Table Of Contents

Administering Discovery Settings and Device and Credential Repository

Scheduling Device Discovery

Configuring Device Selector

Selecting Devices for Device Management Tasks

Searching Devices

Performing Simple Search

Performing Advanced Search

Device Selector Settings

Understanding Device Groups

Customizing Device Grouping

Customizing Display Order of Device Groups

Administering Device and Credential Repository

Changing DCR Mode

Configuring Device Polling

Configuring Device Polling Settings

Deleting Unreachable Devices from DCR

Configuring User Defined Fields

Adding User Defined Fields

Renaming User Defined Fields

Deleting User Defined Fields

Configuring Default Credentials

Using Default Credentials

Important Notes on Default Credentials

Default Credentials Behavior in Multi-Server Setup

Configuring Default Credential Sets

Configuring Default Credential Set Policy

Administering Discovery Settings and Device and Credential Repository

---

You can configure discovery settings, and perform some administrative tasks in DCR.

This section contains:

•Scheduling Device Discovery

•Configuring Device Selector

•Administering Device and Credential Repository

For details on configuring discovery logging, see Configuring Discovery Logging.

Scheduling Device Discovery

You can schedule one or more Device Discovery jobs. The optimum Device Discovery schedule depends on the size of network and changes in the network.

Before you schedule a Device Discovery job, read the following:

•Only one Device Discovery job can run at a time.

•When you schedule Device Discovery jobs, ensure that the schedule time does not overlap each other. Otherwise, one of the Device Discovery jobs may fail.

•You should configure the Device Discovery settings before you schedule a Device Discovery job. Otherwise, the system displays an error message when you try add a schedule. However, you can edit the Device Discovery settings for the scheduled job later.

From the Discovery Schedule page, you can:

•Add a Device Discovery schedule. See Adding Device Discovery Schedule for details.

•Modify a Device Discovery schedule. See Editing Device Discovery Schedule for details.

•Delete a Device Discovery schedule. See Deleting Device Discovery Schedule for details.

•Navigate to LMS Job Browser page. See Viewing the Status of Device Discovery Schedules for details.

•Start device discovery. See Starting Device Discovery for details.

•Maintain multiple Device Discovery Settings for multiple schedules. See Maintaining Multiple Discovery Settings for Multiple Scheduled Jobs for details.

•View the Discovery Settings configured for the selected Device Discovery Schedule. See Viewing Discovery Settings for Selected Discovery Schedule for details.

•Edit the Discovery Settings for the selected Device Discovery Schedule. See Viewing Discovery Settings for Selected Discovery Schedule for details.

Adding Device Discovery Schedule

To add a Device Discovery schedule:

---

Step 1 Select Admin > Network > Discovery Settings > Schedule.

The Discovery Schedule page appears.

Step 2 Click Add.

The Add Discovery Schedule popup window appears.

The Device Discovery schedules are dependent of Device Discovery Settings. You cannot click the Add button if you have not configured Device Discovery Settings.

The Add button is disabled on a fresh installation of LMS in LMS Server.

Step 3 Select a value in the Hour and Min drop-down lists to specify the time when the Device Discovery should start.

You should specify the time in 24-hour format.

Step 4 Select the days of the week on which the Device Discovery is to be scheduled, in the Recurrence Pattern field.

Step 5 Enter a description in the Job Description field. This is optional.

You cannot edit the description entered in this field later.

---

Note The job description should not contain special characters like , and #.

---

Step 6 Click Schedule.

The Device Discovery schedule is created and assigned with a job ID. Email notification is sent to the email address you have configured in the Discovery Settings wizard.

---

Editing Device Discovery Schedule

To edit a Device Discovery schedule:

---

Step 1 Select Admin > Network > Discovery Settings > Schedule.

The Discovery Schedule page appears.

Step 2 Select a Device Discovery schedule from the list.

Step 3 Click Edit.

The Edit Discovery Schedule popup window appears.

Step 4 Edit the values in the Hour and Min drop-down list, if required.

Step 5 Select the days of the week on which the Device Discovery is to be scheduled, in the Recurrence Pattern field.

Step 6 Click Schedule to save the changes.

---

Deleting Device Discovery Schedule

To delete a Device Discovery schedule:

---

Step 1 Select Admin > Network > Discovery Settings > Schedule.

The Discovery Schedule page appears.

Step 2 Select a Device Discovery schedule from the list.

Step 3 Click Delete.

The Delete Confirmation dialog box appears.

Step 4 Click OK.

The selected Device Discovery schedule is deleted from the list of schedules.

---

Caution Before you remove a Device Discovery schedule, ensure it is completed. Otherwise, if the Device Discovery job is running, deleting the schedule will stop the job first and then will remove it.

---

---

Starting Device Discovery

To start immediate discovery for scheduled job:

---

Step 1 Select Admin > Network > Discovery Settings > Schedule.

The Discovery Schedule page appears.

Step 2 Select a job from the list.

Step 3 Click Start Discovery. A popup window appears with the information on the immediate jobID.

The Start Discovery button will be disabled before setting any jobs or if a discovery is already running.

Step 4 Click OK. The Device Discovery summary screen appears.

You can view the status of the job in Job Browser page (Admin > Jobs > Browser).

---

Viewing the Status of Device Discovery Schedules

You can navigate to LMS Job Browser page from the Discovery Schedule page to view the latest status of Device Discovery jobs.

To do so:

---

Step 1 Select Admin > Network > Discovery Settings > Schedule.

The Discovery Schedule page appears.

Step 2 Click the link provided at the bottom of the page.

The Job Browser page displays the Device Discovery jobs.

---

Maintaining Multiple Discovery Settings for Multiple Scheduled Jobs

Before creating a scheduled job, you must configure the Device Discovery settings. You can edit the settings for scheduled jobs later and maintain different settings for different jobs.

To view the existing Device Discovery settings for a selected job, see Viewing Discovery Settings for Selected Discovery Schedule.

To edit the Device Discovery settings for a selected job, see Editing Discovery Settings for Selected Discovery Schedule.

Viewing Discovery Settings for Selected Discovery Schedule

You can view the Discovery settings used to create the selected Discovery Schedule job.

To do so:

---

Step 1 Select Admin > Network > Discovery Settings > Schedule.

The Discovery Schedule page appears.

Step 2 Select a Discovery schedule from the list.

Step 3 Click View Settings.

The View Discovery Settings dialog box appears.

Step 4 Click OK to return to the Discovery Schedule page after you have view the schedule.

---

Editing Discovery Settings for Selected Discovery Schedule

You can edit the Discovery Settings used to create the selected Discovery Schedule job.

To do so:

---

Step 1 Select Admin > Network > Discovery Settings > Schedule.

The Discovery Schedule page appears.

Step 2 Select a Discovery schedule from the list.

Step 3 Click Edit Settings.

The Module Settings page of Discovery Settings wizard appears.

Step 4 Edit the required module settings and click Next. The Seed Devices Settings page appears.

Step 5 Edit the required seed devices settings and click Next. If you do not want to proceed further, click Finish. The SNMP Settings page appears.

Step 6 Edit the SNMP settings and click Next. If you do not want to proceed further, click Finish.

The Filter Settings page appears.

Step 7 Edit the Filter settings and click Next. If you do not want to proceed further, click Finish.

The Global Settings page appears.

Step 8 Edit the Global settings and click Next. If you do not want to proceed further, click Finish.

The Discovery Settings Summary page appears.

Step 9 Click Finish to return to Discovery Schedule page.

---

Configuring Device Selector

The improved Device Selector allows you to search the devices in DCR. It helps to locate the devices and perform the various device management tasks quickly. With this improved Device Selector, you need not remember the device type or application group hierarchy to locate the devices.

The devices are categorized under Device Type based groups, User Defined groups, Subnet Based groups, or under All Groups.

You can define the settings of the Device Selector pane to customize the display of devices and the order of display. You can customize the top level groups, sub-groups and the list of devices displayed under each group using the Group Customization option.

The Group Ordering option allows you to specify the order of display in which the groups are seen in the Device Selector pane. See Device Selector Settings for more information.

The Device Selector Settings are specific to each user. You can search for devices using a Simple search or an Advanced search. See Searching Devices for more information.

Tool tips are also provided for devices that contain long names so that you do not have to scroll horizontally to see the complete device name.

The Device Selector is used to select devices to perform various device management tasks. The device selector lists all devices in a group. The Display Name of the devices entered when you have added the devices in DCR is displayed as the device name in the Device Selector pane.

The Device Selector contains the following components:

Component Name	Description
Search Input	Enter your search expression in this text field. You can enter a single device name or multiple device names in this field. You can enter the following as search inputs for searching multiple devices: •Comma separated list of full device names •Device names with wildcard characters, (?) and (*), to search for multiple devices matching the text string entered in this input field. The wildcard character ? matches a single character in a device name and the wildcard character * matches multiple characters in a device name. •Combination of comma separated list of device names, and device names with wildcard characters. See Performing Simple Search for more information.
Search	Use this icon to perform a Simple search of devices, after you have entered your search input. See Performing Simple Search for more information.
Advanced Search	Use this icon to perform an Advanced search of devices. See Performing Advanced Search for more information.
All	This tab lists all the top-level device groups and the device names under each group in a hierarchical format (tree view). The top-level device groups include: •All Devices •Device Type Groups •Subnet Groups •User Defined Groups See Understanding Device Groups for more information on types of device groups.
Search Results	This tab displays all the Simple or Advanced search results and you can select all devices, clear all devices, or select a few devices from the list. The Simple search results are based on the display name of the devices added to DCR. The Advanced search results are based on the grouping attributes of the grouping services server.
Selection	This tab lists all the devices that you have selected in the All or Search Results tab or through a combination of both. You can also use this tab to deselect the devices you have already selected. You can perform more than one search and can accumulate your selection of devices.

The Device Selector displays the number of devices selected by you at the bottom. When you click the link provided, it launches the Selection Tab.

Tool tips are also provided for devices that contain long names so that you do not have to scroll horizontally to see the complete device name.

This section contains the following information:

•Selecting Devices for Device Management Tasks

•Searching Devices

•Device Selector Settings

Selecting Devices for Device Management Tasks

You can select devices to perform various device management tasks such as editing device credentials and viewing device credentials, using any of these methods:

•Selecting Devices From All Tab

•Selecting Devices From Search Results

•Combination of Selection From All Tab and Search Results

Selecting Devices From All Tab

The All tab lists the top-level device groups and the device names under each group in a hierarchical format (tree view).

You can select the devices from the tree view. The Selection tab shows the flat list of selected devices from the All tab.

You should expand the nodes of the top-level device groups and sub groups to see the list of devices within a group and select the devices you want. We recommend that you do not expand all and leave all the multiple group nodes open. This may affect the performance of the device selector.

Selecting Devices From Search Results

You can perform a Simple Search or an Advanced Search, and the search results are displayed under the Search Results tab. You can select the devices you want from the Search Results tab. The Selection tab and the All tab, display the devices you have selected from the Search Results tab.

---

Note You can perform more than one search and can accumulate your selection of devices.

---

Combination of Selection From All Tab and Search Results

You can select the devices from the All tab and add more devices to the Selection list from the Simple or Advanced search results in the Search Results tab.

The Selection tab displays the accumulated list from both All and Search Results tabs.

You can enter another search criteria and select more devices. The selected devices are accumulated in the Selection tab.

Searching Devices

With the improved Device Selector, you can search for the devices by performing a Simple search or an Advanced search. In both cases, you do not need to remember the name of the devices and the groups in which the devices are grouped.

---

Note The search string is not case sensitive in LMS.

---

This section contains the following:

•Performing Simple Search

•Performing Advanced Search

Performing Simple Search

You can enter your search criteria in the Search Input field and search for the devices using the Search icon. The search results are based on the display name of the devices added in DCR.

Note the following points when you perform a Simple search.

• You can enter a comma separated list of device names to search for multiple devices.

• You can use the wildcard characters, * and ?, to search for multiple devices that match the text string entered in this input field. Multiple wildcard characters are allowed in a search string.

•You can use the combination of comma separated list of device names and wildcard characters in the device names to search for multiple devices.

• If you are not using the wildcard characters, make sure that you enter the full device name.

For example, when you enter device2?, *.cisco1,*device10* as search input, the system displays:

•Device names starting with device2 and with only one character after device2

•Device names ending with .cisco1

•Device names containing the text string device10

Performing Advanced Search

Use the Advanced Search icon to open the Advanced Search popup window and specify a set of rules for performing an Advanced search. The advanced search is based on the grouping attributes of the application's grouping server.

You can create a rule in the Advanced Search dialog box by either:

•Using Expressions

or

•Using Rule Text Fields

You can verify if the rule you have entered is correct using the Check Syntax button, and reset the rule you have created using the Clear button.

Using Expressions

You can use expressions to form a rule in the Advanced Search Dialog box. Each rule expression contains:

• Device Type — Object type used for forming a group. All expressions start with the string Device

• Variables — Device attributes used to form a device group. The list of variables for advanced search are Category, DeviceIdentity, DisplayName, DomainName, HostName, ManagementIpAddress, MDFId, Model, Series, SystemObjectID, and the user-defined data, if any.

The list of device attributes are different across Cisco Prime modules. The Advanced Search window in the Device Selector of Cisco Prime applications displays the respective device attributes as variables.

• Operators — Various operators to be used with the rule. The list of operators includes equals, contains, startswith, and endswith. The list of operators changes dynamically with the value of the variable selected.

For the ManagementIpAddress variable, you can select the range operator other than the standard list of operators. The range operator enables you to search for devices of the specified range of IP Addresses. SeeUsing IP Address Range to Form a Search Rule for more information.

• Value — Value of the variable. The value field changes dynamically with the value of the variable and operator selected, and this may be a text field or a list box.

After you define the rule settings, click Add Expression to add the rule expression.

You can also enter multiple rule expressions using the logical operators. The logical operators include OR, EXCLUDE and AND.

Using IP Address Range to Form a Search Rule

The range operator enables you to search the devices of the specified range of IP Addresses. You can select the range operator only for the ManagementIpAddress and IP.Address variables.

You should enter the range of IP Addresses in the Value field, to create a search rule based on IP Address ranges.

When you enter the IP Address range in the text field, you should:

•Specify the range with permissible values for one or more octets in the IP Address.

The minimum limit in the range is 0 and the maximum limit is 255.

•Use the hyphen character (-) as a separator between the numbers within a range.

•Specify the range of IP Addresses within the [ and ] characters to create a group rule.

For example, you can enter 10.10.10.[0-255] or 10.10.[0-255].[0-255] in the Value field.

You should not:

•Enter numbers lesser than 0 and greater than 255 in the IP Address range.

•Enter any characters other than the range separator (-).

•Enter the value of highest limit in the range as less than the value of smallest limit number. For example, you should not enter 10.10.10.[8-4].

Example for forming a Search Rule Using Expressions

For example, if you want to search all the devices in the network whose display name contains TestDevice or their IP Addresses within the range 10.10.210.207 to 10.10.212.247, you must perform the following:

---

Step 1 Click the Advanced Search icon in the Device Selector pane.

The Define Advanced Search Rule dialog box appears.

Step 2 Create a search rule expression. To do so:

a. Select Variable as DisplayName

b. Select Operator as equals

c. Enter the Value as TestDevice

Step 3 Click Add Rule Expression.

The rule is added into the Rule Text.

Step 4 Create another rule expression. To do this:

a. Select OR as the logical operator

b. Select Variable as ManagementIPAddress/IP.Address

c. Select Operator as range

d. Enter the Value as 10.10.[210-212].[207-247]

Step 5 Click Add Rule Expression.

The rule is appended into the Rule Text.

Step 6 Click Search to display the devices that satisfies the specified rule in the Device Selection dialog box.

---

Using Rule Text Fields

You can use Rule Text Fields to directly enter a rule without building any expressions. Ensure the rule you create follows the syntax Object type.Variable Operator Value.

You can also enter multiple rule expressions using the logical operators.

For example, if you want to search all the devices in the network whose display name contains TestDevice or their SysObjectIDs start with 1.3.12.1.4, you must construct a rule as follows:

Device.DisplayName contains "TestDevice" OR Device.SystemObjectID startswith "1.3.12.1.4"

---

Note We recommend that you use expressions to construct a complex rule instead of creating them using the Rule Text field. Use the Rule Text field to make any minor edits to the constructed rule.

---

Additional Notes

Read the following notes before you perform an advanced search:

• You cannot use wildcard characters in the Value field. Instead you can use the operator as startswith or contains.

• You can use Check Syntax button, when you add or modify a rule manually.

• You must delete the complete rule expression including the logical operator, when you delete a portion of your rule.

• The search string is case-insensitive.

Device Selector Settings

The devices are categorized under Device Type groups, User Defined groups, Subnet groups, Application specific groups or under All groups.

You can define the settings of the Device Selector pane to customize the display of devices and the order of display. These configurations are specific to each user and you can save them.

The devices are displayed in the appropriate category based on your roles and privileges. All the devices will be listed to the administrator role.

This section has the following information:

•Understanding Device Groups

•Customizing Device Grouping

•Customizing Display Order of Device Groups

Understanding Device Groups

The Device Selector pane displays the following top-level device groups:

•All Devices

•Device Type Groups

•Subnet Groups

•User Defined Groups

All Devices

The All Devices Group displays all the devices in the application in the alphabetical order of their display names. The display names are defined when you have added the devices in DCR.

Device Type Groups

The Device Type Groups displays all devices in groups and subgroups based on their Device Category, Series and Model. By default, the device grouping is based on their Device Categories such as Routers, Switches and Hubs.

The Device Category Groups folder can contain devices in subgroups based on their Device Series. For example, the Device Category Group Router can contain devices (Routers) in subgroups Cisco 7000 Router Series and Cisco 12000 Router Series.

The Device Series subgroup can contain subgroups of devices based on their Model. For example, the subgroup Cisco 12000 Router Series can contain the devices Cisco 12012 Router and Cisco 12816 Router.

See Customization of Device Type Groups for information on customizing the display of devices under Device Type Groups.

Subnet Groups

You can see Subnet Groups, only when Topology and Identity Services functionality is enabled. You can check the functionality settings at Admin > System Administration > Collection Settings > Functionality Settings.

In a Multi Server setup, when two or more servers are installed with the Topology and Identity Services, then the Subnet Groups from all the servers will be aggregated and displayed under the Subnet Groups folder in the Device Selector pane.

See Customization of Subnet Groups for information on customizing the display of devices under this group.

User Defined Groups

The User Defined Groups are created by users to administer the applications. The User Defined Groups are created in Groups Administration window based on defined group rules.

All User Defined Groups (shared groups) from all application group hierarchies are collated and shown as subgroups under this group. In a Multi Server Setup, the top level User Defined Groups will be named as User Defined Groups@Server Name.

When there two or more User Defined Groups with the same name, the Device Selector displays all of them. You have to use the Tooltip to find the source server where the User Defined Group is created.

---

Tip We recommend you to provide unique and meaningful names to User Defined Groups when you create them to avoid the display of multiple User Defined Groups with the same name.

---

See Customization of User Defined Groups for information on customizing the display of devices under this group.

Customizing Device Grouping

You can customize the device grouping and display the customized device groups in the Device Selector pane. See Understanding Device Groups for more information on Device Groups.

You can use the Group Customization option to customize the display of device groups.

This section contains:

•Customization of Device Type Groups

•Customization of Subnet Groups

•Customization of User Defined Groups

Customization of Device Type Groups

You can display or hide the Device Type Groups folder in the Device Selector pane using the Group Customization option. You can customize the Device Type Based Groups folder to display:

•All devices in groups, based on their Device Category only

•All devices in groups and subgroups, based on their Device Category and Series

•All devices in groups and subgroups, based on their Device Category, Series and Model

By default, the Device Type Group folder displays the devices in sub groups based on their category only.

To display the devices in groups based on their Device Category:

---

Step 1 Select Admin > Network > Display Settings > Group Customization.

The Group Customization page appears.

Step 2 Check the Show Category Groups check box from the Device Type Based Groups panel.

Step 3 Click Apply to save your changes or click Restore Defaults to restore the default values.

---

To display the devices in groups and subgroups based on their Device Category and Series:

---

Step 1 Select Admin > Network > Display Settings > Group Customization.

The Group Customization page appears.

Step 2 Check the Show Series Groups check box from the Device Types Based Groups panel.

When you check the Show Series Groups check box, the Show Category Groups check box will also be checked automatically and will be disabled.

Step 3 Click Apply to save your changes or click Restore Defaults to restore the default values.

---

To display the devices in groups and subgroups based on their Device Category, Series and Model:

---

Step 1 Select Admin > Network > Display Settings > Group Customization.

The Group Customization page appears.

Step 2 Check the Show Model Groups check box from the Device Type Based Groups panel.

When you check the Show Model Groups check box, the Show Category Groups and Show Series Groups check boxes will also be checked automatically and will be disabled to you.

Step 3 Click Apply to save your changes or click Restore Defaults to restore the default values.

---

To hide the display of Device Type Based Folders from the Device Selector Pane:

---

Step 1 Select Admin > Network > Display Settings > Group Customization.

The Group Customization page appears.

Step 2 Go to the Device Type Based Groups Panel and uncheck all the check boxes.

Step 3 Click Apply to save your changes.

---

Customization of Subnet Groups

The Subnet Groups contains device groups from the Topology and Identity Services. By default, the Subnet Based Groups folder is not displayed in the Device Selector pane.

You can customize the Device Selector pane to display the Subnet Based Groups folder using the Group Customization option.

To display the devices under Subnet Based groups in the Device Selector Pane:

---

Step 1 Select Admin > Network > Display Settings > Group Customization.

The Group Customization page appears.

Step 2 Check the Show Subnet Groups at the First Level check box from the Subnet Based Groups Panel.

Step 3 Click Apply to save your changes or click Restore Defaults to restore the default values.

---

Customization of User Defined Groups

You can customize the User Defined Groups folder in the Device Selector pane to contain the following:

•Only User Defined Groups created by you in the local server

•Only User Defined Groups created by you in all Peer Servers in a Multi Server setup

•All User Defined Groups created by any user in the local server

•All User Defined Groups created by any user in all Peer Servers in a Multi Server setup

By default, you can view all the User Defined Groups (irrespective of any user) created in the local server in the Device Selector pane.

To display only the User Defined Groups created by you:

---

Step 1 Select Admin > Network > Display Settings > Group Customization.

The Group Customization page appears.

Step 2 Select My User Defined Groups from the Show drop down list box in the User Defined Groups panel.

Step 3 Select either:

•Local Cisco Prime LMS Server from the From drop down list to display the User Defined Groups created by you in the local server.

Or

•All Peer Cisco Prime LMS Servers from the From drop down list box to display the User Defined Groups created by you in all the servers in a Multi-server setup.

In a Standalone Server Setup, the From drop down list box contains only Local LMS Server list item.

Step 4 Click Apply to save your preferences or click Restore Defaults to restore the default values.

---

To display all the User Defined Groups created by all users:

---

Step 1 Select Admin > Network > Display Settings > Group Customization.

The Group Customization page appears.

Step 2 Select All User Defined Groups from the Show drop down list box in the in the User Defined Groups panel.

Step 3 Select either:

•Local Cisco Prime LMS Server from the From drop down list to display the User Defined Groups in the local server.

Or

•All Peer Cisco Prime LMS Servers from the From drop down list box to display the User Defined Groups in all the servers in a Multi-server setup.

In a Standalone Server Setup, the From drop down list box contains only Local LMS Server list item.

Step 4 Click Apply to save your preferences or click Restore Defaults to restore the default values.

---

Customizing Display Order of Device Groups

You can specify the order in which device groups appear in the Tree view on the Device Selector pane using the Group Ordering option.

The Group Ordering setup is specific to each user and the changes will be reflected in the Device Selector panes of all applications.

The default order of the groups displayed in the Device Selector pane is:

1. All Devices

2. Device Type Groups

3. User Defined Groups

4. Subnet Groups

5. Application Specific Groups

You can change the order and save the configurations.

To change the order of the device groups:

---

Step 1 Select Admin > Network > Display Settings > Group Ordering.

The Group Ordering page appears.

Step 2 Select a group from the list displayed.

Step 3 Click Up to move the device group up in the displayed order or click Down to move down.

Step 4 Click Apply to save the changes to your system or click Restore Defaults to restore the default settings.

---

Administering Device and Credential Repository

The DCR Administration feature allows you to do the following tasks:

•Changing DCR Mode

•Configuring Device Polling

•Configuring User Defined Fields

•Configuring Default Credentials

To perform these tasks, select Admin > Network > Device Credential Settings. The Admin page appears with the current DCR Administration settings.

You can change the Mode Settings or modify User Defined fields. 

Changing DCR Mode

To change Mode Settings:

---

Step 1 Select Admin > Network > Device Credential Settings > Mode Settings. The Mode Settings page appears.

Step 2 Click Change Mode to change the current mode.

The DCR Mode dialog box appears. You can select the required mode from this dialog box.

---

This section contains information on:

•Master-Slave Configuration Prerequisites

•Changing the Mode to Standalone

•Changing the Mode to Master

•Changing the Mode to Slave

Master-Slave Configuration Prerequisites

Before you set up the Master and Slave, you have to perform certain tasks to ensure that secure communication takes place between the Master and Slave.

---

Tip We recommend you to configure the Master and all its Slaves in the management domain with the same version of LMS software. See Using DCR Features in a Master-Slave Setup section in the Inventory Management with Cisco Prime LAN Management Solution 4.1 .

---

If machine M is to be the Master and S is to be the Slave:

---

Step 1 Add a Peer Server User and password in M

See Setting up Peer Server Account for details.

Step 2 Add a System Identity user and password in S. This should be same as the Peer Server User set up in M.

See Setting up System Identity Account for details.

Step 3 Copy the Self-Signed Certificate of S to M. Also, copy the Self-Signed Certificate of M to S.

See Creating Self Signed Certificates for details on creating Self-Signed Certificate and Setting up Peer Server Certificate for details on copying Peer Certificate.

Step 4 Configure S as Slave and M as Master.

---

Changing the Mode to Standalone

---

Step 1 Select the Standalone radio button.

Step 2 Click Apply to change mode.

The default DCR mode is Standalone.

---

Changing the Mode to Master

Before you change the mode to Master, ensure that Master-Slave Configuration Prerequisites are in place.

---

Step 1 Select the Master radio button.

Step 2 Click Apply to change mode.

---

Changing the Mode to Slave

Before you change the mode to Slave, ensure that Master-Slave Configuration Prerequisites are in place. You need to perform the following tasks:

---

Step 1 Select the Slave radio button.

Step 2 Enter the hostname of the Master in the Master field.

This hostname should exactly match the Hostname field in the Self Signed Certificate of the Master.

Step 3 Specify the SSL port of the master. Default is 443.

Step 4 Select Inform Current slave(s) of new Master Hostname only if you want to change the mode from Master to Slave.

If you select this check box, all the slaves of the Master (whose mode you currently changed to Slave) will be informed of the new master hostname. That is, they will become the slaves of the new Master.

Step 5 Select the Add new devices to Master check box to add the devices in Slave to the new Master.

If the devices are already available in the new Master, they will be discarded.

Step 6 Click Apply.

A warning message appears when the Master server has the earlier version of LMS.

Step 7 Click OK to change the mode to Slave.

To cancel the change of mode, click Cancel.

---

Note You must restart the daemon manager after the mode change to Slave is complete.

---

---

Changing the Hostname of a Master

Changing the hostname of a Master is equivalent to pointing Slaves to a new Master.

When you point a Slave/Standalone to a new Master, DCR checks whether the new Master has the same Domain ID as the current machine.

If Domain ID is the same, DCR displays an error message that Master cannot be configured since the new Master has the same Domain ID.

In this case, you need to convert the Slave to Standalone, and then register the machine with the new Master. When you re-register, the applications on Slave will clean up the device list.

When you change the host name of the current Master, you must change the Slave mode to Standalone, and then re-register the machine as a Slave by providing the new Master hostname. However, when the machine is re-configured as Slave, the applications will clean up the device list.

For example, if you have a Master M and Slave S, and if you change the hostname of M, you should change the mode of S to standalone. Then, you have to configure S as the Slave of M. But when you re-configure S as Slave, the applications on S will clean up their device lists.

Therefore, you have to be aware that while changing the hostname of a Master, application data is cleaned up on all Slaves.

Configuring Device Polling

In the earlier releases, there was no mechanism to detect the devices that were not reachable for a certain time period and easily identify the devices to be deleted.

The Device Polling configuration feature overcomes this and helps you to:

•Activate Device Polling to check whether the devices can be reached

•Configure Device Polling policy

•Schedule Device Polling

•Display a list of devices that are not reachable for a certain period of time

•Delete the selected unreachable devices from DCR

You should have the required privileges to configure Device Polling policy.

You should be a Network Administrator, or a System Administrator to perform this task in Cisco Prime local mode.

You should have the following privileges to delete the devices:

•Privileges to perform the Delete Devices task

•Device level authorization

This section explains:

•Configuring Device Polling Settings

•Deleting Unreachable Devices from DCR

Configuring Device Polling Settings

You can configure a Device Polling policy and schedule a Device Polling job to check whether the devices can be reached.

Read the following notes before you configure Device Polling settings:

•You can use any one or more of the following protocols to poll devices:

–ICMP (Ping)

–SNMPv3

–SNMPv2c/SNMPv1

•When you select all protocols, the devices in the network are polled using ICMP (Ping) first followed by SNMPv3, and later by SNMPv2c/SNMPv1.

•When you select SNMPv2c/SNMPv1 protocol, SNMPv2c is used first to poll the devices. SNMPv1 is used to poll the devices only if the SNMPv2c protocol has failed to query the device.

•If you use more than one protocol for polling and if a device is reachable using the first protocol, the other protocols will not be used.

•You can configure only one job at a time to detect unreachable devices. You can modify the schedule later at any point of time.

•You cannot schedule an immediate Device Polling job.

•In a Master-Slave setup, you can configure Device Polling settings and run the Device Polling job only from Master server.

To configure a Device Polling policy:

---

Step 1 Select Admin > Network > Device Credential Settings > Device Poll Settings.

The Device Poll Settings page appears.

Step 2 Select the Activate Device Polling to Check Reachability check box to enable Device Polling.

Device Polling is not enabled by default. You must select this check box to activate Device Polling.

Step 3 Configure a Polling Policy. To do so:

a. Enable one or all of the check boxes in the Poll Policy panel to select the protocols to be used for polling:

–ICMP (Ping)

–SNMPv3

–SNMPv2c/SNMPv1

You must select at least one protocol to activate Device Polling.

b. Enter the timeout value for the selected protocols in the appropriate Timeout fields.

The timeout denotes the time period after which the ICMP or SNMP query of devices times out.

You must enter the timeout value in milliseconds. The minimum timeout value is 1000 milliseconds and the maximum value is 20000 milliseconds.

Default value is 1000 milliseconds.

You cannot leave this field blank.

c. Enter the value of retries for the selected protocols in the appropriate Retries fields.

The retry denotes the number of attempts made to query the device.

You can specify any value between 0 to 8 as number of retries. The default number of retry is 1 for both ICMP and SNMP protocols.

You cannot leave this field blank.

d. Enter the number of instances in Notify when devices not reachable for, to receive notifications when the devices are not reachable for a specific time period.

This is mandatory.

For example, if you enter the number of instances as 2 and the Device Polling job frequency as Daily, you will receive notifications of devices that are not reachable for two days or more than 2 days.

If you enter the number of instances as 3 and the Device Polling job frequency as 6 hours, you will receive notifications of devices not reachable for last 18 hours or more than 18 hours.

See Step 4 for details on the job frequencies available.

Step 4 Schedule the Device Polling task. To do this:

a. Select a job frequency from the Run Type drop-down list.

You can schedule only periodic Device Polling. The scheduling can be 6 -Hourly, 12 -Hourly, Daily, Weekly, or Monthly.

b. Enter a date in the Date field or select a date from the date picker to start the scheduled job.

The current date on the client system is displayed in the Date field by default.

You can edit the schedule at a later point of time. See Step 5 for details.

If you do not want to edit the schedule, go to Step 7.

Step 5 Select the Change Schedule check box if you want to edit the schedule information (Run Type and Starting Date).

This field does not appear after a fresh or upgrade installation of LMS or if a Device Polling job has not been scheduled earlier.

If you opt to change the schedule, the existing job schedule is deleted from Job and Resource Manager (JRM) and a job is scheduled. The device reachability status is also reset.

A warning message appears if you select this check box.

Step 6 Click OK.

Step 7 Enter the Job information. To do this:

a. Select the Report Attachment field if you want to receive the report through e-mail.

b. Select the Attachment Option as either PDF or CSV.

c. Enter a brief description about the Device Polling job in the Job Description field.

d. Enter your e-mail ID in the E-mail field to receive notifications about the status of the Device Polling job.

You can enter multiple e-mail addresses separated by commas.

Entering an e-mail ID is mandatory when you have selected the Report Attachment field.

Step 8 Click Apply for the Device Polling settings to take effect.

The Device Polling schedule is created and assigned with a job ID.

Notification is sent to the e-mail address you have configured in the Device Polling Settings page.

---

Deleting Unreachable Devices from DCR

The possible reasons for device unreachability are:

•Connectivity protocols such as SNMP or ICMP may be disabled on the device.

•Incorrect credentials may be configured for the device.

•Invalid timeout and retries may have been configured on the device.

To delete unreachable devices from DCR, select Reports > Inventory > Management Status > Unreachable Devices.

Configuring User Defined Fields

The User Defined Fields (UDFs) are used to store the additional information about a device. DCR supports a maximum of ten UDFs.

By default, the user interface provides four UDFs:

•user_defined_field_0

•user_defined_field_1

•user_defined_field_2

•user_defined_field_3

You can add six more UDFs through the user interface. You can rename or delete all the UDFs including the four default UDFs provided by the user interface.

This section explains the following:

•Adding User Defined Fields

•Renaming User Defined Fields

•Deleting User Defined Fields

Adding User Defined Fields

To add a User Defined Field (UDF):

---

Step 1 Select Admin > Network Administration > Device Credential Repository Settings > User Defined Fields.

The User Defined Fields page appears with the current settings.

Step 2 Click Add to add a UDF.

Step 3 Enter the field label and description in the corresponding fields.

Step 4 Click Apply to apply the changes. To return to the User Defined Fields page, click Cancel.

---

Renaming User Defined Fields

To rename a UDF:

---

Step 1 Select Admin > Network > Device Credential Settings > User Defined Fields.

The User Defined Fields dialog box appears.

Step 2 Select the radio button corresponding to the UDF you want to rename.

Step 3 Click Rename.

The User Defined Field dialog box opens in a new window.

Step 4 Enter the UDF label and description in the corresponding fields.

Step 5 Click Apply. To return to the User Defined Fields page, click Cancel.

---

Deleting User Defined Fields

By default, you can define four attribute fields for a device. These fields are used to store additional user-defined data for the device. You can add up to ten UDFs.

To delete a UDF:

---

Step 1 Select Admin > Network > Device Credential Settings > User Defined Fields.

The User Defined Fields dialog box appears.

Step 2 Select a UDF and click Delete.

A confirmation message window appears.

Step 3 Click OK. To return to the User Defined Fields page, click Cancel.

---

Configuring Default Credentials

Devices added or imported into DCR do not contain all credentials required by the network management applications to manage them. Sometimes this could lead to failure of application jobs.

The default credentials feature helps you to add or import devices into DCR with the default credentials and prevents the management applications from failing when the network management applications manage the devices added or imported in DCR.

Default credentials are stored in DCR and are not associated with any device.

You can configure multiple default credential sets. You can set these default credential sets for a range of devices to be added or imported to DCR based on certain policies.

You should be a Network Administrator, a System Administrator, or a Super Admin to configure default credential sets and default credential set policies.

This section explains:

•Using Default Credentials

•Important Notes on Default Credentials

•Default Credentials Behavior in Multi-Server Setup

•Configuring Default Credential Sets

•Configuring Default Credential Set Policy

Using Default Credentials

You can choose to use the default credentials when you:

•Manually add devices in DCR

When you manually add devices with a similar credential set in DCR, you have to enter the credentials repetitively for every device addition. Instead, you use the default credentials defined in default credential sets or default credential set policies to populate DCR.

•Add devices into DCR through Discovery

Discovery populates only the SNMP read community string in DCR during device addition and leaves the other credentials as blank.

When other applications manage the newly added device, the management operations fail if they cannot retrieve the required credentials from DCR. To prevent the management operations failing, you can use the default credentials while adding devices through Discovery.

•Import devices into DCR

Importing devices from a file, NMS or any other third party applications into DCR populates the SNMP read-only community string and the SNMP read/write community string.

When other applications manage the newly imported devices, the management operations fail if they could not retrieve the required credentials from DCR. To prevent the management operations from failing, you can use the default credentials while importing devices from NMS or any other third party application.

Important Notes on Default Credentials

You should read the following notes about the default credentials before you configure them and choose to use them in various flows:

•The default credentials you use while adding or importing devices into DCR will not be verified.

•You can configure multiple default credential sets and add or import a set of devices in DCR with default credentials from a default credential set. Later, you can edit the value of the credentials in a default credential set and add another set of values with the edited default credentials.

•The devices that are already added or imported into DCR will not be affected if you edit the values of the default credentials or remove the default credentials from DCR.

•Devices added with default credentials in DCR populates all the credentials you have configured for the default credential set irrespective of the device management type.

For example, if you have configured the default credential set with Standard credentials, SNMP credentials, and Auto Update Server Managed Device credentials and if you add a device of Standard management type in DCR, the Auto Update Server Managed Device credentials are also populated for that device.

•We recommend you to configure a default credential set with the values common for most of the devices that are to be added or imported into DCR.

Default Credentials Behavior in Multi-Server Setup

You can configure the default credential sets and policies only in the DCR Master and Standalone modes. This option is not available in the DCR Slave Server.

However, you can use the default credentials in the Cisco Prime applications in DCR Slave Server while adding the devices to DCR. If you opt to use the default credentials, the DCR Slave Server uses the credentials stored at the DCR Master Server.

If you configure a LMS Server from DCR Standalone to DCR Slave mode, the default credentials entered in the server will not be used after the mode is changed to Slave. However, when you change the DCR mode back to the Standalone mode from the Slave mode, the default credential sets and policies are restored as configured earlier.

Configuring Default Credential Sets

You can configure a maximum of 50 default credential sets.

Each default credential set comprises the following credentials:

•Primary Credentials (Username, Password, Enable Password)

•Secondary Credentials (Username, Password, Enable Password)

•SNMPv2c/SNMPv1Credentials (Read-Only Community String, Read-Write Community String)

•SNMPv3 Credentials (Mode, Username, Authentication Password, Authentication Algorithm, Privacy Password, Privacy Algorithm)

• HTTP credentials (Primary HTTP Username and Password, Secondary HTTP Username and Password, HTTP port, HTTPS port, Current Mode)

•Auto Update Server Managed Device Credentials (Username and Password)

•Rx Boot Mode Credentials (Username, Password)

This section explains:

•Configuring a Default Credential Set

•Editing a Default Credential Set

•Deleting a Default Credential Set

Configuring a Default Credential Set

To configure a default credential set:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets.

The Default Credentials Sets page appears.

The Default Credentials Sets list item is visible in the TOC only in DCR Master and DCR Standalone LMS Servers. You cannot see this list item in DCR Slave Server.

Step 2 Click Next or select Credential Sets name from the Default Credentials list panel and enter the respective credential information.

Step 3 Enter a name of the credential set in the Credential Set Name field. This is mandatory.

The Credential Set Name can contain lower case alphabets, upper case alphabets, and numerals (0 to 9).

You can include the following special characters in the Credential Set Name:

Special Character	Description
_	Underscore
-	Hyphen
.	Period

Step 4 Enter a description of the credential set in the Set Description field.

Step 5 Click Next or select a credential type from the Default Credentials list panel and enter the respective credential information. You can select any of the credential types from the panel.

•Standard Credentials

•SNMP Credentials

• HTTP Credentials

•Auto Update Server Managed Device Credentials

•Rx-Boot Mode Credential

Step 6 Enter the following credentials as required:

•Standard Credentials

–Primary Credentials (Username, Password, Enable Password)

–Secondary Credentials (Username, Password, Enable Password)

•SNMP Credentials

–SNMPv2c/SNMPv1 Credentials (Read-Only Community String, Read-Write Community String)

–SNMPv3 Credentials (Mode, Username, Password, Authentication Algorithm, Privacy Password, Privacy Algorithm)

You must select the SNMPv3 check box to add SNMPv3 default credentials. By default, these fields are disabled. When the SNMPv3 check box is selected, the default SNMPv3 mode is AuthPriv.

• HTTP Credentials

–Primary Credentials (Username, Password)

–Secondary Credentials (Username, Password)

–Other Information (HTTP Port, HTTPS Port, Current Mode)

•Auto Update Server Managed Device Credentials (Username, Password)

•Rx-Boot Mode Credentials (Username, Password)

---

Note Re-enter the value of passwords in the respective Verify fields.

---

You must enter a value for at least one credential before applying the default credentials.

Step 7 Click Finish after you have entered all the values or click Cancel to cancel the changes. You can also click Back to navigate to the previous page and click Remove to delete the Default Credential Set and the credentials configured in this Credential Set, but it will not affect the devices that are already added or imported with default credentials.

---

Editing a Default Credential Set

To edit a default credential set:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets.

The Default Credentials Sets page appears.

The Default Credentials Sets list item is visible in the TOC only in DCR Master and DCR Standalone LMS Servers. You cannot see this list item in DCR Slave Server.

Step 2 Click Next or select Credential Set Name from the Default Credentials list panel.

Step 3 Select a default credential set name from the Credential Set drop-down list box.

Step 4 Edit the description of the credential set in the Set Description field.

You cannot edit the name of the credential set.

Step 5 Click Next or select a credential type from the Default Credentials list panel.

Step 6 Edit the following credentials as required:

•Standard Credentials

–Primary Credentials (Username, Password, Enable Password)

–Secondary Credentials (Username, Password, Enable Password)

•SNMP Credentials

–SNMPv2c/SNMPv1 Credentials (Read-Only Community String, Read-Write Community String)

–SNMPv3 Credentials (Mode, Username, Password, Authentication Algorithm, Privacy Password, Privacy Algorithm)

You must select the SNMPv3 check box to add or edit SNMPv3 default credentials. By default, these fields are disabled. When the SNMPv3 check box is selected, the default SNMPv3 mode is AuthPriv.

• HTTP Credentials

–Primary Credentials (Username, Password)

–Secondary Credentials (Username, Password)

–Other Information (HTTP Port, HTTPS Port, Current Mode)

•Auto Update Server Managed Device Credentials (Username, Password)

•Rx-Boot Mode Credentials (Username, Password)

---

Note Re-enter the value of passwords in the respective Verify fields.

---

Step 7 Click Finish after you have entered all the values or click Cancel to cancel the changes. You can also click Back to navigate to the previous page and click Remove to delete the Default Credential Set and the credentials configured in this Credential Set, but it will not affect the devices that are already added or imported with default credentials.

---

Deleting a Default Credential Set

To delete a default credential set:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets.

The Default Credentials Sets page appears.

The Credentials Sets list item is visible in the TOC only in DCR Master and DCR Standalone LMS Servers. You cannot see this list item in DCR Slave Server.

Step 2 Select a credential set from Credential Set drop-down list box.

Step 3 Click Remove to delete a default credential set.

The selected default credential set is deleted from the LMS Server.

The default credential set policies that you have configured with this default credential set will also be deleted.

---

Configuring Default Credential Set Policy

You can configure default credential set policies and apply the default credentials for a range of devices to be added or imported to DCR.

We recommend that you create up to 50 default credential set policies.

You can create default credential set policies based on following policy types:

•IP Address

•Hostname

•Display Name

This section explains:

•Before Configuring a Credential Set Policy

•Creating a Default Credential Set Policy

•Patterns in IP Address Default Credential Set Policy Rules

•Regular Expressions in Default Credential Set Policy Rules

•Examples For Default Credential Set Policies

•Deleting Default Credential Set Policies

•Defining the Order of Default Credential Set Policies

Before Configuring a Credential Set Policy

Read the following notes before configuring a default credential set policy:

•You can include patterns when creating rules for IP Address based default credential set policies.

See Patterns in IP Address Default Credential Set Policy Rules for more information.

•Regular expressions are supported for policies based on Hostname and Display Names. IP Address based policy types do not support regular expressions.

See Regular Expressions in Default Credential Set Policy Rules for more information.

•The expressions in default credential set policy rules are case insensitive.

•You can include the following characters in Display Name and Hostname:

–Lower case alphabets

–Upper case alphabets

–Numerals ( 0 to 9)

–Special characters such as hyphen (-), underscore (_), period (.) and colon (:)

•When you define more than one policy for a default credential set, all these policy rules work together. The policies will be applied in the same order in which they appear on the Credentials Sets Policy Configuration page.

See Defining the Order of Default Credential Set Policies for more information.

Creating a Default Credential Set Policy

To create a default credential set policy:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Default Credentials Sets Policy Configuration page appears.

The Default Credentials Sets Policy Configuration list item is visible in the TOC only in DCR Master and DCR Standalone LMS Servers. You cannot see this list item in DCR Slave Servers.

Step 2 Click Add to add a default credential set policy.

The Add Credentials Policy Configuration dialog box appears.

Step 3 Construct a policy rule. To do so:

a. Select a parameter from the Select a Policy Type drop-down dialog box.

The listed parameters are IP Range, Hostname and Display Name.

Based on the parameter that you have selected, the value field name changes dynamically.

b. Enter a value for the rule parameter.

If you have selected IP Range as the rule parameter, enter a value in the IP Range field.

If you have selected Hostname as the rule parameter, enter a value in the Hostname field.

If you have selected Display Name as the rule parameter, enter a value in the Display Name field.

See Patterns in IP Address Default Credential Set Policy Rules and Regular Expressions in Default Credential Set Policy Rules for more information.

The expressions in credential set policy rules are case insensitive.

c. Select a credential set name from the Credentials Set drop-down list box to associate the rule expression with the default credential set.

Select No Default if you do not want to enter a credential set name.

Step 4 Click OK to go back to Credentials Sets Policy Configuration page.

The policy that you have configured is listed in the Credentials Sets Policy Configuration page.

---

You can edit a default credential set policy later. To do so, you must select a default credential set policy in the Credentials Sets Policy Configuration page and click Edit.

Patterns in IP Address Default Credential Set Policy Rules

When you define a default credential policy type based on IP Address, you should follow these guidelines:

•Use the standard IPv4 Address format (4 octets separated by periods) or the IPV6 Address format.

•Any octet can have one of the following:

Any Octet can have..	Example
Numbers between: •0 to 255 for an IPv4 Address •0 to FFFF for an IPv6 Address	•10.77.240.225 (IPv4 Address) •001:DB8:0:2AA:FF:C0A8:0:640A (IPv6 Address)
Asterisk (*) as wildcard denoting all numbers from 0 to 255 in an IPv4 Address and 0 to FFFF in an IPv6 Address.	•10.*.*.240 (IPv4 Address) •001:*:0:2AA:FF:*:*:* (IPv6 Address)
Range of numbers in the [StartingNumber-EndingNumber] format, where: –StartingNumber and EndingNumber should be numbers between 0 to 255 in an IPv4 Address and 0 to FFFF in an IPv6 Address –StartingNumber should not be greater than or equal to EndingNumber	•10.77.[220-240].[210-220] (IPv4 Address) •001:DB8:0:[EE-FF]:FF:C0A8:0:[100-AAF] (IPv6 Address) The following are examples of invalid IP Address ranges: •10.77.[250-200].221 •10.77.200-250.221 •001:DB8:0:[EEEE-FF]:FF:C0A8:0:[D-5] •001:DB8:0:AA-BB:FF:C0A8:0:[D-5]

•The octets in an IP Address policy type can also contain the combination of wildcard characters and range of numbers. Some examples of IP Address filter combinations include:

–10.77.[210-230].*

–10.77.*.[110-210]

–001:DB8:*:*:FF:[C0A-DD8]:0:[5-D]

–[10-20]:[10-20]:[A-F]:2:4:*:*:*

Regular Expressions in Default Credential Set Policy Rules

Hostname and Display Name policy types supports regular expressions.

You can use the following characters in regular expressions:

Character	Description	Purpose
.	Period	Matches any character
(	Opening parenthesis	Marks the beginning of a group of matched characters
)	Closing parenthesis	Marks the end of a group of matched characters
*	Asterisk	Matches zero or more occurrences of regular expression specified earlier
+	Plus character	Matches zero or more occurrences of regular expression specified earlier
\	Trailing slash	Identifies a special character within a regular expression

Examples For Default Credential Set Policies

Example 1 - IP Range Policy Type

Consider that all devices whose IP Addresses are within the range 10.77.[210-230].*, should be added or imported to DCR with the default credentials defined in a default credential set IPSet.

You should create a default credential set policy based on the IP Range policy type. To do so:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Credentials Sets Policy Configuration page appears.

Step 2 Click Add to add a default credential set policy.

The Add Credentials Policy Configuration dialog box appears.

Step 3 Construct the policy:

a. Select the policy type as IP Range from the Select a Policy Type drop-down list box.

b. Enter the IP Range value as 10.77.[210-230].*

c. Select the Default Credential Name as IPSet

Step 4 Click OK to go back to Default Credential Sets Policy Configuration page.

The policy that you have configured will be listed in a table format.

---

Example 2 - IP Range Policy Type

Consider that all devices whose IP Addresses are within the range 100:DB8:*:*:FF:[C0A8-DD88]:0:[10-15], should be added or imported to DCR with the default credentials defined in a default credential set IPv6Set.

You should create a default credential set policy based on the IP Range policy type. To do so:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Credentials Sets Policy Configuration page appears.

Step 2 Click Add to add a default credential set policy.

The Add Credentials Policy Configuration dialog box appears.

Step 3 Construct the policy:

a. Select the policy type as IP Range from the Select a Policy Type drop-down list box.

b. Enter the IP Range value as 100:DB8:*:*:FF:[C0A8-DD88]:0:[10-15]

c. Select the Default Credential Name as IPv6Set

Step 4 Click OK to go back to Default Credential Sets Policy Configuration page.

The policy that you have configured will be listed in a table format.

---

Example 3 - Display Name Policy Type

Consider that all devices whose Display Names end with or contain device, should be added or imported to DCR with the default credentials defined in a default credential set SetName2.

You should create a default credential set policy based on the Display Name policy type. To do so:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Credentials Sets Policy Configuration page appears.

Step 2 Click Add to add a default credential set policy.

The Add Credentials Policy Configuration dialog box appears.

Step 3 Construct the policy:

a. Select the policy type as Display Name from the Select a Policy Type drop-down list box.

b. Enter the value as (.)*device

c. Select the Default Credential Name as SetName2

Step 4 Click OK to go back to Default Credential Sets Policy Configuration page.

The policy that you have configured will be listed in a table format.

---

Example 4 - Display Name Policy Type

Consider that all devices whose Display Names contain 1.3.6.1.4.1.9.1.n, should be added or imported to DCR with the default credentials defined in a default credential set SOIDset.

You should create a default credential set policy based on the Display Name policy type. To do so:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Credentials Sets Policy Configuration page appears.

Step 2 Click Add to add a default credential set policy.

The Add Credentials Policy Configuration dialog box appears.

Step 3 Construct the policy:

a. Select the policy type as Display Name from the Select a Policy Type drop-down list box.

b. Enter the value as (.)*\.1\.3\.6\.1\.4\.1\.9\.1\.(.)

c. Select the Default Credential Name as SOIDset

Step 4 Click OK to go back to Default Credential Sets Policy Configuration page.

The policy that you have configured will be listed in a table format.

---

Example 5- Host Name Policy Type

Consider that all devices whose Hostnames start with Che, should be added or imported to DCR with the default credentials defined in a default credential set SetName1.

You should create a default credential set policy based on the Hostname policy type. To do so:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Credentials Sets Policy Configuration page appears.

Step 2 Click Add to add a default credential set policy.

The Add Credentials Policy Configuration dialog box appears.

Step 3 Construct the policy:

a. Select the policy type as Host Name from the Select a Policy Type drop-down list box.

b. Enter the value as Che(.)*

c. Select the Default Credential Name as SetName1

Step 4 Click OK to go back to Default Credential Sets Policy Configuration page.

The policy that you have configured will be listed in a table format.

---

Example 6- Host Name Policy Type

Consider that all devices whose Hostnames contain lab2, should be added or imported to DCR with the default credentials defined in a default credential set SetName3.

You should create a default credential set policy based on the Hostname policy type. To do so:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Credentials Sets Policy Configuration page appears.

Step 2 Click Add to add a default credential set policy.

The Add Credentials Policy Configuration dialog box appears.

Step 3 Construct the policy:

a. Select the policy type as Host Name from the Select a Policy Type drop-down list box.

b. Enter the value as (.)*lab2(.)*.

c. Select the Default Credential Name as SetName3

Step 4 Click OK to go back to Default Credential Sets Policy Configuration page.

The policy that you have configured will be listed in a table format.

---

Deleting Default Credential Set Policies

To delete default credential set policies:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Credentials Sets Policy Configuration page appears.

The Credentials Sets Policy Configuration list item is visible in the TOC only in DCR Master and DCR Standalone LMS Servers. You cannot see this list item in DCR Slave Servers.

Step 2 Select a default credential set policy to delete.

You can also select multiple default credential set policies to delete.

Step 3 Click Delete to remove the default credential set policies.

---

Defining the Order of Default Credential Set Policies

You can specify the order in which the default credential set policies should be applied for devices that are added or imported into DCR.

The default credential set policies are applied in the order they appear on the Credentials Sets Policy Configuration page. The default credential set policies appearing at the top of the list are applied first.

You can create more than one default credential set policy for a default credential set.

When you define more than one policy for a default credential set, all these policy rules work together.

For example, consider 10.77.240.[50-52] as a first IP Address policy associated with a default credential set name Test1 and 10.77.240.* as the second IP Address policy associated with a default credential set name Test2.

The default credentials defined in Test1 will be applied for all devices in the IP range 10.77.240.[50-52] added or imported into DCR. The default credentials defined in Test2 will be applied for all devices in the IP range 10.77.240.* except the devices with IP Addresses 10.77.240.50, 10.77.240.51 and 10.77.240.52.

For example, consider 10.77.*.* as a first IP Address policy for a default credential set name Test1 and 10.77.210.* as the second IP Address policy for a default credential set name Test2.

The default credentials defined in Test1 will be applied for all devices in the IP range 10.77.*.* added or imported into DCR. The policy rule 10.77.210.* will never be applied as 10.77.210.* is a subset of 10.77.*.*.

To specify the order of default device credentials policies:

---

Step 1 Select Admin > Network > Device Credential Settings > Default Credential Sets Policy Configuration.

The Credentials Sets Policy Configuration page appears with a list of default credential set policies.

Step 2 Select a default credential set policy.

Step 3 Either:

• Click the Up Arrow icon to move the selected default credential set policy up in the displayed order.

Or

•Click the Down Arrow icon to move the selected default credential set policy down in the displayed order.

Step 4 Click Apply Settings to save the changes.

---