-
User Guide for CiscoWorks Resource Manager Essentials 4.3 (with LMS 3.2)
-
Preface
-
Open Source License Acknowledgements
-
Chapter 1: Overview of RME
-
Chapter 2: What's New in this Release
-
Chapter 3: Adding and Troubleshooting Devices Using Device Management
-
Chapter 4: Managing RME Device, Port and Module Groups Using Group Administration
-
Chapter 5: Understanding RME Device State Transition
-
Chapter 6: Managing Inventory Collection and Polling Using Inventory
-
Chapter 7: Generating Reports
-
Chapter 8: Archiving Configurations and Managing Them Using Archive Management
-
Chapter 9: Using Baseline Templates to Check Configuration Compliance
-
Chapter 10: Making and Deploying Configuration Changes Using NetConfig
-
Chapter 11: Editing and Deploying Configurations Using Config Editor
-
Chapter 12: Using NetShow Commands
-
Chapter 13: Managing Software Images Using Software Management
-
Chapter 14: Tracking Network Changes Using Change Audit
-
Chapter 15: Enabling and Tracking Syslogs Using Syslog Analyzer and Collector
-
Chapter 16: Tracking RME Server Changes Using Audit Trail
-
Chapter 17: Checking Bug Status Using Bug Toolkit
-
Chapter 18: Working With SmartCase
-
Chapter 19: Working With Contract Connection
-
Chapter 20: CLI Utilities
-
Chapter 21: Enabling Approval and Approving Jobs Using Job Approval
-
Chapter 22: Setting System-wide Parameters Using System Preferences
-
Chapter 23: Usage of PSIRT End of Sale and End of Life Data to Generate Reports
-
Chapter 24: Virtual Switching System Support
-
Chapter 25: Usage of Embedded Event Manager in RME
-
Chapter 26: Usage of GOLD in RME
-
Chapter 27: Usage of Cisco Smart Call Home in RME
-
Appendix A : Troubleshooting and FAQ
-
Appendix B : Understanding Syslog Formats
-
Appendix C : RME Command Reference
-
Appendix D : Managing Devices When RME Server is Within a NAT Boundary
-
Index
-
Table Of Contents
Archiving Configurations and Managing Them Using Archive Management
Performing Archive Management Tasks
Performing Archive Management Administrative Tasks
Performing Configuration Management Administrative Tasks
Preparing to Use the Archive Management
Modifying Device Configurations
Configuring Devices to Send Syslogs
Content Networking—Content Service Switch Commands
Content Networking—Content Engine Commands
Cisco Interfaces and Modules—Network Analysis Modules
Using Job Approval for Archive Management
Configuring Transport Protocols
Requirements to Use the Supported Protocols
Supported Protocols for Configuration Management Applications
Configuring Default Job Policies
Defining the Default Job Policies
Moving the Configuration Archive Directory
Enabling and Disabling the Shadow Directory
Understanding Configuration Retrieval and Archival
Schedule Periodic Configuration File Archival
Schedule Periodic Configuration Polling
Manual Updates (Sync Archive function)
Timestamps of Configuration Files
How Running Configuration is Archived
Defining the Configuration Collection Settings
Purging Configurations from the Configuration Archive
Checking Configuration Archival Status
Configuration Archival Reports
Partially Successful Devices Report
Using the Config Fetch Protocol Usage Report
Generating an Out-of-Sync Report
Using the Configuration Version Tree
Understanding the Config Viewer Window
Viewing the Configuration Version Summary
Performing a Configuration Quick Deploy
Editing a Labeled Configuration
Viewing the Labeled Configuration
Deleting the Labeled Configuration
Device Configuration Quick View Report
Comparing Startup vs. Running configurations
Comparing Running vs. Latest archived configurations
Comparing two configuration versions of the same device
Compare two configuration versions of different devices
Compare base config vs. Latest configuration version of multiple devices
Understanding the Config Diff Viewer Window
Using Archive Management Job Browser
Viewing the Archive Management Job Details
Archiving Configurations and Managing Them Using Archive Management
The Archive Management application maintains an active archive of the configuration of devices managed by RME. It enables you to perform the following tasks:
•
Fetch, archive, and deploy device configurations.
•
•
You can also perform some of the Archive Management tasks using command line utility cwcli config.
You can also export the configuration data using the cwcli export config command.
See CLI Utilities for further details on cwcli config and cwcli export config commands.
This chapter gives information on performing:
•
•
•
Performing Archive Management Tasks
Archive Management allows you to:
•
In addition to scheduling configuration archive update, you can also update the archive manually. This ensures that you have the latest configurations.
See Scheduling Sync Archive Job and Defining the Configuration Collection Settings for further details.
•
You can check the overall status of the configuration archive (For example, Successful, Partially Successful, etc.).
See Checking Configuration Archival Status for further details.
•
You can view the protocol usage details for successful configuration fetches for devices. You can also change the transport protocol order after analyzing the protocol usage trends.
See Using the Config Fetch Protocol Usage Report for more details.
•
You can list the devices for which running configurations are out-of-sync- with the startup configuration.
See Generating an Out-of-Sync Report and Scheduling Sync on Device Job for further details.
•
You can view all configuration versions of selected devices in the form of a graphical display.
See Using the Configuration Version Tree for further details.
•
You can view the latest three archived configurations for selected devices. It also has a link to view a particular configuration running on the device and to generate differences between versions in the archive.
See Viewing the Configuration Version Summary for further details.
•
You can search the archive for configuration containing text patterns for selected devices.
See Using Search Archive for further details.
•
You can create and run custom queries that generate reports. These reports display device configuration files from the archive for the devices you specify. You can use custom queries while searching archives.
•
You can compare the following:
–
–
–
–
–
See Comparing Configuration for further details.
•
You can create an immediate job to deploy the version of configuration that you are viewing on the device. You can deploy the configuration either in the Overwrite or Merge mode. You can also use job-based password.
See Configuration Quick Deploy for further details.
•
You can see the status of your Archive Management jobs.
See Using Archive Management Job Browser for further details.
•
You can select configuration files from different managed devices and then group and label them.
See Configuring Labels for further details.
•
You can set the debug mode for Archive Management application in the Log Level Settings dialog box (Resource Manager Essentials > Admin > System Preferences > Loglevel Settings).
See Application Log Level Settings for further details.
•
–
–
–
See RME Device Center for further details.
Performing Archive Management Administrative Tasks
The administrative tasks for Archive Management are:
•
You can enable or disable the configuration collection and polling tasks. You can also schedule a periodic job for configuration collection and polling.
See Defining the Configuration Collection Settings for further details.
•
You can move the configuration archive directory to a new location.
•
You can enable or disable the use of the Shadow directory.
The configuration archive Shadow directory is an image of the most recent configurations gathered by the configuration archive. You can use the shadow directory as an alternative method to get the latest configuration information programmatically, using scripts or other means.
•
You can list the commands that have to be excluded while comparing configuration.
•
You can enable or disable the purge task and also modify the schedule. This frees disk space and maintains your archive at a manageable size.
You need to set up your devices for the configuration archive. See Preparing to Use the Archive Management.
Performing Configuration Management Administrative Tasks
The administrative tasks for configuration Management (applicable to Archive Management, Config Editor, cwcli config, and NetConfig) are:
•
You can set the transport protocol order for Archive Mgmt, NetConfig, and Config Editor jobs.
•
You can enable the job password policy for Archive Mgmt, NetConfig, Config Editor, and cwcli config. You can also configure the default job policies if the job fails.
For the new features in this release, see What's New in this Release.
Preparing to Use the Archive Management
Before you start using the Archive Management, you must:
•
•
•
Entering Device Credentials
Enter the following device credentials in the Device and Credentials window (Common Services > Device and Credentials > Device Management):
•
•
•
If you have enabled the Enable Job Password option in the Config Job Policy dialog box ((Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) when you scheduled the Config jobs, you are prompted for the following device credentials:
•
•
•
The supported Device authentication prompts are:
•
"Username:", "Username: "
"Password:", "Password: "
•
"username: ", "Username: "
"password: ", "Password: "
•
"login: "
"Password: " "password: "
•
"username: ", "Username: "
"passwd: ", "password: ", "Password: "
•
"Username: ", "username: ", "login: ","Username:" , "username:" , "login:"
"Password: ", "password: ", "passwd: ","Password:" , "password:" , "passwd:"
•
"Username: " ,"login: "
"Password: "
•
"Username:", "Username: "
"Password:", "Password: "
If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.
Modifying Device Configurations
To enable the configuration archive to gather the configurations, modify the device configurations for the following:
•
Enabling rcp
To enable the configuration archive to gather the configurations using the rcp protocol, modify your device configurations.
Make sure the devices are rcp-enabled by entering the following commands in the device configurations:
# ip rcmd rcp-enable
# ip rcmd remote-host local_username {ip-address | host} remote_username [enable]Where ip_address | host is the IP address/hostname of the machine where RME is installed. Alternatively, you can enter the hostname instead of the IP address. The default remote_username and local_username are cwuser.
Disable the DNS security check for rcp if your RME server and devices are not registered with the DNS server. To do this, use the command,
no ip rcmd domain-lookup for rcp to fetch the device configuration.Enabling scp
To enable the configuration archive to gather the configurations using the scp protocol, modify your device configurations.
To configure local User name:
aaa new-model
aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local
username admin privilege 15 password 0 system
ip ssh authentication-retries 4
ip scp server enable
To configure TACACS User name:
aaa new-model
aaa authentication login default group tacacs+
aaa authentication enable default none
aaa authorization exec default group tacacs+
ip ssh authentication-retries 4
ip scp server enable
User on the TACACS Server should be configured with priv level 15:
user = admin {
default service = permit
login = cleartext "system"
service = exec {
priv-lvl = 15
}
}Enabling https
To enable the configuration archive to gather the configurations using https protocol you must modify your device configurations.
To modify the device configuration, follow the procedure as described in this URL:
http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_41/configuration/guide/mgtproto.html
Configuring Devices to Send Syslogs
Configure your devices for Syslog Analysis if you want the device configurations to be gathered and stored automatically in the configuration archive when Syslog messages are received.
After you perform these tasks and the devices become managed, the configuration files are collected and stored in the configuration archive.
Modifying Device Security
Configuration Management must be able to run certain commands on devices to archive their configurations.
You must have the required permissions to run these Configuration Management commands:
•
•
•
For example, you can use the RME server to access the devices using Telnet or SSH to archive their configurations. Ensure that the user credentials provided by you in DCR has the required permissions to access the devices and execute the above mentioned configuration CLI commands on the devices to fetch the configurations.
These configuration information fetched from the devices by the RME server is stored in the RME database.
Router Commands
terminal length 0
Sets the number of lines on the current terminal screen for the current session
terminal width 0
Sets the number of character columns on the terminal screen for the current line for a session
show privilege
Displays your current level of privilege
Show running
Gets running configuration.
Show startup
Gets startup configuration
Show running-brief1
Gets the running configuration in brief by excluding the encryption keys.
1 This is applicable for the IOS release 12.3(7)T release or later.
The commands in the above tables also apply to the following device types:
•
•
•
•
•
•
•
Switches Commands
The switches commands are:
Content Networking—Content Service Switch Commands
The Content Service Switch commands are:
Content Networking—Content Engine Commands
The Content Engine commands are:
terminal length 0
Sets the number of lines on the current terminal screen for the current session
show run
Gets running configuration.
show config
Gets startup configuration.
Cisco Interfaces and Modules—Network Analysis Modules
The Network Analysis Modules commands are:
Security and VPN—PIX Devices
The PIX devices commands are:
Using Job Approval for Archive Management
You can enable Job Approval for Archive Management tasks, (Resource Manager Essentials > Admin > Approval > Approval Policies). This means all jobs require approval before they can run.
Only users with Approver permissions can approve Archive Management jobs. Jobs must be approved before they can run if Job Approval is enabled on the system.
For more details on enabling job approval see Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.
The following Archive Management tasks require approval if you have enabled Job Approval:
Out-of-Sync (Config Mgmt > Archive Mgmt > Out-of-Sync Summary)
Sync Archive jobs do not have Job Approval enabled because this job only archives the configuration from the device and there is no change to the device configuration.
If you have enabled Approval for Archive Management tasks, these options appear in the Job Schedule and Options dialog box:
•
•
Configuring Transport Protocols
You can set the protocol order for Configuration Management applications such as Archive Management, Config Editor, and NetConfig jobs to download configurations and to fetch configurations. For NetShow, you can set the protocol order to download configurations.
This setup allows you to use your preferred protocol order for fetching and downloading the configuration.
The available protocols are:
•
•
•
•
•
This section also explains:
•
Requirements to Use the Supported Protocols
If the following requirements are not met, an error message appears.
Telnet
Know Telnet passwords for login and Enable modes for device. If device is configured for TACACS authentication, enter Primary Username and Primary Password.
TFTP
Know read and write community strings for device.
rcp
Configure devices to support incoming rcp requests. To make sure the device is rcp-enabled, enter the following commands in the device configuration:
# ip rcmd rcp-enable
# ip rcmd remote-host local_username {ip-address | host} remote_username [enable]
where ip_address | host is the IP address/hostname of the machine where RME is installed. The default remote_username and local_username are cwuser. For example, you can enter:
# ip rcmd remote-host cwuser 123.45.678.90 cwuser enable
Disable the DNS security check for rcp if your RME server and devices are not registered with the DNS server. To do this, use the command,
no ip rcmd domain-lookup for rcp to fetch the device configuration.SSH
Know the username and password for the device. If device is configured for TACACS authentication, enter the Primary Username and Primary Password.
Know password for Enable modes.
When you select the SSH protocol for the RME applications (Configuration Archive, NetConfig, ConfigEditor, and NetShow) the underlying transport mechanism checks whether the device is running SSHv2.
If so, it tries to connect to the device using SSHv2.
If the device does not run SSHv2 and runs only SSHv1 then it connects to the device through SSHv1.
If the device runs both SSHv2 and SSHv1, then it connects to the device using SSHv2.
If a problem occurs while connecting to the device using SSHv2, then it does not fall back to SSHv1 for the device that is being accessed.
Some useful URLs on configuring SSHv2 are:
•
http://www.cisco.com/warp/public/707/ssh.shtml
•
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a0080094314.shtml
•
•
–
_list.html–
SCP
Know the SSH username and password for the device.
To make sure the device is scp-enabled, enter the following commands in the device configuration.
To configure local User name:
aaa new-model
aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local
username admin privilege 15 password 0 system
ip ssh authentication-retries 4
ip scp server enable
To configure TACACS User name:
aaa new-model
aaa authentication login default group tacacs+
aaa authentication enable default none
aaa authorization exec default group tacacs+
ip ssh authentication-retries 4
ip scp server enable
User on the TACACS Server should be configured with privilege level 15:
user = admin {
default service = permit
login = cleartext "system"
service = exec {
priv-lvl = 15
}
}HTTPS
Know the username and password for the device. Enter the Primary Username and Password in the Device and Credential Repository (Common Services > Device and Credentials > Device Management).
To enable the configuration archive to gather the configurations using https protocol you must modify your device configurations:
This is used for VPN 3000 device.
The configuration archive uses Telnet/SSH to gather the module configurations of Catalyst 5000 family devices and vlan.dat file in case of Catalyst IOS switches. Make sure you enter the correct Telnet and Enable passwords.
If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services 3.2.
For module configs, the passwords on the module must be same as the password on the supervisor.
This section also explains Supported Protocols for Configuration Management Applications.
Supported Protocols for Configuration Management Applications
For supported protocol at individual device-level, you can either see:
•
or
•
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_device_support_tables_list.html
Defining the Protocol Order
The following is the workflow for defining the protocol order for Configuration Management applications to perform either Config fetch or Config update:
Note
Step 1
The Config Transport Settings dialog box appears.
Step 2
Step 3
If you want to remove a protocol or change the protocol order, you must remove the protocol using the Remove button and add the protocol, again.
The list of protocols that you have selected appears in the Selected Protocol Order pane.
When a configuration fetch or update operation fails, an error message appears. This message displays details about the supported protocol for the particular device and it modules, if there are any.
For the list of supported protocols, see Supported Device Table for Configuration Management application on Cisco.com.
Step 4
A message appears,
New settings saved successfully.Step 5
Configuring Default Job Policies
Each Configuration Management job has properties that define how the job will run. You can configure a default policy for these properties that applies to all future jobs. You can also specify for each property whether users can change the default when creating a job.
You have the option of entering a username and password for running a specific Archive Management, Config Editor, NetConfig, or NetShow job.
If you enter a username and password, Archive Management, Config Editor, or NetConfig applications use this username and password to connect to the device, instead of taking these credentials from the Device and Credential Repository.
While the job is running, the password is retrieved from the Device and Credential Repository for each of the selected devices.
For example, if the TACACS server is managing the devices, the passwords in the TACACS server and the passwords in the Device and Credential Repository should be synchronized (with every password change).
This option of entering the username and password for running a job is useful in high security installations where device passwords are changed at frequent intervals. In such instances, the passwords may be changed every 60-90 seconds.
To use this option of entering a username and password for running a specific job, you should enable the job password policy for Archive Management, Config Editor, NetConfig, or NetShow jobs.
You can do this by using the Enable Job Password option in the Config Job Policies window.
If you have enabled Enable Job Password option, you can enter these credentials while scheduling a job:
•
•
•
This section also explains about Defining the Default Job Policies.
Defining the Default Job Policies
The following is the workflow for defining the default job policies for Configuration Management applications:
Note
Step 1
The Job Policy dialog box appears.
Step 2
Step 3
Failure Policy
This appears only if you select either Config Editor or NetConfig application.
Select what the job should do if it fails to run on the device. You can stop or continue the job, and roll back configuration changes to the failed device or to all devices configured by the job.
You can select one of the options:
•
•
•
•
•
You can create rollback commands for a job in the following ways:
•
Rollback commands are created automatically by the template.
The Banner system-defined template does not support rollback. You cannot create rollback commands using this template.
•
Allows you to enter rollback commands into the template.
When you use the Adhoc and Telnet Password templates, you cannot create rollback commands.
E-mail Notification
This appears for all the applications in the dropdown list.
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
Notification is sent when the job is started and completed.
Notification E-mails include a URL to enter to display job details. If you are not logged in, do so using log in panel.
Sync Archive before Job Execution
This appears if you select either Config Editor or NetConfig application.
The job archives the running configuration before making configuration changes.
None.
Copy Running Config to Startup
This appears if you select either Config Editor or NetConfig application.
The job writes the running configuration to the startup configuration on each device after configuration changes are made successfully.
Does not apply to Catalyst OS devices.
Enable Job Password
This appears for all the applications in the dropdown list.
The job Password Policy is enabled for all the jobs.
The Archive Management, Config Editor, and NetConfig jobs use this username and password to connect to the device, instead of taking these credentials from the Device and Credential Repository.
These device credentials are entered while scheduling a job.
None.
You can use this option even if you have configured only the Telnet password (without configuring username) on your device.
You must enter a string in the Login Username field. Do not leave the Login Username field blank.
The Login Username string will be ignored while connecting to the device since the device is configured only for the Telnet password.
See Usage Scenarios When Job Password is Configured on Devices.
Fail on Mismatch of Config Versions
This appears if you select either Config Editor or NetConfig application.
The job is considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.
None.
Delete Config after download
This appears if you select Config Editor.
The configuration file is deleted after the download.
Execution Policy
This appears for all the applications in the dropdown list.
Allows you to configure the job to run on multiple devices at the same time (Parallel execution) or in sequence (Sequential Execution).
If you select sequential execution, you can select Device Order in the Job Schedule and Options dialog box to set the order of the device.
1.
2.
•
Or
•
You cannot alter the device sequence for Archive Management application jobs such as Sync Archive, Check Compliance and Deploy, etc.
Sequential Execution is not supported for the following jobs:
•
•
•
User Configurable
Select this check box next to any field to make corresponding policy user configurable.
You can configure a user-configurable policy while defining job. You cannot modify non-user-configurable policies.
Step 4
A message appears,
Policy values changed successfully.Step 5
Usage Scenarios When Job Password is Configured on Devices
The following tables list the usage scenarios and their implications for Configuration application when job password is configured on devices.
•
Setting Up Archive Management
You can move the directory for archiving the RME device configuration and enable and disable the usage of Shadow directory. You can also list the commands that need to be excluded while comparing configuration
To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.
This section contains:
•
•
Moving the Configuration Archive Directory
You can move the directory where the configuration of the devices can be archived on the RME server.
The default Configuration Archive directory is:
On RME Solaris server,
/var/adm/CSCOpx/files/rme/dcmaOn RME Windows server,
NMSROOT\files\rme\dcma
Where NMSROOT is the CiscoWorks installed directory.
The new archive directory location should have the permission for casuser:casusers in Solaris and casuser should have Full Control in Windows. The new archive directory location should not be the root of any drive (F:\) and must be a subdirectory (F:\RMEarchives).
Note
The following is the workflow for moving the configuration archive location:
Step 1
a.
The Process Management dialog box appears.
b.
c.
Step 2
The Archive Settings dialog box appears.
Step 3
Step 4
A message appears confirming the changes.
Step 5
a.
The Process Management dialog box appears.
b.
c.
Enabling and Disabling the Shadow Directory
The configuration archive Shadow directory is an image of the most recent configurations gathered by the configuration archive.
The Shadow directory contains subdirectories that represent each device class and the latest configurations supported by the configuration archive.
Each file name is DisplayName.cfg, where DisplayName is the device's Display Name as defined in the Device and Credential Repository. Each time the archive is updated, the Shadow directory is updated with the corresponding information.
The Shadow directory can be used as an alternative method to derive the latest configuration information programmatically by using scripts or other means.
To access to the Shadow directory, you must be root or casuser on Solaris, or in the administrator group for Windows.
You can find the Shadow directory in the following locations:
•
•
Note
You can enable or disable the use of Shadow directory by following this workflow:
Step 1
a.
The Process Management dialog box appears.
b.
c.
Step 2
The Archive Settings dialog box appears.
Step 3
Step 4
A message shows that the changes were made.
Step 5
a.
The Process Management dialog box appears.
b.
c.
Configuring Exclude Commands
You can list the commands that have to be excluded while comparing configuration. To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.
You can enter multiple commands separated by commas.
RME provides default exclude commands for some Device Categories.
For example, the default exclude commands for Router device category are, end,exec-timeout,length,width,certificate,ntp clock-period
You can specify Exclude Commands at all these levels:
•
•
•
While comparing configurations, if you have specified exclude commands in the Device Type, Device Family and Device Category, these commands are excluded only at the Device Type level. The commands in the Device Family and Device Category are not excluded.
Example 1:
If you have specified these commands at,
•
end,exec-timeout,length,width,certificate,ntp clock-period
•
banner incoming,snmp-server location
•
ip name-server,banner motd,snmp-server manager session-timeout
While comparing configurations, only the Cisco 1003 Router (Device Type) level commands are excluded.
Example 2:
If you have specified these commands only at Device Family and Device Category,
•
end,exec-timeout,length,width,certificate,ntp clock-period
•
banner incoming,snmp-server location
•
No commands specified.
While comparing configurations, only the Cisco 1000 Series Routers (Device Family) level commands are excluded.
If the commands are specified only at the Device Category level, these commands are applicable to all devices under that category.
To configure Exclude Commands:
Step 1
The Configure Exclude Commands dialog box appears.
Step 2
•
•
•
Step 3
You can enter multiple commands separated by commas.
You can also edit or delete the existing commands in the Exclude Commands pane.
Step 4
A message appears,
The commands to be excluded are saved successfully.
Configuring Fetch Settings
You can configure the Job Result Wait Time per device for the Sync Archive Jobs. The default value is 120 seconds. The minimum value can be set to 60 seconds.
Job Result Wait Time is the maximum wait time that Archive Management waits to get the configurations from the device during the sync-archive job execution.
To configure the Job Result Wait Time:
Step 1
The Fetch Settings dialog box appears.
Step 2
Step 3
•
•
Understanding Configuration Retrieval and Archival
RME supports different ways to trigger the retrieval of configuration files from the device for archival purposes.
This section contains:
•
•
•
•
•
Schedule Periodic Configuration File Archival
RME will archive both the startup and running configuration files for all devices at the scheduled time (6-hourly, 12-hourly, daily, weekly, monthly), as configured by the user.
Since this method collects the full running configuration and startup configuration files for the entire network, we recommend that you schedule this to run at no more than once per day, especially if the network is large and outside the LAN.
See Defining the Configuration Collection Settings for further details.
Schedule Periodic Configuration Polling
RME can be configured to periodically poll configuration MIB variables on devices that support these MIBs according to a specified schedule, to determine if either the startup or running configuration file has changed.
If it has, RME will retrieve and archive the most current configuration file from the device.
Polling uses fewer resources than full scheduled collection, because configuration files are retrieved only if the configuration MIB variable is set.
On IOS devices the variables ccmHistoryRunningLastChanged and ccmHistoryStartupLastChanged from the CISCO-CONFIG-MAN-MIB MIB, and on CATOS the variable sysConfigChangeTime from CISCO-STACK-MIB are used to detect the change.
Any change in the value of these variables causes the configuration file to be retrieved from the device. SNMP change polling works only in case of IOS and CATOS devices which support these MIBs.
If these MIBs are not supported on the devices, then by default, configuration fetch will be initiated without checking for the changes.
By default, the Periodic Collection and Polling are disabled.
See Defining the Configuration Collection Settings for scheduling the periodic polling.
Note
Manual Updates (Sync Archive function)
This feature allows the RME user to force the configuration archive to check specified devices for changes to the running configuration file only. Use Sync Archive if you need it to synchronize quickly with the running configuration.
You can also poll the device and compare the time of change currently on the device with the time of last archival of the configuration to determine whether the configuration has changed on a device.
The Startup configuration is not retrieved during manual update archive operation. However, you can retrieve the Startup configuration by enabling the Fetch startup Config option while scheduling Sync Archive job.
See Scheduling Sync Archive Job for further details.
Using Version Summary
You can trigger a configuration file retrieval by clicking on the Running or Startup configuration in the Configuration Version Summary report.
After a configuration file is fetched from the device, as described above, RME submits the configuration file for archival.
See Viewing the Configuration Version Summary for further details.
Timestamps of Configuration Files
These are timestamps of a running configuration file, or the change time (in change audit), indicate the time at which RME system archived the configuration file.
This is not the time at which the configuration actually changed on the device. If changes are detected immediately using Syslog messages, the timestamp should be very close to the actual configuration change time on the device.
Startup configurations are handled differently by RME. Startup configs are simply saved into the system, as they are retrieved from the device (unlike running configurations, which are compared and saved in versioned archives, if different).
The timestamps of Startup Configuration files are just the archival times, and do not indicate the change time.
In the version summary reports, the Running and Startup are links, which when clicked will retrieve in real time, the respective configuration from the device. This column does not have a timestamp associated with it.
In the Out-Of-Sync report, the Startup configuration column indicates the last archived startup configuration along with its timestamp, and the Running configuration column indicate the last archived running config along with its timestamp.
How Running Configuration is Archived
The workflow for archiving the Running configuration is:
1.
2.
3.
4.
–
–
Note
RME first compares the collected configuration file, with the latest configuration in the archive, and checks to see if there are effective configurations changes from what was previously archived.
Change Audit Logging
Config change audit records include information about, who changed (which user) the configuration, when the configuration change was identified by RME, and other change information.
•
•
•
Defining the Configuration Collection Settings
The configuration archive can be updated with configuration changes in two ways:
•
•
You can modify how and when the configuration archive retrieves configurations by selecting one or all of the following:
Periodic Polling
The configuration archive performs a SNMP query on the device. If there are no configuration changes detected in the devices, no configuration is fetched.
Periodic Collection
The configuration is fetched without checking for any changes in the configuration.
By default, the Periodic Collection and Polling are disabled.
Note
The following is the workflow for defining the configuration collection setting:
Step 1
The Config Collection Settings dialog box appears.
Step 2
Periodic Polling
a.
b.
The Config Collection Schedule dialog box appears.
c.
d.
Periodic Collection
a.
b.
The Config Collection Schedule dialog box appears.
c.
d.
Step 3
Or
Click Cancel if you want to discard the changes and revert to previously saved values.
If you had clicked Apply, a message appears:
New settings saved successfully.You can check the status of your scheduled job by selecting Resource Manager Essentials > Job Mgmt > RME Jobs.
Purging Configurations from the Configuration Archive
You can specify when to purge archived configurations. This frees disk space and keeps your archive at a manageable size.
By default, the purging jobs are disabled.
You can purge configurations based on two criteria:
•
The oldest configuration is purged when the maximum number is reached. For example, if you set the maximum versions to retain to 10, when the eleventh version of a configuration is archived, the earliest (first version) is purged to retain total number of latest archived versions at 10.
•
The Labeled configuration files are not purged even if they satisfy either of the purge conditions (Maximum versions to retain and Purge versions older than options in the Archive Purge Settings window) unless you enable the Purge labeled files option in the Archive Purge Settings window.
The labeled files are purged only if they satisfy the conditions given in the Maximum versions to retain and Purge versions older than options.
Archive Management will not purge the configuration files, if there are only two versions of these files in the archive.
Archived configurations that match the purge criteria that you set are purged from the system. This purge policy applies to Running configuration only.
Caution
Note
The workflow to define the Configuration Archive purge policy is:
Step 1
The Archive Purge Setup dialog box appears.
Step 2
Step 3
The Config Purge Job Schedule dialog box appears.
Step 4
Step 5
•
•
•
The Purge labeled files option must be used either with the Maximum versions to retain or Purge versions older than options. You cannot use this option without enabling either Maximum versions to retain or Purge versions older than options.
The labeled files are purged only if they satisfy the conditions given in the Maximum versions to retain and Purge versions older than options.
The Labeled configuration files are not deleted even if they satisfy either of the purge conditions (Maximum versions to retain and Purge versions older than) unless you enable the Purge labeled files option.
These purge policies are applied sequentially. That is, if you have enabled all the three purge policies, RME applies the Purge policies in this sequence:
a.
b.
c.
Archive Management does not purge the configuration files, if there are only two versions of these files in the archive.
Step 6
A message appears,
New settings saved successfully.Step 7
You can check the status of your scheduled job by selecting Resource Manager Essentials >
Job Mgmt > RME Jobs.
Checking Configuration Archival Status
After you add devices into RME, their configurations are gathered and stored in the configuration archive. You can check the overall status of the configuration archive (Successful, Partially Successful, and Failed). It provides the status of the last archival attempt.
Note
To check the configuration archive status:
Step 1
The Configuration Archival Summary dialog window appears with the following information.
Successful
Number of devices for which all supported configurations have been fetched successfully.
Click No.of Devices to see the Successful Devices Report.
Failed
Number of devices for which fetch of all supported configurations has failed.
Click No.of Devices to see the Failed Devices Report.
Partial Successful
Number of devices for which fetch of any one of the supported configurations has failed.
Number of Catalyst 5000 devices for which sub-modules were not pulled into archive. Only the main configuration of supervisor engine module is archived for Catalyst 5000 devices.
Click No.of Devices to see the Partially Successful Devices Report.
Step 2
You can check the status of your scheduled Sync Archive job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
Configuration Archival Reports
The following are the Config Archival reports:
•
Successful Devices Report
A device appears in this report if all supported configurations have been fetched successfully.
Note
This report contains the following information:
Failed Devices Report
A device appears in this report if fetch for all of the supported configurations has failed. This report also contains the reasons configuration could not be pulled.
This report contains the following information:
If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts.
To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.
Partially Successful Devices Report
A device shows up in this report if fetch for any one of the supported configurations has failed.
The Partially Successful Devices report lists the Catalyst 5000 family devices for which sub-module information could not be pulled from the device. Only the main configuration of the supervisory module is archived for Catalyst 5000 devices.
This report contains the following information:
Scheduling Sync Archive Job
You can schedule a job to update the configuration archive for selected group of devices.
You have an option to poll device configuration before updating the archive and to fetch Startup configuration.
You can also perform this task for a selected device using Device Center (from the CiscoWorks LMS Portal home page, select Device Troubleshooting > Device Center to launch Device Center).
Note
To schedule a job to update the device configuration:
Step 1
The Sync Archive dialog box appears.
Step 2
•
The sync archive job fails if devices are removed from the DCR. For example, a sync archive job is scheduled to run for all the devices that are part of the selected group in Device Selector. When the job runs if a device is deleted from the DCR, then the job fails for that particular device. However, if the job succeeds for the remaining devices in the group, the status of the job still remain failed.
Or
•
The job is scheduled only for the devices that are present in the selected group at the time when the job is run. The customizable group selector for jobs evaluates static groups also as dynamic during run time.
Step 3
Run Type
You can specify when you want to run the Sync Archive job.
To do this, select one of these options from the drop-down menu:
•
•
•
•
•
•
•
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
Date
You can select the date and time (hours and minutes) to schedule.
The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.
Job Description
Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
Poll device before configuration collection
Archive Management polls the device and compares the time of change currently on the device with the time of last archival of configuration to determine if configuration has changed on a device.
If the polling is not supported on the device, then configuration fetch will be initiated without checking for the changes.
See Understanding Configuration Retrieval and Archival for further details on configuration polling.
Fetch startup config
Archive Management fetches the startup configuration.
Step 4
A message appears,
JobID is created successfully.Where ID is a unique Job number.
Step 5
You can check the status of your scheduled Sync Archive job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
Using the Config Fetch Protocol Usage Report
You can view the configuration protocol usage details for successful configuration fetches using the Config Fetch Protocol Usage Report.
Note
Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Config Fetch Protocol Usage to generate a Config Fetch Protocol Usage Report.
The Config Fetch Protocol Usage Report window displays the following information:
Protocol
Protocols used by RME for configuration fetches.
Config Type
The Configuration types for the various protocols. The available types are:
•
•
•
Click on the Count link to view a detailed report for a protocol and corresponding Config Type. The detailed report shows the list of devices which are accessed using a particular protocol and for which successful Config Fetch has happened.
Example:
If you click on a Count link, 20, for Telnet protocol and Running config type, a detailed report is generated with the following fields:
•
•
•
•
This detailed report shows only the devices for which Telnet has successfully fetched configurations.
You can use the export icon to export the list of devices from this detailed report to the device selector.
Edit Settings
(Button)
Click this button, if you want to change the transport protocol order.
For more information, see Configuring Transport Protocols.
Refresh
(Icon)
Refreshes the Config Fetch Protocol Usage Report.
Generating an Out-of-Sync Report
You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration.
Note
Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Out-of-Sync Summary to generate an Out-of-sync report. The Startup and Running Out-Of-Sync Summary window displays the following information:
Device Name
Device Display Name as entered in Device and Credential Repository.
Startup
Startup configuration of the device. This configuration is fetched from the configuration archive.
Click on the displayed date to view the configuration.
Diff
Difference between the archived Startup and archived Running configuration.
Click on the icon to see the difference between the archived Startup and archived Running configuration.
Running
Running configuration of the device. This configuration is fetched from the configuration archive.
Click on the displayed date to see the detailed information on Running configuration.
Sync on Device
(Button)
Use this button to schedule a Sync on device job.
You can schedule a Sync on device job to copy the running configuration of a device to the startup configuration.
For more information see, Scheduling Sync on Device Job.
Scheduling Sync on Device Job
You can schedule a Sync on device job using the Sync on Device button on Startup and Running Out-Of-Sync Summary window.
Note
To schedule a Sync on device job:
Step 1
The Startup and Running Out-Of-Sync Summary dialog box appears.
Step 2
Step 3
The Job Schedule and Options dialog box appears.
Step 4
Step 5
A message appears,
JobID is created successfully.Where ID is a unique Job number.
Step 6
You can check the status of your scheduled Copy Running Config to Startup job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
Using the Configuration Version Tree
You can view all configuration versions of the selected devices in the form of a graphical display. You can also perform a configuration quick deploy for a selected device.
Note
To view the configuration Version Tree:
Step 1
The Device Selection dialog box appears.
Step 2
Step 3
The Config Version Tree dialog box appears.
Step 4
To expand the configuration version folder, click on plus icon and select the configuration version to view the configuration.
The Config Viewer dialog box appears. See Understanding the Config Viewer Window for further information.
If you want to perform a configuration quick deploy (Configuration Quick Deploy), click the Deploy button.
Understanding the Config Viewer Window
The Config Viewer is a HTML-based window which displays the configurations of specified devices.
You can specify how you want to view the contents of the configurations by selecting one of the options under Show:
•
•
The Config Viewer window contains two columns.
The buttons on the Config Viewer are:
Download Config
(Icon)
Downloads the configuration file to the client machine.
This option to download the configuration file is available only in the Raw mode. The configuration file will be downloaded through the Web browser with the file name convention as DeviceName-Version_Number.txt.
You can download the configuration file only if you have the privileges of a Network Administrator.
Note
Export
(Icon)
Export the configuration file.
•
•
Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.
The default directory where Configuration Archive file is exported is:
On RME Solaris server,
/var/adm/CSCOpx/files/rme/dcma/configexport
On RME Windows server,
NMSROOT\files\rme\dcma\configexport
Export (continue)
To export a file:
1.
The Export Config File dialog box appears.
2.
You must enter the default export directory. You cannot enter any other directory.
To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.3:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html
or
Browse to select a folder on the RME server.
The Server Side File Browser dialog box appears.
a.
b.
The Browse button takes you to the default directory. It does not allow you to change this default export directory.
To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.3:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html
3.
If you have exported configuration in the Raw mode, the notification message displays,
Config file exported asExportedFolder\DeviceName-VersionNumber.cfgIf you have exported configuration in the Processed mode, the notification message displays,
Config file exported asExportedFolder\DeviceName-VersionNumber.XMLWhere ExportedFolder is the location where configuration file is exported.
4.
(Icon)
Generates a format that can be printed.
Compare with previous version
Compares configuration with previous version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.
See Understanding the Config Diff Viewer Window for further details.
This button gets activated only if you have a previous version of the configuration.
Compare with next version
Compares configuration with next version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.
See Understanding the Config Diff Viewer Window for further details.
This button gets activated only if you have a next version of configuration.
Edit
Launches Config Editor window.
This button is active only if you are viewing the configuration version from the archive.
See Editing and Deploying Configurations Using Config Editor for further details.
Deploy
Perform a quick configuration deploy.
This button is active only if you are viewing the configuration version from the archive.
Viewing the Configuration Version Summary
You can view all archived configurations for selected devices. It also provides a link to view a particular configuration running on the device and to generate differences between versions in the archive.
You can view the last three configuration versions for each device regardless of number of versions stored in archive.
Note
To view the Config Summary, follow this workflow:
Step 1
The Device Selection dialog box appears.
Step 2
Step 3
The Archive Mgmt Version Summary window appears with the information in Table 8-5.
Configuration Quick Deploy
You can create an immediate job to deploy the version of configuration being viewed on the device. You can deploy the configuration either in overwrite or merge mode.
Features of Configuration Quick Deploy
The following are the features of Configuration Quick Deploy:
•
•
•
•
•
•
•
•
Performing a Configuration Quick Deploy
You can perform a configuration quick deploy using the Config Viewer window.
For example, you can launch Config Viewer window by clicking on Startup configuration or Running Configuration links while performing tasks such as generating Out-Of-Sync Summary report, viewing the Version Summary report etc.
Note
Step 1
The Job Option Details dialog box appears.
Step 2
Step 3
An immediate Quick Deploy of Configuration on Device job will be scheduled.
A message appears,
JobID is created successfully.Where ID is a unique Job number.
Step 4
You can check the status of your scheduled Config Quick Deploy job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
What Happens During Configuration Quick Deploy
Before Configuration Management deploys the configuration on the device, it verifies whether the device is locked.
The deploy process follows the configured transport protocol order and the fallback option is active.
At end of this task, Configuration Management will:
•
•
After uploading the configuration on the device, Configuration Management writes to the Change Audit log.
Configuring Labels
A label is a name given to a group of customized selection of configuration files. You can select configuration files from different RME devices, group and label them.
These labeled files are not purged along with the other configuration files. You have to explicitly select the Purge labeled files option to purge the labeled files. These labeled files are not purged if this option is not enabled.
You can purge the label config files using Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Purge Settings.
See Purging Configurations from the Configuration Archive for further details.
The Label Config window displays the following information:
Label Name
Displays the label name.
Description
Displays the label description.
Created by
Displays the user who created this label.
Created on
Displays the label creation time.
You can click on any column heading to sort the information by that column. If you double-click a heading, the order is reversed.
The Label Configs window contains the following buttons:
Create
Create a label. See Creating a Label for further details.
Edit
Edit a labeled configuration. See Editing a Labeled Configuration for further details.
This button is active only after you select a Label.
View
View a labeled configuration. See Viewing the Labeled Configuration for further details.
This button is activate only after you select a Label.
Delete
Delete labeled configuration. See Deleting the Labeled Configuration for further details.
This button is activate only after you select a Label.
Creating a Label
You can use Label Configuration to create a group of configuration files from selected devices.
Note
You can create a label file using the following workflow:
Step 1
The Label Configs dialog box appears.
Step 2
The Device Selection dialog box appears.
Step 3
Step 4
•
•
Step 5
Step 6
•
•
Step 7
The Select Configs to be Labelled dialog box appears.
•
•
•
Step 8
A message appears,
LabelLabelName created successfully.Where LabelName is the name of the label that you entered.
Step 9
Editing a Labeled Configuration
You can make the following changes to a label:
•
•
•
Note
You can edit a label file using the following workflow:
Step 1
The Label Configs dialog box appears.
Step 2
The Device Selection dialog box appears. The devices that are already part of the labeled file are selected.
Step 3
Step 4
Step 5
The Label Details dialog box appears with the current details of the label.
Step 6
•
•
–
–
Note
•
•
Step 7
A message appears,
LabelLabelNameupdated.Where LabelName is the name of the label as entered by you.
Step 8
Viewing the Labeled Configuration
You can view configurations of a label from the label listing.
Note
Step 1
The Label Configs dialog box appears.
Step 2
The Label Config Viewer window appears with the following information:
Device Name
Device Display Name as entered in Device and Credential Repository.
Config Type
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•
•
For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.
Version
Version of configuration file.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.
In the Config Viewer window, you can click the Deploy button if you want to perform a Configuration Quick Deploy (Configuration Quick Deploy)
Created On
Date and time configuration file was created.
Change Description
Description of configuration change.
Deleting the Labeled Configuration
You can delete a label from the list of labels in the label configuration dialog box:
Note
Step 1
The Label Configs dialog box appears.
Step 2
A message appears,
Are you sure you want to delete the label(s)?Step 3
Using Search Archive
You can search the archive for configuration containing text patterns for selected devices. You can specify ten different combinations of patterns/strings as part of search criteria.
For example:
•
•
You can also specify an option to ignore/consider the case sensitive property.
You can create a custom configuration query that searches information about the specified configuration files.
If you monitor devices X, Y, and Z every morning, you can create a custom query on them. When you run the query, RME quickly gathers all the archived configuration files for these devices and displays them in a report.
The Custom Queries window displays the following information:
Query Name
Custom Query name.
Description
Custom Query description.
Created By
User who created this Custom Query.
Created On
Custom Query creation time.
You can click on any column heading to sort the information by that column. If you double-click a heading, the order is reversed.
The Custom Queries window contains the following buttons:
Create
Create a custom query. See Creating a Custom Query for further details.
Edit
Edit a custom query. See Editing a Custom Query for further details.
This button is activate only after you select a custom query.
Run
Run a custom query. See Running a Custom Query for further details.
This button is activate only after you select a custom query.
Delete
Delete custom queries. See Deleting the Custom Queries for further details.
This button is activate only after you select a custom query.
The user who creates the custom query has the full permission to perform any tasks such as edit, run, etc,. on the Custom Queries.
See Searching Archive for the procedure to search the configuration with and without search pattern.
Creating a Custom Query
To create a custom query:
Note
Step 1
The Custom Queries dialog box appears
Step 2
Step 3
•
•
•
To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.
You cannot search for special characters or regular expressions, for example, Control-C, boot*, etc.
•
•
•
Step 4
A message appears,
Custom QueryCustomQueryName created successfully.Where CustomQueryName is the name of the custom query as entered by you.
Step 5
Running a Custom Query
To run a custom query:
Note
Step 1
The Custom Queries dialog box appears.
Step 2
The Device Selection dialog box appears.
Step 3
Step 4
The Custom Query Search Result window appears with the following information:
Device Name
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
Version
Versions of configuration file.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.
In the Config Viewer window, you can click on the Deploy button if you want to perform a configuration quick deploy (Configuration Quick Deploy)
Created On
Date and time configuration file was created.
You can perform the following tasks from this window:
•
•
Editing a Custom Query
You can edit the Custom Query description and modify the search patterns and their criteria. To edit a custom query:
Note
Step 1
The Custom Queries dialog box appears.
Step 2
The Custom Query Window appears.
Step 3
•
•
•
•
Step 4
A message appears,
Custom QueryCustomQueryNameupdated successfully.Where CustomQueryName is the name of the Custom Query.
Step 5
Deleting the Custom Queries
To delete the custom queries:
Note
Step 1
The Custom Queries dialog box appears.
Step 2
A message appears,
The query will be deleted.Step 3
Searching Archive
You can search the device configuration file with or without the search pattern. You can also narrow down your search using Label Configuration files and Custom Queries.
You can view the search report in two ways:
•
Note
To search the configuration archive:
Step 1
The Search Archive dialog box appears.
Step 2
Label Config
Enable this option and select a label name.
The configuration version options Latest and All are disabled.
Device Selector
Select the devices. See Using RME Device Selector for information on how to use RME Device Selector.
If you have selected Label Config, you need not select devices. If you have selected any devices, only the devices that are specified in the label configuration are searched. Other devices are ignored.
Version
Select Latest to search the most recent configuration only or All to search all configuration versions.
If you have selected Label Config, then you cannot specify the versions.
View Type
Select one of these view types:
•
•
Custom Query
Select a Custom Query.
The search patterns that are defined in the Custom Query appear in the Pattern Details text boxes.
In addition to Custom Query search patterns, you can also add additional search patterns.
Pattern Details
Perform the following tasks:
•
To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.
You cannot search for special characters, for example, Control-C, boot*, etc.
You can search the device configuration file without the search pattern too. The search will list all archived configuration for all selected devices.
–
–
•
•
•
Date Range
Select any of the following Date Range types:
•
•
•
The following maximum values for N can be specified:
–
–
–
–
If you have selected Latest as the version, the Date Range option searches for the most recent config archives.
Step 3
Based on your View type selection, either Search Archive Result or Device Configuration Quick View Report appears.
Search Archive Result
The Search Archive Result displays information about the device configurations. The Search Archive Result contains the following details of the selected configurations:
Device Name
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
Config Type
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•
•
For ONS devices, the PRIMARY config type displays the configuration information from the active CPU, at that instance.
Version
Versions of configuration file.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.
Created On
Date and time configuration file was created.
Change Description
Cause of configuration change.
You can perform the following tasks from this window:
•
•
Device Configuration Quick View Report
The Device Configuration Quick View report lists the devices, configuration version numbers, and configuration details of the device configuration version you specified.
You can specify how you want to view the contents of the configurations by selecting one of the options under Show:
•
•
The following buttons are available on the Config Viewer:
Export
(Icon)
Exports the configuration file.
•
•
Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.
The default directory where Configuration Archive file is exported is:
On RME Solaris server,
/var/adm/CSCOpx/files/rme/dcma/configexport
On RME Windows server,
NMSROOT\files\rme\dcma\configexport
Export (continue)
To export a file:
1.
The Export Config File dialog box appears.
2.
You must enter the default export directory. You cannot enter any other directory.
To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.3:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html
or
Browse to select a folder on the RME server.
The Server Side File Browser dialog box appears.
a.
b.
The Browse button takes you to the default directory. It does not allow you to change this default export directory.
To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.3:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html
3.
If you have exported configuration in the Raw mode, the notification message displays,
Config file exported asExportedFolder\DeviceName-VersionNumber.cfgIf you have exported configuration in the Processed mode, the notification message displays,
Config file exported asExportedFolder\DeviceName-VersionNumber.XMLWhere ExportedFolder is the location where configuration file is exported.
4.
(Icon)
Generates a format that can be printed.
Compare with previous version
Compares configuration with the previous version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.
See Understanding the Config Diff Viewer Window for further details.
This button is activate only if you have a previous version of configuration.
Compare with next version
Compares configuration with the next version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.
See Understanding the Config Diff Viewer Window for further details.
This button is activate only if you have a next version of configuration.
Edit
Launches Config Editor window.
This button is active only if you are viewing the configuration version from the archive.
See Editing and Deploying Configurations Using Config Editor for further details.
Deploy
You can perform a configuration quick deploy.
This button is active only if you are viewing the configuration version from the archive.
Comparing Configuration
You can compare two device configuration files from version to version or from device to device. You can also compare the configuration when a device was started with the current configuration, and the current configuration with the most recently archived configuration.
You can list the commands that have to be excluded while comparing configurations.
To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands. See Configuring Exclude Commands for further details.
You can compare the configurations in these ways:
•
See Comparing Startup vs. Running configurations.
•
See Comparing Running vs. Latest archived configurations.
•
See Comparing two configuration versions of the same device.
•
See Compare two configuration versions of different devices.
•
See Compare base config vs. Latest configuration version of multiple devices.
Comparing Startup vs. Running configurations
You can compare the configuration when a device was started with the current configuration. These configurations are fetched from the device.
Note
To compare Startup vs. Running configurations:
Step 1
The Compare Configurations dialog box appears.
Step 2
The Device Selection dialog box appears.
Step 3
Step 4
The Understanding the Config Diff Viewer Window window appears.
Comparing Running vs. Latest archived configurations
You can compare the configuration currently running on a device with the most recent configuration stored in the configuration archive. The Running configuration is fetched from the device.
Note
To compare Running vs. latest archived configurations:
Step 1
The Compare Configurations dialog box appears.
Step 2
The Device Selection dialog box appears.
Step 3
Step 4
The Understanding the Config Diff Viewer Window window appears.
Comparing two configuration versions of the same device
You can compare two different archived configurations of the same device.
Note
To compare two versions of the same device:
Step 1
The Compare Configurations dialog box appears.
Step 2
The Device Selection dialog box appears.
Step 3
Step 4
The Select First Configuration dialog box appears with the following information:
Step 5
The Select Second Configuration dialog box appears with the same information as the Select First Configuration window.
Step 6
The Understanding the Config Diff Viewer Window window appears.
Compare two configuration versions of different devices
You can compare two archived versions of a configuration of the same or different devices.
Note
To compare two versions of different devices:
Step 1
The Compare Configurations dialog box appears.
Step 2
The Select Device and Pattern dialog box appears.
Step 3
Device Selector
Select the devices.
See Using RME Device Selector for information on how to use RME Device Selector.
Version
Select Latest to view the most recent configuration or All to view all configuration versions.
Pattern Details
Perform the following tasks:
1.
To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.
You cannot search for special characters or regular expressions, for example, Control-C, boot*, etc.
You can search the device configuration file without the search pattern too.
2.
If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings.
3.
The Select First Configuration dialog box appears with the following information:
Step 4
The Select Second Configuration dialog box appears with the same information as the Select First Configuration window.
Step 5
The Understanding the Config Diff Viewer Window window appears.
Compare base config vs. Latest configuration version of multiple devices
You can compare and sync the base configuration of a device with the latest configuration version of multiple devices. The base configuration can be any Running, Startup, or User archives.
Note
To compare the base configuration with the latest configuration version of different devices:
Step 1
The Compare Configurations dialog box appears.
Step 2
The Select a Base Device dialog box appears.
Step 3
Step 4
The Select Config Version of the Base Device to Compare dialog box appears.
Step 5
•
•
Step 6
The Select Other Devices to Compare dialog box appears.
Step 7
You can select devices using the Device Selector. See Using RME Device Selector for information on how to use RME Device Selector.
Step 8
The Add Exclude Commands dialog box appears
Step 9
Exclude Commands
Enter the exclude commands one in each line.
For example,
ip address.*,
end.*,
exec-timeout.*,
length.*,
ntp clock-period.*The commands will be excluded while comparing configuration.
You can enter multiple commands separated by commas.
For more information, see Examples for Exclude Commands.
View Base Config
(Button)
Click View Base Config to launch the Config Viewer window.
See Understanding the Config Viewer Window for further information.
Step 10
The Compare Config window appears, displaying the following details:
Total No.of Device(s) selected for comparison
Number of devices selected for comparision.
Number of Compliant devices
Number of devices that comply with the base configuration.
Number of Non-Compliant devices
Number of devices that do not comply with the base configuration.
Number of Excluded devices
Number of devices excluded for comparision.
Base Device
Name of the base device.
Base Config Type
Configuration type of the base device.
Base Config Branch
Configuration branch version of the base device. For example, DeviceArchive.
Device Name
Device Display Name as entered in Device and Credential Repository.
Latest Version
Version of configuration file against which the compliance was checked.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window). This shows the contents of corresponding configuration file against which the compliance was checked.
Diff
Differences between base configuration and the lastest configuration version of mutiple devices.
To view the difference between the base configuration and the latest configuration version of other devices, click on the Diff icon. The Config Diff Viewer window appears. For more information, see Understanding the Config Diff Viewer Window.
Device Name
Device Display Name as entered in Device and Credential Repository.
Reason for Exclusion
Displays the cause for exclusion.
Buttons
Export
(Icon)
Exports the data to a file of PDF or CSV.
(Icon)
Generates a format that can be printed.
Step 11
The Config Diff Viewer window appears. For more information, see Understanding the Config Diff Viewer Window.
Step 12
The Job Options Details pop-up window appears, displaying the following details:
Step 13
Step 14
Examples for Exclude Commands
This section contains examples for exclude commands:
You can also refer http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html for other patterns.
Understanding the Config Diff Viewer Window
The Configuration Version Compare report shows the differences between the two selected configurations. You can access the Configuration Version Compare report by comparing device configurations.
You can specify how you want to view the differences between the configurations by selecting one of the options under Show:
•
•
The color conventions that are used on Config Diff Viewer are:
•
•
•
The Configuration Versions Compare report has three columns:
The buttons on the Config Diff Viewer are:
Export
(Icon)
Export the configuration file.
•
•
Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.
The default directory where Configuration Archive file is exported is:
On RME Solaris server,
/var/adm/CSCOpx/files/rme/dcma/configexport
On RME Windows server,
NMSROOT\files\rme\dcma\configexport
Export (continue)
To export a file:
1.
The Export Config File dialog box appears.
2.
You must enter the default export directory. You cannot enter any other directory.
To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.3:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html
or
Browse to select a folder on the RME server.
The Server Side File Browser dialog box appears.
a.
b.
The Browse button takes you to the default directory. It does not allow you to change this default export directory.
To change the default directory, see the RME FAQs section in the User Guide for Resource Manager Essentials 4.3:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_user_guide_list.html
3.
If you have exported configuration in the Raw mode, the notification message displays,
Config file exported asExportedFolder\DeviceName-VersionNumber.cfgIf you have exported configuration in the Processed mode, the notification message displays,
Config file exported asExportedFolder\DeviceName-VersionNumber.XMLWhere ExportedFolder is the location where configuration file is exported.
4.
This option is not available in the Config Diff Viewer page when you compare Base Config vs. Latest Version of Different Devices.
(Icon)
Generates a format that can be printed.
This option is not available in the Config Diff Viewer page when you compare Base Config vs. Latest Version of Different Devices.
Using Archive Management Job Browser
You can browse the Archive Management jobs that are registered on the system. From the Archive Mgmt Jobs dialog box you can also retry, delete, stop jobs and view a job's details.
The Archive Management Jobs window displays the following information:
Job ID
Unique number assigned to the job when it is created.
For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.
Click on the Job ID to view the Archive Management Job Details (see Viewing the Archive Management Job Details).
Job Type
Type of the configuration job.
•
•
•
•
•
Job Type
(Continue)
•
•
•
•
•
•
•
•
•
Status
Job states:
•
•
The number, within brackets, next to Failed status indicates the count of the devices that had failed for that job. This count is displayed only if the status is Failed.
For example, If the status displays Failed(5), then the count of devices that had failed amounts to 5.
This count of failed devices is not displayed for jobs restored from RME 4.0.4 or lesser versions.
•
•
•
•
•
Description
Job description entered during job definition
Owner
User who created this job.
Scheduled at
Date and time job is scheduled to run.
Completed at
Date and time at which job completed.
Schedule Type
Run type of the job: Immediate, Once, 6 - hourly, 12 - hourly, Daily, Weekly, and Monthly.
You can click on any column heading to sort information by that column. If you double-click on a heading, the order is reversed.
You can use the Filter button to do a quick search on the Archive Management jobs. You can perform filters by using these options:
You can perform the following tasks on this window:
Retrying a Config Job
You can retry only a failed job. You cannot retry a job that are scheduled to run periodically (Daily, Weekly, and Monthly).
Note
To retry a job:
Step 1
The Archive Management Jobs dialog box appears.
Step 2
The Job Schedule and Options dialog box appears.
Step 3
Based on your retry job selection, some of the options may not be visible.
For example, 6 - hourly and 12 -hourly Run Type options are visible only if you are retrying a Sync Archive job. This is not visible for other types of Archive Management jobs.
Step 4
A message appears,
Job resubmitted successfully.Step 5
Stopping a Config Job
You can stop the following running job types (See Using Archive Management Job Browser for details on the job types):
•
•
•
•
•
•
•
•
•
•
•
Note
To stop a Archive Management job:
Step 1
The Archive Management Jobs dialog box appears.
Step 2
A message appears,
Selected job(s) will be stopped.Step 3
Deleting the Config Jobs
You can delete the job in these status:
•
•
•
•
•
•
You cannot delete a running job.
Note
To delete jobs:
Step 1
The Archive Management Jobs dialog box appears.
Step 2
A message appears,
Selected job(s) will be deleted.Step 3
Viewing the Archive Management Job Details
From the Archive Management Jobs window, you can learn more about one job by viewing its details. You can view this details by clicking the Job ID on the Config Job window.
Note
The Archive Management Job Details window contains the following information:
The buttons on the Job Details window are:
•
–
–
–
–
–
–
You cannot delete a running job.
•
–
–
–
–
–
–
–
–
–
–
–
Baseline Template
For more information on Baseline Templates, see Using Baseline Templates to Check Configuration Compliance.
