Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, 2.0
Administering the Wireless LAN Solution Engine
Downloads: This chapterpdf (PDF - 330.0KB) The complete bookPDF (PDF - 2.68MB) | Feedback

Administering the Wireless LAN Solution Engine

Table Of Contents

Administering the Wireless LAN Solution Engine

Logging In and Out

Administering User Accounts

Backing Up and Restoring the WLSE's Configuration

Specifying the Backup Location

Backing Up the WLSE

Restoring the WLSE

Upgrading WLSE Software

Back Up the WLSE

Download the WLSE Software Files

Set Up the Repository

Define the Repository

Install the Software Upgrade

View Software Update History

Rebooting the WLSE

Shutting Down the WLSE

Erasing the System Configuration

Resetting the WLSE to Factory Defaults

Setting WLSE Date and Time

Setting the System Clock Using NTP

Setting the System Clock Manually

Setting the Current Local Time

Configuring the Ethernet Interfaces

Configuring Protocols on the Ethernet Interfaces

Configuring Interface Parameters

Managing Devices on Both Interfaces

Configuring Email

Administering Management Services

Viewing System Information

Using the Maintenance Image

Booting from the Maintenance Image

Recovering from the Loss of All Administrator Passwords

Installing a Replacement WLSE

Removing the Old WLSE

Installing the Replacement WLSE

Copying Configuration Data from One WLSE to Another

Using the Recovery CD

Reimaging the WLSE

Using the Rescue Image


Administering the Wireless LAN Solution Engine


This chapter describes the major system administration tasks for CiscoWorks 1105 and CiscoWorks 1130 WLSEs.


Note Many of the tasks in this chapter can be performed by using either the Web interface or the Command Line Interface (CLI). For more information on the Web interface, see the WLSE online help or the User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.0. For details on CLI commands, see "Using CLI Commands."


This chapter contains information about the following tasks:

Logging In and Out

Administering User Accounts

Backing Up and Restoring the WLSE's Configuration

Upgrading WLSE Software

Rebooting the WLSE

Shutting Down the WLSE

Erasing the System Configuration

Setting WLSE Date and Time

Configuring the Ethernet Interfaces

Administering Management Services

Viewing System Information

Using the Maintenance Image

Recovering from the Loss of All Administrator Passwords

Installing a Replacement WLSE

Copying Configuration Data from One WLSE to Another

Using the Recovery CD

Logging In and Out

You can connect to the WLSE system in the following ways:

Point a Web browser at the WLSE. Enter the WLSE IP address or hostname followed by :1741.

Enter a valid username and password in the login screen. Click Logout to log out.

Telnet to the WLSE or connect a console to the WLSE's console port. Enter a valid username and password at the Login prompt. Enter exit to log out.

If you are using the console:

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as the console port.

For the WLSE 1130, use the serial port on the back panel as the console port.


Note If you have a CiscoWorks server in your network, you can use Management Connection to add WLSE as an external application link to the CiscoWorks navigation tree. This lets you access WLSE directly from the CiscoWorks navigation tree. For more details, see the document Integrating Cisco Applications with CiscoWorks2000 Management Connection (CMC) on Cisco.com.


Administering User Accounts

You can create users, assign roles to them to control their access privileges, and create custom roles.

To create users:


Step 1 In the Web interface, select Administration > User Admin.

Step 2 Click Help.


For more information on users and roles, see the User Guide for the Wireless LAN Solution Engine.


Note You can also create users by using the username CLI command; however, such users do not have access to the Web interface features.


Backing Up and Restoring the WLSE's Configuration

You should backup the WLSE at regular intervals and before software updates or system recoveries. Backing up the WLSE preserves all roles, users, discovery, and configuration information.

Before attempting to backup or restore your WLSE, make sure you have a valid username and password on the system serving as the backup location, the backup directory exists and has the proper permissions for the username and password, and the system allows FTP.

Backup and restore commands use the backup location you have specified.


Note You can replace one WLSE with another by backing up and restoring the data from the old WLSE to the new one. See Installing a Replacement WLSE.



Note You can restore a backup made on one WLSE to another WLSE. For information, see Copying Configuration Data from One WLSE to Another.


Specifying the Backup Location

Before backing up, you must specify the backup location. The backup location must be on an FTP server.

To use the Web interface to specify the backup location:


Step 1 Select Administration > Appliance > Backup and Restore > Configure.

Step 2 Click Test to verify the reachability of the backup location.

Step 3 Click Help for complete information on using backup locations.


To configure the backup location by using the CLI, use the backupconfig command. After you specify the backup location, this location will be used by the backup, listbackup, and restore commands.For more information about this command, see backupconfig.

Backing Up the WLSE

To back up the WLSE by using the Web interface, perform the following steps:


Step 1 In the Web interface, select Administration > Appliance > BackUp and Restore > Backup.


Note If you have not configured the backup location, a dialog box will appear with the following message: Backup is not configured. Please configure the backup location. To configure the backup location, select the Configure option. For more information, see Specifying the Backup Location.


Step 2 Click Backup. The WLSE will be backed up on the configured location.

Step 3 For more information, click Help.


To back up the WLSE by using the CLI, use the backup command. The WLSE will be backed up to the location you specified in the backupconfig command. You can verify the backup location by entering backup test. For more information about this command, see backup.

Restoring the WLSE

To restore the WLSE configuration from a backup by using the Web interface:


Step 1 Select Administration > Appliance > BackUp and Restore > Restore.

Step 2 Select the backup you want to restore from the drop down menu, and click Restore.

Step 3 For more information, click Help.


To restore the WLSE by using the CLI, use the restore command. Provide the backup image name as the argument. The listbackup command shows all of the images on the configured backup location. For more information about this command, see restore.

Upgrading WLSE Software

This section briefly describes the process for installing an upgrade by using the WLSE as the software repository. For the complete step-by-step procedure for installing a software upgrade on the WLSE, see the text file that accompanies upgrade images on Cisco.com.

The basic steps in installing software upgrades are:

Back up the WLSE—See Back Up the WLSE.

Download the image—See Download the WLSE Software Files.

Set up the repository—See Set Up the Repository.

Define the repository—See Define the Repository.

Install the image—See Install the Software Upgrade.

You can display the software upgrade history of the WLSE by selecting Administration > Appliance > Software > Software Update History. Click on the links to view the installation log files.

Back Up the WLSE

Before upgrading WLSE software, back up the configuration. The upgrade attempts to preserve the WLSE database, but a backup is needed in case of errors during the upgrade. For information—see Backing Up the WLSE.

Download the WLSE Software Files

Download the upgrade files from Cisco.com to an FTP server from one of the following Cisco.com URLs:

http://www.cisco.com/kobayashi/sw-center/cw2000/crypto/wlan-sol-eng

ftp://ftp.cisco.com/cisco/crypto/3DES/cw2000/wlan-sol-eng


Note WLSE update images are subject to import/export regulations respecting strong encryption. Before you are allowed to download the image, you may be directed to edit your Cisco.com profile to confirm that you are allowed to download such images.


The upgrade zip file and the info file must be in the same directory on the FTP server. Do not extract the zip file.

Set Up the Repository

Log in to the WLSE as the admin user, using the console or Telnet. If you are using the console:

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as the console port.

For the WLSE 1130, use the serial port on the back panel as the console port.

Use the repository CLI command to specify the FTP server:

                    repository source ftp://FTP_server_hostname/path

where path is the path to the update directory.

Then, list the contents of the directory by entering the following command. This command requires a valid username and password on the remote FTP server.

repository list remote

Add the image to the local repository:

repository add image_name

Define the Repository

Using the WLSE Web interface, log in as a user with system administrator privileges.

Select Administration > Appliance > Software > Define Repository. Enter the following information:

Enter localhost in the Hostname field.

Enter 9851 in the Port Number field.

(Optional) Enter a description in the Description field.

Install the Software Upgrade

Select Administration > Appliance > Software > Install Software Updates. Select a software version from the Compatible Updates table, Compatible Reinstallations table, or Complete Images table.

Click Install, then click Confirm to install the upgrade. After the upgrade finishes, the WLSE login screen appears.

View Software Update History

You can display the software history of the WLSE by selecting Administration > Appliance > Software > Software Update History. Click on the links to view the installation log files.

Rebooting the WLSE

You can reboot the WLSE by using either the Web interface or the CLI. Rebooting the system starts its management service, even if the services were stopped prior to the reboot.

To restart the WLSE using the Web interface, perform the following steps:


Step 1 Select Administration > Appliance > Status > Restart. The Restart System dialog box appears.

Step 2 Click Yes. The WLSE will restart.


To restart the system using the CLI, enter the reload command. The login prompt appears when the reboot is complete. For information about this command, see reload.

Shutting Down the WLSE

To shut down the WLSE enter the CLI shutdown command before powering off the WLSE. For more information about this command, see shutdown.

You can also shut down the WLSE, by briefly pressing the power button; the WLSE will shut down gracefully.


Caution If you power off the WLSE improperly, you might disable the system.

Erasing the System Configuration

To erase the system configuration and reboot the system, enter the CLI erase config command. This command leaves the database and logs in place. To purge the database, use the reinitdb command.

After the system reboots, you must reconfigure the system using the setup program, as described in Using the Setup Program.

For more information about the these commands, see erase config and reinitdb.

Resetting the WLSE to Factory Defaults

To reset the WLSE to factory settings, enter the erase config CLI command (see erase config). Then, use the recovery CD to reimage the WLSE (see Reimaging the WLSE).

Setting WLSE Date and Time

The WLSE uses Universal Coordinated Time (UTC) for keeping the time and date. The WLSE uses the client's local time to display the time and date when connected via the Web interface. The WLSE uses UTC to display the time and date when you are connected via Telnet or a console and when you are viewing log files.

You can set and maintain the system date and time using a Network Time Protocol (NTP) server (the recommended method) or by manually setting the system clock.

You can set the current local (browser) time on the Web interface.

To display the system time, use the show clock command. For more information on this command, see show clock.

Setting the System Clock Using NTP

NTP is the recommended method for configuring time and date on the system. If your network uses NTP to set the date and time on devices, you can specify the NTP servers on the WLSE.

To specify NTP servers by using the Web interface:


Step 1 Select Administration > Appliance > Time/NTP/Name.

Step 2 Click Help.


To specify NTP servers by using the CLI, enter the following command:

ntp server ip-address

where ip-address is the IP address of an NTP server.

If NTP is not enabled, you can set the system clock to UTC manually as described in Setting the System Clock Manually. For more information about the ntp server command, see ntp server.


Caution If you do not set the system clock manually after disabling NTP, the system clock might become inaccurate.

Setting the System Clock Manually

If your network does not use NTP to set the system time on devices and the time is not set correctly, set the date and time to UTC manually by entering the following command in the CLI:

clock set hh:mm:ss month day year

where hh:mm:ss is the current time (for example, 13:32:00), month is the current month (for example, January, February), day is the day of the month (for example, 31), and year is the current year (for example, 2001). For more information about the clock command, see show clock.

Setting the Current Local Time

Use the Web interface to set the current local (browser) time. The UTC time will be set accordingly.


Step 1 Select Administration > Appliance > Time/NTP/Name.

Step 2 Click Help.


Configuring the Ethernet Interfaces

The WLSE 1105 uses 10/100 Mbps Ethernet connectors. The WLSE 1130 uses 10/100/1000 Mbps Ethernet connectors. The Ethernet 0 interface is configured during initial setup of the WLSE, and all protocols are enabled on the Ethernet 0 interface.


Note The Ethernet interface labeled "A" on the WLSE 1130 back panel corresponds to Ethernet 0 in software (such as CLI commands). The Ethernet interface labeled "B" corresponds to Ethernet 1 in software.


Configuring Protocols on the Ethernet Interfaces

All protocols are enabled by default on the Ethernet 0 interface. On the Ethernet 1 interface of the WLSE 1130, all protocols except for CDP are enabled.

Any Ethernet interface can be individually configured to allow or prevent connections via the following protocols:

Cisco Discovery Protocol (CDP)

Hypertext transfer protocol (HTTP)

Hypertext transfer protocol secure (HTTPS)

Internet Control Message Protocol (ICMP)

Secure shell (SSH) 1 and 2

Simple network management protocol (SNMP)

Telnet

To allow or prevent CDP on an interface, use the cdp command. For information on this command, see cdp. To allow or prevent any of the other protocols on an interface, use the firewall command. For information on this command, see firewall.

Configuring Interface Parameters

To enable or disable Ethernet interfaces and set parameters on the interfaces (IP address, gateway information, speed, and half/full duplex), use the interface command; see interface.

Managing Devices on Both Interfaces

The Ethernet 0 interface is configured when you run the setup program during initial setup of the WLSE. If you are using both interfaces to manage devices, you must configure the second interface:

Make sure CDP is enabled on the Ethernet 1 interface—See Configuring Protocols on the Ethernet Interfaces.

Configure Ethernet 1 interface parameters—See Configuring Interface Parameters.

Use the route CLI command to configure a static route to the default gateway for the Ethernet 1 interface to reach the networks connected to the Ethernet 1 interface. Otherwise, the WLSE will use only the default gateway configured on the Ethernet 0 interface and will be unable to manage the devices on the networks connected to the Ethernet 1 interface. For more information on the route command, see route.

Configuring Email

To ensure that email arrives at its proper destination, you can specify an SMTP server. This affects email notifications about firmware and configuration jobs, emailing reports, and emailing fault notifications.

To specify a mail server using the Web interface:


Step 1 Select Administration > Appliance > Configure Mailroute.

Step 2 Click Help.


To specify a mail server by using the CLI, use the mailroute command. For more information, see mailroute.

Administering Management Services

The WLSE allows you to stop and start all management services at once. All commands that affect management services affect all of them, and the logs that collect services information collect information about all of them.

You can stop and restart the management services if the system is not responding correctly. This should cause the services to reset and function properly again. Management services are restarted automatically when you reboot the WLSE.

To stop management services, enter the following CLI command:

services stop

To start management services, enter the following CLI command:

services start

To view management services status, enter the following CLI command:

services status

For information about the services command, see services.

Viewing System Information

To view system information, use the following CLI commands. Some of this information can be viewed in the Web interface; see Administration > Appliance > Status > View Log File.

Table 4-1 Commands for Viewing System Information 

Command
Description

show anilog

Displays the ANI log (see show anilog).

show auth-cli

Displays the type of authentication used for secure CLI access (see show auth-cli).

show auth-http

Displays the type of authentication used for secure HTTP access (see show auth-http).

show backupconfig

Displays the current back and restore location and username (see show backupconfig).

show bootlog

Displays the messages logged during the last system boot show bootlog).

show cdp neighbor

Displays the WLSE's nearest neighbor on the network show cdp neighbor).

show cdp run

Displays the CDP configuration of the WLSE (see show cdp run).

show collectorlog

Displays the collector log (see show collectorlog).

show config

Displays the system configuration (see show config).

show daemonslog

Displays the daemons log (see show daemonslog).

show dmgtdlog

Displays the daemon manager log (see show dmgtdlog).

show webaccesslog

Displays the web access log (see show webaccesslog).

show weberror log

Displays the web error log (see show weberrorlog).

show websslaccesslog

Displays the Web SSL log (see show websslaccesslog).

show import

Displays an imported hosts file (see show import).

show install logs

Displays the software updates and images in the repository (see show install logs).

show ipchains

Displays IP chains for the selected interface (see show ipchains).

show hosts

Displays the system hosts file (see show hosts).

show maillog

Displays the mail log (see show maillog).

show process

Displays statistics for active processes (see show process).

show repository

Displays the status or access log of the repository (see show repository).

show route

Displays the routes that are currently configured (see show route).

show securitylog

Displays the security log (see show securitylog).

show snmp-server

Displays the WLSE's SNMP configuration (see show snmp-server).

show ssh-version

Displays the type of SSH enabled on the WLSE (see show ssh-version).

show syslog

Displays the syslog (see show syslog).

show tech

Displays information necessary for Cisco TAC to assist you (see show tech).

show telnetenable

Displays Telnet status (see show telnetenable).

show tomcatlog

Displays the Tomcat log (see show tomcatlog).


Using the Maintenance Image

The WLSE has an operating system image and a default system configuration (hereafter collectively called the maintenance image) stored in flash memory. You can use the maintenance image to boot the system to perform some system administration tasks and disaster recovery (for example, if the filesystem becomes corrupted).

You can run only the following commands while the system is running from the maintenance image: reload (see reload), erase config (see erase config), and fsck (see fsck).

While the maintenance image is running, you can do the following tasks, which you cannot do when the system is booted normally from the disk:

Recover from loss of all administrative user account passwords.

Perform disk filesystem integrity checks.

Booting from the Maintenance Image

As a security measure, you can boot from the maintenance image only while connected to the system console.


Step 1 Connect a console to the WLSE's console port, and log on as admin.

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as the console port.

For the WLSE 1130, use the serial port on the back panel as the console port.

Step 2 Reboot the system by doing one of the following:

Enter the reload CLI command to reload the system if it is running. For information about this command, see reload.

Power on the system, if it is powered off.

Power the system off and then back on if you cannot log in because you have lost all user account passwords.

Step 3 When the LILO boot: prompt appears, press the Tab key.

Step 4 When the boot: prompt appears, enter CiscoBreR.

Step 5 After you complete all necessary tasks, reboot the system by entering the reload command and allow the system to boot from the disk (the default boot order).


Recovering from the Loss of All Administrator Passwords

If you cannot log into the system because you do not have the system administrator account names or passwords, you can recover by booting from the maintenance image, erasing the existing configuration from flash memory, and reconfiguring the system using the setup program.

To recover from the loss of all administrator passwords:


Step 1 Connect a console to the WLSE's console port.

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as the console port.

For the WLSE 1130, use the serial port on the back panel as the console port.

Step 2 Power the system off, then power it back on. The following prompt appears:

LILO boot:

Step 3 Press the Tab key. The following prompt appears:

boot:

Step 4 Enter CiscoBreR. This puts you in maintenance image mode; the following prompt appears:

[root@CiscoMaintImage/]#

Step 5 Enter erase config. This erases the WLSE's configuration, returns the WLSE to factory defaults, and reloads the WLSE.

For more information about this command, see erase config.

Step 6 After the WLSE comes up, the setup login prompt appears. Configure the system from the setup program, as described in Using the Setup Program.


Installing a Replacement WLSE

This section describes tasks you should perform when installing a replacement WLSE (replacing an existing WLSE with a new one). If you are simply using a backup from one WLSE to restore data on another WLSE, see Copying Configuration Data from One WLSE to Another.

Removing the Old WLSE

Before removing the old WLSE:


Step 1 Log in through the console or use Telnet or SSH. Enter the show config command to view the WLSE's configuration. If you are using the console:

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as the console port.

For the WLSE 1130, use the serial port on the back panel as the console port.

Step 2 Record the configuration.

Step 3 Back up the data from the old WLSE. See Backing Up and Restoring the WLSE's Configuration for details.

Step 4 Enter the shutdown command.

Step 5 Power down and remove the old system.


Installing the Replacement WLSE

To install the replacement WLSE:


Step 1 Install and power on the new WLSE.

Use the instructions in the Quick Start Guide that you received with the WLSE, or use the instructions in "Installing the CiscoWorks 1130 Wireless LAN Solution Engine," if you have a WLSE 1130.

Step 2 Run the setup program and complete the configuration of the new WLSE. Use the configuration settings that you recorded from the old system to answer the setup program prompts.

For information on the setup program and additional configuration steps, use the Quick Start Guide that you received with the system or use the instructions in "Configuring the Wireless LAN Solution Engine."

Step 3 Use the restore command to restore the configuration data that you saved when you backed up the old system. Use the backup image name as an argument.

The restore command allows you to access backups that are stored on the configured backup location. Use the listbackup command to see all of the available backups.

Step 4 If you are not using the same basic configuration (for example, IP address and hostname) that you used on the old WLSE:

a. Run the erase config CLI command and allow the WLSE to reboot. For more information on this command, see erase config.

b. Run the setup program again to make the necessary changes.


Copying Configuration Data from One WLSE to Another

You can back up data from one WLSE and copy it to another by using the backup and restore features. If you are replacing one WLSE with another, see Installing a Replacement WLSE.


Note You cannot restore a backup from a WLSE 1130 to a WLSE 1105.



Step 1 Back up the data on the original WLSE. For more information, see Backing Up and Restoring the WLSE's Configuration.

Step 2 If you have installed a new WLSE and have not configured it yet, run the setup program and complete the configuration.

For information on the setup program and additional configuration steps, use the Quick Start Guide that you received with the system or use the instructions in "Configuring the Wireless LAN Solution Engine."

Step 3 Restore the configuration data from your backup by using the restore command. Use the backup image name as the argument.

The restore command allows you to access backups that are stored on the configured backup location. Use the listbackup command to see all of the available backups.

Step 4 Run the erase config CLI command and allow the WLSE to reboot.

For more information on this command, see erase config.

Step 5 Run the setup program again.


Using the Recovery CD

With the Recovery CD included with your WLSE, you can reimage the WLSE (see Reimaging the WLSE) or boot from the rescue image (see Using the Rescue Image). Use the Recovery CD to reimage the WLSE should it become necessary.

Reimaging the WLSE


Note Although every effort has been made to validate the accuracy of the software version on the Recovery CD, you must review the WLSE's software downloads on http://www.cisco.com and download any necessary software updates. See the Readme files included with the updates to perform the update procedure.



Caution This procedure will destroy all data and install a new image. You will need to replace the data by using a configuration backup that you have made.

To reimage your WLSE, perform the following steps:


Step 1 Connect a console to the WLSE's serial port.

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as the console port.

For the WLSE 1130, use the serial port on the back panel as the console port.

Step 2 Log in as the admin user, and enter the password created when the WLSE was configured.

Step 3 Put the Recovery CD in the WLSE's CD-ROM. For the location of the CD-ROM, see Front Panel Features.

Step 4 Enter the reload CLI command. The WLSE will reboot.

Step 5 At the Do you wish to continue (Yes/[No]/Rescue) prompt, enter yes. If you do not want to re-image your WLSE, enter rescue. For more information about the rescue image, see Using the Rescue Image.

Step 6 When the WLSE ejects the Recovery CD, remove it.

Step 7 At the Do you wish to reload and start the install?(yes/[no]) prompt, enter yes. The WLSE reboots, and is re-imaged.


Using the Rescue Image

The rescue image is similar to the maintenance image, but is accessible via the Recovery CD. The rescue image is mainly used to aid technical support when diagnosing issues. Use the rescue image if you cannot use the maintenance image, but need to. You can use the rescue image to boot the system to perform some system administration tasks and disaster recovery. For more information about the uses of the rescue image, see Using the Maintenance Image.

You can run only the following commands while the system is running the rescue image: reload, erase config, and fsck. For more information about these commands, see "Using CLI Commands."

To boot from the rescue image, perform the following steps:


Step 1 Connect a console to the WLSE's serial port.

For the WLSE 1105, use the serial port on the front panel; do not use the serial port on the back panel as the console port.

For the WLSE 1130, use the serial port on the back panel as the console port.

Step 2 Log in as the admin user. The admin user's password was created when the WLSE was initially configured.

Step 3 Put the Recovery CD in the WLSE's CD-ROM drive.

For the location of the WLSE 1130 CD-ROM, see Front Panel Features.

For the location of the WLSE 1105 CD-ROM, see the WLSE 1.3 documentation on Cisco.com.

Step 4 Enter the reload command. The WLSE will reboot.

Step 5 At the Do you wish to continue (yes/[no]/rescue): prompt, enter rescue. The WLSE will boot from the rescue image.