User Guide for the CiscoWorks Wireless LAN Solution Engine, 1.3
Performing Administrative Tasks
Downloads: This chapterpdf (PDF - 746.0KB) The complete bookPDF (PDF - 4.06MB) | Feedback

Performing Administrative Tasks

Table Of Contents

Performing Administrative Tasks

Using Discovery and Managing Devices

Managing Devices

Manage Devices

View Device Management History

Specifying Device Credentials

Specify Community Strings

Community String Guidelines

Specify the HTTP Username and Password

Managing Device Discovery

Overview: Discovery

Set Up Devices

Enable Discovery Options

Set Up Discovery Filters

Schedule Discovery

Run Discovery Now

Running Inventories

Immediate Inventory of Selected Devices

Immediate Inventory of All Devices

Viewing Inventory and Discovery Task History

Importing Devices

Import Devices from a File

Import Devices from CiscoWorks2000

Exporting Devices

Adding, Modifying and Deleting AAA Servers

Manage LEAP Servers

Manage RADIUS Servers

Manage EAP-MD5 Servers

Managing Groups

Overview: Groups

Creating, Editing, and Deleting Groups

Add a Group

Edit a Group

Delete a Group

Managing the Appliance

Viewing WLSE Status

Viewing Log File Reports

Log Files Displayed

Restarting the Wireless LAN Solution Engine

Managing the Software

Viewing Software Status

Defining the Repository

Installing Software Updates

Browsing the Repository

Viewing Software Update History

Overview: Security

Managing Security

Overview: Authentication Modules

Managing SSL (HTTPS)

Disabling or Enabling Telnet and Selecting SSH

Viewing the Last 10 Logged-On Users

Backing Up and Restoring Data

Specifying the Backup Location

Configuring a Windows 2000 or Windows XP Server as a Backup Location

Backing Up Data

Restoring Data

Using Diagnostics

Viewing and Creating a Status Report

Viewing and Creating a Self-Test Report

Viewing Processes

Setting Up the Splash Screen Message

Setting the Current Time and Date on the WLSE

Specifying NTP Time Servers

Specifying Name Servers

Specifying an SMTP Mail Server

Using Connectivity Tools

Managing System Parameters

Administering Users

Managing Roles

Managing Users

Add Users

Modify Users

Delete Users

Modifying Your Profile

Linking to a CiscoWorks2000 Server


Performing Administrative Tasks


The Administration tab allows you to you perform administrative tasks.


Note Some of the subtabs may not be visible to some users; what you view under the Administration tab depends on your login.


The Administration subtabs have the following functions:

Discover—Manage devices, configure and run discovery, specify device credentials, run inventory, view discovery and inventory history, import and export devices, and set up AAA servers (see Using Discovery and Managing Devices).

Group Management—Create groups for efficient device management and place devices in them (see Managing Groups).

Appliance—Manage the Wireless LAN Solution Engine server (see Managing the Appliance).

System Parameters—Configure polling parameters for collecting data from devices (see Managing System Parameters).

User Admin—Manage users and user roles (see Administering Users).

My Profile—Change your password (see Modifying Your Profile).

Links—Set up links to CiscoWorks2000 servers and display server desktops (see Linking to a CiscoWorks2000 Server).

Using Discovery and Managing Devices

When you select Administration > Discover, the following options appear in the left pane:

Managed Devices—View newly discovered devices, change device status, and view device management history—see Managing Devices.

Device Credentials—Specify community strings for all managed devices and specify the HTTP usernames and passwords for access points (see Specifying Device Credentials).

Discover—Schedule discovery, perform an immediate discovery, set up discovery filters, and set discovery options (including auto-manage—see Managing Device Discovery.

Inventory—Run a one-time, immediate inventory to collect information from managed devices before the next scheduled inventory (see Running Inventories)

Task History—View details on discovery and inventory jobs (See Viewing Inventory and Discovery Task History).

Import Devices—Import devices from a file or from a CiscoWorks2000 server (see Importing Devices).

Export Devices—Export devices to a CiscoWorks2000 server (see Exporting Devices).

LEAP Server—Add, modify, and delete LEAP servers (see Adding, Modifying and Deleting AAA Servers).

RADIUS Server—Add, modify, and delete RADIUS servers (see Adding, Modifying and Deleting AAA Servers).

EAP-MD5 Server—Add, modify, and delete EAP-MD5 servers (see Adding, Modifying and Deleting AAA Servers).

Managing Devices

Before you can view discovered devices or perform any operations on them, you must move the devices to the managed state. When you select Administration > Discover > Managed Devices, the following options are displayed:

Manage/Unmanage—View newly discovered devices, change device management status, or delete devices (see Manage Devices).

Device History—View the management history of each discovered device (see View Device Management History).

Manage Devices

You can use this option to change a device's management status or delete a device.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > Managed Devices > Manage/Unmanage. The device selector is displayed, showing:

Newly discovered devices (New folder). All new devices are also listed in the Unmanaged folder.

Managed devices (Managed folder)

Unmanaged devices (Unmanaged folder).

Step 2 To view the contents of a folder, expand the folder.

Step 3 To modify the status of the devices in a folder, click the folder name. The Group Status pane appears. Select one or more devices from the list and click Manage or Unmanage in the Group Change Status window. Devices are moved into the Managed or Unmanaged folders.

You must move newly discovered devices to the managed state. Only managed devices appear in WLSE displays.


Tip If you want all discovered devices to be automatically moved to the managed state, enable auto-manage in Administration > Discover > DISCOVER > Discovery Options. For more information, see Enable Discovery Options.



Note You can only manage a total of 525 access points and wireless bridges. After you have placed 500 of these devices into the Managed folder, warning messages are displayed each time you place more devices in the folder. After the 525 limit is reached, no more devices can be placed in the Managed folder, although discovery continues after the limit is reached.


Step 4 After you move devices to the managed state, inventory is run for those devices. This ensures that device attributes appear in displays, such as reports and system-defined groups without waiting for the next inventory cycle. For information about running an immediate inventory, see Running Inventories.


Note When auto-manage is enabled, after devices are discovered an inventory is run automatically for the auto-managed devices. For more information about auto-manage, see Enable Discovery Options.


Step 5 To view details about a device, select the device from the device selector. The Device Details pane appears. You can change the device's status by using the Manage and Unmanage buttons.


Note Some details may not be displayed if the corresponding parameters are not set on the device; for example, Location and Contact.


The details in the Device Details pane are as follows:

Table 6-1 Device Details Pane  

Field
Description

Device Name

Hostname, IP address, or SNMP sysname.

Description

Detailed device description.

Version

Software version installed on the device.

Device Family

Device type.

SysName

The system name.

SysObjectId

Unique identifier that identifies the device type.

Location

Where the device is located.

IP Address

Device IP address.

Subnet

Subnet in which the device is located.

Network Segment

The network segment in which the device is located.

Contact

The person to contact for this device.


Step 6 To delete a device, select the device from the device selector or dialog box and click Delete.

The device will be removed from the device selector and from all tables (including trend tables).


Related Topics

Managing Device Discovery

Device Name and IP Address Display

View Device Management History

The Historical Operations table shows information on all changes in device state (from unmanaged to managed or vice versa).


Note Your login determines whether you can use this option.


Procedure


Step 1 To view the Historical Operations table, select Administration > Discover > Managed Devices > Device History. The following information is displayed:

Table 6-2 Managed Device History Information

Field
Description

Timestamp

Date and time when the state change occurred.

Device Name

The device's hostname.

IP Address

The device's IP address.

State

The device's state:

New—Device was discovered but has not been moved to the managed or unmanaged state.

Managed—Device has been moved to the managed state.

Unmanaged—Device is unmanaged.


Step 2 To sort table data, click on the column heading by which you want to sort the data:

A triangle indicates ascending order.

An upside-down triangle indicates descending order.

No triangle indicates that the data is not sorted.


Specifying Device Credentials

This option allows you specify device community strings and HTTP credentials.

SNMP Communities—Specify community strings for managed devices. See Specify Community Strings.

HTTP User/Password—Specify the HTTP usernames and passwords for configuring access points. See Specify the HTTP Username and Password.

Specify Community Strings

The Wireless LAN Solution Engine uses a device's read-only community string to discover the device and uses the read/write community string to configure the device. If community strings are not entered correctly, the Wireless LAN Solution Engine cannot communicate with the device. Both read-only and read/write community strings are required.

The default community string is public for both the read-only string and the read-write string. If the community strings on your devices differ from the defaults, you must specify the community strings before the discovery process can begin and before you can configure the devices.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > Device Credentials > SNMP Communities. The SNMP Communities dialog box appears.

This dialog box contains a default entry that covers all devices, provided device community strings are set to the default (public).

Step 2 To add new entries, you can enter community strings by using either of the following methods:

Use the individual text boxes and list for the variables: Hostname (IP address), Read Community, SNMP Timeout, SNMP Retries, and Write Community. Then click Add. The community string appears in the large textbox.

Enter the data directly in the large text box using the following syntax:

target:read_community::timeout:retries:::write_community


Note You must enter the correct number of colons between variables. Otherwise, the community strings cannot be read.


Information about the variables follows. For more details, see Community String Guidelines.

Table 6-3 Community String Guidelines

Variable
Description
Notes

target

The IP address of a device or range of devices that use these community strings.

If you do not specify a target, the default community strings apply to all devices in the network.

read_community

A password allowing read-only access to the target devices.

You must specify the read community string. Otherwise, the default value of public is used.

timeout

The length of time (seconds) the server waits for a response from the device before performing the first retry.

The default is 10 seconds. If you increase the timeout period, discovery could take significantly longer to complete. The minimum value is one and the maximum value is 60.

retries

Number of attempts the server makes to communicate with the device before declaring that the device has timed out.

The default is one retry. If you increase the number of retries, discovery takes significantly longer to complete. The default retry policy doubles the previous timeout value for retry.

write_community

The password that allows write access to the target devices.

You must specify the write community string. Otherwise, the default value of public is used.


Step 3 To modify an entry, make your changes directly in the large textbox.

Step 4 Click Save to apply your changes.


Related Topic

Community String Guidelines

Community String Guidelines

Use these guidelines when adding or modifying community strings:

You can assign community strings to any of the following:

Complete IP address; for example, 172.20.4.9

Any wild cards (based on IP addresses); for example:

*.*.*.*

172.*.*.*

Address ranges, which can include wild cards; for example:

27.20.[4-55].*

172.[21-30].[44-88].*

172.*.*.[121-255]

You can add a combination of general and specific entries, but the WLSE reads the community strings from most specific to least specific.

If you enter duplicate community strings for a device, the most specific community string is used.

A # sign as the first character on a line indicates a comment.

All printable characters, except for colons (:), are allowed in community strings.

Spaces are not allowed in community strings.

Specify the HTTP Username and Password

HTTP usernames and passwords are required for downloading configuration files to access points. The password must be set on each access point, and you can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on access points, see Set Up Devices.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > Device Credentials > HTTP User/Password.

Step 2 To add a username and password:

a. Enter the access point IP address or range of IP addresses that will use this username and password.

b. Enter the username.

c. Enter the password.

d. Click Save. The IP address and username are added to the Current Entries textbox.

Step 3 To modify an entry:

a. Select the entry from the Current Entries text box.

b. Modify fields as needed and click Save.

Step 4 To delete an entry, select it from the Current Entries text box and click Delete.


Related Topic

"Configuring Devices"

Managing Device Discovery

When you select Administration > Discover > DISCOVER, the following options appear:

Discovery Options—Enable or disable automatic management of discovered devices and enable or disable reverse DNS lookup (See Enable Discovery Options).

Filter Rules—Limit discovery by setting up IP address filters (See Set Up Discovery Filters).

Schedule Discovery—Set up scheduled discoveries (see Schedule Discovery).

Run Discovery Now—Run a one-time, immediate discovery (see Run Discovery Now)

You can also view details on the last 15 discoveries—See Viewing Inventory and Discovery Task History.

Related Topics

Overview: Discovery

Set Up Devices

Overview: Discovery

You can set up regularly scheduled discoveries and run one-time discoveries.

Before the WLSE can discover devices:

You must configure discovery on the WLSE. See Schedule Discovery.

As an alternative to using Cisco Discovery Protocol (CDP) to run discovery, you can import devices from a file or from CiscoWorks2000. See Importing Devices.

Devices must be properly configured for access by the WLSE. See Set Up Devices.

Community strings must be entered on the WLSE. See Specify Community Strings).


Note Routers and switches are only discovered if they have properly configured access points attached to them.


Discovery proceeds according to the seed devices and CDP distance that you specify. The CDP distance determines the depth of the discovery. With a CDP distance of 1, only the immediate neighbors of the seed device are discovered. With a CDP distance of 2, devices A and B that are directly connected to the seed device are discovered, and the immediate neighbors of A and B are also discovered. You should set the CDP distance so that your entire wireless network is discovered.

After devices are discovered, you must move them to the managed state. Unmanaged devices do not appear in WLSE displays.

Related Topic

Importing Devices

Managing Devices

Set Up Devices

You must set up devices so the WLSE can discover and manage them. This section describes both required and optional setup tasks for:

Set Up Access Points and Bridges

Set Up Routers and Switches

Set Up AAA Servers

Set Up Access Points and Bridges

You can set up access points and bridges in two ways:

By using the WLSE's automatic configuration option for first-time device configuration (select Configuration > Auto Update). For more information, see Automating Configurations.

By opening a web browser session on each device and perform the tasks in the following table. To use this method, you must first configure each access point or bridge for web browsing.

Table 6-4 Set Up Procedures for Access Points and Bridges  

Tasks
Procedure
Notes

1. Enable Cisco Discovery Protocol (CDP).

1. In the Summary Status page, click Setup. The Cisco Services Setup page appears.

2. Under Services: Cisco Services, click Cisco Discovery Protocol. The CDP Setup page appears.

3. Select Enabled. Click Apply or OK.

CDP is required for the WLSE to discover devices on the network.

2. Enable SNMP.

(Optional) Set the location.

(Optional) Set the system name and system contact.

1. In the Summary Status page, click Setup. The Cisco Services Setup page appears.

2. Under Services, click SNMP. The SNMP Setup page appears.

3. Select Enabled.

4. Enter a System Name, System Location, and System Contact.

5. Click Apply or OK.

SNMP is required for the WLSE to discover and manage the device.

Setting the location enables proper grouping of devices into the system-defined Location group. For more information, see Managing Groups.

Setting the system name and system location displays this information when you display device details.

3. Set the community string by creating a user with all privileges.

(If you already entered an SNMP Admin Community name, the user created has Write, SNMP, Firmware, and Admin privileges, and the User Manager is enabled, you do not need to create another user.)

1. In the Summary Status page, click Setup. The Cisco Services Setup page appears.

2. Under Services, click Security. The Security Setup page appears.

3. Click User Information; then click Add New User. The User Management window appears.

4. To create an user with SNMP read/write privileges, enter a username and password and select the Write, SNMP, Firmware, and Admin capabilities.

5. Click Apply or OK.

The username of the user with write and SNMP privileges is used as the SNMP read/write community string.

The Firmware privilege is required for configuring devices from the WLSE.

4. Add an HTTP user with the ability to modify firmware, and enable the User Manager.

You can use the same user that you created in Task 3, if the user has firmware privileges.

1. In the Summary Status page, click Setup. The Cisco Services Setup page appears.

2. Click Security. The Security Setup page appears.

3. Click User Information; then click Add New User. The User Management window appears.

4. Enter a username and password and select Firmware; then click Apply.

5. Navigate back to the Security Setup page and click User Manager. The User Manager Setup window appears.

6. Select Enabled; then click Apply or OK.

This allows configuration uploads from the WLSE to the access point.

You must also enter HTTP users and passwords on the WLSE (see Specify the HTTP Username and Password).

5. Set up TFTP as the transfer protocol between the WLSE and access points.

1. In the Summary Status page, click Setup. The Cisco Services Setup page appears.

2. Under Services, click FTP. The FTP Setup page appears.

3. Use the pulldown menu to select TFTP as the file transfer protocol.

4. In the Default File Server text box, enter the IP address of the WLSE.

5. Click Apply or OK.

TFTP is used for transferring configuration changes to access points.


Set Up Routers and Switches


Note Only routers and switches that have properly configured access points or bridges attached to them will be discovered.


On each router and switch, configure the following:

Table 6-5 Set Up Procedures for Routers and Switches  

Task
Procedure
Notes

1. Enable CDP and verify that access points and bridges are visible from the router or switch.

1. Enter enable mode.

2. Verify that CDP is running on the switch or router:

On IOS-based devices, use the show cdp run command.

On Hybrid OS-based Catalyst switches, use the show cdp command

3. If CDP is not running, use the set cdp enable command to enable CDP.

4. To verify that access points or bridges are visible in the device's CDP table, use the show cdp neighbors command.

CDP is required for the WLSE to discover the device.

2. Enable SNMP and set up community strings.

On IOS-based devices, enter configuration mode and use the snmp community community_string ro command.

On Hybrid OS-based Catalyst devices, enter enable mode and use the set snmp community read-only community_string command.

SNMP is required for the WLSE to discover and manage the device.

3. (Optional) Set the system name, contact, and location variables.

On IOS-based devices, enter configuration mode and use the following commands.

To set the system name, use the hostname name command.

To set the system contact, use the snmp contact contact command.

To set the location, use the snmp location location command.

On Hybrid OS-based Catalyst switches, enter enable mode and use the following commands:

To set the system name, use the set system name name command.

To set the system contact, use the set system contact contact command.

To set the location, use the set system location location command.

These variables make the device more manageable. The location variable enables proper grouping of devices into the system-defined Location group. For more information about groups, see Managing Groups.

The system name, system contact, and location will appear in the device detail displays.


Set Up AAA Servers

The WLSE can monitor the performance of AAA (Authentication, Authorization, and Accounting) services provided by CiscoSecure ACS Server. To enable monitoring, you must:

Configure CiscoSecure ACS server to recognize the WLSE as a client. Follow the procedure in this section on each server.

Configure the WLSE to add information about the LEAP, RADIUS, and EAP-MD5 servers. For more information, see Adding, Modifying and Deleting AAA Servers.

Procedure


Step 1 Log into CiscoSecure ACS Server on a PC that will provide authentication services to the wireless network.


Note You will need the IP address or name of the PC when configuring the WLSE.


Step 2 Click User Setup on the left side of the initial page. The User Setup page appears.

Step 3 Enter a username for the user the WLSE will use for synthetic transactions and click Add/Edit.

Step 4 Enter a password in the first set of Password and Confirm Password textboxes. Click Submit.


Note You will need this name and password when configuring the WLSE.


Step 5 Click Network Configuration on the left side of the page. The Network Configuration screen appears.

Step 6 Click Add Entry. In the Add AAA Client area, enter the WLSE information in the following text boxes:

Client Hostname—enter the WLSE hostname (or IP address)

Client IP—enter the WLSE IP address

Key—enter a secret key


Note You will need this key when configuring the WLSE.


Step 7 Select RADIUS (Cisco Aironet) from the Authenticate Using list.

Step 8 Click Submit or Submit+Restart. A restart is required for the changes to take effect.


Enable Discovery Options

You can modify the discovery process by specifying that all discovered devices be automatically managed and enabling reverse DNS lookup so that device names, instead of IP addresses, appear in WLSE displays.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > DISCOVER > Discovery Options. The Discovery Options window appears.

Step 2 To enable automatic management for all discovered devices, select the Auto-Manage Devices checkbox.

All discovered devices will be automatically placed in the Managed folder.


Note If you are using the automatic configuration feature (Configuration > Auto Update), new access points and bridges added to the network will be automatically configured if Auto-Manage is enabled. For more information, see Automating Configurations.


Step 3 If DNS is configured on devices, you can enable reverse DNS lookup by selecting the Use reverse DNS lookup checkbox. Use of this feature affects device name display on the WLSE as follows:

Reverse DNS lookup enabled?
Affect on Display

Yes

If the lookup succeeds, the device name is displayed.

If the lookup fails, the device IP address is displayed.

No

If the device's SNMP sysName is set, the sysName is displayed.

If the sysName is not set, the device IP address is displayed.


Step 4 Click Save.


Related Topics

Manage Devices

Set Up Discovery Filters

You can limit discovery to certain devices by setting up filter rules to include or exclude devices. Filter rules consist of device IP addresses with optional wildcards and ranges.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > DISCOVER > Filter Rules. The Filter Rules window opens.

Step 2 Add IP addresses to the Include Rules or Exclude Rules text boxes, one entry per line. Use standard IP address format (four octets separated by periods) in which any octet can be:

A value between 0 and 255.

An asterisk (*) wildcard, denoting any number from 0 to 255; for example, 10.20.*.*.

A range in which the first number is less than the second; for example, 10.20.30[50-60].

Rules cause discovery to be limited as described in the following table.


Note Exclude rules take precedence over include rules.


Table 6-6 Effects of Include and Exclude Rules in Discovery Filters

Include Rules Defined?
Exclude Rules Defined?
Result

No

No

All devices are discovered.

No

Yes

All devices are discovered, but those that match the Exclude Rules are discarded.

Yes

No

Only devices that match the Include Rules are discovered.

Yes

Yes

Only devices that match the include rules are discovered. Devices that match the exclude rules are discarded.


For example, assume the IP addresses of the devices in a network are from 10.10.10.1 through 10.10.10.200:

The include rule is 10.10.10.[40-80]

The exclude rule is 10.10.10.[60-70]

All of the devices with the IP addresses 10.10.10.[40-80] are discovered, but those with IP addresses 10.10.10.[60-70] are discarded. Therefore, the devices discovered and retained have IP addresses 10.10.10.[40-59] and 10.10.10.[71-80].

Step 3 Click Save to save your Rules.

The Rules will take effect for all subsequent discoveries.


Schedule Discovery

This option allows you to schedule discovery. You can specify that scheduled discoveries be repeated at specified intervals. Before discovery can proceed, you must specify at least one seed device. Any supported device can function as a seed. Neighbors of seed devices are discovered by examining the contents of CDP tables.

You may want to specify multiple seed devices to:

Shorten the discovery time.

Discover "disconnected" networks; that is, discover devices across links on which CDP is disabled or discover devices outside the firewall.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > DISCOVER > Schedule Discovery. The Discovery - Configuring Seeds dialog box appears.

Step 2 To add seed devices, enter their comma-separated IP addresses or device names in the Seed Values text box and click >>. Seed devices that you add in this dialog box will be retained so that you can use them for subsequent scheduled and immediate discoveries.

Device names must resolve to your local DNS in order to translate device names to IP addresses during discovery. The requirements for entering device names are:

Blank spaces are not allowed.

The first character in a name must be alphanumeric

The only valid characters are the alphanumeric characters, the minus sign (-), and the period (.).

The last character cannot be a minus or a period.


Tip You can add multiple seed devices at one time by copying and pasting seed device names or IP address from a file.



Note Before you can proceed to the next screen, Modify Discovery Schedule, you must have at least one seed device in the Seed Values list.


Step 3 To delete a seed device, select the IP address from the Seed Values list and click Delete.

Step 4 Select the CDP distance from the list. Set CDP distance appropriately to discover the entire wireless network; a CDP distance of 1 only discovers the immediate neighbors of the seed devices.


Note Routers and switches that do not have access points attached to them are used when computing CDP distance. However, such devices will not appear in the discovered devices list.


Step 5 If you have not entered community strings that allow the WLSE to access all devices to be discovered, click Enter community strings before running discovery. The SNMP Community dialog box appears. For more information about entering community strings, see Specifying Device Credentials.

Step 6 To schedule discovery, click Modify Schedule. The Modify Discovery Schedule dialog box appears.

Select the State Date and Start Time from the pulldown lists.

To repeat discovery at specified intervals, click Enable. Then enter a number in the Every textbox and select the interval from the list.

Step 7 Click Next. The CDP Discovery - Summary dialog box appears.

Step 8 Click Finish to submit your settings or Back to make changes in your settings.


Related Topic

Specifying Device Credentials

Run Discovery Now

This option allows you to run an immediate, one-time discovery.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > DISCOVER > Run Discovery Now. The Run Discovery Now - Seeds dialog box appears.

Step 2 If necessary, add seed devices:


Note Any seed devices added here are used for this one-time discovery only.


a. Enter the seed device's IP address or device name in the Add Seed Value text box and click >>.

Device names must resolve to your local DNS in order to translate device names to IP addresses during discovery. The requirements for entering device names are:

Blank spaces are not allowed.

The first character in a name must be alphanumeric.

The only valid characters are the alphanumeric characters, the minus sign (-), and the period (.).

The last character cannot be a minus or a period.

b. Set the CDP by selecting a number from the list.

Step 3 If you have not added community strings that allow the WLSE to access all devices to be discovered, click Enter community strings before running discovery. The SNMP Community dialog appears. For more information about entering community strings, see Specify Community Strings.

Step 4 Click Run Now. The Discovery - Summary dialog box appears.

Click Back if you want to make changes before running the discovery.

Click Finish to run the discovery. The discovery will begin within 2 minutes.

Step 5 The Tasks History window appears. You can expand the Discovery folder to see the results of the discovery:

Immediate discoveries are named CDPDiscovery_Run_Now_number. The number increments each time you run an immediate discovery.

Click the discovery name. The Run Log appears, showing the start and end times of the discovery and information about the devices that were discovered.


Related Topics

Specifying Device Credentials

Viewing Inventory and Discovery Task History

Running Inventories

The WLSE automatically runs scheduled inventories (see About Scheduled Inventories), and you can run immediate inventories of all devices or of selected devices.

When you select Administration > Discover > Inventory, the following options for running immediate inventories appear:

Run Inventory Now—Use this option to collect complete inventory data from selected devices (see Immediate Inventory of Selected Devices).

Inventory All Devices—Use this option to collect inventory data from all devices—see Immediate Inventory of All Devices).

You can view details on the last 15 inventories—See Viewing Inventory and Discovery Task History.

About Scheduled Inventories

The WLSE runs 3 types of inventories on a regularly scheduled basis:

Basic inventories that collect all the information required by the WLSE to populate displays, such as reports, and to place devices in system-defined groups. This inventory runs hourly by default.

In the inventory history listing, these inventories appear under the name Inventory.

Client inventories that only collect information about associations of clients to access points. This inventory runs every 5 minutes by default.

In the inventory history listing, these inventories appear under the name ClientInventory.

Performance inventories that only collect the performance attributes used in trend reports for access points, bridges, and AAA servers. This inventory runs every 15 minutes.

In the inventory history listing, these inventories appear under the name PerformanceInventory.

To change the scheduled inventory intervals, you can reset the inventory polling parameters. See Managing System Parameters.

Immediate Inventory of Selected Devices

Use this option to run an immediate inventory of selected devices.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > Inventory > Run Inventory Now. The device selector shows all managed devices in group folders in the middle pane, and the Run Inventory Collection window appears.

Step 2 To search for devices:

a. From the list in the search area located in the middle pane, select the method for searching: by device name or IP address.

b. Enter the IP address or name. You can use asterisks (*) as wildcards. An asterisk denotes any number of characters in a name or an entire octet in an IP address; for example, *AP or 172.*.*.*.

c. Click Search. The matching devices appear in the Search Results folder in the device selector.

Step 3 To select devices for inventory:

a. Expand the folder that contains the devices you want to include.

b. Click the device group folder. All of the devices in the group are added to the list in the Run Inventory Collection window.


Note Each immediate inventory job for selected devices contains devices from only one group.


c. From the list of devices in the group, select the devices you want to inventory.

Step 4 Click Run Inventory for Selected Devices. The inventory job starts immediately. Managed devices are polled and information is collected. WLSE displays are updated accordingly.

Step 5 The Tasks History window appears. You can expand the Inventory folder to see the results of the inventory collection:

Inventories of selected devices are named InventoryRunNow_number. The number increments each time you run an inventory.

Click the inventory name. The Run Log appears, showing the start and end times of the inventory and the type of data that was collected for the devices you selected.


Immediate Inventory of All Devices

Use this option to run an immediate inventory of all devices. This inventory is the same as the scheduled basic inventory. Inventories that collect data for all devices are named Inventory, whether they are scheduled inventories or immediate inventories run by a user.


Note Your login determines whether you can use this option


Procedure


Step 1 Select Administration > Discover > Inventory > Inventory All Devices.

Step 2 Click Inventory All Devices. The inventory job starts immediately. Managed devices are polled and information is collected. WLSE displays are updated accordingly.

If an inventory is currently running, a message appears. You should wait for the running inventory to complete before starting the immediate inventory.

Step 3 The Tasks History window appears. You can expand the Inventory folder to see the results of the inventory collection.

Inventories of all devices are named Inventory.

Click the inventory name. The Run Log appears, showing the start and end times of the inventory and type of data that was collected.


Viewing Inventory and Discovery Task History

You can view the history of inventories and discoveries by using the Task History option. Details on the last 15 inventories and discoveries are accessible through this option.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > Tasks History. The Tasks selector appears.

Step 2 To view a list of jobs, expand the Discoveries or Inventories folder. A list of the last 15 jobs appears with the latest job listed first and earliest listed last.

The names of the inventory and discovery jobs indicate the type of inventory or discovery as follows:

Table 6-7 Discovery Job Names

Name
Type of Job

CDPDiscovery

Scheduled discoveries.

CDPDiscovery_Run_Now_number

Immediate, one-time discoveries.

CDPDiscovery_Import_Devices

Devices were imported from a file or from a CiscoWorks2000 server.


Table 6-8 Inventory Job Names  

Name
Type of Job

Inventory

Scheduled and immediate inventories of all devices.

ClientInventory

Scheduled inventories of client associations to access points.

PerformanceInventory

Scheduled inventories of performance attributes used in trend reports.

InventoryRunNow_number

Immediate inventories of selected devices, run by users.


Step 3 To view details about a job, select the job. The Run Log appears, showing the start and end times of the job and type of data that was collected.


Related Topics

Running Inventories

Immediate Inventory of Selected Devices

Immediate Inventory of All Devices

Importing Devices

Instead of running discovery on the WLSE, you can import devices:

From a file (see Import Devices from a File).

From CiscoWorks2000 Resource Manager Essentials (see Import Devices from CiscoWorks2000).

A one-time discovery job starts immediately after you import devices. All WLSE-supported devices in the file are used as seed devices with a CDP of 1. These devices are not added to the list of available seed devices in the Discovery - Configuring Seeds dialog box, but they do appear in the Discovery Run Log. See Schedule Discovery and Viewing Inventory and Discovery Task History.

Devices not supported by the WLSE are ignored.

You can choose to discover some devices and import others.

The following information is imported:

IP addresses are accepted, and hostnames are resolved to obtain the IP address. Hostnames that cannot be resolved are ignored.

Read-only and read/write community strings are appended to the end of the Bulk SNMP Settings table (Administration > Discover > Device Credentials). See Specifying Device Credentials.


Note Imported credentials are not matched with existing entries that contain wildcards or ranges.


Import Devices from a File

You can import devices from a file that contains device information in the CSV format. You can create a CSV file by exporting devices from CiscoWorks2000 or by creating the file with a text editor. You can view a sample CSV file in the dialog box for importing files.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > Import Devices > From File. The Import Devices from File dialog box appears.

To see a sample file, click See Sample CSV File.

Step 2 You can enter a pathname for the file in the Choose File dialog box or click Browse to find the file in the client directory structure.

Step 3 Click Import. Devices are imported and a one-time discovery begins within 2 minutes.

Step 4 To verify the discovery, see Viewing Inventory and Discovery Task History.


Related Topics

Import Devices from CiscoWorks2000

Schedule Discovery

Specifying Device Credentials

Viewing Inventory and Discovery Task History

Import Devices from CiscoWorks2000

You can import devices directly from CiscoWorks2000 by connecting to a CiscoWorks2000 server.

The time required to import devices depends on the response from the CiscoWorks2000 server and the number of devices imported. The following procedure explains how to check the status of the operation.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > Import Devices > From CiscoWorks2000.

Step 2 Enter the following information. All fields are required; if any are left blank, the display will clear.

The CiscoWorks2000 server IP address.

The port number at which the CiscoWorks2000 server listens for HTTP requests. You may need to contact the administrator of the CiscoWorks2000 server to obtain this information.

The username and password of any user who has the authority to export and import device credentials on the CiscoWorks2000 server.

Click Import. After devices are imported, a one-time discovery begins.

Step 3 To see the Import Status log, click Status. The CiscoWorks2000 Import Status window appears. To refresh the status display, click Refresh.

If the Last Status button is displayed in place of the Status button, you can review the results of a previous import.

If the import fails because you entered the wrong data in the Import dialog box, one of the following error messages is included in the Import Status log:

The following message means that either the host or the port specified in the WLSE import dialog was wrong:

Error: Could not connect to CiscoWorks2000 server:ip_address on port:port_number.

The following message means that either the user or password specified in the WLSE import dialog was wrong:

Error: Connected to CiscoWorks2000 server:ip_address on port:port_number successfully, but server returned error after connection.

If the import succeeds, you can view detailed information in the Discovery Run Log. See Viewing Inventory and Discovery Task History.


Related Topics

Import Devices from a File

Schedule Discovery

Exporting Devices

You can export all WLSE-discovered devices to a CiscoWorks2000 server running Resource Manager Essentials. The information exported consists of the device IP addresses and their credentials.

The time required to export devices depends on the number of devices exported and the response from the CiscoWorks2000 server. The following procedure explains how to check the status of the operation.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Discover > Export Devices > To CiscoWorks2000.

Step 2 Enter the following information:

The CiscoWorks2000 server IP address.

The CiscoWorks2000 server port number. You may need to contact the administrator of the CiscoWorks2000 server.

The username and password of any user who has the authority to export and import device credentials on the CiscoWorks2000 server.

Step 3 Click Export.

The Export to CiscoWorks2000 Started window appears.

Step 4 To see the export status log, click Status. The CiscoWorks2000 Export Status window appears. To refresh the status display, click Refresh.

If the Last Status button is displayed in place of the Status button, you can review the results of a previous export.

The following information is included in the export status log:

Type of Information
Description

Device information

Name of the device, device status, and device status details.

The string !{[NO VALUE]}! does not indicate an error; it means information was not available to the CiscoWorks2000 server while it was sending a response to the WLSE.

Error messages

The following message means that either the host or the port specified in the WLSE export dialog was wrong:

Error: Could not connect to CiscoWorks2000 server:ip_address on port:port_number.

The following message means that either the user or password specified in the WLSE export dialog was wrong:

Error: Connected to CiscoWorks2000 server:ip_address on port:port_number successfully, but server returned error after connection.


Step 5 After you export devices, you can view them in CiscoWorks2000 Resource Manager Essentials (see the Resource Manager Essentials online help for details).


Adding, Modifying and Deleting AAA Servers

Before adding AAA servers to the WLSE, you must configure the servers to add the WLSE as a client. For information on adding the WLSE as a client on AAA servers, see Set Up AAA Servers.

After you add AAA servers to the WLSE, the WLSE automatically performs periodic logins on each server to monitor the server's response time and availability.

To add, modify, and delete servers on the WLSE, see the following:

Manage LEAP Servers

Manage RADIUS Servers

Manage EAP-MD5 Servers

For information about changing the polling interval and response time fault thresholds for AAA server monitoring, see Specifying Fault Thresholds.

Related Topics

Displaying Faults

Setting Server Response Time

Specifying Fault Thresholds

Notification Settings

Manage LEAP Servers


Note Your login determines whether you can use this option.


Procedure

To add, modify or delete a LEAP server:


Step 1 To add a LEAP server:

a. Select Administration > Discover > LEAP SERVER > Add Server. The LEAP Server: Add Server dialog box appears.

b. Complete the following:

Text Box
Description

Server Name

Name or IP address of the AAA server.

Server Port

Port on the server that is used for authentication; this is always 1645.

Username

Client username that you entered on the AAA server.

Password

Client password that you entered on the AAA server.

Secret

Shared secret key that you entered on the AAA server.


c. To add the server, click Submit. To clear all data from the textboxes, click Reset.

Step 2 To modify a LEAP server:

a. Select Administration > Discover > LEAP Server > Modify Server. The LEAP Server: Modify Server dialog box appears.

b. Select a server from the Server Name list, and enter data as described in Step 1.

c. Click Submit.

Step 3 To remove a LEAP server:

a. Select Administration > Discover > LEAP Server > Remove Server. The LEAP Server: Remove Server dialog box appears.

b. From the list, select the server you want to remove, then click Submit.

Step 4 For information on setting the polling interval and response time fault thresholds for LEAP servers, see Specifying Fault Thresholds.


Manage RADIUS Servers


Note Your login determines whether you can use this option.


Procedure

To add, modify or delete a RADIUS server:


Step 1 To add a RADIUS server:

a. Select Administration > Discover > RADIUS SERVER > Add Server. The RADIUS Server: Add Server dialog box appears.

b. Complete the following:

Text Box
Description

Server Name

Name or IP address of the AAA server.

Server Port

Number of the port on the server that is used for authentication; this is always port 1645.

Username

Client username that you entered on the AAA server.

Password

Client password that you entered on the AAA server.

Secret

Shared secret key that you entered on the AAA server.


c. To add the server, click Submit. To clear all data from the textboxes, click Reset.

Step 2 To modify a RADIUS server:

a. Select Administration > Discover > RADIUS Server > Modify Server. The RADIUS Server: Modify Server dialog box appears.

b. Select a server from the Server Name list, and enter data as described in Step 1.

c. Click Submit.

Step 3 To remove a RADIUS server:

a. Select Administration > Discover > RADIUS Server > Remove Server. The RADIUS Server: Remove Server dialog box appears.

b. From the list, select the server you want to remove, then click Submit.

Step 4 For information on changing the polling interval and response time fault thresholds for RADIUS servers, see Specifying Fault Thresholds.


Manage EAP-MD5 Servers


Note Your login determines whether you can use this option.


Procedure

To add, modify or delete a EAP-MD5 server:


Step 1 To add an EAP-MD5 server:

a. Select Administration > Discover > EAP-MD5 SERVER > Add Server. The EAP-MD5 Server: Add Server dialog box appears.

b. Complete the following:

Text Box
Description

Server Name

Name or IP address of the AAA server.

Server Port

Number of the port on the server that is used for authentication; this is always port 1645.

Username

Client username that you entered on the AAA server.

Password

Client password that you entered on the AAA server.

Secret

Shared secret key that you entered on the AAA server.


c. To add the server, click Submit. To clear all data from the textboxes, click Reset.

Step 2 To modify an EAP-MD5 server:

a. Select Administration > Discover > EAP-MD5 Server > Modify Server. The EAP-MD5 Server: Modify Server dialog box appears.

b. Select a server from the Server Name list, and enter data as described in Step 1.

c. Click Submit.

Step 3 To remove an EAP-MD5 server:

a. Select Administration > Discover > EAP-MD5 Server > Remove Server. The RADIUS Server: Remove Server dialog box appears.

b. From the list, select the server you want to remove, then click Submit.

Step 4 For information on changing the polling interval and response time fault thresholds for EAP-MD5 servers, see Specifying Fault Thresholds.


Managing Groups

When you select Administration > Group Management, the device selector appears in the left pane and a group management window appears in the right pane. Initially, only the system-defined groups appear in the device selector. The group management window allows you to create your own groups—see Creating, Editing, and Deleting Groups).

Related Topics

Overview: Groups

Creating, Editing, and Deleting Groups

Overview: Groups

The Group Management window allows you to view the existing device groups and categorize devices into named groups so that you can perform management tasks on a group of devices as a single operation.

A group is a named entity that can contain devices, other groups, or a combination of devices and groups. There are two types of groups:

System-defined groups—See System-Defined Groups.

User-defined groups—See User-Defined Groups.

The device selector lists all the current groups, both system-defined groups and user-defined groups. The number after a group name or folder shows how many objects are in the group (devices and other groups) or how many groups are in the folder. Every managed device appears in one or more of the system-defined groups, and may also appear in user-defined groups.

System-Defined Groups

There are six system-defined folders containing system-defined groups.

You cannot edit or delete a system-defined group. The system defined groups are automatically populated using information read from the devices during discovery and inventory collection. Any changes on devices are reflected in the system-defined groups only after the next discovery or inventory collection has completed. The system-defined groups and folders are:

Device Type folder—Contains groups for AAA servers, 1200 APs, 340 APs, 350 APs, 350 Bridges, Routers, and Switches.


Note 4800 APs will appear in the system folder for 350 APs.


Location folder—Contains groups based on the locations of the devices. To enable creation of system-defined location groups, you must configure a parameter on the device that identifies the device location. See Set Up Devices for information on setting location. The null location group contains all devices that are not configured with their location information.

SSID folder—Contains a group for each primary radio service set ID (SSID) configured on access points. For information on configuring the SSID, see Set Up Devices

Software Version folder—Contains a group for each software version detected on the devices.

Subnet folder—Contains a group for each subnet configured in the network.

VLAN folder—Contains a group for each VLAN configured on the access points.

User-Defined Groups

You can define any number of groups, which can contain subgroups and devices. User-defined groups can contain devices and other groups, so you can set up hierarchies of groups.

Related Topics

Creating, Editing, and Deleting Groups

Managing Device Discovery

Running Inventories

Creating, Editing, and Deleting Groups

You can create groups and edit or delete user-defined groups. The system-defined groups cannot be edited or deleted.

Use the options in the group management window to:

Add a Group

Edit a Group

Delete a Group

To view the devices in a group, select Administration > Group Management. Expand the folders or groups until you can click on the group you want to view. The group name, description, creator, and devices are listed in the Members area of the group management window.

Add a Group

You can add groups by:

Creating a New Group

Copying an Existing Group


Note Your login determines whether you can use this option.


Creating a New Group

Procedure


Step 1 Select Administration > Group Management. The group selector pane and group window are displayed.

Step 2 To create a new group, click Create New. The Create Group dialog appears and the Search dialog appears above the group selector. To search for devices:

a. From the list in the search dialog, select the method for searching: by device name or IP address.

b. Enter the IP address or name. You can use asterisks (*) as wildcards. An asterisk denotes any number of characters in a name or an entire octet in an IP address; for example, *AP or 172.*.*.*.

c. Click Search. The matching devices appear in the Search Results folder in the device selector.

Step 3 Enter a name in the Name text box. Enter a description in the Description text box (optional).

For information about the characters allowed in group names and descriptions, see Naming Guidelines.

Step 4 To make your new group a subgroup of another group, select a group from the Subgroup Of list. By default, all new groups are added at the top level ([root]).


Note Your new group will be added to the Subgroups Of list.


Step 5 From the group selector in the left pane, select a group that contains devices you want to add to your new group. Devices in that group are added to the Available Devices list in the Create Group dialog.

Step 6 To add devices to the new group, select the group or individual devices from the All Available Devices list and click >>. Devices are moved to the Devices in Group list.

Step 7 To add more devices to the new group, repeat Steps 5 and 6.

Step 8 To remove devices from the group, select them from the Devices in Group list and click <<.

Step 9 To save the group, click Save. The new group is displayed and added to the end of the group selector list. To cancel the group creation and discard your changes, click Cancel.


Copying an Existing Group

Use this procedure to create a new group by copying an existing group. You can copy both system groups and user-defined groups.

Procedure


Step 1 Select Administration > Group Management. The group selector pane and group dialog box are displayed.

Step 2 To copy an existing group, select the group and click Copy:

The Copy Group dialog appears. The devices in the group are placed in the Devices in Group list.

The Search dialog appears above the device selector. To search for devices:

a. From the list in the search dialog, select the method for searching: by device name or IP address.

b. Enter the IP address or name. You can use asterisks (*) as wildcards. An asterisk denotes any number of characters in a name or an entire octet in an IP address; for example, *AP or 172.*.*.*.

c. Click Search. The matching devices appear in the Search Results folder in the device selector.

Step 3 Edit the name, if desired. Change or add the description in the Description text box (optional).

For information about the characters allowed in group names and descriptions, see Naming Guidelines.

Step 4 To make the group a subgroup of another group, select a group from the Subgroup Of list. By default, all new groups are added at the top level ([root]).


Note Your new group will be added to the Subgroup Of list.


Step 5 To add more devices to the group:

a. Select another group. Devices in that group are added to the All Available Devices list in the Create Group dialog.

b. Select the group or individual devices from the Available Devices list and click >>.

c. To add more devices, repeat Steps a and b.

Step 6 To remove devices from the group, select them from the Devices in Group list and click <<.

Step 7 To save the group, click Save. The new group is displayed and added to the end of the device selector list. To cancel group creation and discard your changes, click Cancel.


Related Topics

Edit a Group

Delete a Group

Overview: Groups

Edit a Group

You can edit user-defined groups, but system-defined groups cannot be edited.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Group Management. The group selector pane and Group dialog box appear.

Select a group to edit from the group selector in the left pane and click Edit. The Edit Group dialog appears in the right pane and the search dialog appears in the middle pane. To search for devices:

a. From the list in the search dialog, select the method for searching: by device name or IP address.

b. Enter the IP address or name. You can use asterisks (*) as wildcards. An asterisk denotes any number of characters in a name or an entire octet in an IP address; for example, *AP or 172.*.*.*.

c. Click Search. The matching devices appear in the Search Results folder in the device selector.

Step 2 Change the Name or Description by editing the text in the text boxes.

For information about the characters allowed in group names and descriptions, see Naming Guidelines.

Step 3 To make the group a subgroup of another group, select a group from the Subgroup Of list. The group you are editing will become a subgroup of the group you select.

Step 4 To add devices to the group, select a group from the group selector. The devices in the group appear in the All Available Devices list. Select the group or individual devices from the list and click Add. Devices are placed in the Devices in Group list.

Step 5 To add more devices, repeat Step 4.

Step 6 To delete devices from the group, select one or more devices from the Devices in the Group list and click Remove.

Step 7 To save your changes, click Save. The edited group is displayed. To discard your changes, click Cancel.


Related Topics

Add a Group

Delete a Group

Overview: Groups

Delete a Group

You can delete user-defined groups, but you cannot delete system-defined groups.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Group Management. The device selector appears in the left pane and the Group window appears.

Step 2 Select the group from the group selector list. The group is displayed.

Step 3 Click Delete.


Related Topic

Overview: Groups

Edit a Group

Add a Group

Managing the Appliance

Options under the Appliance subtab allow you to manage the WLSE system and use connectivity tools. When you select Administration > Appliance, the following options are displayed:

Status—Gather and view WLSE statistics and restart the machine (see Viewing WLSE Status).

Software—Update, reinstall, view status, and define the repository for the WLSE software (see Managing the Software).

Security—Manage WLSE security features, such as telnet, SSL, and authentication modules (see Managing Security).

Backup and Restore—Configure backup location, backup data, and restore data (see Backing Up and Restoring Data).

Diagnostics—Troubleshoot, run self-tests, view process status (see Using Diagnostics).

Splash Screen—Customize the splash screen message (see Setting Up the Splash Screen Message).

Time/NTP/Name—Set the current time (see Setting the Current Time and Date on the WLSE), specify NTP servers (see Specifying NTP Time Servers), and specify IP name servers (see Specifying Name Servers).

Configure Mailroute—Specify an SMTP server for handling email notifications (see Specifying an SMTP Mail Server).

Connectivity Tools—Test device connectivity and reachability and troubleshoot nonresponding devices (see Using Connectivity Tools).


Note Your login determines whether you can use these options.


Viewing WLSE Status

The Status options include:

Viewing log file statistics (see Viewing Log File Reports).

Restarting the WLSE (see Restarting the Wireless LAN Solution Engine).

Viewing Log File Reports

This option allows you to view the contents of WLSE log files.

Procedure


Step 1 Select Administration > Appliance > Status > View Log File. The Log File Utilities dialog box appears with the following information:

Field
Description

Log file

Name of the log file displayed.

Directory

Location of log file.

File Size

Size of file.

Size Limit

Recommended maximum file size.

File Size Utilization %

Percentage of the maximum size (500MB) that is being used.


Step 2 To see log file details, click the name of the log file. A window appears with log file information. For a description of each file, see Log Files Displayed.

Step 3 To search for specific data within the log files, click the check boxes of the log files you want to search, and enter a keyword into the Keyword text box. Click Case Sensitive if you want your search to be case sensitive, then click Search. A window displays the results of the search.


Log Files Displayed

The WLSE maintains the following log files.

Log File
Content

access_log

Web server user access log.

daemons.log

Log file for logging messages that dmgtd does not log.

dmgtd.log

Process Management daemon log file.

error_log

Web server error log.

faults.log

Log for device fault information.

install.log

Software package installation log.

jobvm.log

Log for all scheduled tasks.

mfgtest.log

Log for the manufacturing test.

mod_jk.log

Message log for hook between Tomcat and Apache.

snmpd.log

SNMP agent log file.

ssl_request_log

Log for secure socket layer web server events for https.

tomcat.log

Java servlet messages.


Restarting the Wireless LAN Solution Engine

This option allows you to restart the WLSE.

After the Wireless LAN Solution Engine restarts, discovery and inventory will resume at the next scheduled time.

Procedure


Step 1 Select Administration > Appliance > Status > Restart. The Restart System screen appears.

Step 2 Click OK to restart the Wireless LAN Solution Engine.


Note If you need to perform a manual soft restart (for example, when modifying a network interface) you can use the CLI commands. (Refer to User Guide for the CiscoWorks1105 Wireless LAN Solution Engine—From the Online Help, click View PDF.)



Related Topics

Managing Device Discovery

Running Inventories

Managing the Software

The Software options are:

Status—Currently installed software information, such as software description, installation date, and installation status (see Viewing Software Status).

Define Repository—Specify the repository location. The repository provides software update services to the WLSE (see Defining the Repository).

Software Updates—Select and install a software update from the repository. You must specify the repository before updating software so the Wireless LAN Solution Engine can locate the software updates (see Installing Software Updates).

Browse Repository—Browse the available complete images and software upgrades on the repository (see Browsing the Repository).

Software Update History— Information about current and previous versions of installed software, including version number, install date, and installation status (see Viewing Software Update History).

Viewing Software Status

You can view information about the software currently installed on the WLSE.

Procedure


Step 1 Select Administration > Appliance > Software  >  Status. The Software Status window appears with the Installed Software table, which contains the following information about all the software currently installed on the WLSE:

Field
Description

Software Name

Brief description of the software.

Installation Date

Date and time (UTC) the software was installed.

Status

Status of the installation.

Details

Detailed install log for this software.


The Last Installation Information table displays the following about the most recent software installation:

Field
Description

Name

Brief description of the software.

Installation Status

Status of the installation.

Log File

Detailed install log for this software.


Step 2 To view details about an installation, click View Log in the Details field.

The install log for the selected installation opens. The information about the latest software installed is displayed.


Related Topics

Viewing Software Update History

Installing Software Updates

Managing the Software

Defining the Repository

The repository warehouses the available software updates for the WLSE. The repository can be either local (on the WLSE), or remote (on a Windows NT or Windows 2000 server). The default is a local repository.

By defining the repository, you are telling the WLSE where to look for available software updates. You can download software from the repository and install it on the WLSE, and you can browse the available software versions on the repository.

Before you can define the repository, you must first it:

To create a local repository, see Creating a Local Repository.

To create a remote repository, see Creating a Remote Repository.

Procedure


Step 1 Select Administration > Appliance > Software > Define Repository. The Define Repository dialog box appears.

Step 2 To define or redefine the repository, complete the following:

Text Box
Description

Host Name

The hostname or IP address of the repository. For the local repository, enter localhost.

Port Number

The port number used by the software on the repository. The default port number for the local repository is 9851.

Description

A description of the repository. This text box is optional; you can enter any description.


Step 3 Click Connect to Repository to verify that the hostname and port number you entered are correct. If the data is incorrect, an error message appears.


Related Topics

Installing Software Updates

Browsing the Repository

Managing the Software

Creating a Local Repository

A WLSE can serve as the repository for itself and multiple other WLSEs.

To create a local repository, configure the repository using the CLI.


Note To use the local repository, you must be downloading software updates from an FTP site.


For more information, see the Hardware Installation and Configuration Guide for the CiscoWorks 1105 Wireless LAN Solution Engine.

Procedure


Step 1 Open a CLI window to the Wireless LAN Solution Engine, using Telnet or SSH.

Step 2 Specify the FTP site that will be the source of the software updates. Use the following CLI command:

repository source ftp://hostname/path

Step 3 Find the software you want on the FTP site.

Step 4 Download the software you want to the repository using the following command:

repository add package


Creating a Remote Repository

A remote repository can serve as the repository for one or more Wireless LAN Solution Engines. The remote repository can be either:

A WLSE functioning as the remote repository for other WLSEs.

A Windows NT or Windows 2000 server. A remote repository created on a Windows NT or Windows 2000 server will be temporary; it will not exist after the server reboots.


Note If you are using a Wireless LAN Solution Engine as a remote repository, see Creating a Local Repository.


Procedure


Step 1 Download the ZIP file containing the update. The latest updates can be found at ftp.cisco.com.

Step 2 Extract the file to any empty directory. For example, extract the file to C:\wlse\wlse_repository.

Step 3 Open a command window and enter the following command:

subst <drive2:><drive1:>\<path>


Note Drive2 is a virtual drive. It will be removed after you reboot the Windows 2000 or Windows NT server.


Step 4 Open <drive2:>.

Step 5 If Autoplay is enabled, the autorun.bat file will automatically run. If it does not, double-click it. A browser window opens, displaying the Appliance Update screen.

Step 6 Enter the hostname or IP address of the appliance.

The remote repository is now on the Windows NT or Windows 2000 server. To install software updates from this repository, see Installing Software Updates.


Related Topic

Creating a Local Repository

Installing Software Updates


Note When you update or reinstall software, the WLSE stops and restarts. Therefore, you cannot access the WLSE during a software update, and you must log in again after updating software.


Procedure


Step 1 Select Administration > Appliance > Software > Install Software Updates. The Install Software Updates window opens and displays information about the Wireless LAN Solution Engine, the currently defined repository, and the compatible software available for updating.

Step 2 Select a software version from the Compatible Updates table, Compatible Reinstallations table, or Complete Images table.

These tables display the following information about the software you can install.

Field
Description

Name

Software identifier.

Version

Version number of the software.

Summary

Brief description of the software.

Release Date

Release date of the software.

Details

Detailed description of the software.


Step 3 To view details about any of the listed software, click README in the Details field.

Step 4 To begin the installation, make a selection from the Compatible Updates table, Compatible Reinstallations table, or Complete Images table.

Step 5 To install the selected software, click Install. The Install Software Updates window opens.

Step 6 Click Confirm to continue the installation. Click Cancel to cancel the installation.

When the installation is complete, the WLSE will be unavailable for a few minutes while it restarts. The Login screen will appear when the update is complete.

You can view details of the installation after the installation is complete (Administration > Appliance > Software  >  Status  > View Log).


Related Topics

Defining the Repository

Viewing Software Status

Viewing Software Update History

Browsing the Repository

Managing the Software

Browsing the Repository

You can browse the available complete images and software upgrades on the repository using this option.


Note A repository must be defined in order to browse software. To define the repository, see Defining the Repository.


Procedure


Step 1 Select Administration > Appliance > Software > Browse Repository. The Browse Repository dialog box appears.

Step 2 To view detailed information about a complete image or update, click README in the Complete Images table or Updates table. These tables display the following about all the software available on the repository:

Field
Description

Name

Software identifier.

Version

Version number of the software.

Appliance Type

The appliance type that the software is designed for.

Release Date

Release date of the software.

Summary

Brief description of the software.

Details

Detailed description of the software. Click README to display details.



Related Topics

Installing Software Updates

Managing the Software

Viewing Software Update History

This window shows only the update history, not a history of installed images. If you install a complete new image, the previous update history will be erased.

Procedure


Step 1 Select Administration > Appliance > Software  >  Software Update History. The Software Update History window displays the following:

Table 6-9 Software Update History Window  

Field
Description

Name

Software identifier.

Version

Software version.

Summary

Summary of the installed software.

Install Date

The date and time (UTC) the software was installed.

Status

The status of the installed software.

Details

The detailed install log for this software.

Status

The status of the installation:

Success—Software was installed with no errors.

Warning—Software installed successfully with minor errors.

Error—Software installation was unsuccessful.

Details

The detailed install log for this installation, including warning and error messages.


Step 2 Click View Log in the Details field to view the detailed install log for a software installation.


Related Topics

Viewing Software Status

Browsing the Repository

Managing the Software

Overview: Security

The WLSE provides the following security features:

Optional secure connection through a Web browser

Connection through the CLI via Telnet

Secure connection through the CLI via SSH

Authentication through the local database or through alternative authentication services

Flexible user access to managed devices and Wireless LAN Solution Engine services through configurable roles.

You can manage your system's security by:

Selecting an Authentication Module

Disabling or Enabling Telnet and Selecting SSH

Viewing the Last 10 Logged-On Users

Administering Users

Managing Security

The Security options include:

Authentication Modules—Choose the authentication module used (see Overview: Authentication Modules).

SSL (HTTPS)—Obtain a permanent, signed Certificate Signed Request for secure Web access (see Managing SSL (HTTPS)).

Telnet and SSH—Configure Telnet and SSH settings (see Disabling or Enabling Telnet and Selecting SSH).

Last 10 Logins—View information about the last 10 users who have logged on to the WLSE (see Viewing the Last 10 Logged-On Users).

Overview: Authentication Modules

The Wireless LAN Solution Engine provides a mechanism for authenticating users through the local authentication module and a local database of user IDs and passwords. Many network managers, however, already have an authentication service. To use your own authentication service instead of the local module, you can select one of the alternative modules:

TACACS+

Radius

MS NT Domain

After you select and configure a module, all authentication transactions are performed by the authentication service associated with that module. Users log in with the user ID and password associated with the current authentication module.

The Wireless LAN Solution Engine determines user roles; therefore, all users must be in the local database of user IDs and passwords. A user's role determines the services and devices that the user can access. Users must have the same user ID locally as they have in the alternative authentication source, but the local password and authentication service password do not have to be same.

Users who are authenticated by an alternative service and who are not in the local database have no roles assigned to them. Users who have no roles see only the splash screen after logging in and cannot view screens or perform tasks.

If the alternative authentication service fails, the Wireless LAN Solution Engine defaults to the Local authentication module. Even if the local user database fails, you can always log in as the admin user.

Related Topics

Selecting an Authentication Module

Administering Users

Selecting an Authentication Module

The Local login module is selected by default, but you can select a different module.

Procedure


Step 1 Select Administration > Appliance > Security > Authentication Modules. The Authentication Modules dialog box appears.

Step 2 Select an authentication module from the Select Module drop down list, then click Submit. A Configuration dialog box appears for all selections except the Local module.

Step 3 Depending on the authentication module you selected, enter the following data, then click Submit:.

Radius module or TACACS+ module:

Primary Server and Secondary Server—IP addresses or device names of the primary and secondary authentication servers. A secondary server is optional.

Shared Secret—Secret key.

MS NT Domain module:

Domain—Name of the Windows domain.

Primary Domain Controller and Backup Domain Controller—Names of the primary and backup Windows domain controllers. A backup domain controller is optional.


After you change the authentication module, you do not have to restart the Wireless LAN Solution Engine. Changing the module does not affect users who are currently logged on. Users who log on after the change use the new module.

Related Topic

Overview: Security

Managing SSL (HTTPS)

SSL (secure socket layer) protocol provides a secure connection between Web clients and the Wireless LAN Solution Engine. When you initially set up the Wireless LAN Solution Engine, an unsigned certificate and a CSR (Certificate Signed Request) are automatically generated and SSL is enabled. The unsigned certificate expires in one year. To obtain a permanent, signed certificate, use the following procedure.


Note To establish a connection to the Wireless LAN Solution Engine using SSL, use the prefix https instead of http when entering the URL into the browser and do not append a port number to the URL.


Procedure


Step 1 Select Administration > Appliance > Security > SSL (HTTPS). The SSL (HTTPS) dialog box appears.

Step 2 Click View CSR. The encrypted CSR is displayed.

Step 3 Copy the encrypted CSR (between the begin and end lines). Send the CSR to a certificate authority (such as Verisign), following the authority's procedure.

Step 4 When you receive the signed certificate:

a. Copy it into an ASCII file on a client system.

b. On the same client, select Administration > Security.

c. Under SSL (HTTPS), type the path to the signed certificate or click Browse to locate the file, then click Submit Certificate.

d. To use the new certificate, you need to restart the Wireless LAN Solution Engine by logging on through the CLI, running the services stop command to stop the system, then running the services start command to restart the system.

Step 5 You should block login through the regular HTTP port (1741):

a. Log in to the WLSE through the console or by using Telnet or SSH.

b. Enter the following CLI command:

# firewall eth0 1741

For more information on this command, see the User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine; from the online help, click View PDF.


Related Topic

Overview: Security

Disabling or Enabling Telnet and Selecting SSH

Telnet is used for connecting to the Wireless LAN Solution Engine through the CLI. By default, Telnet is enabled. To prevent unsecure connections through the CLI, you can disable Telnet.

SSH provides a secure Telnet connection, encrypting all traffic, including passwords. By default, both SSH1 and SSH2 are used.

Procedure


Step 1 Select Administration > Appliance > Security > SSH and Telnet. The SSH and Telnet control panel appears.

Step 2 To change the type of SSH used, select the desired SSH version from Select Protocol, then click Change Protocol.

Step 3 To enable or disable Telnet, make a selection from Telnet, then click Configure.

Changes takes place immediately.


Related Topic

Overview: Security

Viewing the Last 10 Logged-On Users

You can view information about the last 10 users who have logged on to the WLSE.

Procedure


Step 1 Select Administration > Appliance > Security > Last 10 Logins.

The Last 10 Logins table appears, showing the following information for the last 10 logins.

Field
Description

Login Name

User's login name.

Logged In Since

Date and time the user logged in (GMT).

IP Address

IP address of the system from which the user logged in.

Associated role

Role assigned to the user.



Related Topic

Overview: Security

Backing Up and Restoring Data

Backing up the WLSE saves its configuration data in case you need to restore the data. When you select Administration > Appliance > Backup and Restore, the following options appear:

Configure—Set the backup location (see Specifying the Backup Location).

Before a Windows 2000 or Windows XP system can be used for backups, it must be configured—see Configuring a Windows 2000 or Windows XP Server as a Backup Location.

Backup—Back up data, including all Wireless LAN Solution Engine role and user information (see Backing Up Data).

Restore—Restore an available backup image (see Restoring Data).

Specifying the Backup Location

The backup location must be running an FTP server, because the Wireless LAN Solution Engine uses FTP to transfer the backup data.

Procedure


Step 1 Select Administration > Appliance > Backup and Restore > Configure.

Step 2 Enter the hostname/IP for the backup location.

Step 3 Enter the username you use on the backup location machine.

Step 4 Enter the password you use on the backup location machine.

Step 5 Reenter the password to verify that it is correct.

Step 6 Optional—Specify the path to which the backup image is saved.

When specifying the path on a Windows 2000 or Windows XP server:

Use either forward slashes (/) or backslashes (\) as the directory separators.

Do not include the drive specifier (for example c:\) in the path specification.

The path is relative to the ftproot.

Step 7 Click Save.

Step 8 To verify that the backup location is reachable and is running an FTP server:

a. Select Administration > Appliance > Backup and Restore > Backup.

b. Click Test.

c. Click OK.


Related Topics

Backing Up Data

Restoring Data

Configuring a Windows 2000 or Windows XP Server as a Backup Location

Configuring a Windows 2000 or Windows XP Server as a Backup Location

To serve as a backup location, a Windows 2000 or Windows XP server must be configured for UNIX directory mode.

Procedure


Step 1 On the server, select Start > Settings > Control Panel > Administrative Tools > Internet Services Manager.

If this option is not available on the server, enable it as follows:

a. Select Start > Settings > Control Panel > Add/Remove Programs.

b. On the left side of the Add/Remove window, click Add/Remove Windows Components. The Windows Components wizard starts.

c. Check the checkbox for Internet Information Services, then click Next.

Step 2 From the Tree panel, select the Windows 2000 or Windows XP system name.

Step 3 In the Description panel, right-click Default FTP Server. Then click Properties.

Step 4 In the Home Directory tab:

Select UNIX under Directory Listing Style.

Select Write under FTP Site Directory.


Backing Up Data

Data backed up includes Wireless LAN Solution Engine role and user information, discovery configuration information, and other configuration information. The following procedure includes a verification step; it is recommended that you always verify that the backup succeeded.


Note You should perform a backup every time you add a user.


Procedure


Step 1 Configure the backup location (see Specifying the Backup Location).

Step 2 Select Administration > Appliance > Backup and Restore > Backup.

Step 3 To verify that the backup location is reachable and is running an FTP server:

a. Select Administration > Appliance > Backup and Restore > Backup.

b. Click Test.

c. Click OK.

Step 4 Click Backup. The WLSE saves the backup image.

Step 5 To verify that the backup succeeded:

a. Select Administration > Appliance > Backup and Restore > Restore.

b. The backup image should be listed in the Available Images list.

c. Click Cancel.

You can also log in to the backup location system and verify that there is a backup directory containing WLSE hostname_date_time.inf and WLSE hostname_date_time.tar files.


Related Topic

Restoring Data

Restoring Data

Procedure


Step 1 Select Administration > Appliance > Backup and Restore > Restore.

Step 2 From the Available Images list, select a backup image. Images are listed by Wireless LAN Solution Engine hostname and date and time of backup.

Step 3 Click Restore. The Restore Backup window opens.

Step 4 Click OK.

The Wireless LAN Solution Engine shuts down and restarts while data is being restored.


Related Topics

Backing Up Data

Specifying the Backup Location

Using Diagnostics

The Diagnostics options are:

WLSE Info—Gather troubleshooting information about the WLSE status and create status reports (see Viewing and Creating a Status Report).

Self Test—Create and display self tests (see Viewing and Creating a Self-Test Report).

Processes—View WLSE process status, stop and start processes (see Viewing Processes).

Viewing and Creating a Status Report

The WLSE information and status report shows general WLSE status, log files, package information, database status, process status, web server information, Java class information, and log files.


Note Status reports show UTC time.


Procedure


Step 1 Select Administration > Appliance > Diagnostics > WLSE Info. The WLSE Information and Status Report dialog box appears.

Step 2 To display a report, click its name. If there are no reports listed, you must create a new report by clicking Create.

Step 3 To create a new report, click Create. It will take five to seven minutes for the report to be complete. To display the new report, click its name. If the new report is not listed, click Refresh.

Step 4 To delete a report, click the report check box, then click Delete.


Related Topics

Viewing and Creating a Self-Test Report

Viewing Processes

Viewing and Creating a Self-Test Report

Self-tests show the status of WLSE memory, the database, DNS setup, and backup location configuration. Self-test reports indicate whether the tests passed or failed.


Note The self-test shows UTC time.


Procedure


Step 1 Select Administration > Appliance > Diagnostics > Self Test. The WLSE Self-Test Report dialog box appears.

Step 2 To display a report, click its name. If there are no reports listed, you must create a new report by clicking Create.

Step 3 To display the new report, click its name. If the report is not displayed, click Refresh.

Step 4 To delete a report, select the report check box, then click Delete.


Related Topics

Viewing and Creating a Status Report

Viewing Processes

Viewing Processes

You can view the status of the major processes running on the Wireless LAN Solution Engine using this option. You can also start and stop processes and access complete reports.

Procedure


Step 1 Select Administration > Appliance > Diagnostics > Processes. The Process Report displays the following:

Column
Description

Process name

Describes how a process is registered. For information on the processes displayed, see Processes Displayed.

State

Process status and a summary of the log file entries for the process.

Pid

Process ID. A unique number by which the operating system identifies each running program.

RC

Return code. "0" represents normal program operation. Any other number typically represents an error. Refer to the error log.

Signo

Signal number. "0" represents normal program operation. Any other number is the last signal delivered to the program before it terminated.

Start Time

Time (UTC) and date the process was started.

Stop Time

Time (UTC) and date the process was stopped.

Core

The entry "Not applicable" means the program is running normally.

The entry "Core file created" means the program is not running normally and the operating system has created a file called a core file. The core file stores important data about processes.

Information

The entry indicates what the process is doing. "Not applicable" means the program is not running normally.


Step 2 Perform any or all of these tasks:

To view details, click any process name. The Daemon Information window opens. For information on the contents of this window, see Daemon Information.

To view process status, click any process state. The System Log window opens. For information on the contents of this window, see System Log.

To stop a process, select the check box next to the process name and click Stop. The Process Status table displays the new status and other process information. The WebServer and Tomcat processes cannot be stopped.

To start a stopped process, select the check box next to that process name and click Start. The Process Status table displays the new status and other process information.

To update the Process Status table with the latest data, click Refresh. The table does not automatically update.

To see a complete report of all processes running on the WLSE, click Complete Report.


Processes Displayed

The Process Status table displays the status of the following major WLSE-specific processes:

Process Name
Description

WLSEjobvm

The job virtual machine.

WLSEFaults

The fault manager.

WebServer

The Web Server.

Tomcat

The Java servlet engine.

ExcepReporter

The process that forwards traps.

CDPbrdcast

The CDP daemon that identifies Cisco devices to their immediate neighbors.

PerfMon

The process that monitors performance.


Daemon Information

The Daemon Information dialog box displays the following:

Field
Description

Process

The process name.

Path

The file location.

Flags

The flags used to register the process with the Daemon Manager.

Startup

The method used to start the process.

Dependencies

The other processes that must be running for this process to run.


System Log

The system log, which describes the status of the processes running in the system, displays the following:

Field
Description

Timestamp

The date and time the message is logged.

Process

The process that logged the message.

Type

The message type, such as INFO, WARNING, CRITICAL.

Information

The process status as known by the Daemon Manager.


Setting Up the Splash Screen Message

The Splash Screen option allows you to set up a message that is displayed when a user logs in. After viewing the message, the user clicks Agree to continue logging in Disagree to log out.

Procedure


Step 1 Select Administration > Appliance > Splash Screen. The Splash Screen Message window appears.

Step 2 Enter the message to be displayed.

Step 3 Check the Enable check box, then click Apply. The splash screen message is enabled.


Note You must check Enable for the message to appear.



Setting the Current Time and Date on the WLSE

This option allows you to set the current time and date on the WLSE. This time and date appear in WLSE displays.

To set the UTC time, use the following CLI command:

clock {set hh:mm:ss month day year}

For more information on this command see the User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine—From the online help, click View PDF.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > TIME/NTP/NAME.

Step 2 In the Current Time area, select the new time and date parameters from the lists and click Update.


Specifying NTP Time Servers

This option allows you to maintain the current time on the WLSE by using NTP (Network Time Protocol) servers.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > TIME/NTP/NAME.

Step 2 To remove an NTP server, select it from the Current Servers list and click Remove.

Step 3 To add an NTP server, enter the server's IP address in the NTP Server IP Address text box and click Enable.


Specifying Name Servers

You can specify the addresses of up to three name servers for name and address resolution.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > TIME/NTP/NAME.

Step 2 To remove a name server, select it from the Current Servers list and click Remove.

Step 3 To add a name server, enter its IP address in the Name Server IP Address textbox and click Enable.


Specifying an SMTP Mail Server

To ensure that WLSE email notifications reach their destinations, you can specify an SMTP mail server. This setting affects email notifications about firmware and configuration jobs, email of reports, and email of fault notifications.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > Configure Mailroute.

Step 2 Enter the hostname or IP address of an SMTP mail server on your network and click Save.


Using Connectivity Tools

The options in the Connectivity Tools window allow you to perform connectivity tests and find information about devices.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > Connectivity Tools. The Network Connectivity and Security Test dialog box appears.

Step 2 Enter a device name or IP address in the Device text box.

Step 3 Click an option button:


Note Pressing Enter will not work. You must click a button.


Ping—Test device reachability.

Traceroute—Detect routing errors between the Wireless LAN Solution Engine and the target device.

NSLookup—Look up device or host information via the name server. The information displayed includes server name, server IP address, device name, and the device IP address.

TCP Port Scan—Find the active ports on the device.

SNMP Reachable—Try to reach a device by using SNMP. To reach a device using SNMP, the device's credentials must be entered into the SNMP Communities window (select Administration > Discover > DEVICE CREDENTIALS > SNMP Communities).

A results window appears, telling you whether the connectivity test was successful.

Step 4 Click Close to close the results window.


Managing System Parameters

The System Parameters window allows you to set certain global parameters. For example, to change the interval at which the Wireless Clients reports will be updated, change the value of the Wireless Client Poll Interval parameter.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > System Parameters. The following parameters are displayed in the System Parameters window:

Table 6-10 System Parameters  

Parameter
Description

Inventory Poll Interval

Interval at which the configuration data will be collected from the devices. (This is the data shown in any GUI device detail table.)

Tip For more accurate trending, set this parameter at a lower interval than the Inventory Performance Attributes Polling Interval.

Default: 1 hour

Wireless Client Poll Interval

Interval at which the device data is collected for client information and at which the Wireless Clients reports are updated.

Default: 5 minutes

Inventory Performance Attributes Polling Interval

Interval at which the performance and utilization data will be collected from the devices.

To set the aggregation period of this data, change the Aggregation Interval parameter.

Default: 15 minutes

Aggregation Interval

Interval at which the performance data (from Inventory Performance Attributes Polling Interval) is aggregated. This is the data shown in Report Trends.

Note For reports it is necessary to compute some attributes over longer periods (average, percentages, changes). This interval determines how often these computations are performed.

Default: 3 hours

Short Term Trending Inventory Truncation Interval

How long the performance data (from Inventory Performance Attributes Polling Interval) is retained by the WLSE.

Default: 1 day

Aggregation Truncation Interval

How long the aggregated (historical) data is retained by the WLSE.

Default: 15 days

Fault History Truncation Interval

How long the fault data is retained. This is the data shown in Fault Description.

Default: 30 days

Job History Truncation Interval

How long job data is retained. This is the data shown in Configure > Jobs, Firmware > Jobs, and Reports > Scheduled Email Jobs.

Note Recurring jobs are truncated every day to retain the last 30 runs.

Default: 30 days


Step 2 To change a parameter's interval, select new values from the pulldown lists and click Apply to save the changes. To reset the system parameter to their previous values, click Reset.


Note To reset parameters to previous values, click Reset before saving.


A confirmation dialog appears. To return to the System Parameters window, click Back.


Administering Users

The User Admin options allow you to manage user roles and logins:

Manage Roles—Add, modify, and delete roles (see Managing Roles).

Manage Users—Add, modify, and delete user accounts (see Managing Users).

Related Topic

Modifying Your Profile

Managing Roles

Use this option to add, modify, and delete user-defined roles and to modify predefined roles. A user's role determines the tabs and subtabs the user can access. Users who have access to a subtab can perform all of the tasks under the subtab.

Although you cannot delete predefined roles, you can modify them. The predefined roles and their default privileges are:

System administrator—Superuser access to the Wireless LAN Solution Engine (can perform any task). The password is the password assigned during initial WLSE setup (using the console). You can change the password using the console or the WLSE's Manage Users option (see Managing Users).

Network administrator—Monitoring authority, device configuration authority, and discovery configuration authority.

Network operator—Monitoring and device configuration authority.

Help desk—Monitoring authority only.

You can create other roles, which can be modified or deleted.


Note Your login determines whether you can use this option.


Procedure


Step 1 To access the role management window, select Administration > User Admin > Manage Roles. Role names are displayed in the center pane. To view the subtabs to which the role has access, select the role.

The admin user can view all existing roles.

Other users can only view the roles assigned to them and any roles that they have created.

Step 2 To add a role:

a. Replace the text New Role with the name you have chosen for the new role.

b. Select the check boxes next to the features the role will access. Click Add.


Note When you select a feature (for example, Display Faults), the role is granted access to the corresponding subtab (for example, Faults > Display Faults).


c. The new role appears in the list of roles in the middle pane.

Step 3 To modify a role, select the role. Select the check boxes for the features you want to add to the role and deselect the check boxes next to the features you want to remove from the role. Then click Modify to save the changes.

Step 4 To delete a user-defined role, select the role, then click Delete.


Related Topics

Naming Guidelines

Managing Users

Managing Users

Use this option to:

Add Users

Modify Users

Delete Users

Add Users


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > User Admin > Manage Users. The Add/Modify/Delete dialog appears. The Users list displays the current users.

The admin user can view and modify all existing users.

Other users can view their own logins and any users they have created.

Step 2 Enter the following information, in the order shown:


Note To clear your entries and start over, click Clear.


Field
Information to Enter

User Name

Enter the name of the new user.

User Password

Enter a password for new user.

Confirm Password

Reenter the password.

Email

Enter the email address of the user (optional).

CLI Access

Select the user's access to the WLSE CLI: None, Level 0, or Level 15. By default, Level 15 is selected for System Administrator, and None is selected for other users. Users with privilege level 15 can use all commands, and users with privilege level 0 can use a subset.

Roles

Select one or more roles for the user. To add a role, select it from the pulldown list. To view a role, select it and click show role. To remove a role, select it and click remove.


Step 3 To add the new user, click Add. The new username appears in the Users list. To discard your changes, click Clear.


Modify Users


Note Your login determines whether you can use these options.


Procedure

To modify a user:


Step 1 Select Administration > User Admin > Add/Modify/Delete. The Add/Modify/Delete dialog appears. The Users list displays the current users.


Note Only the logins created by you are displayed. If logins were created by another user, they are not visible; only their creator can display them. The admin user can view all logins.


Step 2 Select the user from the Users list and make the desired changes:

Field
Information to Enter

User Name

Enter the user's name.

User Password

Enter a new password for new user.

Confirm Password

Reenter the new password.

Email

Enter or change the user's email address.

CLI Access

Change the user's access to the WLSE CLI: None, Level 0, or Level 15. By default, Level 15 is selected for System Administrator, and None is selected for others. Users with privilege level 15 can use all commands, and users with privilege level 0 can use a subset. For information on commands available for each privilege level, see the User Guide for the CiscoWorks 1105 Wireless LAN Solution Engine—From the online help, click View PDF.

Roles

Change the user's roles. To add a role, select it from the pulldown list. To view a role, select it and click show role. To remove a role, select it and click remove.


Step 3 Click Modify to save your changes or Clear to discard your changes.


Related Topics

Naming Guidelines

Managing Roles

Delete Users


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > User Admin > Manage Users. The Manage Users dialog appears.

Step 2 Select the username from the Users list, then click Delete. A confirmation dialog appears. After you click OK, the user is deleted.


Modifying Your Profile

Use the My Profile tab to change your password.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > My Profile > Change password.

Step 2 To change your password, enter a new password in the New Password and Re-enter New Password fields. For information on allowable characters, see Naming Guidelines.

Step 3 Click Apply to save your changes or Reset to discard your changes.


Related Topic

Modify Users

Naming Guidelines

Linking to a CiscoWorks2000 Server

You can link to a CiscoWorks2000 server and display the server's desktop in the right pane or in a separate window.


Note This feature is available to all users.


Procedure


Step 1 Select Administration > Links. The Add Links window and list of links appear.

Step 2 To connect to a CiscoWorks2000 server, click a link in the left pane. The server desktop will appear.

Step 3 To add a link:

d. Enter the name of the link and the URL of the server in the Add Link window; for example: http://cw2k_server:1741.

e. If you want the server desktop to appear in the right pane of the WLSE display, deselect Open in New Window. Otherwise, the server desktop opens in a separate window. It is recommended that you allow the server desktop to open in a separate window.

f. Click Save. The link is added to the Links list in the left pane.

Step 4 To edit a link, click Edit under the name of the link in the Links list. Make your changes and click Save.

Step 5 To delete a link, select the link name in the Links list and click Delete.