Data Migration Guide for LAN Management Solution 3.1 - Chapter 5: Guidelines to Post-Upgrade Activities [CiscoWorks LAN Management Solution]

Table Of Contents

Guidelines to Post-Upgrade Activities

Guidelines for DFM 3.1 Post-Upgrade Activities

Configuring SNMP Trap Receiving and Forwarding

Guidelines for CS 3.2 Post-Upgrade Activities

CS 3.2 AAA Methods

ACS Mode

Non-ACS Mode

Resetting the Login Module

Guidelines to Post-Upgrade Activities

This chapter contains:

•Guidelines for DFM 3.1 Post-Upgrade Activities

•Guidelines for CS 3.2 Post-Upgrade Activities

•Resetting the Login Module

Guidelines for DFM 3.1 Post-Upgrade Activities

This section contains the complete basic configuration steps for Configuring SNMP Trap Receiving and Forwarding.

Configuring SNMP Trap Receiving and Forwarding

To use HPOV or NetView adapters on a remote system with Device Fault Manager 3.1 on a local system, make sure that system running DFM is registered with DNS.

To upgrade all remote adapters, see Installing and Getting Started With CiscoWorks LAN Management Solution 3.1. It is available at:

http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_installation_guides_list.html

By default, DFM receives SNMP traps on port 162 (or, if port 162 is occupied, port 9000). If you need to change the port:

Step 1 Go to LMS 3.1 Portal Home Page and select DFM > Configuration > Other Configurations > SNMP Trap Receiving.

The configuration page for SNMP trap receiving is launched.

Step 2 Enter the port number in the Receiving Port entry box.

Step 3 Click Apply.

If you want DFM to forward traps to a remote NMS:

Step 1 Go to LMS 3.1 Portal Home Page and select DFM > Configuration > Other Configurations > SNMP Trap Forwarding.

The configuration page for SNMP trap forwarding is launched.

Step 2 Enter these for each host:

•An IP address or DNS name for the hostname.

•A port number on which the host can receive traps.

Step 3 Click Apply.

Step 4 Make sure NMS is configured to receive traps at the port you specified in Step 2.

If a local version of HP OpenView or NetView is already installed, CiscoWorks automatically configures the adapters to forward SNMP traps to DFM.

To configure remote versions of HP OpenView and NetView to forward SNMP traps to DFM, you must install the HPOV-NetView adapters on the remote systems.

For more details on Configuring SNMP Trap Receiving and Forwarding and Basic configuration steps, see the User Guides for Device Fault Manager.

Guidelines for CS 3.2 Post-Upgrade Activities

This section contains the CS 3.2 Authorization, Authentication, and Accounting (AAA) methods.

CS 3.2 AAA Methods

CS 3.2 supports two AAA modes:

•ACS Mode

•Non-ACS Mode

Note If you had configured ACS mode in CS 3.1 or CS 3.1.1, it will be automatically preserved in CS3.2 during upgrade.

ACS Mode

If you select ACS mode, the CS 3.2 server uses both authentication and authorization from the CiscoSecure ACS server. Since authorization is based on the roles of the user in the CS 3.2 server, note the following:

•CS 3.2 only supports ACS 3.2, 3.2.3, 3.3.2, 3.3.3, 3.3.4, 4.0(1), 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, and 4.2

•CS 3.2 does not support Kerberos PAM when it is configured in ACS mode

•Authorization, Authentication, and Accounting are done by sending a query to ACS using TACACS+ protocol

•To configure the CiscoWorks server to use CiscoSecure ACS, you need:

–The ACS Administrator username and password

–To add the CiscoWorks server as an AAA client (in ACS)

–To configure the secret key to be used (at AAA Mode setup in CS and in ACS)

–To ensure that the login user in CiscoWorks is a valid user in ACS

–To ensure that the system identity user is available in ACS with Super Admin privilege

•We recommend that you install the Admin HTTPS PSIRT patch (on ACS 3.2.3). The patch is available at: http://www.cisco.com/public/sw-center/index.shtml

Non-ACS Mode

CS 3.2 server supports the following Login Modules in Non-ACS mode:

•CiscoWorks Local

•IBM SecureWay Directory

•KerberosLogin

•Local NT System

•MS Active Directory

•Netscape Directory

•RADIUS

•TACACS+

By default, CS 3.2 uses CiscoWorks server authentication (CiscoWorks Local) to authenticate users and authorize them to access CiscoWorks applications. If you select CiscoWorks Local mode, CS 3.2 performs the authentication and authorization.

However, if you select a Login module other than CiscoWorks Local, you can only perform authentication and not authorization. You can perform authorization only through CiscoWorks Local.

Resetting the Login Module

You can run the following commands to reset the Login Module to CiscoWorks local mode:

On Solaris:

Step 1 Stop the LMS system by entering:

/etc/init.d/dmgtd stop

Step 2 Run the following script:

NMSROOT/bin/perl NMSROOT/bin/ResetLoginModule.pl

Step 3 Start the LMS system by entering:

/etc/init.d/dmgtd start

On Windows:

Step 1 Stop the LMS system by entering:

net stop crmdmgtd

Step 2 Run the following script:

NMSROOT\bin\perl NMSROOT\bin\ResetLoginModule.pl

Step 3 Start the LMS system by entering:

net start crmdmgtd

	Data Migration Guide for LAN Management Solution 3.1
	Chapter 5: Guidelines to Post-Upgrade Activities
Data Migration Guide for LAN Management Solution 3.1 OpenSSL License Acknowledgement Preface Chapter 1: Overview Chapter 2: Migrating Data to LAN Management Solution 3.1 on Solaris Chapter 3: Migrating Data to LAN Management Solution 3.1 on Windows Chapter 4: Troubleshooting Errors in Data Migration Chapter 5: Guidelines to Post-Upgrade Activities Appendix A: Syntax and Usage for Backup Script Appendix B: Syntax and Usage for Restore and Backup Script Index	Download this chapter Chapter 5: Guidelines to Post-Upgrade Activities Download the complete book Data Migration Guide for LAN Management Solution 3.1 - PDF of Entire Book (PDF - 1 MB) Table Of Contents Guidelines to Post-Upgrade Activities Guidelines for DFM 3.1 Post-Upgrade Activities Configuring SNMP Trap Receiving and Forwarding Guidelines for CS 3.2 Post-Upgrade Activities CS 3.2 AAA Methods ACS Mode Non-ACS Mode Resetting the Login Module Guidelines to Post-Upgrade Activities This chapter contains: •Guidelines for DFM 3.1 Post-Upgrade Activities •Guidelines for CS 3.2 Post-Upgrade Activities •Resetting the Login Module Guidelines for DFM 3.1 Post-Upgrade Activities This section contains the complete basic configuration steps for Configuring SNMP Trap Receiving and Forwarding. Configuring SNMP Trap Receiving and Forwarding To use HPOV or NetView adapters on a remote system with Device Fault Manager 3.1 on a local system, make sure that system running DFM is registered with DNS. To upgrade all remote adapters, see Installing and Getting Started With CiscoWorks LAN Management Solution 3.1. It is available at: http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_installation_guides_list.html By default, DFM receives SNMP traps on port 162 (or, if port 162 is occupied, port 9000). If you need to change the port: Step 1 Go to LMS 3.1 Portal Home Page and select DFM > Configuration > Other Configurations > SNMP Trap Receiving. The configuration page for SNMP trap receiving is launched. Step 2 Enter the port number in the Receiving Port entry box. Step 3 Click Apply. If you want DFM to forward traps to a remote NMS: Step 1 Go to LMS 3.1 Portal Home Page and select DFM > Configuration > Other Configurations > SNMP Trap Forwarding. The configuration page for SNMP trap forwarding is launched. Step 2 Enter these for each host: •An IP address or DNS name for the hostname. •A port number on which the host can receive traps. Step 3 Click Apply. Step 4 Make sure NMS is configured to receive traps at the port you specified in Step 2. If a local version of HP OpenView or NetView is already installed, CiscoWorks automatically configures the adapters to forward SNMP traps to DFM. To configure remote versions of HP OpenView and NetView to forward SNMP traps to DFM, you must install the HPOV-NetView adapters on the remote systems. For more details on Configuring SNMP Trap Receiving and Forwarding and Basic configuration steps, see the User Guides for Device Fault Manager. Guidelines for CS 3.2 Post-Upgrade Activities This section contains the CS 3.2 Authorization, Authentication, and Accounting (AAA) methods. CS 3.2 AAA Methods CS 3.2 supports two AAA modes: •ACS Mode •Non-ACS Mode Note If you had configured ACS mode in CS 3.1 or CS 3.1.1, it will be automatically preserved in CS3.2 during upgrade. ACS Mode If you select ACS mode, the CS 3.2 server uses both authentication and authorization from the CiscoSecure ACS server. Since authorization is based on the roles of the user in the CS 3.2 server, note the following: •CS 3.2 only supports ACS 3.2, 3.2.3, 3.3.2, 3.3.3, 3.3.4, 4.0(1), 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, and 4.2 •CS 3.2 does not support Kerberos PAM when it is configured in ACS mode •Authorization, Authentication, and Accounting are done by sending a query to ACS using TACACS+ protocol •To configure the CiscoWorks server to use CiscoSecure ACS, you need: –The ACS Administrator username and password –To add the CiscoWorks server as an AAA client (in ACS) –To configure the secret key to be used (at AAA Mode setup in CS and in ACS) –To ensure that the login user in CiscoWorks is a valid user in ACS –To ensure that the system identity user is available in ACS with Super Admin privilege •We recommend that you install the Admin HTTPS PSIRT patch (on ACS 3.2.3). The patch is available at: http://www.cisco.com/public/sw-center/index.shtml Non-ACS Mode CS 3.2 server supports the following Login Modules in Non-ACS mode: •CiscoWorks Local •IBM SecureWay Directory •KerberosLogin •Local NT System •MS Active Directory •Netscape Directory •RADIUS •TACACS+ By default, CS 3.2 uses CiscoWorks server authentication (CiscoWorks Local) to authenticate users and authorize them to access CiscoWorks applications. If you select CiscoWorks Local mode, CS 3.2 performs the authentication and authorization. However, if you select a Login module other than CiscoWorks Local, you can only perform authentication and not authorization. You can perform authorization only through CiscoWorks Local. Resetting the Login Module You can run the following commands to reset the Login Module to CiscoWorks local mode: On Solaris: Step 1 Stop the LMS system by entering: /etc/init.d/dmgtd stop Step 2 Run the following script: NMSROOT/bin/perl NMSROOT/bin/ResetLoginModule.pl Step 3 Start the LMS system by entering: /etc/init.d/dmgtd start On Windows: Step 1 Stop the LMS system by entering: net stop crmdmgtd Step 2 Run the following script: NMSROOT\bin\perl NMSROOT\bin\ResetLoginModule.pl Step 3 Start the LMS system by entering: net start crmdmgtd
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.