Catalyst 6500 Series Switch and Cisco 7600 Series Router Network Analysis Module Installation and Configuration Note, 4.2
Administering the Network Analysis Module
Downloads: This chapterpdf (PDF - 573.0KB) The complete bookPDF (PDF - 2.13MB) | Feedback

Administering the Network Analysis Module

Table Of Contents

Administering the Network Analysis Module

Cisco IOS Software

Logging In to the NAM with Cisco IOS Software

Changing the NAM CLI Passwords with Cisco IOS Software

Resetting the NAM with Cisco IOS Software

Upgrading the NAM Software with Cisco IOS Software

Upgrading the NAM Application Software with Cisco IOS Software

Upgrading the NAM Maintenance Software with Cisco IOS Software

Configuring Mini-RMON with Cisco IOS Software

Catalyst Operating System Software

Logging in to the NAM with Catalyst Operating System Software

Changing the NAM CLI Passwords with Catalyst Operating System Software

Resetting the NAM with Catalyst Operating System Software

Upgrading the NAM Software with Catalyst Operating System Software

Upgrading the NAM Application Software with Catalyst Operating System Software

Upgrading the NAM Maintenance Software with Catalyst Operating System Software

Configuring a Mini-RMON with Catalyst Operating System Software

Operating-System-Independent NAM Administration

Adding NAM Patch Software

Additional NAM Software Administrative Commands


Administering the Network Analysis Module


How you administer the NAM on your Catalyst 6500 series switch or Cisco 7600 series router depends on whether you are using the Cisco IOS software or the Catalyst operating system software. Several NAM administration tasks are common to either operating system.

These sections describe how to administer the NAM from the CLI for each operating system:

Cisco IOS Software

Catalyst Operating System Software

When you complete administering the software-dependent attributes for the NAM, you can configure the software-independent NAM attributes. For more information, see the "Operating-System-Independent NAM Administration" procedure.

Cisco IOS Software

You can perform these various administrative tasks on the NAM with Cisco IOS software:

Logging In to the NAM with Cisco IOS Software

Changing the NAM CLI Passwords with Cisco IOS Software

Resetting the NAM with Cisco IOS Software

Upgrading the NAM Software with Cisco IOS Software

Configuring Mini-RMON with Cisco IOS Software

Logging In to the NAM with Cisco IOS Software

The NAM has two user levels with different access privileges:

Guest—Read-only CLI access (default password is guest)

Root—Full read-write access (default password is cisco)


Note The root account uses the # prompt; the guest account uses the > prompt. The default root and guest passwords for the maintenance image is cisco if the NAM is the WS-SVC-NAM-1, WS-VC-AM-1-250S, WS-SVC-NAM-2, or WS-SC-NAM-2-250S module.


Table 4-1 shows the user levels and passwords for the NAM.

Table 4-1 NAM Users and Passwords

Module
Application Image
(located on the hard disk)
Maintenance Image
(located on the compact flash)

WS-SVC-NAM-1 WS-SVC-NAM-1-250S WS-SVC-NAM-2
WS-SVC-NAM-2-250S

User
Password
User
Password

root

root

root

cisco

guest

guest

guest

cisco



Note The guest account in the NAM maintenance image has all read and all write privileges.


When you boot into either the application image or the maintenance image and set up IP information, that information is synchronized between the images. If you change passwords, that information is not synchronized between the images and is not reflected on the unchanged image.

To allow remote Telnet sessions, use the exsession on command. SSH can also be used to log into the NAM. You must install the crypto patch to use this feature. To enable SSH on the NAM, use the exsession on ssh command.

To log in to the NAM, follow these steps:


Step 1 Log in to the switch using the Telnet connection or the console port connection.

Step 2 At the CLI prompt, establish a console session with the NAM using the session slot slot_number processor 1 command, as follows:

Router# session slot 8 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.81 ... Open

Cisco Network Analysis Module (WS-SVC-NAM-1)

Step 3 At the NAM login prompt, type root to log in as the root user or guest to log in as a guest user.

login: root

Step 4 At the password prompt, enter the password for the account. The default password for the root account is "root" and the default password for the guest account is "guest."

Password: 

After a successful login, the command line prompt appears as follows:

Network Analysis Module (WS-SVC-NAM-1) Console, 4.2
Copyright (c) 1999-2010 by cisco Systems, Inc.

WARNING! Default password has not been changed!

root@localhost# 


Changing the NAM CLI Passwords with Cisco IOS Software

If you have not changed the password from the factory-set default, a warning message displays when you log in to the NAM.

You can use the web application on the local database. If the administrator is unknown, you can use the CLI to remove the local web users from the web user database with the rmwebusers command.


Note New passwords must be at least six characters in length and may include uppercase and lowercase letters, numbers, and punctuation marks.



Note For the WS-SVC-NAM-1 and WS-SVC-NAM-2 module, if the NAM maintenance image passwords are lost for the root or guest account, the maintenance image must be upgraded. After the upgrade, the passwords are set to the default. See Table 4-1 or Table 4-4.


To change the password, follow these steps while you are logged in to the root account on the NAM:


Step 1 Enter this command as follows:

root@localhost# password username

To change the root password, make a Telnet connection to the NAM and then use the password root command.

To change the guest password, make a Telnet connection to the NAM and then use the password guest command.

Step 2 Enter the new password as follows:

Changing password for user root
New UNIX password:

Step 3 Enter the new password again as follows:

Retype new UNIX password:
passwd: all authentication tokens updated successfully


This example shows how to set the password for the root account:

root@localhost# password root
Changing password for user root
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

If you forget or lose the password, you can enter the clear module pc-module module-number password command from the switch CLI to restore the password for the root account to root and the guest account to guest on the application image.

Resetting the NAM with Cisco IOS Software

If you cannot reach the NAM through the CLI or an external Telnet session, enter the hw-module module module_number reset command to reset and reboot the NAM. The reset process requires several minutes.

When the NAM initially boots, by default it runs a partial memory test. To perform a full memory test, use the mem-test-full keyword in the hw-module module module_number reset device:partition mem-test-full command. This command is specific to Cisco IOS software and is not available in Catalyst operating system software.

For information on Catalyst operating system software, see the "Resetting the NAM with Catalyst Operating System Software" section.

When you next reset the NAM, the full memory test runs. A full memory test takes more time to complete than a partial memory test.

You can also use the hw-module module module_number mem-test-full command to run a memory test. This example shows a full memory test for module 5:

Router(config)# hw-module module 5 boot-device mem-test-full

To reset the module and boot the NAM in the application image, use the hw-module module slot reset hdd:1 [mem-test-full] command from the Cisco IOS CLI prompt.

To reset the module and boot the NAM in the maintenance image, use the hw-module module slot reset cf:1 [mem-test-full] command from the Cisco IOS CLI prompt.

This example shows how to reset the NAM that is installed in slot 9 from the CLI:

Router# hw-module mod 9 reset cf:1 memtest-full

Proceed with reload of module? [confirm] y
% reset issued for module 9

To enable a full memory test, use the set boot device bootseq mod# mem-test-full command. This example shows how to do a full memory test:

Console (enable) set boot device cf:1 4 mem-test-full 
Device BOOT variable = cf:1 
Memory-test set to FULL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to FULL 

When you next reset the NAM, the full memory test runs.

This example shows how to reset the partial memory test:

Console> (enable) set boot device cf:1 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL

Upgrading the NAM Software with Cisco IOS Software

You can upgrade both the application software and the maintenance software. To upgrade the application software, see the "Upgrading the NAM Application Software with Cisco IOS Software" section. To upgrade the maintenance software, see the "Upgrading the NAM Maintenance Software with Cisco IOS Software" section.

The NAM application and maintenance images are not interchangeable.

Table 4-2 lists the NAM image prefixes.

Table 4-2 NAM Image Prefixes

Module
Application Image
Maintenance Image

WS-SVC-NAM-1

nam-app

c6svc-nam-maint

WS-SVC-NAM-2

WS-SVC-NAM-1-250S

WS-SVC-NAM-2-250S


Upgrading the NAM Application Software with Cisco IOS Software

To upgrade the NAM application software, follow these steps:


Step 1 Copy the NAM application software image to a directory accessible to FTP.

Step 2 Log in to the switch through the console port or through a Telnet session.

Step 3 If the NAM is running in the maintenance image, go to Step 4. If the NAM is not running in the maintenance image, enter this command in privileged mode:

Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:03:31:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:03:31:SP:The PC in slot 9 is shutting down. Please wait ...
00:03:41:%SNMP-5-COLDSTART:SNMP agent on host R1 is undergoing a cold
start
00:03:46:SP:PC shutdown completed for module 9
00:03:46:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:03:49:SP:Resetting module 9 ...
00:03:49:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:05:53:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:05:53:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:05:53:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 

Step 4 After the NAM is back online, establish a console session with the NAM and log in to the root account.

Router# session slot 9 proc 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.91 ... Open
Cisco Network Analysis Module (WS-SVC-NAM-1)
Maintenance Partition

login:root
Password:
Network Analysis Module (WS-SVC-NAM-1) Console, 4.2
Copyright (c) 1999-2010 by cisco Systems, Inc.

Step 5 Upgrade the NAM application software as follows:

root@localhost# upgrade ftp-url 

where ftp-url is the FTP location and name of the NAM software image file

or

root@localhost# upgrade ftp-url --install


Note The --install keyword clears and recreates all of the NAM partitions; this action is similar to restoring the factory-default state. If you use the --install keyword, the previously stored reports and data (if any) will be lost.



Note If the FTP server does not allow anonymous users, use this syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.


Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the NAM.

Step 8 Reset the NAM as follows:

Router# hw-module mod 9 reset hdd:1 
Device BOOT variable for reset =
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:26:55:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:26:55:SP:The PC in slot 8 is shutting down. Please wait ...

Note For optimal performance on the NAM, you must use an additional one-time reboot immediately after booting to the application partition after you upgrade the NAM software.


Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account as follows:

root@localhost# show ip
root@localhost# show snmp
root@localhost# show version


This example shows how to upgrade the NAM application software:

root@localhost# hw-module module 7 reset cf:1
Device BOOT variable for reset = <cf:1>
Warning: Device list is not verified.
 
Proceed with reload of module?[confirm]
% reset issued for module 7
root@localhost# show mod
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  2    8  Network Analysis Module                WS-SVC-NAM-2       SAD060301SS
  3    8  Network Analysis Module                WS-SVC-NAM-2       SAD060301SR
  5    2  Supervisor Engine 720 (Active)         WS-SUP720-BASE     SAD0813071R
  7    8  Network Analysis Module (MP)           WS-SVC-NAM-2       SAD065002TK
  8    0  2 port adapter Enhanced FlexWAN        WS-X6582-2PA       JAB093000QE
  9   48  48 port 10/100 mb RJ-45 ethernet       WS-X6248-RJ-45     SAD03462861
 
Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  2  0003.feab.1180 to 0003.feab.1187   3.0   7.2(1)       4.2 Ok
  3  00e0.b0ff.33f8 to 00e0.b0ff.33ff   0.101 Unknown      Unknown      PwrDown
  5  000d.2910.3f68 to 000d.2910.3f6b   3.1   7.7(1)       12.2(18)SXE2 Ok
  7  0005.9a3b.9d10 to 0005.9a3b.9d17   1.0   7.2(1)       2.1(2)m      Ok
  8  0013.800f.be10 to 0013.800f.be4f   2.0   12.2(18)SXE2 12.2(18)SXE2 Ok
  9  0030.962c.6750 to 0030.962c.677f   1.1   4.2(0.24)VAI 8.5(0.46)ROC Ok
 
Mod Sub-Module                  Model              Serial        Hw     Status
--- --------------------------- ------------------ ------------ ------- -------
  5 Policy Feature Card 3       WS-F6K-PFC3A       SAD081302ST   2.2    Ok
  5 MSFC3 Daughterboard         WS-SUP720          SAD081305DT   2.2    Ok
 
Mod Online Diag Status
--- -------------------
  2 Pass
  3 Unknown
  5 Pass
  7 Pass
  8 Pass
  9 Pass

root@localhost# session slot 7 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.71 ... Open
 
Cisco Maintenance image
 
login: root
Password:
 
Maintenance image version: 2.1(2)
 
root@localhost# upgrade ftp://user@pc1//home/userdir/nam-app.4-2-1-23-Eng.bin.gz
Downloading the image. This may take several minutes...
Password for pc1:
ftp://pc1//home/user/nam-app.4-2-1-Eng.bin.gz (74629K)
/tmp/upgrade.gz           [########################]   74629K | 10586.05K/s
76421024 bytes transferred in 7.05 sec (10585.89k/sec)
 
Upgrade file ftp://pc1//home/user/nam-app.4-2-1-Eng.bin.gz is downloaded.
Upgrading will wipe out the contents on the storage media.
Do you want to proceed installing it [y|N]: y
 
Proceeding with upgrade. Please do not interrupt.
If the upgrade is interrupted or fails, boot into
Maintenance image again and restart upgrade.
 
Creating NAM application image file...
 
Initializing the application image partition.
This process may take several minutes...
 
Applying the image, this process may take several minutes...
 
Performing post install, please wait...
Application image upgrade complete. You can boot the image now.
root@localhost# exit
logout
 
[Connection to 127.0.0.71 closed by foreign host]
root@localhost# hw-module module 7 reset hdd:1
Device BOOT variable for reset = <hdd:1>
Warning: Device list is not verified.
 
Proceed with reload of module?[confirm]
% reset issued for module 7
root@localhost#

Upgrading the NAM Maintenance Software with Cisco IOS Software

To upgrade the NAM maintenance software, follow these steps:


Step 1 Copy the NAM maintenance software image to a directory accessible to FTP.

Step 2 Log in to the switch through the console port or through a Telnet session.

Step 3 If the NAM is running in the application image, go to Step 5. If the NAM is not running in the application image, enter this command in the privileged mode:

Router# hw-module module 9 reset hdd:1
Device BOOT variable for reset = hdd:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:31:11:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:31:11:SP:The PC in slot 9 is shutting down. Please wait ...
00:31:25:SP:PC shutdown completed for module 9
00:31:25:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:31:28:SP:Resetting module 9 ...
00:31:28:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:33:26:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:33:26:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:33:26:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online

Step 4 After the NAM is back online, establish a console session with the NAM and log in to the root account.

Step 5 Upgrade the NAM maintenance software as follows:

root@localhost# upgrade ftp-url 

where ftp-url is the FTP location and name of the NAM software image file.


Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.


Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the NAM.

Step 8 Boot into the maintenance image with this command to reset the NAM maintenance software:

Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9

Router# 
00:16:06:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:16:06:SP:The PC in slot 9 is shutting down. Please wait ...
00:16:21:SP:PC shutdown completed for module 9
00:16:21:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:16:24:SP:Resetting module 9 ...
00:16:24:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:18:21:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:18:21:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:18:21:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 

Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account as follows:

root@localhost# show ip

Step 10 (Optional) Reboot into the application image as follows:

Router# hw-module module 9 reset


This example shows how to upgrade the NAM maintenance software:

Router# 
Router# hw-module module 9 reset hdd:1
Device BOOT variable for reset = hdd:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:31:11:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:31:11:SP:The PC in slot 9 is shutting down. Please wait ...
00:31:25:SP:PC shutdown completed for module 9
00:31:25:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:31:28:SP:Resetting module 9 ...
00:31:28:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:33:26:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:33:26:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:33:26:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 

Router# session slot 9 proc 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.91 ... Open

Cisco Network Analysis Module (WS-SVC-NAM-2)

login:root
Password:

Cisco Network Analysis Module (WS-SVC-NAM-2) Console,  4.2
Copyright (c) 2010 by cisco Systems, Inc.

WARNING! Default password has not been changed!
root@localhost.cisco.com#

root@localhost.cisco.com# upgrade ftp://host/pub/rmon/mp.1-1-0-1.bin.gz

Downloading image...
ftp://host/pub/rmon/mp.1-1-0-1.bin.gz (11065K)
-                         [########################]   11065K |  837.65K/s
11331153 bytes transferred in 13.21 sec (837.64k/sec)

Uncompressing the image...

Verifying the image...

Applying the Maintenance image.
This may take several minutes...

Upgrade of Maintenance image completed successfully.
root@hostname.cisco.com# exit

Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
02:27:19:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
02:27:19:SP:The PC in slot 9 is shutting down. Please wait ...
02:27:36:SP:PC shutdown completed for module 9
02:27:36:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
02:27:39:SP:Resetting module 9 ...
02:27:39:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
02:29:37:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
02:29:37:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
02:29:37:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 

Configuring Mini-RMON with Cisco IOS Software

With Cisco IOS software, you must explicitly enable mini-RMON for each interface. To configure mini-RMON for each interface, enter the rmon collection stats collection-control-index owner owner-string. You must enter the collection-control-index and owner-string command values. You can also enable mini-RMON with the NAM Traffic Analyzer application using the Setup tab.


Note The NAM only displays mini-RMON collections that are configured with an owner string of monitor.


This example shows how to configure mini-RMON on Fast Ethernet module 4, port 1 using control index 3000 and an owner string of monitor:

Router#  config term
Router(config)# interface fast4/1
router(config-if)# rmon collection stats 3000 owner "monitor"
router(config-if)# end

Catalyst Operating System Software

You can perform these administrative tasks on the NAM using the Catalyst operating system software:

Logging in to the NAM with Catalyst Operating System Software

Changing the NAM CLI Passwords with Catalyst Operating System Software

Resetting the NAM with Catalyst Operating System Software

Upgrading the NAM Software with Catalyst Operating System Software

Configuring a Mini-RMON with Catalyst Operating System Software

You can administer the NAM by using NAM Traffic Analyzer. See the User Guide for the Network Analysis Module NAM Traffic Analyzer, 4.2 for more information.

http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/4.2/user/guide/
nam42_ug.html

You can perform these administrative tasks on the NAM:

Add and remove NAM users and change passwords using either the CLI or NAM Traffic Analyzer.

Recover passwords as superuser (but not change the passwords).

Change local and remote (TACACS+ server) users and passwords by using NAM Traffic Analyzer. See the NAM Traffic Analyzer application online help topic "User and System Administration" for information about user and password administration.

Table 4-3 describes the user administration tasks that you can perform using the CLI and NAM Traffic Analyzer.

Table 4-3 NAM User Administration 

User Interface
Add Users
Remove Users
Set Password
Recover Password

CLI

No

No

Use the password command.

Reset the CLI password to NAM default with CatOS command: clear module password slot

Traffic Analyzer

Add the first user with the CLI when starting the web server. Add all subsequent users through the web GUI for the local database or through TACACS+ if the TACACS+ server is used. Additionally, you can create web users with the CLI web-user command.

Use the no web-user command or NAM Traffic Analyzer to remove users.

   

Traffic Analyzer local database

Yes

Yes

Yes

Contact the NAM administrator to reset through the GUI.

From the NAM CLI, use the rmwebusers command.

Traffic Analyzer TACACS+

Yes

Yes

Yes

Use a TACACS+ server, or use the ip http tacacs+ disable command.


Logging in to the NAM with Catalyst Operating System Software

There are two levels of access on the NAM, each with different privileges:

Guest—Read-only CLI access (default password is guest)

Root—Full read-write access (default password is cisco)


Note The root account uses the # prompt; the guest account uses the > prompt. The default root and guest passwords for the maintenance image is cisco.


Table 4-4 shows the user levels and passwords for the NAM.

.

Table 4-4 NAM Users and Passwords 

Application Image (located on the hard disk)
Maintenance Image (located on the compact flash)
User
Password
User
Password

root

root

root

cisco

guest

guest

guest

cisco



Note The guest account in the NAM maintenance image has all read and all write privileges.


When you boot into either the application image or the maintenance image and set up IP information, that information is synchronized between the images. If you change passwords, that information is not synchronized between the images and is not reflected on the unchanged image.

To log into the NAM, follow these steps:


Step 1 Log into the switch using the Telnet connection or the console port connection.


Note To make remote Telnet sessions, use the exsession on command. SSH also can be used to log into the NAM. You must install the crypto patch to use this feature. To enable SSH on the NAM, use the exsession on ssh command.


Step 2 Establish a console session with the NAM at the CLI prompt, using the session command.

Console> (enable) session 4
Trying NAM-4...
Connected to NAM-4.
Escape character is '^]'.

Cisco Network Analysis Module (WS-SVC-NAM-1)

login:root
Password:

Step 3 To log into the NAM, type root to log in as the root user or guest to log in as a guest user at the login prompt.

login: root

Step 4 At the password prompt, enter the password for the account. The default password for the root account is root, and the default password for the guest account is guest.

Password: 

After a successful login, the command-line prompt appears as follows:

Network Analysis Module (WS-SVC-NAM-1) Console,  4.2
Copyright (c) 2010 by Cisco Systems, Inc.
WARNING! Default password has not been changed!

root@localhost# 


Changing the NAM CLI Passwords with Catalyst Operating System Software

You can use these methods to change and recover passwords:

Use a Telnet connection to the NAM and CLI.

You can configure, change, and recover root and guest passwords:

To change the password, use a Telnet connection to the NAM, and then use the password command to change the password.

To recover the password, use the Telnet connection to the supervisor engine, and then use the clear module password module command.

If you forget or lose the password, you can enter the clear module password command from the switch CLI to restore the password for the root account to root and the guest account to guest.

To restore the NAM password to the factory-set defaults, enter this command in privileged mode:

Console> (enable) clear module password module

Use NAM Traffic Analyzer on the local database.

You create the initial NAM Traffic Analyzer application user with the CLI. After starting NAM Traffic Analyzer, you can establish and edit additional user passwords. You use NAM Traffic Analyzer or the TACACS+ server to change passwords as follows:

As the NAM Traffic Analyzer application administrator, you can reset passwords.

If the administrator is unknown, you can use the CLI to remove the local web user database from the web database with the rmwebusers command.

Use the instructions in the TACACS+ server documentation.


Note If the NAM maintenance image passwords are lost for the root or guest account, the maintenance image must be upgraded. After the upgrade, the passwords are set to the default. See Table 4-1 or Table 4-4.


If you have not changed the password from the factory-set default password, a warning message appears when you log into the NAM.


Note New passwords must be at least six characters in length and may include uppercase and lowercase letters, numbers, and punctuation marks.


To change a password, follow these steps while logged into the NAM as root:


Step 1 Enter this command as follows:

root@localhost# password username 

To change the root password, make a Telnet connection to the NAM and then use the password root command.

To change the guest password, make a Telnet connection to the NAM and then use the password guest command.

Step 2 Enter the new password as follows:

Changing password for user root
New UNIX password:

Step 3 Enter the new password again as follows:

Retype new UNIX password:
passwd: all authentication tokens updated successfully


This example shows how to set the password for the root account:

root@localhost# password root
Changing password for user root
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

If you forget or lose the password, you can enter the clear module password command from the CLI to restore the password for the root account to root and the guest account to guest.

Resetting the NAM with Catalyst Operating System Software

If you cannot reach the NAM through the CLI or an external Telnet session, enter the reset mod_num boot_string command to reset and reboot the NAM. The reset process requires several minutes.

For Cisco IOS software, see the "Resetting the NAM with Cisco IOS Software" section.

To enable a full memory test, use the set boot device bootseq mod# mem-test-full command. This example shows how to do a full memory test:

Console (enable) set boot device cf:1 4 mem-test-full 
Device BOOT variable = cf:1 
Memory-test set to FULL 
Warning:Device list is not verified but still set in the boot string. 

Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to FULL 

When you next reset the NAM, the full memory test runs.

This example shows how to reset the partial memory test:

Console> (enable) set boot device cf:1 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 

To reset the module and boot the NAM in the application image, use the reset mod hdd:1 command from the Catalyst operating system CLI prompt.

The reset the module and boot the NAM in the maintenance image, use the reset mod cf:1 command from the Catalyst operating system CLI prompt.

This example shows how to reset the NAM that is installed in slot 9:

Router# reset 9 hdd:1

Proceed with reload of module? [confirm] y
% reset issued for module 9


Note For the boot device, you can specify hdd:1 for the application image or cf:1 for the maintenance image.


Router# 
00:26:55:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:26:55:SP:The PC in slot 8 is shutting down. Please wait ...

This example shows how to reset the module to the maintenance image from the enable mode:

Console> (enable) reset mod_num cf:1

This example shows how to reset the module to the NAM application image from the enable mode:

Console> (enable) reset mod_num 

This example shows how to reset the NAM that is installed in slot 4 from the CLI:

Console> (enable) reset 4
This command will reset module 4.
Unsaved configuration on module 4 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 4
SendShutDownMsg - proc_id (1):shut down PC success.
Module 4 shut down in progress, please don't remove module until shutdown completed.
Module 4 is online.

You can enable a full memory test when you use the set boot device bootseq mod# mem-test-full command. This option is disabled by default. This example shows how to do a full memory test:

Console (enable) set boot device cf:1 4 mem-test-full 
Device BOOT variable = cf:1 
Memory-test set to FULL 
Warning:Device list is not verified but still set in the boot string. 

Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to FULL 

When you next reset the NAM, the full memory test runs. A full memory test takes more time to complete than a partial memory test.

This example shows how to reset the partial memory test:

Console> (enable) set boot device cf:1 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 

Upgrading the NAM Software with Catalyst Operating System Software

You can upgrade both the application software and the maintenance software. To upgrade the application software, see the "Upgrading the NAM Application Software with Catalyst Operating System Software" section. To upgrade the maintenance software, see the "Upgrading the NAM Maintenance Software with Catalyst Operating System Software" section.

Upgrading the NAM Application Software with Catalyst Operating System Software

To upgrade the NAM application software, follow these steps:


Step 1 Copy the NAM application software image to a directory accessible to FTP.

Step 2 Log into the switch through the console port or through a Telnet session.

Step 3 If the NAM is already running in the maintenance image, go to Step 4. If the NAM is not running in the maintenance image, enter this command in privileged mode:

Console> (enable) reset mod cf:1 

Step 4 After the NAM is back online, establish a console session with the NAM and log into the root account.

Step 5 Upgrade the NAM application software by entering as follows:

root@localhost# upgrade ftp-url 

where ftp-url is the FTP location and name of the NAM software image file

or

root@localhost# upgrade ftp-url --install


Note The --install keyword clears and recreates all of the NAM partitions. This action is similar to restoring the factory-default state.



Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.


Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the maintenance image.

Step 8 Reset to the NAM application image as follows:

Console> (enable) reset mod

Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account as follows:

root@localhost# show ip
root@localhost# show snmp


This example shows how to upgrade the NAM application software:

Console> (enable) reset 3 cf:1
This command will reset module 3.
Unsaved configuration on module 3 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 3
2002 May 07 22:21:20 %SYS-5-MOD_RESET:Module 4 reset from Software
Console> (enable) 2002 May 07 22:24:41 %SYS-3-SUP_OSBOOTSTATUS:MP OS Boot Status
:finished booting

Router-sup2# session 3
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.31 ... Open

Cisco Maintenance image

login: root
Password: 

Maintenance image version: 2.1(0.7)

root@localhost# upgrade ftp://pc1/pub/rmon/nam-app.4-2-1.bin.gz
Downloading the image. This may take several minutes...
ftp://pc1/pub/rmon/nam-app.4-2-1.bin.gz (58699K)
/tmp/upgrade.gz           [########################]   58699K | 6499.18K/ss
60108348 bytes transferred in 9.03 sec (6499.05k/sec)

Upgrade file ftp://pc1/pub/rmon/nam-app.4-2-1.bin.gz is downloaded.
Upgrading will wipe out the contents on the storage media.
Do you want to proceed installing it [y|N]: y

Proceeding with upgrade. Please do not interrupt.
If the upgrade is interrupted or fails, boot into 
Maintenance image again and restart upgrade.

Creating NAM application image file...

Initializing the application image partition.
This process may take several minutes...

Applying the image, this process may take several minutes...

Performing post install, please wait...
Application image upgrade complete. You can boot the image now.
root@localhost#

Upgrading the NAM Maintenance Software with Catalyst Operating System Software

To upgrade the NAM maintenance software, follow these steps:


Step 1 Copy the NAM maintenance software image to a directory that is accessible to FTP.

Step 2 Log into the switch through the console port or through a Telnet session.

Step 3 If the NAM is running in the application image, go to Step 4. If the NAM is not running in the application image, enter this command in privileged mode:

Console> (enable) reset mod 

Step 4 After the NAM is back online, establish a console session with the NAM and log into the root account.

Step 5 Upgrade the NAM maintenance software as follows:

root@localhost# upgrade ftp-url 

where ftp-url is the FTP location and the name of the NAM software image file.


Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.


Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the NAM.

Step 8 Boot into the maintenance image to reset the NAM maintenance software as follows:

Console> (enable) reset mod cf:1

Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account as follows:

root@localhost# show ip
root@localhost# show snmp

Step 10 (Optional) Reboot into the application image as follows:

Console> (enable) reset mod


This example shows how to upgrade the NAM maintenance software:

Console> (enable) reset 4
This command will reset module 4.
Unsaved configuration on module 4 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 4
SendShutDownMsg - proc_id (1):shut down PC success.
Module 4 shut down in progress, please don't remove module until shutdown completed.
Console> (enable) 2002 May 07 23:19:03 %SYS-5-MOD_OK:Module 4 is online

Console> (enable) session 4
Trying NAM-4...
Connected to NAM-4.
Escape character is '^]'.

Cisco Network Analysis Module (WS-SVC-NAM-2)

login:root
Password:

Cisco Network Analysis Module (WS-SVC-NAM-2) Console,  3.(1b)
Copyright (c) 2010 by cisco Systems, Inc.

WARNING! Default password has not been changed!
root@localhost.cisco.com#
root@localhost.cisco.com# upgrade ftp://host/pub/rmon/mp.1-1-0-1.bin.gz

Downloading image...
ftp://host/pub/rmon/mp.1-1-0-1.bin.gz (11065K)
-                         [########################]   11065K |  837.65K/s
11331153 bytes transferred in 13.21 sec (837.64k/sec)

Uncompressing the image...

Verifying the image...

Applying the Maintenance image.
This may take several minutes...

Upgrade of Maintenance image completed successfully.

Configuring a Mini-RMON with Catalyst Operating System Software

With Catalyst operating system software, you can enable mini-RMON.

This example shows how to configure mini-RMON:

Console> (enable) set snmp rmon enable

Operating-System-Independent NAM Administration

The following section describes NAM administration that is not dependent on the switch operating system.

Adding NAM Patch Software

To install a patch on the NAM, follow these steps:


Step 1 Log into the switch through the console port or through a Telnet session.

Step 2 If the NAM is running in the application image, go to Step 4. If the NAM is in the maintenance image, enter this command in privileged mode:

For Cisco IOS software, enter as follows:

Console> (enable) hw-module module module_number reset

For Catalyst operating system software, enter as follows:

Console> (enable) reset mod hdd:1 

Step 3 After the NAM is back online, establish a console session with the NAM, and then log into the root account.

Step 4 Install the patch software to the NAM software as follows:

root@localhost# patch ftp-url 

where ftp-url is the FTP location and the name of the NAM patch software image file.


Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.


Step 5 Follow the screen prompts during the patch application process.

Step 6 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account as follows:

root@localhost# show ip
root@localhost# show patches


Note If you are running the NAM Traffic Analyzer web application, click on the About link in the GUI to display a list of installed patches. If nothing appears, no patches were installed.




This Catalyst operating system software example shows how to apply patch software:

Console> (enable) reset 3
This command will reset module 3.
Unsaved configuration on module 3 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 4
SendShutDownMsg - proc_id (1):shut down PC success.
Module 3 shut down in progress, please don't remove module until shutdown completed.
Console> (enable) 2010 Mar 07 23:19:03 %SYS-5-MOD_OK:Module 3 is online

Router-sup2# session slot 3 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.31 ... Open

Cisco Network Analysis Module (WS-SVC-NAM-1)

login: root
Password: 
Terminal type: vt100

Cisco Network Analysis Module (WS-SVC-NAM-1) Console, 4.2
Copyright (c) 1999-2010 by cisco Systems, Inc.

WARNING! Default password has not been changed!
root@localhost# patch 
ftp://guest@pc1/home/guest/patch_rpms/nam-app.4-2.cryptoK9.patch.1-0.bin

Proceeding with installation. Please do not interrupt.
If installation is interrupted, please try again.

Downloading nam-app.4-2.cryptoK9.patch.1-0.bin. Please wait...
Password for guest@pc1: 
ftp://guest@pc1/home/guest/patch_rpms/nam-app.4-2.cryptoK9.patch.1-0.bin (1K)
-                         [########################]       1K |  114.28K/s
1891 bytes transferred in 0.02 sec (112.09k/sec)

Verifying nam-app.4-2.cryptoK9.patch.1-0.bin. Please wait...
Patch nam-app.4-2.cryptoK9.patch.1-0.bin verified.

Applying /usr/local/nam/patch/workdir/nam-app.4-2.cryptoK9.patch.1-0.bin. Please wait...
########################################### [100%]
########################################### [100%]

Additional NAM Software Administrative Commands

See the Cisco Network Analysis Module Command Reference for information on NAM commands available through the NAM CLI.

http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/4.2/command/
reference/guide/nam42_cmdref.html