirements

Caveats

Resolved Problems

Known Limitations and Problems

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation, Obtaining Support, and Security Guidelines

Notices

OpenSSL/Open SSL Project

License Issues


Release Notes for CiscoWorks Network Compliance Manager, 1.5


Revised: December, 2009, OL-19103-03

These release notes include important information regarding CiscoWorks Network Compliance Manager (NCM), Release 1.5.


Note The CiscoWorks NCM 1.5 release requires Driver Packs dated November 2009 (or later) to operate properly.


CiscoWorks NCM tracks and regulates configuration and software changes throughout a multivendor network infrastructure. It provides visibility into network changes and can track compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems such as network instability and service interruption.

CiscoWorks NCM includes integration with CiscoWorks—initially launchable from the CiscoWorks home page and interoperability with other CiscoWorks applications such as the LMS bundle through the Common Services Device Credential Repository (DCR).


Note All documentation, including this document and any or all of the parts of the CiscoWorks NCM documentation set, might be upgraded over time. Therefore, we recommend you access the CiscoWorks NCM documentation set using the Cisco.com URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html


The Docs tab visible from within CiscoWorks NCM might not include links to the latest documents.

Contents

This release note contains the following sections:

What's Been Fixed in CiscoWorks NCM 1.5

What's New in CiscoWorks NCM 1.5

Supported Platforms

Supported Databases

Additional CiscoWorks NCM Configurations

Additional Required Applications

Hardware Requirements

Caveats

Resolved Problems

Known Limitations and Problems

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation, Obtaining Support, and Security Guidelines

Notices

What's Been Fixed in CiscoWorks NCM 1.5

The following issues have been fixed in CiscoWorks NCM 1.5.

Table 1 Issues Fixed in CiscoWorks NCM 1.5 

Bug Summary
Fix Description

Per-task credentials are not working properly

Per-task credentials now work properly. Per-task credentials enable you to specify what credentials are used to access devices.

Large sets of data pasted into the proxy causes an error due to a buffer overflow

You can now paste a large amount of data, for example a long config, into the proxy.

Snapshot tasks fail with a constraint error while updating the Device Access log

Snapshot tasks now function properly when updating the Device Access log.

Error message is displayed because of a missing NULL check when editing policies bound to deactivated devices

You can now edit polices bound to deactivated devices.

Issue with a device in remote Realms using the console server

CiscoWorks NCM can now access devices through console servers in remote Realms. Previously, CiscoWorks NCM could only access console servers in the local Realm (i.e., the same Realm as the CiscoWorks NCM Core).

Network Status reports do not display policy rule violations

Network Status reports now provide an overview of network configuration, health, and compliance, including policy rule violations.

You cannot save a policy rule that contains large configuration text

You can now include large configuration text in the "Block Start Pattern" field when creating a policy rule.

When processing a list with more than 1,000 device groups, database queries can fail

Database queries have been retooled to properly handle large lists.

Need a VLAN Data Gathering diagnostic

The VLAN Data Gathering diagnostic gathers the latest VLAN information.

Device template provisioning does not function properly

Device template provisioning now functions properly. Device templates enable you to define configurations, OS/file specifications, and other device-specific information that can then be applied to existing devices.

Advanced command scripts and diagnostics using the Perl API return errors

You can now use advanced command scripts and diagnostics using the Perl API.

CiscoWorks NCM is not updating the OS software history version for devices

CiscoWorks NCM now updates the OS software history version for devices and displays the information in the Software Audit Trail report.

Running command scripts fail when using CSV input

You can now run command scripts using CSV input.

The No policies found message is displayed on the Policies page even when policies exist

The Policies page now accurately reports all available policies.

SA and TACACS servers does not allow local authentication failover

SA and TACACS servers now allow local authentication failover.

The CiscoWorks NCM Installer upgrades any CiscoWorks NCM schema version, regardless if it is the correct version to upgrade or not

The CiscoWorks NCM Installer now upgrades the correct CiscoWorks NCM schema version.

Per device dynamic grouping recalculation is incorrect

Per device dynamic grouping recalculation now functions properly.

The Batch Edit option for Bastion Hosts does not work

The Batch Edit option for Bastion Hosts now functions properly.

Use task owner's AAA credentials option is not saved when saving tasks

The Use task owner's AAA credentials option for device credentials information now functions properly.

Policy rules do not function properly

CiscoWorks NCM no longer adds extra backslashes (/) if a backslash is used when creating a policy rule.

When creating an Advanced search, you cannot select a second date to specify a date range.

You can now select a second date on the Advanced Search page so as to specify a date range.

AAA credentials do not function properly

You can now select the Use task owners AAA credentials option when using AAA credentials.

Policy rule conditions are not saved when creating a diagnostics policy rule using a "memory troubleshooting" condition

You can now save policy rule conditions when creating a diagnostics policy rule using a "memory troubleshooting" condition.

Dynamic group recalculations result in Out of Memory errors

Dynamic group recalculations now function properly.

Boolean expressions are not properly evaluated for dynamic groups

Boolean expressions are now properly evaluated for dynamic groups.

Viewing sub-tasks of a multi-task project can delete the multi-task project

You can now configure a multi-task project to run several different tasks sequentially joined together under a single project.

You cannot connect to a Juniper WXC-500 device

You can now connect to a Juniper WXC-500 device.

The Remote Agent is not deleting SNMP objects

The Remote Agent now functions properly.

Users can search device configurations for which they do not have permissions

Users now must have the proper permissions to search device configurations.

Policy Compliance searches use the old query infrastructure

Policy Compliance searches now uses the new, ad hoc query infrastructure.

Users with View permission cannot view dynamic groups

Users with View permission can now view dynamic groups.

You cannot select a new Site while editing a device due to a browser time-out issue

You can now edit a device and change the device's Site designation.

No connection paths supported for CLI connection error message when upgrading to CiscoWorks NCM 1.4.

You can now upgrade to CiscoWorks NCM 1.5 and connect to all of your devices.

Incorrect Policy Compliance search results displayed

Policy Compliance search results are now correctly displayed on the Policy, Rule, and Compliance Search Results page.


What's New in CiscoWorks NCM 1.5

CiscoWorks NCM 1.5 includes many new features and enhancements, including:

Solaris 64-bit support—When installing CiscoWorks NCM on a Solaris platform, CiscoWorks NCM uses the 64-bit Java Virtual Machine (JVM). As a result, CiscoWorks NCM can utilize more memory.

Enhanced task scheduling—When creating or updating a CiscoWorks NCM task, you can now set a priority for the task so that it runs at higher priority than other tasks. There are five task priority levels, 1 through 5. 1 is the highest task priority level. Higher priority tasks run before lower priority tasks. In addition, you can use the new Round-robin algorithm on group tasks. For example, if you started a group task for 10,000 devices at 10am and then started a group task for 10 devices at 10:05am, using the Round-robin algorithm, you no longer have to wait for the first task group to complete before the second group task is started.

Enhanced Device Selector and Device Group Explorer—The enhanced Device Selector and Device Group Explorer enable you to easily navigate group trees to select devices and device groups for a variety of applications.

Multiple VLAN per port support —CiscoWorks NCM enables you to view and provision VLANs on network switches. With CiscoWorks NCM 1.5, you can:

View a complete list of a device's VLANs

View specific VLAN details

View a list of ports assigned to a VLAN

View trunk ports

View a list of VLANs on a trunk port

View the native VLAN of a trunk port (the VLAN whose traffic on the trunk port is not tagged)

View VTP settings of a network switch

Create a new VLAN on a network switch

Change a port assigned to a VLAN (add/prune ports)

Configure a port as a trunk port (multiple VLAN with tagging)

Change trunk port native VLANs

Configure a trunk port as a non-trunk

Virtual device and virtual context support—CiscoWorks NCM now provides support for virtual devices, including VMware's Virtual Switch (vSwitch) technology available via VMware's Infrastructure (ESX) and the Cisco Nexus 1000V Series switches. These new virtual devices can be managed alongside legacy devices, providing centralized support. Virtual devices, as well as devices which support virtual contexts, including the Cisco Firewall Services Module (FWSM) and Cisco ACE Application Control Engine Module, now benefit from device relationship enhancements that provide management of non-IP address contexts, as well as views of the underlying relationships between the actual hardware and virtual contexts.

Device relationships—Device relationships maintain data for parent, peer, and child devices. Device dependencies can be defined by the new Device Relationships API.

Connection Path enhancements—You can now enable or disable device access via primary IP addresses.

Link aggregation support—Link aggregation support enables CiscoWorks NCM to list all of the links (or connections) associated with a specific port on a device. This information is gleaned from enhanced diagnostics or from new device context information. Link aggregation enables you to manage a device with virtual contexts that assign multiple connections to a physical port.

Provisioning and Scripting API enhancements—You can now list device templates, show device template configurations, modify device template configurations, and provision devices using the Device Relationships API.

Supported Platforms

CiscoWorks NCM 1.5 can be installed on the following platforms:

Vendor
OS
Version
Architecture

Microsoft

Windows Server, Enterprise Edition (32-bit and 64-bit)

2003

i386

Sun Microsystems

Solaris (patch 118833-36 or later)

10

Dual UltraSparc IIIi+, 1.3 GHz

Red Hat

RH AS 4 32-bit, and RH AS 5 32-bit and 64-bit

4 and 5

i386

SuSE

Enterprise Linux Server

10.0

i386



Note CiscoWorks NCM is a 32-bit application that runs in 32-bit mode on 64-bit operating systems.


The following operation systems are no longer supported:

Windows 2000

Solaris 9

Red Hat AS3

SuSE 9

When upgrading to CiscoWorks NCM 1.5, if you are going from a deprecated operating system, for example Windows 2000 or Solaris 9, to a supported CiscoWorks NCM 1.5 operating system, do the following:


Step 1 Back up the CiscoWorks NCM folder.

Step 2 Upgrade the operating system.

Step 3 Follow the CiscoWorks NCM 1.5 upgrade steps.



Note For all operating system upgrades, please refer to the vendor documentation and your system support personnel. Cisco is not responsible for issues that might arise during third-party product upgrades.


Supported Databases

When installing CiscoWorks NCM, the database can be installed on any platform. CiscoWorks NCM supports the following databases:

Database
Notes

Oracle 10g (10.2.0.4) Standard Edition

If you are running CiscoWorks NCM in a Distributed System environment, you will need Oracle Enterprise Edition.

Microsoft SQL Server 2005 Standard Edition

 

MySQL 5.0.41 or later versions, including 5.0.58

MySQL 5.0.58 ships with CiscoWorks NCM.



Note 64-bit Oracle and SQL Server are supported.


The following databases are no longer supported:

Oracle 9i and Oracle 9.2

Microsoft SQL Server 2000

MySQL 3


Note Existing MySQL 3.x databases can be upgraded to MySQL 5.0.41 or later using the MySQL Upgrade Installer. Refer to the Installation and Upgrade Guide for CiscoWorks Network Compliance Manager, 1.5 for information.


When upgrading to CiscoWorks NCM 1.5, if you are going from a deprecated version of the database, for example Oracle 9i, to a supported version of the database, do the following:


Step 1 Back up the CiscoWorks NCM database.

Step 2 Upgrade the database.

Step 3 Follow the CiscoWorks NCM 1.5 upgrade steps.



Note For all database upgrades, please refer to the documentation provided by the appropriate vendor and your DBA. Cisco is not responsible for issues that might arise during third-party product upgrades.


Additional CiscoWorks NCM Configurations

If you have configured a High Availability Distributed System environment, the database requirements for Oracle and Microsoft SQL Server include:

Database
Restrictions

Oracle Enterprise Edition 10.2.0.2 and 10.2.0.4

No more than five CiscoWorks NCM Cores can be configured.

SQL Server Standard Edition 2005 SP2 or higher

No more than two CiscoWorks NCM Cores can be configured. The maximum number of devices should not exceed 6,500.


Refer to the High Availability Distributed System on Oracle Configuration Guide for CiscoWorks Network Compliance Manager or the High Availability Distributed System on Microsoft SQL Configuration Guide for CiscoWorks Network Compliance Manager for information on configuring a High Availability Distributed System environment.

If you have configured a Satellite environment, CiscoWorks NCM supports the following platforms:

Vendor
OS
Version
Architecture

Red Hat

RHEL AS (32-bit)

3 and 4

i386

Novell

SuSE Enterprise Linux Server

9

i386

Sun Microsystems

Solaris (patch 118833-36 or later)

9 and 10

Sun Sparc



Note SuSE Linux 9 and Solaris 9 are supported with Satellite; however, these two operating systems are not supported in CiscoWorks NCM 1.5 Core. These two operating systems are only valid to run the satellite remote gateway.


Refer to the Satellite User's Guide for CiscoWorks Network Compliance Manager for information on configuring a Satellite environment.

If you are running CiscoWorks NCM in a Virtual Environment (VM), CiscoWorks NCM supports the following platforms:

Vendor
OS
Version

Sun Microsystems

Solaris Zones

10

VMware ESX 3.5 or 4.0

Windows

2003, SP1



Note Troubleshooting and performance issues related to VMware cannot be resolved via Cisco Support. As a result, VMware performance tuning practices must be used. Refer to your VMware documentation for information.


Keep the following in mind when running CiscoWorks NCM in a VM:

Running CiscoWorks NCM and the database in the same VM is not recommended.

Running the database for the CiscoWorks NCM High Availability Core in a VM is not recommended.

The maximum number of devices is 3,000.

The maximum number of concurrent tasks is less than 20.

The minimum VMware Guest requirements include:

2.6 GHz CPU

4 GB dedicated RAM

40 to 60 GB HD

100 Mbps or higher dedicated Ethernet port

Linux RHEL AS 3 and 4

CiscoWorks NCM is not certified to run with Oracle in a VMware instance.

CiscoWorks NCM is not certified to run in an environment where VMotion is used with the VMs.

Additional Required Applications

You will need to install the following applications:

CiscoWorks NCM supports the following browsers:

Mozilla Firefox 2.0 or 3.0

Internet Explorer 6.x, 7.0


Note Mozilla Firefox 1.x is no longer supported.


Microsoft Excel 2000 or higher, if you are viewing Summary Reports from the CiscoWorks NCM server.

Adobe® Acrobat Reader™ version 4.0 or higher if you are viewing CiscoWorks NCM documentation from the CiscoWorks NCM server.

ActivePerl 5.8.x (for Windows).

Perl 5.8.x (for Solaris and Linux). Keep in mind that the CiscoWorks NCM Convert to Perl script feature uses Perl.


Note Third-party products mentioned in this documentation are manufactured by vendors independent of Cisco. Cisco makes no warranty, implied or otherwise, regarding the performance or reliability of these products. We provide third-party contact information to help you find technical support. However, third-party contact information is subject to change without notice and, therefore, Cisco can in no way guarantee the accuracy of this contact information.


Hardware Requirements

CiscoWorks NCM requires the following minimum hardware:

Application Server

CPU

Intel Xeon or equivalent, 3.0+ GHz (Windows, Linux), Dual UltraSparc IIIi+, 1.3 GHz (Solaris)

Memory

4 GB RAM

Swap Space

4 GB

Disk

40 GB, Fast SCSI

Network

100 Mbps Fast Ethernet, full duplex


Database Server

CPU

Intel Xeon or equivalent, 3.0+ GHz

Memory

4 GB RAM

Swap Space

4 GB

Disk

60 to 100 GB, Single Channel RAID, Fast SCSI

Network

100 Mbps Fast Ethernet, full duplex


Caveats

Please read the following regarding usability issues before using CiscoWorks NCM 1.5.

RSA SecurID Support in CiscoWorks NCM 1.5

When using RSA SecurID 4.x 128-bit tokens with CiscoWorks NCM 1.5 for device authentication, you must use the RSA SecurID 3.x software token client with RSA SecurID 4.x 128-bit tokens for CiscoWorks NCM to successfully import devices.

VLAN Data Gathering Diagnostic

If you are running several diagnostics, including the VLAN Data Gathering diagnostic, on a device that does not support the VLAN Data Gathering diagnostic, there is no Session Log available for that task.

Workaround: Remove the VLAN Data Gathering diagnostic from the task.

Stopping the CiscoWorks NCM Management Engine on a Solaris platform

If you are running CiscoWorks NCM on a Solaris platform, if you click the Start/Stop Services menu option from the Admin menu, and then click the Stop option for the Management Engine button on the Start/Stop Services page, the CiscoWorks NCM Management Engine (also referred to as the CiscoWorks NCM server) is not stopped.

Workaround: Go to the operating system and run /etc/init.d/truecontrol stop.

VLAN Searches

Previously saved VLAN searches are not valid in CiscoWorks NCM 1.5 due to the addition of new VLAN features. If you attempt to view a saved VLAN search, you could see the following error message:

Error executing query VLAN: PortInVlanName is not a valid field name for this query.

Workaround: Remove and re-create the VLAN search.

Uploading Large Image Files

Currently, CiscoWorks NCM is limited to uploading device configurations no greater than 250MB.

Provision Device Task

Although the Provision Device task enables you to select more than one device, the task only works with one device (or when using a .csv file for multiple devices). Attempting to select more than one device, or a device group, using the Device Selector will cause an error.

Using Firefox 2.0

When using most versions of Firefox 2.0, it is possible that the browser will crash when attempting to expand the Device Selector or Device Group Selector.

Workaround: Upgrade to Firefox 2.0.0.19 or higher.

Device Selector Display

When using the Device Selector with Internet Explorer 6, some of the Device Selector display features might not work properly due to a browser limitation.

Workaround: Upgrade to Internet Explorer 7.

Security Partitions

When modifying Security Partition details, if you save the Security Partition before the Device Selector loads, you will lose all the devices from that Security Partition.

Canceling Tasks

If you cancel a task that is currently communicating with a device, CiscoWorks NCM could mark subsequent attempts to run the task (or similar tasks) as "skipped". This could happen even if communication between the task and the device seem to be hung and you are waiting for a timeout.

This issue can occur because CiscoWorks NCM is looking for a clean opportunity to end communication between the task and the device before actually canceling the task. As a result, CiscoWorks NCM will continue to execute the task until that point is reached. Any attempt to rerun the task before it is canceled will appear to CiscoWorks NCM as if the task is already in progress. As a result, CiscoWorks NCM will mark the new task as "skipped". You must give CiscoWorks NCM ample time to finish with the canceled task. Once that has occurred, CiscoWorks NCM will be able to rerun the task.

Using the $tc_device_enable_password$ Variable in Command Scripts

When using the $tc_device_enable_password$ variable in a command script, if the device enable password contains an at sign (@) character, the @ character will be preceded by a backslash (\) character.

Device Managed IP Addresses Page

When making changes to the Device Managed IP Address, because CiscoWorks NCM attempts to remember a connection path, the change might not take effect.

Workaround: On the Device Managed IP Addresses page, click the Reset last used IP link.

Setting Parent Task Priority

When changing a parent task's priority that is currently running, any existing child tasks that are in the Pending or Waiting state will appropriately change their priority to that of the parent task. However, child tasks that have not been created yet or are in another state, such as Running or Paused will retain the parent task's original priority. If a parent task is not running and its priority is changed, all of the parent task's child tasks take on the new priority.

Duplicate VLANs Displayed in Layer 2 Diagrams

When diagramming VLANs, if a VLAN includes an IP address, it is possible for the VLAN port table to include both the VLAN name and the VLAN ID. As a result, duplicate VLANs could be displayed in Layer 2 diagrams since CiscoWorks NCM assumes the VLAN name and the VLAN ID refer to different VLANs.

Using LDAP Servers

If you are using a LDAP server for external user authentication, you might need to modify certain LDAP related options in the appserver.rcx file. The default settings will work with the ActiveDirectory server under most situations. However, for other types LDAP servers (depending on the LDAP schema configurations), you might need to customize the following settings if you are experiencing issues with the default settings:

<!-- Attribute mapping for Generic LDAP server--> <option name="ldap_server/attr_mapping/Generic/group_search">group,organizationalunit, container,groupOfUniqueNames</option> <option name="ldap_server/attr_mapping/Generic/group_name">name,cn,commonName</option> <option name="ldap_server/attr_mapping/Generic/member_search">member,uniqueMember </option> <option name="ldap_server/attr_mapping/Generic/username_search">samAccountName,uid,cn </option>

Note: Ignore the following settings. They are not used at this time.

<!-- Attribute mapping for SunLDAP server-->

<!-- Attribute mapping for OpenLDAP server-->

The group_search option specifies the list of LDAP entries to search against for LDAP groups. This information is used Step 3 of the LDAP Setup Wizard, where you define the LDAP groups of which the members are allowed to login to CiscoWorks NCM. Consult with your organization's LDAP Administrator to ensure that the list contains all necessary group attributes. For example, it might be necessary to add groupOfName to the list for the LDAP group search to work.

The same concept applies to username_search and member_search. Both of these are used during the CiscoWorks NCM login process to positively identify the user and to determine the user's group memberships. If the default LDAP attribute names do not match your LDAP schema configuration, change them accordingly.

The group_name option specifies the attribute names that usually contain the group name. If the attribute name for the LDAP group is not name, cn, and commonName, you must modify them accordingly. You rarely need to change this option, however.

After you made appropriate changes, save the appserver.rcx file and restart the CiscoWorks NCM server.

Testing OpenLDAP User Authentication

When configuring OpenLDAP for CiscoWorks NCM user authentication, the Test function might not work. In this case, be sure to save all of the options before testing if they work.

Device Relationships

Scripting to a vSwitch is done via direct API calls to the containing ESX server. As a result, there is no way to prevent scripts from modifying ESX server settings outside those that pertain to the vSwitch. Note that this is true even in cases where MSP permissions are being granted to the vSwitch, but not the containing ESX server.

Running CiscoWorks NCM on a Solaris Platform

When starting the CiscoWorks NCM server on a Solaris platform, there is a remote chance that the CiscoWorks NCM server will crash due to an error in the native frame_sparc.cpp file. This is due to a bug in the Solaris JVM Biased Locking feature.

Workaround: Add the following VM argument to the jboss_wrapper.conf file located in NCM_INSTALLED_DIR/server/ext/wrapper/conf:

wrapper.java.additional.#=-XX:-UseBiasedLocking

Where # is the next number in sequential order of all the parameters. For example, if the jboss_wrapper.conf file has the following arguments, the workaround VM argument would be #6.

wrapper.java.additional.1=-DTCMgmtEngine=1 wrapper.java.additional.2=-Duser.dir=C:\NA\server\ext\jboss\bin wrapper.java.additional.3=-Xmn170m wrapper.java.additional.4=-Djava.awt.headless=true wrapper.java.additional.5=-Dfile.encoding=UTF8 wrapper.java.additional.6=-XX:-UseBiasedLocking

Viewing VLAN Information for a Port/Interface

When viewing device MAC Addresses details on the MAC Address Details page, the VLAN field is not populated. QCCR1D98139
Workaround : To display VLAN information for a port/interface, click the Port Name link for that port on the MAC Address Details page. The Interface Details page opens. Scroll down to the Member VLANs field to view VLAN information.

Using Active Directory

If you are using Active Directory, you must modify the corresponding options in the appserver.rcx file to include the correct attributes in the search mapping session.

1. In the appserver.rcx file, locate <!-- Attribute mapping for Generic LDAP server--> session.

2. Make sure that:

groupOfName is included in the group_search

uid is included in the username_search

member is included in the member_search

3. Save the changes to the appserver.rcx file.

4. Restart the CiscoWorks NCM server.

Using ActiveState ActivePerl on Windows

Due to limitations of ActiveState ActivePerl on Windows, if you use this environment you will not be able to use SSH connections with the CiscoWorks NCM Perl API.

Workaround: Install the CiscoWorks NCM client on a supported Linux or Solaris system and run the CiscoWorks NCM Perl API from that system.

Including URLs in Policies

When creating a policy and including a vendor solution URL and/or a vendor advisory URL, the URL must start with the http:// prefix, otherwise the link might not be correctly interpreted by the browser. Note that if the URL field is left blank, when selected, the link could open the CiscoWorks NCM Home page.

Java Plug-in Version

If the Connect function fails and the CiscoWorks NCM server hangs, check what version of Java you have running on your Windows system. This is an issue with the Java Plug-in to your Web browser. The issue is not on the CiscoWorks NCM server.

To check what version of Java you are running:

1. Go to Start  > Control Panel.

2. Double-click Java.

3. In the General tab, click the About... button.

If you have Version 6 Update 11 or later, you must install an older JRE on your Windows system. Version 6 Update 10 and earlier are known to work.

Using the Device Group Selector

Some Chinese characters will not be displayed when using the Device Group Selector.

Using CiscoWorks NCM with NNMi

When manually adding a device to CiscoWorks NCM that is managed by NNMi, when navigating from NNMi to the device in CiscoWorks NCM, whether via an SNMP trap or the Actions menu, an error message is displayed indicating that the NNMi UUID is unknown.

Workarounds: (1) Remove the device from CiscoWorks NCM, add the device to NNMi, and then run the Import task to import the device into CiscoWorks NCM. (2) Navigate to
Administrative Settings  > Server  > Device Import and set the Overwrite Existing Devices option to yes and then run the NNMi Import task to import the device into CiscoWorks NCM.

Creating Advanced Perl Scripts

When creating an advanced Perl script, keep in mind that CiscoWorks NCM treats $some_text$ as reserved variables. If you use $ pairs in the script that are not CiscoWorks NCM variables, ensure you separate them with a space.

For example:

Incorrect: my($host,$port,$user,$pass) = ('localhost','$tc_proxy_telnet_port$', '$tc_user_username$','$tc_user_password$');

Correct: my($host, $port, $user, $pass) = ('localhost','$tc_proxy_telnet_port$', '$tc_user_username$','$tc_user_password$');

Error When Viewing Results for Diagnostics with Single Quotes in their Name

When creating a diagnostic with single quotes in its name, such as `Ana's Diagnostic', after running the diagnostic against a device, the diagnostic results are not displayed.

Workaround: Do not use single quotes in diagnostic names.

Diagnostic Name Limit

When naming a diagnostic, you are able to enter up to 100 characters. However, when running the diagnostics, the name is limited to 50 characters.

Workaround: Limit diagnostic names to 50 or less characters.

Using SCP with Devices in Remote Realms

Devices in remote Realms cannot use the Secure Copy (SCP) Transfer Protocol because in most cases, the remote Gateway Satellite Agent cannot use SSH/SCP port 22, since the Gateway OS is already using the port.

Workaround: Disable SCP for devices in remote Realms.

MySQL Install and Upgrade

If you are using a MySQL database and MySQL is installed or upgraded on a CiscoWorks NCM build prior to February 5, 2009, do the following:

1. Stop CiscoWorks NCM services.

2. On Windows, open the my.ini file (under the MySQL Install folder). On Solaris or Linux, open the /etc/my.cnf file.

3. Search for max_allowed_packet. If not found, append max_allowed_packet=16776192 to the bottom of the file. If found, change its value to 16776192.

4. Restart MySQL.

5. Restart CiscoWorks NCM services.

RSA SecurID supPort in CiscoWorks NCM 1.5

When using RSA SecurID 4.x 128-bit tokens with CiscoWorks NCM 1.5 for device authentication, you must use the RSA SecurID 3.x software token client with RSA SecurID 4.x 128-bit tokens for CiscoWorks NCM to successfully import devices.

Solaris and SecurID

Configuring CiscoWorks NCM to use SecurID as the authentication method can cause the management service to crash. The SecurID libraries provided by RSA are the source of the problem. Currently, the problem can occur on Solaris 10 with a version string of SunOS 5.10 Generic_118833-22, while version SunOS 5.10 Generic_120011-14 works fine. Please update your OS to at least this version if you are experiencing problems with SecurID on Solaris until this issue can be resolved.

Using SCP on Linux and Solaris

The Secure Copy (SCP) Transfer Protocol enables you to securely transfer files between a local and remote host or between two remote hosts using the Secure Shell (SSH) protocol. When using SCP on a Linux platform, you will need to modify your system's SSH daemon (SSHD) to run on an alternate port and restart the SSHD service. Port 8022 is recommended.

Once the system's SSHD is reconfigured, you can restart CiscoWorks NCM so that it can bind to Port 22. System administrators will need to ssh -p 8022 username@host to login via the system's SSHD after the change is made.


Note Use ssh username@host for a direct connection to the CiscoWorks NCM proxy.


When logged-in to CiscoWorks NCM, you can navigate to the Device Access page (Admin- > Administrative Settings- > Device Access). Scroll down to the SSH Device Access field. Enter a SSH User and SSH Password. The device driver will use this information when copying files to the CiscoWorks NCM server.


Note The device specific settings must be configured to enable SCP and SSH to function properly. In addition, the device and the device driver must support SCP to use the CiscoWorks NCM SSH server for SCP.


To use SCP with remote Realms, the SCP connection must be made back to the managing CiscoWorks NCM server. A SCP connection to the CiscoWorks NCM Gateway will not succeed because the CiscoWorks NCM Gateway runs the Linux and Solaris system SSHD. The CiscoWorks NCM Gateway sets the host to the CiscoWorks NCM Gateway and not the managing CiscoWorks NCM Core. This can be overridden by setting an access variable (TFTPServer) to the IP address of the managing CiscoWorks NCM Core. Refer to the User's Guide for CiscoWorks Network Compliance Manager, 1.5 for detailed information.

Using SCP

The SSH protocol runs on port 22. Secure Copy (SCP) is a data transfer mechanism that uses the SSH protocol. By default, Linux and Solaris installs run on port 8022. Windows installs run on port 22. For Windows installs, if the port is switched to 8022, there could be connectivity issues. (Because most devices do not allow for the specification of an alternate port, this issue if uncommon.)


Note SCP will not work if the device is in a remote Realm and access to the device is managed via a CiscoWorks NCM Satellite. You must run the CiscoWorks NCM SSHD proxy on port 22. If you use port 8022 on any platform, SCP copies from a device to CiscoWorks NCM will not work. Refer to the Satellite User's Guide for CiscoWorks Network Compliance Manager for information on configuring CiscoWorks NCM Satellites.


Using a Non-English Operating System

When running CiscoWorks NCM on a non-English operating system, unreadable text is displayed in the Password Information section on the Edit Device page when you select a Partition from the drop-down menu.

Auto-remediation Scripts

When creating an Auto-remediation script on the New Policy Rule page, if you input extended characters in the Rule Conditions field, it will produce unreadable text.

Proxy Interface

If you login to CiscoWorks NCM as a limited access user and attempt to connect to a device via the proxy interface, you will be dropped at the username/password prompt.

Searching for Diagnostics

When searching for diagnostics, in the list of diagnostic types, there are two options for the CiscoWorks NCM Topology Data Gathering diagnostic: CiscoWorks NCM Topology Data Gathering and Topology. Selecting either will search for the CiscoWorks NCM Topology Data Gathering diagnostic.

SNMP Timeouts

Using SNMP device discovery over networks with latency can cause SNMP timeouts. To resolve this issue:

1. Login to CiscoWorks NCM.

2. Navigate Admin- > Administrative Settings- > Device Access. The Administrative Settings - Device Access page opens.

3. Scroll down to the Detect Network Devices Task Settings section and set SNMP Timeout to a higher value, for example 2500 (milliseconds).

-sync Option

When Workflow is enabled, attempting to run a CLI or API task with the -sync option will fail with a No such directory error.

Database Passwords

Any CiscoWorks NCM user input cannot contain multiple dollar signs ($$). As a result, if the password you use to connect to the database contains multiple dollar signs, you must modify the password before installing CiscoWorks NCM.

Installation Address

The IPv4 address range 169.254.0.0/16 is reserved for link-local usage (referred to as APIPA: Automatic Private Internet Protocol Addressing, by Microsoft) and is not applicable addressing for a network application server such as CiscoWorks NCM. For more information, refer to http://www.ietf.org/ (rfc3330 and rfc3927).

SSH Communication

CiscoWorks NCM utilizes a new set of keys for SSH communication. In previous releases, CiscoWorks NCM used one Digital Signature Algorithm (DSA) key for all installations. When you install CiscoWorks NCM, CiscoWorks NCM creates two new 1024 bit keys. The first key uses the DSA algorithm. The second key uses the RSA algorithm. These keys are used when you connects to CiscoWorks NCM via SSH.

Custom Data Setup

Custom data fields enable you to assign useful data to specific devices, configurations, users, and so on. This gives you added flexibility and enables you to integrate CiscoWorks NCM with other applications.

To add custom data, navigate Admin- > Custom Data Setup. The Custom Data Setup page opens. Custom data field can include alphanumerics and underscores. While you can use dashes, custom data field names with dashes cannot be used with the tc_device_custom device variables in custom scripts.

Advanced ACL Scripts

Selecting the Update Script button when specifying an advanced ACL script can lock-in values. As a result, running (or re-running) the script could result in variables not being updated properly.

Workaround: Avoid using the Update Script button with advanced ACL scripts.

Use of Dollar Signs ($) in Scripts

If generating a script from a Telnet/SSH session log, the script will fail or perform in unexpected ways if the session contains dollar signs ($) in the executed commands.

OS Analysis Task

When using CiscoWorks NCM in an environment with overlapping IP addresses, the OS Analysis task is not supported for devices behind remote Realm gateways. OS Analysis tasks run on devices in the locally reachable network. This could result in an image recommendation being incorrect for devices behind the gateway. Keep in mind that CiscoWorks NCM will report OS recommendations for a device in the default Realm instead of a remote Realm if they share an IP address.

Device Tasks Ignores the User-defined enforce_save Device Variable

Device tasks that modify a device's configuration, such as the Deploy Password or Deploy Configuration tasks ignore the setting for the enforce_save device access setting. As a result, the current configuration is always saved to startup (via a mechanism such as write memory).

Workaround: The DeviceInteraction/EnforceConfigurationSave/ConfiguringModels configuration option (in appserver.rcx) can be set to false. This has the effect of disabling the save from running to startup configuration for all device tasks that reconfigure the device.

Email Report Task

When scheduling an Email Report task, if you select a report other than Summary Reports in the Reports to run field, the task is reported as failed. However, the report is successfully emailed to the recipient. Please disregard the error message.

Template Scripts

When using template scripts (such as Batch insert line into ACL by handle), selecting the Run Again option will rerun the same script. Attempting to change fields will not change the script that is run.

CiscoWorks NCM Core Gateways

You cannot configure redundant CiscoWorks NCM Core Gateways in the same CiscoWorks NCM Realm as a single CiscoWorks NCM Core.

Workaround: Edit the adjustable_options.rcx file and add the other CiscoWorks NCM Core Gateways' IP address(es):

<array name="rpc/allowed_ips">

<value>10.255.54.10</value>

</array>

Potential for Task Failure when Using Reserved CiscoWorks NCM Characters in Device Prompts

There are eleven characters with special meanings to CiscoWorks NCM:

* Opening square bracket ( [ )

* Opening round bracket and the closing round bracket ( ( ) ).

* Backslash ( \ )

* Caret ( ^ )

* Dollar sign ( $ )

* Period or dot ( . )

* Vertical bar or pipe symbol ( | )

* Question mark ( ? )

* Asterisk or star ( * )

* Plus sign ( + )

If you use these characters in a device prompt, there is the possibility that null pointer exception errors could occur during tasks execution. As a result, the task will fail. These characters should not be used when naming devices that interact with CiscoWorks NCM.

Oracle Database Errors Cause Failed Tasks and Other Issues

Oracle database errors cause failed tasks and other issues due to a bug in the JDBC Oracle driver. As a result, it is possible for the driver to cause database errors—causing tasks to fail and other issues. The error message information is OALL8 is in an inconsistent state.

Workaround: It is recommend that you update your version of Oracle Database Server.

ACLs with the Same Name, but Different Case in CiscoWorks NCM, is Not Recommended

CiscoWorks NCM supports case-sensitivity in ACL names. As a result, you can have two ACLs with the same name, but different case. If you delete one of those ACLs, however, all ACLs with the same name are deleted, regardless of the case. Cisco does not recommend multiple ACLs with the same name, but differing case in CiscoWorks NCM.

Use of the Dollar Sign ($) in Perl Code

If you convert a Telnet/SSH Proxy session that contains a dollar sign ($) to Perl (such as a script that puts a $ in the banner), CiscoWorks NCM does not properly escape the dollar sign ($) in the generated Perl code.

Workaround: Edit the script and put a backslash (\) in front of the dollar sign ($).

Downloading Software Images from Cisco.com

You can download software images from Cisco.com for devices that are not currently in your CiscoWorks NCM system. However, to be able to successfully deploy the software image, you may need to modify the driver and/or model information.

Workaround:

1. Navigate Devices- > Device Tools- > Software Images. The Software Images page opens.

2. In the Action column, click Edit for the software image you want modify. The Edit Software Image page opens.

3. In the Image Set Requirements field, modify the driver and/or model information to be compatible with the device in CiscoWorks NCM.

4. Click Save Software.

High Availability Distributed System: Importing Devices

If you import two devices with identical IP addresses into two separate CiscoWorks NCM Cores at approximately the same time, there is currently no way to detect the possibility of a duplicated device.

Workaround: Manually run the Deduplication task after importing devices. One device will be automatically de-duplicated and set to Inactive. (Refer to Chapter 7, Scheduling Tasks, in the User's Guide for CiscoWorks Network Compliance Manager, 1.5 for information on running the Deduplication task.)

High Availability Distributed System on SQL Server

If you see a conflict for which the reason_text field does not reference a constraint name, it is possible that CiscoWorks NCM automatically resolved the conflict. However, you might have to manually resolve the conflict. In the former case, simply delete the conflict. In the latter case, make the appropriate corrections and then delete the conflict. The following is an example of a reason_text field from a conflict that does not reference a constraint name:

reason_text A row insert at 'red-dalmssql102.ds2880db2' could not be propagated to 'RED-DALMSSQL101.ds2880db1'. This failure can be caused by a constraint violation. The merge process was unable to synchronize the row.

Detect Network Devices Task

The CiscoWorks NCM system prevents you from inadvertently running more than one Detect Network Devices task concurrently. Although the Detect Network Devices task generates only a minimal level of traffic, CiscoWorks NCM provides this protection to help minimize additional traffic when running duplicate or additional Detect Network Devices tasks simultaneously. If a second or third Detect Network Devices task is scheduled while an earlier Detect Network Devices task is running, CiscoWorks NCM will place the new task(s) in the Waiting state. The task(s) will run individually after the first Detect Network Devices task has completed.

Batch Editing Parent Device Groups or Device Groups with No Devices Results in Invalid Error Message

When you batch edit parent device groups or device groups/partitions that have no devices, an invalid error message is displayed: You do not have Modify Device Permission for any of the devices you selected.

Workaround: To batch edit all devices in a parent device group, do a batch edit against each child group in the parent device group.

Diagramming

CiscoWorks NCM applies an absolute value for the text height attribute for interface and port labels shown in Visio diagrams. When the Visio VDX file is loaded, Visio assigns an incorrect formula to the text height attribute. As a result, when you have more than two lines of annotated text (i.e. a label) for an interface or port and you attempt to copy & paste, the label of the new interface or port is displayed improperly and could hide the interface or port icon.

Workaround: Click the Text Tool option on the Visio tool bar and move the label so as to expose the interface or port icon.

Passing Your CiscoWorks NCM Password to Advanced Scripts

When using advanced scripts, $tc_user_password$ does not work.

Workaround: Use $Password$ instead of $tc_user_password. Note that $Password$ can only be used in the Parameters part of the advanced script, so you'll need to add code to your script to get the password from the command line arguments when the script runs.

High Availability Distributed System Performance

When running a Distributed System, if you are deleting many objects simultaneously, the system may take a while to push transactions for large delete operations.

High Availability Distributed System External Authentication

When using external authentication in a High Availability Distributed System environment, the External Authentication Type, for example TACACS+ or Active Directory, is global (i.e., shared between all CiscoWorks NCM Cores). Specific authentication server information is CiscoWorks NCM Core specific.

Workaround: Set the External Authentication Type to None on the Administrative Settings- > User Authentication page. Configure each CiscoWorks NCM Core individually with authentication server information or Active Directory setup. After all CiscoWorks NCM Cores have been configured, set the External Authentication Type on any CiscoWorks NCM Core. The External Authentication Type setting is replicated to all CiscoWorks NCM Cores.

RADIUS External Authentication

When setting up a user to authenticate using RADIUS, if the RADIUS server does not respond, CiscoWorks NCM still authenticates the user against the CiscoWorks NCM local password, even if you instruct CiscoWorks NCM not to fail-over on external authentication.

Scripts: Output Results in HTML Format

When executing an advanced script or a Run External Application task, any text that the advanced script or external application writes to 'stdout' is stored in CiscoWorks NCM as the task result. Typically, this output is treated and displayed as plaintext. As a result, before CiscoWorks NCM displays the task results, it will escape any characters that would affect the HTML rendering, for example converting < to &lt;.

However, you may want to create an advanced script that outputs its results in HTML format. In this case, none of the output characters would be escaped, so the results displayed would include any applicable HTML formatting. To indicate to CiscoWorks NCM that your script outputs HTML results, the first item that your script writes to stdout must be <html>. If your script output begins with anything other than <html>, the script results will be treated as plaintext.

Nmap Scanning

Careful consideration should be taken when identifying the network range you are going to scan. Some network topologies can result in very long scans. In addition, it is recommended that you do not scan Internet addresses. If you think your Nmap scan will take more than a few minutes, you can use several Nmap options, for example --max_scan_delay <milliseconds>, setting <milliseconds> to a value between 1 and 1000. Nmap will throttle up to 1000ms max as packets are dropped.

Keep in mind that Nmap settings can be changed using the Administrative Settings option under Admin on the menu bar, and selecting the Device Access option. Please refer to the Nmap documentation at www.insecure.org for detailed Nmap information.

SecurID Software Token Software, Version 3.x

If the CiscoWorks NCM server is installed with the 3.x SecurID token software, turn off copy protection when exporting SecurID software token keys on the RSA server. Otherwise, CiscoWorks NCM reports an error when accessing SecurID software tokens. A patched version of the SecurID software is available at RSA's website http://www.rsasecurity.com.

Canceling or Deleting Tasks

Some CiscoWorks NCM tasks will spawn external processes to run PERL or Expect scripts, or to run user-provided executables or shell scripts. Under certain circumstances, CiscoWorks NCM may not be able to kill these external processes when the spawning task is cancelled or deleted. This could include scripts that spawn sub-processes or processes that are coded to catch kill signals.

Workaround: Manually stop the external process on the CiscoWorks NCM server.

Deploy to Startup Config and Reboot not Supported via SNMP

CiscoWorks NCM can deploy a configuration file to the startup configuration and reboot the device via command line only. If the device is configured for SNMP access only (see the Device Driver Reference), deploy startup and reboot will fail.

Tasks: Running External Application Tasks Presents a Possible Security Risk

All Run External Application tasks run the application with root (UNIX) or system (Windows) privileges. This is a potential security risk that should be acknowledged by the System Administrator before using the Run External Application feature.

Tasks: A Task Scheduled for the 31st Might Run on the 1st

If you schedule a monthly recurring task for the 31st of every month and that task runs during a month that contains fewer than 31 days, CiscoWorks NCM will run the task on the 1st, 2nd, or 3rd day of the next month depending on how many days less than 31 the previous month contains. For example, if you schedule a task in February (with 28 days) for the 30th, the task will actually run on March 2nd. If you want to run the task on the last day of the month, you must set the date correctly.

Inventory: Data from Device Overwrites Manually Entered Values

Certain data on the Device Details page (and other pages) is auto-populated. If you manually change the data, CiscoWorks NCM overwrites the values when the next snapshot occurs. The device-specific values are listed in the Device Driver Reference per device.

The automatically populated data includes:

Domain Name

Host Name

Model

Serial Number

Location

Vendor

Console Server: SSH Access is not Supported

CiscoWorks NCM does not support console server access via SSH. If you use a console server to access a device, you must use the Telnet connectivity. In other words, on the New Device page/Edit Device page, if Use to access device is checked in the Console Server Information section, you should make sure that the Telnet option in the Connection Information section is also checked.

Sending Reports to External Email Addresses

Even though you may have properly configured CiscoWorks NCM to contact your SMTP server, for network security reasons your SMTP server could have been configured to reject messages from the CiscoWorks NCM server address. In this case, you would see the following error message, and any CiscoWorks NCM messages would not be delivered.

Error occurred when sending email. Please check the email address and/or your SMTP server settings.

If this occurs, you will need to configure the SMTP server to enable the CiscoWorks NCM server to relay email messages through it.

Resolved Problems

The following table lists the problems that were resolved in CiscoWorks Network Compliance Manager, Release 1.5.

Table 2 Problems Resolved in CiscoWorks NCM Release 1.5 

DDTS Number
Description

CSCsr66918

While deploying the IOS XR image on device, the option to Reboot device after image update, is not suitable for IOS XR.

CSCsr66956

Device disk space is incorrectly shown for IOS XR/CRS-1.

CSCsx03029

Need a way to exit Service Pack installer.

CSCsx18134

User will see previous CWNCM version on the License information page.

CSCsx18560

Service Pack installer for CiscoWorks NCM 1.4 will not update CNC and EOX.

CSCsx30597

Error message shown with html code.

CSCsx30625

The CiscoWorks NCM Doc folder contains wrong version or branded documents.

CSCsx30638

Link to CiscoWorks NCM documentation from Docs UI page is not reliable.

CSCsx35323

Cannot SSH to CiscoWorks NCM server.

CSCsx39856

Deploy Remote Agent to Satellite Gateway failed.


Known Limitations and Problems

This section contains information about the limitations and problems known to exist in CiscoWorks NCM, Release 1.5.

Licensing not found issue

Description: If while logging into CiscoWorks NCM Server, the server throws an error saying No Valid License found, then check the following:

a) Make sure that all license files are installed under CiscoWorks NCM install folder.

b) Make sure that there are no lingering expired license file(s), especially Evaluation license in the CiscoWorks NCM install folder.

c) Make sure that the output of the command <CWNCM_install_Dir>/server/ext/wrapper/bin/lmutil lmhostid output matches the hostid on the license file. Do not modify the license file.

CSCsk95754—SNMPv3 Engine Id check is not needed.

Description: For a device which has SNMP-v3 configured, from Inventory, select the device. Navigate View > Device Details  > Software Upgrade Recommendation. Select any image to launch the details. Following warning message will be displayed in the details:

SWIM1094: SNMP-V3 parameters is incorrect or not available for the device. Check 
whether the SNMP-V3 password, SNMP-V3 algorithm, and SNMP-V3 engine ID is 
configured for the device.

Workaround: Ignore the message if the SNMP-V3 password and SNMP-V3 Algorithm are configured correctly.

CSCsx38253—SWIM process status is incorrect.

Description: From a terminal, enter /etc/init.d/truecontrol status to make sure all services are running normally. Navigate Admin > Start/Stop Services, and stop the Software Image Management Server.

The error message displays: Unable to stop the TrueControl SWIM Server service.

From a terminal, /etc/init.d/truecontrol status shows that the SWIM process is not running.

Workaround: Ignore the error message panel. Directly check the TrueControl SWIM server status with the Services application on Windows platforms and /etc/init.d/truecontrol status on Linux or Solaris platforms.

CSCsx39856—Deploy Remote Agent to Satellite Gateway failed.

Description: Deploy Remote Agent fails with root shell prompt in the format such as ncm-sol2:/> on the satellite gateway. It seems that Expect could not resolve the combination of characters from that prompt. This situation only appears on Linux and Solaris platforms.

Workaround: Avoid using Unix system prompt with a combination of characters such as ncm-sol2:/>. The prime suspect characters are : /.

CSCtd63942—!: not found

Description: The warning message !: not found displays on Solaris installations. For example:

-bash-3.00# ncm/Solaris_5830-111009_setup.bin

Preparing to install...

ncm/Solaris_5830-111009_setup.bin: !: not found

Extracting the JRE from the installer archive...

Unpacking the JRE...

Workaround: This message does not indicate a problem and is meaningless. No work around is needed.

CSCtd69969—Device Selector sometimes does not work with Firefox 3.5 or higher.

Description: Race condition is more pronounced with Firefox 3.5 or higher.

Workaround: Use Internet Explorer in place of Firefox 3.5 or higher; use and older version of Firefox; or start the task again. It usually works on the second attempt.

Accessing the CiscoWorks NCM Documentation Set

You can access the entire CiscoWorks Network Compliance Manager documentation set from the following Cisco.com URL:

http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html

From here you can navigate to any documentation for CiscoWorks NCM you will need.


Tip To cut and paste a two-line URL into the address field of your browser, you must cut and paste each line separately to get the entire URL without a break.



Note All documentation, including this document and any or all of the parts of the CiscoWorks NCM documentation set, might be upgraded over time. Therefore, we recommend you access the CiscoWorks NCM documentation set using the Cisco.com URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html


The Docs tab visible from within Network Compliance Manager might not include links to the latest documents.

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].