Data Migration Guide for LAN Management Solution 3.0 - Chapter 5: Guidelines to Post-Upgrade Activities [CiscoWorks LAN Management Solution]

Table Of Contents

Guidelines to Post-Upgrade Activities

Guidelines for DFM 3.0 Post-Upgrade Activities

Configuring SNMP Trap Receiving and Forwarding

Guidelines for CS 3.1 Post-Upgrade Activities

CS 3.1 AAA Methods

ACS Mode

Non-ACS Mode

Resetting the Login Module

Guidelines to Post-Upgrade Activities

This chapter contains:

•Guidelines for DFM 3.0 Post-Upgrade Activities

•Guidelines for CS 3.1 Post-Upgrade Activities

•Resetting the Login Module

Guidelines for DFM 3.0 Post-Upgrade Activities

After the upgrade script completes, DFM discovers devices and updates its managed inventory. DFM might take some time to complete this task. After the task is completed, see Installing and Getting Started with CiscoWorks LAN Management Solution 3.0 (Maintenance Kit) to:

•Familiarize yourself with new device management procedures in the Performing Device Management section

•Verify discovery status in the Verifying Devices Added to DFM section

•Complete basic configuration steps in the Configuring SNMP Trap Receiving and Forwarding section

•Start using DFM to monitor the network in Viewing Alerts section, and What Next? section

The Installing and Getting Started with CiscoWorks LAN Management Solution 3.0 (Maintenance Kit) is available at this URL:

http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_installation_guides_list.html

Configuring SNMP Trap Receiving and Forwarding

To use HPOV or NetView adapters on a remote system with Device Fault Manager 3.0 on a local system, make sure:

Step 1 The system running DFM is registered with DNS.

Step 2 To upgrade all remote adapters as described in Installation and Setup guide for DFM, in the section "Installing and Upgrading HPOV-NetView Adapters". It is available at: http://www.cisco.com/en/US/products/sw/cscowork/ps2421/prod_installation_guides_list.html

By default, DFM receives SNMP traps on port 162 (or, if port 162 is occupied, port 9000). If you need to change the port:

Step 1 Go to LMS 3.0 Portal Home Page and select DFM > Configuration > Other Configurations > SNMP Trap Receiving.

The configuration page for SNMP trap receiving is launched.

Step 2 Enter the port number in the Receiving Port entry box.

Step 3 Click Apply.

If you want DFM to forward traps to a remote NMS:

Step 1 Go to LMS 3.0 Portal Home Page and select DFM > Configuration > Other Configurations > SNMP Trap Forwarding.

The configuration page for SNMP trap forwarding is launched.

Step 2 Enter these for each host:

•An IP address or DNS name for the hostname.

•A port number on which the host can receive traps.

Step 3 Click the Apply.

Step 4 Make sure the NMS is configured to receive traps at the port you specified in Step 2. See the appropriate documentation for the NMS.

If a local version of HP OpenView or NetView is already installed, CiscoWorks automatically configures the adapters to forward SNMP traps to DFM.

To configure remote versions of HP OpenView and NetView to forward SNMP traps to DFM, you must install the HPOV-NetView adapters on the remote systems.

For more details on Basic configuration steps, see Installation and Setup guides for DFM.

Guidelines for CS 3.1 Post-Upgrade Activities

This section contains the CS 3.1 AAA methods.

CS 3.1 AAA Methods

CS 3.1 supports two AAA modes:

•ACS Mode

•Non-ACS Mode

Note If you had configured ACS mode in CS3.0, it will be automatically preserved in CS3.1.

ACS Mode

If you select ACS mode, the CS 3.1 server uses both authentication and authorization from the CiscoSecure ACS server. Since authorization is based on the roles of the user in the CS 3.1 server, note the following:

•CS 3.1 only supports ACS 3.2, 3.2.3, 3.3.2, 3.3.3, 3.3.4, 4.0(1), and 4.1

•CS 3.1 does not support Kerberos PAM when configured in ACS mode

•We recommend that you install the Admin HTTPS PSIRT patch (on ACS 3.2.3). The patch is available at: http://www.cisco.com/public/sw-center/index.shtml

•AAA is done by sending a query to ACS using TACACS+ protocol

•To configure the CiscoWorks server to use CiscoSecure ACS, you need:

–The ACS Administrator username and password

–To add the CiscoWorks server as a AAA client (in ACS)

–To configure the secret key to be used (at AAA Mode setup in CS and in ACS)

–To ensure that the login user in CiscoWorks is a valid user in ACS

–To ensure that the system identity user must be available in ACS with full privilege

Non-ACS Mode

CS 3.1 server supports the following Login Modules in Non-ACS mode:

•CiscoWorks Local

•IBM SecureWay Directory

•KerberosLogin

•Local NT System

•MS Active Directory

•Netscape Directory

•RADIUS

•TACACS+

By default, CS 3.1 uses CiscoWorks server authentication (CiscoWorks Local) to authenticate users and authorize them to access CiscoWorks applications. If you select CiscoWorks local mode, CS 3.1 performs the authentication and authorization.

However, if you select a Login Module other than CiscoWorks Local, you can only do authentication and not authorization. Authorization can be done only through CiscoWorks Local.

Resetting the Login Module

You can run the following commands to reset the Login Module to CiscoWorks local mode:

Step 1 Stop the LMS system by entering:

On Solaris:

/etc/init.d/dmgtd stop

On Windows:

net stop crmdmgtd

Step 2 Run the following script:

On Solaris:

NMSROOT/bin/perl NMSROOT/bin/ResetLoginModule.pl

On Windows:

NMSROOT\bin\perl NMSROOT\bin\ResetLoginModule.pl

Step 3 Start the LMS system by entering:

On Solaris:

/etc/init.d/dmgtd start

On Windows:

net start crmdmgtd

	Data Migration Guide for LAN Management Solution 3.0
	Chapter 5: Guidelines to Post-Upgrade Activities
Data Migration Guide for LAN Management Solution 3.0 OpenSSL License Acknowledgement Preface Chapter 1: Overview Chapter 2: Migrating Data to LAN Management Solution 3.0 on Solaris Chapter 3: Migrating Data to LAN Management Solution 3.0 on Windows Chapter 4: Troubleshooting Errors in Data Migration Chapter 5: Guidelines to Post-Upgrade Activities Appendix A: Syntax and Usage for Backup Script Appendix B: Syntax and Usage for Restore and Backup Script Index	Download this chapter Chapter 5: Guidelines to Post-Upgrade Activities Download the complete book Data Migration Guide for LAN Management Solution 3.0 - PDF of Entire Book (PDF - 1 MB) Table Of Contents Guidelines to Post-Upgrade Activities Guidelines for DFM 3.0 Post-Upgrade Activities Configuring SNMP Trap Receiving and Forwarding Guidelines for CS 3.1 Post-Upgrade Activities CS 3.1 AAA Methods ACS Mode Non-ACS Mode Resetting the Login Module Guidelines to Post-Upgrade Activities This chapter contains: •Guidelines for DFM 3.0 Post-Upgrade Activities •Guidelines for CS 3.1 Post-Upgrade Activities •Resetting the Login Module Guidelines for DFM 3.0 Post-Upgrade Activities After the upgrade script completes, DFM discovers devices and updates its managed inventory. DFM might take some time to complete this task. After the task is completed, see Installing and Getting Started with CiscoWorks LAN Management Solution 3.0 (Maintenance Kit) to: •Familiarize yourself with new device management procedures in the Performing Device Management section •Verify discovery status in the Verifying Devices Added to DFM section •Complete basic configuration steps in the Configuring SNMP Trap Receiving and Forwarding section •Start using DFM to monitor the network in Viewing Alerts section, and What Next? section The Installing and Getting Started with CiscoWorks LAN Management Solution 3.0 (Maintenance Kit) is available at this URL: http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_installation_guides_list.html Configuring SNMP Trap Receiving and Forwarding To use HPOV or NetView adapters on a remote system with Device Fault Manager 3.0 on a local system, make sure: Step 1 The system running DFM is registered with DNS. Step 2 To upgrade all remote adapters as described in Installation and Setup guide for DFM, in the section "Installing and Upgrading HPOV-NetView Adapters". It is available at: http://www.cisco.com/en/US/products/sw/cscowork/ps2421/prod_installation_guides_list.html By default, DFM receives SNMP traps on port 162 (or, if port 162 is occupied, port 9000). If you need to change the port: Step 1 Go to LMS 3.0 Portal Home Page and select DFM > Configuration > Other Configurations > SNMP Trap Receiving. The configuration page for SNMP trap receiving is launched. Step 2 Enter the port number in the Receiving Port entry box. Step 3 Click Apply. If you want DFM to forward traps to a remote NMS: Step 1 Go to LMS 3.0 Portal Home Page and select DFM > Configuration > Other Configurations > SNMP Trap Forwarding. The configuration page for SNMP trap forwarding is launched. Step 2 Enter these for each host: •An IP address or DNS name for the hostname. •A port number on which the host can receive traps. Step 3 Click the Apply. Step 4 Make sure the NMS is configured to receive traps at the port you specified in Step 2. See the appropriate documentation for the NMS. If a local version of HP OpenView or NetView is already installed, CiscoWorks automatically configures the adapters to forward SNMP traps to DFM. To configure remote versions of HP OpenView and NetView to forward SNMP traps to DFM, you must install the HPOV-NetView adapters on the remote systems. For more details on Basic configuration steps, see Installation and Setup guides for DFM. Guidelines for CS 3.1 Post-Upgrade Activities This section contains the CS 3.1 AAA methods. CS 3.1 AAA Methods CS 3.1 supports two AAA modes: •ACS Mode •Non-ACS Mode Note If you had configured ACS mode in CS3.0, it will be automatically preserved in CS3.1. ACS Mode If you select ACS mode, the CS 3.1 server uses both authentication and authorization from the CiscoSecure ACS server. Since authorization is based on the roles of the user in the CS 3.1 server, note the following: •CS 3.1 only supports ACS 3.2, 3.2.3, 3.3.2, 3.3.3, 3.3.4, 4.0(1), and 4.1 •CS 3.1 does not support Kerberos PAM when configured in ACS mode •We recommend that you install the Admin HTTPS PSIRT patch (on ACS 3.2.3). The patch is available at: http://www.cisco.com/public/sw-center/index.shtml •AAA is done by sending a query to ACS using TACACS+ protocol •To configure the CiscoWorks server to use CiscoSecure ACS, you need: –The ACS Administrator username and password –To add the CiscoWorks server as a AAA client (in ACS) –To configure the secret key to be used (at AAA Mode setup in CS and in ACS) –To ensure that the login user in CiscoWorks is a valid user in ACS –To ensure that the system identity user must be available in ACS with full privilege Non-ACS Mode CS 3.1 server supports the following Login Modules in Non-ACS mode: •CiscoWorks Local •IBM SecureWay Directory •KerberosLogin •Local NT System •MS Active Directory •Netscape Directory •RADIUS •TACACS+ By default, CS 3.1 uses CiscoWorks server authentication (CiscoWorks Local) to authenticate users and authorize them to access CiscoWorks applications. If you select CiscoWorks local mode, CS 3.1 performs the authentication and authorization. However, if you select a Login Module other than CiscoWorks Local, you can only do authentication and not authorization. Authorization can be done only through CiscoWorks Local. Resetting the Login Module You can run the following commands to reset the Login Module to CiscoWorks local mode: Step 1 Stop the LMS system by entering: On Solaris: /etc/init.d/dmgtd stop On Windows: net stop crmdmgtd Step 2 Run the following script: On Solaris: NMSROOT/bin/perl NMSROOT/bin/ResetLoginModule.pl On Windows: NMSROOT\bin\perl NMSROOT\bin\ResetLoginModule.pl Step 3 Start the LMS system by entering: On Solaris: /etc/init.d/dmgtd start On Windows: net start crmdmgtd
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.