Table Of Contents

Getting Started

Configuration Roadmap

Using the CiscoWorks Home Page

Registering Applications with the CiscoWorks Home Page

Understanding and Configuring Security

Managing Device Credentials

Performing Device Management

Importing Devices to the Device and Credentials Repository

Adding Devices to DFM

Verifying Devices Added to DFM

Viewing the Device Summary

Viewing Device Details

Viewing Discovery Status

Troubleshooting Device Discovery

Configuring SNMP Trap Receiving and Forwarding

Updating the SNMP Trap Receiving Port

Enabling Devices to Send Traps to DFM

Enabling Cisco IOS-Based Devices to Send Traps to DFM

Enabling Catalyst Devices to Send SNMP Traps to DFM

Integrating DFM Trap Receiving with Other NMSs or Trap Daemons

Scenarios—DFM Receives SNMP Traps and Forwards Them to an NMS

Scenarios—An NMS Receives SNMP Traps and Forwards Them to DFM

Configuring SNMP Trap Forwarding

Viewing Alerts

Starting DFM

What Next?

Getting Started

---

This section provides a minimum number of steps for setting up DFM and viewing diagnostic results. It is intended to help you to start using DFM immediately.

Configuration Roadmap

Table 4-1 lists the basic tasks for setting up DFM.

Table 4-1 Configuration Roadmap 

Task	Steps	References
Add devices to DFM managed inventory.	1. Add devices and credentials to Common Services Device and Credentials Repository (DCR).	•Managing Device Credentials •Importing Devices to the Device and Credentials Repository
	2. Verify that devices were discovered (and troubleshoot problems, if necessary).	•Verifying Devices Added to DFM •Troubleshooting Device Discovery
Configure Trap Receiving	3. Determine which of the following approaches to SNMP trap receiving to take and perform the appropriate steps:	—
	•Send SNMP traps directly to DFM: a. Update DFM trap receiving port if necessary. b. Enable devices to send traps to DFM.	— •Updating the SNMP Trap Receiving Port •Enabling Devices to Send Traps to DFM
	•Integrate DFM SNMP trap receiving with other NMSs or trap daemons.	•Integrating DFM Trap Receiving with Other NMSs or Trap Daemons
(Optional) Configure DFM Trap Forwarding	4. Configure DFM to forward traps.	Configuring SNMP Trap Forwarding

After you complete the tasks in Table 4-1:

•You can monitor the network using the Alerts and Activities display (see Viewing Alerts).

•You can use DFM and continue to configure it; see What Next?.

Using the CiscoWorks Home Page

The CiscoWorks home page is the launch point for CiscoWorks applications and the window from which you log out of CiscoWorks applications. The CiscoWorks home page includes launch points for:

•Common Services—Services for CiscoWorks applications to perform tasks such as configuring the server, selecting a login module, and creating a device credentials database.

•Device Center—A center where you can examine and act on a selected device; provides a summary and links to tools you can use, reports you can run, and tasks you can perform on the device.

•Locally installed CiscoWorks applications—By default, the locally installed Device Fault Manager appears on the CiscoWorks home page.

If you would like to launch additional applications directly from the CiscoWorks home page, you can do so by registering the applications with the local CiscoWorks home page.

---

Note For more information about how DFM integrates with Common Services, Device Center, and the CiscoWorks home page, see User Guide for Device Fault Manager.

---

Registering Applications with the CiscoWorks Home Page

Registering applications with the CiscoWorks home page enables you, for example, to launch remote CiscoWorks applications from the local CiscoWorks home page:

•On a standalone DFM, you can register a remote Resource Manager Essentials (RME) to the CiscoWorks home page.

•On a remote RME, you can register a standalone DFM to the CiscoWorks home page. (Do this while logged onto the local CiscoWorks home page for the remote RME.)

•On a local DFM, if you have an additional DFM server, you can also register it to the CiscoWorks home page.

---

Note For a CiscoWorks application to register with the CiscoWorks home page, it must run on Common Services.

---

For information about registering a DFM server to the CiscoWorks home page, see User Guide for Device Fault Manager. For complete information about Common Services, see User Guide for CiscoWorks Common Services.

Understanding and Configuring Security

DFM supports the following security-related mechanisms:

•SNMPv3 protocol (Authentication/No-Privacy option)—DFM supports the authentication/no-privacy option between the server and the device.

•Security on the CiscoWorks server—You can configure the following aspects of security for the server on which DFM resides:

–Secure Socket Layer (SSL)—DFM can use SSL protocol between the server and the browser. You can enable and disable SSL for the server. If you enable SSL, you should set up a self-signed security certificate to enable SSL communication.

–Local security or Cisco Secure ACS—Access to tasks within DFM is controlled either by local security, provided by Common Services, or by Cisco Security ACS. Local security is enabled on the server by default. DFM supports integration with Cisco Secure ACS. For more information, see Configuring DFM on Cisco Secure ACS.

---

Note For more information, see User Guide for Device Fault Manager.

---

Managing Device Credentials

DCR is a common repository of devices and their credentials for use by individual applications. DFM takes its device list and credentials from DCR. DCR enables DFM to synchronize with or select from a device list that:

•Is shared by other CiscoWorks applications that are installed locally. This is the default.

•Can be shared by remote CiscoWorks applications if the remote CiscoWorks server has been configured to use the same master instance of DCR.

---

Note To set up DCRs in a configuration with a master and slaves, see User Guide for Common Services. See also User Guide for Device Fault Manager for details about DFM integration with DCR.

---

•Can synchronize with Network Management Systems (NMSs) installed locally or remotely.

You will use DCR to:

•Add a single device or import devices in bulk to the repository.

•Exclude devices from being imported to the repository.

•Delete devices from the repository.

To perform these tasks, see User Guide for CiscoWorks Common Services. For scenarios for DFM, see Performing Device Management.

Performing Device Management

There are two distinct sets of device management tasks:

•Maintaining a device list and credentials—You must use Common Services Device and Credentials Repository (DCR) to perform the associated tasks for all CiscoWorks applications.

•Adding devices to DFM, discovering them, and maintaining a managed inventory of devices—You must use DFM to perform these tasks. By default, DFM automatically synchronizes its device inventory with the devices in DCR. Alternatively, you can configure DFM to manage devices only after you select them from DCR.

Importing Devices to the Device and Credentials Repository

You can import devices to DCR from an NMS or from a file. The file format is documented in User Guide for Common Services.

---

Note You can import devices from a previous version of DFM by following the instructions in Exporting DFM 1.2.x Information to an Upgraded Remote Host.

---

Adding Devices to DFM

---

Note Devices must exist in DCR before you can add them to DFM.

---

---

Step 1 On the DFM home page, select Device Management > Device Selector.

Step 2 To manually select devices to add to DFM:

a. Deselect the Synchronize with Device Credentials Repository check box. (By default, the check box is selected.)

b. After new devices have been added to DCR, click Ctrl and select devices from the Devices not in Device Fault Manager list.

c. Click the > Add >> button.

d. Click OK.

Step 3 To automatically add devices to DFM:

a. Select the Synchronize with Device Credentials Repository check box.

b. Click OK.

---

For more information, see User Guide for Device Fault Manager.

Verifying Devices Added to DFM

You can verify that your devices have been added to DFM by checking the following:

•A brief summary—See Viewing the Device Summary.

•Details for devices in a particular device state—See Viewing Device Details.

•Discovery status of all devices—See Viewing Discovery Status.

If you find that problems have occurred during device discovery, see Troubleshooting Device Discovery.

Viewing the Device Summary

---

Step 1 On the DFM home page, select Device Management > Device Summary. The Device Summary page opens.

---

The device summary displays the number of devices in each of the following device states:

•Known—The device has been successfully imported and is fully managed by DFM.

•Learning—DFM is discovering the device. This is the beginning state, when the device is first added or is being rediscovered.

•Questioned—DFM cannot manage the device. See Troubleshooting Device Discovery.

•Pending—The device is being deleted. DFM is waiting for confirmation from all of its data collectors before purging the device and its details.

•Unknown—DFM does not support the device.

For a list of devices in a particular device state, see Viewing Device Details. For a list of all devices, see Viewing Discovery Status.

Viewing Device Details

---

Step 1 On the DFM home page, select Device Management > Device Details. The Device Report page opens. In the Device Selector pane, a device group for each current device state is displayed.

Step 2 Select a device group or devices from a group and click View. The Device Details report opens in a new window and displays the following information.

Column	Description
Device Name	IP address or DNS name for the device.
IP Address	IP address for the device.
Status	The device state: Known, Learning, Questioned, Pending, or Unknown. For device state definitions, see Viewing the Device Summary. If devices are not in the Known state, see Troubleshooting Device Discovery.
Device Type	The device type; for example, Content Networking, Routers, Switches and Hubs, and so on. For more information, see User Guide for Device Fault Manager.
First Added	Date and time the device was first added to DFM.
Last Discovered	Date and time of most recent discovery.

---

Viewing Discovery Status

The discovery status page displays all devices in a tabular format along with their processing and discovery state.

---

Step 1 On the DFM home page, select Device Management > Discovery Status. The Discovery Status page opens.

The View Discovery Status table displays the following information:

Column	Description
Device Name	IP address or DNS name for the device.
Status	Device state—Known, Learning, Questioned, Pending, or Unknown. For device state definitions, see Viewing the Device Summary. If devices are not in the Known state, see Troubleshooting Device Discovery.
DFM Processing	Processing status—One of the following: •Active—DFM is managing the device. •Suspended—DFM is not managing the device. •N/A—DFM cannot manage the device; the device state is Questioned.
Last Discovered	Date and time of most recent discovery.

Step 2 To view the status of device discovery, select Device Fault Manager > Device Management > View Discovery Status.

---

Troubleshooting Device Discovery

Try the following to troubleshoot device discovery:

•If a device is not responding, confirm all device credentials and readd the device. See Changing Device Credentials.

•Increase SNMP timeout settings if device rediscovery times out for several devices. See Modifying SNMP Timeout and Retries.

•View device error information on the Edit Device Configuration page. See Rediscovering a Device.

•Verify that the device is operational during the import and that it supports MIB II.

•Check the reason for devices in the Questioned state. See Understanding Device Discovery Messages.

After troubleshooting your problem, check the device status. See Viewing Discovery Status.

Changing Device Credentials

You change device credentials using Common Services DCR.

Modifying SNMP Timeout and Retries

If an SNMP query does not respond in time, DFM times out. DFM retries contacting the device for as many times as you indicate. The timeout period is doubled for every subsequent retry.

For example, if the timeout value is 4 seconds and the retries value is 3 seconds, DFM waits 4 seconds before the first retry, 8 seconds before the second retry, and 16 seconds before the third retry.

The SNMP timeout and retry values are global settings. Change these values as follows:

---

Step 1 Select Device Management > SNMP Config. The SNMP Configuration page appears.

Step 2 Select a new SNMP Timeout setting. The default is 4 seconds.

Step 3 Select a new Number of Retries setting. The default is 3 retries.

Step 4 Click Apply. Click Yes to confirm.

---

Rediscovering a Device

You can rediscover devices or device groups using the Rediscover/Delete Devices page. When rediscovery takes place, any new device configuration settings overwrite the previous settings.

---

Step 1 Select Device Management > Rediscover/Delete. The Rediscover/Delete Devices page appears.

Step 2 Select the devices or group(s) you want to rediscover.

Step 3 Click Rediscover.

Rediscovery is started. To view rediscovery status, select Device Management > View Discovery Status.

---

Viewing Discovery Status

To view the discovery status of a device, select Device Management > View Discovery.

Understanding Device Discovery Messages

Table 4-2 lists messages that might be shown for devices in the Questioned state.

Table 4-2 Import Error Messages 

Message	Meaning	Action
SNMP Timeout	The device is in the Questioned state because the SNMP read-only community string for the device is incorrect.	See Changing Device Credentials to enter the correct read community string for the device.
Others: Missing IP Address or Data Collector Timeout	The device is in the Questioned state because of some other reason. It could be that DNS resolution for the device failed or the data collector timed out.	Click the device on the Rediscover/Delete Devices page. The error message displays the exact problem. •If the IP address is missing: –Readd the device with the correct IP address. or –Make sure that DFM can resolve the device name: try adding the domain name as part of the device name. •If the data collector times out, restart the daemon manager to get all data collectors in sync.

Configuring SNMP Trap Receiving and Forwarding

DFM can receive traps on any available port and forward them to a list of devices and ports. This capability enables DFM to easily work with other trap processing applications. However, you must enable SNMP on your devices and configure SNMP to send traps either directly to DFM or to one of the following:

•An NMS

•A trap daemon

To send traps directly to DFM, perform the tasks in Enabling Devices to Send Traps to DFM. To integrate SNMP trap receiving with an NMS or a trap daemon, follow the instructions in Integrating DFM Trap Receiving with Other NMSs or Trap Daemons.

Updating the SNMP Trap Receiving Port

By default, DFM receives SNMP traps on port 162. If you need to change the port (for example, to port 9000), you can do so.

---

Step 1 On the Configuration tab of the DFM home page, select Other Configurations > SNMP Trap Receiving.

Step 2 Enter the port number in the Receiving Port entry box.

Step 3 Click Apply.

---

For a list of ports that DFM uses, see Verifying TCP and UDP Ports that DFM Uses.

Enabling Devices to Send Traps to DFM

Because DFM uses SNMP MIB variables and traps to determine device health, you must configure devices to provide this information. For any Cisco devices that you want DFM to monitor, SNMP must be enabled and the device must be configured to send SNMP traps to the DFM server.

Make sure your devices are enabled to send traps to DFM by using the command line or GUI interface appropriate for your device:

•Enabling Cisco IOS-Based Devices to Send Traps to DFM

•Enabling Catalyst Devices to Send SNMP Traps to DFM

Enabling Cisco IOS-Based Devices to Send Traps to DFM

For devices running Cisco IOS software, provide the following commands:

(config)# snmp-server [community string] ro

(config)# snmp-server enable traps

(config)# snmp-server host [a.b.c.d] traps [community string]

where [community string] indicates an SNMP read-only community string and [a.b.c.d] indicates the SNMP trap receiving host (the DFM server).

For more information, see the appropriate command reference guide.

---

Step 1 Log in to Cisco.com.

Step 2 Select Products & Solutions > Cisco IOS Software.

Step 3 Select the Cisco IOS Software release version used by your Cisco IOS-based devices.

Step 4 Select Technical Documentation and select the appropriate command reference guide.

---

Enabling Catalyst Devices to Send SNMP Traps to DFM

For devices running Catalyst software, provide the following commands:

(enable)# set snmp community read-only [community string]

(enable)# set snmp trap enable all

(enable)# set snmp trap [a.b.c.d] [community string]

Where [community string] indicates an SNMP read-only community string and [a.b.c.d] indicates the SNMP trap receiving host (the DFM server).

For more information, see the appropriate command reference guide.

---

Step 1 Log in to Cisco.com.

Step 2 Select Products & Solutions > Switches.

Step 3 Select the appropriate Cisco Catalyst series switch.

Step 4 Select Technical Documentation and select the appropriate command reference guide.

---

Integrating DFM Trap Receiving with Other NMSs or Trap Daemons

You might need to complete one or more of the following steps to integrate trap receiving with other network management systems (NMSs) or trap daemons:

•Add the host where DFM is running to the list of trap destinations in your network devices. See Enabling Devices to Send Traps to DFM. Specify port 162 as the destination trap port.

If another NMS is already listening for traps on the standard UDP trap port (162), you must configure DFM to use another port, such as port 9000. See Updating the SNMP Trap Receiving Port.

•If your network devices are already sending traps to another management application, configure that application to forward traps to DFM. See appropriate documentation for the management application.

The following sections describe different scenarios for SNMP trap receiving and lists the advantages of each.

Scenarios—DFM Receives SNMP Traps and Forwards Them to an NMS

Table 4-3 lists configurations in which DFM receives SNMP traps and forwards them to an NMS.

Table 4-3 Configuring DFM to Receive SNMP Traps and Forward Them

With DFM installed on...	You can configure DFM to...		Advantages
	Receive traps on this port and...	Forward traps to an NMS on this port
A host with an NMS	162 (standard listening port and DFM default)	9000 (nonstandard listening port) Note You must configure the NMS to listen on this port.	•DFM provides a reliable trap reception and forwarding mechanism. •Devices do not need to be reconfigured to send traps to another host or port. •DFM and the NMS run on the same host.
	9000	162	•DFM provides a reliable trap reception and forwarding mechanism. •No reconfiguration of the NMS is required; it continues to listen for traps on default port 162. •DFM and the NMS run on the same host.
A host and an NMS installed on a remote host	162	162 (on the remote host)	•DFM provides a reliable trap reception and forwarding mechanism. •NMS continues to receive traps on port 162. •Network devices continue to send traps to port 162.

Scenarios—An NMS Receives SNMP Traps and Forwards Them to DFM

Table 4-4 lists configurations in which an NMS receives SNMP traps and forwards the traps to DFM. In these configurations, the HPOV-NetView adapters forward SNMP traps to DFM; the adapters must be installed properly. For more information, see Installing and Upgrading HPOV-NetView Adapters.

Table 4-4 Configuring DFM to Receive SNMP Traps Forwarded by an NMS

With DFM installed on...	And the NMS receiving traps on this port ...	Configure DFM to receive traps (forwarded from the NMS) on this port...	Advantages
A host with an NMS	162 (standard listening port)	9000 (nonstandard listening port)	•No reconfiguration of the NMS is required. •No reconfiguration of network devices is required. •DFM and the NMS run on the same host. •DFM does not receive traps dropped by the NMS.
A host and an NMS installed on a remote host	162 (on the remote host) Note You must install the HPOV-NetView adapters on the remote host.	162	•No reconfiguration of the NMS is required. •No reconfiguration of network devices is required. •DFM does not receive traps dropped by the NMS.

Configuring SNMP Trap Forwarding

By default, DFM does not forward unprocessed SNMP traps. However, you can configure it to do so.

---

Step 1 On the Configuration tab of the DFM home page, select Other Configurations > SNMP Trap Forwarding.

Step 2 For each host, enter:

•An IP address or DNS name for the hostname.

•A port number on which the host can receive traps.

Step 3 Click the Apply button.

---

Viewing Alerts

To start the Alerts and Activities display, from the DFM home page, select Alerts and Activities.

Starting DFM

To start DFM, log into the CiscoWorks home page. In the Device Fault Manager pane, click the Device Management link. A Device Fault Manager window—the DFM home page—opens, focused on the Alerts and Activities tab. After you open the DFM home page, you can access all DFM applications from it.

---

Note Clicking any of the following links on the CiscoWorks home page causes the DFM home page to shift focus from the Alerts and Activities tab to the correspondingly named tab:

•Device Management

•Notification Services

•Fault History

•Configuration

Clicking the Alerts and Activities link opens a separate Device Fault Manager window with an Alerts and Activities display, a real-time monitor for displaying the operational health of your network.

---

---

Note You must add devices to DFM before the Alerts and Activities display can show results.

---

What Next?

After you complete the tasks in this chapter, DFM will be ready to monitor and analyze events and provide notification of alerts on the Alerts and Activities display.

Table 4-5 summarizes how to continue setting up DFM.

Table 4-5 Setting Up DFM 

Task	Description
Configure views for the Alerts and Activities display	View groups control which groups of devices are the focus of the Alerts and Activities display. DFM provides two default view groups. You can add additional view groups.
Configure notifications	In addition to learning about alerts by monitoring the Alerts and Activities display, you can subscribe users to receive e-mail and hosts to receive DFM-generated SNMP traps in response to alerts.
Configure polling parameters and thresholds	DFM provides default values for polling parameters and threshold values. However, you can update the values as needed for your network. You should plan to apply the changes when activity on the DFM server is low.
Configure purging	By default, DFM purges the database daily at midnight. You can modify the schedule.
Configure rediscovery	DFM provides a single default schedule for rediscovery. You can use that schedule, or suspend it and create additional rediscovery schedules.

To use DFM more fully, you might want to perform additional configuration tasks. See the online help or User Guide for Device Fault Manager for information on using and configuring DFM.