User Guide for CiscoWorks QoS Policy Manager 4.1 - Chapter 4 Managing Devices [CiscoWorks QoS Policy Manager]

Table Of Contents

Managing Devices

Understanding the Device Inventory

Adding Devices to the Device Inventory

Populating DCR with Devices

Importing Devices from DCR to QPM Inventory

Importing Virtual Devices

Configuring Default Device Access Parameters

Viewing Device Discovery Status

Working with Devices

Viewing and Editing Device Properties

Exporting Device Information

Connecting to a Device Using Telnet

Viewing Device Configuration

Launching CiscoWorks Device Center

Rediscovering Device Information

Working with Device Folders

Creating Device Folders

Organizing Devices with Device Folders

Editing Device Folders

Deleting Device Folders

Using Additional Device Functions

Removing Devices

Working with Network Elements

Overview of Network Elements

Viewing and Editing Network Element Properties

Working with Source-Destination Pairs

Creating Source-Destination Pairs

Editing Source-Destination Pairs

Deleting Source-Destination Pairs

Hiding and Displaying Interfaces

Hiding Interfaces

Displaying Interfaces

Working with Device Groups

Understanding Device Groups

Setting the Active Device Group

Synchronizing Permissions and Device Group Information

Editing Device Group Properties

Deleting Device Groups from QPM

Integrating QPM with Access Control Server (ACS)

Resetting the Login Module

Managing Devices

The device inventory is a collection of information about the network elements that QPM can manage.

The following topics describe how to manage devices in QPM:

•Understanding the Device Inventory

•Adding Devices to the Device Inventory

•Working with Devices

•Working with Network Elements

•Working with Device Groups

•Integrating QPM with Access Control Server (ACS)

Understanding the Device Inventory

The device inventory is a collection of information about the network elements that QPM can manage. Network elements are devices and components of devices on which QoS can be configured.

Examples of network elements include devices (routers, switches, and layer 3 switches), cards, interfaces, subinterfaces, and VLANs. For more information about network elements, see Working with Network Elements.

The following topics help you to understand the QPM device inventory:

•Using Device Folders To Organize Your Inventory

•Using Device Groups

•Default Device Group

•Communicating With Devices Using SSH

•Communicating with Devices Using SNMP v3

Using Device Folders To Organize Your Inventory

Device folders are groups of devices that you can create for organizational purposes, for example, to distinguish edge routers from core routers. For more information, see Working with Device Folders.

Using Device Groups

Device groups are groups of devices that are created and administered using ACS. You can use multiple device groups only if you use ACS to manage device access. For more information, see Working with Device Groups.

Default Device Group

The inventory always contains one device group named the default device group. If you are not using ACS device groups to group devices, your inventory will contain only the default device group.

The default device group (like all QPM device groups) has properties that are unique to QPM. You can edit some of these properties. For more information, see Editing Device Group Properties.

Communicating With Devices Using SSH

QPM can communicate with devices in the inventory using either Telnet or secure shell (SSH). SSH provides more security than Telnet because communication with SSH is encrypted and authenticated.

QPM 4.1 supports both SSH Version 1 and SSH Version 2.

You must configure SSH on the device before QPM can communicate with it using SSH. When you configure SSH on devices, follow these guidelines:

•Configure a device public key size of 1024 bits or more.

•Define a user name on the device.

Use one of the following methods to configure QPM to use SSH to communicate with a device:

•Select SSH Version 1 or SSH Version 2 from the list displayed in the Access Configuration area in the Device Summary page to enable SSH communication with that device. For more information, see Viewing and Editing Device Properties.

•Select SSH Version 1 or SSH Version 2 from the list displayed in the Default Access Parameters area in the Device Group Properties page to enable SSH communication as the default for a device group. For more information, see Editing Device Group Properties.

Communicating with Devices Using SNMP v3

QPM 4.1 also supports SNMPv3 credentials for device discovery. QPM discovers the devices if you have selected SNMPv3 as a preference for device communication.

If you are using SNMPv3 access for the device, you should provide the entire view access for all MIBs for the SNMP user . Only then can QPM discover the devices.

Adding Devices to the Device Inventory

To manage the QoS configuration on a device or any of its elements with QPM, you must first add it to the inventory. When you add a device to the inventory, QPM discovers the device on the network to obtain the properties that it stores about the device. Therefore, devices must be running and accessible on the network before you can add them to the inventory.

You can only add a device to the inventory if you have sufficient access permissions to it. The Import Devices Wizard shows you which devices you cannot import because of insufficient permissions.

When you add a device to the inventory, all of its network elements that QPM supports are automatically added. For more information about network elements, see Working with Network Elements.

The following topics describe how to add devices to the device inventory:

•Device Group Assignment

•OS Detection and IOS Mapping

•Device Model Discovery

•Device System Name

•Device Access Parameters

Device Group Assignment

If you use ACS for user authentication, QPM assigns each imported device to the same QPM device group to which it is assigned in ACS. If a device is not assigned to an ACS device group, it is assigned to the QPM default device group.

If you use DCR for device import, QPM assigns each imported device to the same device group as in DCR. If a device is not assigned to a DCR device group, it is assigned to the QPM default device group.

If you are using CiscoWorks Common Services for user authentication, all devices you import are added to the QPM default device group.

OS Detection and IOS Mapping

QPM uses the device model type and operating system (OS) version number to load device capabilities to the inventory. All subversions of a certain version are translated to the major version, unless QPM explicitly supports the minor version. In QPM, new minor versions are mapped to the last supported minor version and not to the major version.

Both the device software version and the mapped software version are displayed in the Device Table page:

•OS Version—OS version that QPM detected.

•Mapped OS Version—OS version to which the detected OS version is mapped.

If QPM does not support an imported device's Cisco IOS version, the device model is displayed correctly but the device is assigned the status "Unsupported," and no Mapped OS version is assigned to it.

You cannot perform any tasks on devices that have the status Unsupported.

If the device model is supported by QPM but the Cisco IOS version is not, you can upgrade the device to a supported Cisco IOS version and then rediscover the device to make it available in QPM.

Device Model Discovery

If QPM does not support an imported device model, then the device is assigned the status Unsupported, and the model appears as Unknown in the Device Table. You cannot perform any tasks on devices that have the status Unsupported. The device's interfaces are not discovered or imported.

Device System Name

You can add a device to the inventory by providing either its IP address or its DNS name (if it is registered in DNS). Whichever of these values you provide becomes the device's primary name in QPM.

If the device has a system name configured, it is detected when QPM discovers the device. The device system name is added to the Device Table, as another method for you to identify the device.

You cannot use device DNS names that contain the backslash (\) character.

Device Access Parameters

Device access parameters are the passwords and community strings that QPM needs to log into and configure devices. QPM obtains device access parameters for devices you add to the inventory in the following ways:

•While adding a device manually, you can either enter the device access parameters, or you can use the destination device group's default access parameters. To use default access parameters, leave the access parameters fields blank.

•While importing from DCR and virtual device file, QPM uses the device access parameters as obtained from the import.

For more information about default device access parameters, see Configuring Default Device Access Parameters.

The following topics describe how to add devices to the inventory:

•Importing Devices from DCR to QPM Inventory

•Importing Virtual Devices

•Configuring Default Device Access Parameters

•Viewing Device Discovery Status

Populating DCR with Devices

Before you import devices into QPM device inventory, you should populate the DCR (Device Credentials Repository) in Common Services. QPM provides the launch point to DCR.

You can populate DCR either by manual addition of devices or by using the Network Discovery feature in Common Services.

Before You Begin

Before you manually add devices, obtain the following information for each device you are adding:

•DNS name of the device or IP address of the device or one of its interfaces.

•If you are not using the device group default access parameters to connect to the device, you must obtain the device access parameters necessary to connect to it.

For more information about default device access parameters, see Configuring Default Device Access Parameters.

To populate DCR by manually adding devices:

Step 1 In QPM, go to Devices > Device Management > Device Summary.

The Device Summary page opens.

Step 2 Click Populate DCR > By Manual Addition.

You will be re-directed to the Device Management page in Common Services

Step 3 Follow the instructions in the Device Management page to add devices to DCR.

For QPM to discover devices from DCR, you should provide SNMP credentials for the device by entering values for both RO and RW Community Strings. You can enter these values under the Device Management > SNMP Credentials page in Common Services.

QPM also supports secondary credentials. You should provide secondary credentials for the device by entering values in the Device management > Standard Credentials page in Common Services.

To populate DCR by using the Device Discovery feature in Common Services:

Step 1 In QPM, go to Devices > Device Management > Device Summary.

The Device Summary page opens.

Step 2 Click Populate DCR > By Network Discovery.

You will be re-directed to the Device Discovery Summary page in Common Services.

Step 3 Click Discovery Settings in the TOC to configure the settings and discover devices in the network.

You can follow the instructions provided in Common Services to add devices by this method.

Importing Devices from DCR to QPM Inventory

You can import devices to QPM inventory from the DCR or from a Virtual Devices file.

To import devices from DCR:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 Click Import Devices to QPM > From DCR in the Device Summary page.

The Import Devices Wizard - General page appears.

Step 3 Do the following in the Import Devices Wizard - General page:

a. Click the checkbox if you do not want to re-import the devices that were previously imported, but not added to QPM.

b. Click Next.

The Import Devices Wizard - Select Devices page appears.

For more information about the Import Devices Wizard - General page, see Import Devices Wizard - General Page, page A-19.

Step 4 In the Import Devices Wizard - Select Devices page, select the check box next to the device you are adding and click Finish.

The Discovery Status page appears, where you can monitor the progress of the import operation. For more information, see Viewing Device Discovery Status.

Note QPM imports devices by accessing the devices through Telnet, SSHv2, or SSHv1 (in the same order). If the device access fails on Telnet, QPM tries SSHv2. If the device access still fails on SSHv2, QPM tries SSHv1 to access the device.

Related Topics

•Adding Devices to the Device Inventory

•Using QPM Tables, page 3-11

•Using QPM Wizards, page 3-12

•Troubleshooting Device Management Problems, page 14-5

Importing Virtual Devices

You can import virtual devices from a file for testing and demonstration purposes. Virtual devices are not physical devices. They are defined in a file that contains the same device information required to import a physical device.

You create a file containing a virtual device by exporting device inventory information. For more information, see Exporting Device Information.

Each device in the inventory must have a unique IP address. If the virtual device file you want to import contains a virtual device with an IP address that is already in the inventory, you must edit the IP address in the file (which is in XML format) before you can import the virtual device.

To import virtual devices from a file:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 Click Import Devices to QPM > From Virtual Devices File in the Device Summary page.

The Import Devices Wizard - General page appears.

Step 3 Do the following in the Import Devices Wizard - General page:

c. Enter the path to the virtual devices file in the File field, or click Browse to navigate to the file.

d. Click Next.

The Import Devices Wizard - Select Devices page appears.

Step 4 In the Import Devices Wizard - Select Devices page, select the check boxes next to the devices you want to add, then click Finish.

The Discovery Status page appears, where you can monitor the progress of the add operation. For more information, see Viewing Device Discovery Status.

Related Topics

•Adding Devices to the Device Inventory

•Using QPM Tables, page 3-11

•Using QPM Wizards, page 3-12

Configuring Default Device Access Parameters

Device access parameters are the passwords and community strings that QPM needs to log into, import, and configure devices.

You can configure the default device access parameters that are assigned to devices when you import them into the inventory.

Note If you are using ACS and multiple device groups, each device group has its own set of default device access parameters.

When you add devices to the inventory, the default device access parameters are used to import the devices unless you override them. Each method of importing devices has its own method of overriding the defaults; see the related topics for more information.

You can configure device access parameters for all devices in a device group.

To configure the default device access parameters for a device group:

Step 1 Select Devices > Device Grouping > Device Groups

The Device Groups page appears.

Step 2 In the Device Groups page, click the name of the device group you want to modify.

The Device Group Properties page appears.

Step 3 Do the following in the Device Group Properties page:

a. Open the Default Access Parameters area by clicking the arrow next to its heading.

b. Modify the access parameters. For more information about the fields in these pages, see Device Group Properties Page, page A-10 or Device Summary Page, page A-2.

c. Click Save.

Related Topics

•Adding Devices to the Device Inventory

•Importing Devices from DCR to QPM Inventory

•Using QPM Tables, page 3-11

•Troubleshooting Device Management Problems, page 14-5

Viewing Device Discovery Status

When you import devices, you can use the Discovery Status report to see the status of each device discovery task (for example, tasks can be finished, in progress, or failed because of incorrect device access parameters).

You can define the refresh interval for this page.

If you add more devices while the previous add device operation is still in progress, the Discovery Status page will display a separate record for each add operation, in order from newest to oldest.

To view the status of the device discovery task:

Step 1 Select Devices > Device Management > Discovery Status.

The Discovery Status page appears.

Step 2 Do the following in the Discovery Status page:

a. View the status of active device discovery operations. For information about this page, see Discovery Status Page, page A-8.

b. Optionally, you can select a different refresh interval from the list box below the table.

Note If you are using SNMPv3 access for the device, you should provide the entire view access to all the MIBs for the SNMP user . QPM can successfully discover the devices only if you provide the entire view access to all the MIBs.

Related Topics

•Adding Devices to the Device Inventory

•Using QPM Tables, page 3-11

•Troubleshooting Device Management Problems, page 14-5

Working with Devices

The following topics describe working with devices:

•Viewing and Editing Device Properties

•Device View Page, page B-40

•Rediscovering Device Information

Viewing and Editing Device Properties

You can view a device's properties and edit some of them. Examples of the properties you can edit include:

•Device role assignment

•Device folder assignment

•Device access parameters (passwords and community strings)

You can view and edit device properties from any device list, whether it is in the main device table, or accessed from the device folders, device groups, or search results pages.

To view and edit the device properties:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 In the Device Summary page, click the name of the device you want to edit.

The device properties appear in the content area.

Step 3 Edit any of the device properties that are available for editing. For more information about the fields in this page, see Device Summary Page, page A-2.

Step 4 Click Save.

This section contains information on:

•Exporting Device Information

•Connecting to a Device Using Telnet

•Viewing Device Configuration

Exporting Device Information

You can export a device's information to a file on your client system that can then be used to import the device back into QPM as a virtual device. This process allows you to test and demonstrate QoS policies without affecting real devices.

To export a device's information:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 In the Device Summary page, click the name of the device

The device properties appears in the content area.

Step 3 Click Export.

The browser file download process begins.

Step 4 Use the browser file download process to save the file to your client system.

Related Topics

•Importing Virtual Devices

•Using QPM Tables, page 3-11

Connecting to a Device Using Telnet

You can connect to a device in the device inventory from within QPM using Telnet. QPM starts the default Telnet program on your client system and automatically connects to the device. If there is no Telnet program installed on your client system, this feature will not work.

To connect to a device using Telnet:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 In the Device Summary page, click the device name.

The device properties appear in the content area.

Step 3 Click Telnet.

A Telnet application opens and connects to the device.

Related Topics

•Using QPM Tables, page 3-11

•Troubleshooting Device Management Problems, page 14-5

Viewing Device Configuration

You can view a device's running software configuration from within QPM. This is useful if you are deciding whether to upload the device's configuration into the QPM inventory.

To view the device's configuration:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 In the Device Summary page, click the device name.

The device properties appear in the content area.

Step 3 Click Show run.

The Display show run report appears, displaying the device's running configuration.

Related Topics

•Using QPM Tables, page 3-11

Launching CiscoWorks Device Center

CiscoWorks Device Center provides device management tools to manage devices in DCR. QPM provides the launch point to Device Center to manage a selected device.

To launch Device Center and change the credentials of a device imported into QPM from DCR:

Step 1 In QPM, go to Devices > Device Management > Device Summary.

The Device Summary page opens.

Step 2 Click the device whose credentials you want to change.

The device properties appear in the content area.

Step 3 Click Launch Device Center.

You are re-directed to the CiscoWorks Device Center page. This page shows the device summary and the functions that you can use to change the device's credentials.

Step 4 Click the different tools under the Functions Available area to edit the device's credentials.

You can follow the instructions provided in Device Center page to work with the tools.

Note You should rediscover the device in QPM, after you change its credentials through Device Center.

Rediscovering Device Information

Rediscovering a device's information causes QPM to connect to the device on the network and obtain its device information again. You should do this when you make configuration changes to a device to ensure that the device can still support the policies and configurations you assigned to it using QPM.

Before you rediscover a device, you can go to the Access Configuration area in the Device Summary page, and select the Login Protocol among the following options:

•Auto Select

•Telnet

•SSHv2

•SSHv1

During the rediscover process, QPM will delete any policy or network element assignments that are no longer valid because of changes to the device's information. A report of deleted policy assignments is generated.

To rediscover devices:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 Select the check boxes next to the devices you want to rediscover, then click Rediscover.

The Discovery Status page appears. Your rediscovery job appears at the top of the list, with an indication of the number of devices for which discovery is in process or completed. The page refreshes according to your selection in the Refresh Rate field at the bottom of the page.

Rediscovery is complete when no devices are listed in the In Process field. For more information, see Discovery Status Page, page A-8.

Related Topics

•Using QPM Tables, page 3-11

•Troubleshooting Device Management Problems, page 14-5

Working with Device Folders

You can create device folders to organize the inventory for administrative purposes. For example, you might create a device folder for each building on your corporate campus and assign the devices in each building to their corresponding device folder.

Device folders are contained within device groups. If you are not using ACS and multiple device groups, all device folders are contained within the default device group.

Unlike device groups, you cannot assign access privileges to device folders. Device folders are used primarily to group devices into related groups for the purpose of more easily searching for devices and classifying and sorting lists of devices.

When you use the device folders table to browse device folders, you can perform the same actions on the listed devices that you can perform from the device table. See Working with Devices, for more information about these actions.

The following topics describe how to work with device folders:

•Creating Device Folders

•Organizing Devices with Device Folders

•Editing Device Folders

•Deleting Device Folders

Creating Device Folders

Create device folders to organize your inventory.

To do this:

Step 1 Select Devices > Device Grouping > Device Folder.

The Device Folders page appears.

Step 2 Click Create. The Device Folder Properties page appears.

Step 3 Do the following in the Device Folder Properties page:

a. Create the new device folder. For more information about the fields in this page, see Device Folder Properties Page, page A-13.

b. Click the checkboxes corresponding to the devices that you want to include in the device folder.

c. Click Create.

The Device Folders page appears. The new device folder appears in the table.

Related Topics

•Working with Device Folders

Organizing Devices with Device Folders

You can use device folders to organize your inventory. The procedure describes how to add devices to device folders, remove devices from devices folders, and move devices between device folders.

To organize devices with device folders:

Step 1 Select Devices > Device Grouping > Device Folder. The Device Folder page appears.

Step 2 Click the name of the device folder in which you want to organize devices.

The Device Folder Properties dialog box opens.

Step 3 Do the following in the Device Folders Properties dialog box:

a. Select the required devices. For more information about the fields in this page, see Device Folder Properties Page, page A-13.

b. Click Save to save the changes you have made and close the dialog box.

Related Topics

•Working with Device Folders

•Using QPM Tables, page 3-11

Editing Device Folders

Edit a device folder to change properties such as its name and description. To do this:

Step 1 Select Devices > Device Grouping > Device Folder.

The Device Folders page appears.

Step 2 Do one of the following to select a device folder:

•Click the name of the device folder.

•Select the check box next to a device folder name, then click Edit.

The Device Folder Properties page appears.

Step 3 Do the following in the Device Folder Properties page:

a. Edit the device folder. For more information about the fields in this page, see Device Folder Properties Page, page A-13.

b. Click Save.

Related Topics

•Working with Device Folders

•Using QPM Tables, page 3-11

Deleting Device Folders

You can delete a device folder when you no longer want to use it to organize your inventory.

When you delete a device folder, the devices assigned to the device folder are not deleted from the inventory.

To delete device folders:

Step 1 Select Devices > Device Grouping > Device Folders.

The Device Folders page appears.

Step 2 Select the check box next to the device folders you want to remove, then click Delete.

The Device Folders page refreshes. The deleted device folders do not appear in the table.

Related Topics

•Working with Device Folders

•Using QPM Tables, page 3-11

Using Additional Device Functions

The following topics document the additional device functions that are available:

•Removing Devices

Removing Devices

If you no longer want to manage QoS on a device, you can remove it from the inventory. When you remove a device, all of its elements are also removed.

Removing Devices That Are Being Monitored

If you remove a device that contains network elements that are being monitored by a QoS analysis task, QPM continues to monitor these network elements.

To stop QPM from monitoring these network elements, you must stop or delete the QoS analysis task. For more information, see the following topics:

•Performing Historical QoS Analysis, page 10-5

•Performing Real Time Chart Analysis, page 10-15

To remove devices from QPM inventory:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 Select the check box next to the devices you want to remove, then click Delete.

The Device Summary page refreshes, with the deleted devices removed.

Related Topics

•Using QPM Tables, page 3-11

Working with Network Elements

The following topics describe how to work with network elements:

•Overview of Network Elements

•Viewing and Editing Network Element Properties

•Working with Source-Destination Pairs

•Hiding and Displaying Interfaces

Overview of Network Elements

QPM supports both physical and logical network elements. A physical network element physically exists on a device and can be read or calculated using SNMP and Telnet. Examples include device, interface, VLAN, DLCI, and VC.

A user-supplied element is one that does not exist on a device, and its purpose is helping you manage your network elements. An example is source-destination pairs.

The interfaces on a device carry the network traffic. In QPM, the term interfaces refers to router interfaces and subinterfaces, and switch ports. QPM allows you to configure QoS on subinterfaces.

Viewing and Editing Network Element Properties

You can view and change network element properties. An example of the network element properties that you can edit is whether interfaces are ignored (hidden from display in QPM).

To view and edit network element properties:

Step 1 Select Devices > Device Management > Device Summary.

The Device Summary page appears.

Step 2 Expand the tree corresponding to the device to view its interfaces, and click any interface.

The interface's properties appear in the content area.

Step 3 Edit the interface properties if desired. For more information about the fields in this page, see Device Summary Page, page A-2.

Step 4 Click Save.

Related Topics

•Hiding and Displaying Interfaces

•Using QPM Tables, page 3-11

Working with Source-Destination Pairs

Source-destination pairs are logical (not physical) user-supplied network elements. You define them for Catalyst 8400 and Catalyst 8500 switches, which have QoS features that allow you to configure QoS traffic rules to inbound and outbound traffic on the same device. To do this, you must define source-destination pairs of interfaces on a device, to which you can apply this type of traffic rules.

The following topics describe how to work with source-destination pairs using QPM:

•Creating Source-Destination Pairs

•Editing Source-Destination Pairs

•Deleting Source-Destination Pairs

•Setting Network Element Policy Assignments, page 8-18

Creating Source-Destination Pairs

You can create source-destination pairs using QPM. To do this:

Step 1 Choose Devices > Device Summary.

The Device Table page appears.

Step 2 Click the device name of the device on which you want to create a source-destination pair.

The Device Properties page appears.

Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information).

The Source-Dest Pairs page appears.

Step 4 Click Create.

The Source-Dest Pairs Properties page appears.

Step 5 Do the following in the Source-Dest Pairs Properties page:

a. Create a source-destination pair.

For more information about the fields in this page, see Source-Dest Pair Properties Page, page A-17.

b. Click Save.

Related Topics

•Working with Source-Destination Pairs

•Using QPM Tables, page 3-11

Editing Source-Destination Pairs

You can edit source-destination pairs using QPM. To do this:

Step 1 Choose Devices > Device Summary.

The Device Table page appears.

Step 2 Click the device name of the device on which you want to edit a source-destination pair.

The Device Properties page appears.

Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information).

The Source-Dest Pairs page appears.

Step 4 Select the check box next to the source-destination pair you want to edit, then click Edit.

The Source-Dest Pairs Properties page appears.

Step 5 Do the following in the Source-Dest Pairs Properties page:

a. Edit the source-destination pair. For more information about the fields in this page, see Source-Dest Pair Properties Page, page A-17.

b. Click Save.

Related Topics

•Working with Source-Destination Pairs

•Using QPM Tables, page 3-11

Deleting Source-Destination Pairs

You can delete source-destination pairs using QPM. To do this:

Step 1 Choose Devices > Device Summary.

The Device Table page appears.

Step 2 Click the device name of the device on which you want to delete a source-destination pair.

The Device Properties page appears.

Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information).

The Source-Dest Pairs page appears.

Step 4 Select the check box next to the source-destination pairs you want to delete, then click Delete.

Related Topics

•Working with Source-Destination Pairs

•Using QPM Tables, page 3-11

Hiding and Displaying Interfaces

When you import a device, QPM discovers and imports all of its elements that QPM supports. You can prevent interfaces (not other network elements) from being displayed in QPM by marking them as ignored. You can later redisplay interfaces if you want to see them again. DLCIs and VCs on ignored interfaces are also ignored.

The following topics describe hiding and displaying interfaces:

•Hiding Interfaces

•Displaying Interfaces

Hiding Interfaces

You can mark interfaces as ignored, preventing them from displaying in QPM. To do this:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Click the name of the device that contains the interfaces you want to ignore.

The Device Properties page appears.

Step 3 Select Interfaces in the TOC (a subentry of Device Information).

The Interfaces page appears.

Step 4 Select the check box next to the interfaces you want to ignore, then click Mark as Ignore.

A confirmation dialog box opens.

Step 5 Click Yes in the confirmation dialog box.

The Interfaces page refreshes. The ignored interfaces are no longer displayed.

Related Topics

•Hiding and Displaying Interfaces

•Displaying Interfaces

•Using QPM Tables, page 3-11

Displaying Interfaces

You can redisplay interfaces that you previously marked as ignored. To do this:

Step 1 Select Devices > Device Summary.

The Device Table page appears.

Step 2 Click the name of the device that contains the interfaces you no longer want to ignore.

The Device Properties page appears.

Step 3 Click the hyperlinked number in the Ignored Interfaces field.

The Ignored Interfaces List dialog box opens.

Step 4 Select the check box next to the interfaces you no longer want to ignore, then click Cancel Ignore.

Step 5 Click Close to close the dialog box.

Related Topics

•Hiding and Displaying Interfaces

•Hiding Interfaces

•Using QPM Tables, page 3-11

Working with Device Groups

This section is applicable only for users who work with DCR device groups, or who use ACS permissions and are working with ACS device groups. If you do not use DCR or ACS to create multiple device groups, only the default device group will be available in QPM.

The following topics describe how to work with device groups:

•Understanding Device Groups

•Setting the Active Device Group

•Synchronizing Permissions and Device Group Information

•Editing Device Group Properties

•Deleting Device Groups from QPM

Understanding Device Groups

Device groups are groups of devices (and their network elements) within the inventory. They are created and maintained in the DCR or ACS, but QPM assigns some properties to each device group that you can view and edit in QPM. For more information, see Editing Device Group Properties.

Each device group has its own set of access permissions, so they can be used to divide the network into administrative groups for purposes of controlling who can do what with which devices.

Since you create policies in the context of a device group, you can assign policy groups only to devices in the same device group as the policy.

The inventory always contains one device group named the default device group. If you are not using DCR or ACS device groups to group devices, your inventory will contain only the default device group.

ACS Device Groups

If you are using multiple ACS device groups, QPM will automatically create the same device groups with the same user permissions that are defined in ACS. When you add a new device to the inventory, QPM assigns it to its ACS device group, with the same user permissions. If a device is not assigned to an ACS device group, it is assigned to the QPM default device group.

QPM automatically synchronizes the inventory with ACS in the following cases:

•When you import devices, QPM synchronizes with ACS to find out what device groups the devices belong to. Only the imported devices are synchronized with ACS.

•When you log into QPM, QPM automatically synchronizes with ACS to obtain and store your user permissions so it can check them before any user operations you attempt.

In addition, before you deploy a deployment job, QPM synchronizes with ACS to verify that the user permissions allow the job to proceed.

You can also manually refresh the QPM device group information, synchronizing it with ACS. See Synchronizing Permissions and Device Group Information.

Note If you are using ACS device groups, all devices used in QPM, including the QPM server, should be defined in ACS device groups, only as AAA clients, and not as AAA servers.

Related Topics

•User Permissions, page 3-13

DCR Device Groups

If you are using multiple DCR device groups, QPM will automatically create the same device groups with the same user permissions that are defined in DCR. When you add a new device from DCR to the inventory , QPM assigns it to its DCR device group, with the same user permissions. If a device is not assigned to a DCR device group, it is assigned to the QPM default device group.

QPM automatically synchronizes the inventory with DCR in the following cases:

•When you import devices, QPM synchronizes with DCR to find out what device groups the devices belong to. Only the imported devices are synchronized with DCR.

•When you log into QPM, QPM automatically synchronizes with DCR to obtain and store your user permissions so it can check them before any user operations you attempt.

In addition, before you deploy a deployment job, QPM synchronizes with DCR to verify that the user permissions allow the job to proceed.

You can also manually refresh the QPM device group information, synchronizing it with DCR. See Synchronizing Permissions and Device Group Information.

Setting the Active Device Group

Only one device group at a time can be active. Throughout the QPM user interface, only the devices, policy groups, and policies that are contained in the active device group are displayed. You must have sufficient user privileges to set the active device group.

To set a device group as active:

Step 1 Select Devices > Device Grouping > Device Groups.

The Device Groups page appears..

Step 2 Select the device group that you want to make active by clicking the check box next to its name, and click Set Active.

Related Topics

•Using QPM Tables, page 3-11

Synchronizing Permissions and Device Group Information

You can manually synchronize the user permissions and device group information in the inventory with ACS, DCR, or CiscoWorks Common Services (depending on which you are using to administer device groups and user permissions).

Typically you would synchronize in the following cases:

•When you know changes have been made to the ACS, DCR, or CiscoWorks Common Services device group assignments or access privileges.

•When your CiscoWorks user role has changed since you logged into QPM.

The Sync Privileges page displays your permissions to the QPM device groups on the system. If you know you have changed ACS privileges, or changed the device groups in ACS or DCR, you see whether the changes are reflected correctly on this page so you can determine if you need to synchronize to update your QPM permissions.

If changes are made to the QPM device groups as a result of the synchronization, the Conflicts Assignment report shows which devices have been moved from the current device group. All policy group assignments for those devices and their network elements will be deleted.

Note ACS, DCR, and CiscoWorks Common Services device group and user permissions information is automatically synchronized each time you log into QPM.

To synchronize permissions and device group information:

Step 1 Select Devices > Device Grouping > Sync Privileges.

The Sync Privileges page appears.

Step 2 Select the server mode (ACS, DCR, or Cisco Works).

Step 3 Click Sync.

QPM synchronizes the user and device group information with the server mode you selected, and opens a message box to show you the status when finished.

Related Topics

•Troubleshooting Device Management Problems, page 14-5

Editing Device Group Properties

Although you cannot change device group membership within QPM (you must make device group assignment changes in ACS), you can edit the device group properties that are unique to QPM.

Many of the device group properties are the same properties that QPM maintains for devices. These device group properties are assigned to all devices in the device group by default. You can override these defaults by entering different device properties for an individual device.

Examples of the device group properties that you can edit include:

•Description.

•Default device access parameters.

•Enabling/disabling NBAR port mapping.

To edit device group properties:

Step 1 Click Devices > Device Grouping.

The Device Groups page appears.

Step 2 Click the name of the device group you want to edit.

The Device Group Properties page appears.

Step 3 Do the following in the Device Group Properties page:

a. Edit the device group. For more information about the fields in this page, see Device Group Properties Page, page A-10.

b. Click Save.

Related Topics

•Using QPM Tables, page 3-11

•Viewing and Editing Device Properties

Deleting Device Groups from QPM

QPM device groups are not automatically deleted from QPM when you delete them in ACS, even when you synchronize device group information with ACS.

You must manually delete QPM device groups. Any deployment groups and policy groups contained in the device group are also deleted.

This feature is useful because device groups are not automatically deleted from QPM when you delete them in ACS, even when you synchronize device group information with ACS. This gives you the opportunity to edit your QPM deployment groups and policy groups before manually deleting the device group.

The following are the restrictions for deleting QPM device groups:

•You cannot delete the QPM default device group.

•You cannot delete a device group that still contains devices. To delete a device group, you must first do one of the following:

–Remove all devices from the device group in ACS.

–Delete all devices in the device group from the QPM inventory.

If you convert from using ACS to CiscoWorks Common Services for device management and user authentication, all devices in the inventory are moved to the default device group.

This is because CiscoWorks Common Services does not support multiple device groups. You can then delete the remaining empty device groups.

To delete device groups:

Step 1 Click Devices > Device Grouping.

The Device Groups page appears..

Step 2 Click the radio button next to the device group you want to delete.

Step 3 Click Delete.

Integrating QPM with Access Control Server (ACS)

Before you begin, note:

•Terminal services should not be running when QPM is installed.

•QPM cannot coexist with ACS on the same machine.

To integrate QPM with ACS:

Step 1 Login to ACS server.

Step 2 Click Network Configuration.

The Network Configuration page appears.

Step 3 Click Add Entry.

Step 4 In the Network Device Group Name box, type the name of the new Network Device Group (NDG), for using QPM.

Step 5 In the Key box, enter a key for the Network Device Group. The maximum length is 32 characters.

Step 6 Click Submit.

The Network Device Groups table displays the new NDG

Step 7 Click the name of the new NDG, and click Add Entry below the AAA Clients table.

Step 8 In the Add AAA Client page, enter the QPM client details like Hostname, IP Address, and Key.

Later, you need to use the same key to configure ACS details in QPM

Step 9 Click Submit or Submit + Apply to register the QPM server in ACS.

Step 10 Login to CiscoWorks on QPM server.

Step 11 In the CiscoWorks homepage, select
Common Services > Server > Security > AAA Mode Setup.

Step 12 Click the TACACS+ radio button.

Step 13 Click Change.

The Login Module Options window appears.

Step 14 Enter ACS server details such as, Server, Port and Key.

This is the key given while configuring QPM server in ACS (Step 8)

Step 15 Click OK.

The Login Module Change Summary page appears

Step 16 Click OK.

Step 17 In the AAA Mode Setup page, click the ACS radio button.

Step 18 Enter the ACS sever details.

Step 19 Enter the login details including the Shared Secret Key (the same key that you entered in Step 14).

Step 20 Check the Register all installed applications with ACS checkbox.

Step 21 Click the HTTP or HTTPS radio button to specify the current ACS administrative protocol.

Step 22 Click Apply.

The Login Module Change Summary page appears with the following message:
ACS Server Credentials updated successfully

Step 23 Close down all the QPM and CS Windows, and restart the deamon manager.

Step 24 In QPM, select Devices > Device Grouping > Sync Privileges.

The Sync Privileges page appears.

Step 25 Check whether the Server mode is set to ACS, and click Sync.

The Device Groups in the ACS server will be added to the QPM device groups.

To set a device group as active in QPM, go to Devices > Device Grouping, select a device group, and click Set Active.

Related Topics

•Resetting the Login Module

Resetting the Login Module

If there is an authorization failure with ACS server, most of the Common Services features will be disabled.

To recover, you have to reset the login module.

To reset the login module to CiscoWorks:

Step 1 Stop the Daemon Manager using:

•net stop crmdmgtd (For Windows)

or

•/etc/init.d/dmgtd stop (For Solaris)

Step 2 Run the following script:

•NMSROOT/bin/perl ResetLoginModule.pl (For Windows)

or

•/opt/CSCOpx/bin/perl ResetLoginModule.pl (For Solaris)

Step 3 Start the Daemon Manager using:

•net start crmdmgtd (For Windows)

or

•/etc/init.d/dmgtd start (For Solaris)

This resets the login module to CiscoWorks local mode.

Multiple instances of same application using same ACS server will share settings. Any changes will affect all instances of that application.

If an application is configured with ACS, and then the application is reinstalled, the application will inherit the old settings.

	User Guide for CiscoWorks QoS Policy Manager 4.1
	Chapter 4 Managing Devices
User Guide for CiscoWorks QoS Policy Manager 4.1 Preface Chapter 1 Introduction Chapter 2 Planning for Quality of Service Chapter 3 Getting Started Chapter 4 Managing Devices Chapter 5 Working with Policy Groups Chapter 6 Working with Macros Chapter 7 Configuring QoS for IP Telephony Chapter 8 Working with Policies, Properties, and Traffic Rules Chapter 9 Deploying QoS Policies Chapter 10 Monitoring: Using QoS Analysis Chapter 11 Using Administration Features Chapter 12 Integrating NCM with QPM Chapter 13 Integrating CUOM with QPM Chapter 14 Troubleshooting QPM Appendix A Devices Drawer Reference Appendix B Provision Tab Reference: Macros and Policy Creation Appendix C Provision Tab Reference: Policy Preview and Deployment Appendix D Monitor Tab Reference Appendix E Administration Tab Reference Appendix F CLI Command Reference for QPM Actions Appendix G QPM FAQs Index	Download this chapter Chapter 4 Managing Devices Download the complete book User Guide for CiscoWorks QoS Policy Manager 4.1 (PDF - 8 MB) Table Of Contents Managing Devices Understanding the Device Inventory Adding Devices to the Device Inventory Populating DCR with Devices Importing Devices from DCR to QPM Inventory Importing Virtual Devices Configuring Default Device Access Parameters Viewing Device Discovery Status Working with Devices Viewing and Editing Device Properties Exporting Device Information Connecting to a Device Using Telnet Viewing Device Configuration Launching CiscoWorks Device Center Rediscovering Device Information Working with Device Folders Creating Device Folders Organizing Devices with Device Folders Editing Device Folders Deleting Device Folders Using Additional Device Functions Removing Devices Working with Network Elements Overview of Network Elements Viewing and Editing Network Element Properties Working with Source-Destination Pairs Creating Source-Destination Pairs Editing Source-Destination Pairs Deleting Source-Destination Pairs Hiding and Displaying Interfaces Hiding Interfaces Displaying Interfaces Working with Device Groups Understanding Device Groups Setting the Active Device Group Synchronizing Permissions and Device Group Information Editing Device Group Properties Deleting Device Groups from QPM Integrating QPM with Access Control Server (ACS) Resetting the Login Module Managing Devices The device inventory is a collection of information about the network elements that QPM can manage. The following topics describe how to manage devices in QPM: •Understanding the Device Inventory •Adding Devices to the Device Inventory •Working with Devices •Working with Network Elements •Working with Device Groups •Integrating QPM with Access Control Server (ACS) Understanding the Device Inventory The device inventory is a collection of information about the network elements that QPM can manage. Network elements are devices and components of devices on which QoS can be configured. Examples of network elements include devices (routers, switches, and layer 3 switches), cards, interfaces, subinterfaces, and VLANs. For more information about network elements, see Working with Network Elements. The following topics help you to understand the QPM device inventory: •Using Device Folders To Organize Your Inventory •Using Device Groups •Default Device Group •Communicating With Devices Using SSH •Communicating with Devices Using SNMP v3 Using Device Folders To Organize Your Inventory Device folders are groups of devices that you can create for organizational purposes, for example, to distinguish edge routers from core routers. For more information, see Working with Device Folders. Using Device Groups Device groups are groups of devices that are created and administered using ACS. You can use multiple device groups only if you use ACS to manage device access. For more information, see Working with Device Groups. Default Device Group The inventory always contains one device group named the default device group. If you are not using ACS device groups to group devices, your inventory will contain only the default device group. The default device group (like all QPM device groups) has properties that are unique to QPM. You can edit some of these properties. For more information, see Editing Device Group Properties. Communicating With Devices Using SSH QPM can communicate with devices in the inventory using either Telnet or secure shell (SSH). SSH provides more security than Telnet because communication with SSH is encrypted and authenticated. QPM 4.1 supports both SSH Version 1 and SSH Version 2. You must configure SSH on the device before QPM can communicate with it using SSH. When you configure SSH on devices, follow these guidelines: •Configure a device public key size of 1024 bits or more. •Define a user name on the device. Use one of the following methods to configure QPM to use SSH to communicate with a device: •Select SSH Version 1 or SSH Version 2 from the list displayed in the Access Configuration area in the Device Summary page to enable SSH communication with that device. For more information, see Viewing and Editing Device Properties. •Select SSH Version 1 or SSH Version 2 from the list displayed in the Default Access Parameters area in the Device Group Properties page to enable SSH communication as the default for a device group. For more information, see Editing Device Group Properties. Communicating with Devices Using SNMP v3 QPM 4.1 also supports SNMPv3 credentials for device discovery. QPM discovers the devices if you have selected SNMPv3 as a preference for device communication. If you are using SNMPv3 access for the device, you should provide the entire view access for all MIBs for the SNMP user . Only then can QPM discover the devices. Adding Devices to the Device Inventory To manage the QoS configuration on a device or any of its elements with QPM, you must first add it to the inventory. When you add a device to the inventory, QPM discovers the device on the network to obtain the properties that it stores about the device. Therefore, devices must be running and accessible on the network before you can add them to the inventory. You can only add a device to the inventory if you have sufficient access permissions to it. The Import Devices Wizard shows you which devices you cannot import because of insufficient permissions. When you add a device to the inventory, all of its network elements that QPM supports are automatically added. For more information about network elements, see Working with Network Elements. The following topics describe how to add devices to the device inventory: •Device Group Assignment •OS Detection and IOS Mapping •Device Model Discovery •Device System Name •Device Access Parameters Device Group Assignment If you use ACS for user authentication, QPM assigns each imported device to the same QPM device group to which it is assigned in ACS. If a device is not assigned to an ACS device group, it is assigned to the QPM default device group. If you use DCR for device import, QPM assigns each imported device to the same device group as in DCR. If a device is not assigned to a DCR device group, it is assigned to the QPM default device group. If you are using CiscoWorks Common Services for user authentication, all devices you import are added to the QPM default device group. OS Detection and IOS Mapping QPM uses the device model type and operating system (OS) version number to load device capabilities to the inventory. All subversions of a certain version are translated to the major version, unless QPM explicitly supports the minor version. In QPM, new minor versions are mapped to the last supported minor version and not to the major version. Both the device software version and the mapped software version are displayed in the Device Table page: •OS Version—OS version that QPM detected. •Mapped OS Version—OS version to which the detected OS version is mapped. If QPM does not support an imported device's Cisco IOS version, the device model is displayed correctly but the device is assigned the status "Unsupported," and no Mapped OS version is assigned to it. You cannot perform any tasks on devices that have the status Unsupported. If the device model is supported by QPM but the Cisco IOS version is not, you can upgrade the device to a supported Cisco IOS version and then rediscover the device to make it available in QPM. Device Model Discovery If QPM does not support an imported device model, then the device is assigned the status Unsupported, and the model appears as Unknown in the Device Table. You cannot perform any tasks on devices that have the status Unsupported. The device's interfaces are not discovered or imported. Device System Name You can add a device to the inventory by providing either its IP address or its DNS name (if it is registered in DNS). Whichever of these values you provide becomes the device's primary name in QPM. If the device has a system name configured, it is detected when QPM discovers the device. The device system name is added to the Device Table, as another method for you to identify the device. You cannot use device DNS names that contain the backslash (\) character. Device Access Parameters Device access parameters are the passwords and community strings that QPM needs to log into and configure devices. QPM obtains device access parameters for devices you add to the inventory in the following ways: •While adding a device manually, you can either enter the device access parameters, or you can use the destination device group's default access parameters. To use default access parameters, leave the access parameters fields blank. •While importing from DCR and virtual device file, QPM uses the device access parameters as obtained from the import. For more information about default device access parameters, see Configuring Default Device Access Parameters. The following topics describe how to add devices to the inventory: •Importing Devices from DCR to QPM Inventory •Importing Virtual Devices •Configuring Default Device Access Parameters •Viewing Device Discovery Status Populating DCR with Devices Before you import devices into QPM device inventory, you should populate the DCR (Device Credentials Repository) in Common Services. QPM provides the launch point to DCR. You can populate DCR either by manual addition of devices or by using the Network Discovery feature in Common Services. Before You Begin Before you manually add devices, obtain the following information for each device you are adding: •DNS name of the device or IP address of the device or one of its interfaces. •If you are not using the device group default access parameters to connect to the device, you must obtain the device access parameters necessary to connect to it. For more information about default device access parameters, see Configuring Default Device Access Parameters. To populate DCR by manually adding devices: Step 1 In QPM, go to Devices > Device Management > Device Summary. The Device Summary page opens. Step 2 Click Populate DCR > By Manual Addition. You will be re-directed to the Device Management page in Common Services Step 3 Follow the instructions in the Device Management page to add devices to DCR. For QPM to discover devices from DCR, you should provide SNMP credentials for the device by entering values for both RO and RW Community Strings. You can enter these values under the Device Management > SNMP Credentials page in Common Services. QPM also supports secondary credentials. You should provide secondary credentials for the device by entering values in the Device management > Standard Credentials page in Common Services. To populate DCR by using the Device Discovery feature in Common Services: Step 1 In QPM, go to Devices > Device Management > Device Summary. The Device Summary page opens. Step 2 Click Populate DCR > By Network Discovery. You will be re-directed to the Device Discovery Summary page in Common Services. Step 3 Click Discovery Settings in the TOC to configure the settings and discover devices in the network. You can follow the instructions provided in Common Services to add devices by this method. Importing Devices from DCR to QPM Inventory You can import devices to QPM inventory from the DCR or from a Virtual Devices file. To import devices from DCR: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 Click Import Devices to QPM > From DCR in the Device Summary page. The Import Devices Wizard - General page appears. Step 3 Do the following in the Import Devices Wizard - General page: a. Click the checkbox if you do not want to re-import the devices that were previously imported, but not added to QPM. b. Click Next. The Import Devices Wizard - Select Devices page appears. For more information about the Import Devices Wizard - General page, see Import Devices Wizard - General Page, page A-19. Step 4 In the Import Devices Wizard - Select Devices page, select the check box next to the device you are adding and click Finish. The Discovery Status page appears, where you can monitor the progress of the import operation. For more information, see Viewing Device Discovery Status. Note QPM imports devices by accessing the devices through Telnet, SSHv2, or SSHv1 (in the same order). If the device access fails on Telnet, QPM tries SSHv2. If the device access still fails on SSHv2, QPM tries SSHv1 to access the device. Related Topics •Adding Devices to the Device Inventory •Using QPM Tables, page 3-11 •Using QPM Wizards, page 3-12 •Troubleshooting Device Management Problems, page 14-5 Importing Virtual Devices You can import virtual devices from a file for testing and demonstration purposes. Virtual devices are not physical devices. They are defined in a file that contains the same device information required to import a physical device. You create a file containing a virtual device by exporting device inventory information. For more information, see Exporting Device Information. Each device in the inventory must have a unique IP address. If the virtual device file you want to import contains a virtual device with an IP address that is already in the inventory, you must edit the IP address in the file (which is in XML format) before you can import the virtual device. To import virtual devices from a file: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 Click Import Devices to QPM > From Virtual Devices File in the Device Summary page. The Import Devices Wizard - General page appears. Step 3 Do the following in the Import Devices Wizard - General page: c. Enter the path to the virtual devices file in the File field, or click Browse to navigate to the file. d. Click Next. The Import Devices Wizard - Select Devices page appears. Step 4 In the Import Devices Wizard - Select Devices page, select the check boxes next to the devices you want to add, then click Finish. The Discovery Status page appears, where you can monitor the progress of the add operation. For more information, see Viewing Device Discovery Status. Related Topics •Adding Devices to the Device Inventory •Using QPM Tables, page 3-11 •Using QPM Wizards, page 3-12 Configuring Default Device Access Parameters Device access parameters are the passwords and community strings that QPM needs to log into, import, and configure devices. You can configure the default device access parameters that are assigned to devices when you import them into the inventory. Note If you are using ACS and multiple device groups, each device group has its own set of default device access parameters. When you add devices to the inventory, the default device access parameters are used to import the devices unless you override them. Each method of importing devices has its own method of overriding the defaults; see the related topics for more information. You can configure device access parameters for all devices in a device group. To configure the default device access parameters for a device group: Step 1 Select Devices > Device Grouping > Device Groups The Device Groups page appears. Step 2 In the Device Groups page, click the name of the device group you want to modify. The Device Group Properties page appears. Step 3 Do the following in the Device Group Properties page: a. Open the Default Access Parameters area by clicking the arrow next to its heading. b. Modify the access parameters. For more information about the fields in these pages, see Device Group Properties Page, page A-10 or Device Summary Page, page A-2. c. Click Save. Related Topics •Adding Devices to the Device Inventory •Importing Devices from DCR to QPM Inventory •Using QPM Tables, page 3-11 •Troubleshooting Device Management Problems, page 14-5 Viewing Device Discovery Status When you import devices, you can use the Discovery Status report to see the status of each device discovery task (for example, tasks can be finished, in progress, or failed because of incorrect device access parameters). You can define the refresh interval for this page. If you add more devices while the previous add device operation is still in progress, the Discovery Status page will display a separate record for each add operation, in order from newest to oldest. To view the status of the device discovery task: Step 1 Select Devices > Device Management > Discovery Status. The Discovery Status page appears. Step 2 Do the following in the Discovery Status page: a. View the status of active device discovery operations. For information about this page, see Discovery Status Page, page A-8. b. Optionally, you can select a different refresh interval from the list box below the table. Note If you are using SNMPv3 access for the device, you should provide the entire view access to all the MIBs for the SNMP user . QPM can successfully discover the devices only if you provide the entire view access to all the MIBs. Related Topics •Adding Devices to the Device Inventory •Using QPM Tables, page 3-11 •Troubleshooting Device Management Problems, page 14-5 Working with Devices The following topics describe working with devices: •Viewing and Editing Device Properties •Device View Page, page B-40 •Rediscovering Device Information Viewing and Editing Device Properties You can view a device's properties and edit some of them. Examples of the properties you can edit include: •Device role assignment •Device folder assignment •Device access parameters (passwords and community strings) You can view and edit device properties from any device list, whether it is in the main device table, or accessed from the device folders, device groups, or search results pages. To view and edit the device properties: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 In the Device Summary page, click the name of the device you want to edit. The device properties appear in the content area. Step 3 Edit any of the device properties that are available for editing. For more information about the fields in this page, see Device Summary Page, page A-2. Step 4 Click Save. This section contains information on: •Exporting Device Information •Connecting to a Device Using Telnet •Viewing Device Configuration Exporting Device Information You can export a device's information to a file on your client system that can then be used to import the device back into QPM as a virtual device. This process allows you to test and demonstrate QoS policies without affecting real devices. To export a device's information: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 In the Device Summary page, click the name of the device The device properties appears in the content area. Step 3 Click Export. The browser file download process begins. Step 4 Use the browser file download process to save the file to your client system. Related Topics •Importing Virtual Devices •Using QPM Tables, page 3-11 Connecting to a Device Using Telnet You can connect to a device in the device inventory from within QPM using Telnet. QPM starts the default Telnet program on your client system and automatically connects to the device. If there is no Telnet program installed on your client system, this feature will not work. To connect to a device using Telnet: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 In the Device Summary page, click the device name. The device properties appear in the content area. Step 3 Click Telnet. A Telnet application opens and connects to the device. Related Topics •Using QPM Tables, page 3-11 •Troubleshooting Device Management Problems, page 14-5 Viewing Device Configuration You can view a device's running software configuration from within QPM. This is useful if you are deciding whether to upload the device's configuration into the QPM inventory. To view the device's configuration: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 In the Device Summary page, click the device name. The device properties appear in the content area. Step 3 Click Show run. The Display show run report appears, displaying the device's running configuration. Related Topics •Using QPM Tables, page 3-11 Launching CiscoWorks Device Center CiscoWorks Device Center provides device management tools to manage devices in DCR. QPM provides the launch point to Device Center to manage a selected device. To launch Device Center and change the credentials of a device imported into QPM from DCR: Step 1 In QPM, go to Devices > Device Management > Device Summary. The Device Summary page opens. Step 2 Click the device whose credentials you want to change. The device properties appear in the content area. Step 3 Click Launch Device Center. You are re-directed to the CiscoWorks Device Center page. This page shows the device summary and the functions that you can use to change the device's credentials. Step 4 Click the different tools under the Functions Available area to edit the device's credentials. You can follow the instructions provided in Device Center page to work with the tools. Note You should rediscover the device in QPM, after you change its credentials through Device Center. Rediscovering Device Information Rediscovering a device's information causes QPM to connect to the device on the network and obtain its device information again. You should do this when you make configuration changes to a device to ensure that the device can still support the policies and configurations you assigned to it using QPM. Before you rediscover a device, you can go to the Access Configuration area in the Device Summary page, and select the Login Protocol among the following options: •Auto Select •Telnet •SSHv2 •SSHv1 During the rediscover process, QPM will delete any policy or network element assignments that are no longer valid because of changes to the device's information. A report of deleted policy assignments is generated. To rediscover devices: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 Select the check boxes next to the devices you want to rediscover, then click Rediscover. The Discovery Status page appears. Your rediscovery job appears at the top of the list, with an indication of the number of devices for which discovery is in process or completed. The page refreshes according to your selection in the Refresh Rate field at the bottom of the page. Rediscovery is complete when no devices are listed in the In Process field. For more information, see Discovery Status Page, page A-8. Related Topics •Using QPM Tables, page 3-11 •Troubleshooting Device Management Problems, page 14-5 Working with Device Folders You can create device folders to organize the inventory for administrative purposes. For example, you might create a device folder for each building on your corporate campus and assign the devices in each building to their corresponding device folder. Device folders are contained within device groups. If you are not using ACS and multiple device groups, all device folders are contained within the default device group. Unlike device groups, you cannot assign access privileges to device folders. Device folders are used primarily to group devices into related groups for the purpose of more easily searching for devices and classifying and sorting lists of devices. When you use the device folders table to browse device folders, you can perform the same actions on the listed devices that you can perform from the device table. See Working with Devices, for more information about these actions. The following topics describe how to work with device folders: •Creating Device Folders •Organizing Devices with Device Folders •Editing Device Folders •Deleting Device Folders Creating Device Folders Create device folders to organize your inventory. To do this: Step 1 Select Devices > Device Grouping > Device Folder. The Device Folders page appears. Step 2 Click Create. The Device Folder Properties page appears. Step 3 Do the following in the Device Folder Properties page: a. Create the new device folder. For more information about the fields in this page, see Device Folder Properties Page, page A-13. b. Click the checkboxes corresponding to the devices that you want to include in the device folder. c. Click Create. The Device Folders page appears. The new device folder appears in the table. Related Topics •Working with Device Folders Organizing Devices with Device Folders You can use device folders to organize your inventory. The procedure describes how to add devices to device folders, remove devices from devices folders, and move devices between device folders. To organize devices with device folders: Step 1 Select Devices > Device Grouping > Device Folder. The Device Folder page appears. Step 2 Click the name of the device folder in which you want to organize devices. The Device Folder Properties dialog box opens. Step 3 Do the following in the Device Folders Properties dialog box: a. Select the required devices. For more information about the fields in this page, see Device Folder Properties Page, page A-13. b. Click Save to save the changes you have made and close the dialog box. Related Topics •Working with Device Folders •Using QPM Tables, page 3-11 Editing Device Folders Edit a device folder to change properties such as its name and description. To do this: Step 1 Select Devices > Device Grouping > Device Folder. The Device Folders page appears. Step 2 Do one of the following to select a device folder: •Click the name of the device folder. •Select the check box next to a device folder name, then click Edit. The Device Folder Properties page appears. Step 3 Do the following in the Device Folder Properties page: a. Edit the device folder. For more information about the fields in this page, see Device Folder Properties Page, page A-13. b. Click Save. Related Topics •Working with Device Folders •Using QPM Tables, page 3-11 Deleting Device Folders You can delete a device folder when you no longer want to use it to organize your inventory. When you delete a device folder, the devices assigned to the device folder are not deleted from the inventory. To delete device folders: Step 1 Select Devices > Device Grouping > Device Folders. The Device Folders page appears. Step 2 Select the check box next to the device folders you want to remove, then click Delete. The Device Folders page refreshes. The deleted device folders do not appear in the table. Related Topics •Working with Device Folders •Using QPM Tables, page 3-11 Using Additional Device Functions The following topics document the additional device functions that are available: •Removing Devices Removing Devices If you no longer want to manage QoS on a device, you can remove it from the inventory. When you remove a device, all of its elements are also removed. Removing Devices That Are Being Monitored If you remove a device that contains network elements that are being monitored by a QoS analysis task, QPM continues to monitor these network elements. To stop QPM from monitoring these network elements, you must stop or delete the QoS analysis task. For more information, see the following topics: •Performing Historical QoS Analysis, page 10-5 •Performing Real Time Chart Analysis, page 10-15 To remove devices from QPM inventory: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 Select the check box next to the devices you want to remove, then click Delete. The Device Summary page refreshes, with the deleted devices removed. Related Topics •Using QPM Tables, page 3-11 Working with Network Elements The following topics describe how to work with network elements: •Overview of Network Elements •Viewing and Editing Network Element Properties •Working with Source-Destination Pairs •Hiding and Displaying Interfaces Overview of Network Elements QPM supports both physical and logical network elements. A physical network element physically exists on a device and can be read or calculated using SNMP and Telnet. Examples include device, interface, VLAN, DLCI, and VC. A user-supplied element is one that does not exist on a device, and its purpose is helping you manage your network elements. An example is source-destination pairs. The interfaces on a device carry the network traffic. In QPM, the term interfaces refers to router interfaces and subinterfaces, and switch ports. QPM allows you to configure QoS on subinterfaces. Viewing and Editing Network Element Properties You can view and change network element properties. An example of the network element properties that you can edit is whether interfaces are ignored (hidden from display in QPM). To view and edit network element properties: Step 1 Select Devices > Device Management > Device Summary. The Device Summary page appears. Step 2 Expand the tree corresponding to the device to view its interfaces, and click any interface. The interface's properties appear in the content area. Step 3 Edit the interface properties if desired. For more information about the fields in this page, see Device Summary Page, page A-2. Step 4 Click Save. Related Topics •Hiding and Displaying Interfaces •Using QPM Tables, page 3-11 Working with Source-Destination Pairs Source-destination pairs are logical (not physical) user-supplied network elements. You define them for Catalyst 8400 and Catalyst 8500 switches, which have QoS features that allow you to configure QoS traffic rules to inbound and outbound traffic on the same device. To do this, you must define source-destination pairs of interfaces on a device, to which you can apply this type of traffic rules. The following topics describe how to work with source-destination pairs using QPM: •Creating Source-Destination Pairs •Editing Source-Destination Pairs •Deleting Source-Destination Pairs •Setting Network Element Policy Assignments, page 8-18 Creating Source-Destination Pairs You can create source-destination pairs using QPM. To do this: Step 1 Choose Devices > Device Summary. The Device Table page appears. Step 2 Click the device name of the device on which you want to create a source-destination pair. The Device Properties page appears. Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information). The Source-Dest Pairs page appears. Step 4 Click Create. The Source-Dest Pairs Properties page appears. Step 5 Do the following in the Source-Dest Pairs Properties page: a. Create a source-destination pair. For more information about the fields in this page, see Source-Dest Pair Properties Page, page A-17. b. Click Save. Related Topics •Working with Source-Destination Pairs •Using QPM Tables, page 3-11 Editing Source-Destination Pairs You can edit source-destination pairs using QPM. To do this: Step 1 Choose Devices > Device Summary. The Device Table page appears. Step 2 Click the device name of the device on which you want to edit a source-destination pair. The Device Properties page appears. Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information). The Source-Dest Pairs page appears. Step 4 Select the check box next to the source-destination pair you want to edit, then click Edit. The Source-Dest Pairs Properties page appears. Step 5 Do the following in the Source-Dest Pairs Properties page: a. Edit the source-destination pair. For more information about the fields in this page, see Source-Dest Pair Properties Page, page A-17. b. Click Save. Related Topics •Working with Source-Destination Pairs •Using QPM Tables, page 3-11 Deleting Source-Destination Pairs You can delete source-destination pairs using QPM. To do this: Step 1 Choose Devices > Device Summary. The Device Table page appears. Step 2 Click the device name of the device on which you want to delete a source-destination pair. The Device Properties page appears. Step 3 Click Source-Dest Pair in the TOC (a subentry of Device Information). The Source-Dest Pairs page appears. Step 4 Select the check box next to the source-destination pairs you want to delete, then click Delete. Related Topics •Working with Source-Destination Pairs •Using QPM Tables, page 3-11 Hiding and Displaying Interfaces When you import a device, QPM discovers and imports all of its elements that QPM supports. You can prevent interfaces (not other network elements) from being displayed in QPM by marking them as ignored. You can later redisplay interfaces if you want to see them again. DLCIs and VCs on ignored interfaces are also ignored. The following topics describe hiding and displaying interfaces: •Hiding Interfaces •Displaying Interfaces Hiding Interfaces You can mark interfaces as ignored, preventing them from displaying in QPM. To do this: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click the name of the device that contains the interfaces you want to ignore. The Device Properties page appears. Step 3 Select Interfaces in the TOC (a subentry of Device Information). The Interfaces page appears. Step 4 Select the check box next to the interfaces you want to ignore, then click Mark as Ignore. A confirmation dialog box opens. Step 5 Click Yes in the confirmation dialog box. The Interfaces page refreshes. The ignored interfaces are no longer displayed. Related Topics •Hiding and Displaying Interfaces •Displaying Interfaces •Using QPM Tables, page 3-11 Displaying Interfaces You can redisplay interfaces that you previously marked as ignored. To do this: Step 1 Select Devices > Device Summary. The Device Table page appears. Step 2 Click the name of the device that contains the interfaces you no longer want to ignore. The Device Properties page appears. Step 3 Click the hyperlinked number in the Ignored Interfaces field. The Ignored Interfaces List dialog box opens. Step 4 Select the check box next to the interfaces you no longer want to ignore, then click Cancel Ignore. Step 5 Click Close to close the dialog box. Related Topics •Hiding and Displaying Interfaces •Hiding Interfaces •Using QPM Tables, page 3-11 Working with Device Groups This section is applicable only for users who work with DCR device groups, or who use ACS permissions and are working with ACS device groups. If you do not use DCR or ACS to create multiple device groups, only the default device group will be available in QPM. The following topics describe how to work with device groups: •Understanding Device Groups •Setting the Active Device Group •Synchronizing Permissions and Device Group Information •Editing Device Group Properties •Deleting Device Groups from QPM Understanding Device Groups Device groups are groups of devices (and their network elements) within the inventory. They are created and maintained in the DCR or ACS, but QPM assigns some properties to each device group that you can view and edit in QPM. For more information, see Editing Device Group Properties. Each device group has its own set of access permissions, so they can be used to divide the network into administrative groups for purposes of controlling who can do what with which devices. Since you create policies in the context of a device group, you can assign policy groups only to devices in the same device group as the policy. The inventory always contains one device group named the default device group. If you are not using DCR or ACS device groups to group devices, your inventory will contain only the default device group. ACS Device Groups If you are using multiple ACS device groups, QPM will automatically create the same device groups with the same user permissions that are defined in ACS. When you add a new device to the inventory, QPM assigns it to its ACS device group, with the same user permissions. If a device is not assigned to an ACS device group, it is assigned to the QPM default device group. QPM automatically synchronizes the inventory with ACS in the following cases: •When you import devices, QPM synchronizes with ACS to find out what device groups the devices belong to. Only the imported devices are synchronized with ACS. •When you log into QPM, QPM automatically synchronizes with ACS to obtain and store your user permissions so it can check them before any user operations you attempt. In addition, before you deploy a deployment job, QPM synchronizes with ACS to verify that the user permissions allow the job to proceed. You can also manually refresh the QPM device group information, synchronizing it with ACS. See Synchronizing Permissions and Device Group Information. Note If you are using ACS device groups, all devices used in QPM, including the QPM server, should be defined in ACS device groups, only as AAA clients, and not as AAA servers. Related Topics •User Permissions, page 3-13 DCR Device Groups If you are using multiple DCR device groups, QPM will automatically create the same device groups with the same user permissions that are defined in DCR. When you add a new device from DCR to the inventory , QPM assigns it to its DCR device group, with the same user permissions. If a device is not assigned to a DCR device group, it is assigned to the QPM default device group. QPM automatically synchronizes the inventory with DCR in the following cases: •When you import devices, QPM synchronizes with DCR to find out what device groups the devices belong to. Only the imported devices are synchronized with DCR. •When you log into QPM, QPM automatically synchronizes with DCR to obtain and store your user permissions so it can check them before any user operations you attempt. In addition, before you deploy a deployment job, QPM synchronizes with DCR to verify that the user permissions allow the job to proceed. You can also manually refresh the QPM device group information, synchronizing it with DCR. See Synchronizing Permissions and Device Group Information. Setting the Active Device Group Only one device group at a time can be active. Throughout the QPM user interface, only the devices, policy groups, and policies that are contained in the active device group are displayed. You must have sufficient user privileges to set the active device group. To set a device group as active: Step 1 Select Devices > Device Grouping > Device Groups. The Device Groups page appears.. Step 2 Select the device group that you want to make active by clicking the check box next to its name, and click Set Active. Related Topics •Using QPM Tables, page 3-11 Synchronizing Permissions and Device Group Information You can manually synchronize the user permissions and device group information in the inventory with ACS, DCR, or CiscoWorks Common Services (depending on which you are using to administer device groups and user permissions). Typically you would synchronize in the following cases: •When you know changes have been made to the ACS, DCR, or CiscoWorks Common Services device group assignments or access privileges. •When your CiscoWorks user role has changed since you logged into QPM. The Sync Privileges page displays your permissions to the QPM device groups on the system. If you know you have changed ACS privileges, or changed the device groups in ACS or DCR, you see whether the changes are reflected correctly on this page so you can determine if you need to synchronize to update your QPM permissions. If changes are made to the QPM device groups as a result of the synchronization, the Conflicts Assignment report shows which devices have been moved from the current device group. All policy group assignments for those devices and their network elements will be deleted. Note ACS, DCR, and CiscoWorks Common Services device group and user permissions information is automatically synchronized each time you log into QPM. To synchronize permissions and device group information: Step 1 Select Devices > Device Grouping > Sync Privileges. The Sync Privileges page appears. Step 2 Select the server mode (ACS, DCR, or Cisco Works). Step 3 Click Sync. QPM synchronizes the user and device group information with the server mode you selected, and opens a message box to show you the status when finished. Related Topics •Troubleshooting Device Management Problems, page 14-5 Editing Device Group Properties Although you cannot change device group membership within QPM (you must make device group assignment changes in ACS), you can edit the device group properties that are unique to QPM. Many of the device group properties are the same properties that QPM maintains for devices. These device group properties are assigned to all devices in the device group by default. You can override these defaults by entering different device properties for an individual device. Examples of the device group properties that you can edit include: •Description. •Default device access parameters. •Enabling/disabling NBAR port mapping. To edit device group properties: Step 1 Click Devices > Device Grouping. The Device Groups page appears. Step 2 Click the name of the device group you want to edit. The Device Group Properties page appears. Step 3 Do the following in the Device Group Properties page: a. Edit the device group. For more information about the fields in this page, see Device Group Properties Page, page A-10. b. Click Save. Related Topics •Using QPM Tables, page 3-11 •Viewing and Editing Device Properties Deleting Device Groups from QPM QPM device groups are not automatically deleted from QPM when you delete them in ACS, even when you synchronize device group information with ACS. You must manually delete QPM device groups. Any deployment groups and policy groups contained in the device group are also deleted. This feature is useful because device groups are not automatically deleted from QPM when you delete them in ACS, even when you synchronize device group information with ACS. This gives you the opportunity to edit your QPM deployment groups and policy groups before manually deleting the device group. The following are the restrictions for deleting QPM device groups: •You cannot delete the QPM default device group. •You cannot delete a device group that still contains devices. To delete a device group, you must first do one of the following: –Remove all devices from the device group in ACS. –Delete all devices in the device group from the QPM inventory. If you convert from using ACS to CiscoWorks Common Services for device management and user authentication, all devices in the inventory are moved to the default device group. This is because CiscoWorks Common Services does not support multiple device groups. You can then delete the remaining empty device groups. To delete device groups: Step 1 Click Devices > Device Grouping. The Device Groups page appears.. Step 2 Click the radio button next to the device group you want to delete. Step 3 Click Delete. Integrating QPM with Access Control Server (ACS) Before you begin, note: •Terminal services should not be running when QPM is installed. •QPM cannot coexist with ACS on the same machine. To integrate QPM with ACS: Step 1 Login to ACS server. Step 2 Click Network Configuration. The Network Configuration page appears. Step 3 Click Add Entry. Step 4 In the Network Device Group Name box, type the name of the new Network Device Group (NDG), for using QPM. Step 5 In the Key box, enter a key for the Network Device Group. The maximum length is 32 characters. Step 6 Click Submit. The Network Device Groups table displays the new NDG Step 7 Click the name of the new NDG, and click Add Entry below the AAA Clients table. Step 8 In the Add AAA Client page, enter the QPM client details like Hostname, IP Address, and Key. Later, you need to use the same key to configure ACS details in QPM Step 9 Click Submit or Submit + Apply to register the QPM server in ACS. Step 10 Login to CiscoWorks on QPM server. Step 11 In the CiscoWorks homepage, select Common Services > Server > Security > AAA Mode Setup. Step 12 Click the TACACS+ radio button. Step 13 Click Change. The Login Module Options window appears. Step 14 Enter ACS server details such as, Server, Port and Key. This is the key given while configuring QPM server in ACS (Step 8) Step 15 Click OK. The Login Module Change Summary page appears Step 16 Click OK. Step 17 In the AAA Mode Setup page, click the ACS radio button. Step 18 Enter the ACS sever details. Step 19 Enter the login details including the Shared Secret Key (the same key that you entered in Step 14). Step 20 Check the Register all installed applications with ACS checkbox. Step 21 Click the HTTP or HTTPS radio button to specify the current ACS administrative protocol. Step 22 Click Apply. The Login Module Change Summary page appears with the following message: `ACS Server Credentials updated successfully` Step 23 Close down all the QPM and CS Windows, and restart the deamon manager. Step 24 In QPM, select Devices > Device Grouping > Sync Privileges. The Sync Privileges page appears. Step 25 Check whether the Server mode is set to ACS, and click Sync. The Device Groups in the ACS server will be added to the QPM device groups. To set a device group as active in QPM, go to Devices > Device Grouping, select a device group, and click Set Active. Related Topics •Resetting the Login Module Resetting the Login Module If there is an authorization failure with ACS server, most of the Common Services features will be disabled. To recover, you have to reset the login module. To reset the login module to CiscoWorks: Step 1 Stop the Daemon Manager using: •net stop crmdmgtd (For Windows) or •/etc/init.d/dmgtd stop (For Solaris) Step 2 Run the following script: •NMSROOT/bin/perl ResetLoginModule.pl (For Windows) or •/opt/CSCOpx/bin/perl ResetLoginModule.pl (For Solaris) Step 3 Start the Daemon Manager using: •net start crmdmgtd (For Windows) or •/etc/init.d/dmgtd start (For Solaris) This resets the login module to CiscoWorks local mode. Multiple instances of same application using same ACS server will share settings. Any changes will affect all instances of that application. If an application is configured with ACS, and then the application is reinstalled, the application will inherit the old settings.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.