CiscoWorks Device Fault Manager

Table Of Contents

Readme for DFM 3.1.2 Service Pack with SNMPv3 Support on Windows

Description

Related Documentation

Hardware and Software Requirements

Downloading DFM 3.1.2

Installing DFM 3.1.2

Configuring SNMPv3

Configuring AuthPriv, AuthNoPriv, and NoAuthNoPriv Modes on the Device

DFM 3.1.2 Upgrade Path

Known DFM 3.1.2 Problems

Resolved DFM Problems

Obtaining Documentation and Submitting a Service Request

Notices

OpenSSL/Open SSL Project

License Issues

Readme for DFM 3.1.2 Service Pack with SNMPv3 Support on Windows

---

This Readme is for CiscoWorks Device Fault Manager (DFM) 3.1.2 Service Pack with SNMPv3 AuthPriv and NoAuthNoPriv Support on Windows.

SNMPv3 AuthNoPriv is already supported in the earlier release of DFM.

This Readme contains the following sections:

•Description

•Related Documentation

•Hardware and Software Requirements

•Downloading DFM 3.1.2

•Installing DFM 3.1.2

•Configuring SNMPv3

•DFM 3.1.2 Upgrade Path

•Known DFM 3.1.2 Problems

•Resolved DFM Problems

Description

CiscoWorks Device Fault Manager 3.1.2 is a Service Pack.

In this release, DFM provides support for two new types of SNMPv3 modes:

•Importing Devices with SNMPv3 NoAuthNoPriv credentials

•Importing Devices with SNMPv3 AuthPriv credentials

AuthNoPriv is already supported in the earlier release of DFM.

This release also contains solutions for defects that existed in earlier releases.

DFM 3.1.2 can be installed on DFM 3.1 (LMS 3.1) and DFM 3.1.1.

DFM 3.1.2 supports 5000 SNMPv3 devices on a Standalone server.

•The recommended server hardware requirements are 4 CPUs with 8 GB RAM memory.

If the hardware configuration of the server is 2 CPUs with 4 GB RAM memory, you can either:

•Configure DFM to manage upto 1500 SNMPv3 devices alone.

Or

•Configure DFM to manage 1000 SNMPv3 devices and 4000 SNMPv2 devices.

Related Documentation

---

Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

---

Table 1 describes the related documentation that is available for DFM 3.1.2.

Table 1 Related Documentation

Document Title	Available Formats
User Guide for CiscoWorks Device Fault Manager 3.1	•On Cisco.com at http://www.cisco.com/en/US/products/sw/cscowork/ps2421/products_user_guide_list.html •As context-sensitive Online help.
Release Notes for CiscoWorks Device Fault Manager 3.1	•On Cisco.com at http://www.cisco.com/en/US/products/sw/cscowork/ps2421/prod_release_notes_list.html
User Guide for CiscoWorks Common Services 3.2	•On Cisco.com at http://www.cisco.com/en/US/products/sw/cscowork/ps3996/products_user_guide_list.html •As context-sensitive Online help
Installing and Getting Started With CiscoWorks LAN Management Solution 3.1	•On Cisco.com at http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_installation_guides_list.html

---

Note You should print out and read this document before installing DFM 3.1.2.

---

Hardware and Software Requirements

To use CiscoWorks Device Fault Manager (DFM) 3.1.2 Service Pack, you should have installed
DFM 3.1 (LMS 3.1) or DFM 3.1.1.

The hardware and software requirements are the same as the requirements for CiscoWorks LAN Management Solution (LMS) 3.1.

For information on the available documents,see the Related Documentation.Hii

Downloading DFM 3.1.2

You can download CiscoWorks Device Fault Manager 3.1.2 from Cisco.com.

DFM 3.1.2 files are downloaded in a compressed form. To prevent overwriting of files in existing directories and to ensure that adequate disk space is available, download the files to a temporary working area of your server, and then uncompress the files.

---

Note You can also use the Common Services Device Update function to download DFM 3.1.2. For more information, from the Common Services Home Page, select Software Center > Software Update and click Help.

---

To download CiscoWorks Device Fault Manager 3.1.2:

---

Step 1 Make sure you have adequate free space.

Step 2 Go to the DFM download page at http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-dfm.html and click the link to cwdfm3_1_2_win.zip.

Step 3 Follow the instructions to download the zip file to a temporary working area of your server.

Step 4 Unzip all files into the temporary working area.

---

Installing DFM 3.1.2

---

Caution You cannot remove the DFM 3.1.2 patch after installing it. To return to your original configuration, you must uninstall and reinstall DFM. Therefore, you should save your configuration before installing DFM 3.1.2 as described in Step 1.

---

---

Step 1 Make sure that you have a backup of your configuration, in case you need to revert back to it. (DFM 3.1.2 patch cannot be uninstalled.)

Step 2 Verify that DFM 3.1 (LMS 3.1) or DFM 3.1.1 is installed:

a. From the Common Services Home Page, select Software Center > Software Update.

b. In the Products Installed table, verify that the Device Fault Manager row lists the required version.

Step 3 Move to the directory in which the unzipped DFM files reside, and run the installation script by double-clicking cwdfm3_1_2_win.exe.

Step 4 Follow the prompts in the installation script.

The options displayed by the installation script depend on your configuration.

Step 5 When the installation has completed, click Finish to exit the installer.

Step 6 Verify the installation:

a. From the Common Services Home Page, select Software Center > Software Update.

b. In the Products Installed table, click Device Fault Manager.

c. In the Patches Installed table, verify that the version corresponding to Device Fault Manager is 3.1.2.

---

Configuring SNMPv3

After installing the Service Pack, do the following to manage a device with SNMPv3 credentials:

---

Step 1 Add the device with SNMPv3 credentials to DCR.

Step 2 Import the device into DFM using the Device Management page.

The device will be discovered and moved to the Known state.

If the device is moved to the Unknown state, check whether the imported device is configured with auth and priv algorithms that are supported by DFM. If not, you have to import devices with the DFM-supported auth and priv algorithms.

---

The following are the ways in which DFM reacts when a device is imported into DCR with SNMPv3 Credentials:

•SNMPv3AuthPriv

When a device with SNMPv3AuthPriv username, password, Auth alogorithm, Privacy password, and Privacy algorithm is imported into DFM from DCR, DFM discovers the device successfully and the device is grouped under All Known Devices in Inventory Group.

•SNMPv3NoAuthNoPriv

When a device with SNMPv3 username is imported into DFM from DCR, DFM discovers the device successfully and the device is grouped under All Known Devices in Inventory Group.

•SNMPv3AuthNoPriv

When a device, with SNMPv3 username, password, and Auth algorithm is imported into DFM from DCR, DFM discovers the device successfully and the device is grouped under All Known Devices in Inventory Group.

The details of the algorithms supported in DFM 3.1.2 are:

•AuthNoPriv Mode — Supported Auth Algorithm: MD5 and SHA

•AuthPriv Mode

–Supported Auth Algorithm: MD5 and SHA

–Supported Privacy Algorithm: DES and AES128

–Unsupported Privacy Algorithm: 3DES, AES192, and AES256

Configuring AuthPriv, AuthNoPriv, and NoAuthNoPriv Modes on the Device

SNMPv3 AuthPriv, AuthNoPriv, and NoAuthNoPriv modes can be configured only on the Device and not in the application.

The following are the methods to configure AuthPriv, AuthNoPriv, and NoAuthNoPriv modes.

AuthPriv

To configure AuthPriv mode enter:

snmp-server group group_Name V3 priv read Read_View_Name write Write_View_Name

snmp-server user User_Name Group_Name V3 auth Auth_Algr Auth_Passwd priv Priv_Algr 
Priv_Passwd

snmp-server view Read_View_Name OID_Hierachy included

snmp-server view Write_View_Name OID_Hierachy included  

For example,

snmp-server group authprivgroup V3 priv read view1 write view2

snmp-server user authprivuser authprivgroup V3 auth MD5 authpwd priv DES privpwd

snmp-server view view1 dod included

snmp-server view view2 dod included  

AuthNoPriv

To configure AuthNoPriv mode enter:

snmp-server group group_Name V3 priv read Read_View_Name write Write_View_Name

snmp-server user User_Name Group_Name V3 auth Auth_Algr Auth_Passwd 

snmp-server view Read_View_Name OID_Hierachy included

snmp-server view Write_View_Name OID_Hierachy included

For example,

snmp-server group authnoprivgroup v3 auth read view1 write view2

snmp-server user authnoprivuser authnoprivgroup v3 auth MD5 authpwd

snmp-server view view1 dod included 

snmp-server view view2 dod included 

NoAuthNoPriv

To configure NoAuthNoPriv mode enter:

snmp-server group group_Name V3 priv read Read_View_Name write Write_View_Name

snmp-server user User_Name Group_Name 

snmp-server view Read_View_Name OID_Hierachy included

snmp-server view Write_View_Name OID_Hierachy included 

For example,

snmp-server group noauthnoprivgroup v3 noauth read view1 write view2

snmp-server user noauthnoprivuser noauthnoprivgroup 

snmp-server view view1 dod included 

snmp-server view view2 dod included

DFM 3.1.2 Upgrade Path

DFM 3.1.2 requires CiscoWorks Common Services Software (CS) 3.2 as a prerequisite for upgrade.

Table 2 lists the various upgrade paths.

Table 2 Upgrade Paths for DFM 3.1.2

Existing Software	DFM Version	Supported Upgrades to DFM 3.1.2
LMS 3.1	DFM 3.1	Remote upgrade is supported. Inline upgrade is supported if both servers have the same operating system (OS).
	DFM 3.1.1	Remote upgrade supported. Inline upgrade is supported if both servers have the same operating system (OS).

Known DFM 3.1.2 Problems

The following table describe the known problems in DFM 3.1.2. Unless otherwise specified, there is no workaround for these problems.

For a list of known problems in Device Fault Manager 3.1 and 3.1.1, see the Release Notes and the Readmes. You can view them on Cisco.com by going to:

http://www.cisco.com/en/US/products/sw/cscowork/ps2421/prod_installation_guides_list.html

For the status of other DFM bugs that are caused by device-specific problems, see the documents on Cisco.com at this URL:
http://www.cisco.com/en/US/products/sw/cscowork/ps2421/prod_release_notes_list.html.

Table 3 Known Problems in DFM 3.1.2 

Bug ID	Summary	Explanation
CSCsw45584	DFM3.1.2: Event status should be disabled in NOS	From Notification services, go to Notification Group and click the Add button. If you select the event set as None in NOS, the Event status should be disabled. But it is still in enabled state.
CSCsv59291	CWA does not support the installed version of DFM 3.1.1	When CiscoWorks with LMS 3.1 is installed, and DFM is upgraded to 3.1.1, the Device Troubleshooting reports in CWA does not support the installed DFM 3.1.1 version.
CSCsw98711	ICMP and SNMP requests are sent during the rediscovery of an unreachable device	During the rediscovery of a device which is down, Incharge continues to send ICMP and SNMP requests to the unreachable device.
CSCsw98735	DFM Incharge polls the SNMP timed out devices even after rediscovery	During the rediscovery of the devices that are SNMP timed out, Incharge engine polls those devices using the existing old data.
CSCsw90690	No popup message is displayed regarding the licence while importing devices into DFM	When you import devices more than the license limit into DFM, no popup message is displayed regarding the license information.
CSCsw90699	Devices get Data Collector timedout after the Incharge engine completes the discovery	When 5k devices are discovered in DFM, few devices get Data Collector Request timed out after the discovery is completed by the Incharge engine.
CSCsx72359	DFM312: SNMP requests are delayed when DFM is managing 1500 SNMPv3 devices, and you have set the polling interval to 60 seconds.	This problem occurs when you: 1. Manage 1500 SNMPv3 devices in DFM3.1.2. 2. Set the Polling settings to 60 seconds for all components and apply the changes. There is a delay between two polling cycles for SNMP requests. However ICMP polling works correctly. Polling works correctly when there are only a few devices or when you set the polling interval to the default value.

Resolved DFM Problems

The following tables describe DFM problems that are resolved in DFM 3.1.2.

Table 4 Problems Resolved in DFM 3.1.2

Bug ID	Summary	Explanation
CSCso68258	DFM polled ASA for cpmCPUTotal5minRev object. However, ASA supports only cpmCPUTotal5min object.	This problem has been resolved.
CSCsr53905	DFM could not detect low memory in switches.	This problem has been resolved.
CSCsr25953	DFM could not manage certian ATM interfaces.	This problem has been resolved.
CSCsl52191	CUOM did not increment the icmp sequence number in its requests.	This problem has been resolved.
CSCsr08903	2955 devices did not generate temperature out-of-range events.	This problem has been resolved.
CSCsv07021	IDU21: While migrating into DFM304, oid2type_Cisco.conf file was overwritten.	This problem has been resolved.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)