-
User Guide for CiscoWorks Common Services 3.0.5
-
Open Source License Acknowledgements
-
Preface
-
Overview
-
Interacting With CiscoWorks HomePage
-
Using Common Services Home
-
Configuring the Server
-
Managing Devices and Credentials
-
Administering Groups
-
Using LMS Setup Center
-
Using Device Center
-
Working With Software Center
-
Diagnosing Problems With CiscoWorks Server
-
Understanding CiscoWorks Security
-
Acronyms Used in Common Services Documentation
-
Index
-
Table Of Contents
Managing Device and Credentials
Using the Device and Credential Admin
Importing Devices and Credentials
Exporting Devices and Credentials
Selecting Devices for Device Management Tasks
Selecting Devices From All Tab
Selecting Devices From Search Results
Combination of Selection From All Tab and Search Results
Customizing Display Order of Device Groups
Administering Device and Credential Repository
Master-Slave Configuration Prerequisites
Changing the Mode to Standalone
Using DCR Features Through CLI
Viewing the Current DCR Mode Using dcrcli
Changing DCR Mode Using dcrcli
Implications of ACS Login Module on DCR
Managing Device and Credentials
The Device and Credential Repository (DCR) is a common repository of devices, their attributes, and credentials, meant to be used by various network management applications. The Device and Credential Admin (DCA) provides an interface to administer DCR.
The following sections provide information on DCR features:
•
Using the Device and Credential Admin
•
•
•
Understanding DCR
DCR helps multiple applications share device lists and credentials using a client-server mechanism, with secured storage and communications. The applications can read or retrieve the information. The applications can also update the information in DCR so that the updated information could be shared with other applications.
DCR provides:
•
•
•
•
•
DCR also:
•
•
•
•
•
•
Credentials are values that are used by applications to access and operate on devices. It is typically an SNMP community string or a user ID and password pair. A device credential is used to access a managed device such as a switch or router.
Device attributes are unique to each device and they identify a device. The following attributes are stored in the repository:
The mandatory attributes are:
•
•
Individual applications interact with the repository to get the device list, device attributes, and device credentials.
For CNS managed devices, apart from the above two attributes, CNS Server also is mandatory. For DSBU member devices, DSBU member number and display name are sufficient. For AUS managed devices Display Name and Device-Identity are sufficient.
The Display Name and the Host Name/Domain Name combination must be unique for each device in DCR. A device will be considered duplicate if:
•
•
•
•
The following credentials can be associated with a device in DCR:
DCR supports Cisco Cluster Management Suites, Auto Update Servers and the managed devices, CNS Configuration Engine and CNS Managed devices, using a mix of standard and additional attributes and credentials.
•
•
–
–
•
–
–
–
•
–
–
DCR Architecture
The sharing of device list and credentials among various network management products is achieved through a Client-Server mechanism. The clients are network management applications that use DCR. The server is called the DCR Server.
DCR works based on a Master-Slave model. DCR Server can also be in Standalone mode.
Master DCR
The Master DCR server refers to the master repository of device list and credential data. The Master hosts the authoritative, or a master-list of all devices and their credentials. All other DCRs in the same management domain which are running in Slave mode normally shares this list.
There is only one Master repository for each management domain, and it contains the most up-to-date device list and credentials.
DCR Master Server communicates with its Slaves through the HTTPS port. If there is a firewall in between the CiscoWorks Servers of the same DCR management domain, you must:
•
•
Only then the peer certificates can be exchanged and the communication could happen between the DCR Master and Slave servers.
Changes to the repository data in DCR Master are properly propagated to Slaves although you block or close the HTTPS port of DCR Slave Server in firewall. However the DCR status of Slave server is displayed as Unreachable in DCR Master.
But you should never block the HTTPS port of DCR Master Server in firewall. Otherwise communication between the servers in the same management domain will not happen.
Note
Slave DCR
The Slave DCR refers to a repository that is an exact replica of the Master.
DCR Slaves are slave instances of DCR in other servers and provide transparent access to applications installed in those servers.
Any change to the repository data occurs first in the Master, and those changes are propagated to multiple Slaves. There can be more than one Slave in a management domain.
The Slave:
•
•
•
Note
Standalone DCR
In Standalone mode, DCR maintains an independent repository of device list and credential data. It does not participate in a management domain and its data is not shared with any other DCR. It does not communicate with or contain registration information about any other Master, Slave, or Standalone DCR.
DCR running in Master or Slave mode always has an associated DCR Group ID that indicates the Server's management domain. This Group ID is generated when a DCR is set to Master mode, and communicated to all Slaves later assigned to that Master.
Using the Device and Credential Admin
Device and Credential Admin (DCA) helps you in:
•
Managing Devices
The Device Management option in DCA helps you manage the list of devices and their credentials. Device Management helps you in:
•
•
You can use the improved Device Selector to search and select the devices for performing device management tasks. See Configuring Device Selector for more information.
Adding Devices
You can use this feature to add devices, device properties or attributes, and device credentials to the DCA.
To add devices to the device list:
Step 1
The Device Management page appears.
The Device Management UI helps you perform operations on Standard Devices, Cluster Managed devices and Auto Update devices. Operations on Auto Update Servers can be performed only at the Auto Update Server Management UI.
The Device Summary window displays the devices and groups in DCA.
Step 2
The Device Properties page appears. The Device Information dialog box provides four device management types:
Standard Type
You can add Routers, Switches, Hubs, and other devices using the Standard management type.
To add devices and credentials using Standard type:
Step 1
Step 2
To select the Domain Name and the DeviceType, click Select and choose from the list.
DCR uses a device record to represent a Cluster. A Cluster can be added in the Standard Management option by selecting the Device Type field as Cisco Cluster Management Suite.
DSBU Clusters added this way, can then be selected in Cluster Managed Type, for the field Cluster.
You can add a Cisco CNS Configuration Engine in the Standard Management option by selecting the Device Type field as Cisco CNS Configuration Engine. The Cisco CNS Configuration Engine added here can be selected in the CNS Server field in the CNS Managed option.
After a Cisco CNS Configuration Engine or DSBU Cluster is successfully added, it will appear under
Network Management > Other Network Management Products > Cisco CNS Configuration Engine/Cisco Cluster Management Suite, in the Device Selector.Step 3
The device is added to the Added Device List in the window.
To remove the device from the Device List, select the device and click Remove from List.
Step 4
The Standard Credentials page appears.
Step 5
•
•
•
•
If you do not want to proceed, click Finish.
Step 6
The HTTP Settings page appears.
Step 7
•
•
•
•
•
Specify the current connection mode (HTTP or HTTPS) by selecting the appropriate radio button.
If you do not want to proceed, click Finish.
Step 8
The Standard UDF dialog box appears.
Step 9
By default, DCA provides the option to define four attribute fields for a device. These fields are used to store additional user-defined data for the device.
The attribute fields that appear here can be changed in the User Defined Fields page. Click Device and Credentials > Admin > User Defined Fields from the Common Services application to open the User Defined Fields page.
Auto Update Type
You can use this feature to add, edit, and delete devices managed using Auto Update Server. The CiscoWorks Auto Update Server is a web-based interface for upgrading device configuration files and software images on firewalls that use the auto update feature.
The Auto Update Server managed device has its own attributes and credentials just like normal devices in DCR. In addition, it will have the following attributes:
•
•
To add devices and credentials using Auto Update type:
Step 1
Step 2
To select Auto Update Server, Domain Name, and the Device Type click Select and select from the resulting popup windows. For Auto Update Server managed devices, Display Name and Device-Identity are enough for identity.
DCR uses a device record to represent an Auto Update Server. An Auto Update Server can be added in the Auto Update Server Management UI. Auto Update Server added this way can then be selected for the field Auto Update Server.
Step 3
The device gets added to the Added Device List in the window.
To remove the device from the Device List, select the device and click Remove from List.
Step 4
The Standard Credentials page appears.
Step 5
•
•
•
•
If you do not want to proceed, click Finish.
Step 6
The HTTP Settings page appears.
Step 7
•
•
•
•
•
Specify the current connection mode (HTTP or HTTPS) by selecting the appropriate radio button.
If you do not want to proceed, click Finish.
Step 8
The Auto Update Server Credential Template dialog box appears.
Step 9
Note
Step 10
The User Defined Fields dialog box appears.
Step 11
By default, you can define four attribute fields for a device. These fields are used to store additional user-defined data for a device.
The attribute fields that appear here can be changed at Device and Credentials > Admin> User Defined Fields.
Cluster Managed Type
DCR supports Cisco Clusters and their member devices using a mix of standard and additional attributes and credentials.
To add devices and credentials using Cluster Managed type:
Step 1
Step 2
The Member Number field is mandatory. The Member Number is the number of the Cluster member. This number represents the order in which the device is added into the cluster.
Also, Cluster needs to be added before a Cluster Managed device.
For example, if a device X belongs to cluster Y, first add the Cluster Y, and then add the Cluster Managed device X.
Step 3
The device is added to the Added Device List in the window.
To remove a device from the Device List select the device and click Remove from List.
Step 4
The User Defined Field dialog box appears.
Step 5
By default, you can define four attribute fields for a device. These fields are used to store additional user-defined data for the device.
The attribute fields that appear here can be changed at Device and Credentials > Admin > User Defined Fields.
CNS Managed Type
To add devices and credentials using CNS Managed type:
Step 1
Step 2
The display name you want for the device in reports or graphical displays in the corresponding fields.
You can also enter or select the domain name.
Step 3
You can add a Cisco CNS Configuration Engine in the Standard Management option by selecting the Device Type field as Cisco CNS Configuration Engine.
If you add a Cisco CNS Configuration Engine in this way, you can select these engines in the CNS Managed option, for the CNS Server field.
After a Cisco CNS Configuration Engine is successfully added, it appears under
Network Management > Other Network Management Products > Cisco CNS Configuration Engine, in the Device Selector.CNS Server and Display Name are mandatory.
Step 4
The device is added to the Added Device List in the page.
To remove a device from the Device List select the device and click Remove from List.
Step 5
The CNS Managed Device Credentials page appears.
Step 6
You can add the following credentials:
•
•
•
•
If you do not want to proceed, click Finish.
Step 7
The HTTP Settings page appears.
Step 8
•
•
•
•
•
Step 9
Step 10
Step 11
By default, Device and Credential Repository allows you to define four attribute fields for a device. These fields store additional user-defined data for a device.
You can change the attribute fields at
Device and Credentials > Admin > User Defined Fields.
Deleting Devices
You can delete device information from DCR using this feature.
When a device is deleted, it will also get deleted in all the applications that use DCR.
To delete devices:
Step 1
The Device Management page appears.
Step 2
The device is removed from the device list. Also, all information about the selected device will be removed from DCR.
Editing Device Credentials
You can edit device information for a single device or for multiple devices using this feature.
To edit device information:
Step 1
The Device Management page appears.
Step 2
The Standard Credentials dialog box appears.
Step 3
•
•
•
•
•
Note
Any changes made here will apply to all devices selected in Step 2. This has one exception.
If in Step 2, devices belonging to different device management types are selected, the changes made will apply only to devices of the appropriate type. That is, if a standard-device credential is changed, only the standard devices selected in Step 2 are affected.
If you have completed editing, and do not want to proceed, click Finish.
Step 4
The HTTP Settings Page opens.
You can edit:
•
•
•
•
•
•
If you have completed editing, and do not want to proceed, click Finish.
Step 5
The User Defined Fields window appears.You can edit these fields and click Finish after you complete editing.
Auto Update Servers cannot be edited here. Even if they are selected in Step 2, they will not be affected. See "Editing Auto Update Server" section for details on editing Auto Update Server information.
Management Type for a device is defined while you add the device to DCR. You cannot change the Management Type for the device through the edit flow. For example, you cannot change:
•
•
Editing Device Identity
You can edit Device Identity information for a single device in DCR. The Display Name and the Host Name/Domain Name combination must be unique for each device in DCR. When you edit a device, it will be considered as a duplicate if any one of the following occur:
•
•
•
•
To edit the Device Identity information:
Step 1
The Device Management page appears.
Step 2
Step 3
The Device Properties dialog box appears with the list of selected devices, and attributes of the first device in the list.
Step 4
The current attributes are automatically populated in the device information fields.
Step 5
You can edit the following information:
•
•
•
•
Note
Step 6
Step 7
Importing Devices and Credentials
You can import device lists, device properties or attributes and device credentials to the DCR and populate DCR using this feature.You can:
or
Import Using DCA Interface
To import devices using DCA Interface:
Step 1
The Device Management page appears.
Step 2
The Import Devices popup window appears. You can import from any of the following:
•
•
•
The following need to be taken care of, before you import from File:
•
The mandatory attributes are: Display Name, and Management IP address or Host Name or Device Identity.
For DSBU member devices, DSBU member number and display name are enough for identity.
For AUS managed devices Display Name and Device-Identity are enough. For a CNS managed device, CNS Server is a mandatory attribute.
•
•
–
–
–
–
•
–
–
–
•
Importing From a File
To import from a file:
Step 1
Or,
Browse the file system and select the file using the Browse tab.
Step 2
Only CSV2.0 and CSV3.0 file formats are supported.
Step 3
•
•
Step 4
a.
You can schedule importing the devices immediately or schedule the import for a later time. The scheduling can be periodic (daily, weekly, or monthly) or for a single instance (once).
b.
Step 5
Step 6
Importing From Local NMS
To import from Local NMS:
Step 1
HPOV6.x and Netview7.x are supported.
Step 2
Note
Step 3
Step 4
a.
You can schedule importing the devices immediately or schedule the import for a later time. The scheduling can be periodic (daily, weekly, or monthly) or for a single instance (once).
b.
Step 5
Step 6
Importing From Remote NMS
Before you import from the remote NMS, ensure that:
•
•
If you are importing from a remote NMS on host 2 to host 1 (CiscoWorks server), you need to add the following entries in the .rhosts file of host2: host1.domain.com SYSTEM (on Windows); where SYSTEM is a built-in Local System account.
For example, if you are importing from a remote NMS on XYZ.cisco.com to ABC.cisco.com, you need to add ABC.cisco.com SYSTEM host1.domain.com casuser (on Solaris).
To import from a remote NMS:
Step 1
If you select ACS, enter:
•
•
•
•
Step 2
Note
Step 3
Note
Step 4
Step 5
a.
You can schedule importing the devices immediately or schedule the import for a later time. The scheduling can be periodic (daily, weekly, or monthly) or for a single instance (once).
b.
Step 6
Step 7
Import Status Report
The Import Status Report appears at the end of each immediate import operation. The report contains information on:
•
This field shows the number of devices that are newly imported during the bulk import operation.
•
This field shows the devices that are not imported.
The devices that have not been imported might fall under one of the following categories:
Sample CSV File
You can use CSV 2.0 or CSV 3.0 file or XML formats for import.
You can also perform a DCR Export operation to generate sample CSV or XML files. See Exporting Devices and Credentials for more information.
You should not delete any line from the CSV file generated by DCR export utility including the lines starting with ; (semi colon). However, you can add comments in the CSV file as new lines beginning with ; character.
If you use manually created CSV files for DCR import, we recommend that the CSV files should be in the same format of the files generated by DCR Export utility.
Sample CSV 2.0 File
;; This file is generated by the export utility; If you edit this file, be sure you know what you are doing;Cisco Systems NM data import, source = export utility; Version = 2.0; Type = Csv;; Here are the columns of the table.; Columns 1 and 2 are required.; Columns 3 through 19 are optional.; Col# = 1: Name (including domain or simply an IP); Col# = 2: RO community string; Col# = 3: RW community string; Col# = 4: Serial Number; Col# = 5: User Field 1; Col# = 6: User Field 2; Col# = 7: User Field 3; Col# = 8: User Field 4; Col# = 9; Name = Telnet password; Col# = 10; Name = Enable password; Col# = 11; Name = Enable secret; Col# = 12; Name = Tacacs user; Col# = 13; Name = Tacacs password; Col# = 14; Name = Tacacs enable user; Col# = 15; Name = Tacacs enable password; Col# = 16; Name = Local user; Col# = 17; Name = Local password; Col# = 18; Name = Rcp user; Col# = 19; Name = Rcp password;; Here are the rows of data.;172.20.118.156,public,,FHH080600dg,,,,,,,,,,,,,,,172.20.118.150,public,,FHH0743W022,,,,,,,,,,,,,,,Sample CSV 3.0 File
; This file is generated by DCR Export utilityCisco Systems NM Data import, Source=DCR Export; Type=DCRCSV; Version=3.0;;Start of section 0 - Basic Credentials;;HEADER: management_ip_address,host_name,domain_name,device_identity,display_name,sysObjectID,dcr_d evice_type,mdf_type,snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,user_defined_field_0,use r_defined_field_1;10.77.202.40,Switch6009,cisco.com,,Switch2,1.3.6.1.4.1.9.1.281,0,268438100,public,private, field0,field110.77.202.10,Router7000,cisco.com,,Router1,1.3.6.1.4.1.9.1.8,0,278464493,public,private,fi eld0,field110.77.202.30,Switch4006,cisco.com,,Switch1,1.3.6.1.4.1.9.5.46,0,268438086,public,private,f ield0,field110.77.202.20,Router6400,cisco.com,,Router2,1.3.6.1.4.1.9.1.180,0,269214543,public,private, field0,field1;End of CSV file
Note
Sample CSV 3.0 File for Auto Update Server Managed Devices
; This file is generated by DCR Export utilityCisco Systems NM Data import, Source=DCR Export; Type=DCRCSV; Version=3.0;;Start of section 0 - Basic Credentials;;HEADER: management_ip_address,host_name,domain_name,device_identity,display_name,sysObjectID,dcr_device_type,mdf_type,snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,snmp_v3_user_id,snmp_v3_password,snmp_v3_engine_id,snmp_v3_auth_algorithm,primary_username,primary_password,primary_enable_password;1.1.1.1,ons_host1,cisco.com,AUS_ID,ONS1,1.3.6.1.4.1.9.1.406,0,273612892,,,,,,,,,10.10.10.1,aus_server,cisco.com,,AUS_SERV1,UNKNOWN,3,UNKNOWN,,,,,,,,,;;Start of section 1 - AUS proxy;;HEADER: management_ip_address,host_name,domain_name,device_identity,display_name,aus_username,aus_ password,aus_url;1.1.1.1,ons_host1,cisco.com,AUS_ID,ONS1,admin,admin,10.10.10.1,aus_server,cisco.com,,AUS_SERV1,admin,admin,autoupdate/AutoUpdateServlet;;Start of section 2 - AUS managed;;HEADER: management_ip_address,host_name,domain_name,device_identity,display_name,parent_aus_id;1.1.1.1,ons_host1,cisco.com,AUS_ID,ONS1,display_name=AUS_SERV1;End of CSV fileSample CSV 3.0 File for Cluster Managed Devices
; This file is generated by DCR Export utilityCisco Systems NM Data import, Source=DCR Export; Type=DCRCSV; Version=3.0;;Start of section 0 - Basic Credentials;;HEADER: management_ip_address,host_name,domain_name,device_identity,display_name,sysObjectID,dcr_device_type,mdf_type,snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,snmp_v3_user_id,snmp_v3_password,snmp_v3_engine_id,snmp_v3_auth_algorithm,primary_username ,primary_password,primary_enable_password;1.1.1.1,ons_dev_1,cisco.com,,ONS1,1.3.6.1.4.1.9.1.406,0,273612892,,,,,,,,,10.10.10.1,host1,cisco.com,,cluster1,Unknown,1,278283831,,,,,,,,,;;Start of section 3 - DSBU managed;;HEADER: management_ip_address,host_name,domain_name,device_identity,display_name,dsbu_member_number,parent_dsbu_id;1.1.1.1,ons_dev_1,cisco.com,,ONS1,1,display_name=cluster;End of CSV fileMapping CSV 2.0 to CSV 3.0 Fields
The following table provides a mapping between the fields in CSV 2.0 and CSV 3.0:
Telnet password, Tacacs password, and Local password are matched to primary_password.
The Enable password, Enable secret, and Tacacs enable password are matched to primary_enable_password.
The Tacacs user and Local user are matched to primary_username.
The order of preference used to set these values in CSV 3.0:
•
•
•
Sample XML File
The sample XML files for importing devices is provided in this section.
Sample XML File (Standard)
<?xml version="1.0"?><DEVICES><DEVICE><SET Name="Basic Credentials"><DEVATTRIB Name="management_ip_address">10.77.202.40</DEVATTRIB><DEVATTRIB Name="host_name">Switch6009</DEVATTRIB><DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB><DEVATTRIB Name="display_name">Switch2</DEVATTRIB><DEVATTRIB Name="sysObjectID">1.3.6.1.4.1.9.1.281</DEVATTRIB><DEVATTRIB Name="dcr_device_type">0</DEVATTRIB><DEVATTRIB Name="mdf_type">268438100</DEVATTRIB><DEVATTRIB Name="snmp_v2_ro_comm_string">public</DEVATTRIB><DEVATTRIB Name="snmp_v2_rw_comm_string">private</DEVATTRIB><DEVATTRIB Name="primary_username">lab</DEVATTRIB><DEVATTRIB Name="primary_password">lab</DEVATTRIB><DEVATTRIB Name="primary_enable_password">lab</DEVATTRIB></SET></DEVICE></DEVICES>
Note
Sample XML File for Auto Update Server Managed Devices
<?xml version="1.0"?><DEVICES><DEVICE><SET Name="Basic Credentials"><DEVATTRIB Name="management_ip_address">1.1.1.1</DEVATTRIB><DEVATTRIB Name="host_name">ons_host1</DEVATTRIB><DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB><DEVATTRIB Name="device_identity">AUS_ID</DEVATTRIB><DEVATTRIB Name="display_name">ONS1</DEVATTRIB><DEVATTRIB Name="sysObjectID">1.3.6.1.4.1.9.1.406</DEVATTRIB><DEVATTRIB Name="dcr_device_type">0</DEVATTRIB><DEVATTRIB Name="mdf_type">273612892</DEVATTRIB></SET><SET Name="AUS proxy"><DEVATTRIB Name="aus_username">admin</DEVATTRIB><DEVATTRIB Name="aus_password">admin</DEVATTRIB></SET><SET Name="AUS managed"><DEVATTRIB Name="device_identity">AUS_ID</DEVATTRIB><DEVATTRIB Name="parent_aus_id">display_name=AUS_SERV1</DEVATTRIB></SET></DEVICE><DEVICE><SET Name="Basic Credentials"><DEVATTRIB Name="management_ip_address">10.10.10.1</DEVATTRIB><DEVATTRIB Name="host_name">aus_server</DEVATTRIB><DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB><DEVATTRIB Name="display_name">AUS_SERV1</DEVATTRIB><DEVATTRIB Name="sysObjectID">UNKNOWN</DEVATTRIB><DEVATTRIB Name="dcr_device_type">3</DEVATTRIB><DEVATTRIB Name="mdf_type">UNKNOWN</DEVATTRIB></SET><SET Name="AUS proxy"><DEVATTRIB Name="aus_username">admin</DEVATTRIB><DEVATTRIB Name="aus_password">admin</DEVATTRIB><DEVATTRIB Name="aus_url">autoupdate/AutoUpdateServlet</DEVATTRIB></SET></DEVICE></DEVICES>Sample XML File for Cluster Managed Devices
<?xml version="1.0"?><DEVICES><DEVICE><SET Name="Basic Credentials"><DEVATTRIB Name="management_ip_address">1.1.1.1</DEVATTRIB><DEVATTRIB Name="host_name">ons_dev_1</DEVATTRIB><DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB><DEVATTRIB Name="display_name">ONS1</DEVATTRIB><DEVATTRIB Name="sysObjectID">1.3.6.1.4.1.9.1.406</DEVATTRIB><DEVATTRIB Name="dcr_device_type">0</DEVATTRIB><DEVATTRIB Name="mdf_type">273612892</DEVATTRIB></SET><SET Name="DSBU managed"><DEVATTRIB Name="dsbu_member_number">1</DEVATTRIB><DEVATTRIB Name="parent_dsbu_id">display_name=cluster1</DEVATTRIB></SET></DEVICE><DEVICE><SET Name="Basic Credentials"><DEVATTRIB Name="management_ip_address">10.10.10.1</DEVATTRIB><DEVATTRIB Name="host_name">host1</DEVATTRIB><DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB><DEVATTRIB Name="display_name">cluster1</DEVATTRIB><DEVATTRIB Name="sysObjectID">Unknown</DEVATTRIB><DEVATTRIB Name="dcr_device_type">1</DEVATTRIB><DEVATTRIB Name="mdf_type">278283831</DEVATTRIB></SET></DEVICE></DEVICES>Exporting Devices and Credentials
You can use this feature to export a list of device and their credentials into a file. The device list can be obtained from the Device Selector, or from a CSV file.
You can edit the Export Format file located at NMSROOT\objects\dcrimpexp\conf\Export_Format_CSV.xml or Export_Format_XML.xml to specify the credentials you need to export.
However, User-defined Fields (UDFs) are not exported by default. If you want to export the User-defined Fields , you need to add the UDF names in the Export Format.
Note
See "Sample CSV File" section and "Sample XML File" section for sample CSV and XML files.
To see the list of attributes that can be exported:
Step 1
Step 2
Step 3
The list of attributes and their description is displayed. You can include the attributes you need to export, in the Export Format file.
You can:
or
Export Using DCA Interface
To export device credentials using DCA Interface:
Step 1
The Device Management page appears.
Step 2
The Device Export dialog box appears.
You can use either of the following device selection methods:
•
Select this option if you want to export devices from DCR to the file you specify in the Output File Information field. You can select the required devices from the Device Selector pane of the Device Export dialog box.
•
Select this option if you want to export devices from a CSV file that is already present in the server, to the file you specify in the Output File Information field.
You can use this option when the CSV file contains only partial device credentials, and you want to get the full list of credentials. The input CSV file checks for data in DCR, and exports the data to the output file.
If you choose to select from the Device Selector:
a.
b.
If you choose to get the device list from a file:
a.
b.
c.
Step 3
a.
You can schedule export immediately or schedule the export for a later time. The scheduling can be periodic (daily, weekly, or monthly) or for a single instance (only).
b.
Step 4
Step 5
You must populate DCR with devices before you export credentials from DCR using Get Device List from File option.
Note
Excluding Devices
This feature allows you to specify a file that contains the list of devices that should not be added to DCR using Add or Import operations.
During the Add or Import operations, DCR ensures that the device being added or imported is not listed in the Exclude Device List.
You can also remove the list of devices that are excluded earlier using the Exclude operation.
The file containing the list of excluded devices should be in CSV format. See A Sample CSV Exclude File for a sample CSV file used for Exclude operation.
You can exclude devices by specifying any one or more of the following fields in the CSV file:
•
•
•
If you are using a CSV file generated by the DCR Export utility to exclude devices from Add or Import operations, make sure to remove the sections related to AUS Managed, Cluster Managed and CNS Managed devices from the CSV file.
To exclude devices from Add or Import operations:
Step 1
The Device Management page appears.
Step 2
The Upload Exclude Devices File dialog box appears.
Step 3
The file that needs to be uploaded must be in CSV format.
Step 4
A Sample CSV Exclude File
; This file is generated by DCR Export utilityCisco Systems NM Data import, Source=DCR Export; Type=DCRCSV; Version=3.0;;Start of section 0 - Basic Credentials;;HEADER: management_ip_address,host_name,domain_name,device_identity;,Dev1Hostname,,10.1.0.60,,,,,,AUSID1,Dev2Hostname,cisco.com,;;End of CSV fileViewing Devices List
You can view the devices in the Device List Report using this feature.
To view devices in the Device List Report:
Step 1
The Device Management page appears.
Step 2
The Device List Report dialog box appears.
Step 3
Step 4
Managing Auto Update Servers
Auto Update Servers have the following credentials:
•
•
•
Auto Update Server management feature helps you in:
Adding Auto Update Server
To add Auto Update Server:
Step 1
The Auto Update Server Management page appears.
Step 2
The Auto Update Server dialog box appears.
Step 3
DCR uses a device record to represent a Auto Update Server.
An Auto Update Server added in the Auto Update Server Management UI can be selected for the field Auto Update Server when you add devices using the Auto Update management type.
Step 4
Editing Auto Update Server
To edit Auto Update Server:
Step 1
The Auto Update Server Management page appears.
Step 2
The Auto Update Server dialog box appears.
Step 3
Step 4
Deleting Auto Update Server
To delete Auto Update Servers:
Step 1
The Auto Update Server Management page appears.
Step 2
Step 3
Generating Reports in DCA
You can use this feature to generate and view Device and Credential Admin reports.
To generate reports:
Step 1
The Report Generator page appears.
Step 2
You can select any of the following reports:
•
•
•
•
•
–
–
In this case, you must correct any ACS configuration mismatch.
Step 3
You can export the report, or print the report.
To export the report:
Step 1
Step 2
Step 3
Configuring Device Selector
The improved Device Selector allows you to search the devices in DCR. It helps to locate the devices and perform the various device management tasks quickly. With this improved Device Selector, you need not remember the device type or application group hierarchy to locate the devices.
You can define the settings of the Device selector pane to customize the display of devices and the order of display.
This section contains the following information:
•
Using Device Selector
The Device Selector is used to select devices to perform various device management tasks. This lists all devices in a group. The Display Name of the devices entered when you have added the devices in DCR is dispayed as the device name in the Device Selector pane.
Note
The Device Selector contains the following components:
Search Input
Enter your search expression in this text field.
You can enter a single device name or multiple device names in this field. You can enter the following as search inputs for searching multiple devices:
•
•
•
See Performing Simple Search for more information.
Search
Use this icon to perform a Simple search of devices, after you have entered your search input. See Performing Simple Search for more information.
Advanced Search
Use this icon to perform an Advanced search of devices. See Performing Advanced Search for more information.
All
This tab lists all the top-level device groups and the device names under each group in a hierarchical format (tree view).
The top-level device groups include:
•
•
•
•
•
See Understanding Device Groups for more information on types of device groups.
Search Results
This tab displays all your Simple or Advanced search results and you can do a select all, clear all, or select a few devices from the list.
The Simple search results are based on the display name of the devices added to DCR. The Advanced search results are based on the grouping attributes of the application's grouping services server.
Selection
This tab lists all the devices that you have selected in the All or Search Results tab or through a combination of both. You can also use this tab to deselect the devices you have already selected.
You can perform more than one search and can accumulate your selection of devices.
The Device Selector displays the number of devices selected by you at the bottom. When you click the link provided, it launches the Selection Tab.
Tool tips are also provided for devices that contain long names so that you do not have to scroll horizontally to see the complete device name.
Selecting Devices for Device Management Tasks
You can select devices to perform various device management tasks such as editing device credentials and viewing device credentials, using any of these methods:
•
•
•
Selecting Devices From All Tab
You can select devices using the Tree View accessed by the All tab. The Selection tab shows the flat list of selected devices from the All tab.
Selecting Devices From Search Results
You can perform a Simple Search or Advanced Search, and the search results are displayed under the Search Results tab. You can select the devices you want from the Search Results tab. The Selection tab and the All tab display the devices you have selected from the Search Results tab.
Note
Combination of Selection From All Tab and Search Results
You can select the devices from the All tab and add more devices to the Selection list from the Simple or Advanced search results in the Search Results tab. You can select the required devices from the Search Results tab.
The Selection tab displays the accumulated list from both All and Search Results tabs. You can enter another search criteria and select more devices. The selected devices are accumulated in the All tab from the Selection tab and vice versa.
Searching Devices
With the improved Device Selector, you can search the devices by performing a Simple search or an Advanced search. In both cases, you do not need to remember the name of the devices and the groups in which the devices are grouped.
Note
Performing Simple Search
You can enter your search criteria in the Search Input field and search for the devices using the Search icon. The search results are based on the display name of the devices added in DCR.63
Note the following points when you perform a Simple search.
•
•
•
•
For example, when you enter device2?, *.cisco1 ,*device10* as search input, the system displays:
•
•
•
Performing Advanced Search
Use the Advanced Search icon to open the Advanced Search popup window and specify a set of rules for performing an Advanced search. The advanced search is based on the grouping attributes of the application's grouping server. For example, when you launch an Advanced Search from Campus Manager Device Selector, the attributes of the Campus Manager Grouping server appears.
You can create a rule in the Advanced Search dialog box by either:
or
You can verify whether the rule you have entered is correct using the Check Syntax button, and reset the rule you have created using the Clear button
Using Expressions
You can use expressions to form a rule in the Advanced Search Dialog box. Each rule expression contains:
•
Variables — Denotes the device attributes, which are used to form a device group. The list of variables for advanced search are Category, DeviceIdentity, DisplayName, DomainName, HostName, ManagementIpAddress, MDFId, Model, Series, SystemObjectID, and the user defined fields, if any. See Attributes and Description for more information on variables.
The device attributes listed in Variables list box are specific to Common Services only. The list of device attributes are different across CiscoWorks applications. The Advanced Search window in the Device Selector of CiscoWorks applications displays the respective evice attributes as variables
•
•
After you define the rule settings, click Add Expression to add the rule expression . You can also enter multiple rule expressions using the logical operators. The logical operators include OR, EXCLUDE and AND.
For example, if you want to search all the devices in the network whose display name contains TestDevice or their SysObjectIDs start with 1.3.12.1.4, you must perform the following:
Step 1
The Define Advanced Search Rule dialog box appears.
Step 2
a.
b.
c.
Step 3
The rule is added into the Rule Text.
Step 4
a.
b.
c.
d.
Step 5
The rule is appended into the Rule Text.
Step 6
Using Rule Text Fields
You can use Rule Text Fields to directly enter a rule without building any expressions. Ensure the rule you create follows the syntax Object type.Variable Operator Value.
You can also enter multiple rule expressions using the logical operators.
For example, if you want to search all the devices in the network whose display name contains TestDevice or their SysObjectIDs start with 1.3.12.1.4, you must construct a rule as follows:
Device.DisplayName contains "TestDevice" OR Device.SystemObjectID startswith 1.3.12.1.4"
Note the following when you perform a advanced search:
•
•
•
•
Note
Device Selector Settings
The devices are categorized under the Device Type groups, User Defined groups, Subnet groups, Application specific groups or under All groups.
You can define the settings of the Device Selector pane to customize the display of devices and the order of display. These configurations are specific to each user and you can save them.
The devices are displayed in the appropriate category based on your roles and privileges. All the devices will be listed to the administrator role.
This section has the following information:
•
Understanding Device Groups
The Device Selector pane displays the following top-level device groups:
All Devices
The All Devices Group displays all the devices in the application in the alpahabetical order of their display names. The display names are defined when you have added the devices in DCR.
Device Type Groups
The Device Type Groups displays all devices in groups and subgroups based on their Device Category, Series and Model. By default, the device grouping is based on their Device Categories such as Routers, Switches and Hubs.
The Device Category Groups folder can contain devices in subgroups based on their Device Series. For example, the Device Category Group Router can contain devices (Routers) in subgroups Cisco 7000 Router Series and Cisco 12000 Router Series.
The Device Series subgroup can contain subgroups of devices based on thier Model. For example, the subgroup Cisco 12000 Router Series can contain the devices Cisco 12012 Router and Cisco 12816 Router .
See Customization of Device Type Groups for information on customizing the display of devices under Device Type Groups.
Subnet Groups
You can see Subnet Groups, only when Campus Manager is installed. It contains device groups from the Campus Manager application.
In a Multi Server setup, when two or more servers are installed with the Campus Manager application, then the Subnet Groups from all the servers will be aggregated and displayed under the Subnet Groups folder in the Device Selector pane.
See Customization of Subnet Groups for information on customizing the display of devices under this group.
User Defined Groups
The User Defined Groups are created by users to administer the applications. The User Defined Groups are created in Groups Administration window based on defined group rules.
All User Defined Groups (shared groups) from all application group hierarchies are collated and shown as subgroups under this group. In a Multi Server Setup, the top level User Defined Groups will be named as User Defined Groups@Server Name.
When there are more than one User Defined Group with the same name, the Device Selector displays all of them. You have to use the Tooltip to find the source server where the User Defined Group is created.
We recommend you to provide unique and meaningful names to User Defined Groups when you create them to avoid the display of multiple User Defined Groups with the same name.
See Customization of User Defined Groups for information on customizing the display of devices under this group.
Application Specific Groups
The Application Specific Groups list the groups based on device types or states specific to CiscoWorks applications. These application specific groups are not needed in other applications.
By default, the Application Specific Groups are displayed in the Device Selector pane of respective applications.
For example, RME Device Selector displays RME as the top level (application) group and sub device groups specific to device states in RME such as Normal Devices and Pre-deployed Devices.
In a Multi Server setup, the top level Application Specific Groups will be displayed as Application@Server Name.
For example, the Campus Manager and RME Application Groups will be displayed as Campus@Host1, Campus@Host2 in the Campus Manager Device Selector pane.
You can customize the Device Selector to display all the Application Groups from the local server or all peer servers in the Device Selector pane of all CiscoWorks applications, in a Multi-Server setup. The Application Specific Groups are displayed in the Device Selector pane of all applications, only when the particular application is installed.
For example, in a server setup with two servers Host1 and Host2, the Device Selector pane of all applications displays Campus@Host1, Campus@Host2, RME@Host1, RME@Host2, DFM@Host1 and DFM@Host2 groups.
Note
See Customization of Application Specific Groups for information on customizing the display of devices under this group.
Customizing Device Grouping
You can customize the device grouping and display the customized device groups in the Device Selector pane. See Understanding Device Groups for more information on Device Groups.
You can use the Group Customization option to customize the display of device groups.
This section contains the following sub sections:
•
•
•
•
Customization of Device Type Groups
You can display or hide the Device Type Groups folder in the Device Selector pane using the Group Customization option. You can customize the Device Type Based Groups folder to display:
•
•
•
By default, the Device Type Group folder displays the devices in sub groups based on their category only.
To display the devices in groups based on their Device Category:
Step 1
The Group Customization page appears.
Step 2
Step 3
To display the devices in groups and subgroups based on their Device Category and Series:
Step 1
The Group Customization page appears.
Step 2
When you check the Show Series Groups check box, the Show Category Groups checkbox will also be checked automatically and will be disabled to you.
Step 3
To display the devices in groups and subgroups based on their Device Category, Series and Model:
Step 1
The Group Customization page appears.
Step 2
When you check the Show Model Groups check box, the Show Category Groups and Show Series Groups checkboxes will also be checked automatically and will be disabled to you.
Step 3
To hide the display of Device Type Based Folders from the Device Selector Pane:
Step 1
The Group Customization page appears.
Step 2
Step 3
Customization of Subnet Groups
The Subnet Groups contains device groups from the Campus Manager application. By default, the Subnet Based Groups folder is not displayed in the Device Selector pane.
You can customize the Device Selector pane to display the Subnet Based Groups folder using the Group Customization option.
To display the devices under Subnet Based groups in the Device Selector Pane:
Step 1
The Group Customization page appears.
Step 2
Step 3
Customization of User Defined Groups
You can customize the User Defined Groups folder in the Device Selector pane to contain the following:
•
•
•
•
By default, you can view all the User Defined Groups (irrespective of any user) created in the local server in the Device Selector pane.
To display only the User Defined Groups created by you:
Step 1
The Group Customization page appears.
Step 2
Step 3
•
Or
•
In a Standalone Server Setup, the From drop down list box contains only Local CiscoWorks Server list item.
Step 4
To display all the User Defined Groups created by all users:
Step 1
The Group Customization page appears.
Step 2
Step 3
•
Or
•
In a Standalone Server Setup, the From drop down list box contains only Local CiscoWorks Server list item.
Step 4
Customization of Application Specific Groups
The Application Specific Groups folder in the Device Selector Pane contains the device groups specific to the application.
You can customize the Application Specific Groups folder in the Device Selector pane to contain the following:
•
•
For example, you can see RME@Master, RME@Slave1, and RME@Slave2 as the top level groups in the Device Selector pane.
•
For example, you can see Campus, DFM and RME if the applications are installed on a CiscoWorks Server.
•
For example, you can see RME@Master, Campus@Master, RME@Slave1, Campus@Slave1, RME@Slave2, and DFM@Slave2 as the top level groups in the Device Selector pane irrespective of the application workflow.
By default, you can view the application groups created in the local server only in the Device Selector pane of the respective applications.
To display only local application groups in the Device Selector Pane:
Step 1
The Group Customization page appears.
Step 2
Step 3
•
or
•
In a Standalone Server Setup, the From drop down list box contains only This Local Server list item.
Step 4
To display all the Application Groups in the Device Selector Pane:
Step 1
The Group Customization page appears.
Step 2
Step 3
•
or
•
In a Standalone Server Setup, the From drop down list box contains only This Local Server list item.
Step 4
Customizing Display Order of Device Groups
You can specify the order in which device groups appear in the Tree view on the Device Selector pane using the Group Ordering option.
The Group Ordering setup is specific to each user and the changes will be reflected in the Device Selector panes of all applications.
The default order of the groups displayed in the Device Selector pane is:
1.
2.
3.
4.
5.
You can change the order and save the configurations.
To change the order of the device groups:
Step 1
Step 2
Step 3
Step 4
Administering Device and Credential Repository
The DCA Admin feature allows you to do the following tasks:
To perform these tasks, select CiscoWorks Homepage > Device and Credentials > Admin. The Admin page appears with the current DCA settings.
You can change the Mode Settings or modify User Defined fields.
Changing DCR Mode
To change Mode Settings:
Step 1
The Admin page appears with the current DCA settings.
Step 2
The Mode Settings window appears.
Step 3
The DCR Mode dialog box appears. You can select the required mode from this dialog box.
•
Master-Slave Configuration Prerequisites
Before you set up the Master and Slave, you have to perform certain tasks to ensure that secure communication takes place between the Master and Slave.
Note
If machine M is to be the Master and S is to be the Slave:
Step 1
See "Setting up Peer Server Account" section on page 4-14 for details.
Step 2
See "Setting up System Identity Account" section on page 4-15, for details.
Step 3
See "Creating Self Signed Certificates" section on page 4-7, for details on creating Self-Signed Certificate.
See "Setting up Peer Server Certificate" section on page 4-16, for details on copying Peer Certificate.
Step 4
Changing the Mode to Standalone
Step 1
Step 2
The default DCR mode is Standalone.
Changing the Mode to Master
Before you change the mode to Slave, ensure that Master-Slave Configuration Prerequisites are in place.
Step 1
Step 2
Changing the Mode to Slave
Before you change the mode to Slave, ensure that Master-Slave Configuration Prerequisites are in place.
You need to perform the following tasks:
Step 1
Step 2
This hostname should exactly match the Hostname field in the Master's Self Signed Certificate.
Step 3
If the mode is changed from Master to Slave, select the Inform Current slave(s) of new Master Hostname check box.
If you select this check box, all the slaves of the Master (whose mode you currently changed to Slave) will be informed of the new master hostname. That is, they will become the slaves of the new Master.
If the Add new devices to Master check box is selected, the devices in Slave will be added to the new Master. However, any duplicate will be discarded.
Step 4
Changing the Hostname of a Master
Changing the hostname of a Master is equivalent to pointing Slaves to a new Master.
When you point a Slave/Standalone to a new Master, DCR checks whether the new Master has the same Domain ID as the current machine.
If Domain ID is the same, DCR displays an error message that Master cannot be configured since the new Master has the same Domain ID.
In this case, you need to convert the Slave to Standalone, and then register the machine with the new Master. When you re- register, the applications on Slave will clean up the device list.
When you change the host name of the current Master, you must change the Slave's mode to Standalone, and then re-register the machine as a Slave by providing the new Master hostname. However, when the machine is re-configured as Slave, the applications will clean up the device list.
For exmaple, if you have a Master M and Slave S, and if you change the hostname of M, you should change the mode of S to standalone. Then, you have to configure S as the Slave of M. But when you re-configure S as Slave, the applications on S will clean up their device lists.
Therefore, you have to be aware of the fact that while changing the hostname of a Master, an application data is cleaned up on all Slaves.
Adding User-defined Fields
To add a user defined field:
Step 1
The Admin page appears with the current settings.
Step 2
The User-defined Fields page appears.
Step 3
Step 4
Step 5
Renaming User-defined Fields
To rename a user-defined field:
Step 1
The Admin page appears with the current DCA settings.
Step 2
The User-defined Field dialog box appears
Step 3
Step 4
The User-defined Field dialog box appears.
Step 5
Step 6
Deleting User-defined Fields
By default, you can define four attribute fields for a device. These fields are used to store additional user-defined data for the device. You can add up to Ten user defined fields.
To delete a user-defined field:
Step 1
The Admin page appears with the current DCA settings.
Step 2
The User-defined Fields dialog box appears.
Step 3
Using DCR Features Through CLI
Using Command Line Interface, you can add, delete, and modify devices, and change the DCR modes. You can also view the list of attributes that can be stored in DCR, and view the current DCR mode. The dcrcli provided with Common Services helps you perform these tasks using CLI.
The Display Name and the Host Name/Domain Name combination must be unique for each device in DCR. A device will be considered duplicate if:
•
•
•
•
dcrcli operates in both the Shell and Batch modes.
You can set DCRCLIFILE environment to point to the file where Common Services password is present.
If you set DCRCLIFILE variable, password will not be asked when you run dcrcli in shell or batch mode.
The password file should contain an entry in the format username password. Make sure that there is only one blank space between the username and the password in the password file.
For example, if admin is the username and the password for the CiscoWorks user, the password file must contain the following entry
admin admin
Adding Devices Using dcrcli
To add devices using dcrcli in Shell mode:
Step 1
Step 2
Step 3
Step 4
Step 5
add ip=1.1.1.1 hn=device1 dn=cisco.com -a sysObjectID=1.3.6.1.4.1.9.1.6To add devices using dcrcli in Batch mode:
Step 1
Step 2
Example: dcrcli -u admin cmd=add ip=1.1.1.1 hn=device1 dn=router1 -a sysObjectID=1.3.6.1.4.1.9.1.6
Deleting Devices Using dcrcli
To delete device using dcrcli in Shell mode:
Step 1
Step 2
Step 3
id is the Device ID. For example,
del id=54340To delete device using dcrcli in Batch mode:
Step 1
Step 2
For example: dcrcli -u admin cmd=del id=54340
Editing Devices Using dcrcli
To modify devices using dcrcli in Shell mode:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
mod id=54341 ip=2.2.2.2 dn=cisco.com -a display_name=new_nameTo modify devices using dcrcli in Batch mode:
Step 1
Step 2
For example, to change IP address and display name, enter:
dcrcli -u admin cmd=mod id=77 ip=4.4.4.4 dn=new_display_name
Listing the Attributes
To view the list of all attributes in Shell mode:
Step 1
Step 2
Step 3
This lists Attribute Name, Attribute Description, and Attribute Type.
Attribute Type is a constant that identifies an Attribute Name. For example, Attribute Type 1072 identifies the attribute name display_name.
To view the list of all attributes in Batch mode:
Step 1
Step 2
Viewing the Current DCR Mode Using dcrcli
To view the current DCR mode in Shell mode:
Step 1
Step 2
Step 3
It lists the DCR ID, the DCR Group ID, the current DCR mode, and the associated Master/Slaves.
To view the current DCR mode in Batch mode:
Step 1
Step 2
Viewing Device Details
To view device details using dcrcli in Shell mode:
Step 1
Step 2
Step 3
This lists all the details about the device with the ID you have specified. For example,
detail id=54341 lists the details for the device with device ID 54341.To view device details using dcrcli in Batch mode:
Step 1
Step 2
Changing DCR Mode Using dcrcli
To change mode to Master in Shell mode:
Step 1
Step 2
Step 3
The DCR mode gets changed to Master.
To change mode to Master in Batch mode:
Step 1
Step 2
To change mode to Standalone in Shell mode:
Step 1
Step 2
Step 3
The DCR mode gets changed to Standalone.
To change mode to Standalone in Batch mode:
Step 1
Step 2
To change mode to Slave in Shell mode:
Step 1
Step 2
Step 3
You have to specify the Master for this slave.
The DCR mode gets changed to Slave. For example,
setslave master=1.2.1.3 port=443To change mode to Slave in Batch mode:
Step 1
Step 2
Import Using CLI
You can import using the Command Line Interface (Shell Mode).
Step 1
Step 2
•
Enter impFile fn=file name ft=file type cr=conflict resolution option
fn—the file name
ft—the file type; CSV and XML are the valid values.
cr—conflict resolution option. dcr and file are the valid values. This option is not mandatory. If value is not specified, dcr is taken as default.
Example:
impFile fn=/opt/CSCOpx/test.csv ft=csv•
Enter impNms nt=NMS type il=Installation location cr=conflict resolution option
nt—NMS type. Valid values are HPOV6.x and Netview7.x
il—Installation location of the NMS
Example:
impNms nt=HPOV6.x il=/opt/OV•
Enter impRNms nt=NMS type hn=hostname un=Remote User Name il=Installation location ot=OS Type cr=conflict resolution option
nt — NMS type. Valid values are HPOV6.x and Netview7.x
hn — Remote Host Name or IP address
un — Remote User Name
il — Installation location of the NMS
ot — OS Type; Valid values are HPUX, AIX, or SOL
cr — Conflict resolution option. dcr and file are the valid values. This option is not mandatory. If value is not specified, dcr is taken as default.
The .rhosts file should be modified to allow this user to login to NMS Server without any password.
Example:
impRNms nt=HPOV6.x hn=1.2.3.4 un=root il=/opt/OV ot=SOL•
In ACS mode, a device with valid IP address only will be imported to DCR. If a device has IP address of the form 10.10.1.*, in ACS, then it will not be imported.
Enter impACS ot=OS Type hn=ACS Server Name or IP address un=ACS admin user name pwd=ACS admin password prt=port number cr=conflict resolution option
ot— Operating System Type
hn — ACS Server Name or IP address
un — ACS admin user name
pwd— ACS admin password
prt — port number. Default is 2002.
cr—conflict resolution option. dcr and file are the valid values. This option is not mandatory. If value is not specified, dcr is taken as default.
Example:
impAcs ot=WIN2K hn=1.2.3.4 un=acsadmin pwd=acspwd prt=2002The option cr is used to prioritize the selection and resolve conflicts during import. If dcr is specified as conflict resolution option, credentials for the device, stored in DCR will be used.
This is taken as default if cr is not specified. If import source (file or Nms or RNms or ACS) is specified as conflict resolution option, credentials from the import source will be used, and credentials in DCR will be modified.
You can also import using the Command Line Interface (Batch Mode):
To import from file:
Step 1
Step 2
Toimport from Local NMS:
Step 1
Step 2
To import from Remote NMS:
Step 1
Step 2
To import from ACS:
Step 1
Step 2
Export Using CLI
You have the option to export using Command Line Interface.
Step 1
Step 2
Step 3
For filetype, CSV or XML are valid values. You can edit the Export Format file lExport_Format_CSV.xml or Export_Format_XML.xml to specify the credentials.
For example,
exp fn=/opt/CSCOpx/test.csv ft=csvTo export using Batch mode:
Step 1
Step 2
Note
Implications of ACS Login Module on DCR
When Common Services is in ACS mode, you can perform operations in Device and Credential Repository (DCR) based on role assignment in ACS.
See Setting the Login Module to ACS for details on ACS login module.
Note
In DCR, you can see the buttons enabled or disabled, based on the role assigned to you.
For example, if a user U1 is assigned Approver role in ACS, the user can see only the View button enabled in DCR. A user can see only those devices in DCR 's device-selector for which you have View Devices task assigned in ACS.
When performing operations in DCR, although you select some devices, the operation will not be performed on all selected devices (unlike in CiscoWorks local mode). This is because the operation will be done only on those devices for which the you have the required privileges.
For example, a user U2 is assigned a Helpdesk role for device D1 and System Administrator role for device D2 in ACS. Now U2 is able to select both D1 and D2 in DCR. But when the user clicks on Delete, only device D2 will be deleted.
This is because U2 has a Helpdesk role for D1. The Helpdesk role does not allow users to perform the Delete task.
You can add a device to DCR even if you are not authorized to view or access a device. However, after adding, if the device is not in ACS or if you are not authorized to view the device, you will not be able to see the device in Device Management page.
In ACS mode, the Reports generated by DCR will not have the details of the devices that are not configured in ACS.
DCA devices that are not configured in ACS report—Displays the list of DCA devices that need to be configured in ACS. The list shown by this report might not be accurate in the following cases:
•
In this case, you must correct any ACS configuration mismatch.
Note
Custom Roles and DCR
You can create new roles in ACS and assign a new combination of tasks to that role. In ACS, if a Custom role is created, a few points should be considered for DCR related tasks because certain DCR tasks have interdependencies. If certain tasks are included in the custom role, there will be other tasks which must also be assigned to the role to help you carry out the operations successfully.
The following table gives the details.
