[an error occurred while processing this directive]

Support

Preparing to Use Essentials Applications

 Feedback

Table Of Contents

Preparing to Use Essentials Applications

Preparation Overview

Accessing the Server

Logging In

Configuring the Server

Setting Up Inventory

Adding or Importing Inventory Data

Adding Device Information Manually

Importing Devices

Creating a Device View

Changing Device Attributes (Credentials and Serial Numbers)

Verifying Availability

Setting Up Syslog Analysis

Configuring Devices for Syslog Analysis

Configuring Cisco IOS Devices

Configuring Catalyst Devices

Verifying the Settings in the Syslog Configuration File

Verifying the Syslog Analyzer

Setting Up Software Management

Space Required for Downloaded Files

Adding Device Passwords to Inventory

Setting Software Management Preferences

Setting Up TFTP

Enabling the TFTP Daemon

Creating the /tftpboot Directory

Setting Up rcp

Creating the rcp Remote User Account

Enabling the rcp Daemon

Selecting rcp as the Active File Transfer Method

Allowing the User bin to Use at and cron

Setting Up Configuration Management

Entering Device Credentials

Modifying Device Configurations

Make Sure Devices Are rcp-enabled

Configure Devices for Syslog Analysis

Modifying Device Security

Setting Up Netsys Integration

Supported Netsys Versions

Upgrading Netsys Integration

Setting Up Netsys Integration on a Remote Windows NT System

Troubleshooting Netsys Integration Setup

Setting Up NetConfig

Verifying Device Configurations

Verifying Device Credentials

Modifying Device Security

Verifying Device Prompts

Logging Out


Preparing to Use Essentials Applications


Now that you have installed Resource Manager Essentials, you need to perform some required administrator setup tasks and application set up tasks.

This chapter assumes that you have performed the client setup tasks described in Installing and Setting Up CiscoWorks2000 CD One on AIX.

This chapter consists of the following sections:

Preparation Overview

Accessing the Server

Logging In

Configuring the Server

Setting Up Inventory

Verifying Availability

Setting Up Syslog Analysis

Setting Up Software Management

Setting Up Configuration Management

Preparation Overview

Table 2-1 is an overview of preparing to use Essentials applications. It contains references to more detailed information about each task.

Table 2-1 Preparing To Use Essentials Applications Task Overview 

Task
Steps
References

1. Configure the system.

Enter information about the proxy server, SNMP, and rcp.

"Configuring the Server" section

2. Set up Inventory.

a. Create network inventory by either:

Adding device information by adding one device at a time.

Importing device information from a file or an NMS database.

"Adding or Importing Inventory Data" section

b. (Optional) Create a device view.

"Creating a Device View" section

c. (Optional) Obtain login privileges to Cisco Connection Online (CCO).

If you do not have login privileges, go to the CCO home page, www.cisco.com, to obtain a login.

d. (Optional) Enter device serial numbers for devices that have Contract Connection service contracts.

"Changing Device Attributes (Credentials and Serial Numbers)" section

e. (Optional) Perform the following optional Inventory setup tasks:

Schedule inventory polling and collection.

Set change report filters.

Display a detailed device report.

Inventory online help

3. Verify Availability.

a. Create a device view with at least one device.

"Verifying Availability" section and "Creating a Device View" section

b. Verify that Availability functions correctly.

"Verifying Availability" section

4. Set up Syslog Analysis.

a. Configure your routers and switches for syslog analysis.

"Configuring Devices for Syslog Analysis" section

b. Verify settings in the syslog configuration file.

"Verifying the Settings in the Syslog Configuration File" section

c. Verify that Syslog messages are being processed by the Syslog Analyzer.

"Verifying the Syslog Analyzer" section

5. Set up Software Management.

a. Add device passwords to inventory.

"Adding Device Passwords to Inventory" section

b. Set Software Management preferences.

"Setting Software Management Preferences" section

c. Obtain login privileges to CCO for importing software images.

If you do not have login privileges, go to the CCO home page, www.cisco.com, to obtain a login.

d. Set up TFTP.

"Setting Up TFTP" section

e. Set up rcp

"Setting Up rcp" section

f. Allow user bin to use at and cron.

"Allowing the User bin to Use at and cron" section

g. (Optional) Perform optional setup tasks.

Create a baseline of the devices in your network and populate the software image library.

Schedule the Browse Defects job to run periodically.

Schedule the Synchronize Library job to run periodically.

Create one or more approver lists if you want to use the Job Approval option.

Distribute a software image to a device or group of devices.

Software Management online help

6. Set up Configuration Management.

a. Enter passwords.

"Entering Device Credentials" section

b. Modify device configurations.

"Modifying Device Configurations" section

c. Modify device security.

"Modifying Device Security" section

d. Upgrade, set up, and troubleshoot Netsys integration if you are using the Cisco Netsys application.

"Setting Up Netsys Integration" section

e. Set up NetConfig:

Verify device configurations in configuration archive.

Verify device credentials.

Modify device security.

Verify device prompts.

"Setting Up NetConfig" section and the NetConfig online help

f. (Optional) Perform optional NetConfig setup tasks:

Install Client Application Manager on client systems.

Configure default job properties.

Assign template access privileges to users.

Enable Job Approval.

NetConfig online help


Accessing the Server

When you access the CiscoWorks2000 Server, the CiscoWorks2000 screen appears with the Login manager displayed. To access the server from a client system, enter the URL of the server in your web browser.

If you installed CiscoWorks2000 CD One on the default port, enter:

http://server_name 

where server_name is the hostname of the server on which you installed Essentials.

If an alternative port was assigned during CiscoWorks2000 CD One installation, enter:

http://server_name:port_number

where server_name is the name of the server on which you installed CiscoWorks2000 CD One and Essentials, and port_number is the alternative port assigned during the installation. See Getting Started with the CiscoWorks2000 Server for information about administrator logins.

Logging In

To perform server setup tasks, you must log in as system administrator.


Step 1 Enter the administrator user name and password in the Login Manager dialog box (Figure 2-1). The default username and password are:

User Name: admin
Password: admin

Figure 2-1 Login Manager Dialog Box

Step 2 Click Connect. The Login Manager dialog box is replaced by the navigation tree.


Configuring the Server

You can configure system-wide information for Essentials applications using the System Configuration option. You should verify that the defaults are correct or enter corrections.


Step 1 Select Resource Manager Essentials > Administration > System Configuration. The System Configuration dialog box appears (Figure 2-2).

Figure 2-2 System Configuration Dialog Box

Step 2 Select one of the following tabs to enter information or to verify that the configured information is correct:

Proxy

SNMP

rcp

See Table 2-2 for descriptions of the information in each dialog box tab.

Step 3 Click Apply to save changes, or click Defaults to apply the default.

Step 4 Repeat Step 2 and Step 3 until you have verified or corrected all the information displayed in the System Configuration dialog box.

The dialog box is displayed until you select another option from the navigation tree.


Table 2-2 System Configuration Dialog Box Information 

Tab Name
Description
Fields—Values to Enter

Proxy

Used to connect to CCO. If server access to the outside world is controlled through a proxy server, this setting must be configured.

Proxy URL—System-wide proxy URL. There is no default.

SNMP

Used to query devices for inventory collection, which includes importing and adding devices, and collecting inventory data.

Fast SNMP Timeout—Amount of time, from 5 to 90 seconds, the system should wait for a a device to respond before trying to access it again. Default is 5.

Fast SNMP Retry—Number of times, from 2 to 6, system tries to access devices with fast SNMP options. Default is 2.

Slow SNMP Timeout—Amount of time, from 10 to 90 seconds, system waits for a device to respond before trying to access it again. Default is 20.

Slow SNMP Retry—Number of times, from 2 to 6, system tries to access a device with slow SNMP options. Default is 3.

Note The system tries the Fast SNMP Timeout and Fast SNMP Retry options first. If no response occurs after Fast Retry, the system switches to the Slow SNMP options.

rcp

Used to specify user during remote file transfers from devices. Authenticates rcp transfers between devices and server.

User account must exist on UNIX systems, and should also be configured on devices as local user in the ip rcmd configuration command.

See "Setting Up rcp" section.

User Name—Name used by a network device when it connects to server to run rcp.


Setting Up Inventory

This section describes the tasks that you must perform to set up the Inventory application.

Adding or Importing Inventory Data

You must have at least one managed device (a device whose inventory information is tracked by Essentials) to verify correct Essentials installation. To manage your network, you need to add device information for all your managed devices.

You can populate your network inventory by:

Adding devices one at a time by entering the device information manually.

Importing a group of devices from:

A comma-separated values (CSV) file or a device integration file (DIF) that you create from another information source.

A supported network management system (NMS) on the same host as your server (local import).

A supported NMS on a different host from your server (remote import).

The supported NMS software is described in the "Supported NMS Environments for Device Import" section.

Adding Device Information Manually

This section describes how to add devices one at a time and how to troubleshoot problems you might have using this method.


Step 1 Select Resource Manager Essentials > Administration > Inventory > Add Devices. The Add a Single Device dialog box appears.

Step 2 Enter the access information and annotations for one device.

You must fill in the Device Name field with the device name or IP address. For Inventory, all other fields in this dialog box are optional. For other applications, you might need to fill in other fields. For more information, refer to the Inventory online help.

Step 3 Click Next. The Enter Login Authentication Information dialog box appears.

You must fill in the Read Community String field and verify the password. For Inventory, all other fields in this dialog box are optional. For other applications, you might need to fill in other fields. For more information, refer to the online help.

Step 4 Click Next. The Enter Enable Authentication Information dialog box appears.

If required, complete this dialog box. For Inventory, all fields in this dialog box are optional. For more information, refer to the online help.

Step 5 Click Finish. The Add a Single Device dialog box appears.

Step 6 Click View Status. The Add/Import Status Summary dialog box appears.

Step 7 Use the Add/Import Status Summary dialog box to check the status of the device you specified. The dialog box should contain:

Device Status
Number of Devices

Managed

0

Alias

0

Pending

1

Conflicting

0

Suspended

0

Not Responding

0

Device Attribute Errors

0


If the device responded quickly, the Managed row might already contain one device.

Step 8 Click Update on the Add/Import Status Summary dialog box to update device status.

If the pending count goes from 1 to 0 after you click Update and the Managed field has 1 device, Essentials was installed and configured correctly. You might need to wait a couple of minutes for the device to become managed. Click Update on the Add/Import Status Summary dialog box every minute or so to check current device status.


If you added a device and the Add/Import Status Summary dialog box shows that the device status has not changed from pending within 15 minutes, check the status of all processes to make sure they are running normally:


Step 1 To view the latest device status information, select Resource Manager Essentials > Administration > Inventory > Import Status), then click Update in the Add/Import Status Summary dialog box.

Step 2 To determine if the DIServer process is running, select CiscoWorks2000 Server > Administration > Process Management > Process Status. (The DIServer is the process responsible for validating devices and changing their status from pending.)

Even if the DIServer process has the state Running Normally, it might be in an error state. You need to stop and restart it:

To stop the DIServer process:

a. Select CiscoWorks2000 Server > Process Management > Stop Process. The Stop Process dialog box appears.

b. Click the Process radio button.

c. In the Process Name field, select DIServer, then click Finish.

To restart the DIServer process:

a. Select CiscoWorks2000 Server > Process Management > Start Process. The Start Process dialog box appears.

b. Click the Process radio button.

c. In the Process Name field, select DIServer, then click Finish.

Step 3 To return to the Add/Import Status Summary screen, select Resource Manager Essentials > Administration > Inventory > Import Status, then click Update. The device status should change to managed within a couple of minutes.


Importing Devices

You can import devices from a file or from a local or remote NMS:

You can extract data from your existing data source into a comma-separated value (CSV) file or device integration file (DIF), then use this file as input into the Essentials database. First create a CSV file or DIF file, then select Resource Manager Essentials > Administration > Inventory > Import from File to access the file and import the device information. For additional information, refer to the online help.

To import devices from a local NMS database, select Resource Manager Essentials > Administration > Inventory > Import from Local NMS. For more information, refer to the online help.

For a list of supported NMS software, see the "Supported NMS Environments for Device Import" section.

To import devices from a remote NMS:

You must perform several system and NMS configuration steps that are contingent upon the NMS you are using. For additional information, refer to the online help.

Before you can import devices from CiscoWorks or CiscoWorks for Switched Internetworks (CWSI), the database server must be running on the local host. In addition, you must make sure the user bin is a member of the CiscoWorks group before you start the CiscoWorks2000 server.

To import devices from HP OpenView, HP OpenView must be running on the local host.

After you configure your system and NMS, select Resource Manager Essentials > Administration > Inventory > Import from Remote NMS to import devices from the databases listed in the Remote Database Import dialog box.

For a list of supported NMS software, see the "Supported NMS Environments for Device Import" section.

If you have difficulty importing device information, try the following:

Increase the SNMP timeout setting. Refer to the online help for more information or see the "Configuring the Server" section.

Verify that you entered correct read community strings for the devices.

For additional information, refer to the online help.

Creating a Device View

To set up and verify the Essentials applications, you must create a static device view (a grouping of devices) that includes at least one device. For additional information, refer to the online help.

To create the static view:


Step 1 Select Resource Manager Essentials > Administration > Device Views > Add Static Views. The Add Static Views dialog box appears.

Step 2 Enter a view name, an optional description, and select a type of view (custom or private.) Only users with the system administrator role can create custom views.

Step 3 Select the view that has the devices you want to add from Views.

Step 4 Select the devices that you want from Devices and move them into Selected Devices.

Step 5 Click Finish. The new view will be created.

To add another static view, repeat the procedure.


Changing Device Attributes (Credentials and Serial Numbers)

To make sure your devices have the correct device access, password information, and user information, you can change the device attributes.

To make sure Contract Connection provides accurate contract status information, you must enter device serial numbers in the inventory entries of devices that have service contracts.

To check device attributes, select Resource Manager Essentials > Administration > Inventory > Check Device Attributes.

To edit device attributes:


Step 1 Select Resource Manager Essentials > Administration > Inventory > Change Device Attributes. The Change Device Attributes dialog box appears.

Step 2 Select the device whose device information you want to edit, then click Next.

Step 3 Select one or more options, then click Next. A dialog box appears for each option you selected. The dialog box fields are blank; they do not display the current information.

Step 4 Edit dialog boxes as follows:

To retain the current value, leave the field blank.

To change a value, enter the new information in the field. If you are changing a password, you must enter the username.

To delete a value, click Delete next to the field. If you are deleting a password, you must also enter the username.


Note Verify your entries before you click Next in any dialog box. If you change device attributes, you cannot undo the change, except by reediting.


Step 5 When you finish with a dialog box:

Click Next to apply the changes and go to the next dialog box.

Click Finish to apply the changes and exit the final dialog box.

Click Back to close the dialog box without changing any information.


Verifying Availability

To verify that Availability is working correctly, you must have a test device view with at least one device. You can use the view you created during Inventory setup. Use this test view to verify that Availability displays the devices in the view in the Reachability Dashboard.


Step 1 Select Resource Manager Essentials > Administration > Availability > Change Polling Options.

Step 2 Select the test device view that you created from the All Views list, then click Add to add it to the Polled Views list.

This creates a view for Availability polling.


Note You must add views to the Polled Views list. Only polled views are monitored.


Step 3 Click Next. The Change Polling Options dialog box appears.

Step 4 Select 5 Minutes from the Verify device reachability every drop-down list, then click Finish.

Step 5 Wait for at least 10 minutes to make sure Availability polls the devices in your test device view.

Step 6 Select Resource Manager Essentials > Availability > Reachability Dashboard. The Reachability Dashboard appears.

Step 7 Click the view name. The devices in your test device view should appear in the Availability Monitor.

Now that you have configured one Availability view and specified polling parameters, you can monitor devices and run reports. For details about using Availability, refer to the online help.


Setting Up Syslog Analysis

Syslog Analysis lets you centrally log and track messages generated by devices. You can use the logged error message data to analyze router and network performance. You can customize Syslog Analysis to produce the information and message reports that are important to your operation.

Configuring Devices for Syslog Analysis

Before you can use Syslog Analysis, you must configure your devices to forward messages to Essentials or to a system on which you have installed the distributed Syslog Analyzer collector. For more information about setting up devices for message logging, refer to the online help, the Cisco IOS software documentation on CCO (for Cisco IOS devices), and the appropriate Catalyst reference guides.

Configuring Cisco IOS Devices

To configure Cisco IOS devices:


Step 1 Telnet to the device and log in. The prompt changes to host>.

Step 2 Enter enable and the enable password. The prompt changes to host#.

Step 3 Enter configure terminal. You are now in configuration mode, and the prompt changes to host(config)#.

Step 4 To make sure logging is enabled, enter logging on.

Step 5 To specify the server to receive the router syslog messages, enter logging 123.45.67.89 (where 123.45.67.89 is the IP address of the server).

Step 6 To limit the types of messages that can be logged to the server, set the appropriate logging trap level by entering logging trap informational.

Severity level informational means all messages from alerts to informationals will be logged to the server.

Step 7 Verify that Syslog is running:

a. From the CiscoWorks2000 interface, select CiscoWorks2000 Server > Administration > Process Management > Process Status. The Process Status dialog box appears.

b. Verify that the entry for Syslog Analyzer has the status Running.

Step 8 Verify that the Syslog configuration file settings are correct. See the "Verifying the Settings in the Syslog Configuration File" section for instructions.


Configuring Catalyst Devices

To configure Catalyst devices:


Step 1 Telnet to the device and log in. The prompt changes to host>.

Step 2 Enter enable and the enable password. The prompt changes to host(enable).

Step 3 To make sure logging is enabled, enter set logging server enable.

Step 4 To specify the server to receive the Catalyst switch syslog messages, enter set logging server 123.45.67.89 (where 123.45.67.89 is the IP address of the server).

Step 5 Set the appropriate logging trap level by entering set logging level 6.

Severity level 6 means all messages from level 0-5 (from alerts to notifications) will be logged to the server.

Step 6 Verify that Syslog is running.

a. From the CiscoWorks2000 interface, select CiscoWorks2000 Server > Process Management > Process Status. The Process Status dialog box appears.

b. Verify that the entry for Syslog Analyzer has the status Running.

Step 7 Verify that the Syslog configuration file settings are correct. see the "Verifying the Settings in the Syslog Configuration File" section for instructions.


Verifying the Settings in the Syslog Configuration File

To check the path and permissions of the file pointed to by local7.info in the syslog configuration file /etc/syslog.conf on the server:


Step 1 Make sure the facility.level definition is set to local7.info, and that the following line is present (note that there must be a tab between local7.info and the path/filename):

local7.info     path/filename

where path/filename is the full path to a file.

Step 2 Make sure the syslog process (syslogd) can both read and write to the file.

Step 3 If you modified the /etc/syslog.conf file, restart the syslog process (syslogd). Enter the following command to stop and restart syslogd:

/bin/startsrc -s syslogd start and /bin/startsrc -s syslogd stop

If the start and stop command does not work, enter:

kill -HUP `cat /etc/syslog.pid`

Step 4 Make sure the Message Source in the CiscoWorks2000 Server is the same as the filename you specified in the syslog.conf file. You can check this by selecting Resource Manager Essentials > Administration > Syslog Analysis > Change Storage Operations.


Verifying the Syslog Analyzer

To verify that the Syslog Analyzer is processing messages from the network:


Step 1 Log in to a managed router that is configured to send syslog messages to the server. You must have appropriate login privileges to make configuration changes.

Step 2 Make a nondestructive change to the router configuration. For example, change the contents of the login banner by entering:

# enable
# configure terminal

The prompt changes to #>.

#> banner motd /
This is a test /
#> end

Step 3 Wait approximately 2 minutes for the Syslog message to be processed by the server.

Step 4 Select Resource Manager Essentials > Syslog Analysis > Standard Reports. The Standard Reports dialog box appears.

Step 5 Select the device for which you made a change. Click Help if needed.

Step 6 Click Next. The Select Dates and Report Type dialog box appears.

Step 7 Select:

All Messages in the Report Type list.

Today from the Dates list.

Step 8 Click Finish. The Syslog-Standard report appears.

Verify that the report contains the Syslog message generated by the configuration change.


Setting Up Software Management

Software Management performs system software upgrades, boot loader upgrades, and software configuration operations on groups of routers and switches.

Space Required for Downloaded Files

Software Management files downloaded to the server from the CCO or the product CD-ROM are stored in the /var directory or its subdirectories. Make sure there is enough space in the /var directory for all files that you plan to download.

Device software image files are up to 4 MB in size. To determine how much space you need, multiply the number of device software image files you plan to store by 4 MB. For example, if you plan to store 30 software image files, you need at least 120 MB in /var.

In addition, you need space for some smaller downloaded files and temporary files. To accommodate these needs, add at least 20% to the space needed for software image files for your final space calculation in the /var directory. Using the previous example, you would need a total of at least 144 MB of available space in /var.

Adding Device Passwords to Inventory

Before you can use Software Management to manage device software images, you must add the required device passwords to Inventory. To add device passwords to Inventory, see the "Changing Device Attributes (Credentials and Serial Numbers)" section or refer to the online help.

Setting Software Management Preferences

Software Management has many preferences you can set to control how the application behaves. To set preferences:


Step 1 Select Resource Manager Essentials > Administration > Software Management > Edit Preferences. The Edit Preferences dialog box appears.

Step 2 Change preferences as appropriate.

For more information, refer to the online help.

Step 3 After you finish:

Click Finish to save your changes.

Click Default to display the default configuration.


Setting Up TFTP

A file transfer server must be installed on your system. You must enable a Trivial File Transfer Protocol (TFTP) server because it is the default file transfer server type.

During Software Management installation, if the installation tool cannot find a TFTP server, it tries to add one. If the installation tool cannot find or create a TFTP server, install and enable the TFTP server and verify that a /tftpboot directory exists, as explained in the following sections.

Enabling the TFTP Daemon

If you are using standard AIX software, you can add and configure the TFTP server (TFTPD):


Step 1 Log in as superuser.

Step 2 Using a text editor, edit the /etc/inetd.conf file.

Look in the file /etc/inetd.conf for the line that invokes TFTPD. If the line begins with a pound sign (#), remove the pound sign with your text editor. Depending on your system, the line that invokes the TFTP server might look similar to the following:

tftp  dgram  udp6 src root  /usr/sbin/tftpd tftpd -d /tftpboot

Save the changes to the edited file and exit your text editor.

Step 3 At the UNIX prompt, enter the following command to display the process identification number for the inetd configuration:

# /usr/bin/ps -ef | grep -v grep | grep inetd 

The system response is similar to:

root  119   1  0  12:56:14 ?           0:00 /usr/bin/inetd -s

The first number in the output (119) is the process identification number of the inetd configuration.

Step 4 To enable your system to read the edited /etc/inetd.conf file, enter:

# kill -HUP 119 

where 119 is the process identification number identified in Step 3.


Step 5 Verify that TFTP is enabled by entering either of the following:

# netstat -a | grep tftp

which should return output similar to:

*.tftp Idle

or enter:

# /usr/CSCOpx/bin/mping -s tftp localhost_machine_name

which returns the number of modules sent and received, for example:

sent:5 recvd:5 . . .

If the output shows that zero modules were received, TFTP is not enabled. Repeat these steps, beginning with Step 1, to make sure you have enabled TFTP.


Creating the /tftpboot Directory

Essentials uses the /tftpboot directory when transferring files between the Essentials server and network devices. The files are removed after the transfer is complete, but multiple jobs (for example, image distribution, image import, or config file scan) could be running at the same time.

Each of these jobs requires its own space. Software image sizes, for example, can be up to 9 MB. To ensure that jobs run successfully, make sure there is sufficient space available in the /tftpboot directory.

If the /tftpboot directory does not exist on your system, follow these steps to create it:


Step 1 Enter:

# mkdir /tftpboot 

Step 2 Make sure all users have read, write, and execute permissions to the /tftpboot directory by entering:

# chmod 777 /tftpboot

The /tftpboot directory now exists and has the correct permissions.


Setting Up rcp

You can enable a remote copy (rcp) server on the server and select it as the active file transfer server. If you select rcp as the active server and then try to transfer files to a device that does not support rcp, Essentials uses TFTP to transfer the files.

Creating the rcp Remote User Account

To use rcp, you must create a user account on the system to act as the remote user to authenticate the rcp commands issued by devices. This user account must own an empty .rhosts file in its home directory to which the user bin has write access.

You can choose the name of this user account because you can configure the Essentials server to use any user account. The default user account name is cwuser. The examples in this procedure use the default name cwuser. If you choose to use a different name, substitute that name for cwuser.

To create and configure the rcp remote user account, follow these steps while logged in as root:


Step 1 Add a user account named cwuser to the system by entering:

# useradd -m -c "user account to authenticate remote copy operations" 
\ cwuser

Step 2 Navigate to the cwuser home directory.

Step 3 Create the .rhosts file by entering:

# touch .rhosts

Step 4 Change the owner of the .rhosts file by entering:

# chown cwuser:bin .rhosts

Step 5 Change the permissions of the .rhosts file by entering:

# chmod 0664 .rhosts

Step 6 If you did not use the default user name cwuser, use the user account that you created as the rcp remote user account.

a. Log on to the server as admin.

b. Select Resource Manager Essentials > Administration > Inventory > System Configuration.

The System Configuration dialog box appears.

c. Select the rcp tab.

d. Enter the name of the user account that you just created in the User Name field, then click Finish.

Enabling the rcp Daemon

To add and configure standard AIX 4.3.3 rcp server software:


Step 1 Log in as superuser.

Step 2 Using a text editor, edit the /etc/inetd.conf file.

Look in the file /etc/inetd.conf for the line that invokes rshd. If the line begins with a pound sign (#), remove the pound sign with a text editor. Depending on your system, the line that invokes the rshd server might look similar to the following:

shell  stream  tcp   nowait  root   /usr/sbin/in.rshd   in.rshd

Save the changes to the edited file and exit the text editor.

Step 3 At the UNIX prompt, enter the following to display the process identification number for the inetd configuration:

# /usr/bin/ps -ef | grep -v grep | grep inetd 

The system response is similar to:

root  119   1  0  12:56:14 ?           0:00 /usr/bin/inetd -s

The first number in the output (119) is the process identification number of the inetd configuration.

Step 4 To enable your system to read the edited /etc/inetd.conf file, enter:

# kill -HUP 119 

where 119 is the process identification number identified in Step 3.

Step 5 Verify that rshd is enabled by entering:

# netstat -a | grep shell

which should return output similar to the following:

*.shell    *.*     0 0 0 0 LISTEN

Selecting rcp as the Active File Transfer Method

By default, Essentials uses rcp with devices that support rcp. For devices that do not support rcp, Essentials uses TFTP to transfer files.

You can disable rcp if you do not want Essentials to use it with any devices.


Step 1 Select Resource Manager Essentials > Administration > Software Management > Edit Preferences.

Step 2 Select Use RCP for image transfer (when applicable).

Step 3 Click Finish.


Allowing the User bin to Use at and cron

Software Management uses at and cron to schedule Software Management image transfers to devices. The process that performs the download is executed as bin, so the user bin must be allowed to use at and cron.

To allow the user bin to use at:


Step 1 If an at.allow file exists in the /var/adm/cron directory, make sure bin is not listed in it. If necessary, add bin to the at.allow file using a text editor.

Step 2 If an at.deny file exists in the /var/adm/cron directory, make sure bin is not listed in it. If necessary, remove bin from the at.deny file using a text editor.

Step 3 If neither an at.allow nor an at.deny file exist in the directory /var/adm/cron, create an at.allow file and add bin to it using a text editor.


To allow the user bin to use cron:


Step 1 If a cron.deny file exists in the /var/adm/cron directory, make sure bin is not listed in it. If necessary, remove bin from the cron.deny file using a text editor.

Step 2 If a cron.allow file exists in the /var/adm/cron directory, make sure bin is listed in it. If necessary, add bin to the cron.allow file using a text editor.

Step 3 If neither a cron.allow nor a cron.deny file exists in the /var/adm/cron directory, create a cron.allow file and add bin to it using a text editor.


Setting Up Configuration Management

Before Configuration Management can gather device configurations, you need to update the Essentials database with passwords (credentials) and modify device configurations. If desired, you can integrate with Netsys and set up NetConfig.

Entering Device Credentials

Before the configuration archive can use Telnet to gather device configurations, you need to enter the following device credentials:

Read and write community strings

Telnet passwords for login mode and Telnet passwords for Enable mode

TACACS, Local, and rcp information for the devices

If a device is configured for TACACS authentication, add the TACACS username and password, not the Telnet passwords.

If a device is configured for local user authentication, add the local username and password.

If you already added devices or imported them into Inventory and did not specify this information, you can change the device attributes.

Refer to the "Changing Device Attributes (Credentials and Serial Numbers)" section or the Inventory online help for more information.

Modifying Device Configurations

You need to modify your device configurations so that Configuration Management can gather the configurations. After you perform the following procedures and your devices become managed, the configuration files are collected and stored in the configuration archive.

Make Sure Devices Are rcp-enabled

Make sure the devices are rcp-enabled by logging into each device and entering the following commands in the device configurations:

# ip rcmd rcp-enable
# ip rcmd remote-host remote_username 123.45.678.90 local_username 
enable

where 123.45.678.90 is the IP address or hostname of the system on which Essentials is installed. The default remote_username and local_username are cwuser.

Configure Devices for Syslog Analysis

Configure your devices for Syslog Analysis if you want the device configurations to be gathered and stored automatically in the configuration archive when syslog messages are received. See the "Setting Up Syslog Analysis" section or refer to the online help for more information.

Modifying Device Security

Configuration Management must be able to run certain commands on devices to archive their configurations. You must disable the security on devices that prevents Configuration Management from running the commands shown in Table 2-3.

Table 2-3 Required Configuration Management Commands  

Command Type
Command
Description

Catalyst commands

set len 0

Turns paging off for the Telnet session.

write term

Gets the running configuration.

Fast Switch command

show run

Gets the running configuration.

IOS commands

term len 0

Turns paging off for the Telnet session.

write term

Gets the running configuration.

show config

Gets the startup configuration.


Setting Up Netsys Integration

Netsys is a Cisco network management application that you can choose to integrate with Essentials. After integration, you can pass information to Netsys from the Inventory application and receive Netsys reports that you can view from the CiscoWorks2000 interface.

When you integrate Essentials with Netsys running on a remote Windows NT system, you must perform some setup tasks that are not required when you integrate with Netsys running on the CiscoWorks2000 server or on a remote UNIX system.

Supported Netsys Versions

You can integrate Configuration Management with the following versions of Netsys:

Version 4.2 for UNIX operating systems

Version 4.0.1 for Windows NT

Upgrading Netsys Integration

When you upgrade from a previous version of Essentials, you must upgrade Netsys integration. You can choose either of the following procedures. The two procedures have different effects. The second procedure must be performed before you begin the CiscoWorks2000 upgrade.

The first procedure regenerates the baseline using the previous Netsys setup information, which is preserved during the upgrade. The previous reports are deleted and the baseline on the Netsys server is overwritten.


Step 1 Upgrade to Essentials 3.1, following the procedures in Installing and Setting Up CiscoWorks2000 CD One on AIX and in the "Upgrading from a Previous Version" section in this guide.

Step 2 Access CiscoWorks2000 and log in as administrator.

Step 3 Select Resource Manager Essentials > Administration > Configuration Management > General Setup. The General Setup dialog box appears.

Step 4 Select the Netsys Setup tab.

Step 5 Select the Create Baseline check box, then click Apply.

If a message appears informing you about a timeout problem or an exception, click Apply to continue. The baseline regeneration will proceed.


The second procedure restores the previous Netsys setup information, baseline, and reports. Report generation will continue after the upgrade according to the previous schedule.


Note This procedure must be performed before you begin the upgrade installation.



Step 1 Before upgrading to Essentials 3.1, copy all of the files and directories in the directory install_dir/htdocs/netsys to a safe place, where install_dir is the directory in which the previous version of Essentials is installed.

Step 2 Upgrade to Essentials 3.1.

Step 3 Restore the files and directories you backed up to the directory install_dir/htdocs/netsys, where install_dir is the directory where Essentials 3.1 is installed.


Setting Up Netsys Integration on a Remote Windows NT System


Note The following setup tasks are not required when Netsys is installed on the same system as CiscoWorks2000.


To integrate with Netsys running on a remote Windows NT system:


Step 1 Verify that the run_ngs.exe file exists in the Netsys installation directory on the Netsys server. Netsys is installed in the directory defined by the system variable ECSP_HOME.

Step 2 Copy the rcmf.exe file from the CiscoWorks2000 server to any directory on the Netsys server (c:/Temp is recommended).

This file is located in the install_dir/RemoteNetsysNT directory, where install_dir is the directory in which CiscoWorks2000 is installed.

Step 3 Run rcmf.exe on the Netsys server to install remote shell services:

a. Exit all running programs.

b. Open an MS-DOS window.

c. Navigate to the directory to which you copied rcmf.exe.

d. Enter rcmf and press the Enter key. The installation program starts, and a dialog box appears asking if you want to install rcmf.

e. Click Yes. The Welcome dialog box appears.

f. Click Next. The Setup Type dialog box appears.

g. Select the Typical or Custom setup type:

Typical installs rcmf in the C:\Program Files\rcmf directory with no more interaction.

Custom allows you to select the installation directory.

h. Click Next.

If you selected the Typical setup type, the Start Copying Files dialog appears. Go to step (j).

If you selected the Custom setup type, the Destination Location dialog appears.

i. In the Destination Location dialog box, click Browse to browse for the directory in which to install rcmf, then click Next. The Start Copying Files dialog box appears.

j. Click Next in the Start Copying Files dialog box to start installing files, or click Cancel to cancel the installation.

Rcmf is installed, and the Setup Complete dialog box appears. A CiscoWorks2000 Remote Service entry with an uninstall option is added to the Program menu.

Step 4 On the Netsys server:

a. Make sure that the TMPDIR system variable is defined. If it is not, define it as a full path to an existing directory.

b. To start the remote shell servers, enter net start crmrsh from the directory in which you installed them.

c. From the directory in which you installed the remote shell services, enter the command that corresponds to your CiscoWorks server type. CW2000_host is the name of the CiscoWorks2000 server.

For a Windows NT CiscoWorks2000 server system, enter:

crmrsh addrhost "CW2000_host SYSTEM" Administrator
crmrsh addrhost "CW2000_host bin" Administrator

For a UNIX CiscoWorks2000 server system, enter:

crmrsh addrhost "CW2000_host bin" Administrator

d. Add an entry to the hosts file for the CiscoWorks2000 server. The hosts file is located in the directory c:\Winnt\system32\drivers\etc.

Step 5 Verify that the CiscoWorks2000 and Netsys servers can communicate with each other over the network by pinging each system from the other.

Step 6 Verify that remote shell services are running correctly:

a. On the Netsys server, enter:

crmrsh addrhost "CW2000_host username" Administrator

where CW2000_host is the name of the CiscoWorks2000 server and username is an operating system login name.

b. Log in to the CiscoWorks2000 server using the login that you entered on the Netsys server system (username).

c. On the CiscoWorks2000 server, enter:

rsh -l Administrator Netsys_host "dir"

where Netsys_host is the name of the Netsys server, to list the contents of the root directory on the Netsys server.

If a directory listing appears, the remote shell services are working.


Troubleshooting Netsys Integration Setup

If you have any problems setting up integration with Netsys running on a Windows NT system, perform the following troubleshooting steps on the Netsys server:


Step 1 Verify that the system variable TMPDIR is defined.

Step 2 Review events on the system generated by the source CRMrsh to determine if any errors occurred.

a. Select Start > Programs > Administrative Tools (Common) > Event Viewer to open the event viewer.

b. Select File > Application to view the application log.

c. Locate events with the source CRMrsh by using either the View > Filter Events... or View > Find... commands. Refer to the Event Viewer online help for more information.

Step 3 If the Event Viewer does not provide any useful information about Netsys integration problems, modify the debug level and repeat the setup process, as described in the following steps:

a. Start the Registry Editor by entering the command regedit at the command prompt or in the Run dialog box.

b. Select the registry key, My Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > crmrsh > Parameters.

The possible values for Debug level are 0x1, 0x2, 0x4 and 0x6.

c. Set the value of Debug to 0x06 to get the most detailed debug output in the Event Viewer.

d. Restart CRMrsh services by entering the following commands:

net stop crmrsh

net start crmrsh

e. Repeat the Netsys setup process on the CiscoWorks2000 server and use the Event Viewer to find any errors.

Step 4 If you find the CRMrsh message "The Client is not authorized to do remote commands" in the Event Viewer, follow these steps to correct the problem:

a. Verify that the CiscoWorks2000 host name is entered in the hosts file on the Netsys server.

b. Determine if the CiscoWorks2000 host name is resolved to a fully qualified name in the event log. If so, use the fully qualified host name (for example, cw2000.cisco.com) when you enter the crmrsh addrhost command.

c. Verify that the CiscoWorks2000 user name is entered correctly by examining the Registry keys rhosts and rusers, which are located at the Registry path, My Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > crmrsh > Parameters.

Step 5 To troubleshoot other errors, examine the log file netsys_debug.log, which is located in the directory specified by the value of the PX_TMPDIR environment variable.


Setting Up NetConfig

This section describes how to set up NetConfig.

Verifying Device Configurations

NetConfig can configure only those devices that have configurations archived. To verify that devices you want to configure have an archived configuration and troubleshoot those that do not, use the Archive Status report:


Step 1 Select Resource Manager Essentials > Administration > Configuration Management > Archive Status. The Configuration Archive Status Summary dialog box appears.

Step 2 Click Update at the bottom of the dialog box to update the archive status.

Step 3 Click on a device status to view details:

Click Successful to display information about which configurations are archived. Click Close to close the window and return to the Configuration Archive Status Summary dialog box.

Click Failed to display information about which configurations could not be obtained. To update the archive for failed devices, click on one or more device names or click Select All, then click Update Archive. The Running Configuration Status report appears. Click Update Status to refresh the device status in the archive. Click Close to return to the Configuration Archive Status Summary dialog box.

Click Not Supported to display the devices not supported by the configuration archive. Click Close to return to the Configuration Archive Status Summary dialog box.

Click Partial Failure to display the Catalyst 5000 devices whose submodules were not pulled into the archive. Click Close to return to the Archive Status Summary dialog box.

For information, refer to the Configuration Management online help.


Verifying Device Credentials

Verify that every device you want to configure using NetConfig has the correct device credentials entered in the Inventory application. NetConfig must have access to the correct credentials to make device configuration changes.

To verify device credentials, select Resource Manager Essentials > Inventory > Check Device Attributes. If any devices that you want to configure have incorrect credentials, see the "Changing Device Attributes (Credentials and Serial Numbers)" section or refer to the online help.

Modifying Device Security

In addition to running the configuration commands that you assign to each job, NetConfig must be able to run certain commands on devices to configure them. You must disable the security on devices that prevents NetConfig from running the commands listed in Table 2-4.

Table 2-4 Required NetConfig Commands 

Command Type
Command
Description

Catalyst commands

set len 0

Turns paging off for the Telnet session.

write term

Gets the running configuration.

reload

Reloads or resets the device.

Fast Switch commands

show run

Gets the running configuration.

reload

Reloads or resets the device.

IOS commands

term len 0

Turns paging off for the Telnet session.

write term

Gets the running configuration.

show config

Gets the startup configuration.

reload

Reloads or resets the device.

write mem

Writes running configuration to startup configuration.

erase startup

Erases the startup configuration.

config t

Enters config mode.

exit

Exits config mode.


Verifying Device Prompts

NetConfig requires the following CLI prompts:

For Cisco IOS devices, the login prompt must end with a greater-than symbol (>), and the enable prompt must end with a pound sign (#).

For Catalyst devices, the enable prompt must end with the following string:

(enable)

These are the default prompts. If you have changed the defaults, make sure the prompts meet the requirements listed above.

Logging Out

To end your administrator tasks, you must log out of CiscoWorks2000:


Step 1 Close all secondary browser windows. You should have only one browser window opened displaying the CiscoWorks2000 interface.

Step 2 Click Logout. The Login Manager dialog box replaces the navigation tree.



[an error occurred while processing this directive]