Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router NAM Installation and Configuration Note, 5.1
Administering the Network Analysis Module
Downloads: This chapterpdf (PDF - 211.0KB) The complete bookPDF (PDF - 1.36MB) | Feedback

Administering the Network Analysis Module

Table Of Contents

Administering the Network Analysis Module

Cisco IOS Software

Logging In to the NAM with Cisco IOS Software

Changing the NAM CLI Passwords with Cisco IOS Software

Resetting the NAM with Cisco IOS Software

Upgrading the NAM Software with Cisco IOS Software

Upgrading the NAM Application Software with Cisco IOS Software

Upgrading the NAM Maintenance Software with Cisco IOS Software

Operating-System-Independent NAM Administration

Adding NAM Patch Software

Additional NAM Software Administrative Commands


Administering the Network Analysis Module


How you administer the NAM on your Catalyst 6500 series switch or Cisco 7600 series router depends on the operating system software you are using.

These sections describe how to administer the NAM from the CLI for the Cisco IOS Software operating system.

When you complete administering the software-dependent attributes for the NAM, you can configure the software-independent NAM attributes. For more information, see the "Operating-System-Independent NAM Administration" procedure.

Cisco IOS Software

You can perform these various administrative tasks on the NAM with Cisco IOS software:

Logging In to the NAM with Cisco IOS Software

Changing the NAM CLI Passwords with Cisco IOS Software

Resetting the NAM with Cisco IOS Software

Upgrading the NAM Software with Cisco IOS Software

Logging In to the NAM with Cisco IOS Software

The NAM has two user levels with different access privileges:

Guest—Read-only CLI access (default password is guest)

Root—Full read-write access (default password is cisco)


Note The root account uses the # prompt; the guest account uses the > prompt. The default root and guest passwords for the maintenance image is cisco if the NAM is the WS-SVC-NAM-1, WS-VC-AM-1-250S, WS-SVC-NAM-2, or WS-SC-NAM-2-250S module.


Table 4-1 shows the user levels and passwords for the NAM.

Table 4-1 NAM Users and Passwords

Module
Application Image
(located on the hard disk)
Maintenance Image
(located on the compact flash)

WS-SVC-NAM-1 WS-SVC-NAM-1-250S WS-SVC-NAM-2
WS-SVC-NAM-2-250S

User
Password
User
Password

root

root

root

cisco

guest

guest

guest

cisco



Note The guest account in the NAM maintenance image has all read and all write privileges.


When you boot into either the application image or the maintenance image and set up IP information, that information is synchronized between the images. If you change passwords, that information is not synchronized between the images and is not reflected on the unchanged image.

To allow remote Telnet sessions, use the exsession on command. SSH can also be used to log into the NAM. You must install the crypto patch to use this feature. To enable SSH on the NAM, use the exsession on ssh command.

To log in to the NAM, follow these steps:


Step 1 Log in to the switch using the Telnet connection or the console port connection.

Step 2 At the CLI prompt, establish a console session with the NAM using the session slot slot_number processor 1 command, as follows:

Router# session slot 8 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.81 ... Open

Cisco Network Analysis Module (WS-SVC-NAM-1)

Step 3 At the NAM login prompt, type root to log in as the root user or guest to log in as a guest user.

login: root

Step 4 At the password prompt, enter the password for the account. The default password for the root account is "root" and the default password for the guest account is "guest."

Password: 

After a successful login, the command line prompt appears as follows:

Network Analysis Module (WS-SVC-NAM-1) Console, 5.1
Copyright (c) 1999-2011 by cisco Systems, Inc.

WARNING! Default password has not been changed!

root@localhost# 


Changing the NAM CLI Passwords with Cisco IOS Software

If you have not changed the password from the factory-set default, a warning message displays when you log in to the NAM.

You can use the web application on the local database. If the administrator is unknown, you can use the CLI to remove the local web users from the web user database with the rmwebusers command.


Note Passwords are case-sensitive. New passwords may include uppercase and lowercase letters, numbers, and punctuation marks.



Note For the WS-SVC-NAM-1 and WS-SVC-NAM-2 module, if the NAM maintenance image passwords are lost for the root or guest account, the maintenance image must be upgraded. After the upgrade, the passwords are set to the default. See Table 4-1.


To change the password, follow these steps while you are logged in to the root account on the NAM:


Step 1 Enter this command as follows:

root@localhost# password username

To change the root password, make a Telnet connection to the NAM and then use the password root command.

To change the guest password, make a Telnet connection to the NAM and then use the password guest command.

Step 2 Enter the new password as follows:

Changing password for user root
New UNIX password:

Step 3 Enter the new password again as follows:

Retype new UNIX password:
passwd: all authentication tokens updated successfully


This example shows how to set the password for the root account:

root@localhost# password root
Changing password for user root
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully

If you forget or lose the password, you can enter the clear module pc-module module-number password command from the switch CLI to restore the password for the root account to root and the guest account to guest on the application image.

Resetting the NAM with Cisco IOS Software

If you cannot reach the NAM through the CLI or an external Telnet session, enter the hw-module module module_number reset command to reset and reboot the NAM. The reset process requires several minutes.

When the NAM initially boots, by default it runs a partial memory test. To perform a full memory test, use the mem-test-full keyword in the hw-module module module_number reset device:partition mem-test-full command.

When you next reset the NAM, the full memory test runs. A full memory test takes more time to complete than a partial memory test.

You can also use the hw-module module module_number mem-test-full command to run a memory test. This example shows a full memory test for module 5:

Router(config)# hw-module module 5 boot-device mem-test-full

To reset the module and boot the NAM in the application image, use the hw-module module slot reset hdd:1 [mem-test-full] command from the Cisco IOS CLI prompt.

To reset the module and boot the NAM in the maintenance image, use the hw-module module slot reset cf:1 [mem-test-full] command from the Cisco IOS CLI prompt.

This example shows how to reset the NAM that is installed in slot 9 from the CLI:

Router# hw-module mod 9 reset cf:1 memtest-full

Proceed with reload of module? [confirm] y
% reset issued for module 9

To enable a full memory test, use the set boot device bootseq mod# mem-test-full command. This example shows how to do a full memory test:

Console (enable) set boot device cf:1 4 mem-test-full 
Device BOOT variable = cf:1 
Memory-test set to FULL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to FULL 

When you next reset the NAM, the full memory test runs.

This example shows how to reset the partial memory test:

Console> (enable) set boot device cf:1 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL

Upgrading the NAM Software with Cisco IOS Software

You can upgrade both the application software and the maintenance software. To upgrade the application software, see the "Upgrading the NAM Application Software with Cisco IOS Software" section. To upgrade the maintenance software, see the "Upgrading the NAM Maintenance Software with Cisco IOS Software" section.

The NAM application and maintenance images are not interchangeable.

Table 4-2 lists the NAM image prefixes.

Table 4-2 NAM Image Prefixes

Module
Application Image
Maintenance Image

WS-SVC-NAM-1

nam-app

c6svc-nam-maint

WS-SVC-NAM-2

WS-SVC-NAM-1-250S

WS-SVC-NAM-2-250S


Upgrading the NAM Application Software with Cisco IOS Software

To upgrade the NAM application software, follow these steps:


Step 1 Copy the NAM application software image to a directory accessible to FTP.

Step 2 Log in to the switch through the console port or through a Telnet session.

Step 3 If the NAM is running in the maintenance image, go to Step 4. If the NAM is not running in the maintenance image, enter this command in privileged mode:

Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:03:31:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:03:31:SP:The PC in slot 9 is shutting down. Please wait ...
00:03:41:%SNMP-5-COLDSTART:SNMP agent on host R1 is undergoing a cold
start
00:03:46:SP:PC shutdown completed for module 9
00:03:46:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:03:49:SP:Resetting module 9 ...
00:03:49:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:05:53:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:05:53:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:05:53:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 

Step 4 After the NAM is back online, establish a console session with the NAM and log in to the root account.

Router# session slot 9 proc 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.91 ... Open
Cisco Network Analysis Module (WS-SVC-NAM-1)
Maintenance Partition

login:root
Password:
Network Analysis Module (WS-SVC-NAM-1) Console, 5.1
Copyright (c) 1999-2011 by cisco Systems, Inc.

Step 5 Upgrade the NAM application software as follows:

root@localhost# upgrade ftp-url 

where ftp-url is the FTP location and name of the NAM software image file

or

root@localhost# upgrade ftp-url --install


Note The --install keyword clears and recreates all of the NAM partitions; this action is similar to restoring the factory-default state. If you use the --install keyword, the previously stored reports and data (if any) will be lost.



Note If the FTP server does not allow anonymous users, use this syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.


Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the NAM.

Step 8 Reset the NAM as follows:

Router# hw-module mod 9 reset hdd:1 
Device BOOT variable for reset =
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:26:55:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:26:55:SP:The PC in slot 8 is shutting down. Please wait ...

Note For optimal performance on the NAM, you must use an additional one-time reboot immediately after booting to the application partition after you upgrade the NAM software.


Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account as follows:

root@localhost# show ip
root@localhost# show snmp
root@localhost# show version


This example shows how to upgrade the NAM application software:

root@localhost# hw-module module 7 reset cf:1
Device BOOT variable for reset = <cf:1>
Warning: Device list is not verified.
 
Proceed with reload of module?[confirm]
% reset issued for module 7
root@localhost# show mod
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  2    8  Network Analysis Module                WS-SVC-NAM-2       SAD060301SS
  3    8  Network Analysis Module                WS-SVC-NAM-2       SAD060301SR
  5    2  Supervisor Engine 720 (Active)         WS-SUP720-BASE     SAD0813071R
  7    8  Network Analysis Module (MP)           WS-SVC-NAM-2       SAD065002TK
  8    0  2 port adapter Enhanced FlexWAN        WS-X6582-2PA       JAB093000QE
  9   48  48 port 10/100 mb RJ-45 ethernet       WS-X6248-RJ-45     SAD03462861
 
Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  2  0003.feab.1180 to 0003.feab.1187   3.0   7.2(1)       4.2 Ok
  3  00e0.b0ff.33f8 to 00e0.b0ff.33ff   0.101 Unknown      Unknown      PwrDown
  5  000d.2910.3f68 to 000d.2910.3f6b   3.1   7.7(1)       12.2(18)SXE2 Ok
  7  0005.9a3b.9d10 to 0005.9a3b.9d17   1.0   7.2(1) 				 				     		2.1(2)m      Ok
  8  0013.800f.be10 to 0013.800f.be4f   2.0   12.2(18)SXE2 12.2(18)SXE2 Ok
  9  0030.962c.6750 to 0030.962c.677f   1.1   4.2(0.24)VAI 8.5(0.46)ROC Ok
 
Mod Sub-Module                  Model              Serial        Hw     Status
--- --------------------------- ------------------ ------------ ------- -------
  5 Policy Feature Card 3       WS-F6K-PFC3A       SAD081302ST   2.2    Ok
  5 MSFC3 Daughterboard         WS-SUP720          SAD081305DT   2.2    Ok
 
Mod Online Diag Status
--- -------------------
  2 Pass
  3 Unknown
  5 Pass
  7 Pass
  8 Pass
  9 Pass

root@localhost# session slot 7 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.71 ... Open
 
Cisco Maintenance image
 
login: root
Password:
 
Maintenance image version: 2.1(2)
 
root@localhost# upgrade ftp://user@pc1//home/userdir/nam-app.5-0-1-23-Eng.bin.gz
Downloading the image. This may take several minutes...
Password for pc1:
ftp://pc1//home/user/nam-app.5-0-1-Eng.bin.gz (74629K)
/tmp/upgrade.gz           [########################]   74629K | 10586.05K/s
76421024 bytes transferred in 7.05 sec (10585.89k/sec)
 
Upgrade file ftp://pc1//home/user/nam-app.5-0-1-Eng.bin.gz is downloaded.
Upgrading will wipe out the contents on the storage media.
Do you want to proceed installing it [y|N]: y
 
Proceeding with upgrade. Please do not interrupt.
If the upgrade is interrupted or fails, boot into
Maintenance image again and restart upgrade.
 
Creating NAM application image file...
 
Initializing the application image partition.
This process may take several minutes...
 
Applying the image, this process may take several minutes...
 
Performing post install, please wait...
Application image upgrade complete. You can boot the image now.
root@localhost# exit
logout
 
[Connection to 127.0.0.71 closed by foreign host]
root@localhost# hw-module module 7 reset hdd:1
Device BOOT variable for reset = <hdd:1>
Warning: Device list is not verified.
 
Proceed with reload of module?[confirm]
% reset issued for module 7
root@localhost#

Upgrading the NAM Maintenance Software with Cisco IOS Software

To upgrade the NAM maintenance software, follow these steps:


Step 1 Copy the NAM maintenance software image to a directory accessible to FTP.

Step 2 Log in to the switch through the console port or through a Telnet session.

Step 3 If the NAM is running in the application image, go to Step 5. If the NAM is not running in the application image, enter this command in the privileged mode:

Router# hw-module module 9 reset hdd:1
Device BOOT variable for reset = hdd:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:31:11:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:31:11:SP:The PC in slot 9 is shutting down. Please wait ...
00:31:25:SP:PC shutdown completed for module 9
00:31:25:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:31:28:SP:Resetting module 9 ...
00:31:28:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:33:26:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:33:26:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:33:26:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online

Step 4 After the NAM is back online, establish a console session with the NAM and log in to the root account.

Step 5 Upgrade the NAM maintenance software as follows:

root@localhost# upgrade ftp-url 

where ftp-url is the FTP location and name of the NAM software image file.


Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.


Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the NAM.

Step 8 Boot into the maintenance image with this command to reset the NAM maintenance software:

Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9

Router# 
00:16:06:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:16:06:SP:The PC in slot 9 is shutting down. Please wait ...
00:16:21:SP:PC shutdown completed for module 9
00:16:21:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:16:24:SP:Resetting module 9 ...
00:16:24:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:18:21:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:18:21:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:18:21:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 

Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account as follows:

root@localhost# show ip

Step 10 (Optional) Reboot into the application image as follows:

Router# hw-module module 9 reset


This example shows how to upgrade the NAM maintenance software:

Router# 
Router# hw-module module 9 reset hdd:1
Device BOOT variable for reset = hdd:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:31:11:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:31:11:SP:The PC in slot 9 is shutting down. Please wait ...
00:31:25:SP:PC shutdown completed for module 9
00:31:25:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:31:28:SP:Resetting module 9 ...
00:31:28:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:33:26:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:33:26:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:33:26:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 

Router# session slot 9 proc 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.91 ... Open

Cisco Network Analysis Module (WS-SVC-NAM-2)

login:root
Password:

Cisco Network Analysis Module (WS-SVC-NAM-2) Console,  5.1
Copyright (c) 2011 by cisco Systems, Inc.

WARNING! Default password has not been changed!
root@localhost.cisco.com#

root@localhost.cisco.com# upgrade ftp://host/pub/rmon/mp.1-1-0-1.bin.gz

Downloading image...
ftp://host/pub/rmon/mp.1-1-0-1.bin.gz (11065K)
-                         [########################]   11065K |  837.65K/s
11331153 bytes transferred in 13.21 sec (837.64k/sec)

Uncompressing the image...

Verifying the image...

Applying the Maintenance image.
This may take several minutes...

Upgrade of Maintenance image completed successfully.
root@hostname.cisco.com# exit

Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.

Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
02:27:19:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
02:27:19:SP:The PC in slot 9 is shutting down. Please wait ...
02:27:36:SP:PC shutdown completed for module 9
02:27:36:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
02:27:39:SP:Resetting module 9 ...
02:27:39:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
02:29:37:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
02:29:37:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
02:29:37:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 

Operating-System-Independent NAM Administration

The following section describes NAM administration that is not dependent on the switch operating system.

Adding NAM Patch Software

To install a patch on the NAM, follow these steps:


Step 1 Log into the switch through the console port or through a Telnet session.

Step 2 If the NAM is running in the application image, go to Step 4. If the NAM is in the maintenance image, enter this command in privileged mode:

For Cisco IOS software, enter as follows:

Console> (enable) hw-module module module_number reset


Step 3 After the NAM is back online, establish a console session with the NAM, and then log into the root account.

Step 4 Install the patch software to the NAM software as follows:

root@localhost# patch ftp-url 

where ftp-url is the FTP location and the name of the NAM patch software image file.


Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.


Step 5 Follow the screen prompts during the patch application process.

Step 6 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account as follows:

root@localhost# show ip
root@localhost# show patches


Note If you are running the NAM web application, click on the About link in the GUI to display a list of installed patches. If nothing appears, no patches were installed.




Additional NAM Software Administrative Commands

See the Cisco Network Analysis Module Command Reference for information on NAM commands available through the NAM CLI.

http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/5.1/command/
reference/guide/cmdref.html