Table Of Contents
Managing AVMs and VNEs
Creating AVMs
AVM Status
Admin and Oper Mode AVM Status
Viewing and Editing AVM Properties
Deleting AVMs
Starting and Stopping AVMs
Moving AVMs
Finding an AVM or VNE
Overview of VNEs
VNE Status
Admin and Oper Mode VNE Status
Defining VNEs
Device Information Required Before Adding VNEs
Device Configuration Required Before Adding VNEs
Adding a VNE
General Tab
Schemes
SNMP Tab
Telnet/SSH Tab
Configuring Telnet
Configuring SSHv1
Configuring SSHv2
ICMP Tab
Polling Tab
Defining a Generic SNMP VNE
Polling System Configuration
VNEs and Device Software Updates
Viewing and Editing VNE Properties
Deleting a VNE
Changing VNE States
Moving Multiple and Single VNEs
Managing AVMs and VNEs
This chapter describes defining and managing AVMs and VNEs. It includes the following sections:
•
Creating AVMs
•AVM Status
•Viewing and Editing AVM Properties
•Deleting AVMs
•Starting and Stopping AVMs
•Moving AVMs
•Finding an AVM or VNE
•Overview of VNEs
•Defining VNEs
•VNEs and Device Software Updates
•Viewing and Editing VNE Properties
•Deleting a VNE
•Changing VNE States
•Moving Multiple and Single VNEs
Creating AVMs
Cisco ANA Manage enables you to define AVMs for Cisco ANA unit servers. Every AVM in the Cisco ANA fabric is managed by the watchdog protocol by default. Cisco ANA Manage enables you to define AVMs for units, and enable or disable the watchdog protocol on the AVM.
To define an AVM:
•The unit must be installed.
•The unit must be connected to the transport network.
•The following default AVMs must be running:
–AVM 0—The switch AVM
–AVM 99—The management AVM
–AVM 100—The trap management AVM
Note For more information on the status of AVMs, see AVM Status.
•The new AVM must have a unique identifier within the unit.
Note AVM numbers 0-100 are reserved, and cannot be used. In addition, there might be other reserved AVM numbers. Users cannot enter a reserved number.
To create an AVM:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch and select the required ANA Servers Entity sub-branch.
Step 3 Open the New AVM dialog box in one of the following ways:
•Right-click the required unit, then choose New AVM.
•Click New AVM in the toolbar.
•Choose File > New AVM.
Step 4 Enter the information for the new AVM:
Field
|
Description
|
ANA Unit
|
The IP address of the selected gateway or unit.
Note The gateway or unit does not need to be up for you to create a new AVM.
|
ID
|
Enter a name for the AVM that is unique to that unit, such as AVM 118.
Note The AVM numbers 0-100 are reserved and cannot be used. If you enter a reserved number, a message is displayed in the New AVM dialog box, stating that the number is reserved. You will not be able to continue until you enter a number that is not reserved.
|
Key
|
Enter a string that uniquely identifies an AVM in the system and across all units, thus enabling a transparent failover scenario in the system. If you do not enter a key, the default key is used, "ID + timestamp."
|
Allocated Memory
|
Enter the maximum amount of memory to allocate to the AVM. The default value is 256 MB.
|
Activate on creation
|
When enabled, this feature changes the administrative status of the AVM to Up and ensures that the AVM is loaded on subsequent restarts of the unit:
•Check this check box to change the administrative status of the AVM to Up and to ensure that the AVM is loaded on subsequent restarts of the unit.
•Uncheck this check box to create the AVM with the administrative status of Down and to prevent the AVM from being loaded into the bootstrap of the unit.
This option is unchecked by default, and the newly created AVM has an administrative status of Down.
|
Enable AVM Protection
|
Check the check box to enable high availability, or uncheck the check box to disable high availability.
This check box is checked by default, thereby enabling the watchdog protocol on the AVM when high availability is enabled. For more information, see Appendix F, "Using High Availability."
Note We strongly recommended that you do not disable this option if high availability is enabled. If you check or uncheck this option when the AVM is up, you need to restart the AVM for the change to take effect.
|
Step 5 Click OK. The new AVM is added to the selected unit, is displayed in the workspace, and is activated.
Creating a new AVM results in Cisco ANA providing the registry information of the new AVM in the specified unit. The AVM can now host VNEs. For more information, see Defining VNEs.
AVM Status
The status of AVMs and VNEs is affected by Admin and Oper modes. Admin mode is the administrative instructions that are sent to the AVM. Oper mode is the actual operational status of the AVM, such as Up. See Admin and Oper Mode AVM Status.
When moving an AVM (file), its operational status determines whether the file is reloaded (Up) or not (Down). For more information about moving AVMs, see Moving AVMs. For more information about starting and stopping AVMs, see Starting and Stopping AVMs.
An AVM can have only one of the following statuses at a time:
•Up—The file (process) is reachable, and was loaded and started. When a Start (command) option is issued, and no problems are encountered, such as an overloaded server, the AVM is running (has been loaded and started), and its status is Up.
•Down—The file (process) is reachable, and was stopped. When a Stop (command) option is issued, Cisco ANA issues instructions to shut down all processes. When all processes have stopped, the status of the AVM is Down.
•Starting Up—When a Start or Upload (command) option is issued and, for example, the server cannot run it because it is busy or overloaded, the status of the AVM is Starting Up.
•Shutting Down—When a Stop (command) option is issued and, while the command is being run, some processes are still running, the status of the AVM is Shutting Down.
Admin and Oper Mode AVM Status
Table 6-1 shows the status of an AVM as it relates to Admin and Oper modes and how it is displayed in the Status column of the AVMs table. The Admin mode is the administrative instructions that are sent to the VNE, while the Oper mode is the actual status of the VNE, such as Up.
Table 6-1 AVM Status
Status
|
Admin Mode
|
Oper Mode
|
Up
|
Up
|
Up
|
Shutting Down
|
Down
|
Up
|
Down
|
Down
|
Down
|
Starting Up
|
Up
|
Down
|
Viewing and Editing AVM Properties
Cisco ANA Manage enables you to view and edit certain properties of an AVM, such as the key or allocated memory.
To view or edit AVM properties:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch and choose the required AVM sub-branch in the tree pane.
Step 3 Open the Properties dialog box by doing one of the following:
•Right-click the desired AVM, then choose Properties.
•Choose File > Properties.
•In the toolbar, click Properties.
The AVM Properties dialog box is displayed with the details of the selected AVM, including the IP address or key of the unit.
Step 4 View or edit the AVM properties as required:
Field
|
Description
|
Key
|
A string that uniquely identifies an AVM in the system and across all units, thus enabling a transparent failover scenario in the system. If you do not enter a key, the default key is used, "ID + timestamp."
|
Status
|
The status of the AVM: Up, Down, or Unreachable. See Admin and Oper Mode AVM Status.
|
Location
|
The IP address of the selected gateway or unit.
|
Max. Memory
|
The maximum amount of memory allocated to the AVM. The default value is 256 MB.
|
Enable AVM Protection
|
Check the check box to enable high availability, or uncheck the check box to disable high availability.
This check box is checked by default, thereby enabling the watchdog protocol on the AVM when high availability is enabled. For more information, see Appendix F, "Using High Availability."
Note We strongly recommended that you do not disable this option if high availability is enabled. If you check or uncheck this option when the AVM is up, you need to restart the AVM for the change to take effect.
|
Step 5 Click OK. The new properties for the AVM are displayed in the workspace.
Deleting AVMs
You can remove an AVM. If the AVM is running, it is stopped before it is removed. This procedure deletes the registry information of the AVM in the specified unit. If VNEs are running in the AVM, an error message is displayed, and you cannot delete the AVM.
Caution You must remove all VNEs before removing their hosting AVM.
For more information, see Deleting a VNE.
Note Reserved AVMs 0-100 cannot be deleted.
To delete an AVM:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch, then select the required AVM sub-branch in the tree pane.
Step 3 Right-click to display the menu, then choose Delete. A warning message is displayed.
Step 4 Click Yes. A confirmation message is displayed.
Step 5 Click OK. The selected AVM is deleted from the selected unit.
Note Multiple rows can be selected for deletion.
Starting and Stopping AVMs
Cisco ANA Manage enables you to start or stop an AVM.
Note Stopping an AVM process stops all VNEs in the AVM. Any change in status of the AVM can take some time to be applied. For example, when running the Stop command, it might take several minutes before the status changes from Shutting Down to Down.
To start or stop an AVM:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch, then select the required AVM.
Step 3 Start or stop the AVM in one of the following ways:
•Right-click the AVM, then choose Actions > Start or Actions > Stop.
•In the toolbar, click Start or Stop.
The AVM is started or stopped, and the appropriate status is displayed in the workspace as follows:
•Starting Up—The AVM is starting.
•Up—The AVM has started.
•Shutting Down—The AVM is stopping.
•Down—The AVM has stopped.
Note When the AVM status is displayed as Down, the status remains Down and no reload occurs.
Moving AVMs
Cisco ANA Manage enables you to move an entire AVM between units.
Note Reserved AVMs 0-100 cannot be moved.
Cisco ANA Manage automatically checks the status of AVMs and VNEs before they are moved. This information is maintained in the memory.
If the AVM is Up, the AVM is stopped and then moved to the target unit. After the move is completed, the AVM is reloaded according to its status prior to the move, so that the status of the AVM is maintained. For example, if it was Up before the move, it remains Up; if it was Down, it remains Down.
To move an AVM:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch, then select the required AVM.
Step 3 Right-click the AVM, then choose Move AVM. The Move To dialog box is displayed.
The Move To dialog box displays a tree-and-branch representation of the selected Cisco ANA server and its units, excluding the unit in which the AVM is currently located. The highest level of the tree displays the Cisco ANA server. The branches can be expanded and collapsed to display and hide information.
Step 4 Browse to and select the unit (branch) where you want to move the AVMs.
Step 5 Click OK. The AVMs is moved and now appears beneath the selected unit.
For information about moving VNEs, see Moving Multiple and Single VNEs.
Finding an AVM or VNE
A single search in Cisco ANA Manage can locate AVMs and VNEs among all Cisco ANA servers according to specifically defined search criteria.
To find an AVM or VNE:
Step 1 In the Cisco ANA Manage window, select a gateway sub-branch, a unit sub-branch, or an AVM sub-branch.
Step 2 Click Find. The Find dialog box is displayed.
Step 3 Enter the criteria for the item to find:
Field
|
Description
|
Find
|
Enter the specific search criteria to find the required AVM or VNE. For example, you can search for an AVM using the ID number, or search for a VNE using an IP address.
|
Types
|
In the drop-down list, choose the type of item you are looking for:
•Any—Searches for an AVM or VNE that matches the search criteria.
•AVM—Searches for an AVM that matches the search criteria.
•VNE—Searches for a VNE that matches the search criteria.
|
Property
|
Choose the property containing the search criteria or choose Any to search all properties for the search criteria.
The properties that appear depend on your choice in the Types field:
•If you choose Any in the Types field, the Property field is disabled.
•If you choose AVM in the Types field, the following properties are displayed in the Property field:
–ID
–Status
–Key
–Loaded Patches
•If you choose VNE in the Types field, the following properties are displayed in the Property field:
–Key
–IP Address
–Status
–Maintenance
–Element Type
–Polling Group
|
Direction
|
Choose the direction of the search, either Down or Up. The direction is relative to the item currently selected the Cisco ANA tree pane.
|
Step 4 Click Find. The AVM or VNE matching the search criteria is highlighted in Cisco ANA Manage.
Note Press F3 to view the next AVM or VNE matching the search criteria.
Overview of VNEs
A VNE is designated by its leading IP address and corresponds to a single NE. Typically an NE has only one IP address that is used for management. For such devices, the leading IP address is the single IP address configured for this device.
If an NE has multiple IP addresses, you must choose one of these IP addresses to be used as the leading IP address. The leading IP address serves as an identifier of the VNE that corresponds to the NE and is displayed wherever the IP address of the NE is required.
Note Two VNEs cannot monitor the same NE.
Cisco ANA Manage enables you to create VNEs (replicas of devices) by entering the IP address, SNMP, and polling rate information. This is referred to as element management.
After Cisco ANA Manage installs and runs the process, samples the device, and collects the data, a VNE (managed element) is created. The VNE includes tables and physical inventory, and can be accessed using Cisco ANA NetworkVision.
VNE Status
The status of VNEs is affected by Admin and Oper modes. Admin mode is the administrative instructions that are sent to the VNE, while Oper mode is the actual operational status of the VNE, such as Up. For more information about Admin and Oper modes, see Admin and Oper Mode VNE Status.
When moving a VNE, its status (either Up or Down), determines whether the VNE is reloaded (Up) or not (Down). For more information about moving VNEs, see Moving Multiple and Single VNEs. For more information about starting and stopping VNEs, see Changing VNE States.
Table 6-2 describes the available VNE statuses. A VNE can have only one status at a time.
Table 6-2 VNE Status Descriptions
Status
|
Description
|
Starting Up
|
When a Start or Upload (command) option is issued and, for example, when the server cannot run it because it is busy or overloaded, the status of the VNE is Starting Up.
|
Up
|
The VNE (process) is reachable, and was loaded and started. When a Start (command) option is issued, and no problems are encountered, such as an overloaded server, the VNE is running (has been loaded and started), and its status is Up.
|
Shutting Down
|
When a Stop (command) option is issued and, while the command is being run, some processes are still running, the status of the VNE is Shutting Down.
|
Down
|
The VNE (process) is reachable and was stopped. When a Stop (command) option is issued, Cisco ANA issues instructions to shut down all processes. When all processes have stopped, the status of the VNE is Down.
|
Unreachable
|
The VNE cannot be managed by Cisco ANA and its status is defined as Unreachable. When an option (command) is issued that cannot be run by Cisco ANA, the status of the VNE is Unreachable.
|
In addition to the statuses described, a VNE can be placed in a temporary maintenance mode. For example, a VNE status can be Up and in maintenance mode. NEs often undergo maintenance operations and planned outages. The Cisco ANA platform supports such maintenance operations without affecting the overall functionality of the active network.
While in maintenance mode (a temporary state) a VNE:
•Does not change state on its own, unless you explicitly (manually) switch the VNE back to active state.
•Never polls the device.
•Handles events for correlation flow issues, but does not poll the device.
•Does not initiate new service alarms, but does receive events from adjacent VNEs, such as in the case of a link down alarm.
•Does not handle syslogs and traps even though the flows are active.
•Maintains the status of any existing links.
•Does not fail on verification requests.
For more information about maintenance mode, see Changing VNE States.
Admin and Oper Mode VNE Status
Table 6-3 presents the status of a VNE in relation to its Admin and Oper modes, as displayed in the Status column of the VNE table. The Admin mode is the administrative instructions that are sent to the VNE while the Oper mode is the actual status of the VNE, such as Up.
Table 6-3 VNE Status
Status
|
Admin Mode
|
Oper Mode
|
Up
|
Up
|
Up
|
Shutting Down
|
Down
|
Up
|
Down
|
Down
|
Down
|
Starting Up
|
Up
|
Down
|
Unreachable
|
Up
|
Unreachable
|
For example, if you start a VNE, and the Admin status is Up but the Oper status is Down and has not started yet (because the server is busy), the status is Starting Up. If a VNE is Up and you stop the VNE, the Admin status is Down but, because the process is not terminated immediately, the status is Shutting Down.
Defining VNEs
When you add and define a new VNE, it corresponds to an NE and should only be added to the system once. As the VNE loads, Cisco ANA starts investigating the NE and automatically builds a live model of it, including its physical and logical inventory, its configuration, and its status.
When adding a new VNE, Cisco ANA creates the registry information of the new VNE in the unit. The newly created VNE has an administrative status of Down, and uses the default community strings and polling rates. The VNE inherits these properties from the configuration record that corresponds to the device type.
A VNE must be loaded into the bootstrap of the unit before it starts monitoring its underlying NE. This changes the administrative status of the VNE to Up, and ensures that the VNE is loaded on subsequent restarts of the unit. Loading the VNE also starts the VNE immediately. For more information about the status of VNEs, see Admin and Oper Mode VNE Status.
Device Information Required Before Adding VNEs
Table 6-4 identifies the device information that you need to add a VNE to Cisco ANA.
Table 6-4 Required Information for New VNEs
Information Required
|
Verify the following:
|
IP address
|
The device IP address.
|
Name
|
The device name.
|
Protocols and Credentials
|
SNMP
|
•SNMP is running on the device.
•Supported version (V1, V2, or V3).
•For SNMPV1 or V2: The SNMP read and write community strings.
•For SNMPV3: The username and, optionally, the authentication or privacy configuration.
|
Telnet
|
•Telnet is supported on the device.
•Port number.
•Telnet login sequence: Username, password, and prompt.
Note The Telnet login sequence is required for Cisco IOS and Cisco IOS XR devices.
|
SSH
|
•SSH is supported on the device.
•Supported version (V1 or V2).
•SSH username and password and any other configuration information (cipher, authentication, key exchange (V2), MAC (V2)).
Note Cisco recommends that you first use any SSH client application (such as UNIX SSH or OpenSSH) to determine the device SSH login sequence.
|
Device Configuration Required Before Adding VNEs
Perform the required configuration on the devices so that Cisco ANA can model the devices accurately and perform management tasks, such as processing syslogs, traps, logging, and so forth.
•Cisco IOS and CatOS Devices—Required Settings
•Cisco IOS XR Devices—Required and Recommended Settings
•SNMP Traps—Required Device Settings
•Syslogs—Required Device Settings
Cisco IOS and CatOS Devices—Required Settings
The following settings are required for Cisco IOS and CatOS network elements:
snmp-server community public RO
snmp-server community private RW
Cisco IOS XR Devices—Required and Recommended Settings
The following settings are required for Cisco IOS XR network elements:
Note If applicable, be sure to commit snmp-server community before snmp-server host.
domain ipv4 host gateway_name gateway_IP
telnet ipv4 server max-servers no-limit
snmp-server community community_name SystemOwner
snmp-server community community_name RO
snmp-server community public RO
snmp-server community private RW
In addition to the required settings, you must follow these guidelines:
•Install the Cisco IOS XR Manageability Package on top of the Cisco IOS XR version. You can get information on this package from the release notes for your Cisco IOS XR version.
•Cisco ANA should use the device login user which is a member of group root-system and cisco-support.
•To correctly model logical routers, the Cisco ANA user should use the unique login user@admin (and also be a member of groups root-system and cisco-support).
•Cisco IOS XR VNEs should be added with the SystemOwner community.
The following settings are recommended for Cisco IOS XR network elements:
snmp-server location location
snmp-server contact contact
line default exec-timeout 0 0
SNMP Traps—Required Device Settings
The following table lists the settings you must configure in order to properly receive SNMP traps.
SNMP Type
|
Required Setting
|
All
|
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps chassis
snmp-server enable traps module
snmp-server enable traps bgp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps config
snmp-server enable traps ipmulticast
snmp-server enable traps syslog
snmp-server enable traps entity
snmp-server enable traps flash insertion removal
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps rtr
snmp-server enable traps mpls ldp
|
SNMPv1
|
snmp-server host gateway_IP traps version 1 community
|
SNMPv2
|
snmp-server host gateway_IP traps version 2c community
|
SNMPv3 With Authentication
|
Note MyUsr, MyGrp, MyPswd, and MyView must match the information you enter when you create the VNEs in Cisco ANA.
For all devices:
snmp-server view MyView internet included
snmp-server group MyGrp v3 auth [notify MyView]
For Cisco IOS and CatOS devices:
snmp-server user MyUsr MyGrp v3 auth {md5|sha} MyPswd
For Cisco IOS XR devices:
snmp-server user MyUsr MyGrp v3 auth {md5|sha} {WORD,CLEAR,encrypted} MyPswd
SystemOwner
For all devices, after configuring SNMPv3 on the device, configure the following setting:
snmp-server host gateway_IP traps version 3 auth MyUser
|
SNMPv3 No Authentication
|
Note MyNoAuthUsr and MyNoAuthGrp must match the information you enter when you create the VNEs in Cisco ANA.
For Cisco IOS and CatOS devices:
snmp-server group MyNoAuthGrp v3 noauth
snmp-server user MyNoAuthUsr MyNoAuthGrp v3
For Cisco IOS XR devices:
snmp-server user MyNoAuthUsr MyNoAuthGrp v3 SystemOwner
For all devices, after configuring SNMPv3 on the device, configure the following setting:
snmp-server host gateway_IP traps version 3 noauth MyNoAuthUr
|
Syslogs—Required Device Settings
The following table lists the settings you must configure for syslogs.
Required Settings
|
Cisco CatOS and Cisco IOS
|
logging buffered 64000 informational
logging trap informational
logging event link-status default
|
Cisco IOS XR
|
logging events level informational
logging trap informational
logging events link-status software-interfaces
logging source-interface interface_name1
|
Adding a VNE
After verifying the information in Table 6-4, determine the unit and AVM the new VNE is to be added to.
Note A new VNE cannot be added to the reserved AVMs 0-100.
You can define and manage SNMP, Telnet, SSH, ICMP, and polling information for the appropriate VNEs in the New VNE dialog box. For information on defining VNE properties in the respective VNE tabs, see:
•General Tab
•SNMP Tab
•Telnet/SSH Tab
•Configuring SSHv2
•ICMP Tab
•Polling Tab
•Defining a Generic SNMP VNE
•Polling System Configuration
You can create VNEs that perform reachability testing only through ICMP. This can be done by creating a VNE, selecting the type ICMP, and then defining the details in the ICMP tab. See ICMP Tab.
For details on viewing and editing VNE properties, see Viewing and Editing VNE Properties.
To define the properties of a new VNE:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage.
Step 2 Select the required gateway or unit and AVM in the tree pane.
Step 3 Open the New VNE dialog box in one of the following ways:
•Right-click the AVM sub-branch, then choose New VNE.
•Choose File > New VNE.
•In the toolbar, click New VNE.
The New VNE dialog box is displayed (see Figure 6-1).
Figure 6-1 New VNE Dialog Box
Step 4 Enter the information for the new VNE:
a. In the General tab, enter VNE identification information and the initial state of the VNE. For more information, see General Tab.
b. In the SNMP tab, enter information for SNMP polling and device access. For more information, see SNMP Tab.
c. In the Telnet/SSH tab, enter information for Telnet or SSH device access and to configure the login sequence. For more information, see Telnet/SSH Tab.
d. In the ICMP tab, enter information for verifying that devices are reachable using ICMP and testing testing reachability by defining the polling rate. For more information, see ICMP Tab.
e. In the Polling tab, associate the VNE with a polling group or define an instance. For more information, see Polling Tab.
Step 5 When you are done entering the information for the VNE, click OK.
Note The OK button in the New VNE dialog box is enabled only when you have entered the VNE name and IP address in the General tab (mandatory fields).
General Tab
The General tab enables you to manage VNE information in the connected Cisco ANA.
Table 6-5 describes the fields in the General tab.
Table 6-5 New VNE General Tab
Field
|
Description
|
Name
|
Enter the name of the VNE. The name you enter here is used as a unique key in Cisco ANA NetworkVision, Cisco ANA Manage, and Cisco ANA EventVision, and is also used for VNE manipulation commands.
|
IP Address
|
Enter the IP address of the device.
|
Type
|
In the drop-down list, choose the VNE device type:
•Auto Detect—Automatically detects the device and loads the relevant VNE.
Note SNMP cannot be disabled if the Auto Detect option is selected. See SNMP Tab.
•Generic SNMP—Loads a generic VNE. For more information about defining a generic VNE, see Defining a Generic SNMP VNE.
•Cloud—Loads an unmanaged network segment. Specific cloud configuration is provided on a per-project basis.
•ICMP—Uses an ICMP-based reachability test to validate communication with the managed device by continuously sending ICMP packets.
When ICMP is selected, only the ICMP tab is enabled; the SNMP, Telnet/SSH, and Polling tabs are disabled.
|
Scheme
|
In the drop-down list, select the scheme for this VNE:
•Default—Sets the scheme to Product.
•Product—This scheme is used for all device types in this release except Cisco CRS-1, Cisco XR 12000 series, Cisco 3750ME, and Juniper M-Series devices.
•ipcore—This scheme is used only for routers serving as Provider (P) or Provider Edge (PE) devices.
For more information, see Schemes.
|
State
|
In the drop-down list, choose the initial state for the VNE:
•Stop—The VNE is not loaded. This is the default state.
•Start—The VNE is loaded and starts collecting data.
•Maintenance—The VNE is started and moved to maintenance mode. See VNE Status.
|
ANA Unit
|
Displays the IP address of the unit that hosts the AVM for the VNE.
|
AVM
|
Displays the AVM ID associated with this VNE.
|
Schemes
The VNE scheme determines the network element information that is collected by a VNE and populated in its model; that is, it defines the VNE modeling components investigated during the discovery process. When creating a VNE, choose a scheme that is based on the device family and on the technologies you want Cisco ANA to manage. This enables you to define different behavior for different devices. For example, some devices poll only with SNMP, while other devices poll with Telnet. Soft properties and activation scripts are also attached to a specific scheme.
Cisco ANA uses the following two schemes:
•Product—This scheme is used for all device types in this release except Cisco CRS-1, Cisco XR 12000 series, Cisco 3750ME, and Juniper M-Series devices. For more information, see Product Scheme.
•ipcore—This scheme is used only for routers serving as Provider (P) or Provider Edge (PE) devices. For more information, see ipcore Scheme.
The difference between the two schemes is that ipcore assumes that the device is used as part of an MPLS VPN network containing P and PE devices. Cisco ANA therefore models these VNEs slightly differently. Use Product for all other instances, including customer edge (CE) devices. The Product scheme assumes that no MPLS or VRF configuration exists and thus does not retrieve it.
These schemes provide users with the flexibility to specify the registrations (a registration is how the VNE queries a live device for information) that the VNEs modeling their routers are to use. You can designate a VNE as a core router by setting it to work with the ipcore scheme, or an edge router by setting it to work with the Product scheme.
Table 6-6 identifies the schemes used by device type.
Table 6-6 Schemes Used by Device Type
Device Types
|
Product Scheme
|
ipcore Scheme
|
Supported Alcatel-Lucent Devices
|
Alcatel-Lucent 7450 Ethernet Service Switch
|
X
|
—
|
Alcatel-Lucent Intelligent Services Access Manager
|
X
|
—
|
Alcatel-Lucent Riverstone
|
X
|
—
|
Alcatel-Lucent CBX, GX, B-STDX Switches
|
X
|
—
|
Supported Cisco Security Appliances
|
Cisco Adaptive Security Appliance 5550 Series
|
X
|
—
|
Supported Cisco Gateways
|
Cisco AS5300 Series Universal Gateways
|
X
|
—
|
Supported Cisco Routers
|
Cisco 800 Series Routers
|
X
|
—
|
Cisco 1000 Series Routers
|
X
|
—
|
Cisco 1600 Series Routers
|
X
|
—
|
Cisco 1700 Series Modular Access Routers
|
X
|
—
|
Cisco 1800 Series Integrated Services Routers
|
X
|
—
|
Cisco 2500 Series Routers
|
X
|
—
|
Cisco 2600 Series Multiservice Platform Routers
|
X
|
—
|
Cisco 2800 Series Integrated Services Routers
|
X
|
—
|
Cisco 3600 Series Multiservice Platform Routers
|
X
|
X
|
Cisco 3700 Series Multiservice Access Routers
|
X
|
X
|
Cisco 3800 Series Integrated Services Routers
|
X
|
X
|
Cisco 7200 Series Routers
|
—
|
X
|
Cisco 7400 Series Routers
|
—
|
X
|
Cisco 7600 Series Routers
|
X
|
X
|
Cisco 10000 Series Routers
|
X
|
X
|
Cisco 12000 Series Routers
|
X
|
X
|
Cisco XR 12000 Series Routers
|
—
|
X
|
Cisco CRS-1 Carrier Routing System
|
—
|
X
|
Cisco ASR 1000 Series Routers
|
—
|
X
|
Cisco ASR 9000 Series Aggregation Services Routers
|
—
|
X
|
Cisco MWR 2900 Series Mobile Wireless Routers
|
X
|
X
|
Supported Cisco Switches
|
Cisco Catalyst 2900 Series Switches
|
X
|
—
|
Cisco ME 3400 Series Ethernet Access Switches
|
X
|
—
|
Cisco Catalyst 3500 XL Series Switches
|
X
|
—
|
Cisco Catalyst 3550 Series Switches
|
X
|
—
|
Cisco Catalyst 3560 Series Switches
|
X
|
—
|
Cisco Catalyst 3750 Series Switches
|
X
|
—
|
Cisco Catalyst 3750 Metro Series Switches
|
—
|
X
|
Cisco Catalyst 4000 Series Switches
|
X
|
—
|
Cisco Catalyst 4500 Series Switches
|
X
|
—
|
Cisco Catalyst 4900 Series Switches
|
X
|
—
|
Cisco ME 4900 Series Ethernet Switch
|
X
|
—
|
Cisco Catalyst 6500 Series (CatOS) Switches
|
X
|
—
|
Cisco Catalyst 6500 Series (IOS) Switches
|
X
|
—
|
Cisco ME 6500 Series Ethernet Switches (6524)
|
—
|
X
|
Supported Juniper Devices
|
Juniper M-Series Multiservice Edge Routers
|
X
|
X
|
Juniper T-Series Core Platforms
|
X
|
X
|
Supported Redback Devices
|
SmartEdge 800 Multiservice Edge Router
|
X
|
—
|
Redback SMS Family
|
X
|
—
|
Supported Generic Devices
|
Generic devices
|
X
|
—
|
Product Scheme
The Product scheme is to be used for routers that are not configured to serve as PE and P devices. The Product scheme includes all device types, except Cisco CRS-1, Cisco XR 12000, Cisco 3750ME, and Juniper M-Series devices.
Since the routing entry to the management system can be discovered via Border Gateway Protocol (BGP), one registration supports discovering just that one entry (mc-ip-bgp under the RoutingEntity Device Component).
Beginning with Cisco ANA 3.6 Service Pack 1, the following registrations available in previous releases are not used by the Product scheme:
•gre tunnel
•lse
•martini
•mpbgp
•mpls interfaces
•mpls te tunnels headend creator
•tunnel container
•vrf interfaces
•label switching table
•ldp local ip
•mpls te tunnels in lse
•mpls distribution protocol
•mpls te interface attribute
•mpls te interface properties
•mpls traffic engineering tunnel information
•bgp neighbors
•bgp-process-state
•local bgp as
•local bgp identifier
•VRF RoutingTable
•VrfRoutingTarget
ipcore Scheme
Use the ipcore scheme when you want the VNE to poll for additional data that is typical for PE or P routers, such as VRF or MPLS. The ipcore scheme is applicable for the following device types:
•All Cisco router devices of families greater than or equal to 3600.
•Cisco CRS-1 (ipcore scheme only).
•Cisco 12KXR (ipcore scheme only).
•Cisco 3750ME (ipcore scheme only).
•Juniper M-Series routers.
In addition to usual registrations in the Product scheme, this scheme also includes the following registrations according to Device Components (DCs) and device queries using registrations:
•GenericForwardingInvestigator
–gre tunnel
–lse
–martini
–mpbgp
–mpls interfaces
–mpls te tunnels headend creator
–tunnel container
•GenericVrfInvestigator
–vrf interfaces
•LSE
–label switching table
–ldp local ip
–mpls te tunnels in lse
•MPLS
–mpls distribution protocol
–mpls te interface attribute
–mpls te interface properties
•MplsTETunnel
–mpls traffic engineering tunnel information
•PTPLayer2MplsTunnel
–Details
•MPBgp
–bgp neighbors
–bgp-process-state
–local bgp as
–local bgp identifier
•VRF
–RoutingTable
–VrfRoutingTarget
SNMP Tab
The SNMP tab enables you to support polling and accessing devices using SNMPv1, SNMPv2, or SNMPv3. Figure 6-2 shows the SNMP tab dialog box.
Figure 6-2 SNMP Tab
Note If a device does not have a unique SNMP Engine ID, Cisco ANA generates Device unreachable events with corresponding SNMP timeout messages in the AVM log file. These IDs are normally derived from the unique MAC address for the device and assigned automatically, but they can be specified by the user. We recommend that you avoid custom SNMP Engine IDs. If you do use them, make sure they are unique.
Table 6-7 describes the fields in the SNMP tab.
Table 6-7 New VNE SNMP Tab
Field
|
Description
|
Enable SNMP
|
To enable SNMP for the VNE:
1. Check the Enable SNMP check box.
2. Select the version of SNMP to use for this VNE:
–SNMP V1
–SNMP V2
–SNMP V3
Note SNMP can be enabled or disabled on a VNE at any time. However, when the Auto Detect option is selected in the General tab, it cannot be disabled. (For more information, see General Tab).
|
SNMP V1/V2 Settings
|
SNMP V1 and V2 fields are available only when SNMP is enabled.
|
Read
|
The SNMP Read Community status, Public or Private, as defined by the user.
|
Write
|
The SNMP Write Community status, Public or Private, as defined by the user.
|
SNMP V3 Settings
|
SNMP V3 fields are available only when SNMP V3 is chosen.
|
Authentication
|
In the drop-down list, choose the type of authentication to be used:
•No—Authentication is not required.
•md5—Uses Message Digest 5 (MD5) for the authentication mechanism.
•sha—Uses Secure Hash Algorithm (SHA) for the authentication mechanism.
|
User
|
Appears if you choose an authentication mechanism.
Enter the SNMP user name.
|
Password
|
Appears if you choose an authentication mechanism.
Enter the authentication password for this user.
|
Encryption
|
In the drop-down list, choose the encryption method:
•No—Encryption is not required.
•des—Uses Data Encryption Standard (DES) for encryption.
•aes128—Uses 128-bit Advanced Encryption Standard (AES) for authentication.
•aes192—Uses 192-bit AES for authentication.
•aes256—Uses 256-bit AES for authentication.
|
Password
|
Appears if you choose an encryption method.
Enter the user encryption password.
|
Telnet/SSH Tab
The Telnet/SSH tab enables you to define the Telnet command sequence and support SSH for device access (reachability) and investigation. See Configuring SSHv2 for more information about the SSH protocol. Figure 6-3 shows the Telnet/SSH tab dialog box.
Figure 6-3 Telnet/SSH Tab
Note The fields in the lower part of the Telnet/SSH tab change according to the selected protocol. If Telnet is chosen, the lower part of the tab is empty. If SSHv1 or SSHv2 is chosen, the related fields are displayed.
You cannot enable or disable fields.
See the following sections for information about configuring Telnet or SSH:
•Configuring Telnet
•Configuring SSHv1
•Configuring SSHv2
Configuring Telnet
To configure the VNE for Telnet access:
Step 1 In the Telnet/SSH tab, enter the following information:
Field
|
Description
|
Enable
|
Check this check box to enable the Telnet communication protocol for device access. When this check box is checked, the Prompt field is enabled.
Note Telnet can be enabled or disabled for a VNE at any time.
|
Protocol
|
Choose Telnet for device access and to define a login sequence.
|
Port
|
Displays the default port 23 for Telnet.
Enter the required port number if you are not using the default port.
|
Step 2 Configure the Telnet login sequence by entering the following information:
Table 6-8 Device Login Sequence Details
Field
|
Description
|
Prompt
|
Enter the prompt expected from the device for the selected protocol (Telnet or SSH), such as Username:.
|
Run
|
Enter the string to send to the device when the prompt is detected, such as a password.
|
Mask
|
This button is active only when you enter a value in the Prompt field.
To mask device credentials in the GUI with asterisks:
1. After you have entered the required information in the Prompt and Run fields, click Mask. The Password Controller dialog box opens.
2. In the New Password and Confirm Password fields, enter the required password.
3. Click OK. The Password Controller dialog box closes and the password appears in the Run field as asterisks.
|
Add
|
Adds the information in the Prompt and Run fields to the sequence table in their respective columns. The Run column in the sequence table displays the data in regular text or as asterisks depending on whether or not you masked the device credentials.
|
Remove
|
Removes the selected row from the sequence table.
|
Up
|
Moves the selected row up in the sequence table.
|
Down
|
Moves the selected row down in the sequence table.
|
Note The Telnet sequence (the order of the commands) must end with a line that includes only the prompt field as shown in Figure 6-4.
Figure 6-4 Telnet Sequence Ending With Prompt Field
1
|
Ending prompt required for Telnet
|
Note When creating a VNE for a Cisco CRS-1 or Cisco GSR device running Cisco IOS XR software, the device username must have root privileges.
Configuring SSHv1
To configure the VNE for SSHv1 access:
Step 1 In the Telnet/SSH tab, enter the following information:
Field
|
Description
|
Enable
|
Check this check box to enable the SSHv1 communication protocol for device access. When this check box is checked, the Prompt field is enabled.
Note Telnet and SSH can be enabled or disabled for a VNE at any time.
|
Protocol
|
Choose SSHv1 for device access and to define a login sequence. When you choose SSHv1, additional fields are displayed in the dialog box.
|
Port
|
Displays the default port 22 for SSH.
Enter the required port number if you are not using the default port.
|
Step 2 Configure the login sequence using the information provided in Table 6-8.
After an SSH session is established between the VNE and the device, the VNE starts the login sequence. This sequence is usually shorter than the corresponding Telnet login sequence, as the username or password might have been sent as part of establishing the SSH session.
We recommend that you first use any SSH client application, such as unix-ssh or openSSH, to view the valid device SSH login sequence and then add that sequence to the VNE configuration.
Step 3 Enter the required settings for SSHv1:
Field
|
Description
|
User Name
|
Enter the required username.
|
Password
|
Enter the required password.
|
Cipher
|
In the drop-down list, choose the encryption algorithm to be used to encrypt data:
•DES—Uses the DES algorithm for encryption.
•3DES—Uses the 3DES (Triple DES) algorithm for encryption.
•Blowfish—Uses the Blowfish algorithm for encryption.
|
Authentication
|
The only authentication method is by password.
|
Configuring SSHv2
SSH is a protocol that provides a secure session using standard cryptographic mechanisms.
To configure a VNE for SSHv2 access:
Step 1 In the Telnet/SSH tab, enter the following information:
Field
|
Description
|
Enable
|
Check this check box to enable the SSHv2 communication protocol for device access. When this check box is checked, the Prompt field is enabled.
Note Telnet and SSH can be enabled or disabled for a VNE at any time.
|
Protocol
|
Choose SSHv2 for device access and to define a login sequence. When you choose SSHv2, additional fields are displayed in the dialog box.
|
Port
|
Displays the default port 22 for SSH.
Enter the required port number if you are not using the default port.
|
Step 2 Configure the login sequence using the information provided in Table 6-8.
After an SSH session is established between the VNE and the device, the VNE starts the login sequence. This sequence is usually shorter than the corresponding Telnet login sequence, as the username or password might have been sent as part of establishing the SSH session.
We recommend that you first use any SSH client application, such as unix-ssh or openSSH, to view the valid device SSH login sequence and then add that sequence to the VNE configuration.
Step 3 Enter the required settings for SSHv2:
Field
|
Description
|
User Name
|
Enter the required username.
|
Client Authentication
|
In the drop-down list, choose the method of authentication:
•password—Uses the supplied password for authentication.
•public-key—Uses the key-pair system for authentication in which the client application is configured with the secret private key and the device is configured with the public nonsecret key of this pair.
|
Password
|
This field is enabled if you choose the password in the Client Authentication drop-down list.
Enter the required password.
|
Private Key
|
This field is enabled if you choose public-key in the Client Authentication drop-down list.
Enter the private key in one of the following ways:
•Copy and paste the key into this field.
•Click the button to the right of the field to upload a file from your system.
|
Public Key
|
This field is enabled if you choose public-key in the Client Authentication drop-down list.
(Optional) Enter the matching public key. If you enter the public key, the application verifies that the public and private keys are part of a pair.
|
Generate
|
This button is enabled when you enter information in the Private Key field.
(Optional) Click Generate to generate the matching public key using the private key information.
|
Server Authentication
|
Specifies the method that the device uses to identify itself to clients, so the clients are sure that the server is not an imposter.
Choose the method of server authentication:
•none—The server identity is never verified. Note that this method does not perform any authentication and is not recommended as it poses a security risk for "man-in-the-middle" attacks.
•save-first-auth—On the first connection attempt with the server, the connection is established and the public key is saved.
For all subsequent connections, authentication is performed against the data saved in the first connection. This method assumes the first connection was legitimate and compares all later connections to it. Note that a security risk still exists if the first connection was compromised.
•preconfigured—The server public key or fingerprint is configured in the application event before the first connection is attempted.
This is the default behavior and is the recommended security option.
For more information, see Server Authentication.
|
Finger Print
|
This field is enabled if you choose preconfigured for server authentication.
To use this method, select Finger Print, and then enter the checksum of the server public key. This option serves the same purpose as the server public key, but is much shorter.
|
Public Key
|
This field is enabled if you choose preconfigured for server authentication.
To use this method, select Public Key and then enter the server public key in one of the permitted formats. For more information, see Public Key and Private Key File Formats.
|
Algorithms
In each of the following categories, select at least one algorithm. For more information, see Supported Algorithms.
|
Key Exchange
|
•DH-group1-sha1—Uses the Diffie Hellman Group 1 with Secure Hash Algorithm (SHA) 1 for the key exchange algorithm.
•DH-group1-exchange-sha1—Uses the Diffie Hellman Group and Key Exchange with SHA 1 for the key exchange algorithm.
|
MAC
|
•SHA1—Uses SHA 1 for message authentication.
•MD5—Uses Message Digest algorithm 5 (MD5) for message authentication.
•SHA1-96—Uses 96-bit SHA 1 for message authentication.
•MD5-96—Uses 96-bit MD5 for message authentication.
|
Cipher
|
•3DES—Uses the 3DES block algorithm.
•AES-128—Uses the 128-bit AES algorithm.
•AES-192—Uses the 196-bit AES algorithm.
•AES-256—Uses the 256-bit AES algorithm.
|
Host Key Algorithm
|
•DSA—Uses the Digital Signature Authority (DSA) public-key algorithm.
•RSA—Uses the Rivest-Shamir-Adleman (RSA) public-key algorithm.
|
Server Authentication
Most of the devices that support SSH have a means of identifying themselves to the clients, so the clients are sure that the server is not an imposter.
The server has a permanent server public key and it passes it in each session negotiation. The client compares this public key to the known public key of the server. If they match, the client can be sure of the authenticity of the server.
There are several methods that a VNE uses for this authentication:
•none—The server identity is never verified. Note that this method does not perform any authentication and is not recommended as it poses a security risk for "man-in-the-middle" attacks.
•save-first-auth—On the first connection attempt with the server, the connection is established and the public key is saved.
For all subsequent connections, authentication is performed against the data saved in the first connection. This method assumes the first connection was legitimate and compares all later connections to it. Note that a security risk still exists if the first connection was compromised.
After the first connection, this option automatically changes to preconfigured and the public key data of the session is inserted as the preconfigured data.
•preconfigured—The server public key or fingerprint is configured in the application event before the first connection is attempted.
If the server fails to authenticate itself using the preconfigured data, the connection fails. This is the default behavior and is the recommended security option.
Preconfigured data can be of either of the following types:
–Public key for server public key in one of the permitted formats. See Public Key and Private Key File Formats.
–Fingerprint—Short checksum of the server public key. Serves the same purpose, but is much shorter.
Supported Algorithms
When defining a VNE in Cisco ANA, you must select at least one algorithm in each area (key exchange, Message Authentication Code (MAC), cipher, and host key algorithm). If more than one is selected, the application tries all algorithms until one is accepted by the server. There is no priority in the way the algorithms are tried.
Note Encryption algorithms can have multiple known versions. For example, 3DES has 3des-cbc, 3des-ecb, 3des-cfb, 3des-ofb, and 3des-ctr.
Cisco ANA supports the following algorithms commonly used in network devices:
•Key Exchange:
–diffie-hellman-group1-sha1
–diffie-hellman-group1-exchange-sha1
•MAC:
–HMAC-SHA-1
–HMAC-MD5
–HMAC-SHA1-96
–HMAC-MD5-96
•Cipher:
–3DES-CBC
–AES128-CBC
–AES192-CBC
–AES256-CBC
•Host key algorithm (up to 2048-bit keys are officially supported):
–DSA
–RSA
Public Key and Private Key File Formats
There are several file formats for public and private RSA and DSA keys. The same key can be written differently according to the format that is used.
This application officially supports the openSSH format. For more details, see http://www.openssh.com/manual.html.
Make sure that the keys you provide as input parameters are in this format. If they are not, you need to convert them to the open SSH format before applying them.
Use Case Example
When working with Cisco IOS, the public key is retrieved using the show crypto key mypubkey command. This format is not compatible with the OpenSSH format, and is not supported. There are several ways to convert the format.
The easiest solution is to use public key scan by the (free) openSSH application to retrieve the public key in the supported format. For more details, see http://www.openssh.com/manual.html.
Another option is to convert the files to the required format either manually or by using a script.
Examples of Valid File Formats
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDvdpW8ItfbSp/hTbWZJqCPmjRyh9S+EpTJ0Aq3fnGpFPTR+
TiOfhiuX5+M1cTaE/if8sScj6jE9A0MpShBrnDU/0A==
-----END RSA PRIVATE KEY-----
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQDNGO+l2XW+W+YtVnWSYbKXr6qkrH9nOl+
-----END DSA PRIVATE KEY-----
ssh-dss AAAAB3.........HfuNYu+ DdGY7njEYrN++iWs= aslehr@aslehr-wxp01
ssh-rsa AAAAB3...lot more...qc8Hc= aslehr@aslehr-wxp01
ICMP Tab
The ICMP tab enables repetitive sending of packets to a device to verify that the device is reachable. You can define the polling rate in seconds for the VNE. Click the ICMP tab to display the ICMP tab in the New VNE dialog box (see Figure 6-5).
Figure 6-5 ICMP Tab
Table 6-9 describes the fields in the ICMP tab.
Table 6-9 New VNE ICMP Tab
Field
|
Description
|
Enable
|
Check this check box to enable the user of the ICMP communication protocol to verify that the device is reachable.
|
Polling Rate
|
This field is available when the Enable check box is checked.
Enter the polling rate in seconds. If ICMP is enabled, this is a required field.
|
Polling Tab
The Polling tab enables you to:
•Associate a VNE with a previously created polling group.
•Customize polling intervals for a VNE. Different polling intervals can be defined for:
–Status—Typically the most frequently polled information, reflecting the current operational state of the element and its components.
–Configuration—Reflects more dynamic element configuration such as forwarding, routing, and switching tables.
–System—Reflects element configuration that is less dynamic in nature.
–Topology—Reflects topology connections at different layers.
In addition, a polling interval can be configured for a class of devices, such as all Cisco routers.
Caution Changing polling rates can result in excess traffic and cause the NE to crash.
Click the Polling tab to display the Polling tab dialog box (Figure 6-6).
Figure 6-6 Polling Tab
Table 6-10 describes the fields in the Polling tab.
Table 6-10 New VNE Polling Tab
Field
|
Description
|
Polling Method
|
Select the method of polling:
•Group—The VNE inherits the polling rates from the polling group chosen in the Group drop-down list.
•Instance—Changes the polling rates of any one of the built-in polling intervals displayed in the Polling Intervals area.
Note A polling rate that is not changed inherits its settings from the group specified in the Group drop-down list.
|
Group
|
This field is available when the polling method is Group.
Choose the required polling group. The default polling group is named default.
|
Polling Intervals
|
The Polling Intervals options are available only if you choose the Instance polling method.
|
Status
|
Sets the polling rate for status-related information, such as device status (up or down), port status, or admin status. The information is related to the operational and administrative status of the NE. The default setting is 180 seconds.
|
Configuration
|
Sets the polling rate for configuration-related information, such as VC tables or scrambling. The default setting is 900 seconds.
|
System
|
Sets the polling rate for system-related information, such as device name or device location. The default setting is 86400 seconds.
|
Topology
|
The Topology options are available only if you choose the Instance polling method.
|
Layer 1
|
Sets the polling rate of the topology process as an interval for the Layer 1 counter. This is an ongoing process. The default setting is 30 seconds.
|
Layer 2
|
Sets the polling rate of the topology process as an interval for the Layer 2 counter. This process is available on demand. The default setting is 30 seconds.
|
For more information about creating customized polling groups, see Chapter 7, "Managing Global Settings."
Caution We recommend that you use the default values for polling intervals. Setting the fields below the default values can result in an overload of the Cisco ANA unit or polled device.
Defining a Generic SNMP VNE
The generic SNMP VNE is a VNE that is not related to any vendor, can represent any vendor (with certain limitations), and provides lightweight management support for network devices.
The generic SNMP VNE provides basic management capabilities for a device with the following technologies:
•IP
•Ethernet switching
•802.q
Note IP support is restricted to basic IP only. It does not does include modeling of IPsec, MPLS, or routing protocols.
The generic SNMP VNE supports the following inventory items:
•Physical inventory (specific port types only)
•Routing table
•ARP table
•Default bridge
•IP interfaces
A generic SNMP VNE can be loaded in two ways:
•The VNE is loaded as a generic SNMP VNE when it is defined as a generic SNMP VNE by a user.
Cisco ANA Manage enables you to load a VNE as a generic SNMP VNE. You can do this by selecting the Generic SNMP option in the Type field of the New VNE dialog box. For more information about defining a generic SNMP VNE, see Defining VNEs.
•The VNE is loaded as a generic SNMP VNE when its type is not supported because the device type is not recognized.
If the device is not found in the deviceTypes list, it is currently unsupported and you can load the VNE as:
–An unsupported VNE
–A generic SNMP VNE
Every VNE in agentdefaults/da has the entry "load generic agent for unsupported device type," where you can set the value as true or false (the default). If the value is true, it sets 1.3.999.3 as the property. It looks for this property in agentdefaults/da/deviceTypes and finds sheer/genericda. It then skips the investigation of the device software versions and builds the VNE (generic SNMP) from the default version.
Polling System Configuration
The sysoid command and the software version command are used to poll the system configuration. The following parameters are available:
•interval—This parameter states the time in milliseconds required to wait before each poll. The default value is 180 seconds.
•retries—This parameter states how many retries are required to be performed before discontinuing the poll. The default is -1 and means that the retry is unlimited (always). If a positive value is defined, such as 10, this is the number of retries that occur before the VNE stops retrying.
Note There is an option to override the default settings, if required. Changing these settings must be done with the support of Cisco. For details, contact the Cisco Project Manager or Cisco Account Team.
VNEs and Device Software Updates
You do not need to manually restart a VNE after a upgrading the software on a device. When the VNE polls for configuration information, it will detect these kinds of changes and will restart itself. When the VNE reloads, it will update any required registry information, such as the VNE registry path.
For information on configuration polling cycles, see Polling Tab.
Viewing and Editing VNE Properties
Cisco ANA Manage enables you to view and edit the properties of a VNE in a unit, such as the status or Telnet settings. See Defining VNEs.
To edit the properties of a VNE:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch, then select the required AVM sub-branch in the tree pane.
Step 3 Open the VNE Properties dialog box in one of the following ways:
•Right-click the required VNE in the VNEs Properties table, then choose Properties.
•Choose File > Properties.
•Click Properties in the toolbar.
Step 4 View or update the properties as required (see Table 6-4).
For more details about the fields displayed in the VNE Properties dialog box, see Defining VNEs.
In addition to the fields displayed when adding a new VNE, the fields and buttons described in Table 6-11 are displayed.
Table 6-11 VNE Properties
Field
|
Description
|
VNE Status
|
The operational status of the VNE:
•Starting Up
•Up
•Shutting Down
•Down
•Unreachable
For more information on VNE status, see VNE Status.
|
Start
|
Starts the VNE if it has been stopped or is in maintenance mode. For more information, see Changing VNE States.
|
Stop
|
Stops the VNE if it is running or is in maintenance mode.
|
Maintenance
|
Moves the VNE to maintenance mode. If this is done when the VNE has been stopped, this has no impact on the VNE.
|
ANA Unit
|
The current unit that hosts the VNE.
|
AVM
|
The current AVM number, which changes according to the unit selected to show one of the available AVMs on that unit.
|
Step 5 Click Apply.
Step 6 Click OK. The VNE properties are updated with your entries.
Deleting a VNE
Cisco ANA Manage enables you to delete a VNE from a unit and AVM. This process stops the VNE if it is running and deletes all VNE references from the system and Golden Source. This includes the registry information of the VNE in the specified unit. A VNE that has been removed no longer appears in any future system reports.
Beginning with Cisco ANA 3.6.6, when you delete a VNE, you can also delete all Layer 3 VPN site and virtual router business element data associated with the VNE. If you choose to retain all site and virtual router business element data during this procedure, you can delete them manually by using Cisco ANA NetworkVision. For more information about deleting business elements using Cisco ANA NetworkVision, see the Cisco Active Network Abstraction 3.6.6 User Guide.
Since all VNE information is deleted, adding the VNE again requires you to enter all VNE information.
Note A VNE that has static links configured cannot be deleted without first removing all static links configured for the VNE. Dynamic links are automatically removed.
To delete a VNE:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch, then select the required AVM sub-branch.
Step 3 Right-click the required VNE in the VNEs Properties table, then choose Delete. A confirmation prompt is displayed.
Step 4 Click Yes to delete the VNE or No to retain the VNE. If you click Yes, a dialog box appears asking if you want to delete all Layer 3 VPN business element data for the VNE from Cisco ANA.
Step 5 Do one of the following:
•Click Yes to remove all Layer 3 VPN site and virtual router business element data from Cisco ANA.
This option removes all VPN business elements associated with the selected VNE from Cisco ANA. Cisco ANA updates the VPN toplogy views in Cisco ANA NetworkVision accordingly by removing the deleted business elements.
•Click No to retain the Layer 3 VPN site and virtual router business element data in Cisco ANA.
This option retains the VPN business element associated with the selected VNE in Cisco ANA. Cisco ANA updates the VPN topology views in Cisco ANA NetworkVision; the orphaned business elements are identified by a white X on a red background (
). To remove these orphaned business elements, delete them manually in Cisco ANA NetworkVision.
•Click Cancel to exit the procedure without deleting the VNE and its Layer 3 VPN site and virtual router business element data.
For more information about business elements and Cisco ANA NetworkVision, see the Cisco Active Network Abstraction 3.6.6 User Guide. For more information about Layer 3 VPNs, see Cisco Active Network Abstraction 3.6.6 Managing MPLS User Guide.
Changing VNE States
Cisco ANA Manage enables you to start or stop a VNE, or move a VNE to maintenance mode. Starting the VNE adds the VNE to the server bootstrap. Stopping the VNE removes the VNE from the server bootstrap.
During normal operation, NEs often undergo maintenance operations and planned outages such as software upgrades, hardware modifications, or cold reboots. The Cisco ANA platform supports such maintenance operations without affecting the overall functionality of the active network. Neighboring VNEs do not generate alarms that are related to links to or from the maintained VNE.
While in maintenance mode (a temporary state), a VNE:
•Does not change state on its own unless you explicitly (manually) switch the VNE back to active state.
•Never polls the device.
•Handles events for correlation flow issues, but does not poll the device.
•Does not initiate new service alarms, but might receive events from adjacent VNEs; for example, in the case of a link down alarm.
•Does not handle syslogs and traps even though the flows are active.
•Maintains the status of any existing links.
•Does not fail on verification requests.
However, you are not required to manually restart a VNE when you upgrade the device software. The VNE will automatically restart itself and update any required information. For more details, see VNEs and Device Software Updates.
A VNE blocks all provisioning flows that run through the VNE. A device in maintenance mode can be disconnected and restarted, and this does not result in link down alarms. Upon restart, the VNE receives only persistent information and returns to its latest known configuration. The topology links are renewed automatically.
Table 6-12 shows the icon used to indicate that a VNE is in maintenance mode.
Table 6-12 VNE Maintenance Icon
Icon
|
Description
|
|
Indicates that a VNE is in maintenance mode in Cisco ANA NetworkVision.
|
To change the state of a VNE or move it to maintenance mode:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch, and select the required AVM sub-branch in the tree pane.
Step 3 Select the required VNE in the VNEs Properties table.
Step 4 Perform one of the following actions:
•To start the VNE, right-click Actions > Start, or click Start in the toolbar.
•To stop the VNE, right-click Actions > Stop, or click Stop in the toolbar.
•To place in maintenance mode, right-click Actions > Maintenance, or click Maintenance in the toolbar.
Step 5 The state of the VNE changes based on your selection:
•If the VNE is started, a confirmation message is displayed. Click OK. An Up status is eventually displayed in the VNEs Properties table. You might see a Starting Up status if the Server is overloaded or if the VNE is still being loaded.
If the AVM hosting the VNE is in a Down status, the VNE status remains Starting Up until the AVM is brought up.
•If the VNE is stopped, a confirmation message is displayed. Click OK. A Down status is eventually displayed in the VNEs Properties table. You might see a Shutting Down status while processes are shutting down.
•If the VNE is moved to maintenance mode, a confirmation message is displayed. Click OK. A Maintenance status is displayed in the VNEs Properties table.
Moving Multiple and Single VNEs
Cisco ANA Manage enables you to move single and multiple VNEs between AVMs. The VNEs that are moved are unloaded. The status of the VNEs is maintained after they are reloaded.
To move one or more VNEs:
Step 1 Select the ANA Servers branch in the Cisco ANA Manage window.
Step 2 Expand the ANA Servers branch, and select the required AVM sub-branch in the tree pane. The VNEs are displayed in the workspace.
Step 3 Select one or more VNEs using the mouse or keyboard, then right-click one of the selected VNEs.
Step 4 Choose Move VNEs from the shortcut menu. The Move To dialog box is displayed.
The Move To dialog box displays a tree-and-branch representation of the selected Cisco ANA server, its units, and AVMs, excluding the AVM in which the VNE is currently located. The highest level of the tree displays the Cisco ANA server. The branches can be expanded and collapsed to display and hide information.
Step 5 In the Move To dialog box, browse to and select the AVM where you want to move the VNEs.
Step 6 Click OK. The VNE is moved to its new location, and now appears beneath the selected AVM in the VNEs Properties table.
Note You can verify that the VNE has been moved by selecting the appropriate AVM in the tree pane of the Cisco ANA Manage window (such as AVM 500-930000) and viewing the moved VNE in the VNEs Properties table.
Note The VNE that is moved is automatically unloaded and reloaded, and its status is maintained.
