Installing AMC and Performing Initial Configuration
Download this chapter
Installing AMC and Performing Initial ConfigurationInstalling AMC and Performing Initial Configuration
give_us_feedback

Table Of Contents

Configuring AON Devices

Getting Started with AMC

Generating a Java Keystore

Installing and Upgrading AMC

Performing an Unattended Installation or Upgrade of AMC

Answer File

Launching an Unattended Installation or Upgrade

Stopping, Starting, and Restarting AMC

Performing Initial Node Configurations

Configuration Prerequisites

Configuring a Cisco 8300 Series AON Appliance

Configuring Networking Parameters

Disabling Cisco Discovery Protocol

Configuring Networking Parameters on a Catalyst 6500 Series Switch

Configuring a VLAN under the Catalyst Operating System

Configuring a VLAN under Cisco IOS

Assigning IP Addresses to the AON-SM Interface

Configuring Network Parameters on a Cisco Modular Access Router

Configuring Nodes to Use SSH

Configuring Nodes to Register with the AMC


Configuring AON Devices

This chapter includes the following sections:

Getting Started with AMC

Performing Initial Node Configurations

Getting Started with AMC

This section describes how to install the AON Management Console (AMC). It includes the following sections:

Generating a Java Keystore (required)

Installing and Upgrading AMC (required)

Performing an Unattended Installation or Upgrade of AMC (optional)

Stopping, Starting, and Restarting AMC (optional)

Generating a Java Keystore

Before installing or upgrading AMC, you must obtain a certificate. This certificate must be in the form of a Java Keystore (.jks) file and be compatible with JDK 1.4.2 or later releases. Additionally, AMC accepts only the well-known certificate authorities included in the Java Runtime Environment (JRE) 1.4 truststore.

Note AMC accepts class 1, class 2, and class 3 certificates. For production environments, we recommend that you use only a class 3 certificate.

Prerequisite

Install the Java Runtime Environment and add the /bin directory to your path.

Step 1 To generate the key type the following on the command line of a Linux workstation: 

[root@linux opt]# keytool -genkey -alias <name> -keyalg <algorithm> -keysize <size> 
-validity <days> -keystore <filename> -storepass <password>

This command requires you to provide the following variables:

name = Select an alias name for your keystore.

algorithm = Specify either RSA or DSA. We recommend that you use RSA.

size = Specify the size of the key in bits. This value must be a multiple of 64 between 512 and 1024.

days = Specify the number of days your key will be valid.

filename = Specify the location and filename where you want your keystore file to be generated.

password = Specify he password used to protect your keystore file.

The following is a sample entry using the above variables: 

[root@linux]# keytool -genkey -alias test -keyalg rsa -keysize 512 -validity 365 
-keystore teststore -storepass password

Step 2 After pressing RETURN, you are prompted for information related to your organization and location. Enter the appropriate data. The values that follow are for illustrative purposes only:

Note When prompted for your first and last name, enter the hostname for the server on which AMC is to be installed. 

What is your first and last name?

  [Unknown]:  aon.hostname.com

What is the name of your organizational unit?

  [Unknown]:  Application-Oriented Networking

What is the name of your organization?

  [Unknown]:  Cisco Systems

What is the name of your City or Locality?

  [Unknown]:  San Jose

What is the name of your State or Province?

  [Unknown]:  California

What is the two-letter country code for this unit?

  [Unknown]:  US

Is CN=aon.hostname.com, OU=Application-Oriented Networking, O=Cisco Systems, L=San Jose, 
ST=CA, C=US correct?

  [no]:  yes

Enter key password for <test>

        (RETURN if same as keystore password):

Step 3 Enter the following command to view the details of your keypair. 

[root@linux opt]# ./keytool -list -v -keystore teststore  -storepass password

Keystore type: jks

Keystore provider: SUN


Your keystore contains 1 entry


Alias name: test

Creation date: April 20, 2005

Entry type: keyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=aon.hostname.com, OU=Application-Oriented Networking, O=Cisco Systems, L=San 
Jose, ST=California, C=US

Issuer: CN=aon.hostname.com, OU=Application-Oriented Networking, O=Cisco Systems, L=San 
Jose, ST=California, C=US

Serial number: 42768483

Valid from: Mon May 02 12:50:27 PDT 2005 until: Tue May 02 12:50:27 PDT 2006

Certificate fingerprints:

         MD5:  8E:C8:62:5F:30:3F:DE:47:80:75:9A:84:6D:B6:0E:EF

         SHA1: 28:0E:76:86:13:EC:B0:8D:B0:1E:73:A4:7D:87:D0:0F:55:81:E5:63

Note At this point, you do not have a keystore file with your keypair. Your keypair contains a self-signed certificate, which cannot be used with AMC until it is registered with a certificate authority.

Step 4 Generate a certificate signing request (CSR) for your keypair by entering the following command: 

[root@linux]# keytool -certreq -v -alias <alias_name> -file <outputfile> -keystore 
<keystore> -storepass <storepassword>

This command requires you to provide the following variables:

<alias_name> = The alias you created in Step 1.

<file> = The name of the file where the CSR is to be stored.

<keystore> = The name of the keystore file you created in Step 1.

<storepassword> = The password for the keystore file. 

[root@linux]# keytool -certreq -v -alias test -file testcert -keystore teststore 
-storepass password

Certification request stored in file <testcert>

Submit this to your CA

Step 5 Submit the CSR file (testcert in the above example) to your certificate authority. On successful submission, the CA will provide you with a .cer file that contains your production certificate.

Step 6 Import the .cer file from your CA into the keystore created in Step 1. 

[root@linux]# keytool -import -v -alias <alias> -file <cer_file> -keystore <keystore_file> 
-storepass <keystore_password>

This command requires you to provide the following variables:

<alias> = Alias created in Step 1.

<cer_file> = Path to the .cer file you received from CA.

<keystore_file> = keystore file created in Step 1.

<keystore_password> = The keystore password.

After you enter this command, information similar to the following is displayed: 

Owner: CN=aon.hostname.com, OU=Application-Oriented Networking, O=Cisco Systems, L=San 
Jose, ST=California, C=US

Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US

Serial number: 3a7a57a56046cce564ce7cc500995b21

Valid from: Sun Feb 06 16:00:00 PST 2005 until: Tue Feb 07 15:59:59 PST 2006

Certificate fingerprints:

MD5:  8E:C8:62:5F:30:3F:DE:47:80:75:9A:84:6D:B6:0E:EF

SHA1: 28:0E:76:86:13:EC:B0:8D:B0:1E:73:A4:7D:87:D0:0F:55:81:E5:63

Trust this certificate? [no]: yes

Certificate was added to keystore

[Saving ./CreateKeystore/teststore.jks]

Note Note the name and location of the .jks file. You will need it each time you install or upgrade AMC.

Installing and Upgrading AMC

Cisco distributes the AMC application in two formats, a package that installs a fresh copy of AMC, and a package that upgrades an AMC but preserves the existing database of nodes, properties, logs, and other settings. The instructions that follow assume installation in the /opt/amc directory. However, you can install AMC in any directory of your choosing.

Requirements

You must install AMC on a local disk. AMC cannot run on a network file system.

You must obtain a certificate from a certificate authority before installing or upgrading AMC. The keystore information must be in the Java Keystore format with a .jks extension. See the "Generating a Java Keystore" section for instructions. AMC accepts only the well-known certificate authorities included in the Java Runtime Environment (JRE) 1.4 truststore.

It is possible to install multiple instances of AMC on a single server if each AMC uses a unique set of TCP ports. We recommend that this be done only in testing or training environments. A given node cannot be managed by more than one AMC, and we recommend that a production AON environment include no more than one AMC.

If you are upgrading AMC, be sure to deactivate any active nodes.

Caution If you are upgrading AMC, be sure to read the latest AON Release Note before running the upgrade package. The new release note may contain critical upgrade procedures beyond those described below. Failure to follow the procedure described in the release note may result in data loss or corruption.

Step 1 Download the installation file and use the chmod command to make it executable. 

[root@linux opt]# chmod +x aon-amc_<version>_lnx.bin

Step 2 Execute the installer. 

[root@linux opt]# ./aon-amc_<version>_lnx.bin 

Preparing to install...

Step 3 Enter the directory in which AMC is to be installed. The /opt/amc directory is the default, although any directory is acceptable. 

Enter the directory to install the AMC to [/opt/amc]:

Directory "/opt/amc" does not exist - create? [y|n]:y

Extracting archive.

Configuring paths.

Configuring the ports that the AMC will listen on

If you are installing more than one AMC, these values

must be unique to each installation.

Step 4 Enter the port on which AMC will listen for HTTPS requests. 7010 is the default. 

Enter a port for https [7010]:7010

Step 5 Enter the port on which AMC will listen for traffic from nodes. 7011 is the default. 

Enter a port for communication with AON nodes [7011]:7011

Step 6 Enter the port on which AMC will listen for shutdown signals. 7025 is the default. 

Enter a port for server shutdown signals [7025]:7025

Step 7 Enter the port on which AMC will listen for database transactions. 2638 is the default. 

Enter a port for the database [2638]:2638

Step 8 Enter the logging level to be used while AMC runs. 

Enter AMC logging level (TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [INFO]:error

AMC can use one of the following logging levels:

TRACE

DEBUG

INFO

NOTICE

WARN

ERROR

FATAL

Note In production environments, we recommend that only ERROR or FATAL log levels be used. More verbose log levels can have an adverse affect on the performance of AMC.

Step 9 Enter the size of the log file in kilobytes. When the log size is exceeded, AMC saves it as a backup and generates a new log file. 

Enter log file rollover threshold size (KB) [1024]:1024

Step 10 Enter the number of backup logs to keep. When the number of backup logs is exceeded, AMC discards the oldest file. 

Enter number of backup logs to keep [5]:5

Step 11 AMC uses a keystore file for communication with AON nodes. Enter the path and filename for this keystore. 

The AMC requires a keystore file and password

to communicate with the AON node.

Enter the path to the keystore file:/root/amcKeystore.test.cisco.com.jks

Note The path to amcKeystore shown above is for illustrative purposes. You must provide the path to an actual Java keystore in order to complete the installation.


Step 12 If the keystore file has multiple keypairs, enter the name for the pair you want to use. 

You may optionally enter a keyname within the keystore.

Enter a keyname, otherwise enter none [none]:none

Step 13 Enter the password associated with the keystore. 

Enter a password for this keystore:

about to load the root certs

Loading /opt/test080107/admin/security/keystores/ciscocerts/cap-rtp-003.cer

Loading /opt/test080107/admin/security/keystores/ciscocerts/cisco-root.cer

Loading /opt/test080107/admin/security/keystores/ciscocerts/cisco-manu-ca.cer

Loading /opt/test080107/admin/security/keystores/ciscocerts/cisco-manu-ca-dev.cer

Loading /opt/test080107/admin/security/keystores/ciscocerts/cisco-test-ca-2048.cer

Using existing ciscoamc group

Using existing ciscoamc user

Setting permissions for AMC installation...

Configuring AMC service to start at boot...

Step 14 Enter y to start AMC now or n to start it later. 

Would you like to run the AMC now? [y|n]:y

Starting AMC Database...Done.

Starting AMC...Done.

AMC logfile is /opt/amc/log/amc.log

Installation successful.

To uninstall, run '/opt/amc/bin/amcSetup uninstall'.

Step 15 Use a Web browser to navigate to the AMC log-in page to confirm that the installation was successful. The URL is https://hostname:7010/amc. Replace hostname in this URL with the name or IP address for the server running AMC. The default user name and password are aonsadmin.

Note For best results, we recommend you use Microsoft Internet Explorer 6 with AMC.

Performing an Unattended Installation or Upgrade of AMC

AMC version 2.4 includes the ability to install the application in a non-interactive fashion. By providing a text file that contains the answers to the questions asked during the installation or upgrade of AMC, you can configure the installer to perform the operation without prompting you for additional details.

Answer File

The text file used to perform an unattended installation or upgrade is called an answer file. It has the following requirements:

The answer file must contain all of the configuration parameters and in the order listed below.

Individual parameters must be enclosed in single quotes in order to be correctly interpreted by the shell.

There must be no spaces on either side of the equal sign.

A sample answer file is shown in Example 1-1.

Example 1-1 Sample Answer File 

INSTALL_DIR='/opt/amc'

CREATE_INSTALL_DIR='y'

OVERWRITE_AMC='y'

CONFIRM_BKUP='y'

BKUP_DIR='/tmp'

HTTPS_PORT='7010'

HTTPS_INT_PORT='7011'

SHUTDOWN_PORT='7025'

DB_PORT='2638'

AMC_LOG_LEVEL='INFO'

AMC_LOG_MAXFILESIZE='1024'

AMC_LOG_MAXBACKUPS='5'

KEYSTORE_PATH='/opt/amcKeystore.10.4.1.200.jks'

KEYSTORE_KEYNAME='none'

KEYSTORE_PASSWD='password'

PROJ_PRE='abc'

PROJ_NAME='USER_PROJ'

RESTORE_BKUP='y'

START_AMC='y'

Table 1-1 shows the parameters configured by the answer file.

Table 1-1 Answer File Parameters  

Parameter
Description
Value

INSTALL_DIR

Path to be used for installation or upgrade

Valid path on the server's local file system

CREATE_INSTALL_DIR

Specifies whether to create the installation directory if it does not already exist

n—causes installation to fail if directory does not exist

y—causes the directory to be created

OVERWRITE_AMC

Specifies whether any files found in the existing directory should be overwritten

n—causes installation to fail if files exist in the directory

y—causes files to be deleted

CONFIRM_BKUP

Specifies whether to back up the existing installation directory

n—causes installation to fail if directory does not exist

y—causes the directory to be created

BKUP_DIR

Location where backup file is to be written

Valid path on the server's file system

HTTPS_PORT

TCP port to be used for web access to AMC

Any unused TCP port

HTTPS_INT_PORT

TCP port to be used for communication between nodes and AMC

Any unused TCP port

SHUTDOWN_PORT

TCP port to be used by AMC shutdown

Any unused TCP port

DB_PORT

TCP port to be used by the AMC database

Any unused TCP port

AMC_LOG_LEVEL

Message severity threshold for the AMC log

One of the following values:

DEBUG

INFO

NOTICE

WARN

ERROR

FATAL

AMC_LOG_MAXFILESIZE

Maximum size of AMC log file in kilobytes

Any integer

AMC_LOG_MAXBACKUPS

Maximum number of backup logs to be kept

Any integer

KEYSTORE_PATH

Location of the keystore used to configure the certificate for node-AMC communication

Valid path on the server's file system

KEYSTORE_KEYNAME

Optional key name within the keystore

Specify the key name or use none if there is no key name

KEYSTORE_PASSWD

Keystore password

Keystore password

PROJ_PRE

Specifies the project prefix.

Must begin with an alphanumeric character. Can include letters, numbers, hyphens, and underscores. Not to exceed 50 characters.

PROJ_NAME

Specifies the project name.

Must begin with an alphanumeric character. Can include letters, numbers, hyphens, and underscores. Not to exceed 256 characters.

RESTORE_BKUP

Specifies whether to restore from backup should the upgrade fail

n—AMC installer terminates after failed upgrade

y—AMC installer restores from backup file after

START_AMC

Specifies whether to launch AMC after the installation completes

n—AMC installer terminates after installation is complete

y—AMC installer launches AMC after installation completes


Launching an Unattended Installation or Upgrade

Unattended installations and upgrades are performed with same software packages you use to perform a standard installation or upgrade. This accomplished by including the path to the answer file when you execute the installation or upgrade package.

Example 1-2 shows sample output from an unattended installation.

Example 1-2 Sample Unattended Installation of AMC 

[root@cisco root]# ./aon-amc_version_k9_lnx.bin /root/MyAnswerFile

Preparing to install...

Installation directory read from answer file: /opt/amc

Directory "/opt/amc" does not exist, and is being created.

Extracting archive.

Configuring paths.

Configuration read from answer file: /root/MyAnswerFile

INSTALL_DIR         = /opt/amc

CREATE_INSTALL_DIR  = y

OVERWRITE_AMC       = y

CONFIRM_BKUP        = n

HTTPS_PORT          = 7010

HTTPS_INT_PORT      = 7011

SHUTDOWN_PORT       = 7025

DB_PORT             = 2638

AMC_LOG_LEVEL       = INFO

AMC_LOG_MAXFILESIZE = 1024

AMC_LOG_MAXBACKUPS  = 5

KEYSTORE_PATH       = /amcKeystore.cisco.com.jks

KEYSTORE_KEYNAME    = none

KEYSTORE_PASSWD     = <hidden>

PROJ_PRE            = abc

PROJ_NAME           = USER_PROJ

RESTORE_BKUP        = n

START_AMC           = y


The AMC requires a keystore file and password

to communicate with the AONS node.

about to load the root certs

Loading /opt/testamc/admin/security/keystores/ciscocerts/cap-rtp-003.cer

Loading /opt/testamc/admin/security/keystores/ciscocerts/cisco-root.cer

Loading /opt/testamc/admin/security/keystores/ciscocerts/cisco-manu-ca.cer

Loading /opt/testamc/admin/security/keystores/ciscocerts/cisco-manu-ca-dev.cer

Loading /opt/testamc/admin/security/keystores/ciscocerts/cisco-test-ca-2048.cer

Using existing ciscoamc group

Using existing ciscoamc user

Setting permissions for AMC installation...

Configuring AMC service to start at boot...

Finalizing installation...

Done.

AMC is being started

Starting AMC Database...Done.

Starting AMC...Done.

AMC logfile is /opt/testamc/log/amc.log

Installation successful.

To uninstall, run '/opt/testamc/bin/amcSetup uninstall'.

Stopping, Starting, and Restarting AMC

During the installation process, the AMC daemon (amcd) is configured to run when the server on which it is installed starts up, and it stops when the server is shut down. You might, however, have need to stop, start or restart the AMC daemon independently of the server. The examples that follow show how to do this.

Example 1-3 Shutting Down AMC 

[root@linux]# /opt/amc/bin/amcd stop

Stopping AMC...waiting for services to complete...Done.

Stopping AMC Database...Done.

Example 1-4 Starting AMC 

[root@linux]# /opt/amc/bin/amcd start

Starting AMC Database...Done.

Starting AMC...Done.

Example 1-5 Restarting AMC 

[root@linux]# /opt/amc/bin/amcd restart

Stopping AMC...waiting for services to complete...Done.

Stopping AMC Database...Done.

Starting AMC Database...Done.

Starting AMC...Done.

Performing Initial Node Configurations

AON nodes have no direct console access, so the first configuration task for an AON service module (AON-SM), an AON enhanced service module (AON-NME), or an AON network module (AON-NM) is to define IP address and subnet masks for the AON interface. See the following sections for configuration tasks for AON nodes. Each task in the list is identified as either required or optional.

Configuration Prerequisites (required)

Configuring a Cisco 8300 Series AON Appliance (required)

Configuring Networking Parameters on a Catalyst 6500 Series Switch (required)

Configuring Network Parameters on a Cisco Modular Access Router (required)

Configuring Nodes to Use SSH (optional)

Configuring Nodes to Register with the AMC (required)

Caution AON network modules do not support online insertion and removal. Always power off the router before inserting or removing a module. You need not take this precaution before removing an AON-SM from a switch.

Configuration Prerequisites

This guide assumes that your switch, router, or AON appliance is properly installed. Additionally, switches and routers that will house AON nodes must be configured for basic IP communications and have their AON modules installed. See the following platform documentation if necessary:

Cisco 8300 Series AON Appliance Hardware Installation Guide

http://lbj.cisco.com/targets/ucdit/cc/td/doc/product/aon/aonmod/8300/8300hig/index.htm

Catalyst 6500 Series Switch Installation Guide

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/6000hw/inst_aug/index.htm

Catalyst 6500 Series Switch Module Installation Guide

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/6000hw/mod_inst/index.htm

Cisco Modular Access Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/index.htm

Cisco Network Modules Hardware Installation Guide
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/hw_inst/nm_inst/nm-doc/index.htm

Configuring a Cisco 8300 Series AON Appliance

A Cisco 8300 AON Appliance arrives from the factory with AON software preinstalled. In order to configure an appliance, you must connect a terminal server to the serial port on the rear of the appliance. For instructions on connecting a terminal server, see the Cisco 8300 Series AON Appliance Hardware Installation Guide. This section includes the following topics:

Configuring Networking Parameters

Disabling Cisco Discovery Protocol

Configuring Networking Parameters

Perform the following steps to configure networking parameters:

Step 1 With your terminal server connected, power on the appliance and allow it to boot. When the appliance is ready for configuration, a Password :  prompt is displayed. Enter the default password of aonsadmin. 

                 Welcome to Cisco AON Engine

                     (Version: 1.1.0.189)


Fri Nov  4 03:24:41 PST 2005

AON boot: hit RETURN to set boot flags: 0002


Available boot flags (enter the sum of the desired flags):

  0x0000 - exit this menu and continue booting normally

  0x2000 - disable login security


[AON boot - enter bootflags (type '-' to exit)]: 0x0000

You have entered boot flags = 0x0

Boot with these flags? [yes]: y

Boot with these flags? [yes]: yes


********** rc.aesop ****************

Setting timezone: No timezone configured

Loading Tarari Drivers...

SUCCESS: Loaded Tarari Drivers

Loading Cisco WCCP module

wccp: v1.00 (20000327), debug=0

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

Serial Number: 99C7523

Reading Manifest...done.

Doing Certificate Check

Certificate Check Done

INIT: Entering runlevel: 2

********** rc.post_install ****************

INIT: Switching to runlevel: 4

INIT: Sending processes the TERM signal


 waiting 51 ...

Password :

Step 2 Enter configuration terminal mode. 

defaulthost> configure terminal

Enter configuration commands, one per line.  End with exit.

Step 3 Enter interface configuration mode for Gigabit Ethernet Interface 1 

defaulthost(config)> interface gigabitethernet 1

Note The appliance includes three gigabit ethernet connectors, however, only Gigabit Ethernet 1 is supported in AON version 1.1.

Step 4 Enter the IP address and subnet mask to be used by the appliance, then exit interface configuration mode. 

defaulthost(config-interface)> ip address 192.168.56.106 255.255.255.0

WARNING!!! Changing interface IP address will disrupt connectivity and traffic!

defaulthost(config-interface)> exit

SYSTEM ONLINE

Step 5 Configure the default gateway to be used by the appliance. A default gateway is required even if all AON devices are on the same LAN segment. 

defaulthost(config)> ip default-gateway 192.168.56.1

Step 6 Configure the domain name to be used by the appliance. 

defaulthost(config)> ip domain-name cisco.com

Step 7 Configure the domain name servers to be used by the appliance. 

defaulthost(config)> ip name-server 192.168.168.183 192.168.226.120

Step 8 Configure the NTP server to be used by the appliance. 

defaulthost(config)> ntp server 192.168.156.11

Step 9 Configure the hostname to be used by the appliance. 

defaulthost(config)> hostname aon-appliance

Step 10 Enable secure shell (SSH) access for the appliance. 

aon-appliance(config)> ssh enable

Step 11 Change the default password. 

aon-appliance(config)> login password unencrypted mypassword

Note For a detailed description of SSH and login passwords, see the "Configuring Nodes to Use SSH" section.

Step 12 Exit configuration mode, and save the new configuration. 

aon-appliance(config)> exit

aon-appliance> write memory

Disabling Cisco Discovery Protocol

Cisco Discovery Protocol (CDP) is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those devices. CDP is enabled by default, and the appliance sends CDP Version-1 (CDPv1) advertisements. It receives both CDPv1 and CDPv2 advertisements. Example 1-6 shows CDP being disabled.

If you do not need CDP, you should disable it.

Note Only the Cisco 8300 Series AON Appliance supports CDP at this time.

Example 1-6 Disabling CDP 

aon-appliance> configure terminal

Enter configuration commands, one per line.  End with exit.

aon-appliance(config)> no cdp run

aon-appliance(config)> exit

aon-appliance> write memory

Note You can use cdp run to enable CDP again if necessary.

Configuring Networking Parameters on a Catalyst 6500 Series Switch

You must configure a VLAN for the AON-SM, then assign an IP address to it. These tasks are covered in the following sections:

Configuring a VLAN under the Catalyst Operating System (required for Catalyst operating system)

Configuring a VLAN under Cisco IOS (required for Cisco IOS)

Assigning IP Addresses to the AON-SM Interface (required)

Configuring a VLAN under the Catalyst Operating System

You must configure a VLAN for the AON-SM by completing the following steps:

Step 1 Create a VLAN to be used by the AON node. 

Router> (enable) set vlan 100

VTP advertisements transmitting temporarily stopped,

and will resume after the command finishes.

Vlan 100 configuration successful

Step 2 Assign the VLAN to the AON node. 

Router> (enable) set vlan 100 5/2

VLAN 100 modified.

VLAN 1 modified.

VLAN  Mod/Ports

---- -----------------------

100   5/2


Vlan 100 is active.

Router> (enable)

Configuring a VLAN under Cisco IOS

You must configure a VLAN for the AON-SM by completing the following steps:

Step 1 Enter configuration terminal mode. 

MSFC# configure terminal


Enter configuration commands, one per line.  End with CNTL/Z.

Step 2 Create a VLAN to be used by the AON node. 

MSFC(config)# vlan 100

Step 3 Make the VLAN active, then exit configuration terminal mode. 

MSFC(config-vlan)#state active 

MSFC(config)# exit

Step 4 Assign the VLAN to the AON-SM. 

MSFC(config)# AON module 6 vlan 100

Step 5 Enter interface configuration mode for the VLAN. 

MSFC(config)# interface vlan 100

Step 6 Assign an IP address and subnet mask to the VLAN. 

MSFC(config-if)# ip address 192.168.22.36 255.255.255.0

Assigning IP Addresses to the AON-SM Interface

To assign IP addresses to the AON service module running in a Catalyst 6500 series switch, perform the following steps:

Note During start up, the AON-SM retrieves the system time from the switch. Ensure that NTP is configured on the switch before you configure the AON-SM.

Step 1 If this is an active node for which you are assigning a new IP address, use AMC to deactivate it.

Step 2 Open a session to the AON-SM, then enter configuration terminal mode. 

Router# session slot number processor number

The default escape character is Ctrl-^, then x.

You can also type 'exit' at the remote prompt to end the session

Trying 127.0.0.31 ... Open



               Welcome To Cisco AON Engine



aon-node> enable

aon-node# configure terminal

Step 3 Select an interface to configure. 

aon-node(config)# interface GigabitEthernet 2

Note At this time, AON supports only the GigabitEthernet 2 interface.

Step 4 Specify the IP address for the interface, then exit interface configuration mode. 

aon-node(config-interface)#ip address 192.168.3.11 255.255.255.0

aon-node(config-interface)#end

Step 5 Specify the IP address for the default gateway, then exit configuration terminal mode. A default gateway is required even if all AON devices are on the same LAN segment. 

aon-node(config)#ip default-gateway 192.168.3.1

aon-node(config)#end

Step 6 Save the configuration in NVRAM. 

aon-node# write memory

Step 7 Proceed to the "Configuring Nodes to Register with the AMC" section to continue configuring the AON-SM.

Configuring Network Parameters on a Cisco Modular Access Router

To assign IP addresses to the AON network module running in a router, perform the following steps:

Note During start up, the AON-NM retrieves the system time from the router. Ensure that NTP is configured on the router before you configure the AON-NM.

Step 1 If this is an active node for which you are assigning a new IP address, use AMC to deactivate it.

Step 2 Establish a session to the router and enter configuration mode for the AON network module interface.

For AON-NME: 

Router(config)# interface integrated-service-engine 1/0

For AON-NM: 

Router(config)# interface AON-engine 1/0

Note If your router is running a version of Cisco IOS prior to Cisco IOS Release 12.4(9)T, the AON-NM interface is referred to as AONS-Engine.

Step 3 Specify that FastEthernet 0/0 interface is unnumbered. 

Router(config-if)# ip unnumbered FastEthernet 0/0

Step 4 Configure an IP address for the interface used by the AON network module. 

Router(config-if)# service-module ip address 10.4.1.184 255.255.255.0

Step 5 Specify the default gateway used by the AON network module. A default gateway is required even if all AON devices are on the same LAN segment. 

Router(config-if)# service-module ip default-gateway 10.4.1.183

Step 6 Bring up the AON network module interface. 

Router(config-if)# no shutdown

Step 7 Exit configuration mode. 

Router(config-if)# exit

Step 8 Configure IP routing on the router. 

Router(config)# ip routing

Step 9 Define a static IP route to the AON network module.

For AON-NME: 

Router(config)# ip route 10.4.1.184 255.255.255.255 integrated-service-engine 1/0

For AON-NM: 

Router(config)# ip route 10.4.1.184 255.255.255.255 AON-engine 1/0

Step 10 Define a static IP route to the default gateway. 

Router(config)# ip route 0.0.0.0 0.0.0.0 10.4.1.1

Step 11 Exit configuration mode. 

Router(config)# exit

Step 12 Save the configuration in NVRAM. 

Router# write memory

Configuring Nodes to Use SSH

Using the default configuration, you connect to a node's command-line interface using telnet or a serial interface. AON nodes running release 1.1 and later versions can be configured to use secure shell (SSH). When SSH is used, all traffic between the node and your SSH client is encrypted. Additionally, SSH enables users to configure a node without providing access to the switch or router command-line interface. To configure a node to use SSH, perform the following steps:

Step 1 In the node's configuration terminal mode, use the ssh enable command to enable ssh. 

aon-node(config)> ssh enable

Note Until you complete Step 2, the default password to gain secure access to a node is aonsadmin.

Step 2 Use the login password command to configure a password for SSH access. This command accepts either encrypted or plaintext passwords.

To enter a plain text password: 

aon-node(config)> login password unencrypted cisco

To enter an MD5 encrypted password 

aon-node(config)> login password encrypted $1$7v.O130F$xGo.LUNGt0eYxWTCZ/McQ

Step 3 Exit configuration terminal mode and save the configuration. 

aon-node(config)> exit

aon-node> write memory

Step 4 Verify the configuration by using an SSH client to connect to the IP address assigned to the node. 

[root@linux root]# ssh admin@10.4.1.92

The authenticity of host '10.4.1.92 (10.4.1.92)' can't be established.

RSA key fingerprint is 50:fa:d4:7e:46:e3:7b:2f:17:0d:e6:9f:d0:b4:1e:d5.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '10.4.1.92' (RSA) to the list of known hosts.

admin@10.4.1.92's password:

Note The only username permitted to connect to an AON node is admin.

Configuring Nodes to Register with the AMC

In order to register with the AMC, the AON node must be configured with connection details for both itself and the AMC. To complete this task, perform the following steps:

Step 1 Enter configuration terminal mode on the AON node, then create an AON configuration ID. A configuration ID can be any combination of letters and numbers. 

AON-node (config)# AON config abc create

Step 2 Configure the hostname or IP address of AMC. This is used by the AON node to communicate with AMC. 

AON-node (config)# AON config abc amc host 10.1.1.1

Step 3 Assign an IP address to the AON management agent. 

AON-node (config)# AON config abc ama host 10.1.1.2

Step 4 Activate the AON configuration. 

AON-node (config)# AON config abc activate

Step 5 Specify a network time protocol (NTP) server that the node can use to maintain accurate time. 

AON-node (config)# ntp server 10.1.1.10

Step 6 Specify the domain name of the node. 

AON-node (config)# ip domain-name cisco.com

Step 7 Specify the DNS server to be used by the node. 

AON-node (config)# ip name-server 10.1.10.10

Step 8 Exit configuration terminal mode. When AON asks to restart, enter n. 

AON-node (config)# exit

CAUTION!! Configuration changed. Need to restart AON.

Confirm restart[y]? n

Step 9 Use the write memory command to save the AON configuration to nonvolatile memory, then restart AON. 

AON-node> write memory

AON-node> AON restart force

!!CAUTION!! Restarting all processes right away.

Are you sure[n]? y

Start counting down before restart



This may take a while longer...

After the AON restart is complete, the node attempts to register with the AMC. The AMC ignores these attempts until a node with the proper credentials has been added.

Step 10 Use the show version command to obtain the module serial number (highlighted below). You need this information when you create a new node in AMC. 

AON-node> show version

CPU Model:                    Pentium III (Coppermine)

CPU Speed (MHz):              498.675

CPU Cache (KByte):            256

Chassis Type:                 C2691

Chassis Serial:               12345678901

Module Type:                  NM-AON-K9

Module Serial:                FOC082313YY

AON:                          0.0.0.409

AMA:                          0.0.0.409

Step 11 Use the write memory command to save the configuration 

AON-node> write memory