Table Of Contents

Making and Deploying Configuration Changes Using NetConfig

NetConfig Tasks

Preparing to Use NetConfig

Verifying Device Credentials

Modifying Device Security

Verifying Device Prompts

Configuring Default Job Policies (Optional)

Assigning Task Access Privileges to Users (Optional)

Enabling Job Approval (Optional)

Rolling Back Configuration Changes

Creating Rollback Commands

Configuring a Job to Roll Back on Failure

Understanding NetConfig User Permissions

Job Approval Permissions

User-defined Tasks Permissions

Administrator Task Permissions

Job Editing Permissions

Using the NetConfig Tab

Starting a New NetConfig Job

Create a NetConfig Job based on Device

Create a NetConfig Job based on Module or Port

Browsing and Editing Jobs Using the NetConfig Job Browser

Viewing Job Details

Setting Job Approvers

Configuring Default NetConfig Job Policies

Password Policy for NetConfig Jobs

Setting the Transport Protocol Order for NetConfig Jobs

Creating and Editing User-defined Tasks

Assigning Tasks to Users

Handling Interactive Commands

Using NetConfig User-defined Templates and Adhoc Tasks

Handling Multi-line Commands

Using System-defined Tasks

Understanding the System-defined Task User Interface (Dialog Box)

Adhoc Task

Authentication Proxy Task

Banner Task

CDP Task

Certification Authority Task

Crypto Map Task

DNS Task

Enable Password Task

HTTP Server Task

Local Username Task

IGMP Configuration Task

Interface IP Address Configuration Task

Internet Key Exchange (IKE) Configuration Task

NTP Server Configuration Task

RADIUS Server Configuration Task

RCP Configuration Task

Reload Task

SNMP Community Configuration Task

SNMP Security Configuration Task

SNMP Traps Configuration Task

Syslog Task

SSH Configuration Task

TACACS Configuration Task

TACACS+ Configuration Task

Telnet Password Configuration Task

Transform System-Defined Task

Web User Task

Use-defined Protocol Task

Cable BPI/BPI+ Task

Cable DHCP-GiAddr and Helper Task

Cable Downstream Task

Cable Upstream Task

Cable Interface Bundling Task

Cable Spectrum Management Task

Cable Trap Source Task

Support for Auto Smartports and Smartports

Auto Smartports

Manage Auto Smarports

Smartports

PoE Task

Catalyst Integrated Security Features

SRE Operation Task

cwcli netconfig

Use Case: Using NetConfig Templates to change Configurations for many Devices

Making and Deploying Configuration Changes Using NetConfig

---

NetConfig allows you to make configuration changes to your network devices, whose configurations are archived in the Configuration Archive. NetConfig is a part of RME Configuration Management applications.

It provides easy access to the configuration files for all RME supported devices, ports and modules.

NetConfig automatically updates the Configuration Archive when it makes device configuration changes.

NetConfig provides many advantages over configuring devices from the CLI. For example, you can:

•Schedule jobs for future execution. You can schedule periodic jobs.

•Use configuration tasks to make configuration changes more easily and reliably.

•Run multiple commands during a job.

•Run commands on multiple devices during a job.

•Use the Job Approval application to require approval before a job can run.

•Roll back configuration changes made to devices when a job fails.

This section contains:

•NetConfig Tasks

•Preparing to Use NetConfig

•Rolling Back Configuration Changes

•Understanding NetConfig User Permissions

•Using the NetConfig Tab

•Starting a New NetConfig Job

•Browsing and Editing Jobs Using the NetConfig Job Browser

•Setting Job Approvers

•Configuring Default NetConfig Job Policies

•Password Policy for NetConfig Jobs

•Setting the Transport Protocol Order for NetConfig Jobs

•Assigning Tasks to Users

•Using System-defined Tasks

•Creating and Editing User-defined Tasks

•Handling Interactive Commands

•Handling Multi-line Commands

•cwcli netconfig

NetConfig Tasks

As a NetConfig user, you can:

•Define and schedule NetConfig jobs:

To make configuration changes to managed devices, modules and ports. You define and schedule NetConfig jobs using the job definition wizard. You can use configuration tasks (system-defined or user-defined) to create the configuration commands that you want to apply to devices.

•Browse and edit NetConfig jobs:

You can browse all NetConfig jobs on your system and edit, copy, stop, retry or delete them. For more information about a particular job, you can click the job details by clicking on the hyperlink of the Job ID in the NetConfig Job Browser.

•Use the command line interface for NetConfig jobs:

You can use the cwcli command line interface to create and schedule NetConfig jobs from the command line.

As a NetConfig administrator, you can:

•Create User-defined tasks:

You can create your own user-defined tasks containing any configuration or rollback commands, and download them to a set of selected devices. You enter the configuration commands by typing them or by importing them from a file.

User-defined tasks can be parameterized. That is, they can contain variables that take values from a specified file that resides on the RME server.

•Assign tasks:

As a network administrator, you can assign access to execute tasks, to CiscoWorks users with network operator privilege. You can assign one or more task, to one or more users. By default, only network administrators (users with Network Administrator permissions) can use configuration tasks.

•Separate protocol ordering for configuration deploy and fetch operations

You can separately specify the protocol order for configuration download and update operations, for NetConfig jobs. This feature enables you to use your preferred protocols for downloading and fetching configuration.

For example, you can use Telnet to download configuration to the device, and TFTP to fetch the configuration, thus improving the overall performance of NetConfig.

•Set the default NetConfig job policies

Each NetConfig job has job properties (including enabling job password) that define how the job will execute. You can configure defaults for these properties that will be applied to all future jobs. You can specify for each property whether users can change the default when creating a job.

See Understanding NetConfig User Permissions.

For the new features in this release, see What's New in this Release.

---

Note You can select the log level settings for the NetConfig application using the feature Application Log Level Settings (Resource Manager Essentials > Admin > System Preferences > Loglevel Settings).

---

Preparing to Use NetConfig

•Verifying Device Credentials.

•Modifying Device Security

•Verifying Device Prompts

•Configuring Default Job Policies (Optional)

•Assigning Task Access Privileges to Users (Optional)

•Enabling Job Approval (Optional)

Verifying Device Credentials

To verify that every device you want to configure has correct credentials in Device and Credential Repository, use the Device Credential Verification option (Resource Manager Essentials > Devices > Device Management > Device Credential Verification).

For more details see the topic Checking and Viewing Device Credentials in the section Adding and Troubleshooting Devices Using Device Management.

NetConfig must have access to the credentials to make device configuration changes.

Modifying Device Security

NetConfig must be able to run certain commands on devices to configure them. You must disable security that prohibits NetConfig from running these commands.

For the list of commands, see the topic Modifying Device Security in the section Archiving Configurations and Managing Them Using Archive Management.

Verifying Device Prompts

NetConfig requires particular CLI prompt formats:

If the telnet transport mechanism is used, the following prompts are applicable.

•For IOS-based devices, Content Engine devices, and Content Service Switch devices:

–The login prompt must end with a greater-than symbol (>).

–The enable prompt must end with a pound sign (#).

•For Catalyst devices:

–The login prompt must end with a greater-than symbol (>).

–The enable prompt must end with the text (enable).

If the secure shell (SSH) transport mechanism is used, the following prompts are applicable.

•For IOS-based devices, Content Engine devices, and Content Service Switch devices:

–The login prompt may end with any one of the following: (>), (#), (:), (%).

–The enable prompt must end with a pound sign (#).

–For Catalyst devices:

–The login prompt may end with any one of the following: (>), (#), (:), (%).

–The enable prompt must end with the text (enable).

Default prompts use this formatting. If you have changed your defaults, verify that the prompts meet these requirements, and change them if they do not.

Configuring Default Job Policies (Optional)

NetConfig jobs have properties that determine how they run. You can configure default job policies (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) that apply to all NetConfig jobs.

For more details see the topic Configuring Default Job Policies in the section Archiving Configurations and Managing Them Using Archive Management.

Assigning Task Access Privileges to Users (Optional)

You can assign task access privileges that determine which configuration tasks each user can use to create NetConfig jobs. See Understanding NetConfig User Permissions.

Enabling Job Approval (Optional)

You can enable Job Approval, (Resource Manager Essentials > Admin > Approval > Approval Policies) which means all jobs require approval before they can run.

For more details see the topic Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.

Rolling Back Configuration Changes

NetConfig lets you roll back (undo) the configuration changes made to network devices if a job does not complete. How rollback commands (the configuration commands that are used to roll back the configuration changes) are created depends on how the job was created.

You must configure a NetConfig job to automatically roll back configuration changes if the job fails to complete.

NetConfig can rollback configuration only devices whose configurations are archived in the Configuration Archive. For details see Archiving Configurations and Managing Them Using Archive Management.

To verify that devices have an archived configuration and troubleshoot those that do not, use the Configuration Archival Summary dialog box (Resource Manager Essentials > Config Mgmt > Archive Mgmt). For more details see the topic Checking Configuration Archival Status in the section Archiving Configurations and Managing Them Using Archive Management.

This section contains:

•Creating Rollback Commands

•Configuring a Job to Roll Back on Failure

Creating Rollback Commands

You can create rollback commands for a job in the following ways:

•If you use a system-defined task, rollback commands are created automatically by the task.

•If you create a user-defined task, you can enter rollback commands into the task.

Configuring a Job to Roll Back on Failure

You can define a job failure policy so it automatically rolls back configuration changes if the job fails to run. You can select one of several rollback options:

•Rollback device and stop—Rolls back the changes on the failed device and stops the job.

•Rollback device and continue—Rolls back the changes on the failed device and continues the job.

•Rollback job on failure—Rolls back the changes on all devices and stops the job.

Understanding NetConfig User Permissions

Access to NetConfig functionality is controlled by permissions.

Users with only Help Desk permissions cannot use NetConfig as this option will not be displayed for these users. Other users can use NetConfig, but their access to functionality is controlled by permissions.

In your application, see the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform the required NetConfig task.

This section contains:

•Job Approval Permissions

•User-defined Tasks Permissions

•Administrator Task Permissions

•Job Editing Permissions

Job Approval Permissions

Only users with Approver permissions can approve NetConfig jobs. Jobs must be approved before they can run if Job Approval is enabled on the system.

For more details see the topic Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.

User-defined Tasks Permissions

By default, only users with Network Administrator permissions can create user-defined configuration tasks (see Creating and Editing User-defined Tasks).A network administrator must give other users permission to use them on a task-by-task basis.

Administrator Task Permissions

Only users with Network Administrator permissions can perform administrator tasks, which are listed in the NetConfig Admin menu. Other users will not see this menu.

Administrator tasks are:

•Assigning tasks to users.

•Configuring default job properties.

•Creating and editing user-defined tasks.

For user permissions, see Understanding NetConfig User Permissions.

Job Editing Permissions

After a NetConfig job is created, the owner, another user with the owner's privileges, or a network administrator can:

•Copy a job.

•Edit a job

•Retry a job

•Delete a job

•Stop a job while it is running.

Using the NetConfig Tab

The NetConfig tab of RME enables you to do the following tasks:

•Create or edit NetConfig jobs, using the NetConfig job browser. You can also copy, retry, stop or delete jobs. You can run a job immediately. You can also schedule a job to run at a specified time, once, or periodically. See:

–Starting a New NetConfig Job

–Browsing and Editing Jobs Using the NetConfig Job Browser

•Create your own NetConfig tasks and run them on a selected set of devices. See Creating and Editing User-defined Tasks.

•Assign tasks to users. You can assign one or more tasks, to one or more users. See Assigning Tasks to Users.

Starting a New NetConfig Job

Use the job definition wizard to create and schedule the following NetConfig job types:

•Device Based

•Module Based

•Port Based

This section describes the following:

•Create a NetConfig Job based on Device

•Create a NetConfig Job based on Module or Port

To browse and edit jobs using the NetConfig job browser, see Browsing and Editing Jobs Using the NetConfig Job Browser.

Ensure that you have set the:

•Transport protocol order for your job using Resource Manager Essentials > Admin > Config Mgmt.

For more details see the topic Configuring Transport Protocols in the section Archiving Configurations and Managing Them Using Archive Management.

•Job and password policy for your job using Resource Manager Essentials > Admin > Config Mgmt >Config Job Policies before starting a new NetConfig job.

For more details see the topic Configuring Default Job Policies in the section Archiving Configurations and Managing Them Using Archive Management.

---

Note View the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.

---

Create a NetConfig Job based on Device

To create a new NetConfig job based on Device:

---

Step 1 Select Resource Manager Essentials > Config Mgmt > NetConfig > NetConfig Jobs.

The NetConfig Job Browser appears.

For the fields in the NetConfig Job Browser, see Browsing and Editing Jobs Using the NetConfig Job Browser.

Step 2 Click Create.

Step 3 The Netconfig Job Type page appears, displaying the following job flows:

•Device Based

•Module Based

•Port Based

Step 4 Select Device Based and click Go.

The Devices and Tasks dialog box appears, with these panes:

Pane	Description
Device Selector	Allows you to select the devices on which the NetConfig job has to run. You can select multiple device categories. For cable devices, you should select only one device for which to create a job. You can also search for devices from the Device Selector. For more details, see Using RME Device Selector
Task Selector	Allows you to select the System-defined tasks or User-defined tasks that you want to run on the selected devices. All System-defined and User-defined tasks are categorized into various task groups. To select the tasks, expand the corresponding Task Group node. You can also search for a task or a group of tasks in the Task Selector by entering the Search expressions in the Search field. You can also use the wildcard character "*" along with the Search expression. When you click the Search icon, the Search results are displayed in the Search Results tab. For descriptions of System-defined tasks and the device categories they support, see Using System-defined Tasks. For creating and using User-defined tasks, see Creating and Editing User-defined Tasks.

Step 5 Select the devices from the Device Selector pane.

See the topic Using RME Device Selector in the section Adding and Troubleshooting Devices Using Device Management.

Step 6 Select the required task from the All tab, using the Task Selector.

You can select one or more task at a time. Your selection appears in the Selection pane.

Step 7 Click Next.

The Add Tasks dialog box appears with these panes:

Pane	Description
Applicable Tasks	Allows you to add a task. The task that you selected using the Task Selector, appears here. From your selection, only the tasks that are applicable to at least one device that you have selected, appear here. If the task that you have selected does not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane. Select a task and click Add to create an instance for the task (see Step 8).
Added Instances	Allows you to edit the task instance you have added, view its CLI, or delete it. Select the instance of the task, and click the required button (see Table 10-1).

The buttons available in this page are:

Table 10-1 Tasks Performed by Buttons in the Added Instances Pane 

Buttons	Description
Edit	Task pop-up opens with previously assigned values. You can modify these values and click Save.
View CLI	Device Commands pop-up opens with the list of applicable devices and their corresponding CLI commands. Devices in your selection for which the commands are not applicable, are also displayed as Non-Applicable Devices. Click Close to close the pop-up window. You can modify an instance of a configuration task (and its configuration commands) at any time before the job is scheduled.
Delete	Deletes the selected task instance. You can delete an instance of a configuration task (and its configuration commands) at any time before the job is scheduled.

Step 8 Select an applicable task from the Applicable Tasks pane and click Add.

The Task (system-defined or user-defined) pop-up appears for the selected task.

Step 9 Set the parameters in the task dialog box and click Save.

(To reset the values that you have selected click Reset. Click Cancel to return to the previous dialog box, without saving your changes.)

You will see the instance of the task in the Added Tasks pane of the Add Tasks dialog box. The instance appears in this format:

Taskname_n, where Taskname is the name of the task you have added, and n is the number of the instance. For example, the first instance of a Banner task is Banner_1.

You can add as many instances as required, for a task.

Step 10 Click Next.

The Job Schedule and Options dialog box appears with these panes:

Pane	Description
Scheduling	Allows you to schedule the job.
Job Options	Allows you to set the job options.

Step 11 Set the schedule for the job, in the Scheduling pane:

Field	Description
Scheduling
Run Type	Select the run type or frequency for the job—Immediate, Once, Daily, Weekly, Monthly, or Last Day of Month. If Job Approval is enabled, the Immediate option is not available.
Date	Select the start date for the job.
at	Select the start time for the job from the hour and minute drop-down lists.
Job Info
Job Description	Enter the Job Description. Make each description unique so you can easily identify jobs. This is mandatory.
E-mail	Enter e-mail addresses to which the job will send status notices. Separate multiple addresses with commas or semicolons. You must configure the SMTP server to send e-mails (Common Services > Server > Admin > System Preferences). If the user who has created the job has a valid e-mail address, an e-mail notification is sent with the user's address in the sender address field, when job is started and completed. If the user who has created the job does not have a valid e-mail address, then the notification e-mails will be sent with the sender address field blank. Notification e-mails include a URL that displays the job details (see Viewing Job Details for the more information about what details are displayed). If you are not logged in, you must log in using the provided login panel to view the job details.
Comments	Enter your comments for the job. Comments appear in job work order and are stored in configuration archive.
Approver Comments	Enter comments for the job approver. This field is displayed only if you have enabled job approval for NetConfig. For more details the section Enabling Approval and Approving Jobs Using Job Approval.
Maker E-mail	Enter the e-mail-ID of the job creator. This field is displayed only if you have enabled job approval for NetConfig. This is a mandatory field. For more details the section Enabling Approval and Approving Jobs Using Job Approval.

Step 12 Set the job options, in the Job Options pane.

Field	Description
Fail on Mismatch of Config Versions	Select to cause job to be considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.
Sync Archive before Job Execution	Select to cause job to archive running configuration before making configuration changes.
Copy Running Config to Startup	Select to cause job to write the running configuration to the startup configuration on each device after configuration changes are made successfully. Does not apply to Catalyst OS devices.
Enable Job Password
Login Username	Enter the Login Username. This option is available to you if you have set the appropriate job password policy in the Configuration Management module. This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.
Login Password	Enter the job password. This option is available to you if you have set the appropriate job password policy in the Configuration Management module. This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.
Enable Password	Enter the Enable password. This option is available to you if you have set the appropriate job password policy in the Configuration Management module. This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.
Failure Policy	Select one of these options to specify what the job should do if it fails to run on a device. •Stop on failure: If the job fails to execute on a device, the job is stopped. The database is updated only for the devices on which the job was executed successfully. •Ignore failure and continue—If the job fails on a device, the job skips the device and continues with the remaining devices. The database is updated only for the devices on which the job was executed successfully. •Rollback device and stop—Rolls back the changes on the failed device and stops the job. •Rollback device and continue—Rolls back the changes on the failed device and continues the job. •Rollback job on failure—Rolls back the changes on all devices and stops the job. Roll back configuration changes to failed device or all devices configured by job (see Configuring a Job to Roll Back on Failure.)
Execution	Specify the order in which the job should run on the devices. •Parallel—Allows the job to run on multiple devices at the same time. By default, the job runs on five devices at a time. •Sequential—Allows the job to run on only one device at a time. If you select sequential execution, you can click Set Device Order to set the order of the devices. In the Device Ordering dialog box: a. Select a device name b. Click Move Up or Move Down to change its place in the order. c. Click OK to save the current order and close the dialog box or Click Cancel to close the dialog box without making any changes.

Step 13 Click Device Order to view the device order.

The Set Device Order pop-up appears.

You can reset the order in which the job should be executed on the devices using the Up and Down arrows. When you are done, click Done. The pop-up closes.

Step 14 Click Next.

The Job Work Order dialog box appears with the general information about the job, the job policies, the job approval details (if you have enabled job approval), the device details, the task, and the CLI commands that will be executed on the selected devices as part of this job.

A sample work order is:

------------------------------------------------------------------

General Info

Owner: admin

Description: test job for documenting the workflow

Schedule Type: Run Once

Schedule Time: Mon Aug 22 12:45:00 IST 2011

--------------------------------------------------------------------

Job Policies

Failure Policy: Ignore failure and continue

E-mail Notification: Disabled

Execution Policy: Sequential

Fail on Mismatch of Config Versions : Disabled

Copy Running Config to Startup: Disabled

Sync Archive before Job Execution : Disabled

Job Password: Disabled

------------------------------------------------------------------

Job Approval Details

Job Approval: Disabled

------------------------------------------------------------------

Device Details

Device: 10.76.38.14

Task: Banner

Commands:

banner motd "welcome"

------------------------------------------------------------------

Step 15 Click Finish after you review the details of your job in the Job Work Order dialog box.

A notification message appears along with the Job ID. The newly created job appears in the NetConfig Job Browser.

---

Create a NetConfig Job based on Module or Port

This section provides information for creating a Netconfig job based on Ports or Modules.

You can create a Netconfig job for ports or modules by selecting the devices from "Device and Groups" page and port or module groups from "Group Selector" page in the Netconfig job flow. You need to consider the following use cases while scheduling a Netconfig job:

•Netconfig job for all the devices in the port or module group

•Netconfig job for a few devices in the port or module group

Netconfig job for all the devices in the port or module group

To create a Netconfig job for all the devices in the port or module group, you just need to select the applicable ports or module groups from the "Group Selector" page in the Netconfig job flow. The Netconfig job will run for all the devices in the selected port or module groups.

If devices are not available in the port or module groups in the "Group Selector" page, then Netconfig job will not be created and displays the following message No devices in selected group

Netconfig job for a few devices in the port or module group

To create a Netconfig job for a few devices, you must select the devices or device groups from the "Devices and Groups" page and select the port or module groups from the "Group Selector" page in the Netconfig job flow. In this case, the netconfig job will run only for the devices that are common in both "Devices and Groups" page and port or module groups in the "Group Selector" page.

If devices selected in both "Devices and Groups" page and in port or module groups in the "Group Selector" page are not matching, then the Netconfig job will be created only for the devices selected from the "Devices and Groups" page. At job run time, if the selected devices are not available in the port or module groups, then the Netconfig job will fail because the job will run only for the common devices.

If the device group selected in "Devices and Groups" page does not contain any devices, then the Netconfig job will be created only for the devices that are part of port or module groups.

To start a new NetConfig job based on Modules or Ports:

---

Step 1 Select Resource Manager Essentials > Config Mgmt > NetConfig > NetConfig Jobs.

The NetConfig Job Browser appears.

For the fields in the NetConfig Job Browser, see Browsing and Editing Jobs Using the NetConfig Job Browser.

Step 2 Click Create.

The Netconfig Job Type page appears, displaying the following job flows:

•Device Based

•Module Based

•Port Based

Step 3 Either select:

•Module Based—To create a module based NetConfig job.

Or

•Port Based—To create a port based Netconfig job.

Step 4 Click Go.

The Device and Group Selector dialog box appears, with these options:

Options	Description
Device Selector	Allows you to select the devices on which the NetConfig job has to run. You can select multiple device categories. You can also search for devices from the Device Selector. For more details, see Using RME Device Selector.
Group Selector	Allows you to select the groups on which the NetConfig job has to run. You can select multiple groups.

Step 5 Either:

•Select the devices using the Device Selector option.

Or

•Select the groups using the Group Selector option.

You can also click Next to directly go to the Group Selector page without selecting the devices or device groups.

Step 6 Click Next.

The Group Selector page appears displaying the Port or Module Groups dialog box with these options:

Options	Field/Button	Descriptions
Select Custom Group	Allows you to select the following group types on which the NetConfig job has to run. You can select multiple groups. •Module groups are displayed for Module based NetConfig job. •Port groups are displayed for Port based NetConfig job. See Creating Port and Module Groups for information on creating port or module groups.
Define an Adhoc Rule	Allows you to define Adhoc rules. The rule defined using this option will be available and specific only to this NetConfig job. They will not be available if you create another NetConfig job.
	Object Type	Select the following Object Type to form a group: •Module—The Object Type is listed only in Module based NetConfig job. •Port—The Object Type is listed only in Port based NetConfig job.
	Variable	Object type attributes, based on which you can define the group. See Rule Attributes for Port and Module Creation.
	Operator	Operator to be used in the rule. The list of possible operators changes based on the Variable selected. When using the equals operator the rule is case-sensitive.
	Value	Value of the rule expression. The possible values depend upon the variable and operator that you have selected. Depending on the operator selected, the value may be free-form text or a list of values. The wildcard characters are not supported.
	Add Rule Expression (Button)	Used to add the rule expression to the group rules.
	Rule Text	Displays the rule.
	Check Syntax (Button)	Verifies that the rule syntax is correct. Use this button to verify the syntax of the rule created before proceeding to the next step.
	Include (Button)	Lists all the modules or ports from the selected devices that are not matching the rule. Later you can choose to include those modules or ports for group creation. Click Include to launch the Include List window. See Table 4-10 for descriptions of the fields in the Include List window.
	Exclude (Button)	Lists all the modules or ports from the selected devices that are matching the rule. Later you can choose to exclude those modules or ports for group creation. Click Exclude to launch the Exclude List window. See Table 4-10 for descriptions of the fields in the Exclude List window.

Step 7 Click Next.

The Port or Module Tasks page appears.

Step 8 Select the following task using the Task Selector:

Port/Module Tasks	Description
Gold Health Monitoring Test (See GOLD Health Monitoring Test Task.)	Configure GOLD Health Monitoring tests on modules. This tasks is available only for the Module based NetConfig job.
Adhoc Task (See Adhoc Task.)	Configures user-defined commands on selected interfaces within a port group.
Manage Auto Smartports (See Manage Auto Smarports.)	Enables or disables auto smartports macros at port level.
Smartports (See Smartports)	Applies smartports macros at port level.
Catalyst Integrated Security Features (See Catalyst Integrated Security Features.)	Configures port security features.
PoE (See PoE Task.)	Configures power policing in ports.
SRE Operation (See SRE Operation Task)	Configures the following operations on Services Ready Engine (SRE) supported devices at port level: •Install—Install application in service modules. •Uninstall—Uninstall application from service modules. •Status—Displays the following: –Status of the service module –The applicable running on the module –Status of the installation and uninstallation being performed in the service module •Abort—Stop installation on a set of service modules in a SRE device. •Shutdown—Shutdown the set of service modules in a SRE device Reset—Reset service modules in a SRE device.

Your selection appears in the Selection pane.

Step 9 Click Next.

The Add Tasks dialog box appears with these panes:

Pane	Description
Applicable Tasks	Allows you to add a task. The task that you selected using the Task Selector, appears here. From your selection, only the tasks that are applicable to at least one device that you have selected, appear here. If the task that you have selected does not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane. Select a task and click Add Instance to create an instance for the task (see Step 10).
Added Instances	Allows you to edit the task instance you have added, view its CLI, or delete it. Select the instance of the task, and click the required button (see Table 10-2).

The buttons available in this page are:

Table 10-2 Tasks Performed by Buttons in the Added Instances Pane 

Buttons	Description
Edit	Task pop-up opens with previously assigned values. You can modify these values and click Save.
View CLI	Device Commands pop-up opens with the list of applicable devices and their corresponding CLI commands. Devices in your selection for which the commands are not applicable, are also displayed as Non-Applicable Devices. Click Close to close the pop-up window. You can modify an instance of a configuration task (and its configuration commands) at any time before the job is scheduled.
View Ports	Port Details pop-up opens showing the list of devices, their corresponding ports and the port group rule. For example, Port Group: 100 Mbps Ethernet Ports Port Group Rule: Port.Speed = "100000000" AND Port.Type = "6" IN Port.GROUP_ID = "/RME@rme-ch-dev-sf4/All Devices" Ports matching the port group rule: 4/1 4/2 4/3 4/4 4/5 4/6 4/7 Click Close to close the pop-up window.
Delete	Deletes the selected task instance. You can delete an instance of a configuration task (and its configuration commands) at any time before the job is scheduled.

Step 10 Select an applicable task from the Applicable Tasks pane and click Add.

The Task (system-defined or user-defined) pop-up appears for the selected task.

Step 11 Set the parameters in the Task dialog box and click Save.

To reset the values that you have selected click Reset.

To return to the previous dialog box without saving your changes, click Cancel.

You will see the instance of the task in the Added Tasks pane of the Add Tasks dialog box. The instance appears in this format:

Taskname_n, where Taskname is the name of the task you have added, and n is the number of the instance. For example, the first instance of a Banner task is Banner_1.

You can add as many instances as required, for a task.

Step 12 Click Next.

The Job Schedule and Options dialog box appears with these panes:

Pane	Description
Scheduling	Allows you to schedule the job.
Job Options	Allows you to set the job options.

Step 13 Set the schedule for the job, in the Scheduling pane:

Field	Description
Scheduling
Run Type	Select the run type or frequency for the job—Immediate, Once, Daily, Weekly, Monthly, or Last Day of Month.
Date	Select the start date for the job.
at	Select the start time for the job from the hour and minute drop-down lists.
Job Info
Job Description	Enter the Job Description. Make each description unique so you can easily identify jobs. This is mandatory.
E-mail	Enter e-mail addresses to which the job will send status notices. Separate multiple addresses with commas or semicolons. You must configure the SMTP server to send e-mails (Common Services > Server > Admin > System Preferences). If the user who has created the job has a valid e-mail address, an e-mail notification is sent with the user's address in the sender address field, when job is started and completed. If the user who has created the job does not have a valid e-mail address, then the notification e-mails will be sent with the sender address field blank. Notification e-mails include a URL that displays the job details (see Viewing Job Details for the more information about what details are displayed). If you are not logged in, you must log in using the provided login panel to view the job details.
Comments	Enter your comments for the job. Comments appear in job work order and are stored in configuration archive.
Approver Comments	Enter comments for the job approver. This field is displayed only if you have enabled job approval for NetConfig. For more details the section Enabling Approval and Approving Jobs Using Job Approval.
Maker E-mail	Enter the e-mail-ID of the job creator. This field is displayed only if you have enabled job approval for NetConfig. This is a mandatory field. For more details the section Enabling Approval and Approving Jobs Using Job Approval.

Step 14 Set the job options, in the Job Options pane.

Field	Description
Fail on Mismatch of Config Versions	Select to cause job to be considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.
Sync Archive before Job Execution	Select to cause job to archive running configuration before making configuration changes.
Copy Running Config to Startup	Select to cause job to write the running configuration to the startup configuration on each device after configuration changes are made successfully. Does not apply to Catalyst OS devices.
Enable Job Password
Login Username	Enter the Login Username. This option is available to you if you have set the appropriate job password policy in the Configuration Management module. This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.
Login Password	Enter the job password. This option is available to you if you have set the appropriate job password policy in the Configuration Management module. This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.
Enable Password	Enter the Enable password. This option is available to you if you have set the appropriate job password policy in the Configuration Management module. This overrides the credentials that you have entered at the time of adding the device in the Device and Credentials Administration module of Common Services.
Failure Policy	Select one of these options to specify what the job should do if it fails to run on a device. •Stop on failure: If the job fails to execute on a device, the job is stopped. The database is updated only for the devices on which the job was executed successfully. •Ignore failure and continue—If the job fails on a device, the job skips the device and continues with the remaining devices. The database is updated only for the devices on which the job was executed successfully. •Rollback device and stop—Rolls back the changes on the failed device and stops the job. •Rollback device and continue—Rolls back the changes on the failed device and continues the job. •Rollback job on failure—Rolls back the changes on all devices and stops the job. Roll back configuration changes to failed device or all devices configured by job (see Configuring a Job to Roll Back on Failure.)
Execution	Specify the order in which the job should run on the devices. •Parallel—Allows the job to run on multiple devices at the same time. By default, the job runs on five devices at a time. •Sequential—Allows the job to run on only one device at a time. If you select sequential execution, you can click Set Device Order to set the order of the devices. In the Device Ordering dialog box: a. Select a device name b. Click Move Up or Move Down to change its place in the order. c. Click OK to save the current order and close the dialog box or Click Cancel to close the dialog box without making any changes.

Step 15 Click Device Order to view the device order. The Set Device Order pop-up appears.

You can reset the order in which the job should be executed on the devices using the up and down arrows. When you are done, click Done. The pop-up closes.

Step 16 Click Next.

The Job Work Order dialog box appears with:

•General information about the job

•Job policies

•Job approval details (if you have enabled job approval)

•Device details

•Task

•CLI commands that will be executed on the selected devices as part of this job

•Rule Expression (applicable for Adhoc groups).

Step 17 Click Finish after you review the details of your job in the Job Work Order dialog box.

A notification message appears along with the Job ID. The newly created job appears in the NetConfig Job Browser.

---

Browsing and Editing Jobs Using the NetConfig Job Browser

You can browse the NetConfig jobs that are registered on the system. Using the NetConfig Job Browser dialog box you can also manage NetConfig jobs using the job browser. That is, you can edit, copy, retry, stop, or delete jobs using this job browser.

To create and start a new NetConfig job, see Starting a New NetConfig Job.

---

Note View Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.

---

To invoke the NetConfig job browser:

Select Resource Manager Essentials > Config Mgmt > NetConfig > NetConfig Jobs.

The NetConfig job browser dialog box appears with a detailed list of all scheduled report jobs.

The columns in the NetConfig job browser dialog box display the following information:

Column	Description
Job ID	Unique number assigned to job when it is created. For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001. Click on the hyperlink to view the Job details (see Viewing Job Details).
Status	Status of the job: •Successful—When the job is successful. •Failed—When the job has failed. The number, within brackets, next to Failed status indicates the count of the devices that had failed for that job. This count is displayed only if the status is Failed. For example, If the status displays Failed(5), then the count of devices that had failed amounts to 5. This count of failed devices is not displayed for jobs restored from RME 4.0.4 or lesser versions. •Cancelled—When the job has been stopped. •Running—When the job is in progress. •Waiting—When the job is waiting approval (if job approval has been enabled). •Rejected—When the job has been rejected (if job approval has been enabled).
Description	Description of the job, entered at the time of job creation.
Owner	Username of the job creator.
Scheduled at	Date and time at which the job was scheduled.
Completed at	Date and time at which the job was completed.
Flow Type	Type of the job flow—Port, Module, Device.
Schedule Type	Type of job schedule—Immediate, Once, Daily, Weekly, Monthly, Last day of the month. You can specify when you want to run the NetConfig job. To do this, select one of these options from the drop down menu: •Immediate—Runs the report immediately. •Once—Runs the report once at the specified date and time. •Daily—Runs daily at the specified time. •Weekly—Runs weekly on the day of the week and at the specified time. •Monthly—Runs monthly on the day of the month and at the specified time. •Last Day of the Month—Runs the job on the last day of the month, beginning with the month that you specify. For periodic jobs, the subsequent instances of periodic jobs will run only after the earlier instance of the job is complete. For example: If you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed. If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, then the next job will start only at 10:00 a.m. on November 3.

Using the Filter by field in the NetConfig Job Browser, you can filter the jobs displayed in the browser.

You can filter the jobs displayed in the NetConfig Job Browser using any of the following criteria and clicking Filter:

Filter Criteria	Description
All	Select All to display all jobs in the job browser
Job ID	Select Job ID and enter the Job ID (s) that you want to display. For non-periodic job, the specified Job ID appears in the browser, for periodic jobs, all the instances of the selected Job ID will also be displayed in the browser.
Status	Select Status and then select any one of these: •Successful •Failed •Cancelled •Running •Scheduled •Approved •Waiting •Rejected
Description	Select Description and enter the first few letters or the complete description.
Owner	Select Owner and enter the user ID or the beginning of the user ID.
Schedule Type	Select the schedule type and select any one of these: •Immediate •Once •Daily •Weekly •Monthly •Last day of the month
Flow Type	Select Flow Type and then select any one of these: •Device •Port •Module
Refresh (Icon)	Click on this icon to refresh the NetConfig job browser.

Records for NetConfig jobs need to be purged periodically. You can schedule a default purge job for this purpose. For more details see the topic Job Purge in the section Setting System-wide Parameters Using System Preferences.

You can perform the following operations using the NetConfig job browser. (See Table 10-3):

Table 10-3 Operations Using the NetConfig Job Browser 

Button	Description	Usage Notes
Edit	Edits selected pending job. •For Device based jobs: The Job definition opens at the Devices and Tasks dialog box, with current information about the job. •For Module based jobs: The Job definition opens at the Devices and Groups dialog box, with current information about the job. •For Port based jobs: The Job definition opens at the Devices and Groups dialog box, with current information about the job. You can edit a job the same way you define and schedule a new job (see Starting a New NetConfig Job). The Job ID of an edited job remains unchanged.	Unless you own job, your login ID determines whether you can use this option. If the job start time occurs during editing, it runs without edits. You can complete edits and schedule the job to run again, but you cannot re-edit the job. To prevent the job from running without edits, either: •Complete your edits before the job start time. Or •Cancel the job and create a new one.
Copy	Copies selected job. You can copy a job and give it a new schedule. •For Device based jobs: The Job definition opens at the Devices and Tasks dialog box, with all your selections for the job that you are copying. •For Module based jobs: The Job definition opens at the Devices and Groups dialog box, with all your selections for the job that you are copying. •For Port based jobs: The Job definition opens at the Devices and Groups dialog box, with all your selections for the job that you are copying. You can edit the copied job in the same way you define and schedule a new job (see Starting a New NetConfig Job). A new Job ID with the copied job details is created.	-
Retry	Retry a failed job. •For Device based jobs: The Job definition opens at the Devices and Tasks dialog box. You can edit the job the same way as you would define and schedule a new job. However, you cannot add new devices or change the tasks for the job that you are retrying. You can select a few number of failed devices to retry the job. •For Module based jobs: The Job definition opens at the Devices and Groups dialog box. You can edit the job the same way as you would define and schedule a new job. However, you cannot add new devices, modules or change the tasks for the job that you are retrying. You can select a few number of failed devices to retry the job. •For Device based jobs: The Job definition opens at the Devices and Groups dialog box. You can edit the job the same way as you would define and schedule a new job. However, you cannot add new devices, ports or change the tasks for the job that you are retrying. You can select a few number of failed devices to retry the job.	Unless you own the job, your login determines whether you can use this option. There may be some devices whose configuration has been downloaded. However, their running configuration has not been written to the Startup configuration. You can perform Retry Job on these devices just as you can on a failed job.
Stop	Stops or cancels a running job. You can stop/cancel a running job. You will be asked to confirm the cancellation of the job. However, the job will be stopped only after the devices currently being processed are successfully completed. This is to ensure that no device is left in an inconsistent state. If the job that you want to stop is a periodic job, you will also be asked whether you want to cancel all the instances of the job. Click OK to cancel all instances. If you click Cancel, only the selected instance of the job is cancelled. The next instance of the job will appear in the Job browser with the status Scheduled.	Unless you own the job, your login determines whether you can use this option. You cannot re-start the stopped job. You can however copy the stopped job and Job ID.
Delete	Deletes the selected job from the job browser. You can select more than one job to delete. You will be asked to confirm the deletion. If the job that you have selected for deletion is a periodic job, this message appears: If you delete periodic jobs, or instances of a periodic job, that are yet to be run, the jobs will no longer run, nor will they be scheduled to be run again. You must then recreate the deleted jobs. Do you want to continue? Click OK to confirm the deletion. The job, and its instances will be deleted. You can delete a job that has been successful, failed, or stopped, but you cannot delete a running job.	Unless you own the job, your login determines whether you can use option. You must stop a running job before you can delete it.

Viewing Job Details

From the Job Browser dialog box, you can learn more about any job by viewing its details.

---

Step 1 Go to the NetConfig Job Browser, click the Job ID hyperlink. (See Starting a New NetConfig Job to invoke the NetConfig Job Browser.)

The Job Details pop-up appears, displaying the day, date and time details in the header at the top of the report. The Job ID and the Status appear in the header of the report.

The Job Details dialog box has two panes. The left pane contains a table of contents for the job results. The results appear in the right pane.

Step 2 Click a content in the left pane to view its corresponding report in the right pane.

Double-click a folder in the left pane to open and close it.

If the folder has subfolders, the next level of subfolders appears under it. Otherwise, its corresponding report appears in the right pane.

The contents of the left pane depends on the state of the job. The left pane can contain:

•Job Summary (in the Job Details folder).

•Downloaded Devices (in the Device Details folder).

•Work Order

Page/Folder	Description
Job Details	Job Summary	Click to display summary of completed job: •Job Summary: –Status –Start Time –End Time •Job Messages: –Pre-job Execution –Post-job Execution •Device Update: –Successful –Failed –Not attempted –Pending –Devices Pending Registration for Smart Call Home (SCH) The URL https://tools.cisco.com/sch/pendingDevices.do is displayed only for SCH NetConfig jobs. Click the URL to register the devices that are pending to process SCH messages at Cisco.com. For more information on Devices Pending Registration for SCH, see the Smart Call Home User Guide at: http://www.cisco.com/en/US/services/ps2827/ps2978/ps7334/networking_solutions_products_genericcontent0900aecd806f52c2.pdf
Device Details	Downloaded Devices	Contains detailed job results for each device in a table: •Device—List of devices on which the job ran. •Status—Status of job (success, failure, etc.) •Message—A message about the status of a job. –If the job failed on the device, the reason for failure is displayed. –If the job was a success on that device, the message Deploy Successful is displayed. You can filter the devices by selecting a status and clicking Filter. This page displays the number of rows you have set for display in the Rows per Page field. You can increase the rows up to 500 in each page. You can navigate among the pages of the report using the navigation icons at the right bottom of this table. Click on a device to view the details such as protocol, status and reason when applicable, task used and the CLI output for that device. These details appear in a pop-up window. Double-click to display status folders that correspond to possible device status.
	StatusFolder	Description
	Update Successful	Devices were successfully updated.
	Update Failed	Devices were not successfully updated. Includes devices on which rollback was attempted, regardless of whether it was successful.
	Not Attempted	Job did not try to update devices, even though they were selected. Usually occurs when a previous device failed and failure property was set to Stop on Failure.
Work Order	Click to display Job Work Order, which contains same the information as the workorder that was displayed when the job was created. (For the workorder details, see Step 16 in Starting a New NetConfig Job). For retried jobs, the job definitions are not updated. For such jobs, the original job definitions are retained.
ViewPorts (button)	Port Details pop-up opens showing the list of devices, their corresponding ports and the group rule. Click Close to close the pop-up window. The View Ports button is available only for jobs that are either in Scheduled, Waiting for Approval, or in Rejected states.

To perform actions, click one of the following (For detailed descriptions of these operations see Operations Using the NetConfig Job Browser in Table 10-3):

•Edit

•Copy

•Retry

•Stop

•Delete

---

Setting Job Approvers

If required, you can enable job approval for NetConfig jobs.

For more details see the topic Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.

Configuring Default NetConfig Job Policies

Ensure that you have configured the default job policies for NetConfig jobs.

For more details see the topic Configuring Default Job Policies in the section Archiving Configurations and Managing Them Using Archive Management.

Password Policy for NetConfig Jobs

Ensure that you have set the password policy for NetConfig jobs. For more details see the topic Configuring Default Job Policies in the section Archiving Configurations and Managing Them Using Archive Management.

Setting the Transport Protocol Order for NetConfig Jobs

Ensure that you have set the Transport protocol order for your job using Resource Manager Essentials > Admin > Config Mgmt. For more details see the topic Configuring Transport Protocols in the section Archiving Configurations and Managing Them Using Archive Management.

Creating and Editing User-defined Tasks

You can create User-defined Tasks and add one or more templates to each task.

The template, in turn, is associated with the Meta-Data Framework (MDF) categories of devices, for which these templates will be applicable.

The templates contain configuration commands and rollback commands (see Creating Rollback Commands). You can enter the configuration commands either by typing them or by importing them from a file.

You can create a new task and add one or more templates to it. You can also add templates to an existing task. You name a task when you create it, and it is saved for future use. You can copy, edit, and reuse your tasks. You can assign access privileges to tasks while or after you create them (see Assigning Tasks to Users).

You cannot add User Defined Templates to System Defined Tasks.

After you successfully create a User-defined Task, this task will appear under the User-defined Tasks group in the Task Selector of the NetConfig Job creation wizard. You can create a NetConfig job using the User-defined task. For details on the Task Selector and job creation, see Step 2 in Starting a New NetConfig Job.

For each template, you should specify all the information including the configuration commands, rollback commands (see Rolling Back Configuration Changes), mode (Config or Enable), and the device category for which these commands will be applicable.

At the time of job creation, you should ensure that the User-defined task that you have selected is applicable to the MDF categories of the devices that you have selected.

If the task that you have selected does not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane of the NetConfig job wizard, during job creation.

For example, if you have selected an CatalystOS category of device, but selected a user-defined task that is applicable to a Cable device, then the task will not appear in the Applicable Tasks pane of the job wizard and you will not be able to proceed further with the job creation. For details on the Applicable Tasks pane and job creation, see Step 7 in Starting a New NetConfig Job

---

Caution NetConfig does not validate the commands you enter in a user-defined template within a task. If you enter incorrect commands you might misconfigure or disable the devices on which jobs using the template run.

---

View the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.

---

Step 1 Select Resource Manager Essentials > Config Mgmt > NetConfig > User-defined Tasks.

The User-defined Tasks dialog box appears. If you are creating a task for the first time, the system displays a message that there are no user-defined tasks.

The User-defined Tasks dialog box has a Tasks browser in its left pane. After you create a task, the task is displayed in the Tasks browser along with its templates.

Step 2 Define or edit a User-defined task by entering the following information in the dialog box.

Area/Field/Button	Description	Usage Notes
Name	Enter name for the new task. This is a mandatory field.	To create new task from a copy of an existing task: 1. Select the name from Templates list, 2. Enter the new name. 3. Save the task. To modify a task, select it from the tasks list but do not modify its name. You can modify a task by adding or deleting templates, modifying existing templates and changing other details.
Template Name	Enter the template name. This is a mandatory field.	Template Name is provided for User Defined Tasks when you create a template for more than one device category which has different commands to execute.
Command Mode	Select mode (config or enable) in which commands will run.	Each user-defined template can run commands in one mode only. If you select Enable, enter Rollback Commands area is disabled because only config commands can be rolled back.
Parameterized	Select Parameterized if you want to create a parameterized template.	The template parameters will be picked up from a file that you specify, at the time of scheduling a job using this task. See "Parameterized Templates".
Device Type	Select device category template will configure.	You can associate any number of MDF categories with a template, if the command is applicable to them.
CLI Commands	Enter configuration commands or select the configuration commands file. The configuration commands file should reside in the default location: On Solaris: /var/adm/CSCOpx/files/rme/netconfig/cmdFiles/ On Windows: NMSROOT\files\rme\netconfig\cmdFiles Where, NMSROOT is the CiscoWorks install directory. If you want to import the configuration commands from an existing file, enter the default file location in the Import from File field. Alternatively, when you click on the Browse button, a file browser opens with the default location of the configuration commands file. You cannot change this default import directory.	To enter configuration commands, do any of the following: •Type in larger text box, one command in each line. Or •Enter enter the default file location of the configuration command files in the Import from File field. •Click Browse. A file browser opens with the default location of the configuration commands file. You cannot change this default import directory. You can also enter interactive commands and multi-line commands. See Handling Interactive Commands.
Rollback Commands	Enter configuration commands for the template to run when the job fails and the failure policy is set to the rollback option. If you want to import the rollback commands from an existing file, enter the file location in the Import from File field. The rollback commands file should reside in the default location: On Solaris: /var/adm/CSCOpx/files/rme/netconfig/cmdFiles/ On Windows: NMSROOT\files\rme\netconfig\cmdFiles Where, NMSROOT is the CiscoWorks install directory. Alternatively, when you click on the Browse button, a file browser opens with the default location of the rollback commands file. You cannot change this default import directory.	To enter rollback commands, do any of the following: •Type in larger text box, one command in each line. •Enter enter the default file location of the rollback command files in the Import from File field. •Click Browse. A file browser opens with the default location of the configuration commands file. You cannot change this default import directory.

•Click Save to save the task with the current information.

Or

•Click Delete to delete the current task from the system.

---

To cancel the user-defined task you are creating, select a command from the Jobs or Admin menu (or a corresponding button) and click Yes in the resulting dialog box.

To add a user-defined task, select Select Resource Manager Essentials > Config Mgmt > NetConfig > User-defined Tasks. The User-defined Tasks dialog box appears with no values.

To copy a user-defined task:

---

Step 1 Select the task from the Tasks browser.

The details appear in the right pane of the User-defined Tasks dialog box.

Step 2 Change the name of the Task and click Save.

---

To modify a user-defined task:

---

Step 1 Select the task from the Tasks browser.

The details appear in the right pane of the User-defined Tasks dialog box.

Step 2 Select templates associated with the task from the Task browser, and modify them

You can change details such as the command mode, parameterization option, the device type, the CLI commands or the rollback commands.

---

You can add a template or delete an existing one. When you click Save, a message appears that the task is modified.

Parameterized Templates

You can include parameterized templates within User-defined tasks. A parameterized template allows the configuration commands in the templates to contain user-defined variables.

Multiline feature of parameterized templates is not supported. However, interactive command deploy is supported.

You can select the Parameterized option when you create a User-defined task (see Creating and Editing User-defined Tasks).

If you select the Parameterized option, you should enter the actual values for the parameters in the template in a separate Parameters file (see Creating a Parameters File (XML file)) when you create a NetConfig job (see Creating and Editing User-defined Tasks). The Parameters file is the XML file that contains the parameter values.

The Parameters file should reside on the server at this location:

NMSROOT\files\rme\netconfig\cmdFiles

where NMSROOT is the RME install directory.

To create a Parameterized User-defined task and apply this in a NetConfig job:

---

Step 1 Create a User defined Task with variables embedded in the command body. For details see Creating and Editing User-defined Tasks.

For example:

You can enter the command ntp server $ntpServer in the CLI Commands text box in the User-defined Tasks dialog box. Commands

Step 2 Select the Parameterized check box in the User-defined Tasks dialog box.

Step 3 Click Save to save your User-defined Parameterized task.

Step 4 Create the Parameters file (XML file) containing the values for $ntpServer task. For details, see Creating a Parameters File (XML file).

For example:

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>mytimeserver</value>

</CMDPARAM>

</DEVICE>

Step 5 Repeat the above step in the Parameters file, for all the devices that you plan to include in the job, if each device refers to a different ntpServer.

Alternatively, you can have a global section if that variable does not change for each device. For details, see Creating a Parameters File (XML file).

Step 6 Store the Parameters file in NMSROOT\files\rme\netconfig\cmdFiles directory (where NMSROOT is the RME install directory).

Step 7 Create a NetConfig job and select your User-defined Parameterized task. For details see Starting a New NetConfig Job.

You are prompted to enter the filename while adding the task to the NetConfig job.

You can check the syntax of the text file that contains the parameters. To do this, select Check Syntax.

Step 8 Complete the job creation. For details, see Creating and Editing User-defined Tasks.

---

Creating a Parameters File (XML file)

A specific format is defined for embedding variables in User-defined tasks and the corresponding Parameters file that contains the values for the parameters.

The variables in the User-defined tasks, which you enter in the CLI Commands text area of the User-defined Tasks dialog box (see Creating and Editing User-defined Tasks), should be preceded by $.

For example, for an NTP server parameter, it should be: $ntpServer

Similarly, the Parameters file also follows a specified format.

Here is the sample format and example of the Parameters file (the XML command file that contains the values for the parameters) for a parameterized template:

<GLOBAL>

<CMDPARAM NAME = password>

<value>abc</value>

</CMDPARAM>

<CMDPARAM NAME = message>

<value>test all</value>

</CMDPARAM>

</GLOBAL>

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>ServerName</value>

</CMDPARAM>

</DEVICE>

You can assign the device-specific values to variables in the <DEVICE> area. If there are no device-specific values, the default values in the <GLOBAL> area are considered as actual values for these variables. You do not need to add a <GLOBAL> area in the Parameters file if you are referencing each device explicitly (using the <DEVICE> area for each device).

Parameters File: More Examples

This section gives more examples of the format of the text to be entered in the CLI Commands body at the time of creating a User-defined Task, and the commands to be entered in the corresponding Parameters file.

For example, you can enter these parameters while creating a User-defined task, in the CLI Commands text box:

ntp server ntpServer

ip http port portValue

ip address ipAddress

In the corresponding Parameters file, which is stored under NMSROOT\files\rme\netconfig\cmdFiles, (where NMSROOT is the RME install directory) enter:

<GLOBAL>

<CMDPARAM NAME = ntpServer>

<value>10.10.10.10</value>

</CMDPARAM>

<CMDPARAM NAME = portValue>

<value>90</value>

</CMDPARAM>

<CMDPARAM NAME = ipAddress>

<value>1.1.1.1</value>

</CMDPARAM>

</GLOBAL>

<DEVICE NAME = 10.76.38.54>

<CMDPARAM NAME = ntpServer>

<value>20.20.20.20</value>

</CMDPARAM>

<CMDPARAM NAME = portValue>

<value>55</value>

</CMDPARAM>

</DEVICE>

<DEVICE NAME = 10.77.202.229>

<CMDPARAM NAME = ntpServer>

<value>30.30.30.30</value>

</CMDPARAM>

</DEVICE>

In such a case, when the NetConfig job contains the device 10.76.38.54, the following commands are generated:

ntp server 20.20.20.20 (taken from the device-specific section of the Parameters file) 

ip http port 55 (taken from the device-specific section of the Parameters file) 

ip address 1.1.1.1 (taken from the global section of the Parameters file)

When the job contains the device 10.77.202.229, the following commands are generated:

ntp server 30.30.30.30 (taken from the device-specific section of the Parameters file) 

ip http port 90 (taken from the global section of the Parameters file) 

ip address 1.1.1.1 (taken from the global section of the Parameters file)

When the job contains any other devices, all the values are taken from the global section of the XML file, and the following commands are generated:

ip http port 55

If the value for a parameter is not found in the command file, the syntax check (in the job creation flow) displays an error.

You can enter any special character, except <, >, and $, that is accepted by the device as the value for a parameter in the command file. This is because NetConfig does not process the parameter values. NetConfig only reads the value given between ip address 1.1.1.1 and tags and generates the command. Therefore, you can enter any special character that the device accepts.

Assigning Tasks to Users

You can assign access privileges to NetConfig tasks, to users with Network Operator privileges or lesser. All other users with privileges higher than Network Operator are assigned all tasks by default.

A network administrator must assign task access privileges to other users. See Understanding NetConfig User Permissions section for details.

---

Note View the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.

---

To assign tasks to users:

---

Step 1 Select Resource Manager Essentials > Config Mgmt > NetConfig > Assigning Tasks.

The Assign Tasks dialog box appears.

Step 2 Enter the username of the user to whom you want to assign the tasks.

This should be a valid CiscoWorks user. If RME has been registered with a Cisco Secure ACS Server, then the user should be a valid ACS user.

Step 3 Select the task that you want to allocate to the user from the Available tasks list box and click Add.

You can select more than one task, by holding down the Shift key while selecting the task.

The selected tasks appear in the Selected Tasks list box.

To remove assigned tasks, select the tasks from the Selected Tasks list box and click Remove.

Step 4 Add all the required tasks to the Selected Tasks list box.

Step 5 Click Assign to assign the task access privileges to the specified user.

For a specified user, to see the assigned tasks, enter the username in the Username field and click Show Assigned.

The tasks assigned to the user appear in the Selected Tasks list box.

Step 6 Click Report to generate the User Task Report.

The User Task Report shows the list of users and the tasks assigned for each user.

---

Note By default, all the tasks are assigned to admin users. Therefore, the User Task Report will not list the users with Admin privileges.

---

---

Handling Interactive Commands

An interactive command is the input you will have to enter, following the execution of a command.

For example, on a Catalyst device, a clear counters command on a Cat 5000 will give the following output:

c5000# (enable) clear counters. This command will reset all MAC and port counters reported in CLI and SNMP. Do you want to continue (y/n) [n]?

In RME, such commands can be included in config jobs executed via NetConfig or ConfigEditor. For more details also see Editing and Deploying Configurations Using Config Editor.

You can handle interactive commands using NetConfig user-defined templates, and by using Adhoc tasks. See Using NetConfig User-defined Templates and Adhoc Tasks.

You cannot run interactive commands through NetConfig CLI.

Using NetConfig User-defined Templates and Adhoc Tasks

You can enter an interactive command in the Enter CLI Commands area, using the following syntax:

CLI Command<R>command response 1 <R>command response 2

<R> tag is case-sensitive and this must be entered in uppercase only.

Example

For a Catalyst device, a clear counters command will give the following output

ip http port 90

ip address 1.1.1.1

ntp server 10.10.10.10

ip http port 90

ip address 1.1.1.1

<value>

To accept the default value, you do not need o enter any values after the tag </value>.

Handling Multi-line Commands

You can enter multi-line commands as a part of User-defined and Adhoc tasks. The multi-line commands must be within the tag <MLTCMD> and </MLTCMD>.

These tags are case-sensitive and you must enter them only in uppercase. You cannot start this tag with a space.

Example

c5000# (enable) clear counters This command will reset all MAC and port counters reported in CLI and SNMP. Do you want to continue (y/n) [n]?"Welcome to

To clear the counter, the syntax is:

clear counters <R>y

Multi-line commands" </MLTCMD>

You can have a blank line within a multi-line command. The commands within the MLTCMD tags are considered as a single command and will be downloaded as a single command onto the device.

Using System-defined Tasks

NetConfig provides you with System-defined configuration tasks. You can create configuration commands using task GUI (see Understanding the System-defined Task User Interface (Dialog Box)).

Each task supports one or more device categories (see Table 10-4). Table 10-4 provides you with a comprehensive list of all the templates available, and a brief description of each.

•For Device based jobs, the System-defined tasks are available in the Devices and Tasks dialog box of the NetConfig job wizard.

•For Port based jobs, the System-defined tasks are available in the Port Tasks page of the NetConfig job wizard.

•For Module based jobs, the System-defined tasks are available in the Module Tasks page of the NetConfig job wizard.

All System-defined tasks are categorized into various task groups in the Tasks Selector. To select the tasks, you need to expand the corresponding task group node.

After you select the devices and the tasks, and click Next (see Starting a New NetConfig Job), the selected tasks appear in the Applicable Tasks pane of the Add Tasks dialog box (in the Job wizard).

When you select an applicable task and then click Add Instance, a dialog box opens for the selected system-defined configuration task.

This is a dynamic user interface. The task dialog box displays parameters based on your device selection in the Device Selector.

For example, if you have selected IOS devices, you will be able to specify IOS parameters in this dialog box. If not, this section will not be available to you.

When you enter information in the fields of the task and click Save, the task appears as a numbered instance in the Added Instances pane of the Add Tasks dialog box.

For the detailed procedure, and also for information on how to edit the task instances, view CLI, or delete the instances, see Starting a New NetConfig Job.

You can add multiple instances of a configuration task to a job by selecting an applicable task, adding information and saving the information each time. However, you can include only one instance of a task in a job.

Each System-defined task also creates rollback commands that you can use to roll back the changes to devices if the job fails.

•View the Permission Report (Common Services > Server > Reports) to check whether you have the required privileges to perform this task.

•If you use TFTP protocol to deploy NetConfig templates to devices, the DCR does not reflect the updates.

Table 10-4 NetConfig System-Defined Tasks Supported by the RME 4.3 Device Categories

Task Group	Task	Description	IOS	CatOS	CSS	CE	NAM	PIX	Cable
General	Adhoc (See Adhoc Task.)	Enter any configuration commands as required.	Yes	Yes	Yes	Yes	Yes	Yes	Yes
	Authentication Proxy (See Authentication Proxy Task.)	Configure Authentication Proxy.	Yes	-	-		-	-	Yes
	Banner (See Banner Task.)	Add, remove, or edit banners.	Yes	Yes	-		-	-	Yes
	CDP (See CDP Task.)	Configure Cisco Discovery Protocol (CDP).	Yes	Yes	-	Yes	-	-	Yes
	DNS (See DNS Task.)	Configure DNS.	Yes	Yes	Yes	Yes	Yes	-	Yes
	HTTP Server (See HTTP Server Task.)	Configure HTTP access on VPN devices.	Yes	Yes	-	-	-		Yes
	IGMP1 (See IGMP Configuration Task.)	Configure IGMP of selected cable interfaces.	-	-	-	-	-	-	Yes
	IKE Configuration2 (See Internet Key Exchange (IKE) Configuration Task.)	Configure IP security (IPSec).	Yes	-	-	-	-	Yes	Yes
	Interface IP Address (See Interface IP Address Configuration Task.)	Configure IP interface address of selected interface.	-	-	-	-	-	-	Yes
	NTP Server (See NTP Server Configuration Task.)	Configure Network Time Protocol (NTP).	Yes	Yes	Yes	Yes	-	-	Yes
	RCP (See RCP Configuration Task.)	Configure rcp	Yes	-	-	-	-	-	Yes
	Reload (See Reload Task.)	Reload devices	Yes	-	-	Yes	Yes	-	Yes
	Smart Call Home (See Smart Call Home Task.)	Register devices with Cisco Smart Call Home	Yes	-	-	-	-	-	-
	Syslog (See Syslog Task.)	Configure Syslog message logging.	Yes	Yes	Yes	Yes	-	Yes	Yes
	Transform Set (See Transform System-Defined Task.)	Configure IPSec.	Yes	-	-	-	-	Yes	Yes
	User Defined Protocol (See Use-defined Protocol Task.)	Configure the User-defined protocol on NAM devices.	-	-	-	-	Yes	-	-
	Web User (See Web User Task.)	Configure the web user for NAM devices	-	-	-	-	Yes	-	-
Cable	Cable BPI/BPI+ (See Cable BPI/BPI+ Task.)	Assign self-signed certificate, configure cable interface, and set BPI/BPI+ options.	-	-	-	-	-	-	Yes
	Cable DHCP-GiAddr and Helper1 (See Cable DHCP-GiAddr and Helper Task.)	Configure DCHP-GiAddr and Helper Address of the selected cable interface.	-	-	-	-	-	-	Yes
	Cable Downstream1 (See Cable Downstream Task.)	Activate/Deactivate DS Ports, Interleave Depth, MPEG Framing Format, Modulations, Channel ID and Frequency of the selected cable interfaces.	-	-	-	-	-	-	Yes
	Cable Interface Bundling1 (See Cable Interface Bundling Task.)	Configure Interface Bundling on selected cable interface.	-	-	-	-	-	-	Yes
	Cable Spectrum Management (See Cable Spectrum Management Task.)	Assign Spectrum Groups and Interfaces on a selected cable interface.	-	-	-	-	-	-	Yes
	Cable Trap Source (See Cable Trap Source Task.)	Configure SNMP Traps hosts, notification, message and notification of SNMP Traps on a cable interface.	-	-	-	-	-	-	Yes
	Cable Upstream1 (See Cable Upstream Task.)	Activate and configure upstream on selected cable interfaces.	-	-	-	-	-	-	Yes
Credential	Enable Password (See Enable Password Task.)	Configure, or change enable or secret password to enter in the enable mode on devices.	Yes	Yes	-	-	-	Yes	Yes
	Local Username (See Local Username Task.)	Configure local username and password authentication on devices.	Yes	-	Yes	-	-	-	Yes
	SSH (See SSH Configuration Task.)	Configure SSH.	Yes	-	Yes	Yes	Yes		Yes
	Telnet Password (See Telnet Password Configuration Task.)	Add, remove, and edit Telnet passwords.	Yes	Yes	-	-	-	Yes	Yes
Encryption	Certification Authority2 (See Certification Authority Task.)	Create, or modify Certification Authority. Provides manageability and scalability for IP security (IPSec) standards on VPN devices.	Yes	-	-		-	-	Yes
	CryptoMap2 (See Crypto Map Task.)	Configure IPSec.	Yes	-	-	-	-	Yes	Yes
EEM	Embedded Event Manager (See Embedded Event Manager Task)	Configure EEM Scripts or Applets on the devices	Yes	-	-	-	-	-	-
	EEM Environmental Variables (See EEM Environmental Variables Task)	Configure EEM Environmental Variables on the devices	Yes	-	-	-	-	-	-
GOLD	GOLD Boot Level (See GOLD Boot Level Task)	Configure Boot Level Diagnositc tests on the devices	Yes	-	-	-	-	-	-
	GOLD Monitoring Test (See GOLD Monitoring Test Task.)	Configure GOLD Monitoring tests on devices	Yes	-	-	-	-	-	-
SNMP	SNMP Community (See SNMP Community Configuration Task.)	Add, remove, and edit SNMP community strings	Yes	Yes	Yes	Yes	Yes	Yes	Yes
	SNMP Security (See SNMP Security Configuration Task.)	Configure SNMP Security feature on devices.	Yes	-	-	Yes	-	-	Yes
	SNMP Traps Management (See SNMP Traps Configuration Task.)	Configure SNMP traps.	Yes	Yes	Yes	Yes	Yes	Yes	Yes
Port Macros	Auto Smartports (See Auto Smartports.)	Configure Auto Smartport macros on devices.	Yes	-	-	-	-	-	-
TACACS	TACACS (See TACACS Configuration Task.)	Configure TACACS authentication.	Yes	-	-		-	-	Yes
	TACACS+ (See TACACS+ Configuration Task.)	Configure TACACS+ authentication	Yes	Yes	-	Yes	Yes	-	Yes
	Radius Server (See RADIUS Server Configuration Task.)	Configure RADIUS server and task.	Yes	-	Yes	Yes	-	-	Yes
User-defined Tasks		Lists all user-defined tasks

1 At a time, you can apply this task only to a single device, because cable templates configure interfaces on devices. 2 You must follow this sequence to complete the configuration of the IPSec on devices: 2 a. IKE configuration system-defined task. 2 b. Transform system-defined task. 2 c. Crypto Map system-defined task.

Understanding the System-defined Task User Interface (Dialog Box)

NetConfig tasks support devices in the following device categories:

•IOS

•Catalyst OS

•Content Engine

•CSS

•NAM

•PIX OS

•Cable

Each of the system-defined tasks have their own dynamic user interface, or dialog box, that displays fields for a specified category of devices only if you have selected that category of device.

The dialog boxes for system-defined tasks may have these groups, links, and buttons:

•Common Parameters—This group of fields appears at the top of the task dialog box. In the fields under this group, you can enter the parameters that are common to all the categories of devices that you have selected.

•Device Category-specific Parameters—This group of fields is specific to a device category. If, for a specified device category, only the common parameters are applicable, this message appears in the user interface:

No Category-specific Commands

•Applicable Devices—This link is available in the device category-specific group of fields and enables you to view the devices in your selection, to which the device-specific parameters apply.

•Buttons in the system-defined tasks interface:

Button	Action
Save	Saves the information that you have entered in the fields in the task dialog box.
Reset	Clears all the fields.
Cancel	Cancels your changes, and closes the task dialog box.

For the cable devices, you can apply a task only to a single device at a time, because cable templates configure interfaces on devices.

Also, for the cable tasks to work correctly, you must have valid SNMP credentials in Device and Credential Repository (DCR). See Adding and Troubleshooting Devices Using Device Management for more information on setting valid SNMP credentials.

Therefore, if you have selected more than one cable device and selected tasks for them, the task may not appear in the Applicable Tasks pane of the Add Tasks dialog box. For the tasks that are applicable to cable devices, see Table 10-4.

Understanding the NetConfig Credentials Configuration Tasks

NetConfig provides for tasks to configure credentials on devices. These tasks are:

•Enable Password (See Enable Password Task.)

•Local Username (See Local Username Task.)

•Radius Server (See RADIUS Server Configuration Task.)

•TACACS TACACS Configuration Task

•TACACS+ (See TACACS+ Configuration Task.)

•SNMP Community (See SNMP Community Configuration Task.)

•SNMP Security (See SNMP Security Configuration Task.)

The credential store allows only one set of login credentials per device - Primary username and primary password, irrespective of the authentication type.

Hence, this imposes certain limitations on the NetConfig templates, especially, when you are configuring/modifying the authentication method on the device.

To overcome this, an option to specifically update the credential store is provided in the credential tasks. The credential store is updated only when this option is chosen with the values specified.

The usage of NetConfig credentials tasks to configure the credentials on a device should be based on the active credentials (e.g. Telnet, TACACS, etc.) in the device. For example if the device is configured with TACACS+, you should use only TACACS+ template to configure the credentials.

Example

When you remove the TACACS+ authentication for the device, the device reverts to the authentication method that was earlier configured on it. For example, the local username.

However, RME is unaware of the fallback authentication method, and the respective credentials. If Device and Credential Repository is not updated with the right credentials, the subsequent device operations from RME will fail.

In this case, you should select the option to update the local credential store and specify the local username credentials. When the job runs, NetConfig updates Device and Credential Repository with this set of credentials, so that for subsequent devices, access from RME will be successful.

Adhoc Task

You can use the Adhoc system-defined task to add configuration commands to a job, during job definition.

You cannot save an instance of an Adhoc task, for future use. If you need to reuse a template that provides capabilities unavailable from the system-defined tasks, you can create a user-defined tasks (see Creating and Editing User-defined Tasks).

---

Caution NetConfig does not validate commands you enter in the Adhoc task. If you enter incorrect commands, you might misconfigure or disable devices on which jobs that use the task run.

---

Groups for each of device categories that you have selected, appear in the Adhoc Configuration dialog box. To invoke the Adhoc Configuration dialog box, see Starting a New NetConfig Job.

You can enter configuration and rollback commands for these device categories:

•IOS (including Cable devices)

•Catalyst OS

•Content Engine

•CSS

•NAM

•PIX OS

For more details, see Table 10-4.

---

Note As Cable devices fall under the IOS category, you can enter adhoc commands in the IOS group of fields in the Adhoc Configuration dialog box.

---

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Adhoc Configuration dialog box are:

Group	Field	Description
Commands	CLI Command	Enter configuration commands. You can also enter interactive commands (see Handling Interactive Commands) and multi-line commands see Handling Multi-line Commands).
	Rollback Command	Enter rollback commands.
Command Mode	Config or Enable	Select the mode (config or enable) in which the task configuration commands will run. If you have selected Catalyst OS, or NAM devices, then the enable mode is preselected, and you do not have the option to select the config mode. The Command Mode group is not available for the Adhoc Task selected in the Port Based flow of the NetConfig job.

If you enter any credential command in the CLI Commands or Rollback Commands fields, then those credentials will be masked in the job work order and the job results page.

For example, the command, snmp-server community public ro will be displayed as snmp-server community ***** ro.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Authentication Proxy Task

The Authentication Proxy feature helps users to log into the network or access the Internet using HTTP. Their specific profiles are automatically retrieved and applied from a CiscoSecure ACS, or other RADIUS, or TACACS+ authentication server.

The Cisco Secure Integrated Software authentication proxy feature allows network administrators to apply specific security policies on a user to user basis. You can use the Authentication Proxy system-define, configuration Task on IOS devices which have been configured for VPN functionality.

The IOS category of devices (including Cable devices) are supported by this task.

For more details, see Table 10-4.

You can enter the details of this task in the Authentication Proxy Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Authentication Proxy Configuration dialog box are:

Group	Sub-Group	Field	Description
IOS Parameters	Authorization (AAA)	Action	Select the required option to enable, disable or make no change to the authorization configuration.
		Method 1	Select either tacacs+ or radius as your first method of authorization.
		Method 2	Select either tacacs+ or radius as your second method of authorization, based on your selection in the first method
	Cache Timeout	Minutes (1-2147483647)	Timeout value. The default timeout value can be in the range of 1 and 2,147,483,647.
		Set to default	Select this to set the default cache timeout value of 60 seconds.
	Banner	Action	Select Enable or Disable to set or reset Banner display in the login page. •If you select Enable, the router name is displayed in the login page. •If you select Disable, then the router name is not displayed. If you do not want to make any changes to the banner, select No Change.
		Banner Text (Optional)	Enter the text that you want displayed in the banner. If you enter the banner text, then this text is displayed instead of the router name in the login page. This is an optional field.
	Authentication Proxy Rule	Action	Select Enable or Disable an authentication proxy rule. •If you select Enable, a named authentication proxy rule is created and associated with access list. •If you select Disable, the associated proxy rule is removed. Select No Change if you do not want to make changes to the Authentication Proxy Rule group of fields.
		Name	Enter a name for the authentication proxy rule. The name can be up to 16 alphanumeric characters.
		Overriding Timeout [optional(1-2147483647)]:	Enter a timeout value to override the default cache timeout. This is an optional field. The overriding timeout value should be in the range of 1 and 2,147,483,647.
		ACL Number/Name [optional]:	Enter a Standard Access list to be used with the Authentication proxy. This is an optional field.
	New Model	Action	Select to enable, disable, or make no change to new model state.

Click on Applicable Devices to view the devices in your selection, to which this task applies.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the numeric To accept the default, the syntaxes are: or clear counters <R>nn, where n is a number between 1 and 9, then this is a VPN image.

For example, or is a VPN image, since it contains the number clear counters <R>.

Banner Task

You can use the Banner system-defined, configuration task to change banners on devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Catalyst OS

For more details, see Table 10-4.

You can enter the details of this task in the Banner Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Banner Configuration dialog box are:

Group	Sub Group	Field	Description
Common Parameters	Motd Banner	Action	Select the appropriate option to add or remove a message of the day banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.
		Message	Enter message, if you selected Add in Action field.
IOS Parameters	Exec Banner	Action	Select the appropriate option to add or remove an Exec banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.
		Message	Enter message, if you selected Add in Action field.
	Incoming Banner	Action	Select the appropriate option to add or remove an Incoming banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.
		Message	Enter message, if you selected Add in Action field.
	Login Banner	Action	Select the appropriate option to add or remove a Login banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.
		Message	Enter message, if you selected Add in Action field.
	Slip-PPP Banner	Action	Select the appropriate option to add or remove a Slip/PPP banner. Select No Change, if you are modifying an existing task, and you do not want to change the value in this field.
		Message	Enter message, if you selected Add in Action field.
CatOS Parameters	No category-specific commands.	-	This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

CDP Task

You can use the CDP system-defined task to configure Cisco Discovery Protocol (CDP) on devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Catalyst OS

•Content Engine

For more details, see Table 10-4.

You can enter the details of this task in the CDP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the CDP Configuration dialog box are:

Group	Sub Group	Field	Description
Common Parameters	Run	Action	Select to enable, disable, or make no change to the CDP state.
	Hold Time	Seconds (10-255)	Enter holdtime in seconds. The CDP holdtime specifies how much time can pass between CDP messages from neighboring devices before the device is no longer considered connected and the neighboring entry is aged out. Value must be greater than value in Update Time field.
		Set to Default	Select this for the default hold time of 60 seconds
	Update Time	Seconds (5-254)	Enter time between CDP updates, in seconds. Value must be less than value in Hold Time field.
		Set to Default	Select this for the default update time of 60 seconds
	CDP Version	Run	Select the CDP Version (CDPv1 or CDPv2. CDP version 2 is the default value. If you are modifying the CDP Task and you do not want to change this field, select No Change.
IOS Parameters	No category-specific commands.	-	This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.
CatOS Parameters	Mod/Ports	Mod/Ports (Ex:2/1-12,3/5)	Enter modules and ports on which to enable or disable CDP. You can enter a single module and port or a range of ports, for example, 2/1-12,3/5-12.
		All mod/ports	Select to enable or disable CDP in all ports in all modules.
	CDP Format	Format	The options are: •No Change (Does not allow you to make any modifications to the specified CDP format.) •MAC •Other Select the required option.
CE Parameters	No category-specific commands.	-	This device category does not have any device-category-specific commands. Use the Common Parameters group to assign the values.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Certification Authority Task

You can use the Certification Authority (CA) system-defined configuration task to provide manageability and scalability for IP Security (IPSec) standards. The Certification Authority task can be used only on IOS devices configured for VPN functionality.

This task is applicable to IOS devices (including Cable devices).

For more details, see Table 10-4.

You can enter the details of this task in the Certification Authority Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For this task to work correctly, you must use any CLI-based protocol (Telnet or SSH) as the download protocol.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Certification Authority Configuration dialog box are:

Group	Sub-Group	Field	Description
IOS Parameters	Declare CA	Action	Select Enable or Disable to activate/deactivate Certification Authority (CA). •If you select Enable you can create or modify CA. •If you select Disable, you can delete the CA. Select No Change, to leave the CA Name unchanged.
		CA Name	Enter the CA name. This name is used to identify the certification authority to be configured. This name is the CA domain name.
	Enrollment URL	Action	•Select Enable to allow router to connect to the CA, using the URL specified in the Value field. •Select Disable, if you do not want to connect to the CA. •Select No Change to leave the Enrollment URL field unchanged.
		Value	Enter the URL of the CA. The URL should include any available non-standard cgi-bin script location.
	Enrollment Mode	Action	•Select Enable if the CA provides a Registration Authority (RA). •Select Disable to disable the specified LDAP Server. •Select No Change to leave the Enrollment Mode field unchanged.
		LDAP Server	Enter the LDAP server of the CA, if your CA system provides an RA. LDAP server contains the location of CRLs (certification revocation lists) and certificates.
	Enrollment Retry Period	Minutes [1- 60]	Enter the wait period between certification request retries. The wait period is between 1 to 60.
		Set to Default	Select this option to set the default wait period to 1 minute.
	Enrollment Retry Count	Number [1- 100]	Enter the certification request retry number. The retry number must be between 1 and 100.
		Set to Default	Select this option to set the default retry period to 1 minute.
	CRL Optional	Action	Select Enable to bypass the Certificate Revocation List. If you select Disable, Certificate Revocation list is checked.
	Certificate Query	Action	Select an option to enable, disable or make no change to certificate query. •If you select Enable, certificate query will be added to all trust points on the router. •If you select Disable, the certificate will not be queried.
	RSA Key pairs	Action	Select an option to generate, delete or make no change to the RSA key pairs. This feature allows you to configure a Cisco IOS router to have multiple key pairs. Thus, the Cisco IOS software can maintain a different key pair for each identity certificate.
		Key Type	Specify the key type: •General Purpose—To generate a general purpose key pair that is used for both encryption and signature. •Usage—To generate separate usage key pairs for encrypting and signing documents.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the numeric <R> or <MLTCMD> banner login n, where n is a number between 1 and 9, then this is a VPN image.

For example, CiscoWorks Resource Manager is a VPN image, since it contains the number Essentials - you are using.

Crypto Map Task

You can use the Crypto Map Server system-define task to configure IPSec on devices.

---

Note You must configure the IKE configuration system-defined task (see Internet Key Exchange (IKE) Configuration Task) and Transform system-defined task (see Transform System-Defined Task) before configuring the Crypto Map system-defined task.

---

The following device categories are supported by this task:

•IOS (including Cable devices)

•PIX OS

For more details, see Table 10-4.

You can enter the details of this task in the Crypto Map Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Crypto Map Configuration dialog box are:

Group	Sub-Group	Field	Descriptions
IOS Parameters	Configuration	Action	Select an option to add, remove, or make no change to the IOS configuration.
		Map Name	Enter the name for the Crypto Map.
		Map Number	Enter the number for the Crypto Map. The value must be between 1-65535.
		Map Type	Select the map type (manual or isakmp) for the Crypto Map.
		Map Description	Enter the description for the Crypto Map.
		Crypto ACL	Enter the extended access list for Crypto Map.
		IPSec Peer	Enter the IPSec peer to be associated with the Crypto Map.
		Transform Set name	Enter the transform set name to be used with the Crypto Map.
PIX Parameters	Configuration	Action	Select an option to add, remove, or make no change to the PIX configuration.
		Map Name	Enter the name for the Crypto Map.
		Map Number	Enter the number for the Crypto Map. Value must be between 1-65535.
		Map Type	Select the type (manual or isakmp) for the Crypto Map.
		Crypto ACL	Enter the extended access list for Crypto Map.
		IPSec Peer	Enter the IPSec peer to be associated with the Crypto Map.
		Transform Set name	Enter the transform set name to be used with the Crypto Map.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

DNS Task

You can use the DNS system-defined task to configure DNS (Domain Name Server) on devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Catalyst OS

•Content Engine

•CSS

•NAM

•PIX OS

For more details, see Table 10-4.

You can enter the details of this task in the DNS Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the DNS Configuration dialog box are:

Group	Sub-Group	Field	Description
Common Parameters	DNS Server	Add	Enter the IP addresses of DNS name server(s) that you want to add. Separate multiple addresses with commas. If the device accepts only one DNS server, then the first address will be considered.
		Remove	Enter the IP addresses of DNS name server(s) that you want to remove. Separate multiple addresses with commas.
	Domain Name	Name	Enter the domain names to complete unqualified hostnames. If a device has a domain list enabled, it will be used to complete unqualified hostnames instead of the domain name. Separate multiple addresses with commas. If the device accepts only one domain name, then the first entry will be considered.
		Remove	Select this option to remove the domain names.
IOS Parameters		Domain Lookup	Select to enable or disable IP DNS-based hostname-to-address translation.
		CLNS NSAP	Select to enable or disable or make no change to the CLNS NSAP option. If this option is enabled, any packet with the specified CLNS NSAP prefix causes CLNS (Connectionless Network Service) protocol to behave as if no route were found.
		OSPF	Select to enable or disable or make no change to the OSPF (Open Shortest Path First) protocol option.
	Domain List	Action	Select an option to add, remove, or make no change to the domain list.
		Domain List	Enter domain names to complete unqualified hostnames, or add to the existing list. Separate multiple domain names with commas. Do not include an initial period before domain names.
CatOS Parameters		1st Server Primary	Select to make DNS name server entered in Add field, the default or the primary name server.
		Domain Lookup	Select an option to enable, disable, or make no change to the domain lookup.
Content Engine Parameters		Serial Lookup	Select an option to enable, disable, or make no change to the serial lookup.
CSS Parameters	Secondary DNS Server	Add (Hostname or IP Address)	Enter the hostname or an IP address of a secondary server, that you want to add. A maximum of two IP addresses are allowed. The order in which you enter them is the order in which they are used if the primary DNS server fails. Separate multiple addresses with a comma.
		Remove (Hostname or IP Address)	Enter a hostname or an IP address of a secondary server, that you want to remove. A maximum of two IP addresses are allowed. Separate multiple addresses with a comma
NAM Parameters		Disable Nameservers	Select to disable domain name servers.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Enable Password Task

You can use the Enable Password system-defined, configuration task to change the enable and secret passwords, which allow users to enter the enable mode on devices.

When you enable or disable an enable password, the change is made on the device and in Device and Credential Repository.

---

Note If you disable the enable password on a device, you cannot enter the enable mode on that device unless you previously enabled an alternative type of enable mode authentication.

---

The following device categories are supported by this task:

•IOS (including Cable devices)

•Catalyst OS

•PIX OS

For more details, see Table 10-4.

You can enter the details of this task in the Enable Password Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

---

Note If you change the enable password on a Catalyst device with an RSM module using this task, the RSM enable password is also changed.

---

The fields in the Enable Password Configuration dialog box are:

Group	Sub-group	Field	Description
Common Parameters	Setup	Action	Select an option to enable, disable or make no change to the enable password.
		Password	Enter the enable password.
		Verify	Re-enter the password.
IOS Parameters	Password	Level (1-15)	Set the Enable Password level. The level can be between 1 and 15. 15 is the default level. For an IOS device, it is not advised to disable both Enable Password and Enable Secret password. This is because the IOS device will not allow you to go into the Enable mode of the device. You can do this only if you have the console password for the device. If you have selected Enable Password as No Change in the Common Parameters pane, and selected Disable for Enable Secret in the IOS Parameters pane, then Enable Secret Password is updated in the Device and Credentials database. If you have selected Enable Password as Disable in the Common Parameters pane, and selected No Change for Enable Secret in the IOS Parameters pane, then Enable Password is updated in the Device and Credentials database.
		Encrypted	Select this option to encrypt the password.
		Update RME Credentials	Select this to update RME credentials. For details see Understanding the NetConfig Credentials Configuration Tasks
	Secret	Action	Select an option to enable, disable or make no change to the secret password.s
		Secret	Enter the secret password.
		Verify	Re-enter the password.
		Level (1-15)	Set the password level. The level can be between 1 and 15. 15 is the default level.
		Encrypted	Select this option to encrypt the password.
CatOS Parameters	Password	Apply Command on Modules	Select to apply the command on the modules. If you have selected Disable as the action in the Common Parameters group, then the password will be removed.
PIX Parameters		Level(0-15)	Set the password level. The level can be between 0 and 15. 15 is the default level.
		Encrypted (Password should be 16 characters)	Select this option if the password you are entering is already encrypted. If you select this option ensure that your password is 16 characters.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

HTTP Server Task

You can use HTTP Sever to configure HTTP access on IOS devices which have been configured for VPN functionality.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Catalyst OS

For more details, see Table 10-4.

You can enter the details of this task in the HTTP Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the HTTP Server Configuration dialog box are:

Group	Sub-group	Field	Description
Common Parameters	Server	Action	Select an option to enable, disable or make no change to the HTTP access on the device.
	Port	Number [0-65535]	Specify the HTTP server port number.
		Set to Default	Select this option to set the default port (80).
IOS Parameters	Authentication	Action	Select an option to enable, disable or make no change to the authentication method.
		Method	Select an authentication method: •aaa •enable •local •tacacs
	Access List	Action	Select an option to enable, disable or make no change to the access list.
		ACL Number/Name	Enter the Access Control List number or name to be used. The access list number must be between 1 to 99.
CatOS Parameters			No category-specific commands.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

You will lose Telnet access to the device if you configure HTTP Server. The Device may require TACACS/RADIUS/Local username and password after configuring HTTP Server. You should make sure that the device has the appropriate login configured. The username and password has to be stored in the RME Database.

IOS Devices with VPN Images

You can determine VPN images from the naming convention used for IOS images. The naming convention follows xxxx-yyyy-ww format.

Where, xxxx represents platform, yyyy represents features and ww represents format. If the middle value (yyyy) contains, the numeric No Category-specific Commands or 56n, where n is a number between 1 and 9, then this is a VPN image.

For example, K is a VPN image, since it contains the number C7100-IS56I-M

Local Username Task

You can use the Local Username system-defined task configure local username and password authentication on devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•CSS

For more details, see Table 10-4.

You can enter the details of this task in the Local Username Task Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Local Username Task Configuration dialog box are:

Group	Sub-Group	Field	Description
Common Parameters	Local User Setup	Action	Select an option to add, remove or make no change to the local username setup.
		Username	Enter the local username.
		Password	Enter local username password.
		Verify	Re-enter the password.
IOS Parameters	Local User Setup	Privilege Level [0-15]	Set the required privilege level.
Local User Setup		Privilege Level [0-15]	Set the required privilege level.
		No HangUp	Select this option to enable No Hang Up mode.
		No Escape	Select this option to enable No Escape mode.
Local User Login Authentication		Action	Select to enable, disable or make no change to the local user authentication group of fields.
	Local Username Credentials (Update RME creds)	Username	Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.
		Password	Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.
		Verify	Values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.
CSS Parameters			For CSS devices: •The username length should be between 1 and 16 characters. •The local password length be between 6 and 16 characters. •The DES-Encrypted password length should be between 6 and 64 characters.
Local User Setup		SuperUser	Select this option to designate the local user as superuser.
		Password Type	Select the password type from these options: •Local •Encrypted •DES_Encrypted
Directory Access		Configure Directory Access	Select this option if you want to configure directory access. Defines the CSS directory access levels. By default, CSS assigns users with read and write access to the directories. Changing the access level also affects the use of the CLI commands associated with the directories.
	Directories	Script	Select the required access option to the Script directory: •No Access •Read And Write •Read •Write
		Log	Select the required access option to the Log directory: •No Access •Read And Write •Read •Write
		Root	Select the required access option to the Root directory: •No Access •Read And Write •Read •Write
		Archive	Select the required access option to the Archive directory: •No Access •Read And Write •Read •Write
		Release Root	Select the required access option to the Release Root directory: •No Access •Read And Write •Read •Write
		Core	Select the required access option to the Core directory: •No Access •Read And Write •Read •Write
		MIB	Select the required access option to the MIB directory: •No Access •Read And Write •Read •Write

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

IGMP Configuration Task

You can use this task to configure the Internet Group Management Protocol (IGMP) on a cable interface.

---

Note You can apply this task only on a single IOS device at a time. For details, see Table 10-4.

---

You can enter the details of this task in the IGMP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the IGMP Configuration dialog box are:

Group	Sub-group	Field	Description
IOS Parameters
IGMP Configuration	Interface	Interfaces	Select the required option to specify the interface to be configured for IGMP, or to make no change to the existing interface selection: •Not Selected •FastEthernet0/0 •FastEthernet0/ •Cable1/0
		Action	Select the required option to enable, disable, or make no change to the Interface sub-group of fields.
		PIM Mode	Select the required PIM mode option. Select No Change to retain any previous mode selection: •No Change •dense-mode •sparse-mode •sparse-dense-mode
IGMP Parameters		Action	Select the required option to replace the values in, or to make no change to the IGMP Parameters group of fields.
		IGMP Version	Select the required IGMP version from the supported versions: •1 •2 •3
		Last Memory Query Interval [100-25500 in msec]	Enter the time interval between the IGMP specific messages sent by the router. Enter the last memory query interval in seconds. You can enter an interval between 100—25500 milliseconds. The default is 1000 milliseconds.
		Query Maximum Response Time[1-25 in sec]	Enter the maximum response time advertised in the IGMP queries. This option is enabled when IGMP version 2 is configured. You can enter a response time between 1—25 seconds. The default is 10 seconds.
		Query Interval [1-65535 in sec]	Indicates a time interval when the Cisco IOS software sends IGMP host queries. Enter a query interval between 1—65535 seconds. The default is 60 seconds.
		Query Timeout [60-300 in sec]	Indicates the timeout period when the router takes over as a querier of an interface after the previous querier stopped querying. You can enter a value between 60—300 seconds. The default is 2* Query Interval second.
		Helper Address (Should be in IP address format)	Indicates the IP address that will receive all IGMP host reports and where you can leave messages. This option is enabled when IGMP version 2 is configured. Enter the Helper Address in the IP Address format.
Group Configuration		Action	Select the required option to add values to, or to make no change to the Group Configuration group of fields.
		ACL to control joining of Multicast Group	Allows you to control the multicast groups. You can enter either the IP access list name or number. The valid range is between 1 - 99.
		Join Group Multicast Address (multiple addresses should be separated by commas)	Adds Join Group Multicast Address to the Multicast Address table. Enter the addresses, separated by commas.
		Static Group Multicast Address (multiple addresses should be separated by comma)	Adds Static Group Multicast Address to the Multicast Address table. Enter the addresses, separated by commas.
		Populate for all Groups	Allows you to apply the configuration to all groups.

Click on Applicable Devices to view the devices in your selection, to which this task applies.

For more information regarding the IP addresses and IP multicast addresses refer to:

•http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.html

•http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/prod_command_reference_list.html

Interface IP Address Configuration Task

You can use this task to configure the IP address of a cable interface.

---

Note You can apply this task only on a single IOS device at a time. For details, see Table 10-4.

---

You can enter the details of this task in the Interface IP Address Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Interface IP Address Configuration dialog box are:

Group	Sub-group	Field	Description
Cable Parameters
Interface IP Configuration		Cable Interface	Select the required cable interface for configuring the IP address, or select Not Selected to make no change to any previous selection: •Not Selected •FastEthernet0/0 •FastEthernet0/1 •Cable1/0
		Action	Select the required action: •No Change—Makes no change to the IP Addresses •Replace—Replaces the IP Addresses •Remove Primary—Removes the primary IP Address. •Remove Secondary—Removes the secondary IP Address. •Remove All—Removes both primary and secondary IP Addresses.
	IPAddress	Primary	Enter the primary IP address.
		Secondary	Enter the secondary IP address.
	Subnet Mask	Primary	Enter the primary subnet mask.
		Secondary	Enter the secondary subnet mask.

---

Note The values for interfaces are as returned by device.

---

Click on Applicable Devices to view the devices in your selection, to which this task applies.

Internet Key Exchange (IKE) Configuration Task

Use the Internet Key Exchange (IKE) Configuration System task to configure IPSec on devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•PIX OS

For more details, see Table 10-4.

You can enter the details of this task in the IKE Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group	Sub-group	Field	Description
IOS Parameters
ISAKMP		Action	Select to enable, disable, or make no change to ISAKMP.
ISAKMP Policy	ISAKMP Policy Priority	Action	Select to add, remove, or make no change to ISAKMP policy priority.
		Priority [1-10000]	Enter the policy priority number Value must be between 1—10000.
	Encryption	Action	Select to enable, disable, or make no change to encryption type.
		Type	Select the type of encryption for the policy: •3des •des
	Hash	Action	Select to enable, disable, or make no change to the hash algorithm.
		Algorithm	Select the type of hash algorithm: •sha •md5
	Authentication	Action	Select to enable, disable, or make no change to the authentication method.
		Method	Select the type of authentication method: •rsa-sig •rsa-encr •pre-share
	Group	Action	Select to enable, disable, or make no change to the Diffie-Hellman group identifier group.
		Value	Enter the Diffie-Hellman group identifier. Value must be 1 or 2.
	Lifetime	Action	Select to enable, disable, or make no change to the lifetime value.
		Seconds [60-86400]	Enter the lifetime value in seconds. Value must be between 60—86400 seconds.
PIX Parameters
ISAKMP		Action	Select to enable, disable, or make no change to ISAKMP.
		Interface	Select the interface: •Inside •Outside
ISAKMP Policy	ISAKMP Policy Priority	Action	Select to add, remove, or make no change to ISAKMP policy priority.
		Priority [1-65534]	Enter the policy priority number Value must be between 1—10000.
	Encryption	Action	Select to enable, disable, or make no change to encryption type.
		Type:	Select the type of encryption: •aes •aes-192 •aes-256 •des •3des
	Hash	Action	Select to enable, disable, or make no change to the hash algorithm.
		Algorithm	Select type of hash algorithm: •sha •md5
	Authentication	Action	Select to enable, disable, or make no change to the authentication method.
		Method	Select the type of authentication method: •rsa-sig •pre-share
	Group	Action	Select to enable, disable, or make no change to the Diffie-Hellman group identifier group.
		Value	Enter the Diffie-Hellman group identifier. Value must be 1, 2 or 5.
	Lifetime	Action	Select to enable, disable, or make no change to the lifetime value.
		Seconds [120-86400]	Enter the lifetime in seconds. Value must be between 120—86400 seconds.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

NTP Server Configuration Task

You can use the NTP Server system-defined task to configure Network Time Protocol (NTP) on devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Catalyst OS

•CSS

•CE

For more details, see Table 10-4.

You can enter the details of this task in the NTP Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group	Sub-group	Field	Description
Common Parameters	NTP Server	Action	Select to add, remove, or make no change to Network Time Protocol.
		Host Name/IP Address	Enter IP address of NTP server to which devices will send time-of day requests.
IOS Parameters	NTP Server	Server Type	Select the required server type.
		Version	Select the server version.
		Server Key (0-4294967295)	Enter the NTP server Key. The value must be between 0—4294967295.
		Verify Server Key	Re-enter the Key to confirm.
		Source Interface (Interface Name)	Enter the source interface name.
		Preferred	Select an option to specify whether it is a preferred interface.
	NTP Authentication Key	Action	Select to add, remove, or make no change to the NTP authentication Key.
		Number [1 to 4294967295]	Enter the number of Key bits. The value must be between 1 to 4294967295 Key bits.
		Verify Number	Re-enter the number to confirm.
		MD5 Number (Max 8 chars)	Enter the MD5 number. It should be a maximum of 8 characters.
	NTP Authentication	NTP Authentication	Select to enable, disable, or make no change to NTP authentication.
	NTP Calendar	Action	Select to add, remove, or make no change to the NTP calendar.
	NTP Access Group	Action	Select to add, remove, or make no change to the NTP access group.
		Access Type	Select the required action type: •QueryOnly •ServeOnly •Serve •Peer
		ACL Number [1-99]	Enter the ACL number. It should be a value between 1 and 99.
	NTP Trusted Key	Action	Select to add, remove, or make no change to the NTP trusted Key.
		Key Number [1-4294967295]	Enter the Key number. It must be a value between 1—4294967295.
		Verify Key Number	Re-enter the Key number to verify.
CatOS Parameters	NTP Server	Server Key [Range:1 to 4292945295]	Enter the NTP server Key. The value must be between 1 to 4292945295.
		Verify Server Key	Re-enter the Key to confirm.
	NTP Client	Client Action	Select to enable, disable, or make no change to NTP client.
	NTP Authentication	NTP Authentication	Select to enable, disable, or make no change to NTP authentication.
	NTP Key	Action	Select to add, remove, or make no change to the NTP Key.
		Key Number [1 to 4292945295]	Enter the NTP server Key. The value must be between 1 to 4292945295.
		Verify Key Number	Re-enter the Key to confirm.
		Type	Select the required Key type.
		MD5 Number [Max 32 chars]	Enter the MD5 number. It should be a maximum of 32 characters.
CE Parameters	NTP Server	Action	Select to enable, disable, or make no change to the NTP server.
		Server Type	Select the required server type.
CSS Parameters		NTP Server Version	Select the required NTP server version.
	NTP Server Poll Interval	Action	Select to add, remove, or make no change to the NTP poll interval.
		Poll Interval [16-16284 seconds]	Specify the poll interval. The value must be between 16—16284 seconds.

RADIUS Server Configuration Task

You can you use the RADIUS system-defined task to configure RADIUS on devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•CSS

•CE

For more details, see Table 10-4.

You can enter the details of this task in the RADUIS Server Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group	Sub-group	Field	Description
Common Parameters
Host Configuration		Action	Select to enable, disable, or make no change to the server configuration.
		Server Name	Enter the server name.
		Auth Port (0-65536)	Enter port used for authentication by RADIUS server.
Key Configuration		Action	Select to enable, disable, or make no change to the key configuration.
		Key	Enter RADIUS authentication and encryption key string used by server specified in Host area.
		Verify	Re-enter RADIUS key.
Login Authentication		Action	Select to enable, disable, or make no change to the login authentication. This is not applicable for CSS
	RADIUS Credentials (Update RME creds)	Username	Enter the username. For details see Understanding the NetConfig Credentials Configuration Tasks. In case of CSS devices, this value will be used to update the Primary login details.
		Password	Enter the password. For details see Understanding the NetConfig Credentials Configuration Tasks. In case of CSS devices, this value will be used to update the Primary login details.
		Verify	Re-enter the password to verify. For details see Understanding the NetConfig Credentials Configuration Tasks. In case of CSS devices, this value will be used to update the Primary login details.
IOS Parameters
Login Authentication	List	Name	Enter default or named list.
		Set to Default	Select the set the default list.
	Type	Options (Drop-down list 1)	Select the required option; •No Choice •radius •tacacs+ •line •enable •local •none Similarly, select the type from the other three drop-down lists.
New Model		Action	Select to enable, disable, or make no change to new model state.
Enable mode Authentication		Action	Select to add, remove, or make no change to the enable mode authentication.
	Credentials	Username	Enter the enable username.
		Password	Enter the enable password.
		Verify	Re-enter the enable password.
	Type	Options (Drop-down list 1)	Select the required option: •No Choice •radius •tacacs+ •line •enable •local •none Similarly, select the type from the other three drop-down lists.
Content Engine Parameters			No category-specific commands.
CSS Parameters	Host Configuration	Action	Select to enable, disable, or make no change to the host configuration.
		Secondary Server Name (Host Name or IP Address)	Enter the secondary server hostname or IP address.
		Secondary Server Key	Enter the key for the secondary server. Defines the secret string for authentication transactions between the RADIUS server and the CSS. Enter a case-sensitive string with a maximum of 16 characters.
		Verify	Re-enter the key to verify.
		Authentication Port (1-65535)	Enter custom authentication port of RADIUS server. Value must be between 0-65535. Optional field. Defines the UDP port on the secondary RADIUS server that receives authentication packets from clients. Enter a number from 0 to 65535. The default is 1645.
Other Parameters		Dead Time in seconds (1-255)	Enter the dead time in seconds. the value must be between 0—255. Enter a number from 0 to 255. The default is 5. If you enter 0, the dead time is disabled and the CSS does not send probe access-request packets to the non-responsive server. This command applies to primary and secondary servers.
		Remove	Select to remove the dead time specification. Use the no form of this command to reset the dead-time period to its default of 5 seconds.
		Retransmit (1-30)	Enter the retransmit value (between 1—30). Number of times that the CSS retransmits an authentication request. Enter a number from 1 to 30. The default number is 3.
		Remove	Use the no form of this command to reset the retransmission of authentication request to its default of 3.
		Source Interface Host (Host Name or IP Address)	Enter the source interface hostname or IP address. Source Interface Host configuration is required to accept authentication from the RADIUS client. Note that this IP interface address is used for the NAS-IP-Address RADIUS attribute in the RADIUS Authentication Request.
		Remove	Select to remove the source interface specification.
		Timeout (1-255):	Enter the timeout value (between 1—2555). Timeout specifies the interval that the CSS waits for a reply to a RADIUS request before retransmitting requests to the RADIUS server.
		Remove	Select the remove option to reset the interval to its default of 10 seconds.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

RCP Configuration Task

You can use the RCP system-defined configuration task to configure rcp on devices.

This task supports the IOS category of device including Cable devices.

For more details, see Table 10-4.

You can enter the details of this task in the RCP Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box)

The fields in the RCP Configuration dialog box are:

Group	Sub-group	Field	Description
IOS Parameters	Enable	Action	Select to enable or disable rcp state. To make rcp setup changes without enabling or disabling rcp, select No Change.
	RCP User Setup	Action	Select the required option to add to, or to remove current user from rcp authentication list. To make rcp setup changes without enabling or disabling rcp, select No Change.
		Local Username	Enter local name of user whose rcp access you are modifying.
		Remote Host	Enter IP address of remote host from which local device will accept remotely executed commands.
		Remote Username	Enter username on remote host from which device will accept remote commands.
		Enable Mode Commands	Click to allow remote user to run enable commands using rsh or to copy files to device using rcp.
		add/remove	Click add to add current user to rcp authentication list. Click remove to remove current user from rcp authentication list.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Reload Task

You can use the Reload task to schedule reload of devices. This task supports the IOS, Cat OS, SFS, NAM, CE, FastSwitch, PIX, CSS and Cable categories of devices. For more details, see Table 10-4.

You can enter the details of this task in the Reload Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box)

The fields in the Reload Configuration dialog box are:

Group	Sub-group	Field	Description
Common Parameters	Reload	Action	Select either: •Reload to enable reloading selected devices. or •No Change if you do not want to schedule a reload for the selected devices.
IOS Parameters	Do not Save config before reload	Action	You can: •Check this option if you do not want to save the configurations before reloading. or •Uncheck this option if you want to save the configurations before reloading.
CatOS Parameters			No category-specific parameters.
CE Parameters	Do not Save config before reload	Action	You can: •Check this option if you do not want to save the configurations before reloading. or •Uncheck this option if you want to save the configurations before reloading.
NAM Parameters	Do not Save config before reload	Action	You can: •Check this option if you do not want to save the configurations before reloading. or •Uncheck this option if you want to save the configurations before reloading.
SFS Parameters			No category-specific parameters.
Fast Switch parameters			No category-specific parameters.
PIX Parameters	Do not Save config before reload	Action	You can: •Check this option if you do not want to save the configurations before reloading. or •Uncheck this option if you want to save the configurations before reloading.
CSS Parameters			No category-specific parameters.
Cable Parameters	Do not Save config before reload	Action	You can: •Check this option if you do not want to save the configurations before reloading. or •Uncheck this option if you want to save the configurations before reloading.

For each device category, click on Applicable Devices to view the devices in your selection, to which the reload task applies.

SNMP Community Configuration Task

You can use the SNMP Community Configuration system-defined task to replace, add, and remove device SNMP community strings.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Catalyst OS

•Content Engine

•CSS

•NAM

•PIX OS

For more details, see Table 10-4.

You can enter the details of this task in the SNMP Community Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Community Configuration dialog box are:

Group	Sub-group	Field	Description
Common Parameters	Read-only	Action	Select an option to replace, add, remove, or make no change to a read-only SNMP community string. •If you select Replace, the new community string replaces the corresponding community string in the Device and Credential Repository (DCR). This action also deletes the current SNMP credentials on the device. •If you select the Add or Remove option, the new SNMP community strings are configured in the device alone and DCR is untouched. However if you select Replace, then the new SNMP community strings replace the community strings in the device as well as in DCR. If you select No Change, no change will be made to the Read-only Community string.
		Community String	Enter the community string.
		Verify	Re-enter the community string.
	Read-write	Action	Select an option to replace, add, remove, or make no change to a read-write SNMP community string. •If you select Replace, the new community string replaces the corresponding community string in the Device and Credential Repository. •If you select Add or Remove, the new SNMP community strings are configured in the device alone and DCR is untouched. However if you select Replace, then the new SNMP community strings replace the community strings in the device as well as in DCR. If you select No Change, no change will be made to the Read-write Community string.
		Community String	Enter the community string.
		Verify	Re-enter the community string.
IOS Parameters	Setup View (Optional)	MIB View (Optional)	Enter name of a previously defined view that defines objects available to community. Optional field.
		OID -Tree	Indicates the Object Identifier of ASN.1 subtree to include or exclude from the view. To identify an Object Identifier ASN.1 subtree, enter a numerical string such as 1.3.6.2.4 or a word such as system. To identify a subtree family, enter a wildcard, an asterisk (*), such as 1.3.*.4. Enter the MIB OID-Tree name.
		Type	Include or exclude all the objects specified in the MIB OID subtree you identified in the previous field. Select Included or Excluded from the drop down list.
	Access List (Optional)	Access List (Optional)	Enter integer from 1 to 99 to specify a named or numbered access list of IP addresses allowed to use the community string to access SNMP agent. Optional field.
CatOS Parameters			No category-specific parameters.
CE Parameters			No category-specific parameters.
PIX Parameters			No category-specific parameters.
CSS Parameters			No category-specific parameters.
NAM Parameters			No category-specific parameters.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

SNMP Security Configuration Task

You can use this task to configure SNMP Security feature on the following device categories:

•IOS (including Cable devices)

•Content Engine

For more details, see Table 10-4.

You can enter the details of this task in the SNMP Security Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Security Configuration dialog box are:

Group	Sub-group	Field	Description
Common Parameters		Action	Select an option, to add, remove, or make no change to the common parameters.
		(Drop-down list)	Select the required option for SNMP Groups/Users: •Group & Users •Group •Users When you select the Group option while adding task instances for this task, the user fields will not be disabled. This is because NetConfig needs the user information for configuring SNMP group commands in Catalyst OS devices.
		Group Name	Enter the group name. Indicates the SNMP Group in the SNMP protocol context.
		SNMP Versions	Select the SNMP version. SNMP version 1 and version 2 have No Auth and No Privacy. Version 3 has all levels of security.
	Users * - The entries in the first row will be updated in Device and Credential Repository	User Names Authen Pswds Authen Algorithm Privacy Paswds	•Username—Indicates the name of the user in the SNMPv3 protocol. •Authenticating Passwords—Indicates that the user is part of the group that is assigned Auth No Privacy or Auth Privacy security level. •Authenticating Algorithm—Indicates the authenticating algorithm is assigned to a group with Auth No Privacy or Auth Privacy security levels. •Privacy passwords—Indicates user is part of a group assigned Auth Privacy level of security. You can specify up to five usernames, enter authentication passwords, select the authentication algorithm and specify the privacy passwords.
	Config Access Control [optional]		This section allows you to configure access options for an SNMP group.
		Read View	Specify the read view. This view can be viewed by users assigned to a specified group. Indicates an alphanumeric label, not exceeding 64 characters, for the SNMP view entry you are creating or updating.
		Write View	Specify the write view. Allows all users in the specified group to add, modify, or create a configuration.
		Notify View	Specify the notify view. This view notifies all the users in the specified group.
IOS Parameters	Access Control (optional)	Access List [1-99]	Enter the number of an Access List (1—99).
	Engine ID [optional]	Action	Select to add, remove, or make no change to the engine configuration. SNMP Engine ID is an identification name for the local or remote SNMP engine.
		Type	Select the type of engine: •Local—Local SNMP server engine. •Remote—Remote SNMP server engine.
		ID	Enter the Engine ID (identification name for the local or remote SNMP engine). MIB OID Tree- Indicates the Object Identifier of ASN.1 subtree to include or exclude from the view. To identify an Object Identifier ASN.1 subtree, enter a numerical string such as 1.3.6.2.4 or a word such as system. To identify a subtree family, enter a wildcard, an asterisk (*), such as 1.3.*.4.
		Remote host	Enter the hostname or IP address of the remote SNMP entity to which the user belongs.
Content Engine Parameters		Remote Engine ID [Optional]	Enter the remote engine ID (identification name). This is an optional field.

The SNMP Security template enables you to configure Groups as well as Users with certain privileges. These Groups can be rolled back but the Users cannot be rolled back.

This is because the User details will not be available in the running configuration. Since NetConfig uses the running config to do roll back, rolling back Users is not possible.You should run a separate job to remove or add Users as required.

For each device category, click on Applicable Devices to view the devices in your selection.

•For more information on how to configure SNMP, refer to:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_installation_and_configuration_guides_list.html

SNMP Traps Configuration Task

You can use this task to configure the host, trap notification, and trap/inform parameters. You can specify security parameters to communicate securely with the SNMP host. See SNMP Security Configuration Task to configure the SNMP security.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Catalyst OS

•Content Engine

•CSS

•NAM

For more details, see Table 10-4.

You can enter the details of this task in the SNMP Traps Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the SNMP Traps Configuration dialog box are:

Group	Sub-group	Field	Description
Common Parameters	Traps Notification	Action	Select to enable, disable, or make no change to the traps notification configuration. If you select Enable, the server will receive SNMP traps. If you select Disable the server will not receive any SNMP traps.
IOS Parameters
Traps Notification Options	Type	Environmental	Select this to send only environmental traps to the host.
		SNMP	Select this to send the SNMP traps to the host.
Host Configuration		Action	Select to add, remove, or make no change to the host configuration.
		Username	Specific the user name that is used for authentication. This field is available when No Authentication, Authentication or Privacy are selected.
		Host	Enter the hostname or IP address.
		SNMP Security	Select the SNMP security method: •SecureV2c •NoAuthenticationV3 •AuthenticationV3 •PrivacyV3 •None
		Notification Type	Select the notification type: •Trap •Inform
		UDP Port [0-65535]	Indicates the port that will receive the SNMP requests. The range for a valid port number between 0—65535. The default is 162.
	Community String	String	Enter the community string.
		Verify	Re-enter the community string to confirm.
	Direct Traps To Host	Environmental	Select this to send only environmental traps to the host.
		SNMP	Select this to send the SNMP traps to the host.
Trap/Inform Configuration	Traps Message	Action	Select to change, replace, disable or make no change to the trap configuration.
		Trap Timeout [1-1000 s]:	Specify the trap timeout value. This must be between 1—1000 seconds.
		Trap Queue Length [1-1000 events]:	Specify the trap queue length. the number of events that you specify must be between 1—1000.
	Inform Request	Action	Select to replace, disable, or make no change to the inform request.
		Inform Retries [0-100]	Enter the inform retires. The value should be between 0—100.
		Inform Timeout [0-4294967295]	Specify the inform timeout value. This must be between 0—4294967295.
		Inform Pending [0-4294967295]	Specify the inform pending value. This must be between 0—4294967295.
CatOS Parameters	Host Configuration	Action	Select to add, remove, or make no change to the host configuration.
		Host	Enter the hostname or IP address.
		Community String	Enter the community string.
		Verify	Re-enter the community string to confirm.
ContentEngine Parameters	Host Configuration	Action	Select to add, remove, or make no change to the host configuration.
		Host	Enter the hostname or IP address.
		Community String	Enter the community string.
		Verify	Re-enter the community string to confirm.
		SNMP Security	Select the SNMP security method.
PIX Parameters	Host Configuration	Action	Select to add, remove, or make no change to the host configuration.
		Host	Specify an IP address of the SNMP management station to which traps should be sent and/or from which the SNMP requests come. You can specify up to five SNMP management stations.
		Interface	Select the interface: •Inside [default] •Outside
		Notification Type	Select the notification type: •Trap & Poll [default]—Allows both traps and polls to be acted upon. •Trap—Only traps will be sent. This host will not be allowed to poll. •Poll—Traps will not be sent. This host will be allowed to poll.
CSS Parameters		Action	Select to add, remove, or make no change to the parameters such as host name or IP address, trap community, source IP address in traps, specific host, trap type, event, etc.
		Host Name or IP Address	Enter the hostname or IP address of an SNMP host that has been configured to receive traps. A maximum of 5 hosts can be configured.
		Trap Community	Enter the trap community string/name to use when sending traps to the specified SNMP host. Enter an unquoted text string with no spaces and a maximum length of 12 characters.
		Verify	Re-enter the trap community string to confirm.
		Source IP Address in Traps	Select the source IP address in traps. To set the source IP address in the traps generated by CSS select one of these options: •Egress Port—Obtains the source IP address for the SNMP traps from the VLAN circuit IP address configured on the egress port used to send the trap. You do not need to enter an IP address because the address is determined dynamically by the CSS. •Management—Places the management port IP address in the source IP field of the trap. This is the default setting. •Specific Host—Allows the user to enter the IP address to be used in the, source IP field of the traps. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1) in the Specific Host field (the next field). •No Change (No change will be made to the source IP address if you select this option.)
		Specific Host	In the previous field, that is, Source IP Address in Traps, if you have selected the Specific Host option, then specify the IP Address of the specific host in this field.
		Trap Type	Select the trap type: •No Change (No change will be made to the trap type if you select this option). •Enterprise—When you use this keyword alone, it enables enterprise traps. You must enable enterprise traps before you configure an enterprise trap option. •Generic—The generic SNMP traps consist of cold start, warm start, link down, and link up.
		Event	Select the event: •None •Module Transition •Power Supply Transition •Illegal Packet DOS attack •LAND DOS attack •Smurf DOS attack •SYN DOS attack •Lifetick message failure •Login Failure •System reload •Reporter state transitions •Service transition
NAM Syslog Host Configuration Parameters		Action	Select to add, remove, or make no change to the syslog host configuration.
		Index[1-65535]	Enter the syslog host index. The value should be between 1—65535.
		Host IP Address	Enter the host name or IP address.
		Community String	Enter the community string.
		Verify	Verify the community string.
		UDP Port[1-65535]	Enter the UDP port. The value should be between 1—65535.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

For more information regarding configuring SNMP, refer to

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_installation_and_configuration_guides_list.html

Syslog Task

You can use the Syslog system-defined task to configure the collection of syslog messages from devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Content Engine

•CSS

•NAM

•PIX OS

For more details, see Table 10-4.

You can enter the details of this task in the Syslog Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Syslog Configuration dialog box are:

Group	Sub-group	Field	Description
Common Parameters	Logging Host	Action	Select the required option to enable, disable, or make no change to list of hosts that receive syslog messages.
		Ex: host1.domain,host2,1.2.3.4:	Enter IP address of hosts to add or remove from list of hosts that receive syslog messages. Separate multiple addresses with commas.
IOS Parameters
Logging On		Action	Select the required option to enable, disable, or make no change to syslog state. Select No Change to make syslog setup changes without enabling or disabling syslog logging.
Logging Facility		Action	Select the required option to enable, disable, or make no change to syslog logging facility.
		Parameter	Select the logging facility to which to log syslog messages.
Logging Level	Buffered	Action	Select the required option to enable, disable, or make no change to the buffered logging level.
		Conditions	Select the required logging level from the drop-down list: •Default •alerts •critical •debugging •emergencies •errors •informational •notifications •warnings
	Console	Action	Select the required option to enable, disable, or make no change to the console logging level.
		Conditions	Select the required logging level from the drop-down list.
	Monitor	Action	Select the required option to enable, disable, or make no change to the monitor logging level.
		Conditions	Select the required logging level from the drop-down list.
	Trap	Action	Select the required option to enable, disable, or make no change to the trap logging level.
		Conditions	Select the required logging level from the drop-down list.
CatOS Parameters
Console Logging On		Action	Select the required option to enable, disable, or make no change to console logging.
Server Logging On		Action	Select the required option to enable, disable, or make no change to server logging.
Logging Level		Action	Select the required option to enable, disable, or make no change to the logging level.
		Facility	Select the logging facility to which to log syslog messages.
		Level	Select the required logging level from the drop-down list.
Content Engine Parameters
Logging On		Action	Select the required option to enable, disable, or make no change to logging.
Destination		Console	Select this option to specify the console as the logging destination.
		Disk	Select this option to specify the disk as the logging destination.
Logging Facility		Action	Select the required option to enable, disable, or make no change to syslog logging facility.
		Parameter	Select the logging facility to which to log syslog messages.
Logging Priority	Console	Action	Select the required option to enable, disable, or make no change to the console logging priority.
		Conditions	Select the required logging priority from the drop-down list.
	Disk	Action	Select the required option to enable, disable, or make no change to the disk logging priority.
		Conditions	Select the required logging priority from the drop-down list.
	Host	Action	Select the required option to enable, disable, or make no change to the host logging priority.
		Conditions	Select the required logging priority from the drop-down list.
PIX Parameters		Time Stamp	Select the required option to enable, disable, or make no change to the time stamp specification.
		Logging On
Logging Facility		Action	Select the required option to enable, disable, or make no change to syslog logging facility.
		Parameter	Select the logging facility to which to log syslog messages.
Message		Action	Select the required option to enable, disable, or make no change to the syslog message configuration.
		Syslog Message ID	Enter the syslog message ID.
		Conditions	Select the required logging level from the drop-down list.
Logging Level	Buffered	Clear Buffer	Select to clear the buffer.
		Action	Select the required option to enable, disable, or make no change to the buffered logging level.
		Conditions	Select the required logging level from the drop-down list.
	Console	Action	Select the required option to enable, disable, or make no change to the console logging level.
		Conditions	Select the required logging level from the drop-down list.
	Monitor	Action	Select the required option to enable, disable, or make no change to the monitor logging level.
		Conditions	Select the required logging level from the drop-down list.
	Trap	Action	Select the required option to enable, disable, or make no change to the trap logging level.
		Conditions	Select the required logging level from the drop-down list.
CSS Parameters		Facility	Select the logging facility to which to log syslog messages.
		Logging Level	Select the required logging level from the drop-down list.
		CLI Command	Select the required option to add, remove, or make no change to the CLI commands.
	Logging to Disk	Disk	Select the required option to add, remove, or make no change to logging to disk.
		Logfile Name	Enter the log file name.
		Buffer	Select the required option to add, remove, or make no change to the buffer configuration.
		Size [0-64000]	Enter the size of the buffer. Enter a value between 0—64000 bytes.
		To sys.log	Select the required option to add, remove, or make no change to the option to log to a file called sys.log.
	Logging to Line	Line	Choose this option to send the log activity of a subsystem to an active CSS session.
		Active Session Name	Enter the name of the active session. Enter a case-sensitive unquoted text string with a maximum length of 32 characters.
	Logging to Mail	Send Mail	Select the required option to add, remove, or make no change to the e-mail option.
		Mail Address	Enter the e-mail IDs (comma separated).
		SMTP Host (Name or IP Address)	Enter the SMTP hostname or the IP address.
		Logging Level	Select the required logging level from the drop-down list.
		Domain Name (Optional)	Enter the domain name of the SMTP host. This is an optional field.
NAM Parameters	MIB Threshold	Local	Select the required option to enable, disable, or make no change to the local MIB threshold.
		Remote	Select the required option to enable, disable, or make no change to the remote MIB threshold.
	Voice	Local	Select the required option to enable, disable, or make no change to the voice (local).
		Remote	Select the required option to enable, disable, or make no change to the voice (remote).
	System	Local	Select the required option to enable, disable, or make no change to system (local).
		Remote	Select the required option to enable, disable, or make no change to system (remote).
	Debug	System	Select the required option to enable, disable, or make no change to Debug (system).

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

SSH Configuration Task

You can use the SSH system-defined task to configure SSH on devices.

The following device categories are supported by this task:

•IOS (including Cable devices)

•Content Engine

•CSS

•NAM

For more details, see Table 10-4.

You can enter the details of this task in the SSH Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For this task to work correctly, you must use any CLI-based protocol (Telnet or SSH) as the download protocol.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

Group	Sub-group	Field	Description
Common Parameters	Key Configuration	Action	Select the required option to enable, disable, or make no change to the key configuration.
IOS Parameters	Prerequisites		The Hostname and Domain name need to be configured for the devices.
	Key Configuration	Number of Key Bits [360-2048]	Enter the number of Key bits to be used for Key generation. The value must be between 360-2048 Key bits.
	Timeout	Action	Select the required option to add, remove, or make no change to the timeout value.
		Timeout Value [1-120):]	Enter timeout value for SSH sessions. The value should be between 1—120.
	Retries	Action	Select the required option to add, remove, or make no change to the number of retries.
		Number of Retries [1-5]	Enter the number of retries allowed. The number must be between 1—5.
CE Parameters	SSH Prerequisites	SSH Daemon	Select the required option to enable, disable, or make no change to the SSH daemon.
		Number of Key Bits [512-2048]	Enter the number of Key bits to be used for Key generation. The value must be between 512—2048 Key bits.
		SSH Timeout	Enter login grace time value in seconds for SSH sessions. Value must be between 1-99999.
		Password-guesses [1-99]	Specify the number of password retries allowed. The value must be between 1—99.
CSS Parameters		Number of Server Key Bits [512-32768]	Enter the number of Key bits to be used for Key generation. The value must be between 512—32768 Key bits.
	Port	Action	Select the required option to enable, disable, or make no change to the port configuration.
		Port Number [22-65535]	Enter the port number. This value can be between [22-65535]
		KeepAlive	Select the required option to add, remove, or make no change to keepalive.

For each device category, click on Applicable Devices to view the devices in your selection, to which this task applies.

TACACS Configuration Task

You can use the TACACS system-defined task to configure TACACS authentication.

This task supports the IOS device category including Cable devices.

For more details, see Table 10-4.

You can enter the details of this task in the TACACS Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group	Sub-group	Field	Description
Common Parameters
Server Configuration		Action	Select to enable, disable, or make no change to the TACACS Server configuration.
		Hostname or IP Address	Enter the hostname or the IP address of the TACACS server.
Login Authentication		Action	Select to enable, disable, or make no change to the login authentication details.
	Credentials	Username	Enter the username. These values are entered in Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.
		Password	Enter the enable password. For details see Understanding the NetConfig Credentials Configuration Tasks.
		Verify	Re-enter the enable password. For details see Understanding the NetConfig Credentials Configuration Tasks.
IOS Parameters
Server Retransmit		Action	Select to enable, disable, or make no change to the server retransmit configuration.
		Retries [0-100]	Enter the number of re-tries.
Server Timeout		Action	Select to enable, disable, or make no change to the server timeout value.
		Timeout [1-1000]	Enter the timeout value.
Enable mode Authentication		Action	Select to enable, disable, or make no change to the enable mode authenticating.
	Credentials	Username	Enter the username
		Password	Enter the enable password.
		Verify	Re-enter the enable password.

TACACS+ Configuration Task

You can use the TACACS+ system-defined template to configure TACACS+ on devices.

This task supports the following device categories:

•IOS (including Cable devices)

•Catalyst OS

•Content Engine

•NAM

For more details, see Table 10-4.

You can enter the details of this task in the TACACS+ Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

Group	Sub-group	Field	Description
Common Parameters
TACACS Server Configuration	Server	Action	Select to enable, disable, or make no change to the TACACS Server configuration.
		Hostname or IP Address	Enter the hostname or the IP address of the TACACS server.
	Key	Action	Select to add, remove, or make no change to the TACACS encryption Key.
		Key	Enter the TACACS encryption key. The key is used to set authentication and encryption. This key must match the key used on the TACACS+ daemon. The key can be of any size.
		Verify Key	Re-enter the Key to confirm.
Login Authentication		Action	Select to enable, disable, or make no change to the TACACS+ authentication. •If login authentication is enabled, then when you try to login to the device, you are authenticated by the TACACS server. •If login authentication is disabled, then you are not authenticated by the TACACS server when you log in to the device.
	Credentials	Username	Enter TACACS+ username. These values are entered in the Device and Credential Repository only. They do not affect device configuration. For details see Understanding the NetConfig Credentials Configuration Tasks.
		Password	Enter TACACS+ password. For details see Understanding the NetConfig Credentials Configuration Tasks.
		Verify	Re-enter the password to confirm. For details see Understanding the NetConfig Credentials Configuration Tasks.
IOS Parameters
Enable mode Authentication		Action	Select to enable, disable, or make no change to the enable mode authenticating.
	Credentials	Password	Enter the enable password.
		Verify	Re-enter the enable password.
	List	Name	Enter default or named list.
		Set to Default	Select the set the default list.
	Type	(Drop-down list 1)	Select the required option: •No Choice •radius •tacacs+ •line •enable •local •none Similarly, select the type from the other three drop-down lists.
	New Model	Action	Select to enable, disable, or make no change to new model state.
CatOS Parameters
Enable mode Authentication		Action	Select to add, remove, or make no change to the enable mode authentication.
	Credentials	Password	Enter the enable password.
		Verify	Re-enter the enable password.
	Server Options	Primary	Click to designate specified server as primary TACACS server.
		All	Click to clear all hosts from list of TACACS servers, if you selected remove in Action field.
ContentEngine Parameters	Server Option	Primary	Select to specify the server as primary.
	Password Option	ASCII Password	Select for an ACSII password.
	Connection Options	Timeout	Enter the timeout value.
		Retries	Enter the number of re-tries.
NAM Parameters			No category-specific commands The TACACS Server Key should be DES encrypted NAM devices.

At the time of enabling login authentication or enable mode authentication, it is mandatory for you to enter the username and password.

At the time of disabling login authentication or enable mode authentication, these fields are optional. While disabling login authentication or enable mode authentication, if username and password are not provided, then the corresponding fields in DCR are cleared and left blank.

This may make the device unreachable. Therefore we recommend that you provide the username and password at the time of disabling login authentication.

Telnet Password Configuration Task

You can use the Telnet Password system-defined configuration task to change the Telnet password on devices.

This task supports the following device categories:

•IOS (including Cable devices)

•Catalyst OS

•PIX OS

For more details, see Table 10-4.

You can enter the details of this task in the Telnet Password Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

For details on the NetConfig credentials configuration tasks, see Understanding the NetConfig Credentials Configuration Tasks.

If you change the Telnet password on a Catalyst device with an RSM module using this template, the RSM Telnet password is also changed.

The fields in the Telnet Password Configuration dialog box are:

Group	Sub-group	Field	Description
IOS Parameters	Vty Lines	Action	Select an option to enable, disable, or make no change to the Vty Line password.
		Password	Enter the Vty Line password. If you select vty, change affects all device vty lines, and Device and Credential Repository is updated with new password.
		Verify	Re-enter the Vty Line password to confirm.
	Console Line	Action	Select an option to enable, disable, or make no change to the Console Line password.
		Password	Enter the Console Line password.
		Verify	Re-enter the Console Line password to confirm.
	Aux Line	Action	Select an option to enable, disable, or make no change to the Auxiliary Line password.
		Password	Enter the Aux Line password.
		Verify	Re-enter the Aux Line password to confirm.
CatOS Parameters	Telnet Password	Action	Select an option to enable, disable, or make no change to the telnet password. Device and Credential Repository is updated with new password.
		Password	Enter the Telnet password.
		Verify	Re-enter the Telnet password to confirm.
		Apply command on modules Disable will set an empty password	Select this option to update only the non IP addressable modules. If you select the Action as Disable, the password will be removed.
PIX Parameters		Action	Select the required option to replace, reset, or make no change to the password.
		Password	Enter the password.
		Verify	Re-enter the password to confirm.
		Encrypted Password	Select this option, if the password you are entering is already encrypted.

Transform System-Defined Task

You can use the Transform system-defined task to configure IPSec on devices. You must configure the IKE configuration system-defined task before configuring the Transform system-defined task.

This task supports the following device categories:

•IOS (including Cable devices)

•PIX OS

For more details, see Table 10-4.

You can enter the details of this task in the Transform Set Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Transform Set Configuration dialog box are:

Group	Sub-Group	Field	Description
IOS Parameters
Security Association Configuration	Seconds Configuration	Seconds [120-86400]	Enter number of seconds that will be used for negotiating IPSec SA.
		Remove	Select this option to remove any previously specified seconds value.
	Kilo Bytes Configuration	Kilo Bytes [2560-536870912]	Enter the amount of traffic in kilobytes that will be used for negotiating IPSec SA. Value must be between 2560-536870912.
		Remove	Select this option to remove any previously specified kilobytes value.
	IPSec Transform Set Configuration Note: Only for IOS 12.1 and higher.	Action	Select a required option to add, remove or make no change to transform set configuration. This sub-group of fields is applicable only to IOS version 12.1 and above.
		Transform Set Name	Enter a name for the transform set.
		Auth Header	Select the type of authentication algorithm.
		ESP Encryption	Select the type of encryption algorithm with ESP.
		ESP Authentication	Choose type of authentication algorithm with ESP.
		IP Compression	Select to use IP compression with LZS algorithm. This cannot be selected alone.
		Transport Mode	Select the mode of transport.
PIX Parameters
Security Association Configuration		Seconds [120-86400]	Enter the number of seconds that will be used for negotiating IPSec SA. The value must be between 120—86400 seconds.
		Kilo Bytes	Enter the amount of traffic in kilobytes that will be used for negotiating IPSec SA. The value must be between 2560—536870912 kilo bytes.
IPSec Transform Set Configuration		Action	Select the required option to add, remove or make no change to transform set configuration.
		Transform Set Name	Enter name for the transform set.
		Auth Header	Select the type of authentication algorithm.
		ESP Encryption	Select the type of encryption algorithm with ESP.
		ESP Authentication	Select the type of authentication algorithm with ESP.
		IP Compression	Select to use IP compression with LZS algorithm. This cannot be selected alone.
		Transport	Select the mode of transport.

Web User Task

You can use the Web User configuration task to configure the web user for NAM devices. This is a System-defined task. For more details, see Table 10-4. You can enter the details of this task in the Web User Configuration dialog box.

To invoke this dialog box, see Starting a New NetConfig Job.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).. The fields in the in the Web User Configuration dialog box are:

Group	Sub-group	Field	Description
NAM Parameters	Web User	Action	Select an option to add, remove, or make no change to the web user group of fields.
		Username	Enter the username of the web user.
		Password	Enter the password for the username.
		Verify	Re-enter the password to confirm.
	Privileges	Account Management	Select the required option to enable, disable or make no change to account management.
		System Config	Select the required option to enable, disable or make no change to system configuration.
		Capture	Select the required option to enable, disable or make no change to the capture configuration.
		Alarm Config	Select the required option to enable, disable or make no change to alarm configuration.
		Collection Config	Select the required option to enable, disable or make no change to the collection configuration.

Click Applicable Devices to view the devices to which this task applies.

Use-defined Protocol Task

You can use the User-defined Protocol task to configure the user-defined protocol on NAM devices. This is a system-defined task.

For more details, see Table 10-4.

You can enter the details of this task in the User-defined Protocol Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the in the User-defined Protocol Configuration dialog box are:

Group	Sub-group	Field	Description
NAM Parameters	User Defined Protocol	Action	Select an option to add, remove or replace the user-defined protocol.
		Protocol	Select the protocol: •TCP •UDP
		Port [0 - 65535]	Enter the port number. You can enter any port number in the range of 0—65535.
		Name	Enter the name of the user-defined protocol.
	Affected Stats	Host	Select this option to enable host—Examines a stream of packets; produces a table of all network addresses observed in those packets (also known as the collection data). Each entry records the total number of packets and bytes sent and received by that host and the number of non-unicast packets sent by that host.
		Conversations	Select this option to enable host conversations.
		ART	Select this option to enable Application Response Time.

Click Applicable Devices to view the devices to which this task applies.

Cable BPI/BPI+ Task

You can use the Cable BPI/BPI+ Task to assign BPI/BPI+ options.

This task is applicable to the Cable device category. For more details, see Table 10-4.

You can enter the details of this task in the Cable BPI/BPI+ Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Cable BPI/BPI+ Configuration dialog box are:

Group	Sub-Group	Field	Description
BPI/BPI+	Interface Configuration	Cable Interface	Allows you to select an interface to modify the other fields. You must select at least one interface. Select the cable interface that you want to change.
		BPI	Select the appropriate option: •No Change—Does not change the existing configuration. •Enable—Enables this option. •Disable—Disables this option.
	Key Lifetime	Action	Select the appropriate option: •No Change—Does not modify this option. •Replace—Modifies this option to your specification. •Default—Resets this option to the system default.
		KEK Lifetime [300 - 604800]	Replaces the time (in seconds) using your values or resets the time using the system default. Enter time in seconds to reset the time using your values. Enter a value from 300—604800 seconds and the default is 604800 seconds. Click to check the button to reset the field to system default.
		TEK Lifetime [180 - 604800]	Replaces the time (in seconds) using your values or resets the time using the system default. Enter time in seconds to reset the time using your values. The range is 180 - 604,800 seconds and default is 43,200 seconds. Click to check the button to reset the field to system default.
	BPI/BPI+ Options	Action	Select the required options: •No Change—Does not change the existing configuration. •Enable—Enables this option. •Disable—Disables this option.
		Mandatory	Select to force all modems to use BPI.
		Authenticate Modem	Select to turn the BPI modem authentication on or off.
		Authorize Multicast	Select to turn BPI Multicast option on or off.
		OAEP Support	Select to enable or disable Optimal Asymmetric Encryption Padding (OAEP) BPI+ encryption.
		DSX Support	Select to enable or disable encryption for dynamic services SIDs.
		40 Bit Des	Select to indicate that you have chosen the 40 bit DES encryption. The system default is 56 DES encryption. This is Cisco's recommended encryption.

Click Applicable Devices to see the devices in your selection, that are applicable for this task.

For more information, refer to:

•http://www.cisco.com/en/US/tech/tk86/tk168/technologies_tech_note09186a0080093d79.shtml

Cable DHCP-GiAddr and Helper Task

You can use this task to configure the GiAddr field of DHCPDISCOVER and DHCPREQUEST packets with a relay IP address before they are forwarded to the DHCP server. You can apply this task only for a single Cable-CMTS device at a time.

This task is applicable to the Cable device category. For more details, see Table 10-4.

You can enter the details of this task in the Cable DHCP-GiAddr and Helper Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

---

Note At a time, you can apply this task only to a single device, because cable templates configure interfaces on devices.

---

The fields in the Cable DHCP-GiAddr and Helper Configuration dialog box are:

Group	Sub-Group	Field	Description
Config Setup		Cable Interface	Select a cable interface to make the configuration changes to the selected interface, from the drop-down list. If there are no interfaces available, you will see the option No Interfaces Found in the drop-down list. You should make sure that the device is reachable and then select a valid interface.
		Action	Select an option from the drop-down list. The options are: •No Change—Does not change the current configuration. •Add/Modify—Adds a new GiAddr or Helper Address or both, or modifies an existing GiAddr or Helper Address or both.· •Remove—Removes the GiAddr or Helper Address or both.
			Select an option to Add or Modify, from the drop-down list: •DHCP-Giaddr & Helper-Address—Enables you to set the DHCP GiAddr to Policy or Primary. You can also specify values for the fields in the Cable Helper Addresses group. •DHCP-Giaddr—Enables you to set the DHCP GiAddr to Policy or Primary. •Helper-Address—Enables you to specify values for the fields in the Cable Helper Addresses group.
	Cable DHCP Giaddr	Policy Primary	Allows you to set the DHCP GiAddr to Policy or Primary: •Policy—Selects the control policy, so the primary address is used for cable modems and secondary addresses are used for hosts. •Primary—Always selects the primary address for GiAddr field. Enable this field by selecting Helper Address.
	Cable Helper Addresses	Helper Address	Allows you to enter the Helper Address to Cable Modem, Host or Host & Cable Modem.
		•Cable-Modem •Host •Host & Cable-Modem	•Cable-Modem—Specifies that only Cable Modem UDP broadcasts are forwarded. •Host—Specifies that only host UDP broadcasts are forwarded. •Host & Cable Modem—Specifies that both host and cable modem broadcasts are forwarded. Enable this field by selecting Action as DHCP GiAddr & Helper Address or by selecting Action as Helper Address.

Click Applicable Devices to view the devices to which this task applies.

Cable Downstream Task

You can use this task to configure the Annex, Channel-ID, Frequency, Modulation, Interleave depth, and Set rate limit of downstream cable interface. You can also configure the Radio Frequency (RF) output of a downstream cable interface on a Cisco uBR7100 router.

This task is applicable only to Cable devices.

For more details, see Table 10-4.

You can enter the details of this task in the Downstream Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

---

Note You can apply this task to only a single Cable-CMTS device at a time.

---

The fields in the Downstream Configuration dialog box are:

Group	Sub-Group	Field	Description
Cable Parameters		Cable Interface	Select the required option from the drop-down list. Select a cable interface to make the required configuration changes. If you do not want to select any cable interface, choose the Not Selected option.
Activate/ Configure	Shutdown	Action	Allows you to shutdown or activate the selected interface. The options are: •No Change—Does not allow modification of any fields in this sub-group of fields. •Shutdown—Deactivates the DS port. •No Shutdown—Activates the DS port.
	Interleave Depth	Interleave Depth	Allows you to select the interleave depth of a channel between 8 - 128. The default is 32. Specify the interleave depth by selecting the appropriate option from the drop-down list.
		Remove	Select to remove the interleave depth configuration.
	Framing Format	MPEG Framing Format	Select the MPEG framing format from the drop-down list. The options are: •No Change—Does not allow modification of any fields in this sub-group of fields. •Annex A—For Cisco uBR-MC16E cable interface card and Cisco uBR7111E and Cisco uBR7114E Universal Broadband Routers. •Annex B—For all other Cisco cable interface cards.
		Remove	Select to remove a previously-specified MPEG framing format configuration.
	Modulation	Modulation	Sets the modulation for a downstream port on a cable interface. Select the required option. The options are: •No Change—Does not allow modification of any fields in this sub-group of fields. •64 qam •256 qam
		Remove	Select to remove a previously-specified modulation configuration.
	Channel	Channel ID (0-255):	Channel-ID can be from 0-255. Specify the channel-ID.
		Remove	Select to remove the Channel ID.
	Frequency	Frequency (54-858 MHz)	Frequency range can be from 54MHz -1,000MHz. Enter the frequency.
		Remove	Select to remove a previously-specified frequency range.
Traffic Shaping		Rate Limit	Select the required option from the drop-down list. The options are: •No Change—Does not allow modification of any fields in this group of fields. •Enable—Enables this option. •Disable—Disables this option.
		Rate Limit Algorithm (Optional):	•None—Does not modify the rest of the fields. •Token-bucket with DS Traffic Shaping—Modifies the Token Bucket Algorithm option. •Token-bucket without DS Traffic Shaping—Modifies the Token Bucket without DS Traffic Shaping Algorithm option •Weighted-discard—Modifies the Weighted Discard option.
	Token Bucket (Optional)	Granularity in Milli seconds (Optional):	Specifies traffic shaping granularity in milliseconds. This field is enabled only if you have selected the Rate Limit Algorithm as Token-bucket with DS Traffice Shaping. Select the required value from the drop-down list. You can choose a value between 1—16 msec.
		Max Delay in Milli seconds (Optional):	Sets the maximum buffering delay in milliseconds. This field is enabled only if you have selected the Rate Limit Algorithm as Token-bucket with DS Traffice Shaping. Select the required value from the drop-down list. You can choose a value between 128 to 1024.
	Weighted Discard (1-4) (Optional)	Weight for the exponential moving average of loss rate	Sets the weighted discard algorithm. This field is enabled only if you have selected the Rate Limit Algorithm as Weighted Discard. Enter a weight between 1 - 4.

Click Available Devices to view the list of devices from your selection, to which this task applies.

Cable Upstream Task

Use this task to configure the frequency, minislot size, power level and admission control on upstream cable interfaces. You can apply this task only for a single Cable-CMTS device at a time.

This task is applicable only to Cable devices.

For more details, see Table 10-4.

You can enter the details of this task in the Upstream Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

---

Note You can apply this task to only a single cable device at a time.

---

The fields in the Upstream Configuration dialog box are:

Group	Sub-Group	Field	Description
Config Setup		Cable Interface	Allows you to select cable interfaces for configuration. Select the cable interfaces from the drop-down list.
	Activate/ Deactivate US Port	Activate/Deactivate	Select one of these options from the drop-down list. The options are: •No Change—Does not change the existing configuration. •Shutdown—Deactivates this port. •No Shutdown—Activates this port.
Frequency		Value [5-42 MHz]	Enter the required frequency value in the range 5—42 MHz. The range for the frequency is: •5—65 MHz for Cisco uBR-MC16E cable interface line card •5—42 MHz for all other cable interface line cards.
		Set to Default	Select this option to set the default frequency. A negation command is generated to remove the frequency value and set the default. This is because the default frequency value is dynamic and varies from device to device.
Power Configuration	Power Level	Value [-10-+25 dBmV]:	Enter the power level. The valid range for the power level is between -10dBmV—+25dBmV.
		Set to Default	Select this option to set the default power level. The default is 0dBmV.
	Power Adjustment	Continue [2-15 dB]	Enter the power adjustment value. The valid range for power adjust value between 2dB—15dB.
		Set to Default	Select this option to set the default power adjustment value. The default is 2dB.
		Noise	Enter the power adjust noise level. The valid range for the power adjustment noise value between 10 - 100%.
		Set to Default	Select this option to set the default noise value. The default is 30%.
		Threshold [0-10 dB]	Enter the power adjustment threshold value. The valid range for the power adjustment threshold value between 1dB - 10dB.
		Set to Default	Select this option to set the default power adjustment threshold value. The default is 1dB.
Admission Control		Value [0 - 1000%]	Indicates the maximum cumulative bandwidth reservation allowed before new CMs are rejected. The valid range is between 10%—1000%.
		Set to Default	Select this option to set the default admission control value. The default value is 100%.
Minislot Size		Size	Select the required options. The options are: •No Change •2 •4 •8 •16 •32 •64 •128 •[default] Select No Change to make no changes in this field.
Channel Width(Hz)		Size	Select the required channel width option. The options are: •No Change—Does not modify the existing configuration. •200000 •400000 •800000 •1600000 (default) •3200000 Select No Change to make no changes in this field.
Concatenation		Concatenation	Select one of these options: •No Change—Does not modify the existing configuration •Enable—Enables this option. •Disable—Disables this option.
FEC		FEC	Select one of the following options for Enable Forward Error Correction (FEC): •No Change - Does not modify the existing configuration. •Enable - Enables this option. •Disable - Disables this option.
Fragmentation		Fragmentation	Select the required fragmentation option. The options are: •No Change—Does not modify the existing configuration. •Enable—Enables this option. •Disable—Disables this option.
Rate Limit		Rate Limit	Select the required rate limit option. The options are: •No Change—Does not modify the existing configuration. •Enable—Enables this option. •Disable—Disables this option.
		Apply Token Bucket Algorithm	Click the check box to apply this option.
		Enable Traffic Shaping	Click the check box to apply this option.
Data Backoff		Data Backoff	Select the required data backoff option. The options are: •No Change—Does not modify the existing configuration. •Enable—Enables this option. •Disable—Disables this option. If you choose Enable, you can perform data back off automatically, or manually by entering the start and end values.
		Automatic	Choose this to apply a default value for data automatically.
		Start Value [0-15]	Enter the start value. The valid range for the start value is 0—15. there is no default value.
		End Value [0-15]	Enter the end value. The valid range for the end value is 0—15. there is no default value.
Range Backoff		Range Backoff	Select one of these options: •No Change—Does not modify the existing configuration. •Enable—Allows you to perform data back off automatically, or manually by entering the start and end values. •Disable—Disables this option.
		Automatic	Select this, to apply a range back-off value automatically.
		Start Value (0-15)	Enter the start value. The valid range for the start value is 0-15. There is no default value.
		End Value (0-15)	Enter the end value. The valid range for the start value is 0-15. There is no default value.

Click Available Devices to view the list of devices from your selection, to which this task applies

Cable Interface Bundling Task

You can use this task to configure the interface bundling. You can apply this task only to a single Cable-CMTS device at a time.

This task is applicable to the Cable device category. For more details, see Table 10-4.

You can enter the details of this task in husbanded Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

---

Note At a time, you can apply this task only to a single device, because cable templates configure interfaces on devices.

---

The fields in the Bundle Configuration dialog box are:

Group	Field	Description
Cable Parameters	Action	Select one of these options: •No Change—Does not modify the existing parameters. •Add—Enables you to configure a interface as a master interface or a slave interface. •Remove—Enables you to change the previous configuration of the interface (master to slave or vice versa). Choose the option from the drop down list.
	Bundle ID (1-255)	Indicates the bundle identifier. Enter a bundle ID between 1 - 255.
	Master Interface	Allows you to configure the primary interfaces. Select the cable interface from the list of primary interfaces. Select Not Selected if you do not want to select a primary interface.
	Slave Interface	Allows you to configure the secondary interfaces. Select the cable interface from the list of secondary interfaces. Select Not Selected if you do not want to select a secondary interface.

Click Applicable Devices to view the devices to which this task applies.

Cable Spectrum Management Task

You can use this task to create and assign spectrum groups to cable interfaces and upstream interfaces.

This task supports cable devices.

For more details, see Table 10-4.

You can enter the details of this task in the Cable Spectrum Management Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Cable Spectrum Management Configuration dialog box are:

Group	Sub-Group	Field	Description
Spectrum Management	Spectrum Group	Action	Select one of these options: •No Change—Does not allow you to make any changes in the Spectrum group of fields. •Add—Allows you to add options. •Remove—Allows you to remove options.
		Spectrum Group ID [1 - 32]	Enter the Spectrum Group ID. The range for Spectrum Group ID is between 1—32.
		Frequency Setting	Select one of these frequency settings: •Band—Enter a range of frequencies. •Fix—Enter a fixed frequency.
		Start Frequency [5 - 42 MHz]	Enter the start frequency. The range of frequencies is: •5MHz—65MHz for Cisco •uBR-MC16E cable interface card •5MHz—42MHz for all other cable interface cards
		End Frequency [5 - 42 MHz]	Enter the end frequency. •The range of frequencies is: 5MHz—65MHz for Cisco •uBR-MC16E cable interface card •5MHz—42MHz for all other cable interface cards. This field is enabled only if you choose Fix as the value in the Frequency Setting filed, in the Spectrum Group.
	Optional Configuration	Power Level [-10 - 25 dBmV]	Enter the Power Level. The valid power levels are between -10dBmV - +25dBmV. The default is 0dBmV.
		Hop Period [5 - 300 Sec]	Enter the Hop period. The valid range for a Hop Period (in seconds) is between 1-3600. The default for Advanced Spectrum Management is 25 seconds. For all others, the default is 300 seconds. This field is enabled only if you choose Add as the value in the Action field, in the Spectrum Group.
		Hop Threshold [0 - 100%]	Enter the Hop Threshold. The valid range for Hop Threshold is between 1 - 100%. The default is 20%. This field is enabled only if you select Add as the value in the Action field, in the Spectrum Group.
		Shared RF Spectrum Group Configuration	Indicates the upstream ports in a spectrum group can share the same upstream frequency.
	Schedule	Schedule	Select one of these options from the drop down list: •No Change—Does not allow you to enter the scheduling information. •Add—Allows you to add a scheduled task. •Delete—Allows you to delete a scheduled task.
		Schedule Day	Select the schedule day from the drop-down list.
		Schedule Time (hh:mm:ss)	Enter the schedule time in the hh:mm:ss format.
	Interface Assignment	Action	Select one of these option from the drop-down list: •No Change—Does not allow changes to the existing assignment. •Assign—Allows you to assign an interface. •Unassign—Allows you to unassign an interface.
		Cable Interface	Select a cable interface from the drop-down list.
		Spectrum ID [1 - 32]:	Enter the Spectrum ID. The range for Spectrum ID is between 1—32. This field is disabled if you chose Unassign as the value in the Action field, in the Interface Assignment sub-group.

Click Applicable Devices to view the devices to which this task applies.

Cable Trap Source Task

You can use this task to configure SNMP Traps hosts, notification, message and notification of SNMP Traps on a cable interface.

This task supports cable devices.

For more details, see Table 10-4.

You can enter the details of this task in the Trap Source Configuration dialog box. (To invoke this dialog box, see Starting a New NetConfig Job.)

For the features of system-defined tasks and a description of the features of a system-defined task dialog box, see Understanding the System-defined Task User Interface (Dialog Box).

The fields in the Trap Source Configuration dialog box are:

Group	Sub-Group	Field	Description
Trap Source Configuration	Trap Source Interface	Action	Select the required option to add, remove or make no change to a Trap Source interface.
		Trap Source Interface	Select the required trap source interface from the drop-down list.
	CM On/Off Trap Interval	Cable Interface	Select the cable interface on which to specify the trap interval.
		Interval [0 - 86400]	Specify a value for the trap interval in the range 0—86400 seconds.
		Set to Default	Select this to set the trap interval to the default value of 600 seconds.

Click Applicable Devices to view the devices to which this task applies.

Support for Auto Smartports and Smartports

Smartport macros provides an easy way to save and share common configurations. Each Smartport macro is a group of CLI commands. When you apply a Smartport macro on a port, the CLI commands within the macro will be deployed on the port. If the command fails when applying a macro, either due to a syntax error or a configuration error, the macro continues to apply the remaining commands on the port.

Auto Smartports macros applies the configuration commands on a port automatically based on the policy definitions configured in the device.

As part of provisioning Smartports and Auto Smartports, RME provides the following Netconfig tasks:

•Auto Smartports—Task applicable for Device based Netconfig flow

•Manage Auto Smarports—Task applicable for Port based Netconfig flow

•Smartports—Task applicable for Port based Netconfig flow

Auto Smartports

RME allows you to configure auto smartports macro policies on a device.

If Auto Smartports macro is enabled at device level, all the available ports in the device will be enabled for auto smartports, except for the ports that are in disabled state.

You can use the Auto Smartports task to:

•Enable or disable auto smartports functionality at device level

•Apply or remove auto smartports policy definitions

You can enter the details of this task in the Auto Smartports Configuration dialog box.

To invoke this dialog box, see Starting a New NetConfig Job.

---

Note The Auto Smartports task is available only in the Device based flow of a NetConfig job. For applying Auto Smartports task, the minimum supported version of the IOS image should be 12.2(50) SE.

---

The fields in the Auto Smartports Configuration dialog box are:

Group	Field	Description
IOS Parameters
Enable/Disable Auto Smartports	Action	You can select the following actions to enable or disable auto smartports functionality at device level: •Enable—Select this action to enable auto smartports •Disable—Select this action to disable auto smartports
	Enable CDP fallback	Check to enable CDP fallback.
Built-in Auto Smartports macro	Event trigger identifier	Select the following event trigger identifier from the drop-down list: •CISCO_PHONE_EVENT •CISCO_ROUTER_EVENT •CISCO_SWITCH_EVENT •CISCO_WIRELESS_AP_EVENT •CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT
	Associated macro	The macro associated with the event trigger identifier. The field is automatically populated based on the event trigger identifier selected. The following are the macros associated with the event trigger identifier: •CISCO_PHONE_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_PHONE_EVENT •CISCO_SWITCH_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_SWITCH_EVENT •CISCO_ROUTER_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_ROUTER_EVENT •CISCO_AP_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_WIRELESS_AP_EVENT •CISCO_LWAP_AUTO_SMARTPORT—Macro associated with the event trigger identifier CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT
	Access VLAN	Enter the Access VLAN value. The value entered must be greater than zero. For example, 2. By default, the value for Access VLAN will be 1. This field is enabled only if you have selected the following event trigger identifier: •CISCO_PHONE_EVENT •CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT
	Voice VLAN	Enter the Voice VLAN value. The value entered must be greater than zero. For example, 1. By default, the value for Voice VLAN will be 2. This field is enabled only if you have selected the event trigger identifier CISCO_PHONE_EVENT
	Native VLAN	Enter the Native VLAN value. The value entered must be greater than zero. For example, 1. By default, the value for Native VLAN will be 1. This field is enabled only if you have selected the following event trigger identifier: •CISCO_ROUTER_EVENT •CISCO_SWITCH_EVENT •CISCO_WIRELESS_AP_EVENT •CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT
User-defined Auto Smartports macro	Action	You can select the following actions to apply or remove auto smartports policy: •Apply—Select this action to define auto smartports policy •Remove—Select this action to remove the existing auto smartports policy
	Event trigger type	Select the following event trigger type: •Pre-defined trigger—To associate the auto smartports macro with a pre-defined event trigger. •User-defined trigger—To associate the auto smartports macro with a user-defined event trigger.
	Event trigger identifier	Select the following event trigger identifier from the drop-down list: •CISCO_PHONE_EVENT •CISCO_ROUTER_EVENT •CISCO_SWITCH_EVENT •CISCO_WIRELESS_AP_EVENT •CISCO_WIRELESS_LIGHTWEIGHT_AP_EVENT This drop-down list is enabled only if you have selected the Event trigger type as Pre-defined trigger.
	User-defined event trigger identifier	Enter the name of the event trigger identifier. This field is enabled only if you have selected the Event trigger type as User-defined trigger.
	User defined macro input mode	Enter the auto smartports CLI commands either through CLI command or import from a file (.txt) that has CLI commands. You can select the following options: •CLI command •Import CLI command from the file
	Macro command(s)	Enter the CLI commands. For example, 56 56 K C7100-IS56I-M 56 56 K C7100-IS56I-M 56 if [[ $LINKUP -eq YES ]]; then conf t interface $INTERFACE macro description $TRIGGER switchport access vlan 1 exit end This field is enabled only if you have selected the User-defined macro input mode as CLI command.
Select macro command input file from the server	Files	Click Browse and select the file (.txt) that has the CLI commands. The CLI command file (.txt) should reside in the default location: •On Solaris: /var/adm/CSCOpx/files/rme/netconfig/ •On Windows: NMSROOT\files\rme\netconfig\ Where, NMSROOT is the CiscoWorks install directory.
Applicable Devices (Button)		Allows you to view the IOS devices in your selection that you want to configure auto smartports macros.
Save (Button)		Saves the information you have specified.
Reset (Button)		Clears all fields and reverts to the default setting.
Cancel (Button)		Ignores your changes.

Manage Auto Smarports

You can use the Manage Auto Smartports task to enable or disable auto smartports functionality on a port.

You can enter the details of this task in the Manage Auto Smartports Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

---

Note The Manage Auto Smartports task is available only in the Port based flow of a NetConfig job.

---

The fields in the Manage Auto Smartports Configuration dialog box are:

Group	Field	Description
IOS Parameters
	Action	Select the following actions: •Enable—Enables auto smartports functionality on the port. •Disable—Disables auto smartports functionality on the port.
	Enable Auto Smartports at device level	Check the checkbox to enable auto smartports at a device level.
	Enable CDP fallback	Check to enable CDP fallback.
Applicable Devices (Button)		Allows you to view the IOS devices in your selection that you want to configure auto smartports macros.
Save (Button)		Saves the information you have specified.
Reset (Button)		Clears all fields and reverts to the default setting.
Cancel (Button)		Ignores your changes.

When you schedule a NetConfig job for Manage Auto Smartports task and if you have selected any of the following Failure Policies, in the Job Schedule and Options dialog box, the rollback functionality will happen only if the archived configuration contains the command fi.

•Rollback device and stop

•Rollback device and continue

•Rollback job on failure

Smartports

You can use the Smartports task to apply smartports on a port by selecting the predefined smartports macros.

You can enter the details of this task in the Smartports Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

---

Note The Smartports task is available only in the Port based flow of a NetConfig job.

---

The fields in the Smartports Configuration dialog box are:

Group	Field	Description
IOS Parameters
Built-in Smartport Macro	Smartport Macro	Select the following predefined smartport macros from the drop-down list: •cisco-desktop •cisco-phone •cisco-switch •cisco-router •cisco-wireless
	Access VLAN	Enter the Access VLAN value. The value entered must be greater than zero. For example, 2. This field is enabled only if you have selected the following smartports macros: •cisco-desktop •cisco-phone
	Voice VLAN	Enter the Voice VLAN value. The value entered must be greater than zero. For example, 1. This field is enabled only if you have selected cisco-phone as the smartports macro.
	Native VLAN	Enter the Native VLAN value. The value entered must be greater than zero. For example, 1. This field is enabled only if you have selected the following smartports macro: •cisco-switch •cisco-router •cisco-wireless
Applicable Devices (Button)		Allows you to view the IOS devices in your selection that you want to configure auto smartports macros.
Save (Button)		Saves the information you have specified.
Reset (Button)		Clears all fields and reverts to the default setting.
Cancel (Button)		Ignores your changes.

When you schedule a NetConfig job for Smartports task and if you have selected any of the following Failure Policies, in the Job Schedule and Options dialog box, the rollback functionality will not happen.

•Rollback device and stop

•Rollback device and continue

•Rollback job on failure

PoE Task

You can use the PoE task to configure Power and Power Policing in ports. Power Policing allows you to turn off power while generating syslogs. This is needed if the real-time power consumption exceeds the maximum power allocation on the port.

Power policing and ePoE is supported only on Catalyst 3750-E and Catalyst 3560-E switches with PoE ports.

You can enter the details of this task in the PoE Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

---

Note The PoE task is available only in the Port based flow of a NetConfig job.

---

The fields in the PoE Configuration dialog box are:

Field	Description
Power Management
Power Mode	Select the following power modes: •Auto •Static •Disable If you select Disable as the power mode, the detection and power for the inline power capable interface will be disabled.
Max Power	Enter the maximum power for the selected mode. Maximum power can be upto 20,000 milliwatts.
Power Policing
Policing	Select the following options for power policing: •Enable •Disable
On Violation	Select the following to either generate a Syslog or to turn off power to the device. •Generate Syslog •Turn-Off Power
Applicable Devices	Allows you to view the IOS devices in your selection that you want to configure PoE policies.
Save (Button)	Saves the information you have specified.
Reset (Button)	Clears all fields and reverts to the default setting.
Cancel (Button)	Ignores your changes.

You can generate PoE MAX Power Violation syslog report for this task.

To generate this custom report, see Overview: Syslog Analyzer Reports. The fields in the generated Syslog Analyzer PoE MAX Power Violation report are given below:

Field	Description
Device Name	Name of the device generating the Syslog message.
Interface	Name or IP Address of the interface in that device generating the Syslog message.
Timestamp	Time when the Syslog message was generated. The format used by timestamp is: mmm dd yyyy hh:mm:ss where: mmm represents month dd represents date yyyy represents year hh represents hour mm represents minute ss represents second Example: if [[ $LINKUP -eq NO ]]; then
Facility/Sub Facility	Displays the facility or sub-facility codes. A facility is a hardware device, a protocol, or a module of the system software. See the section, System Error Messages in the Cisco IOS Reference manual, for a predefined list of system facility codes. A sub-facility is the sub-facility in the device that generates the Syslog message.
Severity	Displays the message severity levels. Representations for the severity codes are: 0—Emergencies 1—Alerts 2—Critical 3—Errors 4—Warnings 5—Notifications 6—Informational
Mnemonics	Codes that uniquely identifies an error message. Example: conf t interface $INTERFACE
Description	Description of each Syslog message.
Details	Other details for each Syslog message.

Catalyst Integrated Security Features

You can use the Catalyst Integrated Security Features task to configure Port Security, DHCP Snooping, Dynamic ARP Inspection and IP Source Guard on ports.

The Catalyst Integrated Security Feature is supported only on Catalyst 2960, 3560, 3560E, 3750, 3750E switches.

You can enter the details of this task in the Catalyst Integrated Security Features Configuration dialog box. To invoke this dialog box, see Starting a New NetConfig Job.

---

Note The Catalyst Integrated Security Features task is available only in the Port based flow of a NetConfig job.

---

The fields in the Catalyst Integrated Security Features Configuration dialog box are:

Field	Description
IOS Parameters
Port Security
Action	Select the following actions to limit the number of MAC addresses that can be learned through a port: •Change •Disable
Maximum Number of MAC Addresses	Enter the number of MAC addresses. This field is enabled only if the action Change is selected.
DHCP Snooping
Global DHCP Snooping	Enables or disables DHCP Snooping globally.
VLAN DHCP Snooping	Enables or disables DHCP Snooping only on VLAN.
VLAN ID or VLAN Range	Enter the VLAN ID or VLAN range or both. For example, •You can enter the VLAN ID as 10. •You can enter the VLAN range separated by a space or a hypen as 1 4,4-8. •You can enter both VLAN ID and VLAN range as 10, 4-8.
Port Trusting	Configure port trusting by selecting the following options: •Trust •UnTrust
DHCP Messages Per Second	Configure the DHCP messages rate limit for the ports and enter the number of DHCP messages that can be received per second.
Dynamic ARP Inspection
VLAN Dynamic ARP Inspection	Enables or disables Dynamic ARP Inspection only on VLAN.
VLAN ID or VLAN Range	Enter the VLAN ID or VLAN range or both. For example, •You can enter the VLAN ID as 10. •You can enter the VLAN range separated by a space or a hypen as 1 4,4-8. You can enter both VLAN ID and VLAN range as 10, 4-8.
Port Trusting	Configure port trusting by selecting the following options: •Trust •UnTrust
ARP Messages Per Second	Configure the ARP messages rate limit for the ports and enter the number of ARP request messages that can be received per second.
IP Source Guard
Action	Configure the IP souce guard by selecting the following actions: •Enable Filter By Source IP •Enable Filter By Source IP and MAC Address •Disable Filter By Source IP •Disable Filter By Source IP and MAC Address
Applicable Devices	Allows you to view the IOS devices in your selection that you want to configure Catalyst Integrated Security Features on the ports.
Save (Button)	Saves the information you have specified.
Reset (Button)	Clears all fields and reverts to the default setting.
Cancel (Button)	Ignores your changes.

You can generate a Syslog Analyzer report for this task which lists only the Syslogs that are specific to Catalyst Integrated Security Features.

To generate this custom report, see Overview: Syslog Analyzer Reports. The fields in the generated Syslog Analyzer Catalyst Integrated Security Features Report are given below:

Field	Description
Device Name	Name of the device generating the Syslog message.
Interface	Name or IP Address of the interface in that device generating the Syslog message.
Timestamp	Time when the Syslog message was generated. The format used by timestamp is: mmm dd yyyy hh:mm:ss where: mmm represents month dd represents date yyyy represents year hh represents hour mm represents minute ss represents second Example: no macro description
Facility/Sub Facility	Displays the facility or sub-facility codes. A facility is a hardware device, a protocol, or a module of the system software. See System Error Messages in the Cisco IOS Reference manual, for a predefined list of system facility codes. A sub-facility is the sub-facility in the device that generates the Syslog message.
Severity	Displays the message severity levels. Representations for the severity codes are: 0—Emergencies 1—Alerts 2—Critical 3—Errors 4—Warnings 5—Notifications 6—Informational
Mnemonics	Codes that uniquely identifies an error message. Example: no switchport access vlan 1 exit
Description	Description of each Syslog message.
Details	Other details for each Syslog message.

SRE Operation Task

You can use the SRE Operation task to perform the following operations in the service modules of SRE supported devices:

•Install application in service modules

•Uninstall application from service modules

•Understand:

–Status of the service module

–Application that is running on the module

–Status of the current installation in the service module

–Status of uninstallation in the service module

•Stop the installation on a set of service modules in a SRE device

•Reset service modules in a SRE device

•Shutdown the set of service modules in a SRE device

You can enter the details of the SRE Operation task in the SRE Operation Configuration dialog box. To invoke this dialog box, see Create a NetConfig Job based on Module or Port.

The fields in the SRE Operation Configuration dialog box are:

Field	Description
Action	Select the following actions: •Install—Install application in service modules. •Uninstall—Uninstall application from service modules. •Status—Displays the following: –Status of the service module –The applicable running on the module –Status of the installation and uninstallation being performed in the service module •Abort—Stop installation on a set of service modules in a SRE device. •Shutdown—Shutdown the set of service modules in a SRE device •Reset—Reset service modules in a SRE device.
Script Name [Optional]	Name of the script file that should be picked up during installation. This field is optional and is enabled only if the Install action is selected.
Argument to the Script [Optional]	String argument passed to the script. The string argument must be entered within quotes. For example, "argument". This field is optional and enabled only if Install action is selected.
URL of the installation source directory	URL path of the package from where the device needs to download the image for installation. For example, ftp://180.180.180.80/nibbler/012609/pkg1/foundation.sme.1.4.40.18.pkg This is a mandatory field. If this field is blank, an error message appears.
Applicable Devices	Allows you to view the devices in your selection that you want to configure SRE operation.
Save (Button)	Saves the information you have specified.
Reset (Button)	Clears all fields and reverts to the default setting.
Cancel (Button)	Ignores your changes.

cwcli netconfig

This command is described in the cwcli framework chapter. For details see the topic Running the cwcli netconfig Command in the section CLI Utilities.

Use Case: Using NetConfig Templates to change Configurations for many Devices

Case

As a Network Administrator, you would want to change configuration for a set of devices in few simple steps.

Solution

You can use NetConfig to change the configurations of many devices in one step. You can select the devices and the corresponding system-defined or user-defined tasks and schedule a NetConfig job.

Let us say, you want to change the Local Username and Telnet password for few devices. To perform this:

---

Step 1 Go to RME > Config Mgmt > NetConfig

The Devices And Tasks dialog box appears.

Step 2 Select the required devices from the Device Selector.

Step 3 Select the Local Username and Telnet Password tasks from the Task Selector.

NetConfig Tasks are also referred to as NetConfig templates.

Step 4 Click Next.

From your selection, only the tasks that are applicable to at least one device that you have selected, appear here. If the task that you have selected does not apply to the categories of any of the devices that you have selected, it will not be displayed in the Applicable Tasks pane.

Step 5 Select a task and click Add to create an instance for the task.

Figure 10-1 displays the Local Username Configuration dialog box.

Figure 10-2 displays the Telnet Password Configuration dialog box.

Figure 10-3 displays the Applicable tasks and Added Instances.

Step 6 After creating the instances, select the Local Username_1 instance and click View CLI button to view the CLI commands that will be deployed onto the devices as well as the applicable and non applicable devices.

Alternatively, you can click Edit to edit the selected instance or click Delete to delete an instance. You can only delete one instance at a time.

Figure 10-1 Local Username Configuration

Figure 10-2 Telnet Password Configuration

Figure 10-3 Add Task

Step 7 Click Next.

The Job Schedule and Options page appears.

For more information on how to schedule a NetConfig job, see Starting a New NetConfig Job.

Step 8 Provide the required information in the Job Schedule and Options dialog box and click Finish.

The Job Work Order screen appears.

Step 9 Click Finish.

A notification indicating the successful creation of a job appears.

Example

end

The NetConfig job will be executed at the scheduled date and time. The Local Username Configuration and Telnet Password Configuration changes effected will be deployed on the selected applicable devices.

To know the status of the job scheduled, go to RME > Config Mgmt > NetConfig > NetConfig Jobs.

---