User Guide for CiscoWorks QoS Policy Manager 4.0.3 - Chapter 4 Managing Devices [CiscoWorks QoS Policy Manager]

Table Of Contents

Managing Devices

Understanding the Device Inventory

Adding Devices to the Device Inventory

Adding a Single Device

Importing Devices from Device Credentials Repository

Importing Virtual Devices

Configuring Default Device Access Parameters

Viewing Device Discovery Status

Working with Devices

Viewing and Editing Device Properties

Exporting Device Information

Connecting to a Device Using Telnet

Viewing Device Configuration

Setting a Device's Policy Assignment

Rediscovering Device Information

Working with Device Folders

Creating Device Folders

Organizing Devices with Device Folders

Editing Device Folders

Deleting Device Folders

Using Additional Device Functions

Removing Devices

Working with Network Elements

Overview of Network Elements

Viewing and Editing Network Element Properties

Setting Network Element Policy Assignments

Working with Source-Destination Pairs

Creating Source-Destination Pairs

Editing Source-Destination Pairs

Deleting Source-Destination Pairs

Hiding and Displaying Interfaces

Hiding Interfaces

Displaying Interfaces

Working with Device Groups

Understanding Device Groups

Setting the Active Device Group

Synchronizing Permissions and Device Group Information

Editing Device Group Properties

Deleting Device Groups from QPM

Integrating QPM with Access Control Server (ACS)

Resetting the Login Module

Managing Devices

The device inventory is a collection of information about the network elements that QPM can manage.

The following topics describe how to manage devices in QPM:

•Understanding the Device Inventory

•Adding Devices to the Device Inventory

•Working with Devices

•Working with Network Elements

•Working with Device Groups

•Integrating QPM with Access Control Server (ACS)

Understanding the Device Inventory

The device inventory is a collection of information about the network elements that QPM can manage. Network elements are devices and components of devices on which QoS can be configured. Examples of network elements include devices (routers, switches, and layer 3 switches), cards, interfaces, subinterfaces, and VLANs. For more information about network elements, see Working with Network Elements.

Using Device Folders To Organize Your Inventory

Device folders are groups of devices that you can create for organizational purposes, for example, to distinguish edge routers from core routers. For more information, see Working with Device Folders.

Using Device Groups

Device groups are groups of devices that are created and administered using ACS. You can use multiple device groups only if you use ACS to manage device access. For more information, see Working with Device Groups.

Default Device Group

The inventory always contains one device group named the default device group. If you are not using ACS device groups to group devices, your inventory will contain only the default device group.

The default device group (like all QPM device groups) has properties that are unique to QPM. You can edit some of these properties. For more information, see Editing Device Group Properties.

Communicating With Devices Using SSH

QPM can communicate with devices in the inventory using either Telnet or secure shell (SSH). SSH provides more security than Telnet because communication with SSH is encrypted and authenticated.

QPM 4.0 supports SSH Version 1 only.

You must configure SSH on the device before QPM can communicate with it using SSH. When you configure SSH on devices, follow these guidelines:

•Configure a device public key size of 1024 bits or more.

•Define a user name on the device.

Use one of the following methods to configure QPM to use SSH Version 1 to communicate with a device:

•Select the Enable SSH check box in the Device Properties page to enable SSH communication with that device. For more information, see Viewing and Editing Device Properties.

•Select the Enable SSH check box in the Device Group Properties page to enable SSH communication as the default for a device group. For more information, see Editing Device Group Properties.

Adding Devices to the Device Inventory

To manage the QoS configuration on a device or any of its elements with QPM, you must first add it to the inventory. When you add a device to the inventory, QPM discovers the device on the network to obtain the properties that it stores about the device. Therefore, devices must be running and accessible on the network before you can add them to the inventory.

You can only add a device to the inventory if you have sufficient access permissions to it. The Import Devices Wizard shows you which devices you cannot import because of insufficient permissions.

When you add a device to the inventory, all of its network elements that QPM supports are automatically added. For more information about network elements, see Working with Network Elements.

Device Group Assignment

If you use ACS for user authentication, QPM assigns each imported device to the same QPM device group to which it is assigned in ACS. If a device is not assigned to an ACS device group, it is assigned to the QPM default device group.

If you use DCR for device import, QPM assigns each imported device to the same device group as in DCR. If a device is not assigned to a DCR device group, it is assigned to the QPM default device group.

If you are using CiscoWorks Common Services for user authentication, all devices you import are added to the QPM default device group.

OS Detection and IOS Mapping

QPM uses the device model type and operating system (OS) version number to load device capabilities to the inventory. All subversions of a certain version are translated to the major version, unless QPM explicitly supports the minor version. In QPM, new minor versions are mapped to the last supported minor version and not to the major version.

Both the device software version and the mapped software version are displayed in the Device Table page:

•OS Version—OS version that QPM detected.

•Mapped OS Version—OS version to which the detected OS version is mapped.

If QPM does not support an imported device's Cisco IOS version, the device model is displayed correctly but the device is assigned the status "Unsupported," and no Mapped OS version is assigned to it.

You cannot perform any tasks on devices that have the status Unsupported.

If the device model is supported by QPM but the Cisco IOS version is not, you can upgrade the device to a supported Cisco IOS version and then rediscover the device to make it available in QPM.

Device Model Discovery

If QPM does not support an imported device model, then the device is assigned the status "Unsupported" and the model appears as "Unknown" in the Device Table. You cannot perform any tasks on devices that have the status Unsupported. The device's interfaces are not discovered or imported.

Device System Name

You can add a device to the inventory by providing either its IP address or its DNS name (if it is registered in DNS). Whichever of these values you provide becomes the device's primary name in QPM.

If the device has a system name configured, it is detected when QPM discovers the device. The device system name is added to the Device Table, as another method for you to identify the device.

You cannot use device DNS names that contain the backslash (\) character.

Device Access Parameters

Device access parameters are the passwords and community strings that QPM needs to log into and configure devices. QPM obtains device access parameters for devices you add to the inventory in the following ways:

•When adding a device manually, you can either enter the device access parameters, or you can use the destination device group's default access parameters. To use default access parameters, leave the access parameters fields blank.

•When importing from DCR and virtual device file, QPM uses the device access parameters as obtained from the import.

For more information about default device access parameters, see Configuring Default Device Access Parameters.

The following topics describe how to add devices to the inventory:

•Adding a Single Device

•Importing Virtual Devices

•Configuring Default Device Access Parameters

•Viewing Device Discovery Status

Adding a Single Device

To add a single device, enter the required device information; QPM then discovers the device on the network to obtain the rest of the device information.

Before You Begin

Obtain the following information for each device you are adding:

•DNS name of the device or IP address of the device or one of its interfaces.

•If you are not using the device group default access parameters to connect to the device, you must obtain the device access parameters necessary to connect to it.

For more information about default device access parameters, see Configuring Default Device Access Parameters.

To add a single device:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Click Add/Import in the Device Table page.

The Import Devices Wizard - General page appears.

Step 3 Do the following in the Import Devices Wizard - General page:

a. Select the Manual radio button.

b. Enter the device IP address in the Device IP field.

c. If you are not using the default device access parameters, enter the necessary device access parameters in the corresponding fields.

d. Click Next.

The Import Devices Wizard - Select Devices page appears.

For more information about the Import Devices Wizard - General page, see Import Devices Wizard - General Page, page A-17.

Step 4 In the Import Devices Wizard - Select Devices page, select the check box next to the device you are adding and click Finish.

The Discovery Status page appears, where you can monitor the progress of the add operation. For more information, see Viewing Device Discovery Status.

Related Topics

•Adding Devices to the Device Inventory

•Using QPM Tables, page 3-8

•Using QPM Wizards, page 3-8

•Troubleshooting Device Management Problems, page 12-5

Importing Devices from Device Credentials Repository

The Device Credentials Repository (DCR) in CiscoWorks Common Services is the central credentials repository for QPM and you can import device inventories from DCR. This simplifies the task of adding devices to QPM.

To import devices from DCR:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Click Add/Import in the Device Table page.

The Import Devices Wizard - General page appears.

For more information about the Import Devices Wizard - General page, see Import Devices Wizard - General Page, page A-17.

Step 3 Do the following in the Import Devices Wizard - General page:

a. Select the Import from DCR radio button.

b. Click Next.

The Import Devices Wizard - Select Devices page appears.

Step 4 In the Import Devices Wizard - Select Devices page, select the check boxes next to the devices you are adding and click Finish.

The Discovery Status page appears, where you can monitor the progress of the add operation. For more information, see Viewing Device Discovery Status.

Importing Virtual Devices

You can import virtual devices from a file for testing and demonstration purposes. Virtual devices are not physical devices, but rather are defined in a file that contains the same device information required to import a physical device.

You create a file containing a virtual device by exporting device inventory information. For more information, see Exporting Device Information.

Each device in the inventory must have a unique IP address. If the virtual device file you want to import contains a virtual device with an IP address that is already in the inventory, you must edit the IP address in the file (which is in XML format) before you can import the virtual device.

To import virtual devices from a file:

Step 1 Select Devices > Device Summary. The Device Table page appears.

Step 2 Click Add/Import in the Device Table page.

The Import Devices Wizard - General page appears.

Step 3 Do the following in the Import Devices Wizard - General page:

a. Select the Import Virtual Devices from File radio button.

b. Enter the path to the virtual devices file in the File field, or click Browse to navigate to the file.

c. Click Next.

The Import Devices Wizard - Select Devices page appears.

Step 4 In the Import Devices Wizard - Select Devices page, select the check boxes next to the devices you want to add, then click Finish.

The Discovery Status page appears, where you can monitor the progress of the add operation. For more information, see Viewing Device Discovery Status.

Related Topics

•Adding Devices to the Device Inventory

•Using QPM Tables, page 3-8

•Using QPM Wizards, page 3-8

Configuring Default Device Access Parameters

Device access parameters are the passwords and community strings that QPM needs to log into, import, and configure devices.

You can configure default device access parameters that are assigned to devices when you import them into the inventory.

Note If you are using ACS and multiple device groups, each device group has its own set of default device access parameters.

When you add devices to the inventory, the default device access parameters are used to import the devices unless you override them. Each method of importing devices has its own method of overriding the defaults; see the related topics for more information.

You can configure device access parameters for an individual device in DCR, or for all devices in a device group.

Before You Begin

QPM assumes you are using standard user name and password prompts. If you have defined non-standard prompts on the devices, you must update the QPM configuration to recognize your prompts. See QPM cannot log into a device, page 12-5, for information on how to update the QPM configuration.

To configure the default device access parameters:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Change the parameters of a single device or a device group.

•To change parameters for a single device, click the name of the device.

The Device Properties page appears

•To change parameters for a device group:

a. Select Devices > Device Grouping > Device Groups from the TOC. The Device Groups page appears.

b. In the Device Groups page, click the name of the device group you want to modify.

The Device Group Properties page appears.

Step 3 Do the following in the Device Properties page, or the Device Group Properties page:

a. Open the Default Access Parameters area by clicking the arrow next to its heading.

b. Modify the access parameters by entering new values. For more information about the fields in these pages, see Device Group Properties Page, page A-25 or Device Properties Page, page A-6.

c. Click Save.

Related Topics

•Adding Devices to the Device Inventory

•Adding a Single Device

•Using QPM Tables, page 3-8

•Troubleshooting Device Management Problems, page 12-5

Viewing Device Discovery Status

When you import devices, you can use the Discovery Status report to see the status of each device discovery task (for example, tasks can be finished, in progress, or failed because of incorrect device access parameters).

You can define the refresh interval for this page.

If you add more devices while the previous add device operation is still in progress, the Discovery Status page will display a separate record for each add operation, in order from newest to oldest.

To view the status of the device discovery task:

Step 1 Select Devices > Device Summary. The Device Table page appears.

Step 2 Select Discovery Status from the TOC.

The Discovery Status page appears.

Step 3 Do the following in the Discovery Status page:

a. View the status of active device discovery operations. For information about this page, see Discovery Status Page, page A-21.

b. Optionally, you can select a different refresh interval from the list box below the table.

Related Topics

•Adding Devices to the Device Inventory

•Using QPM Tables, page 3-8

•Troubleshooting Device Management Problems, page 12-5

Working with Devices

The following topics describe working with devices:

•Viewing and Editing Device Properties

•Setting a Device's Policy Assignment

•Rediscovering Device Information

Viewing and Editing Device Properties

You can view a device's properties and edit some of them. Examples of the properties you can edit include:

•Device role assignment

•Device folder assignment

•Device access parameters (passwords and community strings)

You can view and edit device properties from any device list, whether it is in the main device table, or accessed from the device folders, device groups, or search results pages.

To view and edit the device properties:

Step 1 Select Devices > Device Summary. The Device Table page appears.

Step 2 In the Device Table page, do one of the following to select the device to edit:

•Click the device name in the Sys Name column.

•Select the check box next to the device name, then click Edit.

The Device Properties page appears.

Step 3 Do the following in the Device Properties page:

a. Edit any of the device properties that are available for editing. For more information about the fields in this page, see Device Properties Page, page A-6.

b. Click Save.

Related Topics

The following topics describe other tasks you can perform on devices:

•Exporting Device Information

•Connecting to a Device Using Telnet

•Viewing Device Configuration

Exporting Device Information

You can export a device's information to a file on your client system that can then be used to import the device back into QPM as a virtual device. This process allows you to test and demonstrate QoS policies without affecting real devices.

To export a device's information:

Step 1 Select Devices > Device Summary. The Device Table page appears.

Step 2 In the Device Table page, do one of the following to select the device to edit:

•Click the device name in the Sys Name column.

•Select the check box next to the device name, then click Edit.

The Device Properties page appears.

Step 3 In the Device Properties page, click Export.

The browser file download process begins.

Step 4 Use the browser file download process to save the file to your client system.

Related Topics

•Importing Virtual Devices

•Using QPM Tables, page 3-8

Connecting to a Device Using Telnet

You can connect to a device in the device inventory from within QPM using Telnet. QPM starts the default Telnet program on your client system and automatically connects to the device. If there is no Telnet program installed on your client system, this feature will not work.

To connect to a device using Telnet:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 In the Device Table page, do one of the following to select the device to edit:

•Click the device name in the Sys Name column.

•Select the check box next to the device name, then click Edit.

The Device Properties page appears.

Step 3 Click Telnet.

A Telnet application opens and connects to the device.

Related Topics

•Using QPM Tables, page 3-8

•Troubleshooting Device Management Problems, page 12-5

Viewing Device Configuration

You can view a device's running software configuration from within QPM. This is useful if you are deciding whether to upload the device's configuration into the QPM inventory.

To view the device's configuration:

Step 1 Select Devices > Device Summary. The Device Table page appears.

Step 2 In the Device Table page, do one of the following to select the device to edit:

•Click the device name in the Sys Name column.

•Select the check box next to the device name, then click Edit.

The Device Properties page appears.

Step 3 Click Show run. The Display show run report appears, displaying the device's running configuration.

Related Topics

•Using QPM Tables, page 3-8

Setting a Device's Policy Assignment

To configure QoS policies on a device, you assign it to a policy. You can do this in the following ways:

•By accessing a policy's properties and assigning the device to the policy. For more information, see Setting Network Element Assignments, page 8-10.

•By selecting a device from the device table and assigning it to a policy. The following procedure describes this process.

This procedure describes how to:

•Assign devices to policies.

•Remove devices from policies.

•Change device policy assignment.

This procedure does not assign interfaces or other elements on a device to policies. For information on setting policies for network elements other than devices, see Setting Network Element Policy Assignments.

To set a device's policy assignment:

Step 1 Select Devices > Device Summary. The Device Table page appears.

Step 2 Select the check box next to the devices you want to add to or remove from a policy group, then click Set Policy.

The Policy Assignment dialog box opens.

Step 3 Do the following in the Policy Assignment dialog box:

a. Set and remove policy assignments. For information about the fields in this page, see Policy Assignment Dialog Box, page A-4.

b. Click OK to save the policy assignment changes you have made and close the dialog box.

Related Topics

•Setting Network Element Policy Assignments

•Using QPM Tables, page 3-8

Rediscovering Device Information

Rediscovering a device's information causes QPM to connect to the device on the network and obtain its device information again. You should do this when you make configuration changes to a device to ensure that the device can still support the policies and configurations you assigned to it using QPM.

During the rediscover process, QPM will delete any policy or network element assignments that are no longer valid because of changes to the device's information. A report of deleted policy assignments is generated.

To rediscover devices:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Select the check boxes next to the devices you want to rediscover, then click Rediscover.

The Discovery Status page appears. Your rediscovery job appears at the top of the list, with an indication of the number of devices for which discovery is in process or completed. The page refreshes according to your selection in the Refresh Rate field at the bottom of the page. Rediscovery is complete when no devices are listed in the In Process field. For more information, see Discovery Status Page, page A-21.

Step 3 Run the Assignments report by selecting Reports > Conflicts > Assignments to see if any policy group assignments were deleted as a result of the rediscovery.

Related Topics

•Using QPM Tables, page 3-8

•Troubleshooting Device Management Problems, page 12-5

Working with Device Folders

You can create device folders to organize the inventory for administrative purposes. For example, you might create a device folder for each building on your corporate campus and assign the devices in each building to their corresponding device folder.

Device folders are contained within device groups. If you are not using ACS and multiple device groups, all device folders are contained within the default device group.

Unlike device groups, you cannot assign access privileges to device folders. Device folders are used primarily to group devices into related groups for the purpose of more easily searching for devices and classifying and sorting lists of devices.

When you use the device folders table to browse device folders, you can perform the same actions on the listed devices that you can perform from the device table. See Working with Devices, for more information about these actions.

The following topics describe how to work with device folders:

•Creating Device Folders

•Organizing Devices with Device Folders

•Editing Device Folders

•Deleting Device Folders

Creating Device Folders

Create device folders to organize your inventory. To do this:

Step 1 Select Devices > Device Grouping. The Device Groups page appears.

Step 2 Select Device Folders in the TOC. The Device Folders page appears.

Step 3 Click Create. The Device Folder Properties page appears.

Step 4 Do the following in the Device Folder Properties page:

a. Create the new device folder. For more information about the fields in this page, see Device Folder Properties Page, page A-30.

b. Click Save.

The Device Folders page appears. The new device folder appears in the table.

Related Topics

•Working with Device Folders

Organizing Devices with Device Folders

You can use device folders to organize your inventory. The procedure describes how to add devices to device folders, remove devices from devices folders, and move devices between device folders.

To organize devices with device folders:

Step 1 Select Devices > Device Summary. The Device Table page appears.

Step 2 Select the check box next to the devices you want to assign to or remove from a device folder, then click Set Device Folder.

The Device Folders Assignment dialog box opens.

Step 3 Do the following in the Device Folders Assignment dialog box:

a. Set and remove device folder assignments. For more information about the fields in this page, see Device Folder Properties Page, page A-30.

b. Click OK to save the policy group assignment changes you have made and close the dialog box.

Related Topics

•Working with Device Folders

•Using QPM Tables, page 3-8

Editing Device Folders

Edit a device folder to change properties such as its name and description. To do this:

Step 1 Select Devices > Device Grouping. The Device Groups page appears.

Step 2 Select Device Folders in the TOC.

The Device Folders page appears.

Step 3 Do one of the following to select a device folder:

•Click the name of the device folder.

•Select the check box next to a device folder name, then click Edit.

The Device Folder Properties page appears.

Step 4 Do the following in the Device Folder Properties page:

a. Edit the device folder. For more information about the fields in this page, see Device Folder Properties Page, page A-30.

b. Click Save.

Related Topics

•Working with Device Folders

•Using QPM Tables, page 3-8

Deleting Device Folders

Delete a device folder when you no longer want to use it to organize your inventory. Devices assigned to the device folder are not deleted from the inventory, and are no longer assigned to any device folder.

To delete device folders:

Step 1 Select Devices > Device Grouping.

The Device Groups page appears.

Step 2 Select Device Folders in the TOC.

The Device Folders page appears.

Step 3 Select the check box next to the device folders you want to remove, then click Delete.

The Device Folders page refreshes. The deleted device folders do not appear in the table.

Related Topics

•Working with Device Folders

•Using QPM Tables, page 3-8

Using Additional Device Functions

The following topics document the additional device functions that are available:

•Removing Devices

Removing Devices

If you no longer want to manage QoS on a device, you can remove it from the inventory. When you remove a device, all of its elements are also removed.

Removing Devices That Are Being Monitored

If you remove a device that contains network elements that are being monitored by a QoS analysis task, QPM continues to monitor these network elements. To stop QPM from monitoring these network elements, you must stop or delete the QoS analysis task. For more information, see the following topics:

•Performing Historical QoS Analysis, page 10-4

•Performing Real Time Chart Analysis, page 10-12

To remove devices from QPM inventory:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Select the check box next to the devices you want to remove, then click Delete.

The Device Table refreshes, with the deleted devices removed.

Related Topics

•Using QPM Tables, page 3-8

Working with Network Elements

The following topics describe how to work with network elements:

•Overview of Network Elements

•Viewing and Editing Network Element Properties

•Setting Network Element Policy Assignments

•Working with Source-Destination Pairs

•Hiding and Displaying Interfaces

Overview of Network Elements

QPM supports both physical and logical network elements. A physical network element physically exists on a device and can be read or calculated using SNMP and Telnet. Examples include device, interface, VLAN, DLCI, and VC.

A user-supplied element is one that does not exist on a device, and its purpose is helping you manage your network elements. An example is source-destination pairs.

The interfaces on a device carry the network traffic. In QPM, the term interfaces refers to router interfaces and subinterfaces, and switch ports. QPM allows you to configure QoS on subinterfaces.

Viewing and Editing Network Element Properties

You can view and change network element properties. An example of the network element properties that you can edit is whether interfaces are ignored (hidden from display in QPM).

To view and edit network element properties:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Click the Interfaces icon in the table row of the device that contains the network element or elements that you want to view or edit.

The Interfaces page appears.

Step 3 Click an interface name to edit it.

The Interface Properties page appears.

Step 4 In the Interface Properties page:

a. Edit the interface properties if desired. For more information about the fields in this page, see Interfaces Page, page A-11.

b. Click Save.

Related Topics

•Hiding and Displaying Interfaces

•Using QPM Tables, page 3-8

Setting Network Element Policy Assignments

To configure QoS policies on the network, you assign network elements to policies. You can do this in the following ways:

•By accessing a policy's properties and assigning network elements to the policy. For more information, see Setting Network Element Assignments, page 8-10.

•By accessing a devices's network elements and assigning them to policies. The following procedure describes this method.

There are four types of network elements that you can assign to policies:

•Devices—See Setting a Device's Policy Assignment.

•Interfaces.

•Interface subelements (VCs and DLCIs).

•User-supplied elements (VLANs and source-destination pairs).

The following procedure describes how to do the following to interfaces, interface subelements, and user-supplied elements:

•Assign them to policies.

•Remove them from policies.

•Change policy assignments.

You only need to perform the steps required for the network element types you are working with.

To assign policies to network elements:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Click the Interfaces icon in the table row of a device that contains network element or elements that you want to assign.

The Interfaces page appears.

Step 3 Assign interfaces to policies, remove interfaces from policies, and change interface policy assignments:

a. Select the check box next to the interfaces you want to assign to or remove from a policy, then click Set Policy.

The Policy Assignment dialog box opens.

b. Set and remove policy assignments. For more information about the fields in this page, see Policy Assignment Dialog Box, page A-4.

Step 4 Assign subelements of an interface to policies, remove subelements of an interface from policies, and change subelements of an interface policy assignments:

a. Click the name of an interface.

The Interface Properties page appears.

b. Select any subelements of the interface (click the arrow icons to open or close the page subsections) that you want to assign, then click Set Policy.

The Policy Assignment dialog box opens.

c. Set and remove policy assignments. For more information about the fields in this page, see Policy Assignment Dialog Box, page A-4.

Step 5 Assign source-destination pairs and VLANs to policies, remove source-destination pairs and VLANs from policies, and change source-destination pairs and VLANs policy group assignments:

a. Click Source-Dest Pairs or VLANs in the TOC.

b. In the resulting page, select the source-destination pairs or VLANs that you want to assign, then click Set Policy.

The Policy Assignment dialog box opens.

c. Set and remove policy assignments. For more information about the fields in this page, see Policy Assignment Dialog Box, page A-4.

Related Topics

•Setting a Device's Policy Assignment

•Using QPM Tables, page 3-8

Working with Source-Destination Pairs

Source-destination pairs are logical (not physical) user-supplied network elements. You define them for Catalyst 8400 and Catalyst 8500 switches, which have QoS features that allow you to configure QoS traffic rules to inbound and outbound traffic on the same device. To do this, you must define source-destination pairs of interfaces on a device, to which you can apply this type of traffic rules.

The following topics describe how to work with source-destination pairs using QPM:

•Creating Source-Destination Pairs

•Editing Source-Destination Pairs

•Deleting Source-Destination Pairs

•Setting Network Element Policy Assignments

Creating Source-Destination Pairs

You can create source-destination pairs using QPM. To do this:

Step 1 Choose Devices > Device Summary.

The Device Table page appears.

Step 2 Click the device name of the device on which you want to create a source-destination pair.

The Device Properties page appears.

Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information).

The Source-Dest Pairs page appears.

Step 4 Click Create.

The Source-Dest Pairs Properties page appears.

Step 5 Do the following in the Source-Dest Pairs Properties page:

a. Create a source-destination pair. For more information about the fields in this page, see Source-Dest Pair Properties Page, page A-15.

b. Click Save.

Related Topics

•Working with Source-Destination Pairs

•Using QPM Tables, page 3-8

Editing Source-Destination Pairs

You can edit source-destination pairs using QPM. To do this:

Step 1 Choose Devices > Device Summary.

The Device Table page appears.

Step 2 Click the device name of the device on which you want to edit a source-destination pair.

The Device Properties page appears.

Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information).

The Source-Dest Pairs page appears.

Step 4 Select the check box next to the source-destination pair you want to edit, then click Edit.

The Source-Dest Pairs Properties page appears.

Step 5 Do the following in the Source-Dest Pairs Properties page:

a. Edit the source-destination pair. For more information about the fields in this page, see Source-Dest Pair Properties Page, page A-15.

b. Click Save.

Related Topics

•Working with Source-Destination Pairs

•Using QPM Tables, page 3-8

Deleting Source-Destination Pairs

You can delete source-destination pairs using QPM. To do this:

Step 1 Choose Devices > Device Summary.

The Device Table page appears.

Step 2 Click the device name of the device on which you want to delete a source-destination pair.

The Device Properties page appears.

Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information).

The Source-Dest Pairs page appears.

Step 4 Select the check box next to the source-destination pairs you want to delete, then click Delete.

Related Topics

•Working with Source-Destination Pairs

•Using QPM Tables, page 3-8

Hiding and Displaying Interfaces

When you import a device, QPM discovers and imports all of its elements that QPM supports. You can prevent interfaces (not other network elements) from being displayed in QPM by marking them as ignored. You can later redisplay interfaces if you want to see them again. DLCIs and VCs on ignored interfaces are also ignored.

The following topics describe hiding and displaying interfaces:

•Hiding Interfaces

•Displaying Interfaces

Hiding Interfaces

You can mark interfaces as ignored, preventing them from displaying in QPM. To do this:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Click the name of the device that contains the interfaces you want to ignore.

The Device Properties page appears.

Step 3 Select Interfaces in the TOC (a subentry of Device Information).

The Interfaces page appears.

Step 4 Select the check box next to the interfaces you want to ignore, then click Mark as Ignore.

A confirmation dialog box opens.

Step 5 Click Yes in the confirmation dialog box.

The Interfaces page refreshes. The ignored interfaces are no longer displayed.

Related Topics

•Hiding and Displaying Interfaces

•Displaying Interfaces

•Using QPM Tables, page 3-8

Displaying Interfaces

You can redisplay interfaces that you previously marked as ignored. To do this:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Click the name of the device that contains the interfaces you no longer want to ignore.

The Device Properties page appears.

Step 3 Click the hyperlinked number in the Ignored Interfaces field.

The Ignored Interfaces List dialog box opens.

Step 4 Select the check box next to the interfaces you no longer want to ignore, then click Cancel Ignore.

Step 5 Click Close to close the dialog box.

Related Topics

•Hiding and Displaying Interfaces

•Hiding Interfaces

•Using QPM Tables, page 3-8

Working with Device Groups

This section is applicable only for users who work with DCR device groups,or who use ACS permissions and are working with ACS device groups. If you do not use DCR or ACS to create multiple device groups, only the default device group will be available in QPM.

The following topics describe how to work with device groups:

•Understanding Device Groups

•Setting the Active Device Group

•Synchronizing Permissions and Device Group Information

•Editing Device Group Properties

•Deleting Device Groups from QPM

Understanding Device Groups

Device groups are groups of devices (and their network elements) within the inventory. They are created and maintained in the DCR or ACS, but QPM assigns some properties to each device group that you can view and edit in QPM. For more information, see Editing Device Group Properties.

Each device group has its own set of access permissions, so they can be used to divide the network into administrative groups for purposes of controlling who can do what with which devices. Because you create policies in the context of a device group, you can assign policy groups only to devices in the same device group as the policy.

The inventory always contains one device group named the default device group. If you are not using DCR or ACS device groups to group devices, your inventory will contain only the default device group.

ACS Device Groups

If you are using multiple ACS device groups, QPM will automatically create the same device groups with the same user permissions that are defined in ACS. When you add a new device to the inventory, QPM assigns it to its ACS device group, with the same user permissions. If a device is not assigned to an ACS device group, it is assigned to the QPM default device group.

QPM automatically synchronizes the inventory with ACS in the following cases:

•When you import devices, QPM synchronizes with ACS to find out what device groups the devices belong to. Only the imported devices are synchronized with ACS.

•When you log into QPM, QPM automatically synchronizes with ACS to obtain and store your user permissions so it can check them before any user operations you attempt.

In addition, before you deploy a deployment job, QPM synchronizes with ACS to verify that the user permissions allow the job to proceed.

You can also manually refresh the QPM device group information, synchronizing it with ACS. See Synchronizing Permissions and Device Group Information.

Note If you are using ACS device groups, all devices used in QPM, including the QPM server, should be defined in ACS device groups, only as AAA clients, and not as AAA servers.

Related Topics

•User Permissions, page 3-9

DCR Device Groups

If you are using multiple DCR device groups, QPM will automatically create the same device groups with the same user permissions that are defined in DCR. When you add a new device from DCR to the inventory , QPM assigns it to its DCR device group, with the same user permissions. If a device is not assigned to a DCR device group, it is assigned to the QPM default device group.

QPM automatically synchronizes the inventory with DCR in the following cases:

•When you import devices, QPM synchronizes with DCR to find out what device groups the devices belong to. Only the imported devices are synchronized with DCR.

•When you log into QPM, QPM automatically synchronizes with DCR to obtain and store your user permissions so it can check them before any user operations you attempt.

In addition, before you deploy a deployment job, QPM synchronizes with DCR to verify that the user permissions allow the job to proceed.

You can also manually refresh the QPM device group information, synchronizing it with DCR. See Synchronizing Permissions and Device Group Information.

Setting the Active Device Group

Only one device group at a time can be active. Throughout the QPM user interface, only the devices, deployment groups, and policy groups that are contained in the active device group are displayed. You must have sufficient user privileges to set the active device group.

To set a device group as active:

Step 1 Select Devices > Device Grouping.

The Device Groups page appears..

Step 2 Select the device group that you want to make active by clicking the check box next to its name, and click Set Active.

Related Topics

•Using QPM Tables, page 3-8

Synchronizing Permissions and Device Group Information

You can manually synchronize the user permissions and device group information in the inventory with ACS, DCR, or CiscoWorks Common Services (depending on which you are using to administer device groups and user permissions).

Typically you would synchronize in the following cases:

•When you know changes have been made to the ACS, DCR, or CiscoWorks Common Services device group assignments or access privileges.

•When your CiscoWorks user role has changed since you logged into QPM.

The Sync Privileges page displays your permissions to the QPM device groups on the system. If you know you have changed ACS privileges, or changed the device groups in ACS or DCR, you see whether the changes are reflected correctly on this page so you can determine if you need to synchronize to update your QPM permissions.

If changes are made to the QPM device groups as a result of the synchronization, the Conflicts Assignment report shows which devices have been moved from the current device group, and all policy group assignments for those devices and their network elements will be deleted.

Note ACS, DCR, and CiscoWorks Common Services device group and user permissions information is automatically synchronized each time you log into QPM.

To synchronize permissions and device group information:

Step 1 Select Devices > Device Grouping.

The Device Groups page appears.

Step 2 Select Sync Privileges in the TOC.

The Sync Privileges page appears.

Step 3 Select the server mode (ACS, DCR, or Cisco Works).

Step 4 Click Sync. QPM synchronizes the user and device group information with the server mode you selected, and opens a message box to tell you the status when finished.

Related Topics

•Troubleshooting Device Management Problems, page 12-5

Editing Device Group Properties

Although you cannot change device group membership within QPM (you must make device group assignment changes in ACS), you can edit the device group properties that are unique to QPM.

Many of the device group properties are the same properties that QPM maintains for devices. These device group properties are assigned to all devices in the device group by default. You can override these defaults by entering different device properties for an individual device.

Examples of the device group properties that you can edit include:

•Description.

•Default device access parameters.

•Enabling/disabling NBAR port mapping.

To edit device group properties:

Step 1 Click Devices > Device Grouping.

The Device Groups page appears.

Step 2 Click the name of the device group you want to edit.

The Device Group Properties page appears.

Step 3 Do the following in the Device Group Properties page:

a. Edit the device group. For more information about the fields in this page, see Device Group Properties Page, page A-25.

b. Click Save.

Related Topics

•Using QPM Tables, page 3-8

•Viewing and Editing Device Properties

Deleting Device Groups from QPM

QPM device groups are not automatically deleted from QPM when you delete them in ACS, even when you synchronize device group information with ACS. Instead, you must manually delete QPM device groups. Any deployment groups and policy groups contained in the device group are also deleted.

This feature is useful because device groups are not automatically deleted from QPM when you delete them in ACS, even when you synchronize device group information with ACS. This gives you the opportunity to edit your QPM deployment groups and policy groups before manually deleting the device group.

The following are the restrictions for deleting QPM device groups:

•You cannot delete the QPM default device group.

•You cannot delete a device group that still contains devices. To delete a device group, you must first do one of the following:

–Remove all devices from the device group in ACS.

–Delete all devices in the device group from the QPM inventory.

If you convert from using ACS to CiscoWorks Common Services for device management and user authentication, all devices in the inventory are moved to the default device group (because CiscoWorks Common Services does not support multiple device groups). You can then delete the remaining empty device groups.

To delete device groups:

Step 1 Click Devices > Device Grouping.

The Device Groups page appears..

Step 2 Select the radio button next to the device group you want to delete.

Step 3 Click Delete.

Integrating QPM with Access Control Server (ACS)

Before you begin, note:

•Terminal services should not be running when QPM is installed.

•QPM cannot coexist with ACS on the same machine.

To integrate QPM with ACS:

Step 1 Login to ACS server.

Step 2 Click Network Configuration.

The Network Configuration page appears.

Step 3 Click Add Entry.

Step 4 In the Network Device Group Name box, type the name of the new Network Device Group (NDG), for using QPM.

Step 5 In the Key box, enter a key for the Network Device Group. The maximum length is 32 characters.

Step 6 Click Submit.

The Network Device Groups table displays the new NDG

Step 7 Click the name of the new NDG, and click Add Entry below the AAA Clients table.

Step 8 In the Add AAA Client page, enter the QPM client details like Hostname, IP Address, and Key. Later, you need to use the same key to configure ACS details in QPM

Step 9 Click Submit or Submit + Apply to register the QPM server in ACS.

Step 10 Login to CiscoWorks on QPM server.

Step 11 In the CiscoWorks homepage, select
Common Services > Server > Security > AAA Mode Setup.

Step 12 Click the TACACS+ radio button.

Step 13 Click Change.

The Login Module Options window appears.

Step 14 Enter ACS server details like Server, Port and Key (the Key you entered while configuring QPM server in ACS (Step 8))

Step 15 Click OK.

The Login Module Change Summary page appears

Step 16 Click OK.

Step 17 In the AAA Mode Setup page, click the ACS radio button.

Step 18 Enter the ACS sever details.

Step 19 Enter the login details including the Shared Secret Key (the same key that you entered in Step 14).

Step 20 Check the Register all installed applications with ACS checkbox.

Step 21 Click the HTTP or HTTPS radio button to specify the current ACS administrative protocol.

Step 22 Click Apply.

The Login Module Change Summary page appears with the following message:
ACS Server Credentials updated successfully

Step 23 Close down all the QPM and CS Windows, and restart the deamon manager.

Step 24 In QPM, select Devices > Device Grouping > Sync Privileges.

The Sync Privileges page appears.

Step 25 Check whether the Server mode is set to ACS, and click Sync.

The Device Groups in the ACS server will be added to the QPM device groups.

Step 26 To set a device group as active in QPM, go to Devices > Device Grouping, select a device group, and click Set Active.

Related Topics

•Resetting the Login Module

Resetting the Login Module

If there is an authorization failure with ACS server, most of the Common Services features will be disabled.

To recover, you have to reset the login module.

To reset the login module to CiscoWorks:

Step 1 Stop the Daemon Manager using:

•net stop crmdmgtd (For Windows)

or

•/etc/init.d/dmgtd stop (For Solaris)

Step 2 Run the following script:

•NMSROOT/bin/perl ResetLoginModule.pl (For Windows)

or

•/opt/CSCOpx/bin/perl ResetLoginModule.pl (For Solaris)

Step 3 Start the Daemon Manager using:

•net start crmdmgtd (For Windows)

or

•/etc/init.d/dmgtd start (For Solaris)

This resets the login module to CiscoWorks local mode.

Multiple instances of same application using same ACS server will share settings. Any changes will affect all instances of that application.

If an application is configured with ACS, and then the application is reinstalled, the application will inherit the old settings.

	User Guide for CiscoWorks QoS Policy Manager 4.0.3
	Chapter 4 Managing Devices
User Guide for CiscoWorks QoS Policy Manager 4.0.3 Preface Chapter 1 Introduction Chapter 2 Planning for Quality of Service Chapter 3 Getting Started Chapter 4 Managing Devices Chapter 5 Provisioning: Working with Policy Groups Chapter 6 Provisioning: Configuring QoS for IP Telephony Chapter 7 Provisioning: Working with Macros Chapter 8 Provisioning: Working with Policies, Properties, and Traffic Rules Chapter 9 Provisioning: Deploying QoS Policies Chapter 10 Monitoring: Using QoS Analysis Chapter 11 Using Administration Features Chapter 12 Troubleshooting QPM Appendix A Devices Tab Reference Appendix B Provision Tab Reference: Macros and Policy Creation Appendix C Provision Tab Reference: Policy Preview and Deployment Appendix D Monitor Tab Reference Appendix E Administration Tab Reference Appendix F CLI Command Reference for QPM Actions Index	Download this chapter Chapter 4 Managing Devices Download the complete book Complete PDF of User Guide for QoS Policy Manager 4.0.3 (PDF - 7 MB) Table Of Contents Managing Devices Understanding the Device Inventory Adding Devices to the Device Inventory Adding a Single Device Importing Devices from Device Credentials Repository Importing Virtual Devices Configuring Default Device Access Parameters Viewing Device Discovery Status Working with Devices Viewing and Editing Device Properties Exporting Device Information Connecting to a Device Using Telnet Viewing Device Configuration Setting a Device's Policy Assignment Rediscovering Device Information Working with Device Folders Creating Device Folders Organizing Devices with Device Folders Editing Device Folders Deleting Device Folders Using Additional Device Functions Removing Devices Working with Network Elements Overview of Network Elements Viewing and Editing Network Element Properties Setting Network Element Policy Assignments Working with Source-Destination Pairs Creating Source-Destination Pairs Editing Source-Destination Pairs Deleting Source-Destination Pairs Hiding and Displaying Interfaces Hiding Interfaces Displaying Interfaces Working with Device Groups Understanding Device Groups Setting the Active Device Group Synchronizing Permissions and Device Group Information Editing Device Group Properties Deleting Device Groups from QPM Integrating QPM with Access Control Server (ACS) Resetting the Login Module Managing Devices The device inventory is a collection of information about the network elements that QPM can manage. The following topics describe how to manage devices in QPM: •Understanding the Device Inventory •Adding Devices to the Device Inventory •Working with Devices •Working with Network Elements •Working with Device Groups •Integrating QPM with Access Control Server (ACS) Understanding the Device Inventory The device inventory is a collection of information about the network elements that QPM can manage. Network elements are devices and components of devices on which QoS can be configured. Examples of network elements include devices (routers, switches, and layer 3 switches), cards, interfaces, subinterfaces, and VLANs. For more information about network elements, see Working with Network Elements. Using Device Folders To Organize Your Inventory Device folders are groups of devices that you can create for organizational purposes, for example, to distinguish edge routers from core routers. For more information, see Working with Device Folders. Using Device Groups Device groups are groups of devices that are created and administered using ACS. You can use multiple device groups only if you use ACS to manage device access. For more information, see Working with Device Groups. Default Device Group The inventory always contains one device group named the default device group. If you are not using ACS device groups to group devices, your inventory will contain only the default device group. The default device group (like all QPM device groups) has properties that are unique to QPM. You can edit some of these properties. For more information, see Editing Device Group Properties. Communicating With Devices Using SSH QPM can communicate with devices in the inventory using either Telnet or secure shell (SSH). SSH provides more security than Telnet because communication with SSH is encrypted and authenticated. QPM 4.0 supports SSH Version 1 only. You must configure SSH on the device before QPM can communicate with it using SSH. When you configure SSH on devices, follow these guidelines: •Configure a device public key size of 1024 bits or more. •Define a user name on the device. Use one of the following methods to configure QPM to use SSH Version 1 to communicate with a device: •Select the Enable SSH check box in the Device Properties page to enable SSH communication with that device. For more information, see Viewing and Editing Device Properties. •Select the Enable SSH check box in the Device Group Properties page to enable SSH communication as the default for a device group. For more information, see Editing Device Group Properties. Adding Devices to the Device Inventory To manage the QoS configuration on a device or any of its elements with QPM, you must first add it to the inventory. When you add a device to the inventory, QPM discovers the device on the network to obtain the properties that it stores about the device. Therefore, devices must be running and accessible on the network before you can add them to the inventory. You can only add a device to the inventory if you have sufficient access permissions to it. The Import Devices Wizard shows you which devices you cannot import because of insufficient permissions. When you add a device to the inventory, all of its network elements that QPM supports are automatically added. For more information about network elements, see Working with Network Elements. Device Group Assignment If you use ACS for user authentication, QPM assigns each imported device to the same QPM device group to which it is assigned in ACS. If a device is not assigned to an ACS device group, it is assigned to the QPM default device group. If you use DCR for device import, QPM assigns each imported device to the same device group as in DCR. If a device is not assigned to a DCR device group, it is assigned to the QPM default device group. If you are using CiscoWorks Common Services for user authentication, all devices you import are added to the QPM default device group. OS Detection and IOS Mapping QPM uses the device model type and operating system (OS) version number to load device capabilities to the inventory. All subversions of a certain version are translated to the major version, unless QPM explicitly supports the minor version. In QPM, new minor versions are mapped to the last supported minor version and not to the major version. Both the device software version and the mapped software version are displayed in the Device Table page: •OS Version—OS version that QPM detected. •Mapped OS Version—OS version to which the detected OS version is mapped. If QPM does not support an imported device's Cisco IOS version, the device model is displayed correctly but the device is assigned the status "Unsupported," and no Mapped OS version is assigned to it. You cannot perform any tasks on devices that have the status Unsupported. If the device model is supported by QPM but the Cisco IOS version is not, you can upgrade the device to a supported Cisco IOS version and then rediscover the device to make it available in QPM. Device Model Discovery If QPM does not support an imported device model, then the device is assigned the status "Unsupported" and the model appears as "Unknown" in the Device Table. You cannot perform any tasks on devices that have the status Unsupported. The device's interfaces are not discovered or imported. Device System Name You can add a device to the inventory by providing either its IP address or its DNS name (if it is registered in DNS). Whichever of these values you provide becomes the device's primary name in QPM. If the device has a system name configured, it is detected when QPM discovers the device. The device system name is added to the Device Table, as another method for you to identify the device. You cannot use device DNS names that contain the backslash (\) character. Device Access Parameters Device access parameters are the passwords and community strings that QPM needs to log into and configure devices. QPM obtains device access parameters for devices you add to the inventory in the following ways: •When adding a device manually, you can either enter the device access parameters, or you can use the destination device group's default access parameters. To use default access parameters, leave the access parameters fields blank. •When importing from DCR and virtual device file, QPM uses the device access parameters as obtained from the import. For more information about default device access parameters, see Configuring Default Device Access Parameters. The following topics describe how to add devices to the inventory: •Adding a Single Device •Importing Virtual Devices •Configuring Default Device Access Parameters •Viewing Device Discovery Status Adding a Single Device To add a single device, enter the required device information; QPM then discovers the device on the network to obtain the rest of the device information. Before You Begin Obtain the following information for each device you are adding: •DNS name of the device or IP address of the device or one of its interfaces. •If you are not using the device group default access parameters to connect to the device, you must obtain the device access parameters necessary to connect to it. For more information about default device access parameters, see Configuring Default Device Access Parameters. To add a single device: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click Add/Import in the Device Table page. The Import Devices Wizard - General page appears. Step 3 Do the following in the Import Devices Wizard - General page: a. Select the Manual radio button. b. Enter the device IP address in the Device IP field. c. If you are not using the default device access parameters, enter the necessary device access parameters in the corresponding fields. d. Click Next. The Import Devices Wizard - Select Devices page appears. For more information about the Import Devices Wizard - General page, see Import Devices Wizard - General Page, page A-17. Step 4 In the Import Devices Wizard - Select Devices page, select the check box next to the device you are adding and click Finish. The Discovery Status page appears, where you can monitor the progress of the add operation. For more information, see Viewing Device Discovery Status. Related Topics •Adding Devices to the Device Inventory •Using QPM Tables, page 3-8 •Using QPM Wizards, page 3-8 •Troubleshooting Device Management Problems, page 12-5 Importing Devices from Device Credentials Repository The Device Credentials Repository (DCR) in CiscoWorks Common Services is the central credentials repository for QPM and you can import device inventories from DCR. This simplifies the task of adding devices to QPM. To import devices from DCR: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click Add/Import in the Device Table page. The Import Devices Wizard - General page appears. For more information about the Import Devices Wizard - General page, see Import Devices Wizard - General Page, page A-17. Step 3 Do the following in the Import Devices Wizard - General page: a. Select the Import from DCR radio button. b. Click Next. The Import Devices Wizard - Select Devices page appears. Step 4 In the Import Devices Wizard - Select Devices page, select the check boxes next to the devices you are adding and click Finish. The Discovery Status page appears, where you can monitor the progress of the add operation. For more information, see Viewing Device Discovery Status. Importing Virtual Devices You can import virtual devices from a file for testing and demonstration purposes. Virtual devices are not physical devices, but rather are defined in a file that contains the same device information required to import a physical device. You create a file containing a virtual device by exporting device inventory information. For more information, see Exporting Device Information. Each device in the inventory must have a unique IP address. If the virtual device file you want to import contains a virtual device with an IP address that is already in the inventory, you must edit the IP address in the file (which is in XML format) before you can import the virtual device. To import virtual devices from a file: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click Add/Import in the Device Table page. The Import Devices Wizard - General page appears. Step 3 Do the following in the Import Devices Wizard - General page: a. Select the Import Virtual Devices from File radio button. b. Enter the path to the virtual devices file in the File field, or click Browse to navigate to the file. c. Click Next. The Import Devices Wizard - Select Devices page appears. Step 4 In the Import Devices Wizard - Select Devices page, select the check boxes next to the devices you want to add, then click Finish. The Discovery Status page appears, where you can monitor the progress of the add operation. For more information, see Viewing Device Discovery Status. Related Topics •Adding Devices to the Device Inventory •Using QPM Tables, page 3-8 •Using QPM Wizards, page 3-8 Configuring Default Device Access Parameters Device access parameters are the passwords and community strings that QPM needs to log into, import, and configure devices. You can configure default device access parameters that are assigned to devices when you import them into the inventory. Note If you are using ACS and multiple device groups, each device group has its own set of default device access parameters. When you add devices to the inventory, the default device access parameters are used to import the devices unless you override them. Each method of importing devices has its own method of overriding the defaults; see the related topics for more information. You can configure device access parameters for an individual device in DCR, or for all devices in a device group. Before You Begin QPM assumes you are using standard user name and password prompts. If you have defined non-standard prompts on the devices, you must update the QPM configuration to recognize your prompts. See QPM cannot log into a device, page 12-5, for information on how to update the QPM configuration. To configure the default device access parameters: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Change the parameters of a single device or a device group. •To change parameters for a single device, click the name of the device. The Device Properties page appears •To change parameters for a device group: a. Select Devices > Device Grouping > Device Groups from the TOC. The Device Groups page appears. b. In the Device Groups page, click the name of the device group you want to modify. The Device Group Properties page appears. Step 3 Do the following in the Device Properties page, or the Device Group Properties page: a. Open the Default Access Parameters area by clicking the arrow next to its heading. b. Modify the access parameters by entering new values. For more information about the fields in these pages, see Device Group Properties Page, page A-25 or Device Properties Page, page A-6. c. Click Save. Related Topics •Adding Devices to the Device Inventory •Adding a Single Device •Using QPM Tables, page 3-8 •Troubleshooting Device Management Problems, page 12-5 Viewing Device Discovery Status When you import devices, you can use the Discovery Status report to see the status of each device discovery task (for example, tasks can be finished, in progress, or failed because of incorrect device access parameters). You can define the refresh interval for this page. If you add more devices while the previous add device operation is still in progress, the Discovery Status page will display a separate record for each add operation, in order from newest to oldest. To view the status of the device discovery task: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Select Discovery Status from the TOC. The Discovery Status page appears. Step 3 Do the following in the Discovery Status page: a. View the status of active device discovery operations. For information about this page, see Discovery Status Page, page A-21. b. Optionally, you can select a different refresh interval from the list box below the table. Related Topics •Adding Devices to the Device Inventory •Using QPM Tables, page 3-8 •Troubleshooting Device Management Problems, page 12-5 Working with Devices The following topics describe working with devices: •Viewing and Editing Device Properties •Setting a Device's Policy Assignment •Rediscovering Device Information Viewing and Editing Device Properties You can view a device's properties and edit some of them. Examples of the properties you can edit include: •Device role assignment •Device folder assignment •Device access parameters (passwords and community strings) You can view and edit device properties from any device list, whether it is in the main device table, or accessed from the device folders, device groups, or search results pages. To view and edit the device properties: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 In the Device Table page, do one of the following to select the device to edit: •Click the device name in the Sys Name column. •Select the check box next to the device name, then click Edit. The Device Properties page appears. Step 3 Do the following in the Device Properties page: a. Edit any of the device properties that are available for editing. For more information about the fields in this page, see Device Properties Page, page A-6. b. Click Save. Related Topics The following topics describe other tasks you can perform on devices: •Exporting Device Information •Connecting to a Device Using Telnet •Viewing Device Configuration Exporting Device Information You can export a device's information to a file on your client system that can then be used to import the device back into QPM as a virtual device. This process allows you to test and demonstrate QoS policies without affecting real devices. To export a device's information: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 In the Device Table page, do one of the following to select the device to edit: •Click the device name in the Sys Name column. •Select the check box next to the device name, then click Edit. The Device Properties page appears. Step 3 In the Device Properties page, click Export. The browser file download process begins. Step 4 Use the browser file download process to save the file to your client system. Related Topics •Importing Virtual Devices •Using QPM Tables, page 3-8 Connecting to a Device Using Telnet You can connect to a device in the device inventory from within QPM using Telnet. QPM starts the default Telnet program on your client system and automatically connects to the device. If there is no Telnet program installed on your client system, this feature will not work. To connect to a device using Telnet: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 In the Device Table page, do one of the following to select the device to edit: •Click the device name in the Sys Name column. •Select the check box next to the device name, then click Edit. The Device Properties page appears. Step 3 Click Telnet. A Telnet application opens and connects to the device. Related Topics •Using QPM Tables, page 3-8 •Troubleshooting Device Management Problems, page 12-5 Viewing Device Configuration You can view a device's running software configuration from within QPM. This is useful if you are deciding whether to upload the device's configuration into the QPM inventory. To view the device's configuration: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 In the Device Table page, do one of the following to select the device to edit: •Click the device name in the Sys Name column. •Select the check box next to the device name, then click Edit. The Device Properties page appears. Step 3 Click Show run. The Display show run report appears, displaying the device's running configuration. Related Topics •Using QPM Tables, page 3-8 Setting a Device's Policy Assignment To configure QoS policies on a device, you assign it to a policy. You can do this in the following ways: •By accessing a policy's properties and assigning the device to the policy. For more information, see Setting Network Element Assignments, page 8-10. •By selecting a device from the device table and assigning it to a policy. The following procedure describes this process. This procedure describes how to: •Assign devices to policies. •Remove devices from policies. •Change device policy assignment. This procedure does not assign interfaces or other elements on a device to policies. For information on setting policies for network elements other than devices, see Setting Network Element Policy Assignments. To set a device's policy assignment: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Select the check box next to the devices you want to add to or remove from a policy group, then click Set Policy. The Policy Assignment dialog box opens. Step 3 Do the following in the Policy Assignment dialog box: a. Set and remove policy assignments. For information about the fields in this page, see Policy Assignment Dialog Box, page A-4. b. Click OK to save the policy assignment changes you have made and close the dialog box. Related Topics •Setting Network Element Policy Assignments •Using QPM Tables, page 3-8 Rediscovering Device Information Rediscovering a device's information causes QPM to connect to the device on the network and obtain its device information again. You should do this when you make configuration changes to a device to ensure that the device can still support the policies and configurations you assigned to it using QPM. During the rediscover process, QPM will delete any policy or network element assignments that are no longer valid because of changes to the device's information. A report of deleted policy assignments is generated. To rediscover devices: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Select the check boxes next to the devices you want to rediscover, then click Rediscover. The Discovery Status page appears. Your rediscovery job appears at the top of the list, with an indication of the number of devices for which discovery is in process or completed. The page refreshes according to your selection in the Refresh Rate field at the bottom of the page. Rediscovery is complete when no devices are listed in the In Process field. For more information, see Discovery Status Page, page A-21. Step 3 Run the Assignments report by selecting Reports > Conflicts > Assignments to see if any policy group assignments were deleted as a result of the rediscovery. Related Topics •Using QPM Tables, page 3-8 •Troubleshooting Device Management Problems, page 12-5 Working with Device Folders You can create device folders to organize the inventory for administrative purposes. For example, you might create a device folder for each building on your corporate campus and assign the devices in each building to their corresponding device folder. Device folders are contained within device groups. If you are not using ACS and multiple device groups, all device folders are contained within the default device group. Unlike device groups, you cannot assign access privileges to device folders. Device folders are used primarily to group devices into related groups for the purpose of more easily searching for devices and classifying and sorting lists of devices. When you use the device folders table to browse device folders, you can perform the same actions on the listed devices that you can perform from the device table. See Working with Devices, for more information about these actions. The following topics describe how to work with device folders: •Creating Device Folders •Organizing Devices with Device Folders •Editing Device Folders •Deleting Device Folders Creating Device Folders Create device folders to organize your inventory. To do this: Step 1 Select Devices > Device Grouping. The Device Groups page appears. Step 2 Select Device Folders in the TOC. The Device Folders page appears. Step 3 Click Create. The Device Folder Properties page appears. Step 4 Do the following in the Device Folder Properties page: a. Create the new device folder. For more information about the fields in this page, see Device Folder Properties Page, page A-30. b. Click Save. The Device Folders page appears. The new device folder appears in the table. Related Topics •Working with Device Folders Organizing Devices with Device Folders You can use device folders to organize your inventory. The procedure describes how to add devices to device folders, remove devices from devices folders, and move devices between device folders. To organize devices with device folders: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Select the check box next to the devices you want to assign to or remove from a device folder, then click Set Device Folder. The Device Folders Assignment dialog box opens. Step 3 Do the following in the Device Folders Assignment dialog box: a. Set and remove device folder assignments. For more information about the fields in this page, see Device Folder Properties Page, page A-30. b. Click OK to save the policy group assignment changes you have made and close the dialog box. Related Topics •Working with Device Folders •Using QPM Tables, page 3-8 Editing Device Folders Edit a device folder to change properties such as its name and description. To do this: Step 1 Select Devices > Device Grouping. The Device Groups page appears. Step 2 Select Device Folders in the TOC. The Device Folders page appears. Step 3 Do one of the following to select a device folder: •Click the name of the device folder. •Select the check box next to a device folder name, then click Edit. The Device Folder Properties page appears. Step 4 Do the following in the Device Folder Properties page: a. Edit the device folder. For more information about the fields in this page, see Device Folder Properties Page, page A-30. b. Click Save. Related Topics •Working with Device Folders •Using QPM Tables, page 3-8 Deleting Device Folders Delete a device folder when you no longer want to use it to organize your inventory. Devices assigned to the device folder are not deleted from the inventory, and are no longer assigned to any device folder. To delete device folders: Step 1 Select Devices > Device Grouping. The Device Groups page appears. Step 2 Select Device Folders in the TOC. The Device Folders page appears. Step 3 Select the check box next to the device folders you want to remove, then click Delete. The Device Folders page refreshes. The deleted device folders do not appear in the table. Related Topics •Working with Device Folders •Using QPM Tables, page 3-8 Using Additional Device Functions The following topics document the additional device functions that are available: •Removing Devices Removing Devices If you no longer want to manage QoS on a device, you can remove it from the inventory. When you remove a device, all of its elements are also removed. Removing Devices That Are Being Monitored If you remove a device that contains network elements that are being monitored by a QoS analysis task, QPM continues to monitor these network elements. To stop QPM from monitoring these network elements, you must stop or delete the QoS analysis task. For more information, see the following topics: •Performing Historical QoS Analysis, page 10-4 •Performing Real Time Chart Analysis, page 10-12 To remove devices from QPM inventory: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Select the check box next to the devices you want to remove, then click Delete. The Device Table refreshes, with the deleted devices removed. Related Topics •Using QPM Tables, page 3-8 Working with Network Elements The following topics describe how to work with network elements: •Overview of Network Elements •Viewing and Editing Network Element Properties •Setting Network Element Policy Assignments •Working with Source-Destination Pairs •Hiding and Displaying Interfaces Overview of Network Elements QPM supports both physical and logical network elements. A physical network element physically exists on a device and can be read or calculated using SNMP and Telnet. Examples include device, interface, VLAN, DLCI, and VC. A user-supplied element is one that does not exist on a device, and its purpose is helping you manage your network elements. An example is source-destination pairs. The interfaces on a device carry the network traffic. In QPM, the term interfaces refers to router interfaces and subinterfaces, and switch ports. QPM allows you to configure QoS on subinterfaces. Viewing and Editing Network Element Properties You can view and change network element properties. An example of the network element properties that you can edit is whether interfaces are ignored (hidden from display in QPM). To view and edit network element properties: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click the Interfaces icon in the table row of the device that contains the network element or elements that you want to view or edit. The Interfaces page appears. Step 3 Click an interface name to edit it. The Interface Properties page appears. Step 4 In the Interface Properties page: a. Edit the interface properties if desired. For more information about the fields in this page, see Interfaces Page, page A-11. b. Click Save. Related Topics •Hiding and Displaying Interfaces •Using QPM Tables, page 3-8 Setting Network Element Policy Assignments To configure QoS policies on the network, you assign network elements to policies. You can do this in the following ways: •By accessing a policy's properties and assigning network elements to the policy. For more information, see Setting Network Element Assignments, page 8-10. •By accessing a devices's network elements and assigning them to policies. The following procedure describes this method. There are four types of network elements that you can assign to policies: •Devices—See Setting a Device's Policy Assignment. •Interfaces. •Interface subelements (VCs and DLCIs). •User-supplied elements (VLANs and source-destination pairs). The following procedure describes how to do the following to interfaces, interface subelements, and user-supplied elements: •Assign them to policies. •Remove them from policies. •Change policy assignments. You only need to perform the steps required for the network element types you are working with. To assign policies to network elements: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click the Interfaces icon in the table row of a device that contains network element or elements that you want to assign. The Interfaces page appears. Step 3 Assign interfaces to policies, remove interfaces from policies, and change interface policy assignments: a. Select the check box next to the interfaces you want to assign to or remove from a policy, then click Set Policy. The Policy Assignment dialog box opens. b. Set and remove policy assignments. For more information about the fields in this page, see Policy Assignment Dialog Box, page A-4. Step 4 Assign subelements of an interface to policies, remove subelements of an interface from policies, and change subelements of an interface policy assignments: a. Click the name of an interface. The Interface Properties page appears. b. Select any subelements of the interface (click the arrow icons to open or close the page subsections) that you want to assign, then click Set Policy. The Policy Assignment dialog box opens. c. Set and remove policy assignments. For more information about the fields in this page, see Policy Assignment Dialog Box, page A-4. Step 5 Assign source-destination pairs and VLANs to policies, remove source-destination pairs and VLANs from policies, and change source-destination pairs and VLANs policy group assignments: a. Click Source-Dest Pairs or VLANs in the TOC. b. In the resulting page, select the source-destination pairs or VLANs that you want to assign, then click Set Policy. The Policy Assignment dialog box opens. c. Set and remove policy assignments. For more information about the fields in this page, see Policy Assignment Dialog Box, page A-4. Related Topics •Setting a Device's Policy Assignment •Using QPM Tables, page 3-8 Working with Source-Destination Pairs Source-destination pairs are logical (not physical) user-supplied network elements. You define them for Catalyst 8400 and Catalyst 8500 switches, which have QoS features that allow you to configure QoS traffic rules to inbound and outbound traffic on the same device. To do this, you must define source-destination pairs of interfaces on a device, to which you can apply this type of traffic rules. The following topics describe how to work with source-destination pairs using QPM: •Creating Source-Destination Pairs •Editing Source-Destination Pairs •Deleting Source-Destination Pairs •Setting Network Element Policy Assignments Creating Source-Destination Pairs You can create source-destination pairs using QPM. To do this: Step 1 Choose Devices > Device Summary. The Device Table page appears. Step 2 Click the device name of the device on which you want to create a source-destination pair. The Device Properties page appears. Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information). The Source-Dest Pairs page appears. Step 4 Click Create. The Source-Dest Pairs Properties page appears. Step 5 Do the following in the Source-Dest Pairs Properties page: a. Create a source-destination pair. For more information about the fields in this page, see Source-Dest Pair Properties Page, page A-15. b. Click Save. Related Topics •Working with Source-Destination Pairs •Using QPM Tables, page 3-8 Editing Source-Destination Pairs You can edit source-destination pairs using QPM. To do this: Step 1 Choose Devices > Device Summary. The Device Table page appears. Step 2 Click the device name of the device on which you want to edit a source-destination pair. The Device Properties page appears. Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information). The Source-Dest Pairs page appears. Step 4 Select the check box next to the source-destination pair you want to edit, then click Edit. The Source-Dest Pairs Properties page appears. Step 5 Do the following in the Source-Dest Pairs Properties page: a. Edit the source-destination pair. For more information about the fields in this page, see Source-Dest Pair Properties Page, page A-15. b. Click Save. Related Topics •Working with Source-Destination Pairs •Using QPM Tables, page 3-8 Deleting Source-Destination Pairs You can delete source-destination pairs using QPM. To do this: Step 1 Choose Devices > Device Summary. The Device Table page appears. Step 2 Click the device name of the device on which you want to delete a source-destination pair. The Device Properties page appears. Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information). The Source-Dest Pairs page appears. Step 4 Select the check box next to the source-destination pairs you want to delete, then click Delete. Related Topics •Working with Source-Destination Pairs •Using QPM Tables, page 3-8 Hiding and Displaying Interfaces When you import a device, QPM discovers and imports all of its elements that QPM supports. You can prevent interfaces (not other network elements) from being displayed in QPM by marking them as ignored. You can later redisplay interfaces if you want to see them again. DLCIs and VCs on ignored interfaces are also ignored. The following topics describe hiding and displaying interfaces: •Hiding Interfaces •Displaying Interfaces Hiding Interfaces You can mark interfaces as ignored, preventing them from displaying in QPM. To do this: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click the name of the device that contains the interfaces you want to ignore. The Device Properties page appears. Step 3 Select Interfaces in the TOC (a subentry of Device Information). The Interfaces page appears. Step 4 Select the check box next to the interfaces you want to ignore, then click Mark as Ignore. A confirmation dialog box opens. Step 5 Click Yes in the confirmation dialog box. The Interfaces page refreshes. The ignored interfaces are no longer displayed. Related Topics •Hiding and Displaying Interfaces •Displaying Interfaces •Using QPM Tables, page 3-8 Displaying Interfaces You can redisplay interfaces that you previously marked as ignored. To do this: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click the name of the device that contains the interfaces you no longer want to ignore. The Device Properties page appears. Step 3 Click the hyperlinked number in the Ignored Interfaces field. The Ignored Interfaces List dialog box opens. Step 4 Select the check box next to the interfaces you no longer want to ignore, then click Cancel Ignore. Step 5 Click Close to close the dialog box. Related Topics •Hiding and Displaying Interfaces •Hiding Interfaces •Using QPM Tables, page 3-8 Working with Device Groups This section is applicable only for users who work with DCR device groups,or who use ACS permissions and are working with ACS device groups. If you do not use DCR or ACS to create multiple device groups, only the default device group will be available in QPM. The following topics describe how to work with device groups: •Understanding Device Groups •Setting the Active Device Group •Synchronizing Permissions and Device Group Information •Editing Device Group Properties •Deleting Device Groups from QPM Understanding Device Groups Device groups are groups of devices (and their network elements) within the inventory. They are created and maintained in the DCR or ACS, but QPM assigns some properties to each device group that you can view and edit in QPM. For more information, see Editing Device Group Properties. Each device group has its own set of access permissions, so they can be used to divide the network into administrative groups for purposes of controlling who can do what with which devices. Because you create policies in the context of a device group, you can assign policy groups only to devices in the same device group as the policy. The inventory always contains one device group named the default device group. If you are not using DCR or ACS device groups to group devices, your inventory will contain only the default device group. ACS Device Groups If you are using multiple ACS device groups, QPM will automatically create the same device groups with the same user permissions that are defined in ACS. When you add a new device to the inventory, QPM assigns it to its ACS device group, with the same user permissions. If a device is not assigned to an ACS device group, it is assigned to the QPM default device group. QPM automatically synchronizes the inventory with ACS in the following cases: •When you import devices, QPM synchronizes with ACS to find out what device groups the devices belong to. Only the imported devices are synchronized with ACS. •When you log into QPM, QPM automatically synchronizes with ACS to obtain and store your user permissions so it can check them before any user operations you attempt. In addition, before you deploy a deployment job, QPM synchronizes with ACS to verify that the user permissions allow the job to proceed. You can also manually refresh the QPM device group information, synchronizing it with ACS. See Synchronizing Permissions and Device Group Information. Note If you are using ACS device groups, all devices used in QPM, including the QPM server, should be defined in ACS device groups, only as AAA clients, and not as AAA servers. Related Topics •User Permissions, page 3-9 DCR Device Groups If you are using multiple DCR device groups, QPM will automatically create the same device groups with the same user permissions that are defined in DCR. When you add a new device from DCR to the inventory , QPM assigns it to its DCR device group, with the same user permissions. If a device is not assigned to a DCR device group, it is assigned to the QPM default device group. QPM automatically synchronizes the inventory with DCR in the following cases: •When you import devices, QPM synchronizes with DCR to find out what device groups the devices belong to. Only the imported devices are synchronized with DCR. •When you log into QPM, QPM automatically synchronizes with DCR to obtain and store your user permissions so it can check them before any user operations you attempt. In addition, before you deploy a deployment job, QPM synchronizes with DCR to verify that the user permissions allow the job to proceed. You can also manually refresh the QPM device group information, synchronizing it with DCR. See Synchronizing Permissions and Device Group Information. Setting the Active Device Group Only one device group at a time can be active. Throughout the QPM user interface, only the devices, deployment groups, and policy groups that are contained in the active device group are displayed. You must have sufficient user privileges to set the active device group. To set a device group as active: Step 1 Select Devices > Device Grouping. The Device Groups page appears.. Step 2 Select the device group that you want to make active by clicking the check box next to its name, and click Set Active. Related Topics •Using QPM Tables, page 3-8 Synchronizing Permissions and Device Group Information You can manually synchronize the user permissions and device group information in the inventory with ACS, DCR, or CiscoWorks Common Services (depending on which you are using to administer device groups and user permissions). Typically you would synchronize in the following cases: •When you know changes have been made to the ACS, DCR, or CiscoWorks Common Services device group assignments or access privileges. •When your CiscoWorks user role has changed since you logged into QPM. The Sync Privileges page displays your permissions to the QPM device groups on the system. If you know you have changed ACS privileges, or changed the device groups in ACS or DCR, you see whether the changes are reflected correctly on this page so you can determine if you need to synchronize to update your QPM permissions. If changes are made to the QPM device groups as a result of the synchronization, the Conflicts Assignment report shows which devices have been moved from the current device group, and all policy group assignments for those devices and their network elements will be deleted. Note ACS, DCR, and CiscoWorks Common Services device group and user permissions information is automatically synchronized each time you log into QPM. To synchronize permissions and device group information: Step 1 Select Devices > Device Grouping. The Device Groups page appears. Step 2 Select Sync Privileges in the TOC. The Sync Privileges page appears. Step 3 Select the server mode (ACS, DCR, or Cisco Works). Step 4 Click Sync. QPM synchronizes the user and device group information with the server mode you selected, and opens a message box to tell you the status when finished. Related Topics •Troubleshooting Device Management Problems, page 12-5 Editing Device Group Properties Although you cannot change device group membership within QPM (you must make device group assignment changes in ACS), you can edit the device group properties that are unique to QPM. Many of the device group properties are the same properties that QPM maintains for devices. These device group properties are assigned to all devices in the device group by default. You can override these defaults by entering different device properties for an individual device. Examples of the device group properties that you can edit include: •Description. •Default device access parameters. •Enabling/disabling NBAR port mapping. To edit device group properties: Step 1 Click Devices > Device Grouping. The Device Groups page appears. Step 2 Click the name of the device group you want to edit. The Device Group Properties page appears. Step 3 Do the following in the Device Group Properties page: a. Edit the device group. For more information about the fields in this page, see Device Group Properties Page, page A-25. b. Click Save. Related Topics •Using QPM Tables, page 3-8 •Viewing and Editing Device Properties Deleting Device Groups from QPM QPM device groups are not automatically deleted from QPM when you delete them in ACS, even when you synchronize device group information with ACS. Instead, you must manually delete QPM device groups. Any deployment groups and policy groups contained in the device group are also deleted. This feature is useful because device groups are not automatically deleted from QPM when you delete them in ACS, even when you synchronize device group information with ACS. This gives you the opportunity to edit your QPM deployment groups and policy groups before manually deleting the device group. The following are the restrictions for deleting QPM device groups: •You cannot delete the QPM default device group. •You cannot delete a device group that still contains devices. To delete a device group, you must first do one of the following: –Remove all devices from the device group in ACS. –Delete all devices in the device group from the QPM inventory. If you convert from using ACS to CiscoWorks Common Services for device management and user authentication, all devices in the inventory are moved to the default device group (because CiscoWorks Common Services does not support multiple device groups). You can then delete the remaining empty device groups. To delete device groups: Step 1 Click Devices > Device Grouping. The Device Groups page appears.. Step 2 Select the radio button next to the device group you want to delete. Step 3 Click Delete. Integrating QPM with Access Control Server (ACS) Before you begin, note: •Terminal services should not be running when QPM is installed. •QPM cannot coexist with ACS on the same machine. To integrate QPM with ACS: Step 1 Login to ACS server. Step 2 Click Network Configuration. The Network Configuration page appears. Step 3 Click Add Entry. Step 4 In the Network Device Group Name box, type the name of the new Network Device Group (NDG), for using QPM. Step 5 In the Key box, enter a key for the Network Device Group. The maximum length is 32 characters. Step 6 Click Submit. The Network Device Groups table displays the new NDG Step 7 Click the name of the new NDG, and click Add Entry below the AAA Clients table. Step 8 In the Add AAA Client page, enter the QPM client details like Hostname, IP Address, and Key. Later, you need to use the same key to configure ACS details in QPM Step 9 Click Submit or Submit + Apply to register the QPM server in ACS. Step 10 Login to CiscoWorks on QPM server. Step 11 In the CiscoWorks homepage, select Common Services > Server > Security > AAA Mode Setup. Step 12 Click the TACACS+ radio button. Step 13 Click Change. The Login Module Options window appears. Step 14 Enter ACS server details like Server, Port and Key (the Key you entered while configuring QPM server in ACS (Step 8)) Step 15 Click OK. The Login Module Change Summary page appears Step 16 Click OK. Step 17 In the AAA Mode Setup page, click the ACS radio button. Step 18 Enter the ACS sever details. Step 19 Enter the login details including the Shared Secret Key (the same key that you entered in Step 14). Step 20 Check the Register all installed applications with ACS checkbox. Step 21 Click the HTTP or HTTPS radio button to specify the current ACS administrative protocol. Step 22 Click Apply. The Login Module Change Summary page appears with the following message: ACS Server Credentials updated successfully Step 23 Close down all the QPM and CS Windows, and restart the deamon manager. Step 24 In QPM, select Devices > Device Grouping > Sync Privileges. The Sync Privileges page appears. Step 25 Check whether the Server mode is set to ACS, and click Sync. The Device Groups in the ACS server will be added to the QPM device groups. Step 26 To set a device group as active in QPM, go to Devices > Device Grouping, select a device group, and click Set Active. Related Topics •Resetting the Login Module Resetting the Login Module If there is an authorization failure with ACS server, most of the Common Services features will be disabled. To recover, you have to reset the login module. To reset the login module to CiscoWorks: Step 1 Stop the Daemon Manager using: •net stop crmdmgtd (For Windows) or •/etc/init.d/dmgtd stop (For Solaris) Step 2 Run the following script: •NMSROOT/bin/perl ResetLoginModule.pl (For Windows) or •/opt/CSCOpx/bin/perl ResetLoginModule.pl (For Solaris) Step 3 Start the Daemon Manager using: •net start crmdmgtd (For Windows) or •/etc/init.d/dmgtd start (For Solaris) This resets the login module to CiscoWorks local mode. Multiple instances of same application using same ACS server will share settings. Any changes will affect all instances of that application. If an application is configured with ACS, and then the application is reinstalled, the application will inherit the old settings.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.