Installation and Setup Guide for Resource Manager Essentials 3.4 on Solaris
Preparing to Use Essentials Applications
Download this chapter
Preparing to Use Essentials ApplicationsPreparing to Use Essentials Applications
give_us_feedback

Table Of Contents

Preparing to Use Essentials Applications

Preparation Overview

Accessing the Server

Logging In

Configuring the Server

Setting Device Credentials

Setting Up Inventory

Adding or Importing Inventory Data

Adding Device Information Manually

Importing Devices

Creating a Device View

Changing Device Attributes (Credentials and Serial Numbers)

Verifying Availability

Setting Up Syslog Analysis

Specifying Country Codes

Configuring Devices for Syslog Analysis

Configuring Cisco IOS Devices

Configuring Catalyst Devices

Verifying the Settings in the Syslog Configuration File

Verifying the Syslog Analyzer

Setting Up Software Management

Space Required for Downloaded Files

Adding Device Passwords to Inventory

Setting Software Management Preferences

Setting Up TFTP

Enabling the TFTP Daemon

Creating the /tftpboot Directory

Setting Up rcp

Creating the rcp Remote User Account

Enabling the rcp Daemon

Selecting rcp as the Active File Transfer Method

Allowing the User casuser to Use at and cron

Setting Up Configuration Management

Entering Device Credentials

Modifying Device Configurations

Make Sure Devices Are rcp-enabled

Configure Devices for Syslog Analysis

Modifying Device Security

Setting Up NetConfig

Verifying Device Configurations

Verifying Device Credentials

Modifying Device Security

Verify Device Prompts

Logging Out


Preparing to Use Essentials Applications

After installing and setting up Essentials, you must configure the server for Essentials and configure the Essentials applications for use.

This chapter assumes that you have performed the client setup tasks described in Installing and Setting Up CiscoWorks2000 CD One on Solaris.

This chapter consists of:

Preparation Overview

Accessing the Server

Logging In

Configuring the Server

Setting Up Inventory

Verifying Availability

Setting Up Syslog Analysis

Setting Up Software Management

Setting Up Configuration Management

Preparation Overview

Table 2-1 is an overview of preparing to use Essentials applications. It contains references to more detailed information about each task.

Table 2-1 Preparing To Use Essentials Applications Task Overview 

Task
Steps
References

1. Configure the system.

Enter information about the proxy server, SNMP, and rcp.

"Configuring the Server" section.

2. Setting device credentials

Configure items on the devices that are to be monitored by Essentials.

"Setting Device Credentials" section

3. Set up Inventory.

a. Create network inventory by either:

Adding device information one device at a time.

Importing device information from a file or NMS database or Auto Update Server

"Adding or Importing Inventory Data" section.

b. (Optional) Create a device view.

"Creating a Device View" section.

c. (Optional) Obtain login privileges to Cisco Connection Online (CCO).

If you do not have login privileges, go to the CCO home page, www.cisco.com, to obtain a login.

d. (Optional) Enter device serial numbers for devices that have Contract Connection service contracts.

"Changing Device Attributes (Credentials and Serial Numbers)" section.

e. (Optional) Perform the following Inventory setup tasks:

Schedule inventory polling and collection.

Set change report filters.

Display a detailed device report.

Inventory online help.

4. Verify Availability.

a. Create a device view with at least one device.

"Verifying Availability" section and "Creating a Device View" section.

b. Verify that Availability functions correctly.

"Verifying Availability" section.

5. Set up Syslog Analysis.

a. Configure your routers and switches for Syslog analysis.

"Configuring Devices for Syslog Analysis" section.

b. Verify settings in the Syslog configuration file.

"Verifying the Settings in the Syslog Configuration File" section.

c. Verify syslog messages are being processed by Syslog Analyzer.

"Verifying the Syslog Analyzer" section.

6. Set up Software Management.

a. Add device passwords to inventory.

"Adding Device Passwords to Inventory" section.

b. Set Software Management preferences.

"Setting Software Management Preferences" section.

c. Obtain login privileges to Cisco Connection Online (CCO).

If you do not have login privileges, go to the CCO home page, www.cisco.com, to obtain a login.

d. Set up Trivial File Transfer Protocol (TFTP).

"Setting Up TFTP" section.

e. Set up rcp.

"Setting Up rcp" section.

f. Allow user casuser to use at and cron.

"Allowing the User casuser to Use at and cron" section.

g. (Optional) Perform setup tasks:

Create a baseline of the devices in your network and populate the software image library.

Schedule the Browse Defects job to run periodically.

Schedule the Synchronize Library job to run periodically.

Create one or more approver lists if you want to use the Maker Checker option.

Distribute a software image to a device or group of devices.

Software Management online help.

7. Set up Configuration Management.

a. Enter passwords.

"Entering Device Credentials" section.

b. Modify device configurations.

"Modifying Device Configurations" section.

c. Modify device security.

"Modifying Device Security" section.

d. Set up NetConfig:

Verify device configurations in configuration archive.

Verify device credentials.

Modify device security.

Verify device prompts.

"Setting Up NetConfig" section and NetConfig online help.

e. (Optional) Perform NetConfig setup tasks:

Install Java Plugin on client systems.

Configure default job properties.

Assign template access privileges to users.

Enable Job Approval.

NetConfig online help.


Accessing the Server

When you access the CiscoWorks2000 Server, the CiscoWorks2000 screen appears with the Login Manager displayed. To access the server from a client system, enter the URL of the server in your web browser:

If you installed CiscoWorks2000 CD One on the default port, and if SSL is disabled enter: 

http://server_name:1741

If SSL is enabled, enter: 

https://server_name:1742


where server_name is the hostname of the server on which you installed 
Essentials.

If an alternative port was assigned during CiscoWorks2000 CD One installation, enter: 

http://server_name:port_number

where server_name is the name of the server on which you installed CiscoWorks2000 CD One and Essentials, and port_number is the alternative port assigned during the installation. See Getting Started with the CiscoWorks2000 Server for information about administrator logins.

Logging In

To perform server setup tasks, you must log in as the system administrator:

Step 1 Enter the administrator username and password in the Login Manager dialog box (Figure 2-1). The default username and password are: 

User Name: admin

Password: admin

Figure 2-1 Login Manager Dialog Box

Step 2 Click Connect.

The Login Manager dialog box is replaced by the navigation tree).

Configuring the Server

You can configure system-wide information for Essentials applications using the System Configuration option. You should verify that the defaults are correct or enter corrections.

Step 1 Select Resource Manager Essentials > Administration > System Configuration.

The System Configuration dialog box appears (Figure 2-2).

Figure 2-2 System Configuration Dialog Box

Step 2 Select one of the following tabs to enter information or to verify that the configured information is correct:

Proxy

SNMP

rcp

See Table 2-2 for descriptions of the information in each dialog box tab.

Step 3 Click Apply to save changes, or click Defaults to apply the default.

Step 4 Repeat Step 2 and Step 3 until you have verified or corrected all the information displayed in the System Configuration dialog box.

The dialog box is displayed until you select another option from the navigation tree.

Table 2-2 System Configuration Dialog Box Information 

Tab Name
Description
Fields—Values to Enter

Proxy

Connects to CCO. If server access to the outside world is controlled through a proxy server, this setting must be configured.

Proxy URL—System-wide proxy URL. There is no default.

SNMP

Queries devices for inventory collection, which includes importing and adding devices and collecting inventory data.

Fast SNMP Timeout—Length of time, from 5 to 90 seconds, the system waits for a device to respond before trying to access it again. Default is 5.

Fast SNMP Retry—Number of times, from 2 to 6, the system tries to access devices with fast SNMP options. Default is 2.

Slow SNMP Timeout—Length of time, from 10 to 90 seconds, the system waits for a device to respond before trying to access it again. Default is 20.

Slow SNMP Retry—Number of times, from 2 to 6, the system tries to access a device with slow SNMP options. Default is 3.

The system tries the Fast SNMP Timeout and Fast SNMP Retry options first. If no response occurs after Fast Retry, the system switches to the Slow SNMP options.

rcp

Used to specify user during remote file transfers from devices. Authenticates rcp transfers between devices and server.

User account must exist on UNIX systems and should also be configured on devices as local user in the ip rcmd configuration command.

See "Setting Up rcp" section.

User Name—Name used by a network device when it connects to the server to run rcp.


Setting Device Credentials

Several important items must be configured correctly on every Cisco device that is going to be managed and monitored through Essentials.

Details about each application and the tasks involved in setting the credentials are available later in this document.

Table 2-3 lists all the applications and the device credentials required for proper functioning of the applications.

.

Table 2-3 Applications and the Device Credentials 

Application
Telnet Password
Enable Password
SNMP Read Only
SNMP Read / Write

NetConfig

Required

Required

Not required

Not required

NetShow

Required

Required

Not required

Not required

Config Editor

Required

Required

Not required

Not required

ChangeAudit

Not required

Not required

Not required

Not required

Configuration Management (Telnet)

Required

Required

Required

Not required

Configuration Management (TFTP)

Not required

Not required

Required

Required

Device Views

Not required

Not required

Not required

Not required

Inventory

Not required

Not required

Required

Not required

SWIM

Required *

Required *

Required

Required

Syslog

Not required

Not required

Not required

Not required

Availability

Required

Required

Required

Not required


* Required in case of few devices.

Setting Up Inventory

As a network administrator, you need to be able to quickly troubleshoot problems on the network, identify when network capacity is being reached, and provide information to management on the number and types of devices being used on the network. If the network goes down, one of the first things you will need to know is what devices are running on the network. The Inventory application in Essentials caters to these requirements.

This section describes the tasks that you must perform to set up the Inventory application.

For detailed information see User Guide for Resource Manager Essentials 3.4.

Adding or Importing Inventory Data

You must have at least one managed device (a device whose inventory information is tracked by Essentials) to verify correct Essentials installation. To manage your network, you need to add device information for all your managed devices.

To populate your network inventory:

Add devices one at a time by entering the device information manually.

Import a group of devices from:

A comma-separated values (CSV) file or a device integration file (DIF) that you create from another information source.

A supported network management system (NMS) on the same host as your server (local import).

A supported NMS on a different host from your server (remote import).

A supported proxy server like Auto Update Server (AUS).

The supported NMS software is described in the "Supported NMS Environments for Device Import" section.

Adding Device Information Manually

This section describes how to add devices one at a time and how to troubleshoot problems you might have, using this method.

Step 1 Select Resource Manager Essentials > Administration > Inventory > Add Devices.

The Add a Single Device dialog box appears.

Step 2 Enter the access information and annotations for one device.

You must fill in the Device Name field with the device name or IP address. For Inventory, all other fields in this dialog box are optional. For other applications, you might need to fill in other fields. For more information, refer to the Inventory online help.

Step 3 Click Next.

The Enter Login Authentication Information dialog box appears.

You must fill in the Read Community String field and verify the password. For Inventory, all other fields in this dialog box are optional. For other applications, you might need to fill in other fields. For more information, refer to the online help.

Step 4 Click Next.

The Enter Enable Authentication Information dialog box appears.

If required, complete this dialog box. For Inventory, all fields in this dialog box are optional. For more information, refer to the online help.

Step 5 Click Finish.

The Single Device Add dialog box appears.

Step 6 Click View Status.

The Add/Import Status Summary dialog box appears.

Step 7 Use the Add/Import Status Summary dialog box to check the status of the device you specified. The dialog box should contain:

Device Status
Number of Devices

Managed

0

Alias

0

Pending

1

Conflicting

0

Suspended

0

Not Responding

0

Device Attribute Errors

0


If the device responded quickly, the Managed row might already contain one device.

Step 8 Click Update on the Add/Import Status Summary dialog box to update device status.

If the pending count goes from 1 to 0 after you click Update and the Managed field has 1 device, Essentials was installed and configured correctly. You might need to wait a couple of minutes for the device to become managed. Click Update on the Add/Import Status Summary dialog box every minute or so to check current device status.

If you added a device and the Add/Import Status Summary dialog box shows that the device status has not changed from Pending within 15 minutes, check the status of all processes to make sure they are running normally.

Step 9 To view the latest device status information, select Resource Manager Essentials > Administration > Inventory > Import Status, then click Update in the Add/Import Status Summary dialog box.

Step 10 To determine if the DIServer process is running, select Server Configuration > Administration > Process Management > Process Status. (The DIServer process is responsible for validating devices and changing their status from Pending.)

Even if the DIServer process has the state Running Normally, it might be in an error state. You need to stop and restart it.

To stop the DIServer process:

a. Select Server Configuration > Process Management > Stop Process.

The Stop Process dialog box appears.

b. Click the Process radio button.

c. In the Process Name field, select DIServer, then click Finish.

To restart the DIServer process:

a. Select Server Configuration > Process Management > Start Process.

The Start Process dialog box appears.

b. Click the Process radio button.

c. In the Process Name field, select DIServer, then click Finish.

Step 11 To return to the Add/Import Status Summary screen, select Resource Manager Essentials > Administration > Inventory > Import Status, then click Update.

The device status should change to Managed within a couple of minutes.

Importing Devices

You can import devices either from a file or from a local or remote NMS.

You can extract data from your existing data source into a comma-separated value (CSV) file or device integration file (DIF), then use this file as input into the Essentials database. First create a CSV file or DIF file, then select Resource Manager Essentials > Administration > Inventory > Import from File to access the file and import the device information. For additional information, refer to the online help.

To import devices from a local NMS database, select Resource Manager Essentials > Administration > Inventory > Import from Local NMS. For more information, refer to the online help.

For a list of supported NMS software, see the"Supported NMS Environments for Device Import" section.

To import devices from a remote NMS:

Work with the system administrator of the host on which the NMS database is running. For more information, refer to the online help.

Perform several system and NMS configuration steps that are contingent upon the NMS you are using. For information about the device import software supported for remote import, see the "Supported NMS Environments for Device Import" section. For additional information, refer to the online help.

Select Resource Manager Essentials > Administration > Inventory > Import from Remote NMS to import devices from the databases listed in the Remote NMS Import dialog box.

To import devices from an Auto Update Server (AUS):

Select Resource Manager Essentials > Administration > Inventory > Proxy Management.

If you have difficulty importing device information:

Increase the SNMP timeout setting. Refer to the online help for more information or see the "Configuring the Server" section.

Verify that you entered correct read community strings for the devices.

For additional information, refer to the online help.

Creating a Device View

After you have added devices into the Essentials inventory database, you can define views to logically group devices into locations, types, or areas of responsibility. Device Views allow you to quickly view reports on all devices of a certain type or with specific characteristics, such as all Catalyst® switches.

Three categories of device views are available in Essentials:

System: These views are predefined and available after you install Essentials. System views include most major classes of Cisco devices, such as all Catalyst switches, all Cisco 7000 Series routers, or all SwitchProbes.

Custom: These views are defined by users and, when created, are available for use by anyone with the appropriate access to the server.

Private: These views are also defined by users, but are available only to the user account that created them.

Two different types of views can be created within the custom or private categories (all system views are dynamic views):

Dynamic views are logical groups based on device attributes, such as device class or software version. The devices in a dynamic view appear, based on the attribute value. If the device attribute for a device in which the dynamic view is based on changes, the device will no longer be a member of that dynamic view.

If devices are added to the inventory with the same value, or an existing devices attribute is changed to the same value, as the value for the attribute a dynamic view is based on, then they will be automatically added to the view. An example of a dynamic view is "all devices with Cisco IOS Version 12.0." Any devices that currently have this attribute would be included in the device view. All system views are dynamic.

Static views are logical groups based on user-defined characteristics. Static views include any devices that you add to the view. The members of the group do not change unless you manually add or remove devices. Use static view when you do not want the membership to change automatically.

To set up and verify the Essentials applications, you must create a static device view (a group of devices) that includes at least one device. For additional information, refer to the online help.

To create the static device view:

Step 1 Select Resource Manager Essentials > Administration > Device Views > Add Static Views.

The Add Static Views dialog box appears.

Step 2 Enter a view name, an optional description, and select a type of view (custom or private.) Only users with the system administrator role can create custom views.

Step 3 Select the view, from the Views column, that has the devices you want to add.

Step 4 Select the names of the devices you want, from the Device pane and move them into the Selected Devices pane.

Step 5 Click Finish.

The new view is created.

To add another static device view, repeat the procedure.

Changing Device Attributes (Credentials and Serial Numbers)

To make sure your devices have the correct device access, password information, and user information, you can change the device attributes. For Contract Connection to provide accurate contract status information, you must enter device serial numbers to the inventory entries of devices that have service contracts.

To check device attributes, select Resource Manager Essentials > Administration > Inventory > Check Device Attributes.

To edit device attributes:

Step 1 Select Resource Manager Essentials > Administration > Inventory > Change Device Attributes.

The Change Device Attributes dialog box appears.

Step 2 Select the device whose device information you want to edit, then click Next.

The Change Device Attributes dialog box displays the options.

Step 3 Select one or more options, then click Next.

A dialog box appears for each option you selected. The dialog box fields are blank; they do not display the current information.

Step 4 Edit dialog boxes as needed:

To retain the current value, leave the field blank.

To change a value, enter the new information in the field. If you are changing a password, you must enter the username.

To delete a value, click Delete next to the field. If you are deleting a password, you must also enter the username.

Note Verify your entries before you click Next in any dialog box. If you change device attributes, you cannot undo the change, except by reediting.

Step 5 After you complete editing a dialog box:

Click Finish to apply the changes and move to the next dialog box or to exit, if you are in the final dialog box.

Click Back to close the dialog box without changing any information.

Verifying Availability

If users begin experiencing connectivity problems trying to reach certain resources or services on the network, one of the first things you will want to check is whether or not any devices have gone down. If a device is unreachable, you will want to find out when it was last operational and if any abnormal reloads have occurred.

The Availability function within Essentials helps you track whether a device can be reached on your network.

To verify that Availability is working correctly, you must have a test device view with at least one device. You can use the view you created during Inventory setup. Use this test view to verify that Availability displays the devices in the Reachability Dashboard.

Step 1 Select Resource Manager Essentials > Administration > Availability > Change Polling Options.

The Select Polled Views dialog box appears.

Step 2 Select the test device view that you created from the All Views list, then click Add to add it to the Polled Views list.

This creates a view for Availability polling.

Note You must add views to the Polled Views list. Only polled views are monitored.

Step 3 Click Next.

The Change Polling Options dialog box appears.

Step 4 Select 5 Minutes from the Verify device reachability every drop-down list, then click Finish.

Step 5 Wait for at least 10 minutes to make sure Availability polls the devices in your test device view.

Step 6 Select Resource Manager Essentials > Availability > Reachability Dashboard.

The Reachability Dashboard appears.

Step 7 Click the view name.

The devices in your test device view should appear in the Availability Monitor.

Now that you have configured one Availability view and specified polling parameters, you can monitor devices and run reports. For details about using Availability, refer to the online help.

Setting Up Syslog Analysis

Syslog Analysis lets you centrally log and track messages generated by devices. You can use the logged error message data to analyze device and network performance. You can customize Syslog Analysis to produce the information and message reports that are important to your operation.

Since system message logging is not part of the Windows operating system, Essentials provides syslog message logging as a Windows service (Essentials syslog service).

The syslog service saves each system message to the default directory, C:\Programs Files\CSCOpx. Syslog Analysis reads the syslog.log file for messages, processes the messages, and writes them to the Essentials database. CGI scripts use the database information to generate system message reports.

See the online help for more information about Syslog Analysis.

Setting up Syslog Analysis involves:

Specifying Country Codes

Configuring Devices for Syslog Analysis

Verifying the Syslog Analyzer

Specifying Country Codes

You must update the country code entry in the file, Sa.properties with the appropriate country code to make sure the Syslog timestamp conversion works correctly. Sa.properties is located in the directory, install_dir/lib/classpath/com/cisco/nm/sysloga/sa, where install_dir is the directory in which CiscoWorks2000 is installed.

The country code is the 3-letter abbreviation specified as per the ISO_3166 document.

For a list of country codes, refer to the file, CountryCode.txt, located in the directory, install_dir/lib/classpath/com/cisco/nm/sysloga/CountryCode.txt.

Note You must restart Syslog Analyzer after you update the country code.

To terminate Syslog Analyzer, at the command prompt, enter: 

install_dir/bin/pdterm/Syslog Analyzer.

To start Syslog Analyzer, at the command prompt, enter: 

install_dir/bin/pdexec/Syslog Analyzer.

Configuring Devices for Syslog Analysis

Before you can use Syslog Analysis, you must configure your devices to forward messages to Essentials or to a system on which you have installed the distributed Syslog Analyzer collector. For more information about setting up devices for message logging, refer to the online help, the Cisco IOS software documentation on CCO (for Cisco IOS devices), and the appropriate reference guides.

Configuring Cisco IOS Devices

To configure Cisco IOS devices:

Step 1 Telnet to the device and log in.

The prompt changes to host>.

Step 2 Enter enable.

Step 3 Enter the enable password.

The prompt changes to host#.

Step 4 Enter configure terminal.

You are now in configuration mode, and the prompt changes to host(config)#.

Step 5 To make sure logging is enabled, enter logging on.

Step 6 To specify the server to receive the router syslog messages, enter logging 123.45.67.89 (where 123.45.67.89 is the IP address of the server).

Step 7 To limit the types of messages that can be logged to the server, set the appropriate logging trap level by entering logging trap informational.

Severity level informational means that all messages from alert messages to informational messages (from emergencies to notifications) will be logged to the server.

Step 8 Verify that Syslog is running:

a. From the CiscoWorks2000 desktop, select Server Configuration > Administration > Process Management > Process Status.

The Process Status dialog box appears.

b. Verify that the entry for Syslog Analyzer has the status, Running normally.

Step 9 Verify that the Syslog configuration file settings are correct. See the "Verifying the Settings in the Syslog Configuration File" section for instructions.

Configuring Catalyst Devices

To configure Catalyst devices:

Step 1 Telnet to the device and log in.

The prompt changes to host>.

Step 2 Enter enable and the enable password.

The prompt changes to host(enable)

Step 3 To make sure logging is enabled, enter set logging server enable.

Step 4 To specify the server to receive the Catalyst switch syslog messages, enter set logging server 123.45.67.89 (where 123.45.67.89 is the IP address of the server).

Step 5 Set the appropriate logging trap level by entering set logging all level 6 default.

Severity level 6 means all messages from levels 0-6 (from alerts to notifications) will be logged to the server.

Step 6 Verify that Syslog is running.

a. From the CiscoWorks2000 desktop, select Server Configuration > Process Management > Process Status.

The Process Status dialog box appears.

b. Verify that the entry for Syslog Analyzer has the status, Running normally.

Step 7 Verify that the Syslog configuration file settings are correct. see the "Verifying the Settings in the Syslog Configuration File" section for instructions.

Verifying the Settings in the Syslog Configuration File

To check the path and permissions of the file pointed to by local7.info in the syslog configuration file /etc/syslog.conf on the server:

Step 1 Make sure the facility.level definition is set to local7.info, and that the following line is present (note that there must be a tab between local7.info and the path/filename): 

local7.info     path/filename

where path/filename is the full path to a file.

Step 2 Make sure the syslog process (syslogd) can both read and write to the file.

Step 3 If you modified the /etc/syslog.conf file, you must restart the syslog process (syslogd). Enter the following command to stop and restart syslogd: 

/etc/init.d/syslog start and /etc/init.d/syslog stop

If the start and stop command does not work, enter: 

kill -HUP `cat /etc/syslog.pid`

Step 4 Make sure the Message Source in the CiscoWorks2000 Server is the same as the filename you specified in the syslog.conf file. You can check this by selecting Resource Manager Essentials > Administration > Syslog Analysis > Change Storage Operations.

Verifying the Syslog Analyzer

To verify that the Syslog Analyzer is processing messages from the network:

Step 1 Log in to a managed router that is configured to send Syslog messages to the server. You must have appropriate login privileges to make configuration changes.

Step 2 Make a nondestructive change to the router configuration. For example, to change the contents of the login banner enter: 

# enable

# configure terminal

The prompt changes to #>. 

#> banner motd /

This is a test /

#> end

Step 3 Wait approximately 2 minutes for the server to process the Syslog message

Step 4 Select Resource Manager Essentials > Syslog Analysis > Standard Reports.

The Standard Reports dialog box appears.

Step 5 Select the device for which you made a change. Click Help if needed.

Step 6 Click Next.

The Select Dates and Report Type dialog box appears.

Step 7 Select:

All Messages in the Report Type list.

Today from the Dates list.

Step 8 Click Finish.

The Syslog-Standard report appears.

Verify that the report contains the Syslog message that the configuration change generated .

Setting Up Software Management

Cisco is constantly improving the quality and functionality of device software. As a network administrator, you need to know what versions are currently running on your devices, and you must keep informed of new software versions available to identify when upgrades are needed. When software upgrades are required, you must plan for and manage the upgrade to minimize the disruption to the end users. The process of manually upgrading multiple devices on the network can be a very time-consuming and error-prone process.

Software Management application performs system software upgrades, boot loader upgrades, and software configuration operations on groups of routers and switches. For more information about setting up Software Management, see the online help.

Setting up Software Management involves the following:

Space Required for Downloaded Files

Setting Software Management Preferences

Adding Device Passwords to Inventory

Setting Up TFTP

Setting Up rcp

Allowing the User casuser to Use at and cron

Space Required for Downloaded Files

Software Management files downloaded to the server from the Cisco.com (CCO) or the product CD-ROM are stored in the /var directory or its subdirectories. Make sure there is enough space in the /var directory for all files that you plan to download.

Device software image files are up to 4 MB in size. To determine how much space you need, multiply the number of device software image files you plan to store by 4 MB. For example, if you plan to store 30 software image files, you need at least 120 MB in /var.

In addition, you need space for some smaller downloaded files and temporary files. To accommodate these needs, add at least 20% to the space needed for software image files for your final space calculation in the /var directory. Using the previous example, you would need a total of at least 144 MB of available space in /var.

Adding Device Passwords to Inventory

Before you can use Software Management to manage device software images, you must add the required device passwords to Inventory. To add device passwords to Inventory, see the "Changing Device Attributes (Credentials and Serial Numbers)" section or the online help.

Setting Software Management Preferences

Software Management has many preferences you can set to control how the application behaves. To set preferences:

Step 1 Select Resource Manager Essentials > Administration > Software Management > Edit Preferences.

The Edit Preferences dialog box appears.

Step 2 Change preferences as appropriate. For more information, refer to the online help.

Step 3 After you complete the changes:

Click Finish to save your changes.

Click Default to display the default configuration.

Setting Up TFTP

A file transfer server must be installed on your system. You must enable a Trivial File Transfer Protocol (TFTP) server because it is the default file transfer server type.

During Software Management installation, if the installation tool cannot find a TFTP server, it tries to add one. If the installation tool cannot find or create a TFTP server, install and enable the TFTP server and verify that a /tftpboot directory exists, as explained in the following sections.

Enabling the TFTP Daemon

If you are using standard Solaris software, you can add and configure the TFTP server (TFTPD).

Step 1 Log in as superuser.

Step 2 Using a text editor, edit the /etc/inetd.conf file.

Look in the file /etc/inetd.conf for the line that invokes TFTPD. If the line begins with a pound sign (#), remove the pound sign with your text editor. Depending on your system, the line that invokes the TFTP server might look similar to: 

tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot

Save the changes to the edited file and exit your text editor.

Step 3 At the UNIX prompt, enter the following command to display the process identification number for the inetd configuration: 

# /usr/bin/ps -ef | grep -v grep | grep inetd

The system response is similar to: 

root  119   1  0  12:56:14 ?           0:00 /usr/bin/inetd -s

The first number in the output (119) is the process identification number of the inetd configuration.

Step 4 To enable your system to read the edited /etc/inetd.conf file, enter: 

# kill -HUP 119

where 119 is the process identification number identified in Step 3.

Step 5 Verify that TFTP is enabled by entering either: 

# netstat -a 

or 

# grep tftp

which should return output similar to: 

*.tftp Idle

or enter: 

# /opt/CSCOpx/bin/mping -s tftp localhost_machine_name

which returns the number of modules sent and received, for example: 

sent:5 recvd:5 . ..

If the output shows that zero modules were received, TFTP is not enabled. Repeat these steps, beginning with Step 1, to make sure you have enabled TFTP.

Creating the /tftpboot Directory

Essentials uses the /tftpboot directory when transferring files between the Essentials server and network devices. The files are removed after the transfer is complete, but multiple jobs (for example, image distribution, image import, or config file scan) could be running at the same time.

Each of these jobs requires its own space. Software image sizes, for example, can be up to 9 MB. To ensure that jobs run successfully, make sure there is sufficient space available in the /tftpboot directory.

If the /tftpboot directory does not exist on your system, you must create it:

Step 1 Enter: 

# mkdir /tftpboot

Step 2 Make sure all users have read, write, and execute permissions to the /tftpboot directory by entering: 

# chmod 777 /tftpboot

The /tftpboot directory now exists and has the correct permissions.

Setting Up rcp

You can enable a remote copy (rcp) server on the server and select it as the active file transfer server. If you select rcp as the active server and then try to transfer files to a device that does not support rcp, Essentials uses TFTP to transfer the files.

Creating the rcp Remote User Account

To use rcp, you must create a user account on the system to act as the remote user to authenticate the rcp commands issued by devices. This user account must own an empty .rhosts file in its home directory to which the user casuser has write access.

You can choose the name of this user account because you can configure the Essentials server to use any user account. The default user account name is cwuser. The examples in this procedure use the default name cwuser. If you choose to use a different name, substitute that name for cwuser.

To create and configure the rcp remote user account, follow these steps while logged in as root:

Step 1 To add a user account named cwuser to the system, enter: 

# useradd -m -c "user account to authenticate remote copy operations" 
\ cwuser

Step 2 Navigate to the cwuser home directory.

Step 3 To create the .rhosts file, enter: 

# touch .rhosts

Step 4 To change the owner of the .rhosts file, enter: 

# chown cwuser:casusers .rhosts

Step 5 To change the permissions of the .rhosts file, enter: 

# chmod 0664 .rhosts

Step 6 If you did not use the default user name cwuser, use the user account that you created as the rcp remote user account.

a. Log on to the server as admin.

b. Select Resource Manager Essentials > Administration > System Configuration. The System Configuration dialog box appears.

c. Select the rcp tab.

d. Enter the name of the user account that you just created in the User Name field, then click Apply.

Enabling the rcp Daemon

To add and configure standard Solaris rcp server software:

Step 1 Log in as superuser.

Step 2 Using a text editor, edit the /etc/inetd.conf file.

Look in the file /etc/inetd.conf for the line that invokes rshd. If the line begins with a pound sign (#), remove the pound sign with a text editor. Depending on your system, the line that invokes the rshd server might look similar to: 

shell  stream  tcp   nowait  root   /usr/sbin/in.rshd   in.rshd

Save the changes to the edited file and exit the text editor.

Step 3 At the UNIX prompt, enter the following to display the process identification number for the inetd configuration: 

# /usr/bin/ps -ef | grep -v grep | grep inetd

The system response is similar to: 

root  119   1  0  12:56:14 ?           0:00 /usr/bin/inetd -s

The first number in the output (119) is the process identification number of the inetd configuration.

Step 4 To enable your system to read the edited /etc/inetd.conf file, enter: 

# kill -HUP 119

where 119 is the process identification number identified in Step 3.

Step 5 Verify that rshd is enabled by entering: 

# netstat -a | grep shell

which should return output similar to: 

*.shell    *.*     0 0 0 0 LISTEN

Selecting rcp as the Active File Transfer Method

By default, Essentials uses rcp with devices that support rcp. For devices that do not support rcp, Essentials uses TFTP to transfer files.

You can disable rcp if you do not want Essentials to use it with any devices.

Step 1 Select Resource Manager Essentials > Administration > Software Management > Edit Preferences.

Step 2 Select Use RCP for image transfer (when applicable).

Step 3 Click Finish.

Allowing the User casuser to Use at and cron

Software Management uses at and cron to schedule Software Management image transfers to devices. The process that performs the download is executed as casuser, so the user casuser must be allowed to use at and cron.

To allow the user casuser to use at:

If an at.deny file exists in the /usr/lib/cron directory, make sure casuser is not listed in it. If necessary, remove casuser from the at.deny file using a text editor.

If an at.allow file exists in the /usr/lib/cron directory, make sure casuser is listed in it. If necessary, add casuser to the at.allow file, using a text editor.

If neither an at.allow nor an at.deny file exist in the directory /usr/lib/cron, create an at.allow file and add casuser to it, using a text editor.

To allow the user casuser to use cron:

If a cron.deny file exists in the /usr/lib/cron directory, make sure casuser is not listed in it. If necessary, remove casuser from the cron.deny file, using a text editor.

If a cron.allow file exists in the /usr/lib/cron directory, make sure casuser is listed in it. If necessary, add casuser to the cron.allow file, using a text editor.

If neither a cron.allow nor a cron.deny file exists in the /usr/lib/cron directory, create a cron.allow file and add casuser to it, using a text editor.

Setting Up Configuration Management

One of the most difficult but most important things to manage on network devices is the device configuration. Often a change to the device configuration leads to network performance issues and faults. The device configuration is the key to how a device operates on the network and traffic is passed.

As the network administrator, you need to be able to control and track changes to device configurations in order to minimize errors and assist in troubleshooting problems. This can be very difficult if several people are making changes to the device configurations. It can also become very repetitive and time-consuming to have to make the same update to each individual device on the network. Configuration Management application can help simplify and automate these tasks.

Before Configuration Management can gather device configurations, you need to update the Essentials database with passwords (credentials) and modify device configurations.

Entering Device Credentials

Before the configuration archive can use Telnet to gather device configurations, enter the following device credentials:

Read and write community strings

Telnet passwords for login mode and enable mode

TACACS, Local, and rcp information for the devices

If a device is configured for TACACS authentication, add the TACACS username and password, not the Telnet passwords.

If a device is configured for local user authentication, add the local username and password.

If you already added devices or imported them into Inventory and did not specify this information, you can change the device attributes.

Refer to the "Changing Device Attributes (Credentials and Serial Numbers)" section or the Inventory online help for more information.

Modifying Device Configurations

You need to modify your device configurations so that Configuration Management can gather the configurations. After you perform the following procedures and your devices become managed, the configuration files are collected and stored in the configuration archive.

Make Sure Devices Are rcp-enabled

Make sure the devices are rcp-enabled by logging into each device and entering the following commands in the device configurations: 

# ip rcmd rcp-enable

# ip rcmd remote-host local_username 123.45.678.90 remote_username 
enable

where 123.45.678.90 is the IP address or hostname of the system on which Essentials is installed. The default remote_username and local_username are casuser.

Configure Devices for Syslog Analysis

Configure your devices for Syslog Analysis if you want the device configurations to be gathered and stored automatically in the configuration archive when syslog messages are received. See the "Setting Up Syslog Analysis" section or refer to the online help for more information.

Modifying Device Security

Configuration Management must be able to run certain commands on devices to archive their configurations. You must disable the security on devices that prevents Configuration Management from running the commands shown in Table 2-4.

Table 2-4 Required Configuration Management Commands  

Command Type
Command
Description

Catalyst commands

set len 0

Turns paging off for the Telnet session.

write term

Gets the running configuration.

FastSwitch command

show run

Gets the running configuration.

IOS commands

term len 0

Turns paging off for the Telnet session.

write term

Gets the running configuration.

show config

Gets the startup configuration.


Setting Up NetConfig

The NetConfig function provides wizard-based templates to simplify and reduce the time it takes to roll out global changes to network devices. These templates can be used to execute one or more configuration commands on multiple devices at the same time.

For example, if you want to change passwords on a regular basis to increase security on devices, you can use the appropriate password template to update passwords on all devices at once. A copy of all updated configurations will be stored in the configuration archive.

This section describes how to set up NetConfig. This involves:

Verifying Device Configurations

Verifying Device Credentials

Modifying Device Security

Verify Device Prompts

Verifying Device Configurations

NetConfig can configure only devices that have archived configurations. Use the Archive Status report to:

Verify that devices you want to configure have an archived configuration.

Troubleshoot the devices that do not have an archived configuration.

Step 1 Select Resource Manager Essentials > Administration > Configuration Management > Archive Status.

The Configuration Archive Status Summary dialog box appears.

Step 2 Click Update at the bottom of the dialog box to update the archive status.

Step 3 Click on a device status to view details:

Click Successful to display information on archived configurations. Click Close to close the window and return to the Configuration Archive Status Summary dialog box.

Click Failed to display information on configurations that could not be obtained. To update the archive for failed devices, click on one or more device names or click Select All, then click Update Archive. The Running Configuration Status report appears. Click Update Status to refresh the device status in the archive. Click Close to return to the Configuration Archive Status Summary dialog box.

Click Not Supported to display the devices not supported by the configuration archive. Click Close to return to the Configuration Archive Status Summary dialog box.

Click Partial Failure to display the Catalyst 5000 devices whose submodules were not pulled into the archive. Click Close to return to the Configuration Archive Status Summary dialog box.

For more information, refer to the Configuration Management online help.

Verifying Device Credentials

Verify that every device you want to configure using NetConfig has the correct device credentials entered in the Inventory application. NetConfig must have access to the correct credentials to make device configuration changes.

To verify device credentials, select Resource Manager Essentials > Inventory > Check Device Attributes. If any devices that you want to configure have incorrect credentials, see the "Changing Device Attributes (Credentials and Serial Numbers)" section or the online help.

Modifying Device Security

In addition to running the configuration commands that you assign to each job, NetConfig must be able to run certain commands on devices to configure them. You must disable the security on devices that prevents NetConfig from running the commands listed in Table 2-5.

Table 2-5 Required NetConfig Commands  

Command Type
Command
Description

Catalyst commands

set len 0

Turns paging off for the Telnet session

write term

Gets the running configuration

reload

Reloads or resets the device

Fast Switch commands

show run

Gets the running configuration

reload

Reloads or resets the device

IOS commands

term len 0

Turns paging off for the Telnet session

write term

Gets the running configuration

show config

Gets the startup configuration

reload

Reloads or resets the device

write mem

Writes the running configuration to the startup configuration

erase startup

Erases the startup configuration

config t

Enters config mode

exit

Exits config mode


Verify Device Prompts

NetConfig requires these CLI prompts:

For Cisco IOS devices, the login prompt must end with a greater-than symbol (>), and the enable prompt must end with a pound sign (#).

For Catalyst devices, the enable prompt must end with the following string: 

(enable)

These are the default prompts. If you have changed the defaults, make sure the prompts meet the requirements listed above.

Logging Out

To end your administrator tasks, you must log out of CiscoWorks2000.

Step 1 Close all secondary browser windows. You should have only one browser window opened, displaying the CiscoWorks2000 interface.

Step 2 Click Logout.

The Login Manager dialog box replaces the navigation tree.