Cisco CNS Network Registrar User's Guide, 6.0
Network Registrar User Interfaces
Downloads: This chapterpdf (PDF - 332.0KB) The complete bookPDF (PDF - 7.06MB) | Feedback

Network Registrar User Interfaces

Table Of Contents

Network Registrar User Interfaces

Concurrent and Granular Access

Web-Based User Interface

Web UI Main Menu Page

Logging in to the Web UI

Command Line Interface

Invoking the CLI

Exiting the CLI

Getting CLI Help

CLI Command Structure

Using the Create and Delete Keywords

Using the Set and Unset Keywords

Using the Enable and Disable Keywords

Saving CLI Changes

Validation

CLI Status Codes

CLI Commands List

Graphical User Interface

Starting the GUI

Starting From a Remote Site

Entering or Editing a License Key

Menu Bar Selections

Admin Menu

Servers Menu

View Menu

Window Menu

Help Menu

Toolbar Buttons

Show Properties Button

Control Button

Show Statistics Button

Add Button

Remove Button

Server Manager Window

Status Monitor Window

Status Bar


Network Registrar User Interfaces


Cisco CNS Network Registrar provides three ways of administering and managing DNS, DHCP, and TFTP servers:

Web-based user interface (Web UI)

Command line interface (CLI)

Windows-based graphical user interface (GUI)

This chapter describes the Network Registrar user interfaces. Read this chapter before starting to configure the Network Registrar servers so that you become familiar with each user interface's capabilities.

For detailed procedures on how to perform administrative tasks on Network Registrar servers, see "Administering Network Registrar."

Concurrent and Granular Access

Network Registrar provides concurrent user access to network and server configurations through the Web UI. CLI and GUI users who log in with another user already logged in to a CLI or GUI session receive messages requiring them to "force-lock," or force the lock open. The GUI displays a dialog box with the Unlock button. To guarantee data integrity, these user interfaces require an exclusive lock on the system. You should not force the lock open unless you are sure that no data conflict will occur, for example, after a network error left a lock in place for a disconnected session. The Web UI does not require a forced lock or unlock. A user trying to affect a network object that another user already added, modified, or deleted will receive an error message in all the interfaces.

The Web UI provides granular access to configuration data through user roles and constraints. The CLI does not limit access to server data. The Web UI granularity is described in the following section. The CLI provides either full or limited access—full access meaning access to both user administration and unconstrained host, zone, and DHCP server administration; limited access meaning lacking the user administration feature.

Web-Based User Interface

The Web-based user interface (Web UI) is a Web browser-based interface that provides concurrent access to Network Registrar user and protocol server administration and configuration. It provides granular administration across servers with permissions you can set on a per element or feature basis.

Once you log in to the application, the Main Menu available to the central configuration management (CCM) administrator provides these functions to a user with full access privileges:

Administration—Allows you to manage administrators, administrator groups and roles, encryption keys and access control lists (ACLs); manage protocol servers; and view the datastore change logs and tasks.

Zone—Allows you to manage the lists of forward, reverse, and secondary zones and their resource records; zone owners and templates; zone distributions, and DNS server attributes.

Host—Allows you to manage hosts in zones, assigning them a DNS name and one or more IP addresses.

Address Space—Allows you to view the unified address space tree and manage address blocks, subnets and static IP ranges, owners, regions, and consistency rules.

DHCP—Allows you to manage the Network Registrar DHCP server, including scopes and associated ranges, reservations and leases, policies and associated options, client and client-class entries, failover servers, and DHCP server attributes.

For details on the functionality of the Web UI, see the Network Registrar Web UI Guide.

Web UI Main Menu Page

Figure 3-1 shows the Main Menu available to superuser administrators. Other assigned administrators may see a subset of these features and functions when they log in to the Web UI.

Figure 3-1 Main Page

Logging in to the Web UI

You can log in to the Network Registrar Web UI either by SSL secure or nonsecure login. After installing Network Registrar, open one of the supported Web browsers and specify the login location URL in the browser's address or netsite field. Login is convenient and provides some memory features for making login sessions faster to access.

You can log in using a nonsecure login in two ways:

On Windows, from the Start menu, Start > Programs > Network Registrar 6.0 > Network Registrar 6.0 Web UI, which opens the Web UI from your default Web browser. (The Start menu item is not automatically created for Windows NT systems.)

Open the Web browser and go to the website http://hostname:8080.

This opens the Login page. With a conventional login, the page indicates "Page is not secure" (see Figure 3-2); with an SSL-secured login, the page indicates "Page is SSL Secure."


Note To prepare for an SSL-secured login, see the Network Registrar Installation Guide.


Figure 3-2 Login Page

Enter your account name and password. The password is case-sensitive. Depending on how your browser was set up, you might be able to abbreviate the account name and select it from the drop-down list. If the password is stored from a previous login, it might be entered automatically.

To log in, click the Login button, or click Cancel to cancel the login. If this is your first login after installing Network Registrar, an Add License page appears first (see Figure 3-3). Your license key is printed on the installation CD. Enter it exactly as given, then click Add to add the key or Cancel to cancel adding it.

Figure 3-3 Add License Page

As soon as you log in with a valid license key, the Cisco Network Registrar Main Menu page appears with a menu of administrative tasks.

If you bookmark the install-path/login.jsp file and your session is still valid and no cookies were removed, the next time you open the page, you can click Reuse current session to return to your login session. This option is not available if your session is not valid, it timed out in the Web server, your connection was broken, or you removed the cookie in the browser.


Note Your Web UI session depends on enabling per-session cookies on your Web browser. Do not disable per-session cookies, or the browser has no way of knowing about your session. In Microsoft Internet Explorer 5.5, find this option under Tools > Internet Options > Security > Custom to access the Security Settings screen. On this screen, ensure that the stored and per-session cookies have Enable selected. In Netscape 4.76, use Edit > Preferences > Advanced to ensure that cookies are not disabled.


Command Line Interface

Using the Network Registrar command line interface (CLI), the nrcmd program, you can control your servers' operations. You can set all configurable options, as well as start and stop the servers. The CLI provides for concurrent access, but you should not have more than one CLI or GUI session open, because these interfaces require a lock on the databases. See "Administering Network Registrar" and the Network Registrar CLI Reference for details.

The CLI allows creating administrator accounts of three kinds—superusers and full or limited administrators. Administrators can also be assigned to Web UI groups, but these groups have not meaning in the CLI. You can also identify administrators by groups. Superusers have unlimited read-write access to the Network Registrar databases; because of this, the number of these administrators should be severely limited. You handle full or limited access through the nrcmd-flags attribute of the admin command. Full access is to user administration and unconstrained host, zone, and DHCP server administration; limited access lacks the user administration feature.

Invoking the CLI

The nrcmd program is located on:

Windows, by default, in the \Program Files\Network Registrar\bin directory.

Solaris or Linux, in the /install-path/nwreg2/usrbin directory.

The extended command syntax is (with the brackets indicating optional entry groupings):

nrcmd [-C clustername] [-N username] [-P password] [-r] [-b file] [internal-command] 

The -C, -N, and -P options are for adding a cluster name, username, and password, respectively. If you omit these options, Network Registrar tries to get them from the Registry or environment variables. If Network Registrar cannot find values for these parameters, it prompts you for them. If you omit the cluster name on a system where Network Registrar servers are installed, the nrcmd program assumes access to localhost and does not prompt you. The -r option opens a read-only version of the program.

The Registry and environment variables are AIC_NAME for the name, AIC_PASSWORD for the password, and AIC_CLUSTER for the cluster name. The Solaris and Linux registry keys are in a file with the user's login name in the var/nwreg2/data/registry directory, with the file contents in the form name=value. The Windows Registry path is HKEY_CURRENT_USER\Software\American Internet\Network Registrar\2.0.

The program executes in batch mode if you include an internal CLI command or the -b file option on the line. The text file can include any number of CLI commands, and you can include comment lines preceded by the pound sign (#). After a batch mode command, you return to the normal system prompt. Note that display in batch mode is intended for parsing by an external program and, therefore, includes only command attributes that have values.

Omitting the internal command or file inclusion option runs the nrcmd program in interactive mode, displaying the "nrcmd>" prompt for each command execution, until you exit the program.

nrcmd> command [parameter,parameter,...] 

To specify a series of parameters (which can be attribute/value pairs or just attribute values), insert a comma between them, without additional spaces.

Exiting the CLI

Exiting the Network Registrar user interfaces does not affect your network servers' or your hosts' ability to request leases or access the Internet.

To exit the Network Registrar CLI, use the exit command. Network Registrar writes all unsaved changes to the database. However, the server does not read the new changes until you use the server type reload (or simply server-type reload command, such as dhcp reload). If Network Registrar cannot save the changes, it displays the same error code as if you had used the save command.

nrcmd> server dns reload 
100 Ok
nrcmd> dhcp reload 
100 Ok
nrcmd> exit 

Getting CLI Help

To view the online help for the Network Registrar CLI, enter the help command.

nrcmd> help [command] 
100 Ok
acl                  Configure an ACL to grant DDNS update privileges.
address-block        Configure DHCP address-blocks.
address-block-policy Configure the policy embedded in an address-block.
admin                Configure administrators for this cluster.
...

CLI Command Structure

The nrcmd commands specify a class of objects that you can create, delete, or list. Each of these objects has attributes that you can set, unset, and get; or enable and disable. These objects can also have methods that are specific to the type of object, where you can perform operations on groups of properties.

When you use nrcmd commands to configure Network Registrar, you manipulate:

Classes—Objects that you can create, delete, or list. Examples are scopes, policies, and zones.

create—Creates an entry

delete—Removes an entry

list—Displays all the object entries

Properties—Attributes that you set or display. Examples are a zone's minimum TTL and lease times.

set—Sets the attribute value

unset—Removes the attribute value

get—Displays the attribute value

show—Displays all the object's attribute values

Features—Attributes that you enable or disable. Examples are enabling permanent leases and the DHCP LDAP service. After you enable a feature, you often need to set associated properties.

enable—Enables an attribute

disable—Disables an attribute

unset—Removes the attribute's enabled or disabled setting

get—Displays whether the attribute is enabled, disabled, or unset

Methods—Operations you can perform on groups of properties. Examples are adding a range of IP addresses to a scope and removing hosts from a zone.

How you specify a series of arguments depends on the type of command you use. The following sections describe the difference between using the create, set, and enable keywords.

Using the Create and Delete Keywords

You must supply the required arguments for the create keyword, although others are optional. The required arguments are positional—they must be in the specified order indicated in the syntax. The optional arguments are not positional.

For example, the syntax for creating a scope is scope name create ipaddr mask [attribute=value...]. This means that when you create the scope, you must supply it with a name, IP address, and subnet mask, in that order. You can add the optional attributes (indicated in square brackets) in any order.

This command creates the scope testScope with the IP address 192.168.40.1 and a mask of 255.255.255.0, and adds an optional attribute specifying the zone for any host created:

nrcmd> scope examplescope1 create 192.168.40.1 255.255.255.0 dns-zone-name=example.com. 
100 Ok
dns-zone-name=example.com.
examplescope1:
	addr = 192.168.40.1
	bootp = disabled
	deactivated =
	dhcp = enabled
	dns-host-bytes = 1
	dns-rev-server-addr =
	dns-reverse-zone-name = 40.168.192.in-addr.arpa.
	dns-server-addr =
	dns-zone-name = example.com.
...

If you omit the attribute or its value, Network Registrar may use a default value. After the create keyword creates and assigns all specified parameters to the object, Network Registrar confirms that all the required arguments are in the right order and that the attributes have values, either default or user-specified ones. You get an error message if you omit the required arguments.

The delete keyword deletes an object from the database.

Using the Set and Unset Keywords

Use the set keyword in a command to set or change an attribute value, using an equal sign. If there are multiple values to set for an attribute, separate each value after the equal sign with a comma. To set multiple attribute/value definitions on a single command line, separate each one with a space character.

These three examples set the name of the DNS zone to which a DHCP client's host name should be added for a scope, specifies a list of IP addresses you allow to perform zone transfers (for a secondary zone), and sets the client's client-class and domain name:

nrcmd> scope examplescope1 set dns-zone-name=example.com. 
100 Ok
dns-zone-name=example.com.
nrcmd> zone la.example.com set auth-servers=192.168.50.1,192.168.50.2 
100 Ok
auth-servers=192.168.50.1
nrcmd> client 1,6,00:d0:ba:d3:bd:3b set client-class-name=classPC 
		domain-name=example.com. 
100 Ok
client-class-name=classPC
domain-name=example.com.

The unset keyword removes any explicitly defined values from attributes. With unset attributes, the servers use default values, if they are defined in the database.

Using the Enable and Disable Keywords

Use the enable keyword in a command to enable an attribute. After enabling the attribute, you often have to set its associated properties. You must enable and set attributes on separate command lines.

This example enables incremental transfer processing for the DNS server, and then changes the incremental transfer expiration interval:

nrcmd> dns enable ixfr-enable 
100 Ok
ixfr-enable=enabled
nrcmd> dns set ixfr-expire-interval=10d 
100 Ok
ixfr-expire-interval=1w3d

Use the disable keyword to disable an attribute. Many attributes have default enabled or disabled settings.

Saving CLI Changes

The CLI saves your changes to the database after you:

Use the save command.

Use the server type reload (or simply server-type reload) command.

Exit from the CLI.

Validation

The nrcmd program performs validation when you create objects or modify their attributes. It checks that you supplied the required attributes and that their values are valid. It also checks the validity of attribute values when you set them.

When you issue the save command, Network Registrar ensures that:

It made no other modifications to these objects since reading them from the database.

All affected references are still valid.

The proposed modifications result in a valid server configuration.

CLI Status Codes

All nrcmd commands return a status code as the first line of output. The first word on the line is a three-digit status code. The remaining output is the descriptive text. The first digit of the status code determines the class of the status.

Table 3-1 lists the save command status codes.

Table 3-1 save Command Status Codes 

Status Code
Description

100 Ok

Successful save

3xx

Error in processing the command

4xx

Error in communicating with the cluster database server

5xx

Internal error in the command


For a detailed list of the error codes, see the Network Registrar CLI Reference.

CLI Commands List

This section contains the complete list of commands, grouped alphabetically (see Table 3-2). You can use them at the "nrcmd>" prompt or insert them in scripts.

Table 3-2 CLI Commands 

Command
Description

acl

Creates and displays access control lists for defining zone update networks

address-block

Defines the address block for DHCP subnet allocation

address-block-policy

Defines the embedded policy for the address block

admin

Creates administrators and assigns them passwords

client

Creates clients and assigns them to client-classes

client-class

Creates client-classes

client-class policy

Sets embedded client-class policies

client-policy

Sets embedded client policies

custom-option

Creates a custom DHCP option

dhcp

Specifies the DHCP server's properties

dhcp-interface

Specifies the IP address of the DHCP server's hardware card

dns

Specifies the DNS server's properties

exit or quit

Quits the nrcmd program

export

Writes the state of the lease, zone, or address to a file or database

extension

Integrates DHCP extensions into the Network Registrar DHCP server

force-lock

Obtains an exclusive lock for the nrcmd program session

help

Provides online help

import

Loads configuration information from a file

key

Creates and manages keys for dynamic DNS updates

ldap

Specifies the LDAP remote server's properties

lease

Controls DHCP leases

lease-notification

Notifies you when you run out of available leases in a scope

license

Views and updates license information

namespace

Defines the namespace for virtual private networks (VPN) in DHCP

option-datatype

Defines data types for vendor-specific DHCP options

policy

Specifies the policy information

remote-dns

Specifies information about remote DNS servers

report

Summarizes the dynamic and static address use for one or more clusters

save

Saves the current configuration changes

scope

Specifies the scopes' properties

scope-policy

Sets embedded scopes properties

scope-selection-tag

Creates scope selection tags

server

Affects server behavior

session

Configures session parameters

subnet

Controls DHCP subnets

tftp

Specifies the TFTP server's properties

trap

Enables or disables SNMP traps

vendor-option

Defines vendor-specific DHCP options

zone

Specifies the DNS zones' properties


Graphical User Interface

You can also use the Network Registrar graphical user interface (GUI) to control your servers' operations. The GUI is available for Windows systems only. It consists of:

Commands invoked from the menu bar.

A toolbar.

Two windows—Server Manager (see Figure 3-4) and Server Status Monitor (see Figure 3-5).

Figure 3-4 Network Registrar Main Window

Figure 3-5 Status Monitor Window

Starting the GUI

To start Network Registrar, you need to start the program and log on to a cluster. A cluster is the physical host running the Network Registrar DNS, DHCP, and TFTP servers. If a cluster does not exist, you must create one first.

You need to connect to this cluster to configure or administer the servers in it. Often, Network Registrar's DNS, DHCP, and TFTP servers run on the same physical machine. You can specify localhost for the servers running on the same system as the GUI.

To start the GUI on a Windows system, perform these steps:


Step 1 Invoke the GUI program by choosing Start > Programs > Network Registrar 6.0. This opens the Network Registrar main window containing the Server Manager window (see Figure 3-4).

Step 2 If you are starting the GUI for the first time, there are no clusters listed in the Server Manager window. You must add a cluster. Right-click the List of Clusters object in the Server Manager window and click Add Cluster. Alternatively, from the Admin menu, click Clusters, then Add cluster in the Clusters dialog box. Both ways open the Add Cluster dialog box.

If you are starting the GUI with a cluster already created, the Login for Network Registrar dialog box appears. Go to Step 5.

Step 3 In the Add Cluster dialog box, add the host name of the cluster. Enter localhost if the cluster is on the same machine as the GUI. Because of the way Network Registrar concatenates the name of the cluster with the name of the server in each cluster with the "at" (@) symbol, do not enter a host name that includes this symbol.

If you want to connect to the cluster immediately, check the Connect to this cluster once added box. If the cluster is invalid or does not exist on the network, a warning message indicates that you cannot connect to it. Re-enter a valid cluster name.

Step 4 Click OK in the Add Cluster dialog box.

Step 5 In the Login dialog box, either for Network Registrar or the cluster, enter your username and tab to enter your password.

If you want read-only access to Network Registrar, check the Read Only box in the Login dialog box. Note that read-only access provides limited functionality. The Server Manager window indicates after the cluster name whether you set read-only access to the cluster.

Step 6 Click OK in the Login dialog box.

Step 7 The first time you connect to a newly installed cluster, you must enter a license key. See the "Entering or Editing a License Key" section.

Step 8 Change the changeme password as soon as you can for security purposes. From the Admin menu, click Change Administrator Password.


Starting From a Remote Site

If you run the Network Registrar GUI remotely rather than from your server machine, you must first add a cluster. See the "Starting the GUI" section. Adding a cluster connects the remote machine on which you are running the GUI to the server that provides DNS, DHCP, or TFTP services. After you add the cluster, you can configure and monitor the servers. The connection and login process is the same as that described in the "Starting the GUI" section.

Entering or Editing a License Key

Network Registrar licensing controls the ability to configure your servers. Every copy of Network Registrar requires a license. You can find the license key on the back of the software CD-ROM case. You must enter the license key the first time you configure each cluster. Any user can enter the license key, but only the superuser or full administrator can edit this key.

If you have a permanent license, you do not see the license dialog box again.

If you have an evaluation copy of Network Registrar, you have a license that will expire.

If you have an invalid or missing license key, you cannot configure or manage the Network Registrar servers. However, the servers will continue to function normally.

Perform these steps to enter or edit the license key.


Step 1 If the Invalid License dialog box appears, click New Key. If you have an existing cluster and want to change the license key, right-click the cluster object in the Server Manager window and click Properties.

Step 2 In the Properties dialog box for the cluster, check the Edit license key box.

Step 3 Copy the 16-character license key from the back of the CD-ROM case. Enter it in the four fields of the Properties dialog box, four characters per field.

Step 4 Click OK.


Menu Bar Selections

The menu bar commands handle administration and determine the way that you can view Network Registrar activity. Commands are grouped in task-specific menus on the menu bar.

Admin Menu

Use commands on the Admin menu to:

Add, connect to, remove, and disconnect from Network Registrar clusters.

Add administrators and set the clusters (requires superuser or full administrator access).

Change administrator passwords (this requires superuser or full administrator access).

Exit Network Registrar.

Servers Menu

The Servers menu is active only if you click a server object in the Server Manager window. Use the Servers menu to:

Start a server.

Stop a server.

Reload a server to update changes made to server information.

Add the server to the Status Monitor (Figure 3-5).

Remove a server from the Status Monitor.

Show server statistics

Show related servers—DHCP failover servers only

See Figure 3-5 for the Status Monitor.


Tip You can also invoke these commands, after clicking a server object, from the right-mouse-click menu. For details on server administration tasks, see "Administering Network Registrar."


View Menu

The View menu governs viewing the Network Registrar windows. Use the View menu commands to reveal or hide:

Server Manager tree (Figure 3-4)

Server Status Monitor (Figure 3-5)

Status bar

Window Menu

The Window menu controls the appearance and positioning of the Network Registrar windows. Use the Window menu to:

Cascade the windows on top of each other, but slightly offset.

Tile the windows so that they are divided equally at the top and bottom of the window.

Show the number of current windows (a check mark appears next to the active window).

Help Menu

The Help menu provides on-line help and the About Network Registrar window.

Toolbar Buttons

The toolbar displays buttons that initiate the most frequently used commands.


Tip After you click an object in the Server Manager window, you can use the right-click menu to perform some of the toolbar commands, or double-click the object icon or name, to open a properties dialog box.


Show Properties Button

Use the Show Properties toolbar button to show (and configure) the properties of the object you choose (from the cluster level down) in the Server Manager window.


Tip You can also open the properties for the object by double-clicking the object.


Control Button

The Control toolbar button opens the server's Control dialog box, from which you can start, stop, or reload the server. You must click OK to activate the start, stop, or reload.


Note Stopping a server does not terminate it, but stops it from handling further requests.


Show Statistics Button

The Show statistics toolbar button opens the Statistics window for the selected server. To refresh the statistics, click Refresh.

Add Button

Use the Add button to add clusters, DNS zones, or DHCP scopes, depending on the object you chose in the Server Manager window.

Remove Button

Use the Remove toolbar button to remove clusters, DNS zones, or DHCP scopes, depending on what you chose in the Server Manager window.

Server Manager Window

Use the Server Manager and Status Monitor windows to configure and monitor the Network Registrar servers.

The Server Manager window provides standard tree control starting with clusters at the top level. Under each cluster is a list of DNS, DHCP, and TFTP servers. Under each server is a subtree of server-specific data structures. This display lets you choose servers for browsing, configuring, and control, or for status information.


Tip Each cluster and server object has a plus (+) symbol next to it, whether or not it has subobjects. When you click the plus symbol for an object that does not have a subobject, the symbol disappears.



Note Network Registrar treats the "at" (@) symbol in server names (tree control) as a special character. Before displaying the server name, Network Registrar removes all characters after and including the symbol. This is typically the cluster name. However, if you include the symbol as part of the server name, the characters after the symbol are lost.


The Server Manager uses icons to indicate different Network Registrar components. Table 3-3 lists all the icons in the Server Manager tree control.

Table 3-3 Network Registrar Icons

Icon
Definition

List of clusters

Cluster

DNS server

DNS server that needs to be reloaded (the red star indicates the need to reload)

DNS zone

DNS secondary zone

DHCP server

DHCP server that needs to be reloaded

DHCP scope


Status Monitor Window

The Status Monitor window is where you can place server icons so that you can monitor their status. The icons change to reflect the server's current status.

To find the status of a server, click the server in the Server Manager window. From the Servers (or right-mouse-click) menu, click Add to Status Monitor. To remove the server status icon from the Status Monitor window, right-click the icon and click Remove.

The traffic lights indicate the state of the server—Started is green, stopped is red.

The bar to the right of the traffic light shows the health of the server (how well it is running)—The health is a combination of the server's resources and network balance.

For details on what factors affect a server's health, see "Displaying the Server's Health" section.

When Network Registrar cannot contact the server, the warning triangle and exclamation point appear, and the green or red color is muted. The warning can mean the network is down, the server machine crashed, or someone stopped the server agent from the control panel.

Status Bar

The status bar at the bottom of the Server Manager window provides information about commands or actions. When you highlight a menu item, you see a short description of its function in the status bar. You can remove and re-activate the status bar from the View menu.