Cisco UCS Central CLI Configuration Guide, Release 1.0
Configuring Communication Services
Downloads: This chapterpdf (PDF - 460.0KB) The complete bookPDF (PDF - 2.17MB) | The complete bookePub (ePub - 408.0KB) | Feedback

Configuring Communication Services

Contents

Configuring Communication Services

This chapter includes the following sections:

Remote Access Policies

Cisco UCS Central supports global remote access policies defining the interfaces monitoring policy, displaying SSH configuration status, and providing policy settings for HTTP, Telnet, web session limits and CIM XML.

Configuring HTTP

Configuring an HTTP Remote Access Policy

Before You Begin

Before configuring an HTTP remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

Procedure
      Command or Action Purpose
    Step 1 UCSC# connect policy-mgr  

    Enters policy manager mode.

     
    Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

    Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

     
    Step 3 UCSC(policy-mgr) /domain-group # create http   (Optional)

    If scoping into a domain group previously, creates the HTTP policy for that domain group.

     
    Step 4 UCSC(policy-mgr) /domain-group # scope http   (Optional)

    If scoping into the domain group root previously, scopes the default HTTP policy's configuration mode from the Domain Group root.

     
    Step 5 UCSC(policy-mgr) /domain-group/http # enable | disable {http | http-redirect}  

    Specifies whether the HTTP remote access policy is enabled or disabled in HTTP or HTTP-Redirect mode.

     
    Step 6 UCSC(policy-mgr) /domain-group/http* # set http port port-number  

    Specifies the HTTP service port number from the port range 1-65535.

     
    Step 7 UCSC(policy-mgr) /domain-group/http* # commit-buffer  

    Commits the transaction to the system configuration.

     

    The following example shows how to scope into the domain group root (which has an existing HTTP policy by default), enable the HTTP remote access policy to HTTP redirect mode, set the HTTP service port to 1111, and commit the transaction:

    UCSC # connect policy-mgr
    UCSC(policy-mgr)# scope domain-group /
    UCSC(policy-mgr) /domain-group # scope http
    UCSC(policy-mgr) /domain-group/http # enable http-redirect
    UCSC(policy-mgr) /domain-group/http* # set port 1111
    UCSC(policy-mgr) /domain-group/http* # commit-buffer
    UCSC(policy-mgr) /domain-group/http # 
    
    

    The following example shows how to scope into the domain group domaingroup01, create the HTTP remote access policy and enable it to HTTP mode, set the HTTP service port to 222, and commit the transaction:

    UCSC # connect policy-mgr
    UCSC(policy-mgr)# scope domain-group domaingroup01
    UCSC(policy-mgr) /domain-group # create http
    UCSC(policy-mgr) /domain-group/http* # enable http
    UCSC(policy-mgr) /domain-group/http* # set port 222
    UCSC(policy-mgr) /domain-group/http* # commit-buffer
    UCSC(policy-mgr) /domain-group/http # 
    
    

    The following example shows how to scope into the domain group root (which has an existing HTTP policy by default), disable the HTTP remote access policy for HTTP redirect mode, and commit the transaction:

    UCSC # connect policy-mgr
    UCSC(policy-mgr)# scope domain-group /
    UCSC(policy-mgr) /domain-group # scope http
    UCSC(policy-mgr) /domain-group/http # disable http-redirect
    UCSC(policy-mgr) /domain-group/http* # commit-buffer
    UCSC(policy-mgr) /domain-group/http # 
    
    

    The following example shows how to scope into the domain group domaingroup01, disable the HTTP remote access policy for HTTP mode, and commit the transaction:

    UCSC # connect policy-mgr
    UCSC(policy-mgr)# scope domain-group domaingroup01
    UCSC(policy-mgr) /domain-group/http # disable http
    UCSC(policy-mgr) /domain-group/http* # commit-buffer
    UCSC(policy-mgr) /domain-group/http # 
    
    What to Do Next

    Optionally, configure the following remote access policies:

    • Telnet
    • Web Session Limits
    • CIM XML
    • Interfaces Monitoring Policy
    • SSH Configuration

    Deleting an HTTP Remote Access Policy

    An HTTP remote access policy is deleted from a domain group under the domain group root. HTTP remote access policies under the domain groups root cannot be deleted.

    Procedure
        Command or Action Purpose
      Step 1 UCSC# connect policy-mgr  

      Enters policy manager mode.

       
      Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

      Enters a domain group under the domain group root.

      Note   

      Do not enter the domain group root itself. System default HTTP policies cannot be deleted under the domain group root.

       
      Step 3 UCSC(policy-mgr) /domain-group # delete http  

      Deletes the HTTP policy for that domain group.

       
      Step 4 UCSC(policy-mgr) /domain-group/http* # commit-buffer  

      Commits the transaction to the system configuration.

       

      The following example shows how to scope into the domain group domaingroup01, delete the HTTP policy for that domain group, and commit the transaction:

      UCSC # connect policy-mgr
      UCSC(policy-mgr)# scope domain-group domaingroup01
      UCSC(policy-mgr) /domain-group/domain-group # delete http
      UCSC(policy-mgr) /domain-group/domain-group* # commit-buffer
      UCSC(policy-mgr) /domain-group/domain-group # 
      

      Configuring Telnet

      Configuring a Telnet Remote Access Policy

      Before You Begin

      Before configuring a Telnet remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

      Procedure
          Command or Action Purpose
        Step 1 UCSC# connect policy-mgr  

        Enters policy manager mode.

         
        Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

        Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

         
        Step 3 UCSC(policy-mgr) /domain-group # create telnetd   (Optional)

        If scoping into a domain group previously, creates the Telnet policy for that domain group.

         
        Step 4 UCSC(policy-mgr) /domain-group # scope telnetd   (Optional)

        If scoping into the domain group root previously, scopes the default Telnet policy's configuration mode from the Domain Group root.

         
        Step 5 UCSC(policy-mgr) /domain-group/telnetd* # enable | disable telnet-server  

        Enables or disables Telnet server services.

         
        Step 6 UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer  

        Commits the transaction to the system configuration.

         

        The following example shows how to scope into the domain group root (which has an existing Telnet policy by default), enable Telnet server services, and commit the transaction:

        UCSC # connect policy-mgr
        UCSC(policy-mgr)# scope domain-group /
        UCSC(policy-mgr) /domain-group # scope telnetd
        UCSC(policy-mgr) /domain-group/telnetd # enable telnet-server
        UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer
        UCSC(policy-mgr) /domain-group/telnetd # 
        
        

        The following example shows how to scope into the domain group domaingroup01, create a Telnet policy, enable Telnet server services, and commit the transaction:

        UCSC # connect policy-mgr
        UCSC(policy-mgr)# scope domain-group domaingroup01
        UCSC(policy-mgr) /domain-group # create telnetd
        UCSC(policy-mgr) /domain-group/telnetd* # enable telnet-server
        UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer
        UCSC(policy-mgr) /domain-group/telnetd # 
        
        

        The following example shows how to scope into the domain group root (which has an existing Telnet policy by default), disable Telnet server services, and commit the transaction:

        UCSC # connect policy-mgr
        UCSC(policy-mgr)# scope domain-group /
        UCSC(policy-mgr) /domain-group # scope telnetd
        UCSC(policy-mgr) /domain-group/telnetd # disable telnet-server
        UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer
        UCSC(policy-mgr) /domain-group/telnetd #
         
        

        The following example shows how to scope into the domain group domaingroup01, disable Telnet server services, and commit the transaction:

        UCSC # connect policy-mgr
        UCSC(policy-mgr)# scope domain-group domaingroup01
        UCSC(policy-mgr) /domain-group/telnetd # disable telnet-server
        UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer
        UCSC(policy-mgr) /domain-group/telnetd # 
        
        What to Do Next

        Optionally, configure the following remote access policies:

        • HTTP
        • Web Session Limits
        • CIM XML
        • Interfaces Monitoring Policy
        • SSH Configuration

        Deleting a Telnet Remote Access Policy

        A Telnet remote access policy is deleted from a domain group under the domain group root. Telnet remote access policies under the domain groups root cannot be deleted.

        Procedure
            Command or Action Purpose
          Step 1 UCSC# connect policy-mgr  

          Enters policy manager mode.

           
          Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

          Enters a domain group under the domain group root.

          Note   

          Do not enter the domain group root itself. System default Telnet policies cannot be deleted under the domain group root.

           
          Step 3 UCSC(policy-mgr) /domain-group # delete telnetd  

          Deletes the Telnet policy for that domain group.

           
          Step 4 UCSC(policy-mgr) /domain-group/http* # commit-buffer  

          Commits the transaction to the system configuration.

           

          The following example shows how to scope into the domain group domaingroup01, delete the Telnet policy for that domain group, and commit the transaction:

          UCSC # connect policy-mgr
          UCSC(policy-mgr)# scope domain-group domaingroup01
          UCSC(policy-mgr) /domain-group/domain-group # delete telnetd
          UCSC(policy-mgr) /domain-group/domain-group* # commit-buffer
          UCSC(policy-mgr) /domain-group/domain-group # 
          

          Configuring Web Session Limits

          Configuring a Web Session Limits Remote Access Policy

          Before You Begin

          Before configuring a web session limits remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

          Procedure
              Command or Action Purpose
            Step 1 UCSC# connect policy-mgr  

            Enters policy manager mode.

             
            Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

            Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

             
            Step 3 UCSC(policy-mgr) /domain-group # create web-session-limits   (Optional)

            If scoping into a domain group previously, creates the web session limits policy for that domain group.

             
            Step 4 UCSC(policy-mgr) /domain-group # scope web-session-limits   (Optional)

            If scoping into the domain group root previously, scopes the default web session limits policy's configuration mode from the Domain Group root.

             
            Step 5 UCSC(policy-mgr) /domain-group/web-session-limits* # set sessionsperuser sessions-per-user  

            Sets the sessions per user limit (1-256).

             
            Step 6 UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions total-sessions  

            Sets the total sessions limit (1-256).

             
            Step 7 UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer  

            Commits the transaction to the system configuration.

             

            The following example shows how to scope into the domain group root (which has an existing web sessions limit policy by default), set the sessions per user limit to 12 sessions, set the total sessions limit to 144 sessions, and commit the transaction:

            UCSC # connect policy-mgr
            UCSC(policy-mgr)# scope domain-group /
            UCSC(policy-mgr) /domain-group # scope web-session-limits
            UCSC(policy-mgr) /domain-group/web-session-limits # set sessionsperuser 12
            UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions 144
            UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer
            UCSC(policy-mgr) /domain-group/web-session-limits # 
            
            

            The following example shows how to scope into the domain group domaingroup01, create a web sessions limit policy, set the sessions per user limit to 12 sessions, set the total sessions limit to 144 sessions, and commit the transaction:

            UCSC # connect policy-mgr
            UCSC(policy-mgr)# scope domain-group /
            UCSC(policy-mgr) /domain-group # create web-session-limits
            UCSC(policy-mgr) /domain-group/web-session-limits* # set sessionsperuser 12
            UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions 144
            UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer
            UCSC(policy-mgr) /domain-group/web-session-limits # 
            
            What to Do Next

            Optionally, configure the following remote access policies:

            • HTTP
            • Telnet
            • CIM XML
            • Interfaces Monitoring Policy

            Deleting a Web Session Limits Remote Access Policy

            A web session limits remote access policy is deleted from a domain group under the domain group root. Web session limits remote access policies under the domain groups root cannot be deleted.

            Procedure
                Command or Action Purpose
              Step 1 UCSC# connect policy-mgr  

              Enters policy manager mode.

               
              Step 2 UCSC# connect policy-mgr  

              Enters policy manager mode.

               
              Step 3 UCSC(policy-mgr)# scope domain-group domain-group  

              Enters a domain group under the domain group root.

              Note   

              Do not enter the domain group root itself. System default web session limits policies cannot be deleted under the domain group root.

               
              Step 4 UCSC(policy-mgr) /domain-group # delete web-session-limits  

              Deletes the web session limits policy for that domain group.

               
              Step 5 UCSC(policy-mgr) /domain-group/http* # commit-buffer  

              Commits the transaction to the system configuration.

               

              The following example shows how to scope into the domain group domaingroup01, delete a web sessions limit policy, and commit the transaction:

              UCSC # connect policy-mgr
              UCSC(policy-mgr)# scope domain-group domaingroup01
              UCSC(policy-mgr) /domain-group # delete web-session-limits
              UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer
              UCSC(policy-mgr) /domain-group/web-session-limits # 
              

              Configuring CIM XML

              Configuring a CIM XML Remote Access Policy

              Before You Begin

              Before configuring a CIM XML remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

              Procedure
                  Command or Action Purpose
                Step 1 UCSC# connect policy-mgr  

                Enters policy manager mode.

                 
                Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

                 
                Step 3 UCSC(policy-mgr) /domain-group # create cimxml   (Optional)

                If scoping into a domain group previously, creates the CIM XML policy for that domain group.

                 
                Step 4 UCSC(policy-mgr) /domain-group # scope cimxml   (Optional)

                If scoping into the domain group root previously, scopes the default CIM XML's policy's configuration mode from the Domain Group root.

                 
                Step 5 UCSC(policy-mgr) /domain-group/cimxml # enable cimxml  

                Enables CIM XML mode.

                 
                Step 6 UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer  

                Commits the transaction to the system configuration.

                 

                The following example shows how to scope into the domain group root (which has an existing CIM XML policy by default), enable CIM XML mode, and commit the transaction:

                UCSC # connect policy-mgr
                UCSC(policy-mgr)# scope domain-group /
                UCSC(policy-mgr) /domain-group # scope cimxml
                UCSC(policy-mgr) /domain-group/cimxml # enable cimxml
                UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer
                UCSC(policy-mgr) /domain-group/cimxml # 
                
                

                The following example shows how to scope into the domain group domaingroup01, create a CIM XML policy, enable CIM XML mode, and commit the transaction:

                UCSC # connect policy-mgr
                UCSC(policy-mgr)# scope domain-group /
                UCSC(policy-mgr) /domain-group # create cimxml
                UCSC(policy-mgr) /domain-group/cimxml* # enable cimxml
                UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer
                UCSC(policy-mgr) /domain-group/cimxml # 
                
                What to Do Next

                Optionally, configure the following remote access policies:

                • HTTP
                • Telnet
                • Web Session Limits
                • Interfaces Monitoring Policy

                Deleting a CIM XML Remote Access Policy

                A CIM XML remote access policy is deleted from a domain group under the domain group root. CIM XML remote access policies under the domain groups root cannot be deleted.

                Procedure
                    Command or Action Purpose
                  Step 1 UCSC# connect policy-mgr  

                  Enters policy manager mode.

                   
                  Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                  Enters a domain group under the domain group root.

                  Note   

                  Do not enter the domain group root itself. System default CIM XML policies cannot be deleted under the domain group root.

                   
                  Step 3 UCSC(policy-mgr) /domain-group # delete cimxml  

                  Deletes the CIM XML policy for that domain group.

                   
                  Step 4 UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer  

                  Commits the transaction to the system configuration.

                   

                  The following example shows how to scope into the domain group domaingroup01, delete the CIM XML policy, and commit the transaction:

                  UCSC # connect policy-mgr
                  UCSC(policy-mgr)# scope domain-group domaingroup01
                  UCSC(policy-mgr) /domain-group # delete cimxml
                  UCSC(policy-mgr) /domain-group* # commit-buffer
                  UCSC(policy-mgr) /domain-group # 
                  

                  Configuring Interfaces Monitoring

                  Configuring an Interfaces Monitoring Remote Access Policy

                  Before You Begin

                  Before configuring an interfaces monitoring remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

                  Procedure
                      Command or Action Purpose
                    Step 1 UCSC# connect policy-mgr  

                    Enters policy manager mode.

                     
                    Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                    Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

                     
                    Step 3 UCSC(policy-mgr) /domain-group # create mgmt-if-mon-policy   (Optional)

                    If scoping into a domain group previously, creates the management interface monitor policy for that domain group.

                     
                    Step 4 UCSC(policy-mgr) /domain-group # scope mgmt-if-mon-policy   (Optional)

                    If scoping into the domain group root previously, scopes the default management interface monitors policy's configuration mode from the Domain Group root.

                     
                    Step 5 UCSC(policy-mgr) /domain-group/cimxml # set admin-state enabled | disabled  

                    Enables or disabled the administrator status mode.

                     
                    Step 6 UCSC(policy-mgr) /domain-group/cimxml # set arp-deadline arp-response-deadline  

                    Enter the deadline time in minutes to wait for ARP responses (5-15).

                     
                    Step 7 UCSC(policy-mgr) /domain-group/cimxml # set arp-requests arp-requests  

                    Enter the number of ARP requests (1-5).

                     
                    Step 8 UCSC(policy-mgr) /domain-group/cimxml # set arp-target1 arp-ip-target-1  

                    Enter the ARP IP Target1 (in format 0.0.0.0) to remove.

                     
                    Step 9 UCSC(policy-mgr) /domain-group/cimxml # set arp-target2 arp-ip-target-1  

                    Enter the ARP IP Target2 (in format 0.0.0.0) to remove.

                     
                    Step 10 UCSC(policy-mgr) /domain-group/cimxml # set arp-target3 arp-ip-target-1  

                    Enter the ARP IP Target3 (in format 0.0.0.0) to remove.

                     
                    Step 11 UCSC(policy-mgr) /domain-group/cimxml # set max-fail-reports arp-ip-target-1  

                    Enter the number of failure reports at which the interface is to be marked as down (2-5).

                     
                    Step 12 UCSC(policy-mgr) /domain-group/cimxml # set mii-retry-count mii-retry-count  

                    Enter the maximum number of retries when using the Media Independent Interface (MII) status to perform monitoring (1-3).

                     
                    Step 13 UCSC(policy-mgr) /domain-group/cimxml # set mii-retry-interval mii-retry-interval  

                    Enter the interval between MII status monitoring retries (3-10).

                     
                    Step 14 UCSC(policy-mgr) /domain-group/cimxml # set monitor-mechanism mii-status | ping-arp-targets | ping-getaway  

                    Enter the MII monitoring mechanism of MII Status (mii-status), Ping ARP Targets (ping-arp-targets), or Ping Getaway (ping-getaway).

                     
                    Step 15 UCSC(policy-mgr) /domain-group/cimxml # set ping-deadline ping-deadline  

                    Enter the deadline time to wait for ping responses (5-15).

                     
                    Step 16 UCSC(policy-mgr) /domain-group/cimxml # set ping-requests ping-requests  

                    Enter the number of ping requests (1-5).

                     
                    Step 17 UCSC(policy-mgr) /domain-group/cimxml # set poll-interval poll-interval  

                    Enter the polling interval in seconds (90-300).

                     
                    Step 18 UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer  

                    Commits the transaction to the system configuration.

                     

                    The following example shows how to scope into the domain group root (which has an existing Management Interfaces Monitoring policy by default), enable Management Interfaces Monitoring mode, enter the status settings, and commit the transaction:

                    UCSC # connect policy-mgr
                    UCSC(policy-mgr)# scope domain-group /
                    UCSC(policy-mgr) /domain-group # scope mgmt-if-mon-policy
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy # set admin-state enabled
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-deadline 5
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-requests 1
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target1 0.0.0.0
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target2 0.0.0.0
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target3 0.0.0.0
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set max-fail-reports 2
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-count 1
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-interval 3
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set monitor-mechanism ping-getaway
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-deadline 5
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-requests 1
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set poll-interval 90
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # commit-buffer
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy # 
                    
                    

                    The following example shows how to scope into the domain group domaingroup01, create the Management Interfaces Monitoring policy, enter the status settings, and commit the transaction:

                    UCSC # connect policy-mgr
                    UCSC(policy-mgr)# scope domain-group domaingroup01
                    UCSC(policy-mgr) /domain-group # create mgmt-if-mon-policy
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set admin-state enabled
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-deadline 15
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-requests 5
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target1 0.0.0.0
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target2 0.0.0.0
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target3 0.0.0.0
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set max-fail-reports 5
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-count 3
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-interval 10
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set monitor-mechanism ping-getaway
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-deadline 15
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-requests 5
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set poll-interval 300
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # commit-buffer
                    UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy # 
                    
                    What to Do Next

                    Optionally, configure the following remote access policies:

                    • HTTP
                    • Telnet
                    • Web Session Limits
                    • CIM XML

                    Deleting an Interfaces Monitoring Remote Access Policy

                    An interfaces monitoring remote access policy is deleted from a domain group under the domain group root. Interfaces monitoring remote access policies under the domain groups root cannot be deleted.

                    Procedure
                        Command or Action Purpose
                      Step 1 UCSC# connect policy-mgr  

                      Enters policy manager mode.

                       
                      Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                      Enters a domain group under the domain group root.

                      Note   

                      Do not enter the domain group root itself. System default Management Interfaces Monitoring policies cannot be deleted under the domain group root.

                       
                      Step 3 UCSC(policy-mgr) /domain-group # delete mgmt-if-mon-policy  

                      Deletes the Management Interfaces Monitoring policy for that domain group.

                       
                      Step 4 UCSC(policy-mgr) /domain-group* # commit-buffer  

                      Commits the transaction to the system configuration.

                       

                      The following example shows how to scope into the domain group domaingroup01, delete the Management Interfaces Monitoring policy, and commit the transaction:

                      UCSC # connect policy-mgr
                      UCSC(policy-mgr)# scope domain-group /
                      UCSC(policy-mgr) /domain-group # delete mgmt-if-mon-policy
                      UCSC(policy-mgr) /domain-group* # commit-buffer
                      UCSC(policy-mgr) /domain-group # 
                      

                      SNMP Policies

                      Cisco UCS Central supports global SNMP policies enabling or disabling, defining SNMP traps and SNMP users (with regular and privacy passwords, authentication types of md5 or sha, and option for AES-128). Registered Cisco UCS domains choosing to define SNMP policies globally within that client's policy resolution control will defer all SNMP policies to its registration with Cisco UCS Central.

                      Configuring an SNMP Policy

                      Before You Begin

                      Before configuring a SNMP policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

                      Procedure
                          Command or Action Purpose
                        Step 1 UCSC# connect policy-mgr  

                        Enters policy manager mode.

                         
                        Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                        Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

                         
                        Step 3 UCSC(policy-mgr) /domain-group # create snmp   (Optional)

                        If scoping into a domain group previously, creates the SNMP policy for that domain group.

                         
                        Step 4 UCSC(policy-mgr) /domain-group # scope snmp   (Optional)

                        If scoping into the domain group root previously, scopes the default SNMP policy's configuration mode from the Domain Group root.

                         
                        Step 5 UCSC(policy-mgr) /domain-group/snmp* # enable | disable snmp  

                        Enable or disable SNMP services for this policy.

                         
                        Step 6 UCSC(policy-mgr) /domain-group/snmp* # set community snmp-community-name-text  

                        Enter a name for the SNMP community.

                         
                        Step 7 UCSC(policy-mgr) /domain-group/snmp* # set syscontact syscontact-name-text  

                        Enter a name for the SNMP system contact.

                         
                        Step 8 UCSC(policy-mgr) /domain-group/snmp* # set syslocation syslocation-name-text  

                        Enter a name for the SNMP system location.

                         
                        Step 9 UCSC(policy-mgr) /domain-group/snmp* # commit-buffer  

                        Commits the transaction to the system configuration.

                         

                        The following example shows how to scope into the Domain Group root, scope the SNMP policy, enable SNMP services, set the SNMP community name to SNMPCommunity01, set the SNMP system contact name to SNMPSysAdmin01, set the SNMP system location to SNMPWestCoast01, and commit the transaction:

                        UCSC # connect policy-mgr
                        UCSC(policy-mgr)# scope domain-group /
                        UCSC(policy-mgr) /domain-group # scope snmp
                        UCSC(policy-mgr) /domain-group/snmp # enable snmp
                        UCSC(policy-mgr) /domain-group/snmp* # set community SNMPCommunity01
                        UCSC(policy-mgr) /domain-group/snmp* # set syscontact SNMPSysAdmin01
                        UCSC(policy-mgr) /domain-group/snmp* # set syslocation SNMPWestCoast01
                        UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
                        UCSC(policy-mgr) /domain-group/snmp # 
                        
                        

                        The following example shows how to scope into the Domain Group domaingroup01, create the SNMP policy, enable SNMP services, set the SNMP community name to SNMPCommunity01, set the SNMP system contact name to SNMPSysAdmin01, set the SNMP system location to SNMPWestCoast01, and commit the transaction:

                        UCSC # connect policy-mgr
                        UCSC(policy-mgr)# scope domain-group domaingroup01
                        UCSC(policy-mgr) /domain-group # create snmp
                        UCSC(policy-mgr) /domain-group/snmp* # enable snmp
                        UCSC(policy-mgr) /domain-group/snmp* # set community SNMPCommunity01
                        UCSC(policy-mgr) /domain-group/snmp* # set syscontact SNMPSysAdmin01
                        UCSC(policy-mgr) /domain-group/snmp* # set syslocation SNMPWestCoast01
                        UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
                        UCSC(policy-mgr) /domain-group/snmp # 
                        
                        

                        The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, disable SNMP services, and commit the transaction:

                        UCSC # connect policy-mgr
                        UCSC(policy-mgr)# scope domain-group domaingroup01
                        UCSC(policy-mgr) /domain-group # scope snmp
                        UCSC(policy-mgr) /domain-group/snmp # disable snmp
                        UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
                        UCSC(policy-mgr) /domain-group/snmp # 
                        

                        Deleting an SNMP Policy

                        A SNMP policy is deleted from a domain group under the domain group root. SNMP policies under the domain groups root cannot be deleted.

                        Deleting an SNMP policy will remove all SNMP trap and SNMP User settings within that policy.

                        Procedure
                            Command or Action Purpose
                          Step 1 UCSC# connect policy-mgr  

                          Enters policy manager mode.

                           
                          Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                          Enters a domain group under the domain group root.

                          Note   

                          Do not enter the domain group root itself. System default Management Interfaces Monitoring policies cannot be deleted under the domain group root.

                           
                          Step 3 UCSC(policy-mgr) /domain-group # delete snmp  

                          Deletes the SNMP policy for that domain group.

                           
                          Step 4 UCSC(policy-mgr) /domain-group* # commit-buffer  

                          Commits the transaction to the system configuration.

                           

                          The following example shows how to scope into the domain group domaingroup01, delete the SNMP policy, and commit the transaction:

                          UCSC # connect policy-mgr
                          UCSC(policy-mgr)# scope domain-group domaingroup01
                          UCSC(policy-mgr) /domain-group # delete snmp
                          UCSC(policy-mgr) /domain-group* # commit-buffer
                          UCSC(policy-mgr) /domain-group # 
                          

                          Configuring an SNMP Trap

                          Procedure
                              Command or Action Purpose
                            Step 1 UCSC# connect policy-mgr  

                            Enters policy manager mode.

                             
                            Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                            Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

                             
                            Step 3 UCSC(policy-mgr) /domain-group # scope snmp  

                            Scopes the default SNMP policy's configuration mode.

                             
                            Step 4 UCSC(policy-mgr) /domain-group/snmp # create snmp-trap snmp-trap-ip   (Optional)

                            If scoping into a domain group previously, creates the snmp-trap IP address for that domain group (in format 0.0.0.0), and enters SNMP trap configuration mode.

                             
                            Step 5 UCSC(policy-mgr) /domain-group/snmp # scope snmp-trap snmp-trap-ip   (Optional)

                            If scoping into the domain group root previously, scopes the snmp-trap IP address for that domain group (in format 0.0.0.0), and enters SNMP trap configuration mode.

                             
                            Step 6 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable | disable snmp-trap  

                            Enable or disable the SNMP trap for this policy.

                             
                            Step 7 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmp-trap-community-host-config-string  

                            Enter the SNMP trap community string to configure the SNMP trap host.

                             
                            Step 8 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs | traps  

                            Enter a notification type for the SNMP trap notifications of SNMP Information Notification (informs) or SNMP Trap Notifications (traps).

                             
                            Step 9 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port port-number  

                            Enter the SNMP trap port number (1-65535).

                             
                            Step 10 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege auth | noauth | priv  

                            Enter a V3 Privilege security level for the SNMP trap of authNoPriv Security Level (auth), noAuthNoPriv Security Level (noauth), or authPriv Security Level (priv).

                             
                            Step 11 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v1 | v2c | v3  

                            Enter a version for the SNMP trap of SNMP v1, v2c, or v3.

                             
                            Step 12 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer  

                            Commits the transaction to the system configuration.

                             

                            The following example shows how to scope into the Domain Group root, scope the SNMP policy, create the SNMP trap with IP address 0.0.0.0, enable SNMP trap services, set the SNMP community host string to snmptrap01, set the SNMP notification type to informs, set the SNMP port to 1, set the v3privilege to priv, set the version to v1, and commit the transaction:

                            UCSC # connect policy-mgr
                            UCSC(policy-mgr)# scope domain-group /
                            UCSC(policy-mgr) /domain-group # scope snmp
                            UCSC(policy-mgr) /domain-group/snmp # create snmp-trap 0.0.0.0
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable snmp-trap
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmptrap01
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port 1
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege priv
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v1
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap # 
                            
                            

                            The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, scope the SNMP trap IP address 0.0.0.0, enable SNMP trap services, set the SNMP community host string to snmptrap02, set the SNMP notification type to informs, set the SNMP port to 65535, set the v3privilege to auth, set the version to v2c, and commit the transaction:

                            UCSC # connect policy-mgr
                            UCSC(policy-mgr)# scope domain-group domaingroup01
                            UCSC(policy-mgr) /domain-group # scope snmp
                            UCSC(policy-mgr) /domain-group/snmp # scope snmp-trap 0.0.0.0
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable snmp-trap
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmptrap02
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port 65535
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege auth
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v2c
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer
                            UCSC(policy-mgr) /domain-group/snmp/snmp-trap # 
                            

                            Deleting an SNMP Trap

                            Procedure
                                Command or Action Purpose
                              Step 1 UCSC# connect policy-mgr  

                              Enters policy manager mode.

                               
                              Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                              Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

                               
                              Step 3 UCSC(policy-mgr) /domain-group # scope snmp  

                              Scopes the default SNMP policy's configuration mode.

                               
                              Step 4 UCSC(policy-mgr) /domain-group/snmp/snmp-trap # delete snmp-trap snmp-trap-ip  

                              Deletes the snmp-trap IP address for that domain group.

                               
                              Step 5 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer  

                              Commits the transaction to the system configuration.

                               

                              The following example shows how to scope into the Domain Group root, scope the SNMP policy, delete the SNMP trap IP address 0.0.0.0, and commit the transaction:

                              UCSC # connect policy-mgr
                              UCSC(policy-mgr)# scope domain-group /
                              UCSC(policy-mgr) /domain-group # scope snmp
                              UCSC(policy-mgr) /domain-group/snmp # delete snmp-trap 0.0.0.0
                              UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
                              UCSC(policy-mgr) /domain-group # 
                              
                              

                              The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, delete the SNMP trap IP address 0.0.0.0, and commit the transaction:

                              UCSC # connect policy-mgr
                              UCSC(policy-mgr)# scope domain-group domaingroup01
                              UCSC(policy-mgr) /domain-group # scope snmp
                              UCSC(policy-mgr) /domain-group/snmp # delete snmp-trap 0.0.0.0
                              UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
                              UCSC(policy-mgr) /domain-group # 
                              

                              Configuring an SNMP User

                              Procedure
                                  Command or Action Purpose
                                Step 1 UCSC# connect policy-mgr  

                                Enters policy manager mode.

                                 
                                Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                                Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

                                 
                                Step 3 UCSC(policy-mgr) /domain-group # scope snmp  

                                Scopes the SNMP policy's configuration mode.

                                 
                                Step 4 UCSC(policy-mgr) /domain-group/snmp # create snmp-user snmp-user  

                                Enter a name for the SNMP user.

                                 
                                Step 5 UCSC(policy-mgr) /domain-group/snmp* # set aes-128 yes | no  

                                Use AES-128 for the SNMP user (yes or no).

                                 
                                Step 6 UCSC(policy-mgr) /domain-group/snmp* # set auth md5 | sha  

                                Use MD5 or Sha authorization mode for the SNMP user.

                                 
                                Step 7 UCSC(policy-mgr) /domain-group/snmp* # set password password  

                                Enter and confirm a password for the SNMP user.

                                 
                                Step 8 UCSC(policy-mgr) /domain-group/snmp* # set priv-password private-password  

                                Enter and confirm a private password for the SNMP user.

                                 
                                Step 9 UCSC(policy-mgr) /domain-group/snmp/snmpuser* # commit-buffer  

                                Commits the transaction to the system configuration.

                                 

                                The following example shows how to scope into the Domain Group root, scope the SNMP policy, scope into the SNMP user named snmpuser01, set aes-128 mode to enabled, set authorization to Sha mode, set password to userpassword01, set private password to userpassword02, and commit the transaction:

                                UCSC # connect policy-mgr
                                UCSC(policy-mgr)# scope domain-group /
                                UCSC(policy-mgr) /domain-group # scope snmp
                                UCSC(policy-mgr) /domain-group/snmp # scope snmp-user snmpuser01
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user # set aes-128 yes
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth sha
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set password userpassword01
                                Enter a password: userpassword01
                                Confirm the password: userpassword01
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set priv-password userpassword02
                                Enter a password: userpassword02
                                Confirm the password: userpassword02
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user # 
                                
                                

                                The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, create the SNMP user named snmpuser01, set aes-128 mode to enabled, set authorization to md5 mode, set password to userpassword01, set private password to userpassword02, and commit the transaction:

                                UCSC # connect policy-mgr
                                UCSC(policy-mgr)# scope domain-group /
                                UCSC(policy-mgr) /domain-group # scope snmp
                                UCSC(policy-mgr) /domain-group/snmp # create snmp-user snmpuser01
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set aes-128 yes
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth md5
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set password userpassword01
                                Enter a password: userpassword01
                                Confirm the password: userpassword01
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set priv-password userpassword02
                                Enter a password: userpassword02
                                Confirm the password: userpassword02
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user # 
                                
                                

                                The following example shows how to scope into the Domain Group root, scope the SNMP policy, scope into the SNMP user named snmpuser01, set aes-128 mode to disabled, set authorization to md5 mode, and commit the transaction:

                                UCSC # connect policy-mgr
                                UCSC(policy-mgr)# scope domain-group /
                                UCSC(policy-mgr) /domain-group # scope snmp
                                UCSC(policy-mgr) /domain-group/snmp # scope snmp-user snmpuser01
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user # set aes-128 no
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth md5
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer
                                UCSC(policy-mgr) /domain-group/snmp/snmp-user # 
                                

                                Deleting an SNMP User

                                Procedure
                                    Command or Action Purpose
                                  Step 1 UCSC# connect policy-mgr  

                                  Enters policy manager mode.

                                   
                                  Step 2 UCSC(policy-mgr)# scope domain-group domain-group  

                                  Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.

                                   
                                  Step 3 UCSC(policy-mgr) /domain-group # scope snmp  

                                  Scopes the SNMP policy's configuration mode.

                                   
                                  Step 4 UCSC(policy-mgr) /domain-group/snmp # delete snmp-user snmp-user  

                                  Delete the SNMP user.

                                   
                                  Step 5 UCSC(policy-mgr) /domain-group/snmp* # commit-buffer  

                                  Commits the transaction to the system configuration.

                                   

                                  The following example shows how to scope into the Domain Group root, scope the SNMP policy, delete the SNMP user named snmpuser01, and commit the transaction:

                                  UCSC # connect policy-mgr
                                  UCSC(policy-mgr)# scope domain-group /
                                  UCSC(policy-mgr) /domain-group # scope snmp
                                  UCSC(policy-mgr) /domain-group/snmp # delete snmp snmpuser01
                                  UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
                                  UCSC(policy-mgr) /domain-group/snmp # 
                                  
                                  

                                  The following example shows how to scope into the Domain Group domaingroup01, scope the SNMP policy, delete the SNMP user named snmpuser02, and commit the transaction:

                                  UCSC # connect policy-mgr
                                  UCSC(policy-mgr)# scope domain-group domaingroup01
                                  UCSC(policy-mgr) /domain-group # scope snmp
                                  UCSC(policy-mgr) /domain-group/snmp # delete snmp snmpuser02
                                  UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
                                  UCSC(policy-mgr) /domain-group/snmp #