User Guide for Resource Manager Essentials 4.1.1 (With LMS 3.0 December 2007 Update)
Chapter 9 : Making and Deploying Configuration Changes Using NetConfig
Downloads: This chapterpdf (PDF - 1.54MB) The complete bookPDF (PDF - 25.9MB) | Feedback

Making and Deploying Configuration Changes Using NetConfig

Table Of Contents

Making and Deploying Configuration Changes Using NetConfig

NetConfig Tasks

Preparing to Use NetConfig

Verifying Device Credentials

Modifying Device Security

Verifying Device Prompts

Configuring Default Job Policies (Optional)

Assigning Task Access Privileges to Users (Optional)

Enabling Job Approval (Optional)

Rolling Back Configuration Changes

Creating Rollback Commands

Configuring a Job to Roll Back on Failure

Understanding NetConfig User Permissions

Job Approval Permissions

User-defined Tasks Permissions

Administrator Task Permissions

Job Editing Permissions

Using the NetConfig Tab

Starting a New NetConfig Job

Browsing and Editing Jobs Using the NetConfig Job Browser

Viewing Job Details

Setting Job Approvers

Configuring Default NetConfig Job Policies

Password Policy for NetConfig Jobs

Setting the Transport Protocol Order for NetConfig Jobs

Creating and Editing User-defined Tasks

Parameterized Templates

Assigning Tasks to Users

Handling Interactive Commands

Using NetConfig User-defined Templates and Adhoc Tasks

Handling Multi-line Commands

Using System-defined Tasks

Understanding the System-defined Task User Interface (Dialog Box)

Adhoc Task

Authentication Proxy Task

Banner Task

CDP Task

Certification Authority Task

Crypto Map Task

DNS Task

Enable Password Task

HTTP Server Task

Local Username Task

IGMP Configuration Task

Interface IP Address Configuration Task

Internet Key Exchange (IKE) Configuration Task

NTP Server Configuration Task

RADIUS Server Configuration Task

RCP Configuration Task

Reload Task

SNMP Community Configuration Task

SNMP Security Configuration Task

SNMP Traps Configuration Task

Syslog Task

SSH Configuration Task

TACACS Configuration Task

TACACS+ Configuration Task

Telnet Password Configuration Task

Transform System-Defined Task

Web User Task

Use-defined Protocol Task

Cable BPI/BPI+ Task

Cable DHCP-GiAddr and Helper Task

Cable Downstream Task

Cable Upstream Task

Cable Interface Bundling Task

Cable Spectrum Management Task

Cable Trap Source Task

cwcli netconfig

Use Case: Using NetConfig Templates to change configurations for many devices


Making and Deploying Configuration Changes Using NetConfig


NetConfig allows you to make configuration changes to your network devices, whose configurations are archived in the Configuration Archive. NetConfig is a part of RME Configuration Management applications.

It provides easy access to the configuration files for all RME supported devices.

NetConfig automatically updates the Configuration Archive when it makes device configuration changes.

NetConfig provides many advantages over configuring devices from the CLI. For example, you can:

Schedule jobs for future execution. You can schedule periodic jobs.

Use configuration tasks to make configuration changes more easily and reliably.

Run multiple commands during a job.

Run commands on multiple devices during a job.

Use the Job Approval application to require approval before a job can run.

Roll back configuration changes made to devices when a job fails.

NetConfig Tasks

As a NetConfig user, you can:

Define and schedule NetConfig jobs:

To make configuration changes to managed devices, you define and schedule NetConfig jobs using the job definition wizard. You can use configuration tasks (system-defined or user-defined) to create the configuration commands that you want to apply to devices.

Browse and edit NetConfig jobs:

You can browse all NetConfig jobs on your system and edit, copy, stop, retry or delete them. For more information about a particular job, you can click the job details by clicking on the hyperlink of the Job ID in the NetConfig Job Browser.

Use the command line interface for NetConfig jobs:

You can use the cwcli command line interface to create and schedule NetConfig jobs from the command line.

As a NetConfig administrator, you can:

Create User-defined tasks:

You can create your own user-defined tasks containing any configuration or rollback commands, and download them to a set of selected devices. You enter the configuration commands by typing them or by importing them from a file.

User-defined tasks can be parameterized. That is, they can contain variables that take values from a specified file that resides on the RME server.

Assign tasks:

As a network administrator, you can assign access to execute tasks, to CiscoWorks users with network operator privilege. You can assign one or more task, to one or more users. By default, only network administrators (users with Network Administrator permissions) can use configuration tasks.

Separate protocol ordering for configuration deploy and fetch operations

You can separately specify the protocol order for configuration download and update operations, for NetConfig jobs. This feature enables you to use your preferred protocols for downloading and fetching configuration.

For example, you can use Telnet to download configuration to the device, and TFTP to fetch the configuration, thus improving the overall performance of NetConfig.

Set the default NetConfig job policies

Each NetConfig job has job properties (including enabling job password) that define how the job will execute. You can configure defaults for these properties that will be applied to all future jobs. You can specify for each property whether users can change the default when creating a job.

See Understanding NetConfig User Permissions.

For the new features in this release, see What's New in this Release.


Note You can select the log level settings for the NetConfig application using the feature Application Log Level Settings (Resource Manager Essentials > Admin > System Preferences > Loglevel Settings).


Preparing to Use NetConfig

Verifying Device Credentials.

Verifying Device Credentials

Modifying Device Security

Verifying Device Prompts

Configuring Default Job Policies (Optional)

Assigning Task Access Privileges to Users (Optional)

Enabling Job Approval (Optional)

Verifying Device Credentials

To verify that every device you want to configure has correct credentials in Device and Credential Repository, use the Device Credential Verification option (Resource Manager Essentials > Devices > Device Management > Device Credential Verification).

For more details see the topic Checking and Viewing Device Credentials in the section Adding and Troubleshooting Devices Using Device Management.

NetConfig must have access to the credentials to make device configuration changes.

Modifying Device Security

NetConfig must be able to run certain commands on devices to configure them. You must disable security that prohibits NetConfig from running these commands.

For the list of commands, see the topic Modifying Device Security in the section Archiving Configurations and Managing Them Using Archive Management.

Verifying Device Prompts

NetConfig requires particular CLI prompt formats:

If the telnet transport mechanism is used, the following prompts are applicable.

For IOS-based devices, Content Engine devices, and Content Service Switch devices:

The login prompt must end with a greater-than symbol (>).

The enable prompt must end with a pound sign (#).

For Catalyst devices:

The login prompt must end with a greater-than symbol (>).

The enable prompt must end with the text (enable).

If the secure shell (SSH) transport mechanism is used, the following prompts are applicable.

For IOS-based devices, Content Engine devices, and Content Service Switch devices:

The login prompt may end with any one of the following: (>), (#), (:), (%).

The enable prompt must end with a pound sign (#).

For Catalyst devices:

The login prompt may end with any one of the following: (>), (#), (:), (%).

The enable prompt must end with the text (enable).

Default prompts use this formatting. If you have changed your defaults, verify that the prompts meet these requirements, and change them if they do not.

Configuring Default Job Policies (Optional)

NetConfig jobs have properties that determine how they run. You can configure default job policies (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) that apply to all NetConfig jobs.

For more details see the topic Configuring Default Job Policies in the section Archiving Configurations and Managing Them Using Archive Management.

Assigning Task Access Privileges to Users (Optional)

You can assign task access privileges that determine which configuration tasks each user can use to create NetConfig jobs. See Understanding NetConfig User Permissions.

Enabling Job Approval (Optional)

You can enable Job Approval, (Resource Manager Essentials > Admin > Approval > Approval Policies) which means all jobs require approval before they can run.

For more details see the topic Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.

Rolling Back Configuration Changes

NetConfig lets you roll back (undo) the configuration changes made to network devices if a job does not complete. How rollback commands (the configuration commands that are used to roll back the configuration changes) are created depends on how the job was created.

You must configure a NetConfig job to automatically roll back configuration changes if the job fails to complete.

NetConfig can rollback configuration only devices whose configurations are archived in the Configuration Archive. For details see Archiving Configurations and Managing Them Using Archive Management.

To verify that devices have an archived configuration and troubleshoot those that do not, use the Configuration Archival Summary dialog box (Resource Manager Essentials > Config Mgmt > Archive Mgmt). For more details see the topic Checking Configuration Archival Status in the section Archiving Configurations and Managing Them Using Archive Management.

Creating Rollback Commands

You can create rollback commands for a job in the following ways:

If you use a system-defined task, rollback commands are created automatically by the task.

If you create a user-defined task, you can enter rollback commands into the task.

Configuring a Job to Roll Back on Failure

You can define a job failure policy so it automatically rolls back configuration changes if the job fails to run. You can select one of several rollback options:

Rollback device and stop—Rolls back the changes on the failed device and stops the job.

Rollback device and continue—Rolls back the changes on the failed device and continues the job.

Rollback job on failure—Rolls back the changes on all devices and stops the job.

Understanding NetConfig User Permissions

Access to NetConfig functionality is controlled by permissions.

Users with only Help Desk permissions cannot use NetConfig as this option will not be displayed for these users. Other users can use NetConfig, but their access to functionality is controlled by permissions.

In your application, see the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform the required NetConfig task.

Job Approval Permissions

Only users with Approver permissions can approve NetConfig jobs. Jobs must be approved before they can run if Job Approval is enabled on the system.

For more details see the topic Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.

User-defined Tasks Permissions

By default, only users with Network Administrator permissions can create user-defined configuration tasks (see Creating and Editing User-defined Tasks).A network administrator must give other users permission to use them on a task-by-task basis.

Administrator Task Permissions

Only users with Network Administrator permissions can perform administrator tasks, which are listed in the NetConfig Admin menu. Other users will not see this menu.

Administrator tasks are:

Assigning tasks to users.

Configuring default job properties.

Creating and editing user-defined tasks.

For user permissions, see Understanding NetConfig User Permissions.

Job Editing Permissions

After a NetConfig job is created, the owner, another user with the owner's privileges, or a network administrator can:

Copy a job.

Edit a job

Retry a job

Delete a job

Stop a job while it is running.

Using the NetConfig Tab

The NetConfig tab of RME enables you to do the following tasks:

Create or edit NetConfig jobs, using the NetConfig job browser. You can also copy, retry, stop or delete jobs. You can run a job immediately. You can also schedule a job to run at a specified time, once, or periodically. See:

Starting a New NetConfig Job

Browsing and Editing Jobs Using the NetConfig Job Browser

Create your own NetConfig tasks and run them on a selected set of devices. See Creating and Editing User-defined Tasks.

Assign tasks to users. You can assign one or more tasks, to one or more users. See Assigning Tasks to Users.

Starting a New NetConfig Job

Use the job definition wizard to create and schedule a NetConfig job.

To browse and edit jobs using the NetConfig job browser, see Browsing and Editing Jobs Using the NetConfig Job Browser.

Ensure that you have set the:

Transport protocol order for your job using Resource Manager Essentials > Admin > Config Mgmt.

For more details see the topic Configuring Transport Protocols in the section Archiving Configurations and Managing Them Using Archive Management.

Job and password policy for your job using Resource Manager Essentials > Admin > Config Mgmt >Config Job Policies before starting a new NetConfig job.

For more details see the topic Configuring Default Job Policies in the section Archiving Configurations and Managing Them Using Archive Management.


Note View the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.


To start a new NetConfig job:


Step 1 Select Resource Manager Essentials > Config Mgmt > NetConfig > NetConfig Jobs.

The NetConfig Job Browser appears.

For the fields in the NetConfig Job Browser, see Browsing and Editing Jobs Using the NetConfig Job Browser.

Step 2 Click Create.

The Devices and Tasks dialog box appears, with these panes:

Pane
Description

Device Selector

Allows you to select the devices on which the NetConfig job has to run. You can select multiple device categories. Only in the case of cable devices, you should select only one device for which to create a job.

Task Selector

Allows you to select the system-defined tasks or user-defined tasks that you want to run on the selected devices.

For descriptions of system-defined tasks and the device categories they support, see Using System-defined Tasks.

For creating and using User-defined tasks, see Creating and Editing User-defined Tasks.


Step 3 Select the devices from the Device Selector pane.

See the topic Using RME Device Selector in the section Adding and Troubleshooting Devices Using Device Management.

Step 4 Select the required task from the All tab, using the Task Selector.

You can select one or more task at a time. Your selection appears in the Selection pane.

Step 5 Click Next.

The Add Tasks dialog box appears with these panes:

Pane
Description

Applicable Tasks

Allows you to add a task. The task that you selected using the Task Selector, appears here.

From your selection, only the tasks that are applicable to at least one device that you have selected, appear here. If the task that you have selected does not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane.

Select a task and click Add to create an instance for the task (see Step 6).

Added Instances

Allows you to edit the task instance you have added, view its CLI, or delete it. Select the instance of the task, and click the required button (see Table 9-1).


The buttons available in this page are:

Table 9-1 Tasks Performed by Buttons in the Added Instances Pane 

Buttons
Description

Edit

Task pop-up opens with previously assigned values. You can modify these values and click Save.

View CLI

Device Commands pop-up opens with the list of applicable devices and their corresponding CLI commands. Devices in your selection for which the commands are not applicable, are also displayed as Non-Applicable Devices. Click Close to close the pop-up window.

You can modify an instance of a configuration task (and its configuration commands) at any time before the job is scheduled.

Delete

Deletes the selected task instance. You can delete an instance of a configuration task (and its configuration commands) at any time before the job is scheduled.


Step 6 Select an applicable task from the Applicable Tasks pane and click Add.

The Task (system-defined or user-defined) pop-up appears for the selected task.

Step 7 Set the parameters in the task dialog box and click Save.

(To reset the values that you have selected click Reset. Click Cancel to return to the previous dialog box, without saving your changes.)

You will see the instance of the task in the Added Tasks pane of the Add Tasks dialog box. The instance appears in this format:

Taskname_n, where Taskname is the name of the task you have added, and n is the number of the instance. For example, the first instance of a Banner task is Banner_1.

You can add as many instances as required, for a task.

Step 8 Click Next.

The Job Schedule and Options dialog box appears with these panes:

Pane
Description
Scheduling

Allows you to schedule the job.

Job Options

Allows you to set the job options.


Step 9 Set the schedule for the job, in the Scheduling pane:

Field
Description
Scheduling

Run Type

Select the run type or frequency for the job—Immediate, Once, Daily, Weekly, Monthly, or Last Day of Month.

If Job Approval is enabled, the Immediate option is not available.

Date

Select the start date for the job.

at

Select the start time for the job from the hour and minute drop-down lists.

Job Info

Job Description

Enter the Job Description. Make each description unique so you can easily identify jobs. This is mandatory.

E-mail

Enter e-mail addresses to which the job will send status notices. Separate multiple addresses with commas or semicolons.

You must configure the SMTP server to send e-mails (Common Services > Server > Admin > System Preferences).

If the user who has created the job has a valid e-mail address, an e-mail notification is sent with the user's address in the sender address field, when job is started and completed.

If the user who has created the job does not have a valid e-mail address, then the notification e-mails will be sent with the sender address field blank.

Notification e-mails include a URL that displays the job details (see Viewing Job Details for the more information about what details are displayed). If you are not logged in, you must log in using the provided login panel to view the job details.

Comments

Enter your comments for the job. Comments appear in job work order and are stored in configuration archive.

Approver Comments

Enter comments for the job approver. This field is displayed only if you have enabled job approval for NetConfig. For more details the section Enabling Approval and Approving Jobs Using Job Approval.

Maker E-mail

Enter the e-mail-ID of the job creator. This field is displayed only if you have enabled job approval for NetConfig. This is a mandatory field. For more details the section Enabling Approval and Approving Jobs Using Job Approval.


Step 10 Set the job options, in the Job Options pane.

Field
Description

Fail on Mismatch of Config Versions

Select to cause job to be considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.

Sync Archive before Job Execution

Select to cause job to archive running configuration before making configuration changes.

Copy Running Config to Startup

Select to cause job to write the running configuration to the startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Enable Job Password

Login Username

Enter the Login Username. This option is available to you if you have set the appropriate job password policy in the Configuration Management module.

This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.

Login Password

Enter the job password. This option is available to you if you have set the appropriate job password policy in the Configuration Management module.

This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.

Enable Password

Enter the Enable password. This option is available to you if you have set the appropriate job password policy in the Configuration Management module.

This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.

Failure Policy

Select one of these options to specify what the job should do if it fails to run on a device.

Stop on failure:

If the job fails to execute on a device, the job is stopped. The database is updated only for the devices on which the job was executed successfully.

Ignore failure and continue—If the job fails on a device, the job skips the device and continues with the remaining devices.

The database is updated only for the devices on which the job was executed successfully.

Rollback device and stop—Rolls back the changes on the failed device and stops the job.

Rollback device and continue—Rolls back the changes on the failed device and continues the job.

Rollback job on failure—Rolls back the changes on all devices and stops the job.

Roll back configuration changes to failed device or all devices configured by job (see Configuring a Job to Roll Back on Failure.)

Execution

Specify the order in which the job should run on the devices.

Parallel—Allows the job to run on multiple devices at the same time. By default, the job runs on five devices at a time.

Sequential—Allows the job to run on only one device at a time.

If you select sequential execution, you can click Set Device Order to set the order of the devices.

In the Device Ordering dialog box:

a. Select a device name

b. Click Move Up or Move Down to change its place in the order.

c. Click OK to save the current order and close the dialog box

or

Click Cancel to close the dialog box without making any changes.


Step 11 Click Device Order to view the device order. The Set Device Order pop-up appears.

You can reset the order in which the job should be executed on the devices using the up and down arrows. When you are done, click Done. The pop-up closes.

Step 12 Click Next.

The Job Work Order dialog box appears with the general information about the job, the job policies, the job approval details (if you have enabled job approval), the device details, the task, and the CLI commands that will be executed on the selected devices as part of this job.

A sample work order is:

------------------------------------------------------------------

General Info

Owner: admin

Description: test job for documenting the workflow

Schedule Type: Run Once

Schedule Time: Mon Aug 22 12:45:00 IST 2011

--------------------------------------------------------------------

Job Policies

Failure Policy: Ignore failure and continue

E-mail Notification: Disabled

Execution Policy: Sequential

Fail on Mismatch of Config Versions : Disabled

Copy Running Config to Startup: Disabled

Sync Archive before Job Execution : Disabled

Job Password: Disabled

------------------------------------------------------------------

Job Approval Details

Job Approval: Disabled

------------------------------------------------------------------

Device Details

Device: 10.76.38.14

Task: Banner

Commands:

banner motd "welcome"

------------------------------------------------------------------

Step 13 Click Finish after you review the details of your job in the Job Work Order dialog box.

A notification message appears along with the Job ID. The newly created job appears in the NetConfig Job Browser.


Browsing and Editing Jobs Using the NetConfig Job Browser

You can browse the NetConfig jobs that are registered on the system. Using the NetConfig Job Browser dialog box you can also manage NetConfig jobs using the job browser. That is, you can edit, copy, retry, stop, or delete jobs using this job browser.

To create and start a new NetConfig job, see Starting a New NetConfig Job.


Note View Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.


To invoke the NetConfig job browser:

Select Resource Manager Essentials > Config Mgmt > NetConfig > NetConfig Jobs.

The NetConfig job browser dialog box appears with a detailed list of all scheduled report jobs.

The columns in the NetConfig job browser dialog box display the following information:

Column
Description

Job ID

Unique number assigned to job when it is created.

For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.

Click on the hyperlink to view the Job details (see Viewing Job Details).

Status

Status of the job:

Successful—When the job is successful.

Failed—When the job has failed.

The number, within brackets, next to Failed status indicates the count of the devices that had failed for that job. This count is displayed only if the status is Failed.

For example, If the status displays Failed(5), then the count of devices that had failed amounts to 5.

This count of failed devices is not displayed for jobs restored from RME 4.0.4 or lesser versions.

Cancelled—When the job has been stopped.

Running—When the job is in progress.

Waiting—When the job is waiting approval (if job approval has been enabled).

Rejected—When the job has been rejected (if job approval has been enabled).

Description

Description of the job, entered at the time of job creation.

Owner

Username of the job creator.

Scheduled at

Date and time at which the job was scheduled.

Completed at

Date and time at which the job was completed.

Schedule Type

Type of job schedule—Immediate, Once, Daily, Weekly, Monthly, Last day of the month.

You can specify when you want to run the NetConfig job.

To do this, select one of these options from the drop down menu:

Immediate—Runs the report immediately.

Once—Runs the report once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

Last Day of the Month—Runs the job on the last day of the month, beginning with the month that you specify.

For periodic jobs, the subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example: If you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed. If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, then the next job will start only at 10:00 a.m. on November 3.


Using the Filter by field in the NetConfig Job Browser, you can filter the jobs displayed in the browser.

You can filter the jobs displayed in the NetConfig Job Browser using any of the following criteria and clicking Filter:

Filter Criteria
Description

All

Select All to display all jobs in the job browser

Job ID

Select Job ID and enter the Job ID (s) that you want to display. For non-periodic job, the specified Job ID appears in the browser, for periodic jobs, all the instances of the selected Job ID will also be displayed in the browser.

Status

Select Status and then select any one of these:

Successful

Failed

Cancelled

Running

Scheduled

Approved

Waiting

Rejected

Description

Select Description and enter the first few letters or the complete description.

Owner

Select Owner and enter the user ID or the beginning of the user ID.

Schedule Type

Select the schedule type and select any one of these:

Immediate

Once

Daily

Weekly

Monthly

Last day of the month


Records for NetConfig jobs need to be purged periodically. You can schedule a default purge job for this purpose. For more details see the topic Job Purge in the section Setting System-wide Parameters Using System Preferences.

Refresh

(Icon)

Click on this icon to refresh the NetConfig job browser.


i

You can perform the following operations using the NetConfig job browser. (See Table 9-2):

Table 9-2 Operations Using the NetConfig Job Browser 

Button
Description
Usage Notes

Edit

Edits selected pending job.

The Job definition opens at the Devices and Tasks dialog box, with current information.

You can edit a job the same way you define and schedule a new job (see Starting a New NetConfig Job). The Job ID of an edited job remains unchanged.

Unless you own job, your login ID determines whether you can use this option.

If the job start time occurs during editing, it runs without edits. You can complete edits and schedulethe job to run again, but you cannot re-edit the job.

To prevent the job from running without edits, do one of the following:

Complete your edits before the job start time.

Cancelthe job and create a new one.

Copy

Copies selected job.

You can copy a job and give it a new schedule. The Job definition opens at the Devices and Tasks dialog box, with all your selections for the job that you are copying.

You can edit the copied job in the same way you define and schedule a new job (see Starting a New NetConfig Job). A new Job ID with the copied job details is created.

-

Retry

Retry a failed job.

The Job definition opens at the Devices and Tasks dialog box.

You can edit the job the same way you define and schedule a new job, except that you cannot add new devices or change the tasks for the job that you are retrying.

You can, however, select a few number of failed devices to retry the job.

Unless you own the job, your login determines whether you can use this option.

There may be some devices whose configuration has been downloaded; however, their running configuration has not been written to the Startup configuration.

You can perform Retry Job on these devices just as you can on a failed job.

Stop

Stops or cancels a running job.

You can stop/cancel a running job. You will be asked to confirm the cancellation of the job.

However, the job will be stopped only after the devices currently being processed are successfully completed. This is to ensure that no device is left in an inconsistent state.

If the job that you want to stop is a periodic job, you will also be asked whether you want to cancel all the instances of the job.

Click OK to cancel all instances.

If you click Cancel, only the selected instance of the job is cancelled. The next instance of the job will appear in the Job browser with the status Scheduled.

Unless you own the job, your login determines whether you can use this option.

You cannot re-start the stopped job. You can however copy the stopped job and Job ID.

Delete

Deletes the selected job from the job browser. You can select more than one job to delete.

You will be asked to confirm the deletion. If the job that you have selected for deletion is a periodic job, this message appears:

If you delete periodic jobs, or instances of a periodic job, that are yet to be run, the jobs will no longer run, nor will they be scheduled to be run again. You must then recreate the deleted jobs. Do you want to continue?

Click OK to confirm the deletion. The job, and its instances will be deleted.

You can delete a job that has been successful, failed, or stopped, but you cannot delete a running job.

Unless you own the job, your login determines whether you can use option.

You must stop a running job before you can delete it.


Viewing Job Details

From the Job Browser dialog box, you can learn more about any job by viewing its details.


Step 1 Go to the NetConfig Job Browser, click the Job ID hyperlink. (See Starting a New NetConfig Job to invoke the NetConfig Job Browser.)

The Job Details pop-up appears, displaying the day, date and time details in the header at the top of the report. The Job ID and the Status appear in the header of the report.

The Job Details dialog box has two panes. The left pane contains a table of contents for the job results. The results appear in the right pane.

Step 2 Click a page in the left pane to view its corresponding report in the right pane.

Double-click a folder in the left pane to open and close it.

If the folder has subfolders, the next level of subfolders appears under it. Otherwise, its corresponding report appears in the right pane.

The contents of the left pane depends on the state of the job. The left pane can contain:

Download Summary (in the Job Details folder).

Downloaded Devices (in the Device Details folder).

Work Order

Page/Folder
Description

Job Details

Download Summary

Click to display summary of completed job:

Download Summary:

Status

Start Time

End Time

Job Messages:

Pre-job Execution

Post-job Execution

Device Update:

Successful

Failed

Not attempted

Pending

Device Details

Downloaded Devices

Contains detailed job results for each device in a table:

Device—List of devices on which the job ran.

Status—Status of job (success, failure, etc.)

Message—For example, if the job failed on the device, the appropriate reason for failure is displayed. If the job was a success on that device, the message Download Successful is displayed.

You can filter the devices by selecting a status and clicking Filter.

This page displays the number of rows you have set for display in the Rows per Page field. You can increase the rows up to 50 in each page. You can navigate between the pages of the report using the navigation icons at the right bottom of this table.

Click on a device to view the details such as protocol, status and reason when applicable, task used and the CLI output for that device. These details appear in a pop-up window.

Double-click to display status folders that correspond to possible device status..

 
StatusFolder
Description
 

Update Successful

Devices were successfully updated

 

Update Failed

Devices were not successfully updated.

Includes devices on which rollback was attempted, regardless of whether it was successful.

 

Not Attempted

Job did not try to update devices, even though they were selected.

Usually occurs when a previous device failed and failure property was set to Stop on Failure.

Work Order

Click to display Job Work Order, which contains same the information as the workorder that was displayed when the job was created. (For the workorder details, see Step 12 in Starting a New NetConfig Job).

For retried jobs, the job definitions are not updated. For such jobs, the original job definitions are retained.


To perform actions, click one of the following (For detailed descriptions of these operations see Operations Using the NetConfig Job Browser in Table 9-2):

Edit

Copy

Retry`

Stop

Delete


Setting Job Approvers

If required, you can enable job approval for NetConfig jobs.

For more details see the topic Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.

Configuring Default NetConfig Job Policies

Ensure that you have configured the default job policies for NetConfig jobs.

For more details see the topic Configuring Default Job Policies in the section Archiving Configurations and Managing Them Using Archive Management.

Password Policy for NetConfig Jobs

Ensure that you have set the password policy for NetConfig jobs. For more details see the topic Configuring Default Job Policies in the section Archiving Configurations and Managing Them Using Archive Management.

Setting the Transport Protocol Order for NetConfig Jobs

Ensure that you have set the Transport protocol order for your job using Resource Manager Essentials > Admin > Config Mgmt. For more details see the topic Configuring Transport Protocols in the section Archiving Configurations and Managing Them Using Archive Management.

Creating and Editing User-defined Tasks

You can create User-defined Tasks and add one or more templates to each task.

The template, in turn, is associated with the Meta-Data Framework (MDF) categories of devices, for which these templates will be applicable.

The templates contain configuration commands and rollback commands (see Creating Rollback Commands). You can enter the configuration commands either by typing them or by importing them from a file.

You can create a new task and add one or more templates to it. You can also add templates to an existing task. You name a task when you create it, and it is saved for future use. You can copy, edit, and reuse your tasks. You can assign access privileges to tasks while or after you create them (seeAssigning Tasks to Users).

You cannot add User Defined Templates to System Defined Tasks.

After you successfully create a User-defined Task, this task will appear in the Task Selector of the NetConfig Job creation wizard, and you can create a job using the task. For details on the Task Selector and job creation, see Step 2 in Starting a New NetConfig Job.

For each template, you should specify all the information including the configuration commands, rollback commands (seeRolling Back Configuration Changes), mode (Config or Enable), and the device category for which these commands will be applicable.

At the time of job creation, you should ensure that the user-defined task that you have selected is applicable to the MDF categories of the devices that you have selected.

If the task that you have selected does not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane of the NetConfig job wizard, during job creation.

For example, if you have selected an CatalystOS category of device, but selected a user-defined task that is applicable to a Cable device, then the task will not show up in the Applicable Tasks pane of the job wizard and you will not be able to proceed further with the job creation. For details on the Applicable Tasks pane and job creation, see Step 5 in Starting a New NetConfig Job


Caution NetConfig does not validate the commands you enter in a user-defined template within a task. If you enter incorrect commands you might misconfigure or disable the devices on which jobs using the template run.

View the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.


Step 1 Select Resource Manager Essentials > Config Mgmt > NetConfig > User-defined Tasks.

The User-defined Tasks dialog box appears. If you are creating a task for the first time, the system displays a message that there are no user-defined tasks.

The User-defined Tasks dialog box has a Tasks browser in its left pane. After you create a task, the task is displayed in the Tasks browser along with its templates.

Step 2 Define or edit a user-defined task by entering the following information in the dialog box:

Area/Field/Button
Description
Usage Notes

Name

Enter name for the new task. This is a mandatory field.

To create new task from a copy of an existing task:

1. Select the name from Templates list,

2. Enter the new name.

3. Save the task.

To modify a task, select it from the tasks list but do not modify its name.

You can modify a task by adding or deleting templates, modifying existing templates and changing other details.

Template Name

Enter the template name. This is a mandatory field.

Template Name is provided for User Defined Tasks when you create a template for more than one device category which has different commands to execute.

Command Mode

Select mode (config or enable) in which commands will run.

Each user-defined template can run commands in one mode only.

If you select Enable, enter Rollback Commands area is disabled because only config commands can be rolled back.

Parameterized

Select Parameterized if you want to create a parameterized template.

The template parameters will be picked up from a file that you specify, at the time of scheduling a job using this task. See "Parameterized Templates".

Device Type

Select device category template will configure.

You can associate any number of MDF categories with a template, if the command is applicable to them.

CLI Commands

Enter configuration commands or select the configuration commands file.

The configuration commands file should reside in the default location:

On Solaris:

/var/adm/CSCOpx/files/rme/netconfig/cmdFiles/

On Windows:

NMSROOT\files\rme\netconfig\cmdFiles

Where, NMSROOT is the CiscoWorks install directory.

If you want to import the configuration commands from an existing file, enter the default file location in the Import from File field.

Alternatively, when you click on the Browse button, a file browser opens with the default location of the configuration commands file. You cannot change this default import directory.

To enter configuration commands, do any of the following:

Type in larger text box, one command in each line.

Or

Enter enter the default file location of the configuration command files in the Import from File field.

Click Browse.

A file browser opens with the default location of the configuration commands file. You cannot change this default import directory.

You can also enter interactive commands and multi-line commands. See:

Handling Interactive Commands

Rollback Commands

Enter configuration commands for the template to run when the job fails and the failure policy is set to the rollback option.

If you want to import the rollback commands from an existing file, enter the file location in the Import from File field.

The rollback commands file should reside in the default location:

On Solaris:

/var/adm/CSCOpx/files/rme/netconfig/cmdFiles/

On Windows:

NMSROOT\files\rme\netconfig\cmdFiles

Where, NMSROOT is the CiscoWorks install directory.

Alternatively, when you click on the Browse button, a file browser opens with the default location of the rollback commands file. You cannot change this default import directory.

To enter rollback commands, do any of the following:

Type in larger text box, one command in each line.

Enter enter the default file location of the rollback command files in the Import from File field.

Click Browse.

A file browser opens with the default location of the configuration commands file. You cannot change this default import directory.


Click Save to save the task with the current information.

Or

Click Delete to delete the current task from the system.


To cancel the user-defined task you are creating, select a command from the Jobs or Admin menu (or a corresponding button) and click Yes in the resulting dialog box.

To add a user-defined task, select Select Resource Manager Essentials > Config Mgmt > NetConfig > User-defined Tasks. The User-defined Tasks dialog box appears with no values.

To copy a user-defined task:


Step 1 Select the task from the Tasks browser.

The details appear in the right pane of the User-defined Tasks dialog box.

Step 2 Change the name of the Task and click Save.


To modify a user-defined task:


Step 1 Select the task from the Tasks browser.

The details appear in the right pane of the User-defined Tasks dialog box.

Step 2 Select templates associated with the task from the Task browser, and modify them

You can change details such as the command mode, parameterization option, the device type, the CLI commands or the rollback commands.


You can add a template or delete an existing one. When you click Save, a message appears that the task is modified.

Parameterized Templates

You can include parameterized templates within User-defined tasks. A parameterized template allows the configuration commands in the templates to contain user-defined variables.

Multiline feature of parameterized templates is not supported. However, interactive command deploy is supported.

You can select the Parameterized option when you create a User-defined task (see Creating and Editing User-defined Tasks).

If you select the Parameterized option, you should enter the actual values for the parameters in the template in a separate Parameters file (see Creating a Parameters File (XML file)) when you create a NetConfig job (see Creating and Editing User-defined Tasks). The Parameters file is the XML file that contains the parameter values.

The Parameters file should reside on the server at this location:

NMSROOT\files\rme\netconfig\cmdFiles

where NMSROOT is the RME install directory.

To create a Parameterized User-defined task and apply this in a NetConfig job:


Step 1 Create a User defined Task with variables embedded in the command body. For details see Creating and Editing User-defined Tasks.

For example:

You can enter the command ntp server $ntpServer in the CLI Commands text box in the User-defined Tasks dialog box. Commands

Step 2 Select the Parameterized check box in the User-defined Tasks dialog box.

Step 3 Click Save to save your User-defined Parameterized task.

Step 4 Create the Parameters file (XML file) containing the values for $ntpServer task. For details, see Creating a Parameters File (XML file).

For example:

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>mytimeserver</value>

</CMDPARAM>

</DEVICE>

Step 5 Repeat the above step in the Parameters file, for all the devices that you plan to include in the job, if each device refers to a different ntpServer.

Alternatively, you can have a global section if that variable does not change for each device. For details, see Creating a Parameters File (XML file).

Step 6 Store the Parameters file in NMSROOT\files\rme\netconfig\cmdFiles directory (where NMSROOT is the RME install directory).

Step 7 Create a NetConfig job and select your User-defined Parameterized task. For details see Starting a New NetConfig Job.

You are prompted to enter the filename while adding the task to the NetConfig job.

You can check the syntax of the text file that contains the parameters. To do this, select Check Syntax.

Step 8 Complete the job creation. For details, see Creating and Editing User-defined Tasks.


Creating a Parameters File (XML file)

A specific format is defined for embedding variables in User-defined tasks and the corresponding Parameters file that contains the values for the parameters.

The variables in the User-defined tasks, which you enter in the CLI Commands text area of the User-defined Tasks dialog box (see Creating and Editing User-defined Tasks), should be preceded by $.

For example, for an NTP server parameter, it should be: $ntpServer

Similarly, the Parameters file also follows a specified format.

Here is the sample format and example of the Parameters file (the XML command file that contains the values for the parameters) for a parameterized template:

<GLOBAL>

<CMDPARAM NAME = password>

<value>abc</value>

</CMDPARAM>

<CMDPARAM NAME = message>

<value>test all</value>

</CMDPARAM>

</GLOBAL>

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>ServerName</value>

</CMDPARAM>

</DEVICE>

You can assign the device-specific values to variables in the <DEVICE> area. If there are no device-specific values, the default values in the <GLOBAL> area are considered as actual values for these variables. You do not need to add a <GLOBAL> area in the Parameters file if you are referencing each device explicitly (using the <DEVICE> area for each device).

Parameters File: More Examples

This section gives more examples of the format of the text to be entered in the CLI Commands body at the time of creating a User-defined Task, and the commands to be entered in the corresponding Parameters file.

For example, you can enter these parameters while creating a User-defined task, in the CLI Commands text box:

ntp server ntpServer

ip http port portValue

ip address ipAddress

In the corresponding Parameters file, which is stored under NMSROOT\files\rme\netconfig\cmdFiles, (where NMSROOT is the RME install directory) enter:


<GLOBAL>

<CMDPARAM NAME = ntpServer>

<value>10.10.10.10</value>

</CMDPARAM>

<CMDPARAM NAME = portValue>

<value>90</value>

</CMDPARAM>

<CMDPARAM NAME = ipAddress>

<value>1.1.1.1</value>

</CMDPARAM>

</GLOBAL>

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>20.20.20.20</value>

</CMDPARAM>

<CMDPARAM NAME = portValue>

<value>55</value>

</CMDPARAM>

</DEVICE>

<DEVICE NAME = 10.77.202.229>

<CMDPARAM NAME = ntpServer>

<value>30.30.30.30</value>

</CMDPARAM>

</DEVICE>

In such a case, when the NetConfig job contains the device 10.76.38.54, the following commands are generated:

ntp server 20.20.20.20 (taken from the device-specific section of the Parameters file) 
ip http port 55 (taken from the device-specific section of the Parameters file) 
ip address 1.1.1.1 (taken from the global section of the Parameters file)

When the job contains the device 10.77.202.229, the following commands are generated:

ntp server 30.30.30.30 (taken from the device-specific section of the Parameters file) 
ip http port 90 (taken from the global section of the Parameters file) 
ip address 1.1.1.1 (taken from the global section of the Parameters file)

When the job contains any other devices, all the values are taken from the global section of the XML file, and the following commands are generated:

ntp server 10.10.10.10

ip http port 90

ip address 1.1.1.1

If the value for a parameter is not found in the command file, the syntax check (in the job creation flow) displays an error.

You can enter any special character that is accepted by the device as the value for a parameter in the command file. This is because NetConfig does not process the parameter values. NetConfig only reads the value given between <value> and </value> tags and generates the command. Therefore, you can enter any special character that the device accepts.

Assigning Tasks to Users

You can assign access privileges to NetConfig tasks, to users with Network Operator privileges or lesser. All other users with privileges higher than Network Operator are assigned all tasks by default.

A network administrator must assign task access privileges to other users. See Understanding NetConfig User Permissions section for details.


Note View the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.


To assign tasks to users:


Step 1 Select Resource Manager Essentials > Config Mgmt > NetConfig > Assigning Tasks.

The Assign Tasks dialog box appears.

Step 2 Enter the username of the user to whom you want to assign the tasks.

This should be a valid CiscoWorks user. If RME has been registered with a Cisco Secure ACS Server, then the user should be a valid ACS user.

Step 3 Select the task that you want to allocate to the user from the Available tasks list box and click Add.

You can select more than one task, by holding down the Shift key while selecting the task.

The selected tasks appear in the Selected Tasks list box.

To remove assigned tasks, select the tasks from the Selected Tasks list box and click Remove.

Step 4 Add all the required tasks to the Selected Tasks list box.

Step 5 Click Assign to assign the task access privileges to the specified user.

For a specified user, to see the assigned tasks, enter the username in the Username field and click Show Assigned.

The tasks assigned to the user appear in the Selected Tasks list box.


Handling Interactive Commands

An interactive command is the input you will have to enter, following the execution of a command.

For example, on a Catalyst device, a clear counters command on a Cat 5000 will give the following output:

c5000# (enable) clear counters. This command will reset all MAC and port counters reported in CLI and SNMP. Do you want to continue (y/n) [n]?

In RME, such commands can be included in config jobs executed via NetConfig or ConfigEditor. For more details also see Editing and Deploying Configurations Using Config Editor.

You can handle interactive commands using NetConfig user-defined templates, and by using Adhoc tasks. See Using NetConfig User-defined Templates and Adhoc Tasks.

You cannot run interactive commands through NetConfig CLI.

Using NetConfig User-defined Templates and Adhoc Tasks

You can enter an interactive command in the Enter CLI Commands area, using the following syntax:

CLI Command<R>command response 1 <R>command response 2

<R> tag is case-sensitive and this must be entered in uppercase only.

Example

For a Catalyst device, a clear counters command will give the following output

c5000# (enable) clear counters This command will reset all MAC and port counters reported in CLI and SNMP. Do you want to continue (y/n) [n]?

To clear the counter, the syntax is:

clear counters <R>y

To accept the default, the syntaxes are:

clear counters <R>n

or

clear counters <R>

To accept the default value, you do not need o enter any values after the tag <R>.

Handling Multi-line Commands

You can enter multi-line commands as a part of User-defined and Adhoc tasks. The multi-line commands must be within the tag <MLTCMD> and </MLTCMD>.

These tags are case-sensitive and you must enter them only in uppercase. You cannot start this tag with a space.

Example

<MLTCMD> banner login "Welcome to

CiscoWorks Resource Manager

Essentials - you are using

Multi-line commands" </MLTCMD>

You can have a blank line within a multi-line command. The commands within the MLTCMD tags are considered as a single command and will be downloaded as a single command onto the device.

Using System-defined Tasks

NetConfig provides you with system-defined configuration tasks. You can create configuration commands using task GUI (see Understanding the System-defined Task User Interface (Dialog Box)).

Each task supports one or more device categories (see Table 9-3). Table 9-3 also provides you with a comprehensive list of all the templates available, and a brief description of each.

The devices and the system-defined tasks as available in the Devices and Tasks dialog box of the NetConfig job wizard. After you select devices and the tasks, and click Next (see Starting a New NetConfig Job), the selected tasks appear in the Applicable Tasks pane of the Add Tasks dialog box (in the Job wizard).

When you select an applicable task and then click Add Instance, a dialog box opens for the selected system-defined configuration task.

This is a dynamic user interface. The task dialog box displays parameters based on your device selection in the Device Selector.

For example, if you have selected IOS devices, you will be able to specify IOS parameters in this dialog box. If not, this section will not be available to you.

When you enter information in the fields of the task and click Save, the task appears as a numbered instance in the Added Instances pane of the Add Tasks dialog box.

For the detailed procedure, and also for information on how to edit the task instances, view CLI, or delete the instances, see Starting a New NetConfig Job.

You can add multiple instances of a configuration task to a job by selecting an applicable task, adding information and saving the information each time. However, you can include only one instance of a task in a job.

Each system-defined task also creates rollback commands (see) that you can use to roll back the changes to devices if the job fails.

View the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.

If you use TFTP protocol to deploy NetConfig templates to devices, the DCR does not reflect the updates.

Table 9-3 NetConfig System-Defined Tasks Supported by the RME 4.1 Device Categories 

Task
Description
IOS
Cat OS
CSS
CE
NAM
PIX
Cable

Adhoc (See Adhoc Task.)

Enter any configuration commands as required.

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Authentication Proxy (See Authentication Proxy Task.)

Configure Authentication Proxy.

Yes

-

-

 

-

-

Yes

Banner (See Banner Task.)

Add, remove, or edit banners.

Yes

Yes

-

 

-

-

Yes

CDP

(See CDP Task.)

Configure Cisco Discovery Protocol (CDP).

Yes

Yes

-

Yes

-

-

Yes

Certification Authority1 (See Certification Authority Task.)

Create, or modify Certification Authority. Provides manageability and scalability for IP security (IPSec) standards on VPN devices.

Yes

-

-

 

-

-

Yes

CryptoMap1 (See Crypto Map Task.)

Configure IPSec.

Yes

-

-

-

-

Yes

Yes

DNS (See DNS Task.)

Configure DNS.

Yes

Yes

Yes

Yes

Yes

-

Yes

Enable Password (See Enable Password Task.)

Configure, or change enable or secret password to enter in the enable mode on devices.

Yes

Yes

-

-

-

Yes

Yes

HTTP Server (See HTTP Server Task.)

Configure HTTP access on VPN devices.

Yes

Yes

-

-

-

 

Yes

IKE Configuration1 (See Internet Key Exchange (IKE) Configuration Task.)

Configure IP security (IPSec).

Yes

-

-

-

-

Yes

Yes

Local Username (See Local Username Task.)

Configure local username and password authentication on devices.

Yes

-

Yes

-

-

-

Yes

NTP (See NTP Server Configuration Task.)

Configure Network Time Protocol (NTP).

Yes

Yes

Yes

Yes

-

-

Yes

Radius Server (See RADIUS Server Configuration Task.)

Configure RADIUS server and task.

Yes

-

Yes

Yes

-

-

Yes

RCP RCP Configuration Task

Configure rcp

Yes

-

-

-

-

-

Yes

Reload Reload Task

Reload devices

Yes

   

Yes

Yes

 

Yes

SNMP Community SNMP Community Configuration Task

Add, remove, and edit SNMP community strings

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SNMP Security SNMP Security Configuration Task

Configure SNMP Security feature on devices.

Yes

-

-

Yes

-

-

Yes

SNMP Traps Management SNMP Traps Configuration Task

Configure SNMP traps.

Yes

Yes

Yes

Yes

Yes

Yes

Yes

SSH SSH Configuration Task

Configure SSH.

Yes

-

Yes

Yes

Yes

 

Yes

Syslog Syslog Task

Configure syslog message logging.

Yes

Yes

Yes

Yes

-

Yes

Yes

TACACS TACACS Configuration Task

Configure TACACS authentication.

Yes

-

-

 

-

-

Yes

TACACS+

(See TACACS+ Configuration Task.)

Configure TACACS+ authentication

Yes

Yes

-

Yes

Yes

-

Yes

Telnet Password

(See Telnet Password Configuration Task.)

Add, remove, and edit Telnet passwords

Yes

Yes

-

-

-

Yes

Yes

Transform Set

(See Transform System-Defined Task.)

Configure IPSec.

Yes

-

-

-

-

Yes

Yes

User Defined Protocol (See Use-defined Protocol Task.)

Configure the user-defined protocol on NAM devices.

-

-

-

-

Yes

-

-

Web User

(See Web User Task.)

Configure the web user for NAM devices

-

-

-

-

Yes

-

-

BPI/BPI+

(See Cable BPI/BPI+ Task.)

Assign self-signed certificate, configure cable interface, and set BPI/BPI+ options.

-

-

-

-

-

-

Yes

Interface Bundle2

(See Cable Interface Bundling Task.)

Configure Interface Bundling on selected cable interface.

-

-

-

-

-

-

Yes

Cable DHCP-GiAddr and Helper2 (See Cable DHCP-GiAddr and Helper Task.)

Configure DCHP-GiAddr and Helper Address of the selected cable interface.

-

-

-

-

-

-

Yes

Cable Downstream2

(See Cable Downstream Task.)

Activate/Deactivate DS Ports, Interleave Depth, MPEG Framing Format, Modulations, Channel ID and Frequency of the selected cable interfaces.

-

-

-

-

-

-

Yes

IGMP2 (See IGMP Configuration Task.)

Configure IGMP of selected cable interfaces.

-

-

-

-

-

-

Yes

Interface IP Address (See Interface IP Address Configuration Task.)

Configure IP interface address of selected interface.

-

-

-

-

-

-

Yes

Cable Spectrum Management (See Cable Spectrum Management Task.)

Assign Spectrum Groups and Interfaces on a selected cable interface.

-

-

-

-

-

-

Yes

Cable Trap Source (See Cable Trap Source Task.)

Configure SNMP Traps hosts, notification, message and notification of SNMP Traps on a cable interface.

-

-

-

-

-

-

Yes

Cable Upstream2

(See Cable Upstream Task.)

Activate and configure upstream on selected cable interfaces.

-

-

-

-

-

-

Yes

1 You must follow this sequence to complete the configuration of the IPSec on devices:

1 1) IKE configuration system-defined task.

1 2) Transform system-defined task.

1 3) Crypto Map system-defined task.

2 At a time, you can apply this task only to a single device, because cable templates configure interfaces on devices.


Understanding the System-defined Task User Interface (Dialog Box)

NetConfig tasks support devices in the following device categories:

IOS

Catalyst OS

Content Engine

CSS

NAM

PIX OS

Cable

Each of the system-defined tasks have their own dynamic user interface, or dialog box, that displays fields for a specified category of devices only if you have selected that category of device.

The dialog boxes for system-defined tasks may have these groups, links, and buttons:

Common Parameters—This group of fields appears at the top of the task dialog box. In the fields under this group, you can enter the parameters that are common to all the categories of devices that you have selected.

Device Category-specific Parameters—This group of fields is specific to a device category. If, for a specified device category, only the common parameters are applicable, this message appears in the user interface:

No Category-specific Commands

Applicable Devices—This link is available in the device category-specific group of fields and enables you to view the devices in your selection, to which the device-specific parameters apply.

Buttons in the system-defined tasks interface:

Button
Action

Save

Saves the information that you have entered in the fields in the task dialog box.

Reset

Clears all the fields.

Cancel

Cancels your changes, and closes the task dialog box.


For the cable devices, you can apply a task only to a single device at a time, because cable templates configure interfaces on devices.

Also, for the cable tasks to work correctly, you must have valid SNMP credentials in Device and Credential Repository (DCR). See Adding and Troubleshooting Devices Using Device Management for more information on setting valid SNMP credentials.

Therefore, if you have selected more than one cable device and selected tasks for them, the task may not appear in the Applicable Tasks pane of the Add Tasks dialog box. For the tasks that are applicable to cable devices, see Table 9-3.

Understanding the NetConfig Credentials Configuration Tasks

NetConfig provides for tasks to configure credentials on devices. These tasks are:

Enable Password (See Enable Password Task.)

Local Username (See Local Username Task.)

Radius Server (See RADIUS Server Configuration Task.)

TACACS TACACS Configuration Task

TACACS+ (See TACACS+ Configuration Task.)

SNMP Community (See SNMP Community Configuration Task.)

SNMP Security (See SNMP Security Configuration Task.)

The credential store allows only one set of login credentials per device - Primary username and primary password, irrespective of the authentication type.

Hence, this imposes certain limitations on the NetConfig templates, especially, when you are configuring/modifying the authentication method on the device.

To overcome this, an option to specifically update the credential store is provided in the credential tasks. The credential store is updated only when this option is chosen with the values specified.

The usage of NetConfig credentials tasks to configure the credentials on a device should be based on the active credentials (e.g. Telnet, TACACS, etc.) in the device. For example if the device is configured with TACACS+, you should use only TACACS+ template to configure the credentials.

Example

When you remove the TACACS+ authentication for the device, the device reverts to the authentication method that was earlier configured on it. For example, the local username.

However, RME is unaware of the fallback authentication method, and the respective credentials. If Device and Credential Repository is not updated with the right credentials, the subsequent device operations from RME will fail.

In this case, you should select the option to update the local credential store and specify the local username credentials. When the job runs, NetConfig updates Device and Credential Repository with this set of credentials, so that for subsequent devices, access from RME will be successful.

Adhoc Task

You can use the Adhoc system-defined task to add configuration commands to a job, during job definition.

You cannot save an instance of an Adhoc task, for future use. If you need to reuse a template that provides capabilities unavailable from the system-defined tasks, you can create a user-defined tasks (see Creating and Editing User-defined Tasks).


Caution NetConfig does not validate commands you enter in the Adhoc task. If you enter incorrect commands, you might misconfigure or disable devices on which jobs that use the task run.

Groups for each of device categories that you have selected, appear in the Adhoc Configuration dialog box. To invoke the Adhoc Configuration dialog box, see Starting a New NetConfig Job.

You can enter configuration and rollback commands for these device categories:

IOS (including Cable devices)

Catalyst OS

Content Engine

CSS

NAM

PIX OS

For more details, see Table 9-3.


Note As Cable devices fall under the IOS category, you can enter adhoc commands in the IOS group of fields in the Adhoc Configuration dialog box.


For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Adhoc Configuration dialog box are:

Group
Field
Description

Commands

CLI Command

Enter configuration commands.

You can also enter interactive commands (see Handling Interactive Commands) and multi-line commands see Handling Multi-line Commands).

 

Rollback Command

Enter rollback commands.

Command Mode

Config or Enable

Select the mode (config or enable) in which the task configuration commands will run.

If you have selected Catalyst OS, or NAM devices, then the enable mode is preselected, and you do not have the option to select the config mode.


If you enter any credential command in the CLI Commands or Rollback Commands fields, then those credentials will be masked in the job work order and the job results page.

For example, the command, snmp-server community public ro will be displayed as snmp-server community ***** ro.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Authentication Proxy Task

The Authentication Proxy feature helps users to log into the network or access the Internet using HTTP. Their specific profiles are automatically retrieved and applied from a CiscoSecure ACS, or other RADIUS, or TACACS+ authentication server.

The Cisco Secure Integrated Software authentication proxy feature allows network administrators to apply specific security policies on a user to user basis. You can use the Authentication Proxy system-define, configuration Task on IOS devices which have been configured for VPN functionality.

The IOS category of devices (including Cable devices) are supported by this task.

For more details, see Table 9-3.

You can enter the details of this task in the Authentication Proxy Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Authentication Proxy Configuration dialog box are:

Group
Sub-Group
Field
Description

IOS Parameters

Authorization (AAA)

Action

Select the required option to enable, disable or make no change to the authorization configuration.

   

Method 1

Select either tacacs+ or radius as your first method of authorization.

   

Method 2

Select either tacacs+ or radius as your second method of authorization, based on your selection in the first method

 

Cache Timeout

Minutes (1-2147483647)

Timeout value. The default timeout value can be in the range of 1 and 2,147,483,647.

   

Set to default

Select this to set the default cache timeout value of 60 seconds.

 

Banner

Action

Select Enable or Disable to set or reset Banner display in the login page.

If you select Enable, the router name is displayed in the login page.

If you select Disable, then the router name is not displayed.

If you do not want to make any changes to the banner, select No Change.

   

Banner Text (Optional)

Enter the text that you want displayed in the banner. If you enter the banner text, then this text is displayed instead of the router name in the login page.

This is an optional field.

 

Authentication Proxy Rule

Action

Select Enable or Disable an authentication proxy rule.

If you select Enable, a named authentication proxy rule is created and associated with access list.

If you select Disable, the associated proxy rule is removed.

Select No Change if you do not want to make changes to the Authentication Proxy Rule group of fields.

   

Name

Enter a name for the authentication proxy rule.

The name can be up to 16 alphanumeric characters.

   

Overriding Timeout [optional(1-2147483647)]:

Enter a timeout value to override the default cache timeout.

This is an optional field. The overriding timeout value should be in the range of 1 and 2,147,483,647.

   

ACL Number/Name [optional]:

Enter a Standard Access list to be used with the Authentication proxy.

This is an optional field.

 

New Model

Action

Select to enable, disable, or make no change to new model state.


Click on Applicable Devices to view the devices in your selection, to which this task applies.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the numeric 56 or Kn, where n is a number between 1 and 9, then this is a VPN image.

For example, C7100-IS56I-M is a VPN image, since it contains the number 56.

Banner Task

You can use the Banner system-defined, configuration task to change banners on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

For more details, see Table 9-3.

You can enter the details of this task in the Banner Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Banner Configuration dialog box are:

Group
Sub Group
Field
Description
Common Parameters

Motd Banner

Action

Select the appropriate option to add or remove a message of the day banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

IOS Parameters

Exec Banner

Action

Select the appropriate option to add or remove an Exec banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

 

Incoming Banner

Action

Select the appropriate option to add or remove an Incoming banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

 

Login Banner

Action

Select the appropriate option to add or remove a Login banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

 

Slip-PPP Banner

Action

Select the appropriate option to add or remove a Slip/PPP banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.

   

Message

Enter message, if you selected Add in Action field.

CatOS Parameters

No category-specific commands.

-

This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

CDP Task

You can use the CDP system-defined task to configure Cisco Discovery Protocol (CDP) on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

Content Engine

For more details, see Table 9-3.

You can enter the details of this task in the CDP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the CDP Configuration dialog box are:

Group
Sub Group
Field
Description

Common Parameters

Run

Action

Select to enable, disable, or make no change to the CDP state.

 

Hold Time

Seconds (10-255)

Enter holdtime in seconds.

The CDP holdtime specifies how much time can pass between CDP messages from neighboring devices before the device is no longer considered connected and the neighboring entry is aged out.

Value must be greater than value in Update Time field.

   

Set to Default

Select this for the default hold time of 60 seconds

 

Update Time

Seconds (5-254)

Enter time between CDP updates, in seconds.

Value must be less than value in Hold Time field.

   

Set to Default

Select this for the default update time of 60 seconds

 

CDP Version

Run

Select the CDP Version (CDPv1 or CDPv2. CDP version 2 is the default value.

If you are modifying the CDP Task and you do not want to change this field, select No Change.

IOS Parameters

No category-specific commands.

-

This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.

CatOS Parameters

Mod/Ports

Mod/Ports (Ex:2/1-12,3/5)

Enter modules and ports on which to enable or disable CDP.

You can enter a single module and port or a range of ports, for example, 2/1-12,3/5-12.

   

All mod/ports

Select to enable or disable CDP in all ports in all modules.

 

CDP Format

Format

The options are:

No Change (Does not allow you to make any modifications to the specified CDP format.)

MAC

Other

Select the required option.

CE Parameters

No category-specific commands.

-

This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Certification Authority Task

You can use the Certification Authority (CA) system-defined configuration task to provide manageability and scalability for IP Security (IPSec) standards. The Certification Authority task can be used only on IOS devices configured for VPN functionality.

This task is applicable to IOS devices (including Cable devices).

For more details, see Table 9-3.

You can enter the details of this task in the Certification Authority Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For this task to work correctly, you must use any CLI-based protocol (Telnet or SSH) as the download protocol.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Certification Authority Configuration dialog box are:

Group
Sub-Group
Field
Description

IOS Parameters

Declare CA

Action

Select Enable or Disable to activate/deactivate Certification Authority (CA).

If you select Enable you can create or modify CA.

If you select Disable, you can delete the CA.

Select No Change, to leave the CA Name unchanged.

   

CA Name

Enter the CA name. This name is used to identify the certification authority to be configured.

This name is the CA domain name.

 

Enrollment URL

Action

Select Enable to allow router to connect to the CA, using the URL specified in the Value field.

Select Disable, if you do not want to connect to the CA.

Select No Change to leave the Enrollment URL field unchanged.

   

Value

Enter the URL of the CA.

The URL should include any available non-standard cgi-bin script location.

 

Enrollment Mode

Action

Select Enable if the CA provides a Registration Authority (RA).

Select Disable to disable the specified LDAP Server.

Select No Change to leave the Enrollment Mode field unchanged.

   

LDAP Server

Enter the LDAP server of the CA, if your CA system provides an RA.

LDAP server contains the location of CRLs (certification revocation lists) and certificates.

 

Enrollment Retry Period

Minutes [1- 60]

Enter the wait period between certification request retries.

The wait period is between 1 to 60.

   

Set to Default

Select this option to set the default wait period to 1 minute.

 

Enrollment Retry Count

Number [1- 100]

Enter the certification request retry number.

The retry number must be between 1 and 100.

   

Set to Default

Select this option to set the default retry period to 1 minute.

 

CRL Optional

Action

Select Enable to bypass the Certificate Revocation List.

If you select Disable, Certificate Revocation list is checked.

 

Certificate Query

Action

Select an option to enable, disable or make no change to certificate query.

If you select Enable, certificate query will be added to all trust points on the router.

If you select Disable, the certificate will not be queried.

 

RSA Key pairs

Action

Select an option to generate, delete or make no change to the RSA key pairs. This feature allows you to configure a Cisco IOS router to have multiple key pairs.

Thus, the Cisco IOS software can maintain a different key pair for each identity certificate.

   

Key Type

Specify the key type:

General Purpose—To generate a general purpose key pair that is used for both encryption and signature.

Usage—To generate separate usage key pairs for encrypting and signing documents.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the numeric 56 or Kn, where n is a number between 1 and 9, then this is a VPN image.

For example, C7100-IS56I-M is a VPN image, since it contains the number 56.

Crypto Map Task

You can use the Crypto Map Server system-define task to configure IPSec on devices.


Note You must configure the IKE configuration system-defined task (see Internet Key Exchange (IKE) Configuration Task) and Transform system-defined task (see Transform System-Defined Task) before configuring the Crypto Map system-defined task.


The following device categories are supported by this task:

IOS (including Cable devices)

PIX OS

For more details, see Table 9-3.

You can enter the details of this task in the Crypto Map Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Crypto Map Configuration dialog box are:

Group
Sub-Group
Field
Descriptions

IOS Parameters

Configuration

Action

Select an option to add, remove, or make no change to the IOS configuration.

   

Map Name

Enter the name for the Crypto Map.

   

Map Number

Enter the number for the Crypto Map.

The value must be between 1-65535.

   

Map Type

Select the map type (manual or isakmp) for the Crypto Map.

   

Map Description

Enter the description for the Crypto Map.

   

Crypto ACL

Enter the extended access list for Crypto Map.

   

IPSec Peer

Enter the IPSec peer to be associated with the Crypto Map.

   

Transform Set name

Enter the transform set name to be used with the Crypto Map.

PIX Parameters

Configuration

Action

Select an option to add, remove, or make no change to the PIX configuration.

   

Map Name

Enter the name for the Crypto Map.

   

Map Number

Enter the number for the Crypto Map.

Value must be between 1-65535.

   

Map Type

Select the type (manual or isakmp) for the Crypto Map.

   

Crypto ACL

Enter the extended access list for Crypto Map.

   

IPSec Peer

Enter the IPSec peer to be associated with the Crypto Map.

   

Transform Set name

Enter the transform set name to be used with the Crypto Map.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

DNS Task

You can use the DNS system-defined task to configure DNS (Domain Name Server) on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

Content Engine

CSS

NAM

PIX OS

For more details, see Table 9-3.

You can enter the details of this task in the DNS Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the DNS Configuration dialog box are:

Group
Sub-Group
Field
Description

Common Parameters

DNS Server

Add

Enter the IP addresses of DNS name server(s) that you want to add.

Separate multiple addresses with commas.

If the device accepts only one DNS server, then the first address will be considered.

   

Remove

Enter the IP addresses of DNS name server(s) that you want to remove.

Separate multiple addresses with commas.

 

Domain Name

Name

Enter the domain names to complete unqualified hostnames.

If a device has a domain list enabled, it will be used to complete unqualified hostnames instead of the domain name.

Separate multiple addresses with commas. If the device accepts only one domain name, then the first entry will be considered.

   

Remove

Select this option to remove the domain names.

IOS Parameters

 

Domain Lookup

Select to enable or disable IP DNS-based hostname-to-address translation.

   

CLNS NSAP

Select to enable or disable or make no change to the CLNS NSAP option. If this option is enabled, any packet with the specified CLNS NSAP prefix causes CLNS (Connectionless Network Service) protocol to behave as if no route were found.

   

OSPF

Select to enable or disable or make no change to the OSPF (Open Shortest Path First) protocol option.

 

Domain List

Action

Select an option to add, remove, or make no change to the domain list.

   

Domain List

Enter domain names to complete unqualified hostnames, or add to the existing list.

Separate multiple domain names with commas.

Do not include an initial period before domain names.

CatOS Parameters

 

1st Server Primary

Select to make DNS name server entered in Add field, the default or the primary name server.

   

Domain Lookup

Select an option to enable, disable, or make no change to the domain lookup.

Content Engine Parameters

 

Serial Lookup

Select an option to enable, disable, or make no change to the serial lookup.

CSS Parameters

Secondary DNS Server

Add (Hostname or IP Address)

Enter the hostname or an IP address of a secondary server, that you want to add.

A maximum of two IP addresses are allowed. The order in which you enter them is the order in which they are used if the primary DNS server fails.

Separate multiple addresses with a comma.

   

Remove (Hostname or IP Address)

Enter a hostname or an IP address of a secondary server, that you want to remove.

A maximum of two IP addresses are allowed.
Separate multiple addresses with a comma

NAM Parameters

 

Disable Nameservers

Select to disable domain name servers.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Enable Password Task

You can use the Enable Password system-defined, configuration task to change the enable and secret passwords, which allow users to enter the enable mode on devices.

When you enable or disable an enable password, the change is made on the device and in Device and Credential Repository.


Note If you disable the enable password on a device, you cannot enter the enable mode on that device unless you previously enabled an alternative type of enable mode authentication.


The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

PIX OS

For more details, see Table 9-3.

You can enter the details of this task in the Enable Password Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note If you change the enable password on a Catalyst device with an RSM module using this task, the RSM enable password is also changed.


The fields in the Enable Password Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Setup

Action

Select an option to enable, disable or make no change to the enable password.

   

Password

Enter the enable password.

   

Verify

Re-enter the password.

IOS Parameters

Password

Level (1-15)

Set the Enable Password level. The level can be between 1 and 15. 15 is the default level.

For an IOS device, it is not advised to disable both Enable Password and Enable Secret password. This is because the IOS device will not allow you to go into the Enable mode of the device. You can do this only if you have the console password for the device.

If you have selected Enable Password as No Change in the Common Parameters pane, and selected Disable for Enable Secret in the IOS Parameters pane, then Enable Secret Password is updated in the Device and Credentials database.

If you have selected Enable Password as Disable in the Common Parameters pane, and selected No Change for Enable Secret in the IOS Parameters pane, then Enable Password is updated in the Device and Credentials database.

   

Encrypted

Select this option to encrypt the password.

   

Update RME Credentials

Select this to update RME credentials. For details see Understanding the NetConfig Credentials Configuration Tasks

 

Secret

Action

Select an option to enable, disable or make no change to the secret password.s

   

Secret

Enter the secret password.

   

Verify

Re-enter the password.

   

Level (1-15)

Set the password level. The level can be between 1 and 15. 15 is the default level.

   

Encrypted

Select this option to encrypt the password.

CatOS Parameters

Password

Apply Command on Modules

Select to apply the command on the modules.

If you have selected Disable as the action in the Common Parameters group, then the password will be removed.

PIX Parameters

 

Level(0-15)

Set the password level. The level can be between 0 and 15. 15 is the default level.

   

Encrypted (Password should be 16 characters)

Select this option if the password you are entering is already encrypted. If you select this option ensure that your password is 16 characters.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

HTTP Server Task

You can use HTTP Sever to configure HTTP access on IOS devices which have been configured for VPN functionality.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

For more details, see Table 9-3.

You can enter the details of this task in the HTTP Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the HTTP Server Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Server

Action

Select an option to enable, disable or make no change to the HTTP access on the device.

 

Port

Number [0-65535]

Specify the HTTP server port number.

   

Set to Default

Select this option to set the default port (80).

IOS Parameters

Authentication

Action

Select an option to enable, disable or make no change to the authentication method.

   

Method

Select an authentication method:

aaa

enable

local

tacacs

 

Access List

Action

Select an option to enable, disable or make no change to the access list.

   

ACL Number/Name

Enter the Access Control List number or name to be used. The access list number must be between 1 to 99.

CatOS Parameters

   

No category-specific commands.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

You will lose Telnet access to the device if you configure HTTP Server. The Device may require TACACS/RADIUS/Local username and password after configuring HTTP Server. You should make sure that the device has the appropriate login configured. The username and password has to be stored in the RME Database.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the numeric 56 or Kn, where n is a number between 1 and 9, then this is a VPN image.

For example, C7100-IS56I-M is a VPN image, since it contains the number 56

Local Username Task

You can use the Local Username system-defined task configure local username and password authentication on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

CSS

For more details, see Table 9-3.

You can enter the details of this task in the Local Username Task Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Local Username Task Configuration dialog box are:

Group
Sub-Group
Field
Description

Common Parameters

Local User Setup

Action

Select an option to add, remove or make no change to the local username setup.

Username

Enter the local username.

Password

Enter local username password.

Verify

Re-enter the password.

IOS Parameters

Local User Setup

Privilege Level [0-15]

Set the required privilege level.

Local User Setup

 

Privilege Level [0-15]

Set the required privilege level.

No HangUp

Select this option to enable No Hang Up mode.

No Escape

Select this option to enable No Escape mode.

Local User Login Authentication

 

Action

Select to enable, disable or make no change to the local user authentication group of fields.

Local Username Credentials (Update RME creds)

Username

Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

 

Password

Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

 

Verify

Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

CSS Parameters

 

For CSS devices:

The username length should be between 1 and 16 characters.

The local password length be between 6 and 16 characters.

The DES-Encrypted password length should be between 6 and 64 characters.

Local User Setup

 

SuperUser

Select this option to designate the local user as superuser.

 

Password Type

Select the password type from these options:

Local

Encrypted

DES_Encrypted

Directory Access

 

Configure Directory Access

Select this option if you want to configure directory access. Defines the CSS directory access levels.

By default, CSS assigns users with read and write access to the directories. Changing the access level also affects the use of the CLI commands associated with the directories.

 

Directories

Script

Select the required access option to the Script directory:

No Access

Read And Write

Read

Write

   

Log

Select the required access option to the Log directory:

No Access

Read And Write

Read

Write

   

Root

Select the required access option to the Root directory:

No Access

Read And Write

Read

Write

   

Archive

Select the required access option to the Archive directory:

No Access

Read And Write

Read

Write

   

Release Root

Select the required access option to the Release Root directory:

No Access

Read And Write

Read

Write

   

Core

Select the required access option to the Core directory:

No Access

Read And Write

Read

Write

   

MIB

Select the required access option to the MIB directory:

No Access

Read And Write

Read

Write


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

IGMP Configuration Task

You can use this task to configure the Internet Group Management Protocol (IGMP) on a cable interface.


Note You can apply this task only on a single IOS device at a time. For details, see Table 9-3.


You can enter the details of this task in the IGMP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the IGMP Configuration dialog box are:

Group
Sub-group
Field
Description

IOS Parameters

     

IGMP Configuration

Interface

Interfaces

Select the required option to specify the interface to be configured for IGMP, or to make no change to the existing interface selection:

Not Selected

FastEthernet0/0

FastEthernet0/

Cable1/0

   

Action

Select the required option to enable, disable, or make no change to the Interface sub-group of fields.

   

PIM Mode

Select the required PIM mode option. Select No Change to retain any previous mode selection:

No Change

dense-mode

sparse-mode

sparse-dense-mode

IGMP Parameters

 

Action

Select the required option to replace the values in, or to make no change to the IGMP Parameters group of fields.

   

IGMP Version

Select the required IGMP version from the supported versions:

1

2

3

   

Last Memory Query Interval [100-25500 in msec]

Enter the time interval between the IGMP specific messages sent by the router.

Enter the last memory query interval in seconds. You can enter an interval between 100—25500 milliseconds. The default is 1000 milliseconds.

   

Query Maximum Response Time[1-25 in sec]

Enter the maximum response time advertised in the IGMP queries. This option is enabled when IGMP version 2 is configured.

You can enter a response time between 1—25 seconds. The default is 10 seconds.

   

Query Interval [1-65535 in sec]

Indicates a time interval when the Cisco IOS software sends IGMP host queries. Enter a query interval between 1—65535 seconds. The default is 60 seconds.

   

Query Timeout [60-300 in sec]

Indicates the timeout period when the router takes over as a querier of an interface after the previous querier stopped querying.

You can enter a value between 60—300 seconds. The default is 2* Query Interval second.

   

Helper Address (Should be in IP address format)

Indicates the IP address that will receive all IGMP host reports and where you can leave messages. This option is enabled when IGMP version 2 is configured.

Enter the Helper Address in the IP Address format.

Group Configuration

 

Action

Select the required option to add values to, or to make no change to the Group Configuration group of fields.

   

ACL to control joining of Multicast Group

Allows you to control the multicast groups. You can enter either the IP access list name or number. The valid range is between 1 - 99.

   

Join Group Multicast Address (multiple addresses should be separated by commas)

Adds Join Group Multicast Address to the Multicast Address table. Enter the addresses, separated by commas.

   

Static Group Multicast Address (multiple addresses should be separated by comma)

Adds Static Group Multicast Address to the Multicast Address table. Enter the addresses, separated by commas.

   

Populate for all Groups

Allows you to apply the configuration to all groups.


Click on Applicable Devices to view the devices in your selection, to which this task applies.

For more information regarding the IP addresses and IP multicast addresses refer to:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_command_reference_list.html

Interface IP Address Configuration Task

You can use this task to configure the IP address of a cable interface.


Note You can apply this task only on a single IOS device at a time. For details, see Table 9-3.


You can enter the details of this task in the Interface IP Address Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Interface IP Address Configuration dialog box are:

Group
Sub-group
Field
Description

Cable Parameters

     

Interface IP Configuration

 

Cable Interface

Select the required cable interface for configuring the IP address, or select Not Selected to make no change to any previous selection:

Not Selected

FastEthernet0/0

FastEthernet0/1

Cable1/0

   

Action

Select the required action:

No Change—Makes no change to the IP Addresses

Replace—Replaces the IP Addresses

Remove Primary—Removes the primary IP Address.

Remove Secondary—Removes the secondary IP Address.

Remove All—Removes both primary and secondary IP Addresses.

 

IPAddress

Primary

Enter the primary IP address.

   

Secondary

Enter the secondary IP address.

 

Subnet Mask

Primary

Enter the primary subnet mask.

   

Secondary

Enter the secondary subnet mask.



Note The values for interfaces are as returned by device.


Click on Applicable Devices to view the devices in your selection, to which this task applies.

Internet Key Exchange (IKE) Configuration Task

Use the Internet Key Exchange (IKE) Configuration System task to configure IPSec on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

PIX OS

For more details, see Table 9-3.

You can enter the details of this task in the IKE Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

IOS Parameters

     

ISAKMP

Action

Select to enable, disable, or make no change to ISAKMP.

ISAKMP Policy

ISAKMP Policy Priority

Action

Select to add, remove, or make no change to ISAKMP policy priority.

   

Priority [1-10000]

Enter the policy priority number

Value must be between 1—10000.

 

Encryption

Action

Select to enable, disable, or make no change to encryption type.

   

Type

Select the type of encryption for the policy:

3des

des

 

Hash

Action

Select to enable, disable, or make no change to the hash algorithm.

   

Algorithm

Select the type of hash algorithm:

sha

md5

 

Authentication

Action

Select to enable, disable, or make no change to the authentication method.

 

Method

Select the type of authentication method:

rsa-sig

rsa-encr

pre-share

 

Group

Action

Select to enable, disable, or make no change to the Diffie-Hellman group identifier group.

   

Value

Enter the Diffie-Hellman group identifier.

Value must be 1 or 2.

 

Lifetime

Action

Select to enable, disable, or make no change to the lifetime value.

   

Seconds [60-86400]

Enter the lifetime value in seconds.

Value must be between 60—86400 seconds.

PIX Parameters

     

ISAKMP

Action

Select to enable, disable, or make no change to ISAKMP.

   

Interface

Select the interface:

Inside

Outside

ISAKMP Policy

ISAKMP Policy Priority

Action

Select to add, remove, or make no change to ISAKMP policy priority.

   

Priority [1-65534]

Enter the policy priority number

Value must be between 1—10000.

 

Encryption

Action

Select to enable, disable, or make no change to encryption type.

   

Type:

Select the type of encryption:

aes

aes-192

aes-256

des

3des

 

Hash

Action

Select to enable, disable, or make no change to the hash algorithm.

   

Algorithm

Select type of hash algorithm:

sha

md5

 

Authentication

Action

Select to enable, disable, or make no change to the authentication method.

 

Method

Select the type of authentication method:

rsa-sig

pre-share

 

Group

Action

Select to enable, disable, or make no change to the Diffie-Hellman group identifier group.

   

Value

Enter the Diffie-Hellman group identifier.

Value must be 1, 2 or 5.

 

Lifetime

Action

Select to enable, disable, or make no change to the lifetime value.

   

Seconds [120-86400]

Enter the lifetime in seconds.

Value must be between 120—86400 seconds.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

NTP Server Configuration Task

You can use the NTP Server system-defined task to configure Network Time Protocol (NTP) on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

CSS

CE

For more details, see Table 9-3.

You can enter the details of this task in the NTP Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

Common Parameters

NTP Server

Action

Select to add, remove, or make no change to Network Time Protocol.

   

Host Name/IP Address

Enter IP address of NTP server to which devices will send time-of day requests.

IOS Parameters

NTP Server

Server Type

Select the required server type.

   

Version

Select the server version.

   

Server Key (0-4294967295)

Enter the NTP server Key. The value must be between 0—4294967295.

   

Verify Server Key

Re-enter the Key to confirm.

   

Source Interface (Interface Name)

Enter the source interface name.

   

Preferred

Select an option to specify whether it is a preferred interface.

 

NTP Authentication Key

Action

Select to add, remove, or make no change to the NTP authentication Key.

   

Number [1 to 4294967295]

Enter the number of Key bits. The value must be between 1 to 4294967295 Key bits.

   

Verify Number

Re-enter the number to confirm.

   

MD5 Number (Max 8 chars)

Enter the MD5 number. It should be a maximum of 8 characters.

 

NTP Authentication

NTP Authentication

Select to enable, disable, or make no change to NTP authentication.

 

NTP Calendar

Action

Select to add, remove, or make no change to the NTP calendar.

 

NTP Access Group

Action

Select to add, remove, or make no change to the NTP access group.

   

Access Type

Select the required action type:

QueryOnly

ServeOnly

Serve

Peer

   

ACL Number [1-99]

Enter the ACL number. It should be a value between 1 and 99.

 

NTP Trusted Key

Action

Select to add, remove, or make no change to the NTP trusted Key.

   

Key Number [1-4294967295]

Enter the Key number. It must be a value between 1—4294967295.

   

Verify Key Number

Re-enter the Key number to verify.

CatOS Parameters

NTP Server

Server Key [Range:1 to 4292945295]

Enter the NTP server Key. The value must be between 1 to 4292945295.

   

Verify Server Key

Re-enter the Key to confirm.

 

NTP Client

Client Action

Select to enable, disable, or make no change to NTP client.

 

NTP Authentication

NTP Authentication

Select to enable, disable, or make no change to NTP authentication.

 

NTP Key

Action

Select to add, remove, or make no change to the NTP Key.

   

Key Number [1 to 4292945295]

Enter the NTP server Key. The value must be between 1 to 4292945295.

   

Verify Key Number

Re-enter the Key to confirm.

   

Type

Select the required Key type.

   

MD5 Number [Max 32 chars]

Enter the MD5 number. It should be a maximum of 32 characters.

CE Parameters

NTP Server

Action

Select to enable, disable, or make no change to the NTP server.

   

Server Type

Select the required server type.

CSS Parameters

 

NTP Server Version

Select the required NTP server version.

 

NTP Server Poll Interval

Action

Select to add, remove, or make no change to the NTP poll interval.

   

Poll Interval [16-16284 seconds]

Specify the poll interval. The value must be between 16—16284 seconds.


RADIUS Server Configuration Task

You can you use the RADIUS system-defined task to configure RADIUS on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

CSS

CE

For more details, see Table 9-3.

You can enter the details of this task in the RADUIS Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

Common Parameters

     

Host Configuration

 

Action

Select to enable, disable, or make no change to the server configuration.

   

Server Name

Enter the server name.

   

Auth Port (0-65536)

Enter port used for authentication by RADIUS server.

Key Configuration

 

Action

Select to enable, disable, or make no change to the key configuration.

   

Key

Enter RADIUS authentication and encryption key string used by server specified in Host area.

   

Verify

Re-enter RADIUS key.

Login Authentication

Action

Select to enable, disable, or make no change to the login authentication.

This is not applicable for CSS

 

RADIUS Credentials (Update RME creds)

Username

Enter the username. For details see Understanding the NetConfig Credentials Configuration Tasks.

In case of CSS devices, this value will be used to update the Primary login details.

   

Password

Enter the password. For details see Understanding the NetConfig Credentials Configuration Tasks.

In case of CSS devices, this value will be used to update the Primary login details.

   

Verify

Re-enter the password to verify. For details see Understanding the NetConfig Credentials Configuration Tasks.

In case of CSS devices, this value will be used to update the Primary login details.

IOS Parameters

     

Login Authentication

List

Name

Enter default or named list.

   

Set to Default

Select the set the default list.

 

Type

Options

(Drop-down list 1)

Select the required option;

No Choice

radius

tacacs+

line

enable

local

none

Similarly, select the type from the other three drop-down lists.

New Model

 

Action

Select to enable, disable, or make no change to new model state.

Enable mode Authentication

 

Action

Select to add, remove, or make no change to the enable mode authentication.

 

Credentials

Username

Enter the enable username.

   

Password

Enter the enable password.

   

Verify

Re-enter the enable password.

 

Type

Options

(Drop-down list 1)

Select the required option:

No Choice

radius

tacacs+

line

enable

local

none

Similarly, select the type from the other three drop-down lists.

Content Engine Parameters

   

No category-specific commands.

CSS Parameters

Host Configuration

Action

Select to enable, disable, or make no change to the host configuration.

   

Secondary Server Name (Host Name or IP Address)

Enter the secondary server hostname or IP address.

   

Secondary Server Key

Enter the key for the secondary server. Defines the secret string for authentication transactions between the RADIUS server and the CSS. Enter a case-sensitive string with a maximum of 16 characters.

   

Verify

Re-enter the key to verify.

   

Authentication Port (1-65535)

Enter custom authentication port of RADIUS server. Value must be between 0-65535.

Optional field. Defines the UDP port on the secondary RADIUS server that receives authentication packets from clients. Enter a number from 0 to 65535. The default is 1645.

Other Parameters

 

Dead Time in seconds (1-255)

Enter the dead time in seconds. the value must be between 0—255.

Enter a number from 0 to 255. The default is 5.

If you enter 0, the dead time is disabled and the CSS does not send probe access-request packets to the non-responsive server. This command applies to primary and secondary servers.

   

Remove

Select to remove the dead time specification. Use the no form of this command to reset the dead-time period to its default of 5 seconds.

   

Retransmit (1-30)

Enter the retransmit value (between 1—30). Number of times that the CSS retransmits an authentication request. Enter a number from 1 to 30. The default number is 3.

   

Remove

Use the no form of this command to reset the retransmission of authentication request to its default of 3.

   

Source Interface Host (Host Name or IP Address)

Enter the source interface hostname or IP address.

Source Interface Host configuration is required to accept authentication from the RADIUS client. Note that this IP interface address is used for the NAS-IP-Address RADIUS attribute in the RADIUS Authentication Request.

   

Remove

Select to remove the source interface specification.

   

Timeout (1-255):

Enter the timeout value (between 1—2555). Timeout specifies the interval that the CSS waits for a reply to a RADIUS request before retransmitting requests to the RADIUS server.

   

Remove

Select the remove option to reset the interval to its default of 10 seconds.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

RCP Configuration Task

You can use the RCP system-defined configuration task to configure rcp on devices.

This task supports the IOS category of device including Cable devices.

For more details, see Table 9-3.

You can enter the details of this task in the RCP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box)

The fields in the RCP Configuration dialog box are:

Group
Sub-group
Field
Description

IOS Parameters

Enable

Action

Select to enable or disable rcp state.

To make rcp setup changes without enabling or disabling rcp, select No Change.

 

RCP User Setup

Action

Select the required option to add to, or to remove current user from rcp authentication list.

To make rcp setup changes without enabling or disabling rcp, select No Change.

   

Local Username

Enter local name of user whose rcp access you are modifying.

   

Remote Host

Enter IP address of remote host from which local device will accept remotely executed commands.

   

Remote Username

Enter username on remote host from which device will accept remote commands.

   

Enable Mode Commands

Click to allow remote user to run enable commands using rsh or to copy files to device using rcp.

   

add/remove

Click add to add current user to rcp authentication list.

Click remove to remove current user from rcp authentication list.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Reload Task

You can use the Reload task to schedule reload of devices. This task supports the IOS, Cat OS, SFS, NAM, CE, FastSwitch, PIX, CSS and Cable categories of devices. For more details, see Table 9-3.

You can enter the details of this task in the Reload Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box)

The fields in the Reload Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Reload

Action

Select either:

Reload to enable reloading selected devices.

or

No Change if you do not want to schedule a reload for the selected devices.

IOS Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.

CatOS Parameters

   

No category-specific parameters.

CE Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.

NAM Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.

SFS Parameters

   

No category-specific parameters.

Fast Switch parameters

   

No category-specific parameters.

PIX Parameters

   

No category-specific parameters.

CSS Parameters

   

No category-specific parameters.

Cable Parameters

Do not Save config before reload

Action

You can:

Check this option if you do not want to save the configurations before reloading.

or

Uncheck this option if you want to save the configurations before reloading.


For each device category, click on Applicable Devices to view the devices in your selection, to which the reload task applies.

SNMP Community Configuration Task

You can use the SNMP Community Configuration system-defined task to replace, add, and remove device SNMP community strings.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

Content Engine

CSS

NAM

PIX OS

For more details, see Table 9-3.

You can enter the details of this task in the SNMP Community Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Community Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Read-only

Action

Select an option to replace, add, remove, or make no change to a read-only SNMP community string.

If you select Replace, the new community string replaces the corresponding community string in the Device and Credential Repository (DCR). This action also deletes the current SNMP credentials on the device.

If you select the Add or Remove option, the new SNMP community strings are configured in the device alone and DCR is untouched.

However if you select Replace, then the new SNMP community strings replace the community strings in the device as well as in DCR.

If you select No Change, no change will be made to the Read-only Community string.

   

Community String

Enter the community string.

   

Verify

Re-enter the community string.

 

Read-write

Action

Select an option to replace, add, remove, or make no change to a read-write SNMP community string.

If you select Replace, the new community string replaces the corresponding community string in the Device and Credential Repository.

If you select Add or Remove, the new SNMP community strings are configured in the device alone and DCR is untouched.

However if you select Replace, then the new SNMP community strings replace the community strings in the device as well as in DCR.

If you select No Change, no change will be made to the Read-write Community string.

   

Community String

Enter the community string.

   

Verify

Re-enter the community string.

IOS Parameters

Setup View (Optional)

MIB View (Optional)

Enter name of a previously defined view that defines objects available to community.

Optional field.

   

OID -Tree

Indicates the Object Identifier of ASN.1 subtree to include or exclude from the view.

To identify an Object Identifier ASN.1 subtree, enter a numerical string such as 1.3.6.2.4 or a word such as system.
To identify a subtree family, enter a wildcard, an asterisk (*), such as 1.3.*.4.

Enter the MIB OID-Tree name.

   

Type

Include or exclude all the objects specified in the MIB OID subtree you identified in the previous field. Select Included or Excluded from the drop down list.

 

Access List (Optional)

Access List (Optional)

Enter integer from 1 to 99 to specify a named or numbered access list of IP addresses allowed to use the community string to access SNMP agent.

Optional field.

CatOS Parameters

   

No category-specific parameters.

CE Parameters

   

No category-specific parameters.

PIX Parameters

   

No category-specific parameters.

CSS Parameters

   

No category-specific parameters.

NAM Parameters

   

No category-specific parameters.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

SNMP Security Configuration Task

You can use this task to configure SNMP Security feature on the following device categories:

IOS (including Cable devices)

Content Engine

For more details, see Table 9-3.

You can enter the details of this task in the SNMP Security Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Security Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

 

Action

Select an option, to add, remove, or make no change to the common parameters.

   

(Drop-down list)

Select the required option for SNMP Groups/Users:

Group & Users

Group

Users

When you select the Group option while adding task instances for this task, the user fields will not be disabled. This is because NetConfig needs the user information for configuring SNMP group commands in Catalyst OS devices.

   

Group Name

Enter the group name. Indicates the SNMP Group in the SNMP protocol context.

   

SNMP Versions

Select the SNMP version.

SNMP version 1 and version 2 have No Auth and No Privacy. Version 3 has all levels of security.

 

Users *

- The entries in the first row will be updated in Device and Credential Repository

User Names

Authen Pswds

Authen Algorithm

Privacy Paswds

Username—Indicates the name of the user in the SNMPv3 protocol.

Authenticating Passwords—Indicates that the user is part of the group that is assigned Auth No Privacy or Auth Privacy security level.

Authenticating Algorithm—Indicates the authenticating algorithm is assigned to a group with Auth No Privacy or Auth Privacy security levels.

Privacy passwords—Indicates user is part of a group assigned Auth Privacy level of security.

You can specify up to five usernames, enter authentication passwords, select the authentication algorithm and specify the privacy passwords.

 

Config Access Control [optional]

 

This section allows you to configure access options for an SNMP group.

   

Read View

Specify the read view. This view can be viewed by users assigned to a specified group. Indicates an alphanumeric label, not exceeding 64 characters, for the SNMP view entry you are creating or updating.

   

Write View

Specify the write view. Allows all users in the specified group to add, modify, or create a configuration.

   

Notify View

Specify the notify view. This view notifies all the users in the specified group.

IOS Parameters

Access Control (optional)

Access List [1-99]

Enter the number of an Access List (1—99).

 

Engine ID [optional]

Action

Select to add, remove, or make no change to the engine configuration. SNMP Engine ID is an identification name for the local or remote SNMP engine.

   

Type

Select the type of engine:

Local—Local SNMP server engine.

Remote—Remote SNMP server engine.

   

ID

Enter the Engine ID (identification name for the local or remote SNMP engine). MIB OID Tree- Indicates the Object Identifier of ASN.1 subtree to include or exclude from the view.

To identify an Object Identifier ASN.1 subtree, enter a numerical string such as 1.3.6.2.4 or a word such as system.
To identify a subtree family, enter a wildcard, an asterisk (*), such as 1.3.*.4.

   

Remote host

Enter the hostname or IP address of the remote SNMP entity to which the user belongs.

Content Engine Parameters

 

Remote Engine ID [Optional]

Enter the remote engine ID (identification name). This is an optional field.


The SNMP Security template enables you to configure Groups as well as Users with certain privileges. These Groups can be rolled back but the Users cannot be rolled back.

This is because the User details will not be available in the running configuration. Since NetConfig uses the running config to do roll back, rolling back Users is not possible.You should run a separate job to remove or add Users as required.

For each device category, click on Applicable Devices to view the devices in your selection.

For more information on how to configure SNMP, refer to:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_installation_and_configuration_guides_list.html

SNMP Traps Configuration Task

You can use this task to configure the host, trap notification, and trap/inform parameters. You can specify security parameters to communicate securely with the SNMP host. See SNMP Security Configuration Task to configure the SNMP security.

The following device categories are supported by this task:

IOS (including Cable devices)

Catalyst OS

Content Engine

CSS

NAM

For more details, see Table 9-3.

You can enter the details of this task in the SNMP Traps Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Traps Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Traps Notification

Action

Select to enable, disable, or make no change to the traps notification configuration.

If you select Enable, the server will receive SNMP traps.

If you select Disable the server will not receive any SNMP traps.

IOS Parameters

   

Traps Notification Options

Type

Environmental

Select this to send only environmental traps to the host.

   

SNMP

Select this to send the SNMP traps to the host.

Host Configuration

 

Action

Select to add, remove, or make no change to the host configuration.

   

Username

Specific the user name that is used for authentication. This field is available when No Authentication, Authentication or Privacy are selected.

   

Host

Enter the hostname or IP address.

   

SNMP Security

Select the SNMP security method:

SecureV2c

NoAuthenticationV3

AuthenticationV3

PrivacyV3

None

   

Notification Type

Select the notification type:

Trap

Inform

   

UDP Port [0-65535]

Indicates the port that will receive the SNMP requests.

The range for a valid port number between 0—65535. The default is 162.

 

Community String

String

Enter the community string.

   

Verify

Re-enter the community string to confirm.

 

Direct Traps To Host

Environmental

Select this to send only environmental traps to the host.

   

SNMP

Select this to send the SNMP traps to the host.

Trap/Inform Configuration

Traps Message

Action

Select to change, replace, disable or make no change to the trap configuration.

   

Trap Timeout [1-1000 s]:

Specify the trap timeout value. This must be between 1—1000 seconds.

   

Trap Queue Length [1-1000 events]:

Specify the trap queue length. the number of events that you specify must be between 1—1000.

 

Inform Request

Action

Select to replace, disable, or make no change to the inform request.

   

Inform Retries [0-100]

Enter the inform retires. The value should be between 0—100.

   

Inform Timeout [0-4294967295]

Specify the inform timeout value. This must be between 0—4294967295.

   

Inform Pending [0-4294967295]

Specify the inform pending value. This must be between 0—4294967295.

CatOS Parameters

Host Configuration

Action

Select to add, remove, or make no change to the host configuration.

   

Host

Enter the hostname or IP address.

   

Community String

Enter the community string.

   

Verify

Re-enter the community string to confirm.

ContentEngine Parameters

Host Configuration

Action

Select to add, remove, or make no change to the host configuration.

   

Host

Enter the hostname or IP address.

   

Community String

Enter the community string.

   

Verify

Re-enter the community string to confirm.

   

SNMP Security

Select the SNMP security method.

PIX Parameters

Host Configuration

Action

Select to add, remove, or make no change to the host configuration.

   

Host

Specify an IP address of the SNMP management station to which traps should be sent and/or from which the SNMP requests come. You can specify up to five SNMP management stations.

   

Interface

Select the interface:

Inside [default]

Outside

   

Notification Type

Select the notification type:

Trap & Poll [default]—Allows both traps and polls to be acted upon.

Trap—Only traps will be sent. This host will not be allowed to poll.

Poll—Traps will not be sent. This host will be allowed to poll.

CSS Parameters

 

Action

Select to add, remove, or make no change to the parameters such as host name or IP address, trap community, source IP address in traps, specific host, trap type, event, etc.

   

Host Name or IP Address

Enter the hostname or IP address of an SNMP host that has been configured to receive traps. A maximum of 5 hosts can be configured.

   

Trap Community

Enter the trap community string/name to use when sending traps to the specified SNMP host. Enter an unquoted text string with no spaces and a maximum length of 12 characters.

   

Verify

Re-enter the trap community string to confirm.

   

Source IP Address in Traps

Select the source IP address in traps. To set the source IP address in the traps generated by CSS select one of these options:

Egress Port—Obtains the source IP address for the SNMP traps from the VLAN circuit IP address configured on the egress port used to send the trap.

You do not need to enter an IP address because the address is determined dynamically by the CSS.

Management—Places the management port IP address in the source IP field of the trap. This is the default setting.

Specific Host—Allows the user to enter the IP address to be used in the, source IP field of the traps.

Enter the IP address in dotted-decimal notation (for example, 192.168.11.1) in the Specific Host field (the next field).

No Change (No change will be made to the source IP address if you select this option.)

   

Specific Host

In the previous field, that is, Source IP Address in Traps, if you have selected the Specific Host option, then specify the IP Address of the specific host in this field.

   

Trap Type

Select the trap type:

No Change (No change will be made to the trap type if you select this option).

Enterprise—When you use this keyword alone, it enables enterprise traps. You must enable enterprise traps before you configure an enterprise trap option.

Generic—The generic SNMP traps consist of cold start, warm start, link down, and link up.

   

Event

Select the event:

None

Module Transition

Power Supply Transition

Illegal Packet DOS attack

LAND DOS attack

Smurf DOS attack

SYN DOS attack

Lifetick message failure

Login Failure

System reload

Reporter state transitions

Service transition

NAM Syslog Host Configuration Parameters

 

Action

Select to add, remove, or make no change to the syslog host configuration.

   

Index[1-65535]

Enter the syslog host index. The value should be between 1—65535.

   

Host IP Address

Enter the host name or IP address.

   

Community String

Enter the community string.

   

Verify

Verify the community string.

   

UDP Port[1-65535]

Enter the UDP port. The value should be between 1—65535.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

For more information regarding configuring SNMP, refer to

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_installation_and_configuration_guides_list.html

Syslog Task

You can use the Syslog system-defined task to configure the collection of syslog messages from devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Content Engine

CSS

NAM

PIX OS

For more details, see Table 9-3.

You can enter the details of this task in the Syslog Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Syslog Configuration dialog box are:

Group
Sub-group
Field
Description

Common Parameters

Logging Host

Action

Select the required option to enable, disable, or make no change to list of hosts that receive syslog messages.

   

Ex: host1.domain,host2,1.2.3.4:

Enter IP address of hosts to add or remove from list of hosts that receive syslog messages.

Separate multiple addresses with commas.

IOS Parameters

     

Logging On

 

Action

Select the required option to enable, disable, or make no change to syslog state.

Select No Change to make syslog setup changes without enabling or disabling syslog logging.

Logging Facility

 

Action

Select the required option to enable, disable, or make no change to syslog logging facility.

   

Parameter

Select the logging facility to which to log syslog messages.

Logging Level

Buffered

Action

Select the required option to enable, disable, or make no change to the buffered logging level.

   

Conditions

Select the required logging level from the drop-down list:

Default

alerts

critical

debugging

emergencies

errors

informational

notifications

warnings

 

Console

Action

Select the required option to enable, disable, or make no change to the console logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Monitor

Action

Select the required option to enable, disable, or make no change to the monitor logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Trap

Action

Select the required option to enable, disable, or make no change to the trap logging level.

   

Conditions

Select the required logging level from the drop-down list.

CatOS Parameters

     

Console Logging On

 

Action

Select the required option to enable, disable, or make no change to console logging.

Server Logging On

 

Action

Select the required option to enable, disable, or make no change to server logging.

Logging Level

 

Action

Select the required option to enable, disable, or make no change to the logging level.

   

Facility

Select the logging facility to which to log syslog messages.

   

Level

Select the required logging level from the drop-down list.

Content Engine Parameters

     

Logging On

 

Action

Select the required option to enable, disable, or make no change to logging.

Destination

 

Console

Select this option to specify the console as the logging destination.

   

Disk

Select this option to specify the disk as the logging destination.

Logging Facility

 

Action

Select the required option to enable, disable, or make no change to syslog logging facility.

   

Parameter

Select the logging facility to which to log syslog messages.

Logging Priority

Console

Action

Select the required option to enable, disable, or make no change to the console logging priority.

   

Conditions

Select the required logging priority from the drop-down list.

 

Disk

Action

Select the required option to enable, disable, or make no change to the disk logging priority.

   

Conditions

Select the required logging priority from the drop-down list.

 

Host

Action

Select the required option to enable, disable, or make no change to the host logging priority.

   

Conditions

Select the required logging priority from the drop-down list.

PIX Parameters

 

Time Stamp

Select the required option to enable, disable, or make no change to the time stamp specification.

   

Logging On

 

Logging Facility

 

Action

Select the required option to enable, disable, or make no change to syslog logging facility.

   

Parameter

Select the logging facility to which to log syslog messages.

Message

 

Action

Select the required option to enable, disable, or make no change to the syslog message configuration.

   

Syslog Message ID

Enter the syslog message ID.

   

Conditions

Select the required logging level from the drop-down list.

Logging Level

Buffered

Clear Buffer

Select to clear the buffer.

   

Action

Select the required option to enable, disable, or make no change to the buffered logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Console

Action

Select the required option to enable, disable, or make no change to the console logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Monitor

Action

Select the required option to enable, disable, or make no change to the monitor logging level.

   

Conditions

Select the required logging level from the drop-down list.

 

Trap

Action

Select the required option to enable, disable, or make no change to the trap logging level.

   

Conditions

Select the required logging level from the drop-down list.

CSS Parameters

 

Facility

Select the logging facility to which to log syslog messages.

   

Logging Level

Select the required logging level from the drop-down list.

   

CLI Command

Select the required option to add, remove, or make no change to the CLI commands.

 

Logging to Disk

Disk

Select the required option to add, remove, or make no change to logging to disk.

   

Logfile Name

Enter the log file name.

   

Buffer

Select the required option to add, remove, or make no change to the buffer configuration.

   

Size [0-64000]

Enter the size of the buffer. Enter a value between 0—64000 bytes.

   

To sys.log

Select the required option to add, remove, or make no change to the option to log to a file called sys.log.

 

Logging to Line

Line

Choose this option to send the log activity of a subsystem to an active CSS session.

   

Active Session Name

Enter the name of the active session. Enter a case-sensitive unquoted text string with a maximum length of 32 characters.

 

Logging to Mail

Send Mail

Select the required option to add, remove, or make no change to the e-mail option.

   

Mail Address

Enter the e-mail IDs (comma separated).

   

SMTP Host (Name or IP Address)

Enter the SMTP hostname or the IP address.

   

Logging Level

Select the required logging level from the drop-down list.

   

Domain Name (Optional)

Enter the domain name of the SMTP host. This is an optional field.

NAM Parameters

MIB Threshold

Local

Select the required option to enable, disable, or make no change to the local MIB threshold.

   

Remote

Select the required option to enable, disable, or make no change to the remote MIB threshold.

 

Voice

Local

Select the required option to enable, disable, or make no change to the voice (local).

   

Remote

Select the required option to enable, disable, or make no change to the voice (remote).

 

System

Local

Select the required option to enable, disable, or make no change to system (local).

   

Remote

Select the required option to enable, disable, or make no change to system (remote).

 

Debug

System

Select the required option to enable, disable, or make no change to Debug (system).


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

SSH Configuration Task

You can use the SSH system-defined task to configure SSH on devices.

The following device categories are supported by this task:

IOS (including Cable devices)

Content Engine

CSS

NAM

For more details, see Table 9-3.

You can enter the details of this task in the SSH Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For this task to work correctly, you must use any CLI-based protocol (Telnet or SSH) as the download protocol.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Group
Sub-group
Field
Description

Common Parameters

Key Configuration

Action

Select the required option to enable, disable, or make no change to the key configuration.

IOS Parameters

Prerequisites

 

The Hostname and Domain name need to be configured for the devices.

 

Key Configuration

Number of Key Bits [360-2048]

Enter the number of Key bits to be used for Key generation. The value must be between 360-2048 Key bits.

 

Timeout

Action

Select the required option to add, remove, or make no change to the timeout value.

   

Timeout Value [1-120):]

Enter timeout value for SSH sessions. The value should be between 1—120.

 

Retries

Action

Select the required option to add, remove, or make no change to the number of retries.

   

Number of Retries [1-5]

Enter the number of retries allowed. The number must be between 1—5.

CE Parameters

SSH Prerequisites

SSH Daemon

Select the required option to enable, disable, or make no change to the SSH daemon.

   

Number of Key Bits [512-2048]

Enter the number of Key bits to be used for Key generation. The value must be between 512—2048 Key bits.

   

SSH Timeout

Enter login grace time value in seconds for SSH sessions. Value must be between 1-99999.

   

Password-guesses [1-99]

Specify the number of password retries allowed. The value must be between 1—99.

CSS Parameters

 

Number of Server Key Bits [512-32768]

Enter the number of Key bits to be used for Key generation. The value must be between 512—32768 Key bits.

 

Port

Action

Select the required option to enable, disable, or make no change to the port configuration.

   

Port Number [22-65535]

Enter the port number. This value can be between [22-65535]

   

KeepAlive

Select the required option to add, remove, or make no change to keepalive.


For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

TACACS Configuration Task

You can use the TACACS system-defined task to configure TACACS authentication.

This task supports the IOS device category including Cable devices.

For more details, see Table 9-3.

You can enter the details of this task in the TACACS Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

Common Parameters

     

Server Configuration

 

Action

Select to enable, disable, or make no change to the TACACS Server configuration.

   

Hostname or IP Address

Enter the hostname or the IP address of the TACACS server.

Login Authentication

 

Action

Select to enable, disable, or make no change to the login authentication details.

 

Credentials

Username

Enter the username. These values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

   

Password

Enter the enable password. For details see Understanding the NetConfig Credentials Configuration Tasks.

   

Verify

Re-enter the enable password. For details see Understanding the NetConfig Credentials Configuration Tasks.

IOS Parameters

     

Server Retransmit

 

Action

Select to enable, disable, or make no change to the server retransmit configuration.

   

Retries [0-100]

Enter the number of re-tries.

Server Timeout

 

Action

Select to enable, disable, or make no change to the server timeout value.

   

Timeout [1-1000]

Enter the timeout value.

Enable mode Authentication

 

Action

Select to enable, disable, or make no change to the enable mode authenticating.

 

Credentials

Username

Enter the username

   

Password

Enter the enable password.

   

Verify

Re-enter the enable password.


TACACS+ Configuration Task

You can use the TACACS+ system-defined template to configure TACACS+ on devices.

This task supports the following device categories:

IOS (including Cable devices)

Catalyst OS

Content Engine

NAM

For more details, see Table 9-3.

You can enter the details of this task in the TACACS+ Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group
Sub-group
Field
Description

Common Parameters

   

TACACS Server Configuration

Server

Action

Select to enable, disable, or make no change to the TACACS Server configuration.

   

Hostname or IP Address

Enter the hostname or the IP address of the TACACS server.

 

Key

Action

Select to add, remove, or make no change to the TACACS encryption Key.

   

Key

Enter the TACACS encryption key. The key is used to set authentication and encryption. This key must match the key used on the TACACS+ daemon. The key can be of any size.

   

Verify Key

Re-enter the Key to confirm.

Login Authentication

Action

Select to enable, disable, or make no change to the TACACS+ authentication.

If login authentication is enabled, then when you try to login to the device, you are authenticated by the TACACS server.

If login authentication is disabled, then you are not authenticated by the TACACS server when you log in to the device.

 

Credentials

Username

Enter TACACS+ username. These values are entered in the Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.

Also see .

   

Password

Enter TACACS+ password. For details see Understanding the NetConfig Credentials Configuration Tasks.

   

Verify

Re-enter the password to confirm. For details see Understanding the NetConfig Credentials Configuration Tasks.

IOS Parameters

     

Enable mode Authentication

 

Action

Select to enable, disable, or make no change to the enable mode authenticating.

Also see .

 

Credentials

Password

Enter the enable password.

   

Verify

Re-enter the enable password.

 

List

Name

Enter default or named list.

   

Set to Default

Select the set the default list.

 

Type

(Drop-down list 1)

Select the required option:

No Choice

radius

tacacs+

line

enable

local

none

Similarly, select the type from the other three drop-down lists.

 

New Model

Action

Select to enable, disable, or make no change to new model state.

CatOS Parameters

     

Enable mode Authentication

 

Action

Select to add, remove, or make no change to the enable mode authentication.

 

Credentials

Password

Enter the enable password.

   

Verify

Re-enter the enable password.

 

Server Options

Primary

Click to designate specified server as primary TACACS server.

   

All

Click to clear all hosts from list of TACACS servers, if you selected remove in Action field.

ContentEngine Parameters

Server Option

Primary

Select to specify the server as primary.

 

Password Option

ASCII Password

Select for an ACSII password.

 

Connection Options

Timeout

Enter the timeout value.

   

Retries

Enter the number of re-tries.

NAM Parameters

   

No category-specific commands

The TACACS Server Key should be DES encrypted NAM devices.


At the time of enabling login authentication or enable mode authentication, it is mandatory for you to enter the username and password.

At the time of disabling login authentication or enable mode authentication, these fields are optional. While disabling login authentication or enable mode authentication, if username and password are not provided, then the corresponding fields in DCR are cleared and left blank.

This may make the device unreachable. Therefore we recommend that you provide the username and password at the time of disabling login authentication.

Telnet Password Configuration Task

You can use the Telnet Password system-defined configuration task to change the Telnet password on devices.

This task supports the following device categories:

IOS (including Cable devices)

Catalyst OS

PIX OS

For more details, see Table 9-3.

You can enter the details of this task in the Telnet Password Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

For details on the NetConfig credentials configuration tasks, see Understanding the NetConfig Credentials Configuration Tasks.

If you change the Telnet password on a Catalyst device with an RSM module using this template, the RSM Telnet password is also changed.

The fields in the Telnet Password Configuration dialog box are:

Group
Sub-group
Field
Description

IOS Parameters

Vty Lines

Action

Select an option to enable, disable, or make no change to the Vty Line password.

   

Password

Enter the Vty Line password. If you select vty, change affects all device vty lines, and Device and Credential Repository is updated with new password.

   

Verify

Re-enter the Vty Line password to confirm.

 

Console Line

Action

Select an option to enable, disable, or make no change to the Console Line password.

   

Password

Enter the Console Line password.

   

Verify

Re-enter the Console Line password to confirm.

 

Aux Line

Action

Select an option to enable, disable, or make no change to the Auxiliary Line password.

   

Password

Enter the Aux Line password.

   

Verify

Re-enter the Aux Line password to confirm.

CatOS Parameters

Telnet Password

Action

Select an option to enable, disable, or make no change to the telnet password.

Device and Credential Repository is updated with new password.

   

Password

Enter the Telnet password.

   

Verify

Re-enter the Telnet password to confirm.

   

Apply command on modules

Disable will set an empty password

Select this option to update only the non IP addressable modules.

If you select the Action as Disable, the password will be removed.

PIX Parameters

 

Action

Select the required option to replace, reset, or make no change to the password.

   

Password

Enter the password.

   

Verify

Re-enter the password to confirm.

   

Encrypted Password

Select this option, if the password you are entering is already encrypted.


Transform System-Defined Task

You can use the Transform system-defined task to configure IPSec on devices. You must configure the IKE configuration system-defined task before configuring the Transform system-defined task.

This task supports the following device categories:

IOS (including Cable devices)

PIX OS

For more details, see Table 9-3.

You can enter the details of this task in the Transform Set Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Transform Set Configuration dialog box are:

Group
Sub-Group
Field
Description

IOS Parameters

     

Security Association Configuration

Seconds Configuration

Seconds [120-86400]

Enter number of seconds that will be used for negotiating IPSec SA.

   

Remove

Select this option to remove any previously specified seconds value.

 

Kilo Bytes Configuration

Kilo Bytes [2560-536870912]

Enter the amount of traffic in kilobytes that will be used for negotiating IPSec SA.

Value must be between 2560-536870912.

   

Remove

Select this option to remove any previously specified kilobytes value.

 

IPSec Transform Set Configuration

Note: Only for IOS 12.1 and higher.

Action

Select a required option to add, remove or make no change to transform set configuration.

This sub-group of fields is applicable only to IOS version 12.1 and above.

   

Transform Set Name

Enter a name for the transform set.

   

Auth Header

Select the type of authentication algorithm.

   

ESP Encryption

Select the type of encryption algorithm with ESP.

   

ESP Authentication

Choose type of authentication algorithm with ESP.

   

IP Compression

Select to use IP compression with LZS algorithm.

This cannot be selected alone.

   

Transport Mode

Select the mode of transport.

PIX Parameters

     

Security Association Configuration

 

Seconds [120-86400]

Enter the number of seconds that will be used for negotiating IPSec SA.

The value must be between 120—86400 seconds.

   

Kilo Bytes

Enter the amount of traffic in kilobytes that will be used for negotiating IPSec SA.

The value must be between 2560—536870912 kilo bytes.

IPSec Transform Set Configuration

 

Action

Select the required option to add, remove or make no change to transform set configuration.

   

Transform Set Name

Enter name for the transform set.

   

Auth Header

Select the type of authentication algorithm.

   

ESP Encryption

Select the type of encryption algorithm with ESP.

   

ESP Authentication

Select the type of authentication algorithm with ESP.

   

IP Compression

Select to use IP compression with LZS algorithm. This cannot be selected alone.

   

Transport

Select the mode of transport.


Web User Task

You can use the Web User configuration task to configure the web user for NAM devices. This is a system-defined task. For more details, see Table 9-3.You can enter the details of this task in the Web User Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).. The fields in the in the Web User Configuration dialog box are:

Group
Sub-group
Field
Description

NAM Parameters

Web User

Action

Select an option to add, remove, or make no change to the web user group of fields.

   

Username

Enter the username of the web user.

   

Password

Enter the password for the username.

   

Verify

Re-enter the password to confirm.

 

Privileges

Account Management

Select the required option to enable, disable or make no change to account management.

   

System Config

Select the required option to enable, disable or make no change to system configuration.

   

Capture

Select the required option to enable, disable or make no change to the capture configuration.

   

Alarm Config

Select the required option to enable, disable or make no change to alarm configuration.

   

Collection Config

Select the required option to enable, disable or make no change to the collection configuration.


Click Applicable Devices to view the devices to which this task applies.

Use-defined Protocol Task

You can use the User-defined Protocol task to configure the user-defined protocol on NAM devices. This is a system-defined task.

For more details, see Table 9-3.

You can enter the details of this task in the User-defined Protocol Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the in the User-defined Protocol Configuration dialog box are:

Group
Sub-group
Field
Description

NAM Parameters

User Defined Protocol

Action

Select an option to add, remove or replace the user-defined protocol.

   

Protocol

Select the protocol:

TCP

UDP

   

Port [0 - 65535]

Enter the port number. You can enter any port number in the range of 0—65535.

   

Name

Enter the name of the user-defined protocol.

 

Affected Stats

Host

Select this option to enable host—Examines a stream of packets; produces a table of all network addresses observed in those packets (also known as the collection data).

Each entry records the total number of packets and bytes sent and received by that host and the number of non-unicast packets sent by that host.

   

Conversations

Select this option to enable host conversations.

   

ART

Select this option to enable Application Response Time.


Click Applicable Devices to view the devices to which this task applies.

Cable BPI/BPI+ Task

You can use the Cable BPI/BPI+ Task to assign BPI/BPI+ options.

This task is applicable to the Cable device category. For more details, see Table 9-3.

You can enter the details of this task in the Cable BPI/BPI+ Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Cable BPI/BPI+ Configuration dialog box are:

Group
Sub-Group
Field
Description

BPI/BPI+

Interface Configuration

Cable Interface

Allows you to select an interface to modify the other fields. You must select at least one interface.

Select the cable interface that you want to change.

   

BPI

Select the appropriate option:

No Change—Does not change the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

 

Key Lifetime

Action

Select the appropriate option:

No ChangeDoes not modify this option.

ReplaceModifies this option to your specification.

Default—Resets this option to the system default.

   

KEK Lifetime [300 - 604800]

Replaces the time (in seconds) using your values or resets the time using the system default.

Enter time in seconds to reset the time using your values.

Enter a value from 300—604800 seconds and the default is 604800 seconds.

Click to check the button to reset the field to system default.

   

TEK Lifetime [180 - 604800]

Replaces the time (in seconds) using your values or resets the time using the system default.

Enter time in seconds to reset the time using your values.

The range is 180 - 604,800 seconds and default is 43,200 seconds.

Click to check the button to reset the field to system default.

 

BPI/BPI+ Options

Action

Select the required options:

No Change—Does not change the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

   

Mandatory

Select to force all modems to use BPI.

   

Authenticate Modem

Select to turn the BPI modem authentication on or off.

   

Authorize Multicast

Select to turn BPI Multicast option on or off.

   

OAEP Support

Select to enable or disable Optimal Asymmetric Encryption Padding (OAEP) BPI+ encryption.

   

DSX Support

Select to enable or disable encryption for dynamic services SIDs.

   

40 Bit Des

Select to indicate that you have chosen the 40 bit DES encryption.

The system default is 56 DES encryption. This is Cisco's recommended encryption.


Click Applicable Devices to see the devices in your selection, that are applicable for this task.

For more information, refer to the following:

http://www.cisco.com/warp/public/109/docsis_bpi.shtml

http://www.cisco.com/en/US/products/hw/cable/ps2211/prod_command_reference_list.html

Cable DHCP-GiAddr and Helper Task

You can use this task to configure the GiAddr field of DHCPDISCOVER and DHCPREQUEST packets with a relay IP address before they are forwarded to the DHCP server. You can apply this task only for a single Cable-CMTS device at a time.

This task is applicable to the Cable device category. For more details, see Table 9-3.

You can enter the details of this task in the Cable DHCP-GiAddr and Helper Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note At a time, you can apply this task only to a single device, because cable templates configure interfaces on devices.


The fields in the Cable DHCP-GiAddr and Helper Configuration dialog box are:

Group
Sub-Group
Field
Description

Config Setup

 

Cable Interface

Select a cable interface to make the configuration changes to the selected interface, from the drop-down list.

If there are no interfaces available, you will see the option No Interfaces Found in the drop-down list. You should make sure that the device is reachable and then select a valid interface.

   

Action

Select an option from the drop-down list.

The options are:

No Change—Does not change the current configuration.

Add/Modify—Adds a new GiAddr or Helper Address or both, or modifies an existing GiAddr or Helper Address or both.·

Remove—Removes the GiAddr or Helper Address or both.

     

Select an option to Add or Modify, from the drop-down list:

DHCP-Giaddr & Helper-Address—Enables you to set the DHCP GiAddr to Policy or Primary. You can also specify values for the fields in the Cable Helper Addresses group.

DHCP-Giaddr—Enables you to set the DHCP GiAddr to Policy or Primary.

Helper-Address—Enables you to specify values for the fields in the Cable Helper Addresses group.

 

Cable DHCP Giaddr

Policy

Primary

Allows you to set the DHCP GiAddr to Policy or Primary:

Policy—Selects the control policy, so the primary address is used for cable modems and secondary addresses are used for hosts.

Primary—Always selects the primary address for GiAddr field.

Enable this field by selecting Helper Address.

 

Cable Helper Addresses

Helper Address

Allows you to enter the Helper Address to Cable Modem, Host or Host & Cable Modem.

   

Cable-Modem

Host

Host & Cable-Modem

Cable-Modem—Specifies that only Cable Modem UDP broadcasts are forwarded.

Host—Specifies that only host UDP broadcasts are forwarded.

Host & Cable Modem—Specifies that both host and cable modem broadcasts are forwarded.

Enable this field by selecting Action as DHCP GiAddr & Helper Address or by selecting Action as Helper Address.


Click Applicable Devices to view the devices to which this task applies.

Cable Downstream Task

You can use this task to configure the Annex, Channel-ID, Frequency, Modulation, Interleave depth, and Set rate limit of downstream cable interface. You can also configure the Radio Frequency (RF) output of a downstream cable interface on a Cisco uBR7100 router.

This task is applicable only to Cable devices.

For more details, see Table 9-3.

You can enter the details of this task in the Downstream Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note You can apply this task to only a single Cable-CMTS device at a time.


The fields in the Downstream Configuration dialog box are:

Group
Sub-Group
Field
Description

Cable Parameters

 

Cable Interface

Select the required option from the drop-down list. Select a cable interface to make the required configuration changes. If you do not want to select any cable interface, choose the Not Selected option.

Activate/

Configure

Shutdown

Action

Allows you to shutdown or activate the selected interface.

The options are:

No Change—Does not allow modification of any fields in this sub-group of fields.

Shutdown—Deactivates the DS port.

No Shutdown—Activates the DS port.

 

Interleave Depth

Interleave Depth

Allows you to select the interleave depth of a channel between 8 - 128. The default is 32.

Specify the interleave depth by selecting the appropriate option from the drop-down list.

   

Remove

Select to remove the interleave depth configuration.

 

Framing Format

MPEG Framing Format

Select the MPEG framing format from the drop-down list. The options are:

No Change—Does not allow modification of any fields in this sub-group of fields.

Annex A—For Cisco uBR-MC16E cable interface card and Cisco uBR7111E and Cisco uBR7114E Universal Broadband Routers.

Annex B—For all other Cisco cable interface cards.

   

Remove

Select to remove a previously-specified MPEG framing format configuration.

 

Modulation

Modulation

Sets the modulation for a downstream port on a cable interface.

Select the required option. The options are:

No Change—Does not allow modification of any fields in this sub-group of fields.

64 qam

256 qam

   

Remove

Select to remove a previously-specified modulation configuration.

 

Channel

Channel ID (0-255):

Channel-ID can be from 0-255. Specify the channel-ID.

   

Remove

Select to remove the Channel ID.

 

Frequency

Frequency (54-858 MHz)

Frequency range can be from
54MHz -1,000MHz. Enter the frequency.

   

Remove

Select to remove a previously-specified frequency range.

Traffic Shaping

 

Rate Limit

Select the required option from the drop-down list. The options are:

No Change—Does not allow modification of any fields in this group of fields.

Enable—Enables this option.

Disable—Disables this option.

   

Rate Limit Algorithm (Optional):

None—Does not modify the rest of the fields.

Token-bucket with DS Traffic Shaping—Modifies the Token Bucket Algorithm option.

Token-bucket without DS Traffic Shaping—Modifies the Token Bucket without DS Traffic Shaping Algorithm option

Weighted-discard—Modifies the Weighted Discard option.

 

Token Bucket (Optional)

Granularity in Milli seconds (Optional):

Specifies traffic shaping granularity in milliseconds.

This field is enabled only if you have selected the Rate Limit Algorithm as Token-bucket with DS Traffice Shaping.

Select the required value from the drop-down list. You can choose a value between 1—16 msec.

   

Max Delay in Milli seconds (Optional):

Sets the maximum buffering delay in milliseconds.

This field is enabled only if you have selected the Rate Limit Algorithm as Token-bucket with DS Traffice Shaping.

Select the required value from the drop-down list. You can choose a value between 128 to 1024.

 

Weighted Discard (1-4) (Optional)

Weight for the exponential moving average of loss rate

Sets the weighted discard algorithm.

This field is enabled only if you have selected the Rate Limit Algorithm as Weighted Discard.

Enter a weight between 1 - 4.


Click Available Devices to view the list of devices from your selection, to which this task applies.

Cable Upstream Task

Use this task to configure the frequency, minislot size, power level and admission control on upstream cable interfaces. You can apply this task only for a single Cable-CMTS device at a time.

This task is applicable only to Cable devices.

For more details, see Table 9-3.

You can enter the details of this task in the Upstream Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note You can apply this task to only a single cable device at a time.


The fields in the Upstream Configuration dialog box are:

Group
Sub-Group
Field
Description

Config Setup

 

Cable Interface

Allows you to select cable interfaces for configuration.

Select the cable interfaces from the drop-down list.

 

Activate/
Deactivate US Port

Activate/Deactivate

Select one of these options from the drop-down list.

The options are:

No Change—Does not change the existing configuration.

Shutdown—Deactivates this port.

No Shutdown—Activates this port.

Frequency

 

Value [5-42 MHz]

Enter the required frequency value in the range 5—42 MHz.

The range for the frequency is:

5—65 MHz for Cisco uBR-MC16E cable interface line card

5—42 MHz for all other cable interface line cards.

   

Set to Default

Select this option to set the default frequency. A negation command is generated to remove the frequency value and set the default.

This is because the default frequency value is dynamic and varies from device to device.

Power Configuration

Power Level

Value [-10-+25 dBmV]:

Enter the power level.

The valid range for the power level is between -10dBmV—+25dBmV.

   

Set to Default

Select this option to set the default power level. The default is 0dBmV.

 

Power Adjustment

Continue [2-15 dB]

Enter the power adjustment value.

The valid range for power adjust value between 2dB—15dB.

   

Set to Default

Select this option to set the default power adjustment value. The default is 2dB.

   

Noise

Enter the power adjust noise level.

The valid range for the power adjustment noise value between 10 - 100%.

   

Set to Default

Select this option to set the default noise value. The default is 30%.

   

Threshold [0-10 dB]

Enter the power adjustment threshold value.

The valid range for the power adjustment threshold value between 1dB - 10dB.

   

Set to Default

Select this option to set the default power adjustment threshold value. The default is 1dB.

Admission Control

 

Value [0 - 1000%]

Indicates the maximum cumulative bandwidth reservation allowed before new CMs are rejected.

The valid range is between 10%—1000%.

   

Set to Default

Select this option to set the default admission control value. The default value is 100%.

Minislot Size

 

Size

Select the required options. The options are:

No Change

2

4

8

16

32

64

128

[default]

Select No Change to make no changes in this field.

Channel Width(Hz)

 

Size

Select the required channel width option. The options are:

No Change—Does not modify the existing configuration.

200000

400000

800000

1600000 (default)

3200000

Select No Change to make no changes in this field.

Concatenation

 

Concatenation

Select one of these options:

No Change—Does not modify the existing configuration

Enable—Enables this option.

Disable—Disables this option.

FEC

 

FEC

Select one of the following options for Enable Forward Error Correction (FEC):

No Change - Does not modify the existing configuration.

Enable - Enables this option.

Disable - Disables this option.

Fragmentation

 

Fragmentation

Select the required fragmentation option. The options are:

No Change—Does not modify the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

Rate Limit

 

Rate Limit

Select the required rate limit option. The options are:

No Change—Does not modify the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

   

Apply Token Bucket Algorithm

Click the check box to apply this option.

   

Enable Traffic Shaping

Click the check box to apply this option.

Data Backoff

 

Data Backoff

Select the required data backoff option. The options are:

No Change—Does not modify the existing configuration.

Enable—Enables this option.

Disable—Disables this option.

If you choose Enable, you can perform data back off automatically, or manually by entering the start and end values.

   

Automatic

Choose this to apply a default value for data automatically.

   

Start Value [0-15]

Enter the start value.

The valid range for the start value is 0—15. there is no default value.

   

End Value [0-15]

Enter the end value.

The valid range for the end value is 0—15. there is no default value.

Range Backoff

 

Range Backoff

Select one of these options:

No Change—Does not modify the existing configuration.

Enable—Allows you to perform data back off automatically, or manually by entering the start and end values.

Disable—Disables this option.

   

Automatic

Select this, to apply a range back-off value automatically.

   

Start Value (0-15)

Enter the start value.

The valid range for the start value is 0-15. There is no default value.

   

End Value (0-15)

Enter the end value.

The valid range for the start value is 0-15. There is no default value.


Click Available Devices to view the list of devices from your selection, to which this task applies

Cable Interface Bundling Task

You can use this task to configure the interface bundling. You can apply this task only to a single Cable-CMTS device at a time.

This task is applicable to the Cable device category. For more details, see Table 9-3.

You can enter the details of this task in husbanded Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).


Note At a time, you can apply this task only to a single device, because cable templates configure interfaces on devices.


The fields in the Bundle Configuration dialog box are:

Group
Field
Description

Cable Parameters

Action

Select one of these options:

No Change—Does not modify the existing parameters.

Add—Enables you to configure a interface as a master interface or a slave interface.

Remove—Enables you to change the previous configuration of the interface (master to slave or vice versa).

Choose the option from the drop down list.

 

Bundle ID (1-255)

Indicates the bundle identifier.

Enter a bundle ID between 1 - 255.

 

Master Interface

Allows you to configure the primary interfaces.

Select the cable interface from the list of primary interfaces.

Select Not Selected if you do not want to select a primary interface.

 

Slave Interface

Allows you to configure the secondary interfaces.

Select the cable interface from the list of secondary interfaces.

Select Not Selected if you do not want to select a secondary interface.


Click Applicable Devices to view the devices to which this task applies.

Cable Spectrum Management Task

You can use this task to create and assign spectrum groups to cable interfaces and upstream interfaces.

This task supports cable devices.

For more details, see Table 9-3.

You can enter the details of this task in the Cable Spectrum Management Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Cable Spectrum Management Configuration dialog box are:

Group
Sub-Group
Field
Description

Spectrum Management

Spectrum Group

Action

Select one of these options:

No Change—Does not allow you to make any changes in the Spectrum group of fields.

Add—Allows you to add options.

Remove—Allows you to remove options.

   

Spectrum Group ID [1 - 32]

Enter the Spectrum Group ID. The range for Spectrum Group ID is between 1—32.

   

Frequency Setting

Select one of these frequency settings:

Band—Enter a range of frequencies.

Fix—Enter a fixed frequency.

   

Start Frequency [5 - 42 MHz]

Enter the start frequency.

The range of frequencies is:

5MHz—65MHz for Cisco

uBR-MC16E cable interface card

5MHz—42MHz for all other cable interface cards

   

End Frequency [5 - 42 MHz]

Enter the end frequency.

The range of frequencies is: 5MHz—65MHz for Cisco

uBR-MC16E cable interface card

5MHz—42MHz for all other cable interface cards.

This field is enabled only if you choose Fix as the value in the Frequency Setting filed, in the Spectrum Group.

 

Optional Configuration

Power Level [-10 - 25 dBmV]

Enter the Power Level.

The valid power levels are between -10dBmV - +25dBmV. The default is 0dBmV.

   

Hop Period [5 - 300 Sec]

Enter the Hop period.

The valid range for a Hop Period (in seconds) is between 1-3600. The default for Advanced Spectrum Management is 25 seconds. For all others, the default is 300 seconds.

This field is enabled only if you choose Add as the value in the Action field, in the Spectrum Group.

   

Hop Threshold [0 - 100%]

Enter the Hop Threshold.

The valid range for Hop Threshold is between 1 - 100%. The default is 20%.

This field is enabled only if you select Add as the value in the Action field, in the Spectrum Group.

   

Shared RF Spectrum Group Configuration

Indicates the upstream ports in a spectrum group can share the same upstream frequency.

 

Schedule

Schedule

Select one of these options from the drop down list:

No Change—Does not allow you to enter the scheduling information.

Add—Allows you to add a scheduled task.

Delete—Allows you to delete a scheduled task.

   

Schedule Day

Select the schedule day from the drop-down list.

   

Schedule Time (hh:mm:ss)

Enter the schedule time in the hh:mm:ss format.

 

Interface Assignment

Action

Select one of these option from the drop-down list:

No Change—Does not allow changes to the existing assignment.

Assign—Allows you to assign an interface.

Unassign—Allows you to unassign an interface.

   

Cable Interface

Select a cable interface from the drop-down list.

   

Spectrum ID [1 - 32]:

Enter the Spectrum ID. The range for Spectrum ID is between 1—32.

This field is disabled if you chose Unassign as the value in the Action field, in the Interface Assignment sub-group.


Click Applicable Devices to view the devices to which this task applies.

Cable Trap Source Task

You can use this task to configure SNMP Traps hosts, notification, message and notification of SNMP Traps on a cable interface.

This task supports cable devices.

For more details, see Table 9-3.

You can enter the details of this task in the Trap Source Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Trap Source Configuration dialog box are:

Group
Sub-Group
Field
Description

Trap Source Configuration

Trap Source Interface

Action

Select the required option to add, remove or make no change to a Trap Source interface.

   

Trap Source Interface

Select the required trap source interface from the drop-down list.

 

CM On/Off Trap Interval

Cable Interface

Select the cable interface on which to specify the trap interval.

   

Interval [0 - 86400]

Specify a value for the trap interval in the range 0—86400 seconds.

   

Set to Default

Select this to set the trap interval to the default value of 600 seconds.


Click Applicable Devices to view the devices to which this task applies.

cwcli netconfig

This command is described in the cwcli framework chapter. For details see the topic Running the cwcli netconfig Command in the section CLI Utilities.

Use Case: Using NetConfig Templates to change configurations for many devices

Case

As a Network Administrator, you would want to change configuration for a set of devices in few simple steps.

Solution

You can use NetConfig to change the configurations of many devices in one step. You can select the devices and the corresponding system-defined or user-defined tasks and schedule a NetConfig job.

Let us say, you want to change the Local Username and Telnet password for few devices. To perform this:


Step 1 Go to RME > Config Mgmt > NetConfig

The Devices And Tasks dialog box appears.

Step 2 Select the required devices from the Device Selector.

Step 3 Select the Local Username and Telnet Password tasks from the Task Selector.

NetConfig Tasks are also referred to as NetConfig templates.

Step 4 Click Next.

From your selection, only the tasks that are applicable to at least one device that you have selected, appear here. If the task that you have selected does not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane.

Step 5 Select a task and click Add to create an instance for the task.

Figure 9-1 displays the Local Username Configuration dialog box.

Figure 9-2 displays the Telnet Password Configuration dialog box.

Figure 9-3 displays the Applicable tasks and Added Instances.

Step 6 After creating the instances, select the Local Username_1 instance and click View CLI button to view the CLI commands that will be deployed onto the devices as well as the applicable and non applicable devices.

Alternatively, you can click Edit to edit the selected instance or click Delete to delete an instance. You can only delete one instance at a time.

Figure 9-1 Local Username Configuration

Figure 9-2 Telnet Password Configuration

Figure 9-3 Add Task

Step 7 Click Next.

The Job Schedule and Options page appears.

For more information on how to schedule a NetConfig job, see Starting a New NetConfig Job.

Step 8 Provide the required information in the Job Schedule and Options dialog box and click Finish.

The Job Work Order screen appears.

Step 9 Click Finish.

A notification indicating the successfull creation of a job appears.

Example

Job 1007 was created successfully.

The NetConfig job will be executed at the scheduled date and time. The Local Username Configuration and Telnet Password Configuration changes effected will be deployed on the selected applicable devices.

To know the status of the job scheduled, go to RME > Config Mgmt > NetConfig > NetConfig Jobs.