The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Installing Cisco XNC
Step 1 | In a web browser, navigate to Cisco.com. | ||
Step 2 | Under Support, click All Downloads. | ||
Step 3 | In the center pane, click Cloud and Systems Management. | ||
Step 4 | If prompted, enter your Cisco.com username and password to log in. | ||
Step 5 | In the right pane, click Network Controllers and Applications, and then click Cisco Extensible Network Controller (XNC). | ||
Step 6 | Download the Cisco XNC application bundle and any additional applications that you have purchased. | ||
Step 7 |
Create a directory in your Linux machine where you plan to install Cisco XNC. For example, in your Home directory, create CiscoXNC. |
||
Step 8 | Copy the Cisco XNC zip file into the directory that you created. | ||
Step 9 |
Unzip the Cisco XNC zip file. The Cisco XNC software is installed in a directory called xnc. The directory contains the following:
|
You must purchase additional Cisco XNC applications and download the .zip files from Cisco.com. We recommend backing up your configuration before installing new applications.
Step 1 | Open a command window where you installed Cisco XNC. |
Step 2 | Unzip the application file, and place the .jar file into the xnc/plugins directory that was created when you installed the software. |
Step 1 | Open a command window where you installed Cisco XNC. |
Step 2 | Navigate to the xnc directory that was created when you installed the software. |
Step 3 |
Run the following script: ./runxnc.sh -status The controller outputs the following, which indicates that the controller is running the java process with PID 21680: Controller with PID:21680 -- Running! |
Connect the switches to the controller. For more information, see the appropriate configuration guide.
Enabling the Transport Layer Security (TLS) connections between Cisco XNC and OpenFlow switches require TLS KeyStore and TLS TrustStore files.
Both the TLS KeyStore and TLS TrustStore files are password protected.
If you choose to use TLS connections in your Cisco XNC implementation, all of the connections in the network must be TLS encrypted, and you must run Cisco XNC with TLS enabled. After you provide both the TLS KeyStore and TLS TrustStore files, you can run the TLS KeyStore password configuration script to provide the passwords for Cisco XNC to unlock the KeyStore files.
Step 1 | Provide the following files: | ||
Step 2 |
Run the following command: cat xnc-privkey.pem xnc-cert.pem > xnc.pem The xnc.pem file is created with the private key and certificate. |
||
Step 3 | Run the following command: openssl pkcs12 -export -out xnc.p12 -in xnc.pem | ||
Step 4 |
Enter a password at the prompt.
The xnc.pem file is converted to a password-protected .p12 file. |
||
Step 5 | Run the following command: keytool -importkeystore -srckeystore xnc.p12 -srcstoretype pkcs12 -destkeystore tlsKeyStore -deststoretype jks | ||
Step 6 |
Enter a password at the prompt.
The xnc.p12 is converted to a password-protected Java KeyStore file. |
Step 1 | Create a file called sw-cacert.pem to contain the CA certificate for the switch. |
Step 2 | Run the following command: keytool -import -alias swca1 -file sw-cacert.pem -keystore tlsTrustStore |
Step 3 |
Enter a password at the prompt. The sw-cacert.pem file is converted into a password-protected Java TrustStore file. |
Step 4 | If the switches in your network use more than one CA certificate, repeat Step 1 through Step 3 for each CA certificate that is used. |
The configkeystorepwd.sh script allows you to input the TLS KeyStore passwords so that the KeyStore files can be unlocked and used by Cisco XNC.
Ensure that the cURL program is installed.
Step 1 | Ensure Cisco XNC is running with TLS enabled. |
Step 2 | Open a command window where you installed Cisco XNC. |
Step 3 | Navigate to the xnc directory that was created when you installed the software. |
Step 4 | Run the following command: ./configkeystorepwd.sh |
Step 5 | At the prompt, enter the following information: |
You can log into the Cisco XNC GUI using HTTP or HTTPS:
Step 1 | In your web browser, enter the Cisco XNC GUI web link. |
Step 2 |
On the launch page, do the following:
|
Configuring Cisco XNC
Cisco XNC supports high availability clustering in active/active mode with up to five controllers. To use high availability clustering with Cisco XNC, you must edit the config.ini file for each instance of Cisco XNC.
Step 1 | Ensure that Cisco XNC is not running on any of the instances in the cluster. |
Step 2 | Open a command window on one of the instances in the cluster. |
Step 3 | Navigate to the xnc/configuration directory that was created when you installed the software. |
Step 4 | Use any text editor to open the config.ini file. |
Step 5 |
Locate the following text: # HA Clustering configuration (colon-separated IP addresses of all controllers that are part of the cluster.) # supernodes=<ip1>:<ip2>:<ip3>:<ipn> |
Step 6 |
Remove the comments on the # supernodes line, and replace <ip1>:<ip2><ip3>:<ipn> with the IP addresses for each instance of Cisco XNC in the cluster. You can enter from two to five IP addresses. Example: # HA Clustering configuration (colon-separated IP addresses of all controllers that are part of the cluster.) supernodes=<10.1.1.1>:<10.2.1.1>:<10.3.1.1>:<10.4.1.1>:<10.5.1.1> |
Step 7 | Save the file and exit the editor. |
Step 8 | Repeat Step 3 through Step 7 for each instance of Cisco XNC in the cluster. |
Step 9 | Restart Cisco XNC. |
You can password protect your HA clusters with the xncjgroups.xml file. This file must be exactly the same for each instance of Cisco XNC.
Step 1 | Ensure that Cisco XNC is not running on any of the instances in the cluster. |
Step 2 | Open a command window on one of the instances in the cluster. |
Step 3 | Navigate to the xnc/configuration directory that was created when you installed the software. |
Step 4 | Use any text editor to open the xncjgroups.xml file. |
Step 5 |
Locate the following text: <!-- <AUTH auth_class="org.jgroups.auth.MD5Token" auth_value="ciscoXNC" token_hash="MD5"></AUTH> --> |
Step 6 |
Remove the comments from the AUTH line. Example: <AUTH auth_class="org.jgroups.auth.MD5Token" auth_value="ciscoXNC" token_hash="MD5"></AUTH> |
Step 7 | (Optional)Change the password in the auth_value attribute. By default, the cluster is protected with the password "ciscoXNC". You can change this password to whatever value you want, provided you make the same change on all machines in the cluster. |
Step 8 | Save the file and exit the editor. |
Step 9 | Repeat Step 4 through Step 8 for each instance of Cisco XNC in the cluster. |
Step 10 | Restart Cisco XNC. |
The following configuration settings can improve scalability when connecting to Cisco Nexus 3000 Series switches.
Step 1 | Navigate to the xnc/configuration directory that was created when you installed the software. | |||||||||||||||||||||||||||
Step 2 | Use any text editor to open the config.ini file. | |||||||||||||||||||||||||||
Step 3 |
Update the following parameters:
|
|||||||||||||||||||||||||||
Step 4 | Save the file and exit the editor. | |||||||||||||||||||||||||||
Step 5 | Restart Cisco XNC. |
Step 1 | Open a command window where you installed Cisco XNC. |
Step 2 | Navigate to the xnc directory that was created when you installed the software. |
Step 3 | Run the following command: python backup.py |
Step 4 |
At the prompt, perform one of the following tasks:
|
Step 5 | If you are restoring a configuration, stop and restart Cisco XNC for the configuration to take effect. |
Step 1 | Open a command window where you installed Cisco XNC. |
Step 2 | Navigate to the xnc directory that was created when you installed the software. |
Step 3 | Run the following command: ./adminpasswordreset.sh |
Step 4 | At the prompt, choose y to reset the password. |
Step 1 |
Navigate to the directory where you created the Cisco XNC installation directory. For example, if you installed the controller in Home/CiscoXNC, navigate to the Home directory. |
Step 2 | Delete the CiscoXNC directory. |