Configuring Prime Access Registrar Jumpstart
Configuring Network Information for ESXi
Configuring Prime Access Registrar Virtual Appliance
Recovering Prime Access Registrar Jumpstart
Configuring Prime Access Registrar Jumpstart
Configuring Prime Access Registrar to Automatically Power Up
Configuring Virtual Appliance to Automatically Power Up
The Cisco Prime Access Registrar Jumpstart (Prime Access Registrar Jumpstart) product is a high performance appliance for using the Prime Access Registrar application for RADIUS/Diameter authentication, authorization, accounting (AAA) services. It includes the following components:
These components are integrated together into a single flexible and easy to use appliance (see Figure 1).
Figure 1 Prime Access Registrar Jumpstart Configuration
Figure 1 shows the three primary layers in the Prime Access Registrar Jumpstart appliance. Each of these layers has its own capabilities. Each of these layers can be controlled independently as well as remotely, and each requires its own independent connection to the network. Thus, three unique IP addresses are required.
You can connect to each layer as described below:
To access the Prime Access Registrar Command Line Interpreter (CLI), you can use an SSH connection to the virtual appliance IP address using ssh -l root vaip.
You can manage CentOS 6.5 by connecting to it using ssh -l root vaip. There is no window system installed on the Prime Access Registrar virtual appliance, but the standard Linux commands necessary to manage a networking application are all present on the CentOS 6.5.
Note The VMware vSphere client is supported only on systems running Microsoft Windows.
For SSH connection to ESXi layer, enter ssh -l root esxip.
You must have answers to some questions in order to initially configure the Prime Access Registrar Jumpstart. The questions below beginning with Select require you to come up with a new value which is unique to this appliance, while the questions beginning with Determine require you to find out information that is not unique to this appliance.
You should have answers for the following questions when configuring the Prime Access Registrar Jumpstart:
You should have answers to the following questions when you are configuring network information for ESXi:
You should have answers for the following questions related to configuring the Prime Access Registrar virtual appliance:
Configuring Prime Access Registrar Jumpstart requires you to do the following configuration steps to connect it to the network:
To configure the Prime Access Registrar Jumpstart:
Step 1 Configure the UCS CIMC Network Connection. To configure this, follow the steps in the Connecting and Powering On The Server (Standalone Mode) chapter of the enclosed Cisco UCS C220 Server Installation and Service Guide or you can see the document available online at http://www.cisco.com/en/US/partner/docs/unified_computing/ucs/c/hw/C220/install/install.html.
You have to configure NIC Redundancy as None in the Connecting and Powering On The Server (Standalone Mode) procedure.
The CIMC gives you considerable insight into the hardware as well as support for a virtual KVM console allowing remote management of the ESXi layer. For details on CIMC, see the Cisco UCS C-Series Servers Integrated Management Controller GUI Configuration Guide available at http://www.cisco.com/en/US/partner/docs/unified_computing/ucs/c/sw/gui/config/guide/1.4.1
/b_Cisco_UCS_C-Series_GUI_Configuration_Guide_141.html.
After configuring the network information for the UCS CIMC console, use the virtual KVM console that the CIMC console provides to configure the network information for the ESXi hypervisor.
Note Note down the VMware ESXi license key. You will need the license key to reinstall VMWare ESXi in case of a failure.
To configure the Network Information for ESXi:
Step 1 Use a browser to connect to the IP address of the CIMC console.
Step 2 Log into the CIMC console using the login credentials.
Note The default username is admin and default password is password. While configuring the CIMC console, you should change the password.
Step 3 On the Server Summary window, in the Actions pane, click Launch KVM Console. You will be asked to approve the running of the application, as this operation downloads code to run on your system. After some delay, the KVM Console window is displayed.
Note If login fails, it may be that someone else already has a virtual KVM console already active for this UCS C220 server or that your browser is not configured to run Java Web Start. In that case, log that user off and try again.
The initial screen on the KVM console displays VMware ESXi 5.1.0.
Step 4 Press F2 to customize the system.
Note The virtual KVM console needs to capture the mouse to accept input. It may be necessary on some systems to use the mouse to select the Single Cursor option from the Tools menu of the KVM Console window. If nothing happens when you press F2, select the Session Options from the Tools menu and click OK. Usually this causes the mouse to be captured, and then the functions keys will make it through to the console. If you want the mouse back, you can press F12.
Step 5 Press F2 again to view the login window.
Step 6 Log into the host. The default username is root, and there is no password.
Select Configure Password option and reconfigure the root password after you log in.
Step 7 Use the arrow keys to select Configure Management Network and press Enter.
Note Once you log in, you should reconfigure the root password.
a. Use the arrow keys to select IP Configuration and press Enter.
b. Use the arrow keys to select Set Static IP address and Network Configuration and use the status bar to enable the option.
c. Use the arrow keys to select IP Address and enter the IP address.
d. Use the arrow keys to select Subnet Mask and enter the subnet mask.
e. Use the arrow keys to select Default Gateway and enter the gateway address.
f. Press Enter to accept the IP Configuration updates.
Note If you want to use IPv6 with Prime Access Registrar, use the arrow keys to select the IPv6 Configuration and enter the requested information.
Step 9 To configure the DNS servers:
a. Use the arrow keys to select DNS Configuration and press Enter.
b. Use the arrow keys to select Primary DNS Server and enter the IP address of the primary DNS server.
c. Use the arrow keys to select Alternate DNS Server and enter the IP address of the alternate DNS server.
d. Use the arrow keys to select Hostname and enter the hostname.
Note Ensure that you enter the entire hostname, including the domain name. For example, localhost.localdomain.
e. Press Enter to accept the DNS Configuration updates.
Step 10 If you have a VLAN configured on the switch to which the ESXi is connected, use the arrow keys to select the VLAN (optional) and press Enter.
Enter the VLAN for this network connection and press Enter to accept the change.
Press Esc to exit the Configure Management Network window which you are in now.
Step 11 Use the arrow keys to select Test Management Network and press Enter.
You can see the addresses to be pinged and the hostname to be resolved. Use the arrow keys and select the address to be pinged and press Enter. The test pings your default gateway and DNS servers and tests the connectivity. Press Enter when the test is complete.
At this point, ESXi listens on the IP address that you configured.
Step 12 Use a browser to connect to the IP address configured for ESXi.
A window displaying VMware ESXi 5.1 Welcome appears if you are successful.
Note If a warning message about an untrusted SSL certificate appears, select the appropriate action based on your security policy.
Step 13 If you already have downloaded VMware vSphere and have it available, go to “Configuring Prime Access Registrar Virtual Appliance” section.
If you have not downloaded VMware vSphere, ensure that you are connecting to the Jumpstart from a system running with Microsoft Windows.
If the system on which the browser is running is connected to the Internet, you can click on the Download vSphere Client. This downloads the VMware vSphere installable on your system which you can then install.
Note The Windows machine that runs the browser needs to have access to the Internet.
If you are not connected to the Internet, go to the system that is connected to the Internet and go to the VMware website. You have to download the vSphere client installation kit. The simplest way to get the vSphere client is to connect to the Jumpstart with a browser running on a Windows machine which also has Internet connectivity.
After you install the vSphere client on your system, proceed to “Configuring Prime Access Registrar Virtual Appliance” section.
The Prime Access Registrar Virtual Appliance is delivered as a virtual machine installed on the ESXi hypervisor. The virtual machine name as shipped from Cisco is "CPAR71".
Note You can change the virtual machine name to something more descriptive, and you are encouraged to do so, although the underlying disk storage will remain under the name originally used to deploy the Open Virtualization Format (OVA), that is "CPAR71".
To manage the virtual machine containing Prime Access Registrar, as well as manage any other virtual machines which you may deploy on the Jumpstart, you must use the VMware vSphere client. See the procedure “Configuring Network Information for ESXi” section for instructions on how to acquire a copy of the VMware vSphere Client.
To configure the Prime Access Registrar Virtual Appliance:
Step 1 Select the virtual machine name in vSphere and right-click and open a console.
Step 2 Click the Power on button () on the console and click inside the window after clicking the Power on button. vSphere captures the mouse when you click inside the console window. If you want to release the cursor, press CTRL + ALT.
Step 3 Read the end user license agreement and if you agree with the terms stated, accept the agreement. For more information about end user license agreement, see http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html.
Step 4 During the initial boot of the newly deployed machine, you will be prompted to enter a root (system) password, which is not the Prime Access Registrar password.
Note This is the root password for the underlying CentOS operating system on which the Prime Access Registrar application is installed. You will be asked to enter this password twice. You will need root access to the underlying CentOS operating system later on, so make sure that you remember this password.
Step 5 After accepting the license agreement and providing the root password, log into the machine in the console with the credentials as root and password (that you set.)
Step 6 If you want to use static IP configuration, do the following:
a. Configure the network interfaces using the following command:
ifconfig eth2 IP-chosen-for-cpar netmask maskvalule up
b. Configure the gateway with following command:
route add default gw ip-chosen-for-gateway
Step 7 Copy the license file you obtained from cisco.com to the /cisco-ar/license directory.
Step 8 Run the following commands to set the administrator username and password you selected:
Note If you want to set the Oracle home directory in the arserver, you need to use the updateOracleHome.sh script under the /cisco-ar/bin directory.
Step 9 If you want to use SIGTRAN functionality in the Prime Access Registrar appliance, do the following:
a. Download the 64-bit gdome2 and glib rpms and install them in the appliance.
b. Run the following script under the /cisco-ar/bin directory:
c. Restart the Prime Access Registrar server using the following command:
/cisco-ar/bin/arserver restart
Step 10 Appliance configuration is done. You can proceed further to configure Prime Access Registrar. For more information, see Configuring Cisco Prime Access Registrar section of the Cisco Prime Access Registrar 7.1 Installation and Configuration Guide.
There are several layers of processing involved in running the Prime Access Registrar application. Each layer has choices it can make about what to do when it is first powered up after power failures.
You can configure Prime Access Registrar to start automatically when power is restored to the Jumpstart.
The two places where you have to change the configurations to make this possible are:
To configure the UCS Hardware to automatically power up the ESXi hypervisor:
Step 1 Connect a browser to the CIMC UCS Management Console, and log into the console.
Step 2 In the Server tab on the left pane, select the Power Policies link.
Step 3 Select Power On from the Power Restore Policy drop-down list in the Power Restore Policy area in the right pane.
If you want, you can enter a delay value in the Power Delay Value field.
Step 4 Click Save Changes to save the updates.
There are several layers of processing involved in running the Prime Access Registrar application. Each layer has choices it can make about what to do when it is first powered up after power failures.
You can configure Prime Access Registrar to start automatically when power is restored to the Jumpstart.
The two places where you have to change the configurations to make this possible are:
To configure the automatic power up:
Step 1 In the vSphere client, select the ESXi machine to which you are connected. It is not a specific virtual machine that you have to select but the ESXi hypervisor on which they reside.
Step 2 Select the Configuration tab.
Step 3 Click the Virtual Machine Startup/Shutdown link under the Software area. You should see the virtual machine in the list shown in window.
Step 4 Click the Properties... link present at the top right corner of the page. If you do not see that, resize the window until you do.
The Virtual Machine Startup and Shutdown page is displayed.
Step 5 Check the Allow virtual machines to start and stop automatically with the system check box.
Step 6 Select the virtual machine running the Prime Access Registrar virtual appliance and use the Move Up button on the right to move it up into the group labelled Automatic Startup.
This ensures that whenever power is restored to the ESXi hypervisor the Prime Access Registrar appliance powers up automatically.
These topics describe how to recover Prime Access Registrar Jumpstart:
To start the recovery process, make sure that you have the following:
To download the Cisco Prime Access Registrar Jumpstart recovery kit:
Step 1 Download the file Cisco Prime Access Registrar 7.1 Virtual Appliance for VMWare—approximately 1343 MB (CSCOar-7.1.ova) from the following location: https://software.cisco.com/download/release.html?mdfid=286307276&flowid=79782&softwareid=284671441&release=7.1&relind=AVAILABLE&rellifecycle=&reltype=latest
Step 2 To download the recovery kit, click the Download button.
Step 3 Sign in with your Cisco.com user ID and password.
Step 4 Read the Cisco End User License Agreement and accept the conditions by clicking Accept License Agreement.
Step 5 Download the.ova files to a location that can be browsed from the host that will be used to recover the Prime Access Registrar_Jumpstart.
Step 6 Locate the saved files and unzip the.zip files to two separate folders (local and regional folders).
This section explains the following recovery procedures:
Note Before you reinstall, contact the Technical Assistance Centre (TAC) and confirm whether the issue really requires a reinstall.
To recover Prime Access Registrar Jumpstart:
Step 1 Place your Recovery DVD in your DVD-ROM drive on the UCS appliance. The DVD has the following folders (you can download the files to a preferred location:)
Step 2 Use a browser to connect to the IP address of the CIMC console and log into the console.
Note Make sure that the ESXi iso is compatible with the CIMC.
Step 3 On the Server Summary page, in the Actions pane, click Launch KVM Console. You will be asked to approve the running of the application, as this operation downloads code to run on your system. After some delay, the KVM Console window is displayed.
Step 4 In the KVM Console window, select the Virtual Media tab.
Step 5 Click Add Image and browse to select the downloaded ESXi installation ISO file.
Step 6 Check the check box in the Mapped column for the media that you just added. Wait for the mapping to complete and close the KVM Console window.
Step 7 In the Server tab on the left pane, click the BIOS link and ensure that the CD/DVD is listed as the first item in Actual Boot Order. Then, click the Summary link. The Server Summary page appears.
Step 8 Click Power Cycle Server to restart the Prime Access Registrar Jumpstart appliance.
Step 9 Follow the on-screen instructions in the KVM Console window to install ESXi 5.1. This step could take several to many minutes depending on the network connection from the client where the install is being run to the server.
You may be presented with a choice to upgrade or re-install and re-partition, depending on the situation. Choose the option appropriate for your situation.
ESXi is always installed in the evaluation mode. If you do not have the ESXi 5.1 license key, call the Cisco Technical Assistance Center (TAC) and ask for the Licensing Team. For your local Cisco TAC phone number, see the Cisco Worldwide Contacts page at: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html.
Step 10 At the end of the installation, unmap the Virtual Media drive from Step 6 before you reboot the Prime Access Registrar Jumpstart appliance.
Step 11 After the server reboots, configure ESXi 5.1 in the KVM Console window. For more information on how to configure the ESXi layer, see Configuring Network Information for ESXi.
Step 12 Using VMware vSphere, connect to the IP address or hostname of the UCS (ESXi).
Step 13 From the vSphere menu, choose File > Deploy OVF Template. The Deploy OVF Template Source window appears.
Step 14 To deploy the OVA file, click Browse and choose the OVA file (CPAR71.ova) available on the location where it was previously unpacked. Choose the appropriate Local or Regional OVA in the corresponding subdirectory.
Step 15 Complete the deployment following the on-screen instructions.
Step 16 Before using the Prime Access Registrar server, install the 64-bit gdome2 and glib library and import the proper license to the /cisco-ar/license/ folder. For more information on installing the gdome2 library, see the Building gdome Package section of the Cisco Prime Access Registrar 7.1 User Guide.
Step 17 Restart the Prime Access Registrar server by using the following command:
You can now restore your original license or request a replacement license at http://www.cisco.com/go/license.
If you encounter any issue for which you are not able to find a solution, contact the Cisco Technical Assistance Center (TAC) for help.
For assistance in troubleshooting, the appliance comes with a secure FTP server and a TAC tool.
Ensure that you send the data gathered by the TAC tool to the Technical Assistance Centre (TAC) team in case of issues.
You can use the FTP server (vsftpd) to transfer files to and from the virtual appliance. You have to create a user to log into the vsftpd because the 'root' user cannot be used for logging in. The vsftpd will not be up and running when you power on the appliance, so you have to manually start it.
You can start the vsftpd using the command:
Note We sometimes update the documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
The following is a list of documentation that you can refer to:
Go to the following page to see the documentation for UCS server hardware:
http://www.cisco.com/en/US/products/ps10493/index.html
The following is a list of sites with platform-specific documentation:
The following documentation is available for Prime Access Registrar Jumpstart:
The following documentation is available for Prime Access Registrar:
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.