-
User Guide for CiscoView Device Manager for Cisco Catalyst 6500 Series Switch (CVDM-C6500) 1.1
-
Preface
-
Getting Started
-
System Settings (Switch > Systems)
-
Ports/Interface Management (Switch > Ports)
-
VLAN and VTP Management (Swtich > VLAN)
-
Spanning Tree Settings
-
Virtual Routing and Forwarding Instances Management (Switch > VRF)
-
Service Module Configuration (Services > Flows)
-
Service Module Setup Wizards
-
Service Module Setup
-
Index
-
Table Of Contents
Configuring the Firewall Module
Configuring VLANs in a VLAN Group
Using the Firewall Module/Context Setup Wizards
Configuring the Outside Interface
Configuring the Inside Interface
Configuring Firewall Interfaces
Configuring the SSL Services Module
Editing SSL Services Module Information
Editing VPN Crypto Connections
Deleting VPN Crypto Connections
Configuring the Network Analysis Module
Editing SNMP Community Strings
Using the NAM Configuration Wizard
Configuring Basic IP Parameters
Intrusion Detection System Services Module
Configuring the Intrusion Detection System Services Module
Configuring Basic IP Parameters
Wireless LAN Services Module (WLSM)
Editing WLSM Service Detail Information
Configuring the Wireless Network on the Supervisor (Optional)
Configuring Authentication on WLSM
Configuring WLSE and SNMP Settings (Optional)
Configuring Authentication Lists
Content Switching Module with SSL
Service Module Setup
To enable CVDM-C6500 to effectively manage the modules on your device, you need to provide credentials for each module. For example, the Firewall Services Module (FWSM) ships with PIX Device Manager (PDM). However, before you can launch PDM from the FWSM or access the FWSM via telnet/SSH, you need to make use of the bootstrap functionality provided by CVDM-C6500. This functionality and service-level overview page are provided for the following modules:
•
Intrusion Detection System Services Module
•
•
Firewall Services Module
Firewalls protect inside networks from unauthorized access by users on an outside network. A firewall can also protect inside networks from each other; for example, by keeping a human resources network separate from a user network. If you have network resources that need to be available to an outside user such as a web or FTP server, you can place these resources on a separate network behind the firewall, called a demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ includes only the public servers, an attack there affects only the servers and does not affect the other inside networks.
You can also control outside access by inside users (for example, access to the Internet) by allowing only certain addresses out, by requiring authentication or authorization, or by coordinating with an external authentication, authorization, and accounting (AAA) server.
When discussing networks connected to a firewall, the outside network is in front of the firewall, the inside network is protected and behind the firewall, and the DMZ, while behind the firewall, allows limited access to outside users. Because the Firewall Services Module (FWSM) allows you to configure many interfaces with varied security policies, including inside interfaces, DMZs, and even outside interfaces, if desired, these terms are used in a general sense only.
If you do not provide credentials for the FWSM, you will not be able to:
•
•
•
•
For more information on credentials, see Understanding User Credentials.
Note
Configuring the Firewall Module
To access the firewall module overview page (see Figure 9-1), click Services at the top of the window, click Firewall from the left-most pane, and then click Firewall: Slot X from the selector.
Figure 9-1 Firewall Page
From the firewall module overview page, you can:
•
•
•
•
The following table describes the information provided on the Firewall module overview page.
Setup Wizard button
Click to open the firewall module setup wizard. See Using the Firewall Module/Context Setup Wizards for more information.
Launch PDM button
Click to open PDM. You must first configure the module using the setup wizard before you can access this application.
Note
Descriptor field
Textual identifier of this module.
Model field
Model number of this module.
Slot Number field
Device slot in which this module is located.
Status field
Current status of this module.
Software Version field
Software version of this module.
Hardware Version field
Hardware version of this module.
Firmware Version field
Firmware version of this module.
Serial Number field
Serial number of this module.
Total Memory field
Total memory available on this module.
Total Flash field
Total flash memory available on this module.
Service Details pane
This pane lists applicable service detail information. See Service Details for more information.
VLAN Groups pane - root node selected
When the root node is selected in the VLAN Groups selector, this pane lists the VLAN groups that are configured on this device. See Configuring VLAN Groups for more information.
VLAN Groups pane - VLAN group selected
When a VLAN group is selected in the VLAN Groups selector, this pane lists the VLANs associated with that VLAN group. See Configuring VLANs in a VLAN Group for more information.
Service Details
The following table lists the information provided in the Service Details pane.
Host Name field
Name of this module.
Domain Name field
Name of the domain to which the host belongs.
PDM Version field
Version of PDM installed on this module.
CPU Usage field
Percentage of CPU resources being used by this module.
Memory Usage field
Percentage of Flash memory being used by this module.
Number of Firewall Interfaces field
Number of firewall interfaces configured on this module.
Note
Number of Firewall Contexts field
Number of firewall contexts configured on this module.
Note
Number of Assigned VLANs field
Number of VLANs assigned on this module.
HTTP Server field
Indicates whether the HTTP server is enabled on this module.
Note
Edit button
Click to edit the information provided in the Service Details pane. See Editing Service Details for more information.
Editing Service Details
Step 1
Step 2
Step 3
Configuring VLAN Groups
When the root node is selected in the VLAN Groups selector, the information in the following table is displayed.
VLAN Groups selector
Displays the VLAN groups that are configured on the device.
VLAN Group column
Numerical identifier for this VLAN group.
VLAN IDs column
VLANs that belong to this VLAN group.
Assigned column
Indicates whether this VLAN Group has been assigned to the firewall module.
VLAN Group button
With a VLAN group in the table selected, click and then select one of the following:
•
•
Add button
Click to add a VLAN group. See Adding a VLAN Group for more information.
Edit button
Click to edit the selected VLAN group. See Editing a VLAN Group for more information.
Delete button
Click to delete the selected VLAN group.
Adding a VLAN Group
Step 1
Step 2
Step 3
Group ID field
Enter the numerical identifier for the VLAN group.
Assign this Group to Firewall: Slot X check box
Select to assign this VLAN group to the selected firewall module.
Selected VLANs field
Indicates the VLANs to be added to the VLAN group. Do one of the following:
•
to open the Enter VLAN Range dialog box. See Entering a VLAN Range for more information.
•
VLAN ID column
Numerical identifier for a VLAN.
Add column
Select the check box for the VLANs you want to add to the VLAN group.
Editing a VLAN Group
Step 1
Step 2
•
•
The Edit VLAN Group dialog box appears.
Step 3
Group ID field
Numerical identifier for the selected VLAN group. This field cannot be edited.
Assign this Group to Firewall: Slot X check box
Select to assign this VLAN group to the selected firewall module.
Selected VLANs field
Indicates the VLANs that belong to the selected VLAN group. To make changes, do one of the following:
•
•
VLAN ID column
Numerical identifier for the VLAN. This field cannot be edited.
Add column
Select the check box for the VLANs you want to add to or remove from the selected VLAN group.
Entering a VLAN Range
Step 1
Step 2
•
•
Note
Step 3
Step 4
For example, to add VLANs 22 through 27 and VLAN 35 to a VLAN group, you would enter
(22-27,35).Selecting a VLAN Group
This dialog box lists the VLAN groups that are configured on the device, as well as the VLANs associated with each group. Select a VLAN group and then click OK to continue.
Configuring VLANs in a VLAN Group
When a VLAN group is selected in the VLAN Groups selector, the information in the following table is displayed.
VLAN Groups selector
Displays the VLAN groups that are configured on the device.
Misconfigured VLAN graphic:
Indicates that the VLAN is configured incorrectly on this device.
VLAN ID column
Numerical identifier for this VLAN.
VLAN Name column
Name of this VLAN.
Ports column
Ports that belong to this VLAN in Access and/or Trunk mode.
Add button
Click to add a VLAN to the selected VLAN group. See Adding a VLAN to a VLAN Group for more information.
Edit button
Click to edit the selected VLAN. See Editing a VLAN in a VLAN Group for more information.
Delete button
Click to delete the selected VLAN.
Adding a VLAN to a VLAN Group
Step 1
Step 2
Step 3
VLAN ID field
Specify the VLAN to be added to the selected VLAN group.
Click
and then select one of the following:
•
•
•
Access Ports field
Specify the access ports associated with this VLAN.
Click
Trunk Ports field
Specify the trunk ports associated with this VLAN.
Click
Editing a VLAN in a VLAN Group
Step 1
Step 2
Step 3
•
•
The VLAN Group X: Edit VLAN dialog box appears.
Step 4
VLAN ID field
Numerical identifier for the selected VLAN. This field cannot be edited.
Access Ports
Edit the access ports associated with this VLAN.
Click
Trunk Ports
Edit the trunk ports associated with this VLAN.
Click
Using the Firewall Module/Context Setup Wizards
CVDM-C6500 provides three wizards that allow you to perform the initial configuration of either a Firewall Services Module (FWSM) or a context defined on that FWSM:
•
•
•
Note
After completing one of these wizards, you can run the PIX Device Manager (PDM) application to perform more advanced configuration.
Navigation
To launch either the Firewall Module Setup Wizard or the Multi Mode Firewall Module Setup Wizard, do one of the following:
Procedure A
Step 1
Procedure B
Step 1
Step 2
Step 3
To launch the Firewall Context Setup Wizard, click Services at the top of the window, click Firewall from the left-most pane, select a context from the selector, and then click Setup Wizard.
Wizard Steps
The wizards consist of the following steps:
1.
Note
2.
3.
4.
Configuring the Admin Context
On this page of the wizard, you configure the Admin context on the firewall module. To do so, enter the information specified in the following table.
Note
Note
Configuring the Outside Interface
On this page of the wizard, you configure the outside interface for either the firewall module (single and multiple mode setup wizards) or the selected context (context setup wizard). To do so, enter the information specified in the following table.
Note
Outside VLAN list
Specify the VLAN associated with the outside interface.
Click
•
•
•
Interface field
Enter the name of the outside interface.
IP Address field
Enter the IP address of the outside interface.
Mask list
Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Security Level (0-100) field
Enter the security level for the outside interface. Higher values indicate higher security levels. By default, the value of this object is 0.
VLAN Group list
Specify the VLAN group associated with the outside interface.
Click
Configuring the Inside Interface
On this page of the wizard, you configure the inside interface for either the firewall module (single and multiple mode setup wizards) or the selected context (context setup wizard). If you run the wizard after an inside interface has already been configured, the current credentials will be displayed. You can either keep these credentials or make the necessary changes.
To configure the inside interface, enter the information specified in the following table.
VLAN list
Specify the VLAN associated with the inside interface.
Click
•
•
•
Interface field
Enter the name of the inside interface.
IP Address field
Enter the IP address of the inside interface.
Mask list
Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Security Level (0-100) field
Enter the security level for the inside interface. Higher values indicate higher security levels. By default, the value of this object is 100.
VLAN Group list
Specify the VLAN group associated with the inside interface.
Click
Enable HTTP Server check box
Select to enable the HTTP server on the firewall module (in single or multiple mode) or the selected context (in multiple mode).
Enable HTTP Access to this host with IP address <ip address>
Select to grant the specified device access to the firewall module (in single or multiple mode) or the selected context (in multiple mode).
Configuring Static Routes
On this page of the wizard, you configure static routes for the selected interface on either the firewall module (single and multiple mode setup wizards) or the selected context (context setup wizard). These static routes are used to route packets.
Note
To configure static routes for the selected interface on the firewall module, enter the information specified in the following table.
Summary
In this dialog box, you can view a summary of the settings entered in the firewall module/context setup wizards. Click Finish to configure the device with these settings.
After completion of a wizard, you can launch PDM by clicking Launch PDM in the module's overview page. Use this application to make more advanced configuration changes.
Security Context Overview
You can partition a single FWSM into multiple virtual firewalls, known as security contexts. Each context is an independent system, with its own security policy, interfaces, and administrators. Multiple contexts are equivalent to having multiple standalone firewalls.
The FWSM runs in one of two modes: single mode or multiple mode. In single mode, any changes made affect the entire module. In multiple mode, a number of contexts are configured with only one having administrative privileges at any given time: the Admin context. Unlike in single mode, the changes made to a context in multiple mode apply only to that context.
Note
Configuring Firewall Contexts
The Contexts overview page displays the firewall contexts configured on this module. Keep in mind that context management is only available in multiple mode.
To access this page, click Services at the top of the window, click Firewall from the left-most pane, and then select Contexts from the selector.
The following table describes the information provided on this page.
Name column
Name of the context.
Description column
Description of the context.
Config URL column
Configuration URL for the context.
Allocated VLANs column
Number of VLANs allocated to the context.
Add button
Click to add a context. See Adding a Context for more information.
Edit button
Click to edit the selected context. See Editing a Context for more information.
Delete button
Click to delete the selected context.
Adding a Context
Step 1
Step 2
Step 3
Name field
Enter the name of the context.
Config URL field
Enter the configuration URL for the context.
You can download a context from either a server (FTP, TFTP, HTTP, or HTTPS) or the local disk. The URL syntax for each is as follows:
•
•
where server type is the type of server, server is the IP address of the appropriate server, path is the directory that contains the context file, and filename is the name of the context file.
Please note the following:
•
•
•
Description field
Enter a description of the context.
Make This Firewall Context the Admin Context check box
Select to designate this context as the Admin context.
VLAN ID column
Numerical identifier of the VLAN. This field cannot be edited.
Allocate check box
Select to allocate the selected VLAN to the context.
Alias column
Enter the alias for the VLAN.
VLAN Group column
Specify the VLAN group to which the VLAN belongs.
Click
Add button
Click to open the Enter VLAN Range dialog box.
Entering a VLAN Range
Editing a Context
Step 1
Step 2
Note
Step 3
Name field
Name of the selected context. This field cannot be edited.
Config URL field
Configuration URL for the selected context. This field cannot be edited.
Description field
Edit the description of the selected context.
Make This Firewall Context the Admin Context check box
Select to designate this context as the Admin context. Note that this option is not available if the selected context is already the Admin context.
VLAN ID column
Numerical identifier of the VLAN. This field cannot be edited.
Allocate check box
Select to allocate the selected VLAN to this context.
Alias column
Edit the alias for the VLAN.
VLAN Group column
Edit the VLAN group to which the VLAN belongs.
Click
Firewall Context Details
The Firewall Contexts Details page displays the parameters for the selected firewall context. To access this page, click Services at the top of the window, click Firewall from the left-most pane, and then select a context from the selector.
The following table describes the information provided on this page.
Editing Context Details
Step 1
Step 2
Step 3
Allocate VLAN
Step 1
Step 2
Step 3
VLAN ID list
Specify the VLAN to be allocated to the selected context.
Click
•
•
•
Alias field
Enter the alias for this VLAN.
VLAN Group field
Specify the VLAN group to which this VLAN belongs.
Click
Edit Allocated VLAN
Step 1
Step 2
Step 3
VLAN ID field
Numerical identifier of the selected VLAN. This field cannot be edited.
Alias field
Edit the alias for the selected VLAN.
VLAN Group field
Edit the VLAN group to which this VLAN belongs.
Click
Configuring Firewall Interfaces
The Interfaces overview page displays the firewall interfaces configured on this module. Although this page looks the same in both single and multiple modes, keep in mind that:
•
•
Note
To access this page, click Services at the top of the window, click Firewall from the left-most pane, and then select Interfaces (for either the module in single mode or the selected context in multiple mode) from the selector.
The following table describes the information provided on this page.
Misconfigured VLAN graphic:
Indicates that the VLAN is configured incorrectly on this device.
VLAN ID column
Corresponding VLAN for an interface.
VLAN Name column
Name of the corresponding VLAN for an interface.
Interface Name column
Name of an interface.
IP Address/Mask column
IP address/mask of an interface.
Security Level (0-100) column
Security level set for the interface. Higher values indicate higher security levels.
•
•
Add button
Click to add an interface. See Adding a Firewall Module Interface for more information.
Edit button
Click to edit the selected interface. See Editing a Firewall Module Interface for more information.
Delete button
Click to delete the selected interface.
Adding a Firewall Module Interface
Step 1
Step 2
Step 3
VLAN ID list
Specify the VLAN associated with the interface.
Click
•
Note
•
•
Interface Name field
Enter the name of the interface.
IP Address field
Enter the IP address of the interface.
Mask field
Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
VLAN Group field
Specify the VLAN group associated with the interface.
Click
Security Level (0-100) field
Enter the security level for the interface. Higher values indicate higher security levels.
•
•
Editing a Firewall Module Interface
Step 1
Step 2
Note
Step 3
VLAN ID field
VLAN associated with the selected interface. This field cannot be edited.
Interface Name field
Name of the selected interface. This field cannot be edited.
IP Address field
Edit the IP address of the selected interface.
Mask field
Edit the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
VLAN Group field
Edit the VLAN group associated with the selected interface.
Click
Security Level (0-100) field
Edit the security level for the selected interface. Higher values indicate higher security levels.
•
•
Configuring Static Routes
The Static Routes overview page displays the static routes configured on the firewall module. To access this page, click Services at the top of the window, click Firewall from the left-most pane, and then select Static Routes (for either the module in single mode or the selected context in multiple mode) from the selector.
Note
The following table describes the information (identical in both single and multiple modes) provided on this page.
Interface Name column
Name of the interface on which a route is configured.
VLAN ID column
Corresponding VLAN for a static route.
Destination IP Address/Mask column
Destination network address of a static route.
Mask field
Subnet mask to which the network address belongs. You can either type a value or select a value from the list.
Next Hop column
IP address of the next hop device.
Metric column
Route metric configured for a static route.
Add button
Click to add a static route. See Adding a Static Route for more information.
Edit button
Click to edit the selected static route. See Editing a Static Route for more information.
Delete button
Click to delete the selected static route.
Adding a Static Route
Step 1
Step 2
Step 3
Editing a Static Route
Step 1
Step 2
Note
Step 3
Configuring HTTP Rules
The HTTP Rules overview page displays the rules configured on the firewall module. Although this page looks the same in both single and multiple modes, keep in mind that:
•
•
Note
To access this page, click Services at the top of the window, click Firewall from the left-most pane, and then select HTTP Rules (for either the module in single mode or the selected context in multiple mode) from the selector.
The following table describes the information provided on this page.
Interface Name column
The interface an HTTP rule is configured on.
VLAN ID column
ID of the corresponding VLAN for an HTTP rule.
Allowed IP Address column
IP/network address of an HTTP rule.
Allowed Network Mask column
Subnet mask to which the specified IP/network address belongs.
Add button
Click to add an HTTP rule. See Adding an HTTP Rule for more information.
Edit button
Click to edit the selected HTTP rule. See Editing an HTTP Rule for more information.
Delete button
Click to delete the selected HTTP rule.
Adding an HTTP Rule
Step 1
Step 2
Step 3
Editing an HTTP Rule
Step 1
Step 2
Note
Step 3
Content Switching Module
The Content Switching Module (CSM) integrates advanced Layer 4 through Layer 7 content switching into the Cisco Catalyst 6500 Series Internet router. The CSM provides high-performance, high-availability load balancing while taking advantage of the complete set of Layer 2, Layer 3, and quality-of-service (QoS) features inherent to the platform. The CSM load-balances all common IP protocols across firewalls, web servers, caches, and other network devices.
To access the CSM overview page (see Figure 9-2), click Services at the top of the window, click Content from the left-most pane, and then click CSM: Slot X from the selector.
Figure 9-2 CSM Page
Configuring the CSM
From the CSM overview page, you can:
•
•
–
–
•
The following table describes the information provided in the CSM overview page.
Launch CVDM-CSM button
Click to open the CSM Device Manager application.
Descriptor field
Textual identifier of this module.
Model field
Model number of this module.
Slot Number field
Device slot in which this module is located.
Status field
Current status of this module.
Software Version field
Software version of this module.
Hardware Version field
Hardware version of this module.
Firmware Version field
Firmware version of this module.
Serial Number field
Serial number of this module.
SLB Mode field
Current server load balancing (SLB) mode configured for this module.
Note
Number of CSM VLANs field
Number of VLANs configured on this module.
Number of Virtual Servers field
Number of virtual servers active on this module.
Misconfigured VLAN graphic:
Indicates that the VLAN is configured incorrectly on this device.
VLAN ID column
Numerical identifier assigned to a VLAN.
VLAN Name column
Name assigned to a VLAN.
IP Address/Mask column
IP address/mask of a VLAN.
Ports columns
Indicates the ports that belong to a particular VLAN in Access or Trunk mode.
Type column
Indicates whether the VLAN is a client or server VLAN.
Route button
Click to open the Routes dialog box. See Configuring Static Routes for more information.
Add button
Click to add a VLAN to the module. See Adding a CSM VLAN for more information.
Edit button
Click to edit the selected VLAN. See Editing a CSM VLAN for more information.
Delete button
Click to delete the selected VLAN from this module.
Note
CSM VLANs
Adding a CSM VLAN
Step 1
Step 2
Step 3
VLAN ID field
Specify the VLAN you want to add to this module.
Click
•
•
•
VLAN Type list
Specify whether this is a server or client VLAN.
IP Address field
Enter the IP address of the VLAN.
Mask field
Enter the subnet mask to which the IP address specified in the IP Address field belongs. You can either type a value or select one from the list.
Access Ports field
Specify the access ports associated with this VLAN.
Click
Trunk Ports field
Specify the trunk ports associated with this VLAN.
Click
IP Address field
IP address of an alias. This field cannot be edited.
Add button
Click to add an alias IP address. See Adding an Alias IP Address for more information.
Delete button
Click to delete the selected alias IP address.
IP Address field
IP address of a gateway. This field cannot be edited.
Add button
Click to add a gateway IP address. See Adding a Gateway IP Address for more information.
Delete button
Click to delete the selected gateway.
Route button
Click to manage the static routes configured on the module. See Configuring Static Routes for more information.
Editing a CSM VLAN
Step 1
Step 2
Note
Step 3
VLAN ID field
Numerical identifier of the selected VLAN. This field cannot be edited.
VLAN Type field
Specify whether this is a server or client VLAN.
IP Address field
Edit the IP address of the selected VLAN.
Mask field
Edit the subnet mask to which the IP address specified in the IP Address field belongs. You can either type a value or select one from the list.
Access Ports field
Edit the access ports associated with this VLAN.
Click
Trunk Ports field
Edit the trunk ports associated with this VLAN.
Click
IP Address field
IP address of an alias. This field cannot be edited.
Add button
Click to add an alias IP address. See Adding an Alias IP Address for more information.
Delete button
Click to delete the selected alias IP address.
IP Address field
IP address of a gateway. This field cannot be edited.
Add button
Click to add a gateway IP address. See Adding a Gateway IP Address for more information.
Delete button
Click to delete the selected gateway.
Route button
Click to manage the static routes configured on the module. See Configuring Static Routes for more information.
IP Addresses
Adding an Alias IP Address
Step 1
Step 2
•
•
Step 3
Step 4
Adding a Gateway IP Address
Step 1
Step 2
•
•
Step 3
Step 4
Configuring Static Routes
In the Routes dialog box, you can manage the routes configured for the selected VLAN. The following table describes the information provided here.
Destination IP Address column
IP address of the destination network.
Mask column
Subnet mask of the destination network.
Next Hop column
IP address of the next hop.
Add button
Click to add a static route. See Adding a Static Route for more information.
Delete button
Click to delete the selected route from the VLAN it is associated with.
Adding a Static Route
Step 1
Step 2
Note
Step 3
Step 4
SSL Services Module
The SSL Services Module is an integrated service module that terminates secure sockets layer (SSL) transactions and accelerates the encryption and decryption of data used in SSL sessions.
Configuring the SSL Services Module
You can view information about the SSL Services Module, services running on the SSL Services Module, and VLANs running on the SSL Services Module. Click Services at the top of the window, click SSL in the left-most pane, and select SSL: Slot X from the selector to display the SSL page (see Figure 9-3).
Note
Figure 9-3 SSL Page
If you do not have the proper credentials for the SSL Services Module, CVDM-C6500 does not display the following information:
•
•
For more information on credentials, see Understanding User Credentials.
This page provides the following information:
Note
From this page, you can access functions to do the following:
•
•
•
•
Editing SSL Services Module Information
Step 1
Step 2
Step 3
Host Name field
Enter the name of the host module.
Domain Name field
Name of the domain to which this module belongs.
Selected VLANs field
Select the VLANs that are allowed on the SSL Services Module. Click
This field is not displayed for the SSL Services Module portion of the CSM-S.
VLANs column
Number (ID) of the VLAN.
This field is not displayed for the SSL Services Module portion of the CSM-S.
Allowed check box
Click the check box corresponding to the VLANs that you want to allow on the SSL Services Module.
This field is not displayed for the SSL Services Module portion of the CSM-S.
Step 4
Adding SSL VLANs
Step 1
Step 2
Step 3
VLAN field
Specify the number (ID) of the SSL VLAN. Click
•
•
Note
You can select Clear VLAN to clear the entry.
IP Address field
Enter the IP address of the SSL VLAN.
Mask list
Specify the subnet mask of the SSL VLAN from the list.
Gateway field
Enter the gateway address.
Make Admin VLAN check box
Select to make this VLAN an admin VLAN.
When you configure VLANs on the SSL Services Module, configure one of the VLANs as an admin VLAN. The admin VLAN is used for all management traffic. The system adds the default route through the gateway of the admin VLAN.
Destination IP Address field
Enter the destination IP address for a static route for servers that are one or more Layer 3 hops away from the SSL Services Module.
Destination Netmask list
Select the destination subnet mask for a static route for servers that are one or more Layer 3 hops away from the SSL Services Module.
Next Hop field
Enter the next hop to which to route the packet.
Step 4
Editing SSL VLANs
Step 1
Step 2
Step 3
Step 4
Deleting SSL VLANs
Step 1
Step 2
Step 3
VPN Module
Configuring Virtual Private Networks (VPNs) using the VPN Services Module is similar to configuring VPNs on routers running Cisco IOS software. When you configure VPNs with the VPN module, you attach crypto maps to VLANs (using interface VLANs); when you configure VPNs on routers running Cisco IOS software, you configure individual interfaces. CVDM-C6500 allows you to connect interface VLANs and port VLANs via crypto connections.
Configuring the VPN Module
You can view the information about your VPN module. Click Services at the top of the window, click VPN in the left-most pane, and select VPN: Slot X from the selector to display the VPN page (see Figure 9-4).
Figure 9-4 VPN Page
This page provides the following information:
From this page, you can access functions to do the following:
•
•
•
Adding VPN Crypto Connections
Step 1
Step 2
Step 3
Interface VLAN field
Specify the interface VLAN, which is the Layer 3 VLAN that contains only the VPN module inside port.
Before a router can forward the packets using the correct routing table entries, the router needs to know which interface that a packet was received on. For each port VLAN, you need to create another VLAN so that the packets from every switch outside port are presented to the router with the corresponding VLAN number.
Note
You can create a VLAN or select from an available VLAN.
Click
•
•
You can select Clear VLAN to clear the VLAN that is specified in this field.
IP Address field
Enter the IP address of the interface VLAN.
Mask field
Enter the subnet mask of the interface VLAN.
Crypto Map field
Specify the crypto map attached to the interface VLAN.
Click
You can also clear the crypto map entry by clicking
Connection Mode radio button
Specify if you want the outside VLAN attached to an access or trunk port or to a VLAN. You can select the Access/Trunk or Routed Port radio button.
If you select the Access/Trunk radio button, do the following:
•
–
–
You can select Clear VLAN to clear the VLAN that is specified in this field.
•
•
If you select the Routed Port radio button, you must select a routed port. From the Routed Port field, click
Step 4
Select Crypto Dialog Box
Select Routed Ports Dialog Box
Editing VPN Crypto Connections
Step 1
Step 2
Step 3
Interface VLAN field
Number (ID) of the inside VLAN. You cannot edit this field.
IP Address field
Enter the IP address of the inside VLAN.
Mask list
Select the subnet mask of the inside VLAN.
Crypto Map field
Select the crypto map attached to the interface VLAN.
Click
You can clear this entry by clicking
Connection Mode radio button
Specify if you want the outside interface attached to an access or trunk port or to a VLAN. You can select the Access/Trunk or Routed Port radio button.
If you select the Access/Trunk radio button, do the following:
•
–
–
You can select Clear VLAN to clear the VLAN that is specified in this field.
•
•
If you select the Routed Port radio button, you must select a routed port. From the Routed Port field, click
Step 4
Deleting VPN Crypto Connections
Step 1
Step 2
Step 3
Adding VPN VLANs
You can add a VPN VLAN from the Flows page. For more information, see "Service Module Configuration (Services > Flows)."
Step 1
Step 2
Step 3
Step 4
VLAN field
Specify the VPN VLAN.
You can create a VLAN or select from an available VLAN.
Click
•
•
You can select Clear VLAN to clear the entry.
Interface (Inside) radio button
Select this radio button to make the VPN VLAN an interface VLAN; the interface VLAN is a Layer 3 VLAN that contains only the VPN module inside port.
If you select the Interface (Inside) radio button, do the following:
•
•
•
Click
You can click Clear Selection to clear your entry.
•
Port (Outside) radio button
Select this radio button to create the VPN VLAN on the outside port; the outside port handles all traffic going to and coming from the local LAN or outside ports.
Step 5
Editing VPN VLANs
You can edit an interface VLAN from the Flows page. For more information, see "Service Module Configuration (Services > Flows)."
Step 1
Step 2
Step 3
Step 4
Note
VLAN field
Number (ID) of the VPN VLAN.
Interface (Inside) radio button
Specifies that this is a VPN VLAN on an interface VLAN; the interface VLAN is a Layer 3 VLAN that contains only the VPN module inside port.
IP Address field
Enter the IP address of the VPN VLAN.
Mask list
Select subnet mask address of the VPN VLAN.
Crypto Map field
Specify the crypto map attached to the interface VLAN.
Click
You can click Clear Selection to clear your entry.
Admin Status list
Select the admin status (up or down) of the VPN VLAN.
Step 5
Deleting VPN VLANs
Step 1
Step 2
Step 3
Step 4
Network Analysis Module
The Network Analysis Module (NAM) is an interface module installed in the Catalyst 6500 Series switches. The NAM monitors and analyzes network traffic using remote monitoring (RMON), RMON Extensions for Switched Networks (SMON), and other management information bases (MIBs).
The NAM Traffic Analyzer software is embedded in the NAM and gives you browser-based access to the RMON1, RMON2, SMON, DSMON, and voice monitoring features of the NAM. You use this software to troubleshoot and monitor network availability and health.
If you do not provide credentials for the NAM, you will not be able to do the following:
•
•
•
To access the NAM overview page (see Figure 9-5), click Services at the top of the window, click NAM from the left-most pane, and then click NAM: Slot X from the selector.
Figure 9-5 NAM Page
Configuring the Network Analysis Module
From the NAM overview page, you can:
•
•
•
The following table describes the information provided on the NAM overview page.
Setup Wizard button
Click to open the NAM setup wizard.
Launch NAM Traffic Analyzer button
Click to open NAM Traffic Analyzer.
Note
Descriptor field
Textual identifier of the module.
Model field
Model number of the module.
Slot Number field
Device slot in which the module is located.
Status field
Current status of the module.
Software Version field
Software version of the module.
Hardware Version field
Hardware version of the module.
Firmware Version field
Firmware version of the module.
Serial Number field
Serial number of the module.
Host Name field
Name of the host module.
Domain Name field
Name of the domain to which the module belongs.
IP Address field
IP address of the module.
Subnet Mask field
Subnet mask to which the module's IP address belongs.
Default Gateway field
IP address of the default gateway associated with the module.
IP Broadcast field
IP broadcast address of the module.
Name Server(s) field
IP address of the name servers associated with the module.
Edit button field
Click to launch the Edit NAM Service Details dialog box.
Management VLAN field
Indicates the VLAN configured for module access.
HTTP Server field1
Indicates whether the HTTP server is enabled.
HTTP Secure Server field1
Indicates whether the HTTP secure server is enabled.
Note
HTTP Port field
Port used by the HTTP server.
HTTP Secure Port field
Port used by the HTTP secure server.
Telnet field
Indicates whether Telnet access into the module is enabled.
SSH field
Indicates whether SSH access into the module is enabled.
Note
SNMPv1 field
Indicates whether SNMPv1 is enabled.
SNMPv2C field
Indicates whether SNMPv2C is enabled.
Edit button
Click to launch the Edit NAM Access Details dialog box.
Community String field
Name of a community string configured on the module.
Type field
Indicates whether the community string is read-only or read-write.
Add button
Click to launch the Add SNMP Community String dialog box.
Edit button
With a community string selected, click to launch the Edit SNMP Community String dialog box.
Delete button
Click to delete the selected community string.
1 HTTP and secure HTTP cannot be enabled at the same time.
Editing NAM Service Details
Step 1
Step 2
Step 3
Editing NAM Access Details
Step 1
Step 2
Step 3
Note
Management VLAN list
Specify the VLAN configured for module access.
Click
•
•
•
HTTP Port field
Enter the port used by the HTTP server.
HTTP Secure Port field
Enter the port used by the HTTP secure server.
HTTP radio button
Select to enable the HTTP server on the module.
Secure HTTP radio button
Select to enable the Secure HTTP server on the module.
Telnet check box
Select to enable Telnet access into the module.
SSH check box
Select to enable SSH access into the module.
Adding SNMP Community Strings
Step 1
Step 2
Step 3
Editing SNMP Community Strings
Step 1
Step 2
Step 3
Using the NAM Configuration Wizard
In this wizard, you can perform the initial configuration of the NAM. After completing the wizard, you can run the NAM Traffic Analyzer application to perform more advanced configuration of the module. To access the wizard, click Services at the top of the window, click NAM from the left-most pane, and then click Setup Wizard.
The wizard consists of two steps:
1.
2.
Note
Configuring Basic IP Parameters
To configure the basic IP parameters for the NAM, enter the information specified in the following table.
Host Name field
Enter the name of the host module.
Domain Name field
Enter the name of the domain to which this module belongs.
IP Address field1
Enter the IP address of the host module.
Note
Mask list
Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Note
Default Gateway field1
Enter the default gateway for the host module.
IP Broadcast field
Enter the IP broadcast address of the host module.
Name Servers pane
Enter the IP address of the name servers associated with this module.
Note
1 The values specified in these fields must belong to the same subnet.
Configuring Access Parameters
To configure the access parameters for the NAM, enter the information specified in the following table.
Management VLAN list
Specify the VLAN configured for module access.
Click
•
•
•
HTTP Port field
Enter the port used by the HTTP server.
HTTP Secure Port field
Enter the port used by the HTTP secure server.
HTTP radio button
Select to enable the HTTP server on the module.
Secure HTTP radio button
Select to enable the Secure HTTP server on the module.
Web User field1
Enter the login name for the web user.
Password field1
Enter the password for the web user.
Confirm Password field1
Re-enter the password for the web user.
Telnet check box
Select to enable Telnet access into the module.
SSH check box
Select to enable SSH access into the module.
Read Only field
Enter the appropriate read-only community string for the module.
Read Write field
Enter the appropriate read-write community string for the module.
1 This field is available only if a web user has not already been configured and either the HTTP or Secure HTTP radio button is selected.
Wizard Summary
In this dialog box, you can view a summary of the settings entered in the NAM setup wizard. Click Finish to configure the device with these settings.
After completion of the wizard, you can launch NAM Traffic Analyzer by clicking Launch NAM Traffic Analyzer on the NAM overview page. Use this application to make more advanced configuration changes to the module.
Intrusion Detection System Services Module
The Intrusion Detection System Services Module (IDSM) is a switching module that performs network sensing: real-time monitoring of network packets through packet capture and analysis. The IDSM captures network packets, then reassembles and compares this data against a rule set indicating typical intrusion activity. Network traffic is either copied to the IDSM based on security VLAN access control lists (VACLs) in the switch or is routed to the IDSM via the switch's Switched Port Analyzer (SPAN) feature. Both methods allow user-specified traffic based on switch ports, VLANs, or traffic type to be inspected.
If you do not provide credentials for the IDSM, you will not be able to do the following:
•
•
•
To access the IDSM overview page (see Figure 9-6), click Services at the top of the window, click IDS from the left-most pane, and then click IDS: Slot X from the selector.
Figure 9-6 IDS Page
Configuring the Intrusion Detection System Services Module
From the IDSM overview page, you can:
•
•
•
The following table describes the information provided on the IDSM overview page.
Setup Wizard button
Click to open the IDSM setup wizard. See Using the IDSM Setup Wizard for more information.
Launch IDS DM button
Click to open IDS Device Manager.
Note
Descriptor field
Textual identifier of the module.
Model field
Model number of the module.
Slot Number field
Device slot in which the module is located.
Status field
Current status of the module.
Software Version field
Software version of the module.
Hardware Version field
Hardware version of the module.
Firmware Version field
Firmware version of the module.
Serial Number field
Serial number of the module.
Host Name field
Name of the host module.
IP Address field
IP address of the module.
Subnet Mask field
Subnet mask to which the module's IP address belongs.
Default Gateway field
IP address of the default gateway associated with the module.
Webserver Port field
Web server port configured for the module.
Telnet field
Indicates whether Telnet access is enabled.
SSL field
Indicates whether SSL is enabled.
Management VLAN field
Number of VLANs configured on the module.
Edit button
Click to launch the Edit IDS Service Details dialog box.
IP Address column
IP address of a trusted host/network.
Network Mask column
Subnet mask to which the trusted host/network's IP address belongs.
Add button
Click to launch the Add Trusted Host dialog box.
Delete button
Click to delete the selected trusted host/network.
Editing IDSM Service Details
Step 1
Step 2
Step 3
Host Name field
Enter the name of the host module.
IP Address field1
Enter the IP address of the module.
Mask list
Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Default Gateway field1
Enter the IP address of the default gateway associated with the module.
Webserver Port field
Enter the web server port for the host module.
Enable Telnet check box
Select to enable Telnet access into the module.
Enable SSL check box
Select to enable SSL access into the module.
1 The values specified in these fields must belong to the same subnet.
Adding Trusted Hosts/Networks
Step 1
Step 2
Step 3
Using the IDSM Setup Wizard
In this wizard, you configure the credentials required to run the IDS Device Manager application. To access the wizard, click Services at the top of the window, click IDS from the left-most pane, and then click Setup Wizard.
The wizard consists of two steps:
1.
2.
Configuring Basic IP Parameters
On this page of the wizard, you configure basic IP parameters for the IDSM. To do so, enter the information specified in the following table.
Host Name field
Enter the name of the host module.
IP Address field1
Enter the IP address of the host module.
Mask list
Enter the subnet mask to which the specified IP address belongs. You can either type a value or select one from the list.
Default Gateway field1
Enter the default gateway for the host module.
Webserver Port field
Enter the web server port for the host module.
Enable Telnet check box
Select to enable Telnet access into the module.
Enable SSL check box
Select to enable SSL access into the module.
1 The values specified in these fields must belong to the same subnet.
Configuring Host Access
On this page of the wizard, you configure host access into the IDSM. To do so, enter the information specified in the following table.
Enable HTTP Access to this host with IP address <IP address> check box
Select to allow access to this host.
Wizard Summary
In this dialog box, you can view a summary of the settings entered in the IDSM setup wizard. Click Finish to configure the device with these settings.
After completion of the wizard, you can launch IDS Device Manager by clicking Launch IDS DM on the module's overview page. Use this application to make more advanced configuration changes to the module.
Wireless LAN Services Module (WLSM)
The Wireless LAN Services Module (WLSM) provides fast, uninterrupted, and secure Layer 2 and Layer 3 wireless roaming and radio-management aggregation for wireless clients on the switch.
Configuring the WLSM
To access the WLSM overview page (see Figure 9-7), click Services at the top of the window, click WLSM from the left-most pane, and then click WLSM: Slot X from the selector.
Figure 9-7 WLSM Page
This page provides the following information:
Setup Wizard
Click to launch the WLSM Setup wizard. See Using the WLSM Setup Wizard for more information.
Launch WLSE
Click to launch the WLSE application.
Descriptor field
Textual identifier of the WLSM.
Model field
Model number of the WLSM.
Slot Number field
Device slot in which the WLSM is located.
Status field
Current status of the WLSM.
Software Version field
The version of Cisco IOS software running on the WLSM.
Hardware Version field
Hardware version of the WLSM.
Firmware Version field
The version of firmware running on the WLSM.
Serial Number field
Serial number of the WLSM.
Control VLAN field
ID of the control VLAN. The control VLAN is the VLAN shared between the WLSM and the supervisor.
Control VLAN IP Address/Mask field
IP address and subnet mask address of the control VLAN.
Control VLAN Gateway field
Gateway address of the control VLAN.
Number of Mobility Networks field
Number of mobility networks configured on the WLSM.
Number of Access Points field
Number of access points through which traffic flows.
Number of Mobile Nodes field
Number of mobile nodes (clients) associated with the device.
LCP Communication Status field
Status of link control protocol (LCP) communication.
WLSE IP Address
IP address of the WLSE application.
Infrastructure Authentication List
Name of the authentication list used by the device.
Client Authentication List
Name of the authentication list used by the wireless client.
Mobility Network ID column
Network ID of the tunnel.
Tunnel Interface column
Contains the following subcolumns:
•
•
Source Interface column
Contains the following subcolumns:
•
•
APs column
Number of access points on the tunnel.
MNs column
Number of mobile nodes on the tunnel.
If you do not provide credentials for the WLSM, you will not be able to do the following:
•
•
•
For more information about credentials, see Understanding User Credentials.
From this page, you can access functions to do the following:
•
•
•
•
•
Editing WLSM Service Detail Information
Step 1
Step 2
Step 3
Control VLAN field
Specify the control VLAN. The control VLAN is shared between the WLSM and the supervisor.
Click
•
•
You can select Clear VLAN to clear the entry.
Control IP field
Enter the IP address of the control VLAN
Mask list
Select, from the list, the subnet mask address of the control VLAN, or enter a value in the field.
Gateway field
Gateway address of the control VLAN.
WLSE IP address
Enter the IP address of the WLSE application.
Infrastructure Authentication List field
Select the infrastructure authentication list.
Click
•
•
You can select Clear... to clear the entry.
Client Authentication List
Select the client authentication list.
Click
•
•
You can select Clear... to clear the entry.
Step 4
Adding Wireless Networks
CVDM-C6500 allows you to configure multipoint generic routing encapsulation (mGRE) tunnels between the supervisor and each access point. With an mGRE tunnel configured, mobile users can roam between access points and maintain Layer 3 mobility. Multipoint GRE tunnels simulate logical Layer 3 networks between access points and provide an easier and faster solution for Layer 3 roaming.
Step 1
Step 2
Step 3
Network ID field
Specify the tunnel network ID.
Description field
Enter a brief description of the wireless network.
Tunnel ID field
Specify the tunnel interface number.
Click
•
•
IP Address field
Enter the tunnel IP address.
Interface MTU field
Enter the maximum transmission unit (MTU) size, in bytes, of IP packets sent on the tunnel.
Mask list
Select, from the list, the tunnel overlay subnet.
Broadcast capability checkbox
Click this checkbox to enable the mGRE tunnel to convert nonbroadcast multiaccess (NBMA) to broadcast multiaccess (BMA).
Tunnel Source Details pane
Specify the source IP address of the tunnel between the switch and the access point.
Select one of the following radio buttons:
•
–
–
•
•
–
–
•
Mobility Trust checkbox
Click to specify if this is a trusted network.
A trusted network can use DHCP or static IP addresses. An untrusted network supports only DHCP clients.
DHCP Snooping checkbox
Click this checkbox to enable DHCP snooping.
Enable DHCP snooping so that wireless clients, or mobile nodes, can gain access to an untrusted wireless network.
Radio buttons
Do one of the following:
•
–
–
•
Then, from the Helper IP address field, click
Step 4
Enter Tunnel Interface Number Dialog Box
Tunnel Interface Number field
Enter the number of the tunnel interface.
Editing Wireless Networks
Step 1
Step 2
Step 3
Network ID field
Specify the tunnel network ID.
Description field
Enter a brief description of the wireless network.
Tunnel ID field
Specify the tunnel interface number.
Click
•
•
IP Address field
Enter the tunnel IP address.
Interface MTU field
Enter the maximum transmission unit (MTU) size, in bytes, of IP packets sent on the tunnel.
Mask list
Select, from the list, the tunnel overlay subnet.
Broadcast capability checkbox
Click this checkbox to enable the mGRE tunnel to convert nonbroadcast multiaccess (NBMA) to broadcast multiaccess (BMA).
Tunnel Source Details pane
Specify the source IP address of the tunnel between the switch and the access point.
Select one of the following radio buttons:
•
–
–
•
•
–
–
•
Mobility Trust checkbox
Click to specify if this is a trusted network.
A trusted network can use DHCP or static IP addresses. An untrusted network supports only DHCP clients.
DHCP snooping checkbox
Click this checkbox to enable DHCP snooping.
Enable DHCP snooping so that wireless clients, or mobile nodes, can gain access to an untrusted wireless network.
Radio buttons
Do one of the following:
•
–
–
•
Then, from the Helper IP address field, click
Step 4
Deleting Wireless Networks
Step 1
Step 2
Step 3
Using the WLSM Setup Wizard
Using WLSM setup wizard, you can configure the WLSM to use advanced configurations on the WLSM with the CiscoWorks Wireless LAN Solution Engine (WLSE) application.
Step 1
Step 2
Configuring the Control VLAN
In Step 1 of the WLSM setup wizard, you configure communication between the supervisor and the WLSM by configuring a VLAN that is shared between them. When you configure this VLAN, Layer 3 mobility is turned on.
Enter the information as described in the table.
Admin VLAN list
Specify the administrative VLAN.
Click
•
•
You can select Clear VLAN to clear the entry.
IP Address field
Enter the IP address of the VLAN on the WLSM.
Mask list
Select, from the list, the subnet mask address of the VLAN on the WLSM.
Gateway field
Enter the gateway address of the WLSM on the VLAN. This value should be the same as the IP address of the supervisor.
This gateway is the default gateway that directs traffic from the WLSM to the supervisor.
Interface field
Interface name. You cannot edit this field.
IP Address field
Enter the IP address of the VLAN on the supervisor.
Mask list
Select, from the list, the subnet mask address of the VLAN on the supervisor.
Configuring the Wireless Network on the Supervisor (Optional)
In Step 2 of the WLSM setup wizard, you can optionally configure a wireless network on the supervisor by creating an mGRE tunnel on the supervisor and specifying a network ID, which is used by both the mGRE and the access point to identify their participation in the Layer 3 Mobility Network. Enter the information as described in the table.
Network ID field
Specify the wireless network ID. Click
•
•
Tunnel ID field
Specify the tunnel interface. Click
•
•
IP Address
Enter the tunnel IP address.
Description field
Enter a brief description of the tunnel.
Interface MTU field
Enter the maximum transmission unit (MTU), in bytes, of IP packets sent on the interface.
Mask list
Select, from the list, the tunnel overlay subnet.
Broadcast Capability checkbox
Click this checkbox to enable the mGRE tunnel to convert nonbroadcast multiaccess (NBMA) to broadcast multiaccess (BMA).
Radio buttons
Specify the tunnel source; select one of the following radio buttons:
•
–
–
•
•
–
–
•
Mobility Trust checkbox
Click to specify if this is a trusted network.
A trusted network can use DHCP or static IP addresses. An untrusted network supports only DHCP clients.
DHCP Snooping checkbox
Click this checkbox to enable DHCP snooping.
DHCP snooping so that wireless clients, or mobile nodes, can gain access to an untrusted wireless network.
Radio buttons
Do one of the following:
•
–
–
•
Then, from the Helper IP address field, click
Enter Mobility Network ID Dialog Box
Configuring Authentication on WLSM
In Step 3 of the WLSM setup wizard, you configure wireless domain services (WDS) software to communicate with the Remote Authentication Dial-In User Service (RADIUS) server.
The WDS software resides on the WLSM and provides a control mechanism for wireless clients that roam between access points residing on different layer 3 subnets. RADIUS provides detailed accounting information and flexible administrative control over authentication and authorization processes.
Define the following fields.
Radius Server IP field
Specify the IP address of the RADIUS server. Click
•
•
Server Type field
Server type (RADIUS). This field cannot be edited.
Key field
Enter the authentication and encryption key used between the access point and the RADIUS daemon running on the RADIUS server.
Authentication Port field
Enter the UDP destination port for authentication requests.
Accounting Port field
Enter the UDP destination port for accounting requests.
Timeout (seconds) field
Enter the time interval, in seconds, that the access point waits for the RADIUS server to reply before retransmitting.
Client Authentication field
Select the client authentication list.
Click
•
•
You can select Clear... to clear the entry.
Infrastructure Authentication list
Select the infrastructure authentication list.
Click
•
List... —opens the Select Authentication List dialog box. Select the list to use, then click OK.•
List...— opens the Add Authentication List dialog box. For more information, see Adding Authentication Lists.You can select Clear... to clear the entry.
Enter Radius Server IP Address Dialog Box
Configuring WLSE and SNMP Settings (Optional)
In Step 4 of the WLSM setup wizard, you can optionally configure CiscoWorks LAN Management Solution Engine (WLSE) and SNMP community string settings.
The WLSE application provides advanced features for managing wireless networks. You must configure WLSE settings to receive information from WLSE.
Define the following fields.
WLSE IP Address field
Enter the WLSE IP address.
SNMP table
Specify the community strings. The same community strings must be configured on the WLSM and/or WDS and the WLSE. You can do the following:
•
•
•
You must also configure the WLSE, using GUI tools provided with the WLSE, with this information. See the appropriate documentation for more information.
Add SNMP Settings Dialog Box
Community String field
Enter the name of the SNMP community string.
Community Type list
Select, from the list, the community string type.
Edit SNMP Settings Dialog Box
Community String field
Enter the name of the SNMP community string.
Community Type list
Select, from the list, the community string type.
WLSM Wizard Summary
The WLSM summary page of the wizard shows you the information that you entered.
Click Finish to send the commands to the device. The Deliver Configuration to Switch/Module(s) dialog box appears if you have configured CVDM-C6500 to display the accumulated CLI commands after you have completed a wizard (for information on configuring this option, see Editing Preferences).
For more information on the Deliver Configuration to Switch/Module(s) dialog box, see Delivering CLI Commands to the Device.
Configuring AAA Settings
Authentication, Authorization, and Accounting (AAA) is an architectural framework for the consistent configuration of a set of three independent security functions. AAA provides a modular way of performing authentication, authorization, and accounting services. You can configure the AAA settings you want to use for authenticating users on the WLSM.
Click Services at the top of the window, click WLSM from the left-most pane, and then click WLSM: Slot X > AAA from the selector. The AAA page appears and displays the following information.
From this page, you can do the following:
•
•
•
•
Editing AAA Settings
You can configure certain AAA settings globally for all AAA servers on your network.
Step 1
Step 2
Step 3
Step 4
Adding AAA Servers
The switch relays authentication, authorization, and accounting requests to the AAA server.
Step 1
Step 2
Step 3
Step 4
Editing AAA Servers
Step 1
Step 2
Step 3
Step 4
Deleting AAA Servers
Step 1
Step 2
Step 3
Configuring Authentication Lists
Authentication lists define how users are identified. You can configure the authentication parameters to use for authenticating users on the WLSM.
Click Services at the top of the window, click WLSM from the left-most pane, and then click WLSM: Slot X > Authentication from the selector. The Infrastructure Authentication page appears and contains a table that displays the following information.
From this page, you can do the following:
•
•
•
Adding Authentication Lists
Step 1
Step 2
Step 3
Step 4
Editing Authentication Lists
Step 1
Step 2
Step 3
Step 4
Deleting Authentication Lists
Step 1
Step 2
Step 3
Content Switching Module with SSL
The Content Switching Module with SSL (CSM-S) is a single module that combines content switching with SSL acceleration.
CVDM-C6500 treats the CSM-S as a single CSM and a single SSL services module. See the following sections:
•
•
