Data Migration Guide for CiscoWorks LAN Management Solution 2.5.1 - Chapter 5: Guidelines for Post-Upgrade Activities [CiscoWorks LAN Management Solution]

Table Of Contents

Guidelines to Post-Upgrade Activities

Guidelines for DFM 2.0.3 Post-Upgrade Activities

Guidelines for CS 3.0.3 Post-Upgrade Activities

Pre-CS 3.0 AAA Methods

CS 3.0.3 AAA Methods

ACS Mode

Non-ACS Mode

Resetting the Login Module

Guidelines to Post-Upgrade Activities

This chapter contains:

•Guidelines for DFM 2.0.3 Post-Upgrade Activities

•Guidelines for CS 3.0.3 Post-Upgrade Activities

•Resetting the Login Module

Guidelines for DFM 2.0.3 Post-Upgrade Activities

After the upgrade script completes, DFM discovers devices and updates its managed inventory. DFM might take some time to complete this task. After the task completes:

•Familiarize yourself with new device management procedures; see Installation and Setup guides for DFM, "Performing Device Management" section in Chapter 4, "Getting Started".

•Verify discovery status; see Installation and Setup guides for DFM, "Verifying Devices Added to DFM" section in Chapter 4, "Getting Started".

•Complete basic configuration steps; see Installation and Setup guides for DFM, "Configuring SNMP Trap Receiving and Forwarding" section in Chapter 4, "Getting Started".

•Start using DFM to monitor the network; see Installation and Setup guides for DFM, "Viewing Alerts" section, and "What Next?" section in Chapter 4, "Getting Started".

If you plan to use HPOV or NetView adapters on a remote system with Device Fault Manager 2.0.3 on a local system, perform these steps:

Step 1 Make sure the system running DFM is registered with DNS.

Step 2 Upgrade all remote adapters as described in Installation and Setup guide for DFM, Section "Installing and Upgrading HPOV-NetView Adapters".

If the standard UDP trap port (162) is being used by another NMS such as Cisco Voice Manager, you must configure DFM SNMP trap receiving to use a different UDP port, such as port 9000.

If you install another NMS, DFM will use port 9000. You can change it to another port using the following procedure.:

Step 1 Configure DFM to forward traps to the listening port for the NMS.

Step 2 Make sure the NMS is configured to receive traps at the port you specified in Step 1. Refer to the appropriate documentation for the NMS.

If a local version of HP OpenView or NetView is already installed (or is installed later), CiscoWorks automatically configures the adapters to forward SNMP traps to DFM.

To configure remote versions of HP OpenView and NetView to forward SNMP traps to DFM, you must install the HPOV-NetView adapters on the remote systems.

Guidelines for CS 3.0.3 Post-Upgrade Activities

This section contains:

•Pre-CS 3.0 AAA Methods

•CS 3.0.3 AAA Methods

Pre-CS 3.0 AAA Methods

Before CS 3.0:

•The CiscoWorks server supported two types of authentication methods: one method used an external PAM (Pluggable Authentication Module) and the other was the CiscoWorks local method.

•Both CiscoSecure ACS (Access Control Server) and third party AAA (Authentication, Authorization, Accounting) servers were treated as external PAMs.

•If you selected an external authentication method using a PAM, the CiscoWorks server would only do authentication but not authorization against either the CiscoSecure ACS or the third party AAA server that you selected.

•Authorization was done by the CiscoWorks server, regardless of the authentication method.

•If you selected the CiscoWorks local authentication method, both authentication and authorization were done by the CiscoWorks server.

CS 3.0.3 AAA Methods

CS 3.0.3 supports two AAA modes:

•ACS Mode

•Non-ACS Mode

ACS Mode

If you select ACS mode, the CS 3.0.3 server uses both authentication and authorization from the CiscoSecure ACS server. Since authorization is based on the roles of the user in the CS 3.0 server, note the following:

•CS 3.0.3 only supports ACS 3.2, 3.2.3, and 3.3.2

•CS 3.0.3 does not support Kerberos PAM

•We recommend that you install the Admin HTTPS PSIRT patch (on ACS 3.2.3). The patch is available at: http://www.cisco.com/public/sw-center/ciscosecure/cs-acs.shtml

•AAA is done by sending a query to ACS using TACACS+ protocol

•To configure the CiscoWorks server to use CiscoSecure ACS, you need:

–The ACS Administrator username and password

–To add the CiscoWorks server as a AAA client (in ACS)

–To configure secret key to be used (at AAA Mode setup in CS and in ACS)

–To ensure that the login user in CiscoWorks is a valid user in ACS

Non-ACS Mode

CS 3.0.3 supports two types of non-ACS modes: CiscoWorks local and non-CiscoWorks local.

By default, CS 3.0.3 uses CiscoWorks server authentication (CiscoWorks local) to authenticate users and authorize them to access CiscoWorks applications. If you select CiscoWorks local mode, CS 3.0.3 does the authentication and authorization.

However, you can choose to use a third party AAA server (non-CiscoWorks local) to do authentication (not authorization). If you choose to use a third party AAA server, you can only use it for authentication, not authorization.

Modifying User Information in CiscoWorks Local Mode

The information for parsing and verifying the password / role of a user are present in the cwpass file. This file is located at:

NMSROOT/lib/classpath/com/cisco/nm/cmf/servlet (In Solaris)

and

NMSROOT\lib\classpath\com\cisco\nm\cmf\servlet (In Windows)

Resetting the Login Module

You can run the following commands to reset the Login Module:

Step 1 Stop the LMS system by entering:

/etc/init.d/dmgtd stop (For Solaris)

Or

net stop crmdmgtd (For Windows)

Step 2 Run the following script:

NMSROOT/bin/perl ResetLoginModule.pl (For Solaris)

Or

NMSROOT\bin\perl ResetLoginModule.pl (For Windows)

Step 3 Start the LMS system by entering:

/etc/init.d/dmgtd start (For Solaris)

Or

net start crmdmgtd (For Windows)

	Data Migration Guide for CiscoWorks LAN Management Solution 2.5.1
	Chapter 5: Guidelines for Post-Upgrade Activities
Data Migration Guide for CiscoWorks LAN Management Solution 2.5.1 Preface Chapter 1: Overview Chapter 2: Migration Data to LAN Management Solution 2.5.1 on Solaris Chapter 3: Migration Data to LAN Management Solution 2.5.1 on Windows Chapter 4: Troubleshooting Errors From Data Migration Chapter 5: Guidelines for Post-Upgrade Activities Appendix A: Syntax and Usage for restorebackup.pl Appendix B: Syntax and Usage for backup.pl Index	Download this chapter Chapter 5: Guidelines for Post-Upgrade Activities Download the complete book Data migration Guide for CiscoWorks LAN Management Solution 2.5.1 (PDF - 1 MB) Table Of Contents Guidelines to Post-Upgrade Activities Guidelines for DFM 2.0.3 Post-Upgrade Activities Guidelines for CS 3.0.3 Post-Upgrade Activities Pre-CS 3.0 AAA Methods CS 3.0.3 AAA Methods ACS Mode Non-ACS Mode Resetting the Login Module Guidelines to Post-Upgrade Activities This chapter contains: •Guidelines for DFM 2.0.3 Post-Upgrade Activities •Guidelines for CS 3.0.3 Post-Upgrade Activities •Resetting the Login Module Guidelines for DFM 2.0.3 Post-Upgrade Activities After the upgrade script completes, DFM discovers devices and updates its managed inventory. DFM might take some time to complete this task. After the task completes: •Familiarize yourself with new device management procedures; see Installation and Setup guides for DFM, "Performing Device Management" section in Chapter 4, "Getting Started". •Verify discovery status; see Installation and Setup guides for DFM, "Verifying Devices Added to DFM" section in Chapter 4, "Getting Started". •Complete basic configuration steps; see Installation and Setup guides for DFM, "Configuring SNMP Trap Receiving and Forwarding" section in Chapter 4, "Getting Started". •Start using DFM to monitor the network; see Installation and Setup guides for DFM, "Viewing Alerts" section, and "What Next?" section in Chapter 4, "Getting Started". If you plan to use HPOV or NetView adapters on a remote system with Device Fault Manager 2.0.3 on a local system, perform these steps: Step 1 Make sure the system running DFM is registered with DNS. Step 2 Upgrade all remote adapters as described in Installation and Setup guide for DFM, Section "Installing and Upgrading HPOV-NetView Adapters". If the standard UDP trap port (162) is being used by another NMS such as Cisco Voice Manager, you must configure DFM SNMP trap receiving to use a different UDP port, such as port 9000. If you install another NMS, DFM will use port 9000. You can change it to another port using the following procedure.: Step 1 Configure DFM to forward traps to the listening port for the NMS. Step 2 Make sure the NMS is configured to receive traps at the port you specified in Step 1. Refer to the appropriate documentation for the NMS. If a local version of HP OpenView or NetView is already installed (or is installed later), CiscoWorks automatically configures the adapters to forward SNMP traps to DFM. To configure remote versions of HP OpenView and NetView to forward SNMP traps to DFM, you must install the HPOV-NetView adapters on the remote systems. Guidelines for CS 3.0.3 Post-Upgrade Activities This section contains: •Pre-CS 3.0 AAA Methods •CS 3.0.3 AAA Methods Pre-CS 3.0 AAA Methods Before CS 3.0: •The CiscoWorks server supported two types of authentication methods: one method used an external PAM (Pluggable Authentication Module) and the other was the CiscoWorks local method. •Both CiscoSecure ACS (Access Control Server) and third party AAA (Authentication, Authorization, Accounting) servers were treated as external PAMs. •If you selected an external authentication method using a PAM, the CiscoWorks server would only do authentication but not authorization against either the CiscoSecure ACS or the third party AAA server that you selected. •Authorization was done by the CiscoWorks server, regardless of the authentication method. •If you selected the CiscoWorks local authentication method, both authentication and authorization were done by the CiscoWorks server. CS 3.0.3 AAA Methods CS 3.0.3 supports two AAA modes: •ACS Mode •Non-ACS Mode ACS Mode If you select ACS mode, the CS 3.0.3 server uses both authentication and authorization from the CiscoSecure ACS server. Since authorization is based on the roles of the user in the CS 3.0 server, note the following: •CS 3.0.3 only supports ACS 3.2, 3.2.3, and 3.3.2 •CS 3.0.3 does not support Kerberos PAM •We recommend that you install the Admin HTTPS PSIRT patch (on ACS 3.2.3). The patch is available at: http://www.cisco.com/public/sw-center/ciscosecure/cs-acs.shtml •AAA is done by sending a query to ACS using TACACS+ protocol •To configure the CiscoWorks server to use CiscoSecure ACS, you need: –The ACS Administrator username and password –To add the CiscoWorks server as a AAA client (in ACS) –To configure secret key to be used (at AAA Mode setup in CS and in ACS) –To ensure that the login user in CiscoWorks is a valid user in ACS Non-ACS Mode CS 3.0.3 supports two types of non-ACS modes: CiscoWorks local and non-CiscoWorks local. By default, CS 3.0.3 uses CiscoWorks server authentication (CiscoWorks local) to authenticate users and authorize them to access CiscoWorks applications. If you select CiscoWorks local mode, CS 3.0.3 does the authentication and authorization. However, you can choose to use a third party AAA server (non-CiscoWorks local) to do authentication (not authorization). If you choose to use a third party AAA server, you can only use it for authentication, not authorization. Modifying User Information in CiscoWorks Local Mode The information for parsing and verifying the password / role of a user are present in the cwpass file. This file is located at: NMSROOT/lib/classpath/com/cisco/nm/cmf/servlet (In Solaris) and NMSROOT\lib\classpath\com\cisco\nm\cmf\servlet (In Windows) Resetting the Login Module You can run the following commands to reset the Login Module: Step 1 Stop the LMS system by entering: /etc/init.d/dmgtd stop (For Solaris) Or net stop crmdmgtd (For Windows) Step 2 Run the following script: NMSROOT/bin/perl ResetLoginModule.pl (For Solaris) Or NMSROOT\bin\perl ResetLoginModule.pl (For Windows) Step 3 Start the LMS system by entering: /etc/init.d/dmgtd start (For Solaris) Or net start crmdmgtd (For Windows)
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.