User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.5
Managing the WLSE System
Downloads: This chapterpdf (PDF - 523.0KB) The complete bookPDF (PDF - 7.77MB) | Feedback

Managing the WLSE System

Table Of Contents

Managing the WLSE System

Managing the Appliance

Using Log Files

About Log Files

Restarting the WLSE

Managing WLSE Software

Viewing Status of Installed Software

Managing the Repository

Downloading the Upgrade Image

Creating the Repository

Defining the Repository

Installing the Software Update

Browsing the Repository

Viewing Software Update History

Managing Security

Overview: Security

Overview: Authentication Modules

Setting Up an Authentication Module

Managing SSL (HTTPS)

Enabling Telnet and Selecting SSH Type

Viewing the Last 10 Logged-On Users

Backing Up and Restoring Data

About Backup and Restore

Specifying the Backup Location

Configuring a Windows 2000 or Windows XP Server as a Backup Location

Scheduling and Running Backups

Restoring Data

Copying Configuration Data from One WLSE to Another

Using WLSE Diagnostics Options

Viewing and Creating a Status Report

Viewing and Creating a Self-Test Report

Managing Processes

Specifying a Splash Screen Message

Setting the Time and Specifying Name Servers

Set the Current Local and UTC Time

Specify NTP Time Servers

Specify Name Servers

Configuring the Mail Route

Using Connectivity Tools

Using Network Tools

Using the SNMP Query Tool

Firmware Version Support

Updating Supported Firmware Versions

Viewing Supported Firmware Versions

Managing Users

Managing Roles

Overview: Roles

Adding, Modifying, and Deleting Roles

Managing User Accounts

Overview: User Accounts

Add Users

Modify Users

Delete Users

Modifying Your Profile

Changing Your Password

Changing Your Email Address

Changing the Default Tab and Subtab

Creating Links

Running the ACS Failed Login Report


Managing the WLSE System


The following subtabs are displayed when you select the Administration tab:


Note Some of these subtabs may not be visible to some users; what you see under the Administration tab depends on your login.


Appliance—Manage the Wireless LAN Solution Engine system (see Managing the Appliance).

System—View information about supported firmware versions, and update firmware support to add newly supported versions (see Updating Supported Firmware Versions).

User Admin—Manage users and user roles (see Managing Users).

My Profile—Set preferences for an individual user: password, email address, and appearance of the interface at login (see Modifying Your Profile).

Links—Set up links to other systems (such as CiscoWorks servers) and display their desktops and run ACS failed login reports (see Creating Links).

Managing the Appliance

Options under the Appliance subtab allow you to manage the WLSE system and use connectivity tools. When you select Administration > Appliance, the following options are displayed:

Status—Gather and view WLSE statistics and restart the WLSE (see Using Log Files and Restarting the WLSE).

Software—Update, reinstall, view status, and define the repository for the WLSE software (see Managing WLSE Software).

Security—Manage WLSE security features, such as telnet, SSL, and authentication modules (see Managing Security).

Backup and Restore—Configure backup location, backup data, and restore data (see Backing Up and Restoring Data).

Diagnostics—Troubleshoot, run self-tests, view process status (see Using WLSE Diagnostics Options).

Splash Screen—Customize the splash screen message (see Specifying a Splash Screen Message).

Time/NTP/Name—Set the current time (see Set the Current Local and UTC Time), specify NTP servers (see Specify NTP Time Servers), and specify IP name servers (see Specify Name Servers).

Configure Mailroute—Specify an SMTP server for handling email notifications (see Configuring the Mail Route).

Connectivity Tools—Test device connectivity and reachability and find the values of SNMP variables (see Using Connectivity Tools).


Note Your login determines whether you can use these options.


Using Log Files

This option allows you to view the contents of WLSE log files, download logs, search for data in logs, and email logs.

Procedure


Step 1 Select Administration > Appliance > Status > View Log File. The following information is displayed:

Field
Description

Log file

Name of the log file.

Directory

Location of log file on WLSE.

File Size

Size of file in bytes.

View

Displays a log file in a separate window.

Download

Saves a log file to your desktop or other location.


Step 2 To see a log file's details, click View. For a description of each file, see About Log Files.

Step 3 To download a log file, click Download.


Note If this method of saving does not work, right-click Download and use the browser menu to save the file.


Step 4 To search within the log files, select one or more files and enter a keyword into the Keyword text box. Click Case Sensitive if you want your search to be case sensitive, then click Search. A separate window displays the results of the search.

Step 5 To email log files, select one or more files and enter one or more comma-separated email addresses in the E-Mail Selected Log Files textbox. Click Send.


About Log Files

The WLSE maintains the following log files.

Log File
Content

access_log

Web server user access log.

backup.log

Log that appears after you back up WLSE data, restore data, or test the reachability of the backup location.

daemons.log

Log for messages that dmgtd does not log.

dataUpdate.log

Log that appears after you upgrade WLSE software.

db2.log

Log showing database startups due to installations or reboots.

dmgtd.log

Process Management daemon log file.

error_log

Web server error log.

faults.log

Device fault log.

install.log

Software package installation log.

jobvm.log

Scheduled tasks log.

mfgtest.log

Manufacturing test log.

mod_jk.log

Message log for hook between Tomcat and Apache.

snmpd.log

SNMP agent log file.

ssl_request_log

Log for secure HTTPS socket layer web server events.

swan.log

Radio management log.

tomcat.log

Java servlet messages log.

updateWLSE-x.x.x.log

Appears after you upgrade WLSE software; for example, updateWLSE-2.0.2.log.


Restarting the WLSE

This option allows you to restart the WLSE. After restart, discovery and inventory will resume at the next scheduled time.

Procedure


Step 1 Select Administration > Appliance > Status > Restart.

Step 2 Click OK to restart the WLSE.


Note To perform a manual soft restart (for example, when modifying a network interface) you can use the CLI commands. (See the User Guide for the Wireless LAN Solution Engine, Release 2.5 on Cisco.com or by clicking View PDF in the online help.)



Managing WLSE Software


Caution Before attempting to upgrade WLSE software, check the readme file associated with the software on Cisco.com for changes to the procedures and caveats. Some procedures in this guide may not be applicable to certain software upgrades.


Note Upgrade from a pre-release software version to an FCS version is not supported.


The software options under Admin > Appliance > Software are:

Status—View information on the installed software, such as software description, installation date, and installation status—See Viewing Status of Installed Software.

Define Repository—Specify the repository location. The repository provides software update services to the WLSE—See Managing the Repository.

Upgrading Software—Select and install a software image from the repository—See Installing the Software Update.

Browse Repository—Browse the available complete images in the repository—See Browsing the Repository.

Software Update History— View information about current and previous versions of installed software, including version number, install date, and installation status—See Viewing Software Update History.

The topics in this section are:

Viewing Status of Installed Software

Downloading the Upgrade Image

Creating the Repository

Defining the Repository

Installing the Software Update

For more information on installing WLSE software, including other installation methods, see the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.5.

Viewing Status of Installed Software

You can view information about the software currently installed on the WLSE.

Procedure


Step 1 Select Administration > Appliance > Software  >  Status. The Installed Software table contains the following information about the software versions that have been installed on the WLSE:

Field
Description

Software Name

Brief description of the software.

Installation Date

Date and time (UTC) the software was installed.

Status

Status of the installation:

Success—Software was installed with no errors.

Warning—Software installed successfully with minor errors.

Error—Software installation was unsuccessful.

Details

Detailed install log for this software.


Last Installation Information shows the following information about the most recent software installation:

Field
Description

Name

Brief description.

Installation Status

Status of the installation:

Success—Software installed with no errors.

Warning—Software installed successfully with minor errors.

Error—Software installation was unsuccessful.

Log File

Detailed install log.


Step 2 To view details about an installation, click View Log in the Details field.

Result: The install log for the selected installation opens, showing information about the most recent software installation.


Related Topics

Viewing Software Update History

Installing the Software Update

Managing WLSE Software

Managing the Repository

The software repository stores the available software updates for the WLSE. The repository can be either local (on the WLSE) or remote (on a Windows NT, Windows 2000, or Windows XP server). The tasks for managing the repository are:

Task
Reference

1.

Download software from Cisco.com.

Downloading the Upgrade Image

2.

Create repository.

Creating the Repository

3.

Define repository.

Defining the Repository


Downloading the Upgrade Image

To locate the upgrade files, follow the navigation path Products and Services > Network Management CiscoWorks > CiscoWorks Wireless LAN Solution Engine > Software Center or use one of the following URLs:

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/prod_upgrades_and_downloads.html

ftp://ftp.cisco.com/cisco/crypto/3DES/cw2000/wlan-sol-eng


Note WLSE update images are subject to import/export regulations on strong encryption. You may be directed to edit your Cisco.com profile to confirm that you are allowed to download such images before you can complete the download.


Download the relevant upgrade files:

If you are using a local repository on the WLSE, download the zip file, the info file, and the readme to an FTP server. The upgrade zip file and the info file must be in the same directory on the FTP server. Do not extract the zip file.

If you are using a Windows server as a repository, download the zip file and the readme file to the Windows server. Do not extract the zip file.

Creating the Repository

Adding files to the repository and deleting files from the repository require the use of CLI commands. For more information on CLI commands, see the User Guide for the Wireless LAN Solution Engine, Release 2.5 on Cisco.com or click View PDF in the online help.

The topics in this section are:

Creating a Local Repository

Creating a Repository on a Windows Server

Creating a Local Repository

To create a local repository on the WLSE:

Procedure


Step 1 Open a CLI window to the WLSE, using Telnet or SSH.

Step 2 Specify the FTP site that will be the source of the software updates. Enter the following CLI command:

repository source ftp://hostname/path

where hostname is the name of the remote FTP server and path is the directory path on the remote FTP where you placed the zip file and info file.

Step 3 Find the software you want on the FTP site by entering the following command. This command requires a valid username and password on the remote FTP server.

repository list remote

Step 4 Download the software to the local repository using the following command. This command requires a valid username and password on the remote FTP server.

repository add package

For example, if the name of the zip file is WLSE-2.5-K9.zip, the package is WLSE-2.5-K9.


Creating a Repository on a Windows Server

A remote repository can serve as the repository for numerous WLSEs. You can create a repository on a Windows NT, Windows 2000, or Windows XP server.


Note A remote repository created on a Windows server is temporary; it will not exist after the server reboots.


Use the following procedure to set up a Windows NT, Windows 2000, or Windows XP server as a remote repository.

Procedure


Step 1 If you are using a Windows XP or Windows 2000 server as a repository and you are using the Internet Explorer 6.0 browser on the client, configure the browser on the repository as follows to make sure the update process works properly. Otherwise, the display during the update process does not work properly.

a. Install Java Plugin 1.3.1_08 or later.

b. In the browser, select Tools > Internet Options > Privacy and lower the slider all the way down to achieve the Accept all Cookies setting.


Note For information on supported browsers, see Supported Browsers.


Step 2 Extract the zip file to any empty directory; for example, D:\WLSE_repository.

Step 3 Open a command window, create a virtual drive, and map the virtual drive to the drive containing the update file; for example:

subst f: d:\WLSE_repository


Note The virtual drive (f: in this example) will be removed after you reboot the Windows 2000, Windows NT, or Windows XP server.


Step 4 Double-click the virtual drive icon. Then, double-click the autorun.bat file if it does not automatically run.

The Appliance Update screen appears in a browser.


Defining the Repository

By defining the repository, you are telling the WLSE where to look for available software updates.

Procedure


Step 1 Select Administration > Appliance > Software > Define Repository.

Step 2 To define or redefine the repository, complete the following:

Text Box
Description

Host Name

Hostname or IP address of the repository. For a local repository, enter localhost. For a remote repository, enter the hostname or IP address of the repository.

Port Number

Port number used by the software on the repository. The default port number for a repository is 9851.

Description

(Optional) Description of the repository.


Step 3 Click Connect to Repository to verify that the hostname and port number you entered are correct. If the data is incorrect, an error message appears.

Step 4 Select Administration > Appliance > Software > Browse Repository to check the update image.


Related Topics

Installing the Software Update

Browsing the Repository

Managing WLSE Software

Installing the Software Update


Caution Before upgrading WLSE software, back up the configuration. The upgrade attempts to preserve the WLSE database, but a backup is needed in case of errors during the upgrade. For information on backing up the WLSE's configuration, see Backing Up and Restoring Data.

Before upgrading WLSE software, check the readme file that accompanies the image on Cisco.com for possible changes to the procedure, caveats, and new features.

When you update or reinstall software, the WLSE stops and restarts. Therefore, you cannot access the WLSE during a software update, and you must log in again after updating software.

Procedure


Step 1 If you are using Internet Explorer 6.0 on a Windows XP client to update WLSE software, make sure Java Plugin 1.3.1_08 is installed on the browser. Otherwise, certain displays during the upgrade process do not work properly.

Step 2 Select Administration > Appliance > Software > Install Software Updates. The Install Software Updates window opens and displays information about the WLSE, the currently defined repository, and the compatible software available for updating.

Step 3 Select a software version from the Compatible Updates table, Compatible Reinstallations table, or Complete Images table.

These tables display the following information about the software you can install.

Field
Description

Name

Software identifier.

Version

Version number.

Summary

Brief description.

Release Date

Release date.

Details

Detailed description.


Step 4 To view details on an image in the table, click README in the Details field.

Step 5 To begin the installation, make a selection from the Compatible Updates table, Compatible Reinstallations table, or Complete Images table.

Step 6 To install the selected software, click Install. The Install Software Updates window opens.

Step 7 Click Confirm to continue the installation. Click Cancel to cancel the installation.

Step 8 When the installation is complete, the WLSE will be unavailable for a few minutes while it restarts.

If the Appliance Update window reappears, click the Cancel button to remove it.

Step 9 To view details of the installation after the installation is complete, select Administration > Appliance > Software  >  Status  > View Log.


Related Topics

Managing the Repository

Viewing Status of Installed Software

Viewing Software Update History

Browsing the Repository

Managing WLSE Software

Browsing the Repository

You can browse the available complete images and software upgrades on the repository using this option.


Note A repository must be defined before you can browse software. To create and define a repository, see Managing the Repository.


Procedure


Step 1 Select Administration > Appliance > Software > Browse Repository.

Step 2 To view detailed information about a complete image or update, click README in the Complete Images table or Updates table. These tables display the following about all the software available on the repository:

Field
Description

Name

Software identifier.

Version

Version number.

Appliance Type

The appliance type that the software is designed for.

Release Date

Release date.

Summary

Brief description.

Details

Detailed description. Click README to display details.



Related Topics

Installing the Software Update

Managing WLSE Software

Viewing Software Update History

This window shows only the update history, not a history of installed images. When you install a complete new image, the previous update history is erased.

Procedure


Step 1 Select Administration > Appliance > Software  >  Software Update History. The following information is displayed:

Table 8-1 Software Update History Window 

Field
Description

Name

Software identifier.

Version

Software version.

Summary

Summary of the installed software.

Install Date

Date and time (UTC) the software was installed.

Status

Status of the installed software.

Status

The status of the installation:

Success—Software was installed with no errors.

Warning—Software installed successfully with minor errors.

Error—Software installation was unsuccessful.

Details

The detailed install log for this installation, including warning and error messages.


Step 2 Click View Log in the Details field to view the detailed installation log.


Related Topics

Viewing Status of Installed Software

Browsing the Repository

Managing WLSE Software

Managing Security

You can manage the following security options under Administration > Appliance > Security:

Authentication Modules—Set up the authentication module to be used (see Setting Up an Authentication Module).

SSL (HTTPS)—Obtain a permanent, signed Certificate Signed Request for secure Web access (see Managing SSL (HTTPS)).

Telnet and SSH—Configure Telnet and SSH settings (see Enabling Telnet and Selecting SSH Type).

Last 10 Logins—View information about the last 10 users who have logged on to the WLSE (see Viewing the Last 10 Logged-On Users).

Related Topics

Overview: Security

Overview: Security

The WLSE provides the following security features:

Optional secure connection through the Web browser—See Managing SSL (HTTPS).

Connection through the CLI via Telnet or SSH—See Enabling Telnet and Selecting SSH Type.

Authentication through the local database or alternative authentication services—See Setting Up an Authentication Module and Managing User Accounts.

Flexible user access to managed devices and WLSE services through configurable roles—See Managing Roles.

Overview: Authentication Modules

The WLSE provides a mechanism for authenticating users through the local authentication module and a local database of user IDs and passwords. Many network managers, however, already have an authentication service. To use your own authentication service instead of the local module, you can select one of the alternative modules:

TACACS+

Radius

MS NT Domain

After you select and configure a module, all authentication transactions are performed by the authentication service associated with that module. Users log in with the user ID and password associated with the current authentication module.

The WLSE determines user roles; therefore, all users must be in the local database of user IDs and passwords. A user's role determines the services and devices that the user can access. Users must have the same user ID locally as they have in the alternative authentication source, but the local password and authentication service password do not have to be same.

Users who are authenticated by an alternative service and who are not in the local database have no roles assigned to them. Users who have no roles see only the splash screen after logging in and cannot view screens or perform tasks.

If the alternative authentication service fails, the Wireless LAN Solution Engine defaults to the Local authentication module. Even if the local user database fails, you can always log in as the admin user.

Related Topics

Setting Up an Authentication Module

Managing Users

Setting Up an Authentication Module

You can use your existing authentication method to authenticate WLSE users by selecting and configuring one of the WLSE's login modules.

To configure an authentication module for users logging in to the CLI via Telnet or SSH, see the chapter titled "Managing the WLSE via the CLI" or the appendix titled "Using the Command Line Interface" in the User Guide for the Wireless LAN Solution Engine, Release 2.5. To view the user guide from the onine help, click View PDF.


Note Even if you are using your own authentication service, all users must still be in the local database of users. For information on adding users to the local database, see Managing Users.


Procedure


Step 1 Select Administration > Appliance > Security > Authentication Modules.

Step 2 Select an authentication module from the Select Module drop down list, then click Submit.

Step 3 Depending on the authentication module you selected, enter the following data, then click Submit:

RADIUS module or TACACS+ module:

Primary Server and Secondary Server—IP addresses or device names of the primary and secondary authentication servers. A secondary server is optional.

Shared Secret—Secret key.

MS NT Domain module:

Domain—Name of the Windows domain.

Primary Domain Controller and Backup Domain Controller—Names of the primary and backup Windows domain controllers. A backup domain controller is optional.


After you change the authentication module, you do not have to restart the WLSE. Changing the module does not affect users who are currently logged on. Users who log on after the change use the new module.

Related Topics

Overview: Authentication Modules

Managing SSL (HTTPS)

SSL (secure socket layer) protocol provides a secure connection between Web clients and the WLSE. When you initially install and set up the WLSE, an unsigned certificate and a CSR (Certificate Signed Request) are automatically generated and SSL is enabled. The unsigned certificate expires in one year. To obtain a permanent, signed certificate, use the following procedure.


Note If you did not generate an unsigned certificate during initial installation and setup of the WLSE, see Unsigned Certificate Not Generated before attempting this procedure.


Procedure


Step 1 Select Administration > Appliance > Security > SSL (HTTPS).

Step 2 Click View CSR. The encrypted CSR is displayed.

If the following error message appears, see Unsigned Certificate Not Generated:

No certificate signing request was found. Please contact your 
administrator.

Step 3 Copy the encrypted CSR (between the begin and end lines). Send the CSR to a certificate authority (such as Verisign), following the authority's procedure.

Step 4 When you receive the signed certificate:

a. Copy it into an ASCII file on a client system.

b. On the same client, select Administration > Security.

c. Under SSL (HTTPS), type the path to the signed certificate or click Browse to locate the file, then click Submit Certificate.

d. To use the new certificate, you need to restart the Wireless LAN Solution Engine by logging on through the CLI, running the services stop command to stop the system, then running the services start command to restart the system.

Step 5 You should block logins on the regular HTTP port (1741):

a. Log in to the WLSE's CLI by using the console or by using Telnet or SSH.

b. Enter the following CLI command:

# firewall eth0 1741

For more information on this command, see Appendix B in the User Guide for the Wireless LAN Solution Engine, Release 2.5. To view this guide from the online help, click View PDF.

Step 6 To establish a connection to the WLSE using SSL, use the prefix https instead of http when entering the URL into the browser and do not append a port number to the URL.


Unsigned Certificate Not Generated

You must log in to the CLI and use the mkcert command to generate an unsigned certificate, then log back in to the Web interface to complete the procedure for enabling SSL. For information on using the mkcert command, see Appendix B in the User Guide for the Wireless LAN Solution Engine, Release 2.5. To view this guide from the online help, click View PDF.

Enabling Telnet and Selecting SSH Type

Telnet can be used for connecting to the WLSE through the CLI. By default, Telnet is disabled, which prevents unsecure connections through the CLI.

SSH is enabled by default. SSH provides a secure Telnet connection, encrypting all traffic, including passwords. By default, both SSH1 and SSH2 are used.

Procedure


Step 1 Select Administration > Appliance > Security > SSH and Telnet.

Step 2 To change the type of SSH used, select the desired SSH version from Select Protocol, then click Change Protocol.

Step 3 To enable or disable Telnet, make a selection from Telnet, then click Configure.

Changes take place immediately.


Viewing the Last 10 Logged-On Users

To view information about the last 10 users who have logged on to the WLSE:

Procedure


Step 1 Select Administration > Appliance > Security > Last 10 Logins.

The Last 10 Logins table shows the following information for the last 10 logins:

Field
Description

Login Name

User's login name.

Logged In Since

Date and time the user logged in (UTC).

IP Address

IP address of the system from which the user logged in.

Associated role

Role assigned to the user.



Backing Up and Restoring Data

Backup and restore allows you to backup the WLSE's configuration and restore it if necessary.

The following options are provided for backup and restore:

Configure—You must set the backup location before you can run backups (see Specifying the Backup Location).

Backup—Schedule a backup of WLSE data or run an immediate backup (see Scheduling and Running Backups).

Restore—Restore an available backup image (see Restoring Data).

Related Topics

About Backup and Restore

About Backup and Restore


Note Backups from pre-release software cannot be restored on the FCS version.


Backing up the WLSE saves its configuration data in case you need to restore the data. The backup operation backs up the entire WLSE database and configuration, which includes appliance setup, fault and performance data, device credentials, WLSE users, configuration templates, user-created groups, and jobs.

Backups are typically done on a regular basis (for example, weekly). However, you may choose to back up infrequently and use one or more of the data export mechanisms to gather interesting data from the WLSE.

The backup operation may take some time depending on the size of the database: the larger the database, the more the backup time will be required.

The restore operation includes all the information in the backup, including the information entered during initial configuration of the WLSE (setup program).

The restore process disrupts normal WLSE operation because the process shuts down the WLSE internal database.

You can restore data backed up on one WLSE to another WLSE. You cannot, however, restore backup data from a WLSE 1130 to a WLSE 1105. For information on restoring from one WLSE to another, see Copying Configuration Data from One WLSE to Another.

Specifying the Backup Location

You must set the backup location before you can run backups. The backup location must be an FTP server because the WLSE uses FTP to transfer the data.


Note If you are using a Windows 2000 or Windows XP server as the backup location, you must configure the server for UNIX directory mode. See Configuring a Windows 2000 or Windows XP Server as a Backup Location.


Procedure


Step 1 Select Administration > Appliance > Backup and Restore > Configure.

Step 2 Enter the following data:

Field
Description

Hostname/IP

Hostname or IP address for the backup location.

Username

Valid username on the backup location machine.

Password

Valid password on the backup location machine.

Verify Password

Path (Optional)

Path to the backup location. When specifying the path on a Windows 2000 or Windows XP server:

Use either forward slashes (/) or backslashes (\) as directory separators.

Do not include the drive specifier; for example, c:\.

Path is relative to the ftp root.

Backup mechanism can create multiple directory levels for you.


Step 3 Click Save, or click Erase to clear your entries or remove the previously configured backup location.

Step 4 To verify that the backup location is reachable and is configured as an FTP server, click Test.


Related Topics

Scheduling and Running Backups

Restoring Data

Configuring a Windows 2000 or Windows XP Server as a Backup Location

About Backup and Restore

Configuring a Windows 2000 or Windows XP Server as a Backup Location

To serve as a backup location, a Windows 2000 or Windows XP server must be configured for UNIX directory mode.

Procedure


Step 1 On the server, select Start > Settings > Control Panel > Administrative Tools > Internet Services Manager.

If this option is not available on the server, first enable it as follows:

a. Select Start > Settings > Control Panel > Add/Remove Programs.

b. On the left side of the Add/Remove window, click Add/Remove Windows Components. The Windows Components wizard starts.

c. Select Internet Information Services, then click Next.

Step 2 Right-click the FTP site for which you want to set the directory output style, then select Properties.

Step 3 Select FTP Service from the Master Properties list and click Edit.

Step 4 Select the Home Directory property sheet:

Select Write under FTP Site Directory.

Select UNIX under Directory Listing Style.

Click OK.


Scheduling and Running Backups

Data backed up includes role and user information, discovery configuration information, and other configuration information. The following procedure includes a verification step; it is recommended that you always verify that the backup succeeded. You can run an immediate backup or schedule regular backups.


Note Normal operations continue during backup.



Note You should perform a backup whenever you add users.


Procedure


Step 1 Make sure the backup location has been specified (see Specifying the Backup Location).

Step 2 Select Administration > Appliance > Backup and Restore > Backup.

Step 3 To run an immediate backup, click Backup Now.

Step 4 To schedule automatic backups:

a. Enter the start date and time:

Select Every Month or a specific month.

Select Every Day, a day of the week, or a day of the month.

Select the time as hours (24-hour clock) and minutes (5-minute increments).

b. Click Schedule Backup.

Step 5 To cancel a scheduled backup, click Remove Scheduled Backup.

Step 6 There are several ways to verify that the backup succeeded:

Check the log file under backup.log file under Administration > Appliance > Status > View Log File.

Select Administration > Appliance > Backup and Restore > Restore. The backup image should be listed in the Available Images list. Click Cancel.

Log in to the backup location system and verify that there is a backup directory containing WLSE hostname_date_time.inf and WLSE hostname_date_time.tar files.


Related Topics

Restoring Data

About Backup and Restore

Restoring Data


Note The WLSE shuts down and restarts while data is being restored.


To restore the WLSE's configuration data from a backup:

Procedure


Step 1 Select Administration > Appliance > Backup and Restore > Restore.

Step 2 From the Available Images list, select a backup image. Images are listed by WLSE hostname and date and time of backup.

Step 3 Click Restore Appliance Network Information if you want to restore the following information that is stored in flash memory:

Network information—WLSE hostname, IP address, domain name, name servers, NTP server.

Users' CLI access privileges.


Caution Deselect Restore Appliance Network Information if you are restoring a backup created on another WLSE. For more information on restoring from one WLSE to another, see Copying Configuration Data from One WLSE to Another.

Step 4 Click Restore. The Restore Backup window opens.

Step 5 Click OK.

The Wireless LAN Solution Engine shuts down and restarts while data is being restored.


Related Topics

Scheduling and Running Backups

Specifying the Backup Location

About Backup and Restore

Copying Configuration Data from One WLSE to Another

You can back up data from one WLSE and copy it to another by using the backup and restore features. If you are replacing one WLSE with another, see the instructions in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, 2.5.


Note You cannot restore a backup from a WLSE 1130 to a WLSE 1105.



Step 1 Back up the data on the source WLSE. For more information, see Backing Up and Restoring Data.

Step 2 If you have installed a new WLSE and have not configured it yet, run the setup program and complete the initial configuration.

For information on the setup program and initial configuration, see the Installation and Configuration Guide for the Cisco Works Wireless LAN Solution Engine, 2.5.

Step 3 Restore configuration data to the destination WLSE, using the backup you made in Step 1.


Caution Be sure to deselect Restore Appliance Network Information. Otherwise, the network information in flash memory will be overwritten and you will have to erase the WLSE's configuration and run the setup program.

For more information on restoring backups, see Restoring Data.


Using WLSE Diagnostics Options

The options under Administration > Appliance > Diagnostics are:

WLSE Info—Gather troubleshooting information about the WLSE status and create status reports (see Viewing and Creating a Status Report).

Self Test—Create and display self tests (see Viewing and Creating a Self-Test Report).

Processes—View WLSE process status, stop and start processes (see Managing Processes).

Viewing and Creating a Status Report

The WLSE information and status report shows general WLSE status, log files, package information, database status, process status, web server information, Java class information, and log files.


Note Status reports show UTC time.


Procedure


Step 1 Select Administration > Appliance > Diagnostics > WLSE Info. Any existing reports are listed.

Step 2 To display a report, click its name.

Step 3 To create a new report, click Create. It will take five to seven minutes for the report to be complete. To display the new report, click its name. If the new report is not listed, click Refresh.

Step 4 To delete a report, select it and click Delete.


Related Topics

Viewing and Creating a Self-Test Report

Managing Processes

Viewing and Creating a Self-Test Report

Self-tests show the status of WLSE memory, database, DNS setup, and backup location configuration. Reports indicate whether the tests passed or failed. Self-tests are used mainly by the TAC when diagnosing problems.


Note Self-test reports show timestamps as UTC time.


Procedure


Step 1 Select Administration > Appliance > Diagnostics > Self Test. Any existing report is listed.

Step 2 To display the report, click its name.

Step 3 If no report is listed, you can create a new report by clicking Create.

Step 4 To display the new report, click its name. If the report is not displayed, click Refresh.

Step 5 To delete a report, select it and click Delete.


Related Topics

Viewing and Creating a Status Report

Managing Processes

Managing Processes

You can view the status of the major processes running on the WLSE, start and stop processes, and access complete reports.

Procedure


Step 1 Select Administration > Appliance > Diagnostics > Processes. The Process Report displays the following information.

Column
Description

Process name

Describes how a process is registered. For information on the processes displayed, see Processes Displayed.

State

Process status and a summary of the log file entries for the process.

Pid

Process ID. A unique number by which the operating system identifies each running program.

RC

Return code. "0" means normal program operation. Any other number typically represents an error. Refer to the error log.

Signo

Signal number. "0" means normal program operation. Any other number is the last signal delivered to the program before it terminated.

Start Time

Time (UTC) and date the process was started.

Stop Time

Time (UTC) and date the process was stopped.

Core

"Not applicable" means the program is running normally.

"Core file created" means the program is not running normally and the operating system has created a core file. The core file stores important data about processes.

Information

What the process is doing. "Not applicable" means the program is not running normally.


Step 2 From the process table, you can do the following:

Task
Procedure

View details.

Click process name. See Daemon Information.

View process status.

Click process state. See System Log.

Stop process.

Select process and click Stop. New status and other process information is displayed. The WebServer and Tomcat processes cannot be stopped.

Start process.

Select process and click Start. New status and other process information is displayed.

Update table with latest data.

Click Refresh. The table does not automatically update.

View all processes.

Click Complete Report.



Processes Displayed

The Process Report table displays the status of the following major WLSE processes:

Process Name
Description

WirelessSvcMgr

Process that manages the internal radio management tasks.

WLSEjobvm

The job virtual machine.

WLSEFaults

The fault manager.

WebServer

The Web Server.

Tomcat

The Java servlet engine.

ExcepReporter

The process that forwards traps.

CDPbrdcast

The CDP daemon that identifies Cisco devices to their immediate neighbors.

PerfMon

The process that monitors performance.


Daemon Information

The Daemon Information dialog box displays the following:

Field
Description

Process

Process name.

Path

File location.

Flags

Flags used to register the process with the Daemon Manager.

Startup

Method used to start the process.

Dependencies

Other processes that must be running for this process to run.


System Log

The system log, which describes the status of the processes running in the system, displays the following:

Field
Description

Timestamp

Date and time the message is logged.

Process

Process that logged the message.

Type

Message type: INFO, WARNING, CRITICAL.

Information

Process status as known by the Daemon Manager.


Specifying a Splash Screen Message

The Splash Screen option allows you to set up a message that is displayed when a user logs in. After viewing the message, the user clicks Agree to continue logging in or Disagree to log out.

Procedure


Step 1 Select Administration > Appliance > Splash Screen.

Step 2 Enter the message to be displayed.

Step 3 Check the Enable check box, then click Apply. The splash screen message is enabled.


Note You must check Enable for the message to appear.



Setting the Time and Specifying Name Servers

The Administration > Appliance > Time/NTP/NAME option allows you to:

Set the Current Local and UTC Time

Specify NTP Time Servers

Specify Name Servers

Set the Current Local and UTC Time

Current local (browser) time appears in most WLSE displays. Universal Coordinated Time (UTC) is the system time and appears in log files.

To set the time that appears in the Web interface, use the following procedure. Because there is a single system clock, setting the time here also updates the UTC time.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > TIME/NTP/NAME.

Step 2 In the Current Time area, select the new time and date parameters from the lists and click Update.


Specify NTP Time Servers

This option allows you to maintain the current time on the WLSE by using NTP (Network Time Protocol) servers.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > TIME/NTP/NAME.

Step 2 To remove an NTP server, select it from the Current Servers list and click Remove.

Step 3 To add an NTP server, enter the server's IP address in the NTP Server IP Address text box and click Enable.


Specify Name Servers

You can specify the addresses of up to three name servers for name and address resolution.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > TIME/NTP/NAME.

Step 2 To remove a name server, select it and click Remove.

Step 3 To add a name server, enter its IP address in the Name Server IP Address textbox and click Enable.


Configuring the Mail Route

To ensure that WLSE email notifications reach their destinations, you can configure the WLSE's mail route by specifying an SMTP mail server. This setting affects emailing notifications about firmware and configuration jobs, emailing reports, and emailing fault notifications.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > Configure Mailroute.

Step 2 Enter the hostname or IP address of an SMTP mail server on your network and click Save.

Step 3 To remove the mail route, click Remove.


Using Connectivity Tools

When you select Administration > Appliance > Connectivity Tools, the following options for testing device connectivity and reachability are displayed:

Network Tools—ping, traceroute, nslookup, TCP port scan, SNMP reachability (see Using Network Tools).

SNMP Query Tool—query a device's SNMP variables (see Using the SNMP Query Tool).

Using Network Tools

The Network Tools option offers several tools for testing device connectivity.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > Connectivity Tools.

Step 2 Enter a device name or IP address in the Device text box.

When you select an option button, the results window tells you whether the connectivity test was successful. Pressing Enter will not work. You must click a button.

Table 8-2 Connectivity Tools 

Button
Description
Results

Ping

Tests device reachability.

If successful, statistics are displayed on the packets transmitted and received.

Traceroute

Detects routing errors between the WLSE and a device.

If successful, the routes to the device are displayed.

NSLookup

Looks up hostname or IP address information via the name server.

If successful, displays the name server name and IP address and the device name and IP address.

TCP Port Scan

Finds the active ports on a device.

Displays the active ports.

SNMP Reachable

Tries to reach a device by using SNMP. To reach a device by using SNMP, the device's credentials must be in the WLSE database. To check credentials, select Administration > Devices > Discover > Device Credentials > SNMP Communities.

If the device is reachable, its sysObjID is displayed.

If no sysObjID is returned:

The query may be timing out because the device is busy or is remotely located.

The SNMP agent in the device may not be functioning.


Step 3 Click Close to close the results window.


Using the SNMP Query Tool

This tool allows you to find the value of a specified SNMP variable. Normally, this tool is used under the direction of Cisco TAC when they are assisting you with troubleshooting a problem.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > Appliance > Connectivity Tools > SNMP Query Tool.

Step 2 Enter the device's IP address or hostname and the OID of the SNMP variable.

Step 3 Click Get to display a single-value variable.

Step 4 Click Get Table to display a variable that consists of a table.

Step 5 Click Clear to clear your entries.


Firmware Version Support

You can use the WLSE to upgrade and update the firmware on one or more access points, either as a scheduled operation or on demand. To accomplish this, information about supported firmware versions is stored on the WLSE. You can:

View the versions currently supported by the WLSE.

Update the version support on the WLSE.

The topics covered in this section are:

Updating Supported Firmware Versions

Viewing Supported Firmware Versions

Updating Supported Firmware Versions

When WLSE 2.5 was released, support was included for the access point firmware versions that were available at that time. The WLSE can be updated to add support for firmware versions that are released later. When support is available for newer versions, an update file will be posted on Cisco.com. You can download this file and import it into the WLSE to update versions supported by the firmware module.


Note Your login determines whether you can use this option.


To import new firmware support information:

Procedure


Step 1 To download the firmware version update file to your desktop or another network computer from Cisco.com, you can either:

Enter this URL in the browser:

www.cisco.com/en/US/products/sw/cscowork/ps3915/prod_upgrades_and_downloads.html

Navigate to Products and Services > Network Management CiscoWorks > CiscoWorks Wireless LAN Solution Engine > Software Center.

The firmware version update file is listed along with the WLSE software update files.

Step 2 Select Administration > System > New Version Support.

Step 3 Enter the path to the device support file or click Browse.

Step 4 Click Import.

Step 5 To display the firmware versions currently supported by the WLSE, see Viewing Supported Firmware Versions.


Related Topics

Viewing Supported Firmware Versions

Viewing Supported Firmware Versions


Note Your login determines whether you can use this option.


To display firmware versions currently supported by the WLSE:


Step 1 Select Administration > System > Firmware Supported Versions.

Step 2 The access point firmware versions that are supported by this WLSE are displayed.

Step 3 To import updated firmware support, see Updating Supported Firmware Versions.


Related Topics

Updating Supported Firmware Versions

Managing Users

The options displayed when you select Administration > User Admin allow you to manage user roles and logins:

Managing Roles—Add, modify, and delete user roles.

Managing User Accounts—Add, modify, and delete user accounts.

Related Topics

Modifying Your Profile

Overview: Authentication Modules

Managing Roles

Use this option to add, modify, and delete user-defined roles and to modify predefined roles. A user's role determines the tabs and subtabs the user can access. Users who have access to a subtab can perform all of the tasks under the subtab.

This section contains the following topics:

Adding, modifying, and deleting roles—See Adding, Modifying, and Deleting Roles.

About roles—See Overview: Roles.

Overview: Roles

A user's role determines the tabs and subtabs the user can access. Users who have access to a subtab can perform all of the tasks under the subtab.

The XML API privileges are for users who will be using the XML application programming interface (API). If you are using the API, you should create different users for this purpose, and grant such users access to the API only. Access to the API is authenticated and authorization is checked. For more information about the XML API, see the Developer Guide for the CiscoWorks Wireless LAN Solution Engine. This guide is included with the XML API SDK in the Software Center on Cisco.com.

Although you cannot delete predefined roles, you can modify them. The predefined roles and their default privileges are:

System administrator—Allows access to all WLSE tasks. You can change the password using the console or the WLSE's Manage Users option (see Managing User Accounts). You cannot modify the privileges of this role.

Network administrator—Monitoring authority, device configuration authority, and discovery configuration authority.

Network operator—Monitoring and device configuration authority.

Help desk—Monitoring authority only.

You can use these predefined roles to control which features staff members are allowed to access. Less skilled, front-line technical support can be assigned the Help Desk role. More skilled and experiences support staff might be given the Network Operator or Network Administrator roles. The most skilled and experienced staff with direct responsibility for the WLSE should be given the System Administrator role.

Adding, Modifying, and Deleting Roles

You can edit the predefined roles, or you can create new, user-defined roles. You can modify or delete any user-defined roles.


Note Your login determines whether you can use this option.


Procedure


Step 1 To access the role management window, select Administration > User Admin > Manage Roles. Role names are displayed in the center pane. To view the subtabs to which the role has access, select the role.

The admin user can view all roles.

Other users can only view the roles assigned to them and any roles that they have created.

Step 2 To add a role:

a. Replace the text New Role with the name you have chosen for the new role.

b. Select the check boxes next to the features the role will access. Click Add.


Note When you select a feature (for example, Display Faults), the role is granted access to the corresponding subtab (for example, Faults > Display Faults).


c. The new role appears in the list of roles.

Step 3 To modify a role, select the role. Select the check boxes for the features you want to add to the role and deselect the check boxes next to the features you want to remove from the role. Then click Modify to save the changes.

Step 4 To delete a user-defined role, select the role, then click Delete.


Related Topics

Naming Guidelines

Managing User Accounts

Managing User Accounts

Using the options under this tab, you can create new user accounts, modify existing users, and delete users. The topics in this section are:

Add Users

Modify Users

Delete Users

Overview: User Accounts

Related Topics

Overview: Authentication Modules

Modifying Your Profile

"Naming Guidelines"

Overview: User Accounts

Each new user must be assigned at least one role and assigned a privilege level for accessing the WLSE CLI. There are three possible privilege levels for the WLSE CLI:

None—No access to the CLI.

Level 0—Limited access to viewing basic WLSE configuration.

Level 15—Full WLSE CLI access. Typically, level 15 privileges should only be given to the most skilled systems administration level users.

The default user (admin) is created when the setup script is run. The admin user has the System Administrator role and level 15 CLI privileges. This user cannot be deleted.

User accounts that you add by using the CLI commands do not have Web interface privileges. You can modify such users in the Web interface and add the appropriate roles to give them access to the Web interface.

Add Users


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > User Admin > Manage Users. The Users list displays the current users.

The admin user can view and modify all existing users.

Other users can view their own logins and any users they have created.

When creating other users, a user can only assign his role or a role with lesser privileges. For example, userA has only the network administrator role. Users created by userA can have only the network administrator role or roles with fewer privileges.

Step 2 Enter the following information, in the order shown:

Field
Information to Enter

User Name

Name of the new user.

User Password

Password for the new user.

Confirm Password

Email

Email address of the user (optional).

CLI Access

User's level of access to the WLSE CLI: None, Level 0, or Level 15. Users with privilege level 15 can use all commands, and users with privilege level 0 can use a subset of commands.1

Roles

One or more roles for the user. To add a role, select it from the pulldown list. To view a role, select it and click show role. To remove a role, select it and click remove.

1 For information on CLI commands, see Appendix B in the User Guide for the Wireless LAN Solution Engine, Release 2.5


Step 3 To clear your entries and start over, click Clear.

Step 4 To add the new user, click Add. The new username is added to the Users list. To discard your changes, click Clear.


Related Topics

Modifying Your Profile

"Naming Guidelines"

Modify Users


Note Your login determines whether you can use these options.


Procedure

To modify a user:


Step 1 Select Administration > User Admin > Add/Modify/Delete. The Users list displays the current users.


Note Only the logins created by you are displayed. If logins were created by another user, they are not visible; only their creator can display them. The admin user can view all logins.


Step 2 Select the user from the Users list and make the desired changes:

Field
Information to Enter

User Name

User's name.

User Password

New password for user.

Confirm Password

Email

Enter or change the user's email address.

CLI Access

User's access to the WLSE CLI: None, Level 0, or Level 15. By default, Level 15 is selected for System Administrator, and None is selected for others. Users with privilege level 15 can use all commands, and users with privilege level 0 can use a subset. For information on commands available for each privilege level, see the User Guide for the Wireless LAN Solution Engine, Release 2.5—From the online help, click View PDF.

Roles

User's roles. To add a role, select it from the pulldown list. To view a role, select it and click show role. To remove a role, select it and click remove.


Step 3 Click Modify to save your changes or Clear to discard your changes.


Related Topics

Naming Guidelines

Managing Roles

Modifying Your Profile

Delete Users

Use the following procedure to delete users.


Caution If a user is deleted, all the users created by the deleted user are also removed. For example, if userA creates userB and then userA is deleted, userB is also deleted.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > User Admin > Manage Users.

Step 2 Select the username from the Users list, then click Delete. After you click OK, the user is deleted.


Modifying Your Profile

Use the My Profile tab to:

Change your password—See Changing Your Password.

Change your email address—See Changing Your Email Address.

Set your home page preferences—See Changing the Default Tab and Subtab.

Changing Your Password

The user password is set when the user is created. Use the following procedure to change your password.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > My Profile > Change password.

Step 2 To change your password, enter a new password in the New Password and Re-enter New Password fields. For information on allowable characters, see Naming Guidelines.

Step 3 Click Apply to save your changes or Reset to discard your changes.


Related Topics

Modify Users

Naming Guidelines

Changing Your Email Address

The email address is set initially when a user is created. To change your email address, use the following procedure.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > My Profile > Change Email Address.

Step 2 Enter a new email address.

Step 3 Click Save to save your changes or Reset to discard your changes.


Related Topics

Modify Users

Changing the Default Tab and Subtab

By default, an overview that provides information about all the main tabs is displayed when you log in. When you select a tab, an overview of the subtabs is displayed.

Use the following procedure to select a tab as your home page and select default subtabs for each main tab.


Note Your login determines whether you can use this option.


Procedure


Step 1 Select Administration > My Profile > Set Tab Defaults.

Step 2 Select the home page you want displayed when you log in. For example, you may want your most frequently used tab to be displayed first.

Selecting Overview restores the defaults.

Selecting a main tab makes that tab your default home page.

Step 3 Select default subtabs for any or all main tabs:

Selecting Overview displays information about the contents of the subtab.

Selecting a subtab makes that subtab the default tab that appears first when you select the main tab.

Step 4 Click Save to save your changes or Reset to discard them.


Creating Links

You can link to other systems and display their desktops in the right pane or in a separate window. For example, you could link to a CiscoWorks server, to Cisco Secure ACS, or to another WLSE.

There is one preconfigured link for running the ACS Failed Login Report, which generates a report on failed logins on an ACS server. For more information, see Running the ACS Failed Login Report.


Note This feature is available to all users.


Procedure


Step 1 Select Administration > Links. The Add Links window and current links appear.

Step 2 To add a link:

a. Enter the name of the link and the URL of the system in the Add Link window; for example: http://cw_server:1741 creates a link to the CiscoWorks server called cw_server.

b. To display the system's desktop in the right pane of the WLSE interface, deselect Open in New Window. Otherwise, the display opens in a separate window. It is recommended that you display the desktop in a separate window.

c. Click Save. The link is added to the Links list in the left pane.

Step 3 To edit a link, click Edit under the name of the link in the Links list. Make your changes and click Save.

Step 4 To delete a link, select the link name in the Links list and click Delete.

Step 5 To activate a link and connect to the other system, click the link name in the left pane.

Step 6 To configure the ACS Failed Login Report link, click Edit under ACS Failed Login Report and enter the following information:

Field
Description

URL

URL of the ACS server.

Username

Administrator username created when ACS software was installed on the ACS server.

Password

Password for the administrator username.


Step 7 Click Save.


Running the ACS Failed Login Report

The ACS failed login report shows failed logins on a specified Cisco Access Control Server (ACS).

To configure the link for an ACS failed login report:


Step 1 Select Administration > Links.

Step 2 Under ACS Failed Login Report in the left panel, click Edit.

Step 3 Enter the following information:

The URL of the ACS server.

The username of a user on the ACS server.

The password of the user.

Step 4 Click Save.

Step 5 To run the ACS failed login report on a server, click the link name.