Feedback
Table Of Contents
Preparing to Use Essentials Applications
Adding or Importing Inventory Data
Adding Device Information Manually
Changing Device Attributes (Credentials and Serial Numbers)
Setting Up and Verifying Availability
Configuring Devices for Syslog Analysis
Setting Up Software Management
Verifying Space Requirements for Downloaded Files
Setting Up File Transfer Servers
Setting Software Management Preferences
Setting Up Configuration Management
Modifying Device Configurations
Make Sure Devices Are rcp-enabled
Make Sure Devices Are SSH-enabled
Configure Devices for Syslog Analysis
Verifying Device Configurations
Verifying Device Credentials (Attributes)
Preparing to Use Essentials Applications
After installing and setting up Resource Manager Essentials (Essentials), you must configure the server for Essentials and configure Essentials applications for use.
This chapter assumes that you have performed the client setup tasks described in Installation and Setup Guide for Common Services on Windows.
This chapter consists of:
•
To access the server from a client system, enter any one of these URLs in your web browser:
•
•
•
Preparation Overview
Table 2-1 lists the prerequisite tasks for using Essentials applications. It contains references to more detailed information about each task.
Table 2-1 Preparing to Use Essentials Applications Task Overview
1.
Enter information about the proxy server, SNMP, SMTP, and rcp.
2.
Configure items on the devices that are to be monitored by Essentials.
3.
a.
•
•
b.
c.
If you do not have login privileges, go to Cisco.com, to obtain a login.
d.
"Changing Device Attributes (Credentials and Serial Numbers)" section.
e.
•
•
•
Inventory online help.
4.
a.
"Setting Up and Verifying Availability" section and "Creating a Device View" section.
Verify Availability
b.
5.
a.
b.
6.
a.
b.
c.
d.
If you do not have login privileges, go to Cisco.com, to obtain a login.
e.
•
•
•
•
•
Software Management online help.
7.
a.
b.
c.
d.
•
•
•
•
"Setting Up NetConfig" section and the NetConfig online help.
e.
•
•
•
•
NetConfig online help.
To access the server from a client system, enter any one of these URLs in your web browser:
•
http://server_name:1741•
https://server_name:1742where server_name is the hostname of the server on which you installed Essentials.
See User Guide for CiscoWorks Common Services for information about administrator logins.
Configuring the Server
You can configure system-wide information for Essentials applications using the System Configuration option. You should verify that the defaults are correct or enter corrections.
Step 1
The System Configuration dialog box appears (Figure 2-1).
Figure 2-1 System Configuration Dialog Box
Step 2
•
•
•
•
See Table 2-2 for descriptions of the information in each dialog box tab.
Step 3
Step 4
The dialog box is displayed until you select another option from the navigation tree.
Setting Device Credentials
Several important items must be configured correctly on every Cisco device that will be managed and monitored through Essentials.
Details about each application and the tasks involved in setting the credentials are available later in this document. For more details, see Table 2-1.
Table 2-3 lists all the applications and the device credentials required for proper functioning of the applications.
.
Table 2-3 Applications and the Device Credentials
NetConfig
Required
Required
Required
Not required1
NetShow
Required
Required
Required
Not required
Config Editor
Required
Required
Required
Not required2
ChangeAudit
Not required
Not required
Required
Not required
Configuration Management (Telnet)
Required
Required
Required
Not required
Configuration Management (TFTP) 3
Not required
Not required
Required
Required
Inventory
Not required
Not required
Required
Not required
SWIM
Required4
Required4
Required
Required
Syslog
Not required
Not required
Required
Not required
Availability
Required
Required
Required
Not required
1 After execution of a job, NetConfig provides an option to fetch the configuration using TFTP. SNMP Read/Write credentials are required in such cases.
2 After execution of a job, Config Editor provides an option to fetch the configuration using TFTP. SNMP Read/Write credentials are required in such cases.
3 The file vlan.dat can be fetched only if telnet password and enable password are supplied.
4 Required in case of few devices like PIX devices, Cisco 2950 series switches.
Setting Up Inventory
As a network administrator, you need to be able to quickly troubleshoot problems on the network, identify when network capacity is being reached, and provide information to management on the number and types of devices that are on the network.
If the network goes down, one of the first things you will need to know is what devices are running on the network. The Inventory application in Essentials caters to these requirements.
This section describes the tasks that you must perform to set up the Inventory application.
For detailed information see User Guide for Resource Manager Essentials 3.5.
Adding or Importing Inventory Data
You must have at least one managed device (a device whose inventory information is tracked by Essentials) to verify correct Essentials installation. To manage your network, you need to add the device information for all your managed devices.
To populate your network inventory:
•
•
–
–
–
–
The supported NMS software is described in the "Supported NMS Environments for Device Import" section.
Adding Device Information Manually
This section describes how to add devices one at a time and how to troubleshoot problems you might have using this method.
Step 1
The Add a Single Device dialog box appears.
Step 2
You must fill in the Device Name field with the device name or IP address. For Inventory, all other fields in this dialog box are optional. For other applications, you might need to fill in other fields. For more information, see the Inventory online help.
Step 3
The Enter Login Authentication Information dialog box appears.
You must fill in the Read Community String and Write Community String fields and verify the passwords. For Inventory, the other fields in this dialog box are optional. For other applications, you might need to fill in other fields. For more information, see the online help.
Step 4
The Enter Enable Authentication Information dialog box appears.
For Inventory, all fields are optional. For other applications, you might need to fill in fields. For more information, see the online help.
Step 5
The Single Device Add dialog box appears.
Step 6
The Add/Import Status Summary dialog box appears.
Step 7
The dialog box should contain:
Managed
0
Alias
0
Pending
1
Conflicting
0
Suspended
0
Not Responding
0
Device Attribute Errors
0
If the device responded quickly, the Managed row might already contain one device.
Step 8
If the pending count goes from 1 to 0 after you click Update and the Managed row has 1 device, Essentials was installed and configured correctly.
You might need to wait several minutes for the device to become managed. Click Update on the Add/Import Status Summary dialog box every minute or so to check current device status.
For additional information, see the online help.
If you added a device and the Add/Import Status Summary dialog box shows that the device status has not changed from Pending even after 15 minutes, check the status of all processes to make sure they are running normally.
•
•
Even if the DIServer process has the state Running Normally, it might be in an error state. You need to stop and restart it.
•
a.
b.
c.
•
a.
b.
c.
Step 9
The device status should change to Managed within a couple of minutes.
Importing Device Information
You can import devices either from a file or a network management system (NMS). The NMS can be either remote or local.
•
•
•
–
–
–
•
–
If you have difficulty importing device information:
•
•
For additional information, see the online help.
Creating a Device View
After you have added devices into the Essentials inventory database, you can define views to logically group devices into locations, types, or areas of responsibility. Device views allow you to quickly view reports on all devices of a certain type or with specific characteristics, such as all Catalyst® switches.
Three categories of device views are available in Essentials:
•
•
•
Two different types of views can be created within the Custom or Private categories (all system views are dynamic views):
•
If devices are added to the inventory with the same value, or an existing devices attribute is changed to the same value, as the value for the attribute that a dynamic view is based on, then they will be automatically added to the view.
An example of a dynamic view is all devices with Cisco IOS Version 12.0. Any devices that currently have this attribute would be included in the device view. All system views are dynamic.
•
To set up and verify the Essentials applications, you must create a static device view (a group of devices) that includes at least one device.
For additional information, refer to the online help.
To create a static device view:
Step 1
The Add Static Views dialog box appears.
Step 2
Step 3
Step 4
Step 5
Changing Device Attributes (Credentials and Serial Numbers)
To make sure your devices have the correct device access, password information, and user information, you can change the device attributes.
Contract Connection lets you verify which of your Cisco IOS® devices are covered by a service contract. Contract Connection uses Inventory Manager, Cisco.com and the Cisco internal contract tracking service, Contract Agent, to provide the status of your service coverage.
For Contract Connection to provide accurate contract status information, you must add device serial numbers to the entries of devices that have service contracts.
To check device attributes, select Resource Manager Essentials > Administration > Inventory > Check Device Attributes.
To edit device attributes:
Step 1
The Change Device Attributes dialog box appears.
Step 2
The Change Device Attributes dialog box displays the options.
Step 3
A dialog box appears for each option you selected. The dialog box fields are blank; they do not display current information.
Step 4
•
•
•
Note
Step 5
•
•
Setting Up and Verifying Availability
If users experience connectivity problems while trying to reach certain resources or services on the network, you should check is whether or not any devices have gone down. If a device is unreachable, you will want to find out when it was last operational and if any abnormal reloads have occurred.
Availability function within Essentials helps you track the reachability of devices on your network.
To verify that the Availability function is working correctly, you must have a test device view with at least one device. You can use the view you created during Inventory setup. Use this test device view to verify that the Availability function displays the devices in the view in the Reachability Dashboard.
Step 1
The Select Polled Views dialog box appears.
Step 2
Note
Step 3
The Change Polling Options dialog box appears
Step 4
Step 5
Step 6
The Reachability Dashboard appears.
Step 7
The devices in your test device view should appear in the Availability Monitor.
Now that you have configured one Availability view and specified polling parameters, you can monitor devices and run reports. For details about using Availability, refer to the online help.
Setting Up Syslog Analysis
Syslog Analysis lets you centrally log and track messages generated by devices. You can use the logged error message data to analyze device and network performance. You can customize Syslog Analysis to produce the information and message reports that are important to your operation.
Since system message logging is not part of the Windows operating system, Essentials provides syslog message logging as a Windows service (Essentials syslog service).
The syslog service saves each system message to the default directory, SystemDrive:\Programs Files\CSCOpx\log\syslog.log. Syslog Analysis reads the syslog.log file for messages, processes the messages, and writes them to the Essentials database. CGI scripts use the database information to generate system message reports.
Refer to the online help for more information about Syslog Analysis.
Setting up Syslog Analysis involves:
•
•
Specifying Country Codes
You must update the country code entry in the file, Sa.properties with the appropriate country code to make sure the Syslog timestamp conversion works correctly. Sa.properties is located in the directory, %NMSROOT%\lib\classpath\com\cisco\nm\sysloga\sa, where %NMSROOT% is the directory in which is installed.
The country code is the 3-letter abbreviation specified as per the ISO_3166 document.
For a list of country codes, see the file, CountryCode.txt, located in the directory, %NMSROOT%\lib\classpath\com\cisco\nm\sysloga\CountryCode.txt.
Note
To terminate Syslog Analyzer, at the command prompt, enter:
%NMSROOT%\bin\pdterm SyslogAnalyzerTo start Syslog Analyzer, at the command prompt, enter:
%NMSROOT%\bin\pdexec SyslogAnalyzerConfiguring Devices for Syslog Analysis
Before you can use Syslog Analysis, you must configure devices to forward messages to Essentials or a system on which you have installed the distributed Syslog Analyzer Collector. For more information about setting up devices for message logging, refer to the Syslog online help, the Cisco IOS Software Documentation on Cisco.com (for Cisco IOS devices), and the appropriate reference guide.
Configuring Cisco IOS Devices
To configure Cisco IOS devices:
Step 1
The prompt changes to host>.
Step 2
Step 3
The prompt changes to host#.
Step 4
You are now in configuration mode, and the prompt changes to host(config)#.
Step 5
Step 6
Step 7
Step 8
a.
b.
Configuring Catalyst Devices
To configure Catalyst devices:
Step 1
The prompt changes to host>.
Step 2
The prompt changes to host(enable).
Step 3
Step 4
Step 5
Severity level 6 means all messages from level 0-6 (from alerts to informationals) will be logged to the server.
Step 6
Step 7
Verifying the Syslog Analyzer
To verify that the Syslog Analyzer is processing syslog messages from the network:
Step 1
Step 2
# enable# configure terminalThe prompt changes to #>.
#> banner motd /This is a test /#> endStep 3
Step 4
The Standard Reports dialog box appears.
Step 5
Step 6
The Select Dates and Report Type dialog box appears.
Step 7
•
•
Step 8
The Syslog-Standard report appears.
Step 9
Setting Up Software Management
Cisco is constantly improving the quality and functionality of device software. As a network administrator, you need to know what versions are currently running on your devices, and you must keep informed of new software versions available to identify when upgrades are needed.
When software upgrades are required, you must plan for and manage the upgrade to minimize the disruption to the end users. The process of manually upgrading multiple devices on the network can be a very time-consuming and error-prone process.
Software Management application performs system software upgrades, boot loader upgrades, and software configuration operations on groups of routers and switches. For more information about setting up Software Management, refer to the online help.
Setting up Software Management involves the following:
•
•
•
Verifying Space Requirements for Downloaded Files
Before you can use Software Management, you must have sufficient space to store the software image files. You should have 2 to 20 MB of space for each image.
Setting Up File Transfer Servers
CiscoWorks Common Services installs two file-transfer servers that the Software Management application uses to transfer software files:
•
During Software Management installation, the tftpboot directory is created under the directory in which Essentials is installed (the default is SystemDrive:\Program Files\CSCOpx).
This directory saves and stores files that are loaded to a device when you use Essentials applications supported by TFTP. All users have read, write, and execute privileges to the tftpboot directory.
•
Essentials uses rcp with devices that support rcp. For other devices, Essentials uses TFTP.
You can enable rcp if you want Essentials to use it with any devices.
Step 1
The Edit Preferences dialog box appears.
Step 2
Step 3
Adding Device Credentials
Before you can use Software Management to manage device software images, you must add the required device passwords to Inventory.
Read and write community strings are required and the Telnet password is recommended. For information, see the "Changing Device Attributes (Credentials and Serial Numbers)" section or the online help.
Configuring the SMTP Server
Software Management uses an SMTP server on your network to deliver reports. The default location is localhost, which means that Software Management uses the SMTP server on the server.
If you want Software Management to use an SMTP server on a different system:
Step 1
The System Configuration dialog box appears.
Step 2
Step 3
Step 4
Setting Software Management Preferences
Software Management has many preferences that you can set to control how the application behaves.
To set preferences:
Step 1
The Edit Preferences dialog box appears.
Step 2
Step 3
•
•
Setting Up Configuration Management
As the network administrator, you need to be able to control and track changes to device configurations in order to minimize errors and assist in troubleshooting problems. This can be very difficult if several people are making changes to the device configurations. It can also become very repetitive and time-consuming to have to make the same update to each individual device on the network. Configuration Management application can help simplify and automate these tasks.
Before Configuration Management can gather device configurations, you need to update the Essentials database with passwords, modify device configurations, and modify device security. You might also need to integrate Netsys and set up NetConfig.
Entering Device Credentials
Before the configuration archive can gather device configurations, enter the following device credentials:
•
•
For the configuration archive to use Telnet to gather configuration from devices, you must enter the correct credentials.
•
–
–
–
If you already added or imported devices into Inventory and did not specify this information, you can change the device attributes. For more information, see the "Changing Device Attributes (Credentials and Serial Numbers)" section, or the Inventory online help.
Modifying Device Configurations
You need to modify your device configurations to enable Configuration Management to gather the configurations. After your devices become managed, the configuration files are collected and stored in the configuration archive.
Make Sure Devices Are rcp-enabled
To make sure the devices are rcp-enabled, log in to each device and enter these commands in the device configurations:
# ip rcmd rcp-enable# ip rcmd remote-host remote_username IP_address local_username enablewhere IP_address is the IP address of the system on which Essentials is installed. (Alternatively, you can enter the hostname.) The default remote_username and local_username are casuser.
Make Sure Devices Are SSH-enabled
Make sure the devices are SSH-enabled by logging into each device and entering the commands for the following kinds of devices:
•
For Catalyst Switches Running CatOS
To enable SSH on Catalyst switches do the following:
Step 1
sec-cat6000> (enable) set crypto key rsa 1024A message similar to the following is displayed:
Generating RSA keys..... [OK]Step 2
sec-cat6000> (enable) ssh_key_process: host/server key size: 1024/768Step 3
sec-cat6000> (enable) show crypto keyA message similar to the following is displayed:
RSA keys were generated at: Mon Jul 23 2001, 15:03:30 1024 65537 15144146953605773328536717047857098506066347687468697169639403524406206785753387015 508885256996914783305378400669569876102078109594986481799653300180108447858634 727730676971852564183862430018810088305612411373816928200786743760582755731334 485293321996682019301329470978268059063378215479385405498193061651Step 4
For example, to specify that the IP addresses 172.18.124.0 and 255.255.255.0 be allowed to use SSH, enter:
sec-cat6000> set ip permit 172.18.124.0 255.255.255.0
Note
WARNING!! IP permit list has no entries!
A message similar to the following is displayed:172.18.124.0 with mask 255.255.255.0 added to IP permit list.Step 5
sec-cat6000> (enable) set ip permit enable sshA message similar to the following is displayed:
SSH permit list enabled.Step 6
sec-cat6000> (enable) sho ip permitA message similar to the following is displayed:
Telnet permit list disabled.Ssh permit list enabled.Snmp permit list disabled.Permit List Mask Access-Type---------------- ---------------- -------------172.18.124.0 255.255.255.0 telnet ssh snmpDenied IP Address Last Accessed Time Type----------------- ------------------ ------
For Cisco IOS Routers
To enable SSH on Cisco IOS Routers do the following:
For example, if you want router1 to act as an SSH client to the another router, you can add SSH to a second router, say router2. The routers will then be in a client-server arrangement, with router1 acting as the server and router2 acting as the client. The IOS SSH client configuration on router2 is the same as required for the SSH server configuration on router1.
Step 1
hostname router1A message similar to the following is displayed:
username username password 0 passwordStep 2
ip domain-name domain-nameStep 3
cry key generate rsaA message similar to the following is displayed:
ip ssh time-out 60ip ssh authentication-retries 2Step 4
Note
line vty 0 4transport input SSH
Configure Devices for Syslog Analysis
Configure your devices for Syslog Analysis if you want the device configurations to be gathered and stored automatically in the configuration archive when syslog messages are received. For more information, see the "Setting Up Syslog Analysis" section or refer to the online help.
Modifying Device Security
To archive device configurations, Configuration Management must be able to run certain commands on the devices. You must disable the security on the devices that prevents Configuration Management from running the commands in Table 2-4.
Setting Up NetConfig
The NetConfig function provides wizard-based templates to simplify and reduce the time it takes to roll out global changes to network devices. These templates can be used to execute one or more configuration commands on multiple devices at the same time.
For example, if you want to change passwords on a regular basis to increase security on devices, you can use the appropriate password template to update passwords on all devices at once. A copy of all updated configurations will be stored in the configuration archive.
This section describes how to set up NetConfig. This involves:
•
•
Verifying Device Configurations
NetConfig can configure only devices that have archived configurations. Use the Archive Status report to:
•
•
To verify configuration archive status:
Step 1
Step 2
Step 3
•
•
a.
b.
The Running Configuration Status report appears.
c.
d.
•
•
Verifying Device Credentials (Attributes)
Make sure every device you want to configure using NetConfig has correct device credentials in the Inventory application. NetConfig must have access to the correct credentials to make device configuration changes.
To verify device credentials, select Resource Manager Essentials > Administration > Inventory > Check Device Attributes. If any devices that you want to configure with NetConfig have incorrect credentials, see the "Changing Device Attributes (Credentials and Serial Numbers)" section or the online help.
Modifying Device Security
In addition to running the configuration commands that you assign to each job, NetConfig must run certain commands on devices to configure them. You must disable the security on these devices that prevents NetConfig from running the commands in Table 2-5.
NetConfig requires particular CLI prompt formats:
If the telnet transport mechanism is used, the following prompts are applicable.
•
–
–
•
–
–
If the secure shell (SSH) transport mechanism is used, the following prompts are applicable. There is no support for FastSwitch devices in the SSH transport mechanism.
•
–
–
•
–
–
Default prompts use this formatting. If you have changed your defaults, verify that the prompts meet these requirements, and change them if they do not.
Configuration Job Setup
Configuration Job Setup window allows you to set up these:
•
•
Transport Protocol Order for NetConfig, NetShow and Config Editor Jobs
You can set the protocol order for NetConfig, Config Editor and NetShow jobs to download configurations and for NetConfig and Config Editor to fetch configurations. This setup provides the flexibility of using your preferred protocol order for fetching and downloading the configuration.
Step 1
The Configuration Job Setup dialog box appears.
Step 2
Step 3
Step 4
A confirmation message appears.
Step 5
For more information, refer to the Configuration Job Setup online help.
Password Policy for NetConfig, NetShow and Config Editor Jobs
You have the option of entering your user name and password for job execution. If you enter your username and password, Essentials ignores the username and password in the database and uses the newly entered username and password, instead. If you do not enter your username and password, Essentials uses the user name and password in its database.
This option of entering the username and password for job execution is helpful in high security installations where device passwords are changed at frequent intervals. For example, the passwords may be changed every 60-90 seconds.
Step 1
The Configuration Job Setup dialog box appears.
Step 2
Step 3
Step 4
A confirmation message appears.
Step 5
For more information, see the Configuration Job Setup online help.
