Table Of Contents

Accessing and Setting Up CiscoWorks SNMS

Accessing and Configuring WhatsUp Gold

Accessing the WhatsUp Gold Console

Discovering and Mapping Network Devices

Setting Map Polling Properties

Setting Up Notifications

Setting Up and Accessing WhatsUp Gold Web Server

Accessing and Configuring CiscoWorks SNMS

Accessing the CiscoWorks Desktop

Setting Up User Security

Accessing the WhatsUp Gold Web Server From the CiscoWorks SNMS Desktop

Configuring the CiscoWorks SNMS Server

Setting Device Credentials

Setting Up Inventory

Adding or Importing Inventory Data

Creating EssentialsManagedDevices Map

Changing Device Attributes

Creating a Device View

Setting Up Syslog Analysis

Specifying Country Codes

Configuring Devices for Syslog Analysis

Verifying the Syslog Analyzer

Setting Up Software Management

Verifying Space Requirements for Downloaded Files

Setting Up File Transfer Servers

Adding Device Credentials

Configuring the SMTP Server

Setting Software Management Preferences

Setting Up Configuration Management

Entering Device Credentials

Modifying Device Configurations

Modifying Device Security

Setting Up NetConfig

Configuration Job Setup

Setting Up CiscoView Debug Preferences

Logging Out

Accessing and Setting Up CiscoWorks SNMS

---

After you have successfully installed CiscoWorks SNMS, perform the following tasks to access and set up CiscoWorks SNMS:

•Accessing and Configuring WhatsUp Gold

•Accessing and Configuring CiscoWorks SNMS

Accessing and Configuring WhatsUp Gold

Accessing and configuring WhatsUp Gold involves:

•Accessing the WhatsUp Gold Console

•Discovering and Mapping Network Devices

•Setting Map Polling Properties

•Setting Up Notifications

•Setting Up and Accessing WhatsUp Gold Web Server

Accessing the WhatsUp Gold Console

On the CiscoWorks SNMS server, from the Windows Taskbar, select Start > Programs > WhatsUp > WhatsUp Gold.

The WhatsUp Gold console appears.

---

Note After you install SNMS, restart the system, and log into the server, WhatsUp Gold is launched automatically.

---

Discovering and Mapping Network Devices

The network map is a graphical representation of the devices in a network. The Discover and Map capability in WhatsUp Gold creates a map by reading network files and identifying devices listed in them.

You can discover your network using any of these methods:

•Discover with SNMP SmartScan. (This is the preferred method).

•Discover using ICMP.

•Discover from your Network Neighborhood.

•Import from your registry.

•Import from a hosts file.

The procedure to discover your network with SNMP SmartScan is described below.

For details about the other methods, see the WhatsUp Gold Online help.

To discover the network using SNMP SmartScan:

---

Step 1 In the WhatsUp Gold console, select File > New Map Wizard.

The Device Discovery wizard appears.

Step 2 Select Discover and map network devices and click Next.

The Device Discovery Methods dialog box appears.

Step 3 Select Discover your network with SNMP SmartScan. This is the default option. (If you select any of the other options, this option becomes available for selection only after you deselect the other options).

Step 4 Click Next.

The SNMP SmartScan dialog box appears.

Step 5 Enter the IP address of your router or the IP address of your default gateway in the SNMP root device field.

Step 6 Enter SNMP community strings and click Next.

Step 7 Select the services you want WhatsUp Gold to scan for and click Next.

WhatsUp Gold scans the network for information and after the scan completes, you can specify the devices that you want displayed on the map.

Step 8 Click Finish to complete the discovery.

Step 9 To save the discovered maps, select File > Save All.

By default, the map will be saved in NMSROOT\WhatsUp, where NMSROOT is the CiscoWorks installed directory.

---

Setting Map Polling Properties

You can set the polling properties for each parent network map and subnet map.

---

Step 1 To open a map in the WhatsUp Gold console, use File > Open.

Step 2 Select the required map file from the file selection dialog box and click Open.

The map window opens, for the selected network map.

Step 3 Right click on an empty area of the map and select Properties

or

Select Edit > Properties.

The Map Properties dialog box appears.

Step 4 Click General.

Step 5 Enter the Title.

The Title is used to identify a network map on the map window. The Title also appears in the browser window when you access WhatsUp Gold through the web server.

Step 6 Enter the Poll Frequency.

This is the number of seconds between the start of a poll of a map.

You can enable or disable polling, or modify the polling frequency for a device, based on its priority in the network.

Step 7 Enter the Default Timeout.

This is the number of seconds to wait for a response from a polled device.

Step 8 Click OK.

---

Setting Up Notifications

WhatsUp Gold notifies you when:

•A device is down.

•A service on a device is down.

•An SNMP trap has been received for a device.

WhatsUp Gold sends a notification in several ways. It can:

•Sound an alarm.

•Activate a beeper.

•Execute a program.

•Send a message to a pager.

•Send an SMTP mail message.

•Send a pre-recorded message to a telephone.

•Display a WinPopup.

•Send a group of notifications that includes any of the above types.

---

Note All the above are WhatsUp Gold console features.

---

To set up notifications:

---

Step 1 Select Configure > Notifications Library in the Main Menu of the WhatsUp Gold console.

The Notifications Library pop-up appears with the following notification methods:

•Beeper

•Group

•Pager

•Program

•SMS

•SMTPMail

•Service Restart

•Sound

•Syslog

•TextSpeech

•WinPopup

Step 2 Select the required notification method and click New.

A pop-up appears for the selected notification method. For example, if you selected Beeper, the New Beeper Notification pop-up appears.

Step 3 Enter a unique Display Name to identify the notification, complete the other fields, and click OK.

Step 4 Configure the other notification methods as required and click Close.

After you define a notification method, you need to assign a device, a set of devices, or all devices to the notification method.

Step 5 Select Monitor > Assign Alert from the Main Menu of the WhatsUp Gold console.

WhatsUp Gold displays a dialog box where you can select the devices to which you can assign alerts.

---

Note The Monitor menu is available only when a map is open.

---

Step 6 Select the device to which you want to assign a notification and click OK.

The Item Properties dialog box appears.

Step 7 Select the Enable Alerts check box and click Add.

The Add Alert dialog box appears.

Step 8 Enter specific details and click OK.

The selected notification method appears in the Item Properties dialog box.

Step 9 Click OK in the Item Properties dialog box.

WhatsUp Gold sets up notifications for selected devices on the network.

---

Setting Up and Accessing WhatsUp Gold Web Server

WhatsUp Gold provides a web server that lets you view the status of your network and change the WhatsUp Gold settings from a browser.

To enable the launching of the web server:

---

Step 1 In the WhatsUp Gold console, select Configure > Web Server.

The Web Server Properties dialog box appears.

Step 2 Click General.

Step 3 Select Enable Web Server, if it is not selected. (It is selected by default.)

Step 4 Click OK.

---

To launch the WhatsUp Gold web server, in your browser, enter:

http://servername:1742

where servername is the name of the server where CiscoWorks SNMS is installed, and 1742 is the default WhatsUp Gold web server port.

WhatsUp Gold provides these two default user IDs for accessing the web server:

•The user ID admin—This has full access to WhatsUp Gold views and functions.

This is the admin password that you entered at the time of installation.

•The user ID guest—This has access to all WhatsUp Gold views but cannot change any WhatsUp Gold settings.

This is the guest password that you entered at the time of installation.

To change the password, see the "WhatsUp Gold Admin and Guest Password" section on page B-2.

WhatsUp Gold uses 1742 as the default web server port. You can change this, if required.

To change the default web server port:

---

Step 1 In the WhatsUp Gold console, select Configure > Web Server.

The Web Server Properties dialog box appears.

Step 2 Click General.

Step 3 Enter the new port number in the TCP port field.

Step 4 Click OK.

---

Accessing and Configuring CiscoWorks SNMS

Accessing and configuring CiscoWorks SNMS involves:

•Accessing the CiscoWorks Desktop

•Setting Up User Security

•Accessing the WhatsUp Gold Web Server From the CiscoWorks SNMS Desktop

•Configuring the CiscoWorks SNMS Server

•Setting Device Credentials

•Setting Up Inventory

•Setting Up Syslog Analysis

•Setting Up Software Management

•Setting Up Configuration Management

•Setting Up CiscoView Debug Preferences

Accessing the CiscoWorks Desktop

---

Step 1 Enter the URL of the CiscoWorks SNMS server in the web browser:

http://server_name:1741

where server_name is the name of the system on which CiscoWorks SNMS is installed and 1741 is the default CiscoWorks SNMS web server port.

The CiscoWorks SNMS Main Screen, with the Login Manager appears.

Step 2 Log in to your CiscoWorks SNMS server.

User Name: admin

Password: password

Where password is the admin password that you entered at the time of installation.

---

Note Click Yes/OK for all the security alert dialog boxes.
See Release Notes for CiscoWorks SNMS 1.5 and 1.5.1, for more details.

---

The CiscoWorks Desktop appears. By default, the WhatsUp Network Monitor is displayed.

---

If you have discovered devices using WhatsUp Gold, see the procedure for exporting devices to Essentials, in the "Creating EssentialsManagedDevices Map" section.

Setting Up User Security

For security reasons, you can change your passwords at any time.

To change the password:

---

Step 1 From the CiscoWorks Desktop, select Admin > Server Configuration > Setup > Security > Modify My Profile.

The Modify My Profile dialog box appears.

Step 2 Enter the new password in the Local Password and Confirm Password fields and click Modify.

---

Accessing the WhatsUp Gold Web Server From the CiscoWorks SNMS Desktop

WhatsUp Gold provides a web server that lets you view the status of your network and change the WhatsUp Gold settings from a browser.

You need administrator privileges to access the WhatsUp Gold web server. See Appendix B, "WhatsUp Gold Admin and Guest Password" for more information.

To launch the WhatsUp Gold web server, select the WhatsUp Gold tab from the CiscoWorks Desktop.

The WhatsUp Gold desktop appears.

Configuring the CiscoWorks SNMS Server

You can configure system-wide information for CiscoWorks SNMS applications using the System Configuration option. You should verify that the defaults are correct or enter corrections.

---

Step 1 From the CiscoWorks Desktop, select Admin > Essentials > System Configuration.

The System Configuration dialog box appears.

Step 2 Select one of the following tabs to enter information or to verify that the configured information is correct:

•Proxy

•SNMP

•SMTP

•rcp

See Table 3-1 for descriptions of the information in each dialog box tab.

Table 3-1 System Configuration Dialog Box Information 

Tab Name	Description	Fields—Values to Enter
Proxy	Connects to Cisco.com. If server access to the outside world is controlled through a proxy server, this setting must be configured.	Proxy URL—System-wide proxy URL. There is no default.
SNMP	Queries devices for inventory collection: includes importing and adding devices and collecting inventory data.	Fast SNMP Timeout—Length of time, (from 5 to 90 seconds) that the system should wait for a device to respond before trying to access it again. Default is 5. Fast SNMP Retry—Number of times, (from 2 to 6) that the system should try to access devices with fast SNMP options. Default is 2. Slow SNMP Timeout—Length of time, (from 10 to 90 seconds) that the system should wait for a device to respond before trying to access it again. Default is 20. Slow SNMP Retry—Number of times, (from 2 to 6) that the system should try to access a device with slow SNMP options. Default is 3. The system tries the Fast SNMP Timeout and Fast SNMP Retry options first. If no response occurs after the Fast Retry, the system switches to the Slow SNMP option.
SMTP	Sends email.	SMTP Server—Server name. Default is localhost.
rcp	Specifies user during remote file transfer operations from devices. Authenticates rcp transfers between devices and the server. User account should be configured on devices as local user. See the "Setting Up File Transfer Servers" section for more information.	User Name—Name used by a network device when it connects to the server to run rcp.

Step 3 Click Apply to save changes, or click Defaults to apply the defaults.

Step 4 Repeat Step 2 and Step 3 until you have verified or corrected all the information displayed in the System Configuration dialog box.

This dialog box is displayed until you select another option from navigation tree.

---

Setting Device Credentials

Several important items must be configured correctly on every Cisco device that will be managed and monitored through CiscoWorks SNMS.

Details about each application and the tasks involved in setting the credentials are available later in this document.

Table 3-2 lists all the applications and the device credentials required for proper functioning of the applications.

Table 3-2 Applications and the Device Credentials 

Application	Telnet Password	Enable Password	SNMP Read Only	SNMP Read / Write
NetConfig	Required	Required	Required	Not required1
NetShow	Required	Required	Required	Not required
Config Editor	Required	Required	Required	Not required2
ChangeAudit	Not required	Not required	Required	Not required
Configuration Management (Telnet)	Required	Required	Required	Not required
Configuration Management (TFTP) 3	Not required	Not required	Required	Required
Inventory	Not required	Not required	Required	Not required
Software Image Management	Required4	Required4	Required	Required
Syslog	Not required	Not required	Required	Not required

1 After execution of a job, NetConfig provides an option to fetch the configuration using TFTP. SNMP Read/Write credentials are required in such cases. 2 After execution of a job, Config Editor provides an option to fetch the configuration using TFTP. SNMP Read/Write credentials are required in such cases. 3 The file vlan.dat can be fetched only if there is a telnet password and an enable password. 4 Required in case of few devices like PIX devices, Cisco 2950 series switches.

Setting Up Inventory

As a network administrator, you need to be able to quickly troubleshoot problems on the network, identify when network capacity is being reached, and provide information to management on the number and types of devices that are on the network.

If the network goes down, one of the first things you will need to know is what devices are running on the network. The Inventory application in CiscoWorks SNMS caters to these requirements.

This section describes the tasks that you must perform to set up the Inventory application.

For detailed information see User Guide for CiscoWorks Small Network Management Solution.

See the following topics:

•Adding Device Information Manually

•Importing Devices from WhatsUp Gold

•Creating EssentialsManagedDevices Map

•Changing Device Attributes

•Creating a Device View

Adding or Importing Inventory Data

You must have at least one managed device (a device whose inventory information is tracked by CiscoWorks SNMS) to verify correct CiscoWorks SNMS installation. To manage your network, you need to add the device information for all your managed devices.

To populate your network inventory:

•Add devices one at a time by entering the device information manually. See the "Adding Device Information Manually" section for more information.

•Import a group of devices from:

–A comma-separated values (CSV) file or a data integration file (DIF) that you create from another information source. See the "Importing Devices from WhatsUp Gold" section for more information.

–WhatsUp Gold. See the "Importing Devices from WhatsUp Gold" section for more information.

---

Note CiscoWorks SNMS supports up to 40 Cisco devices. These 40 devices include both managed devices, and devices in the Suspended state. If you add more than 40 devices, the additional devices will be in the Not Responding state.

---

Adding Device Information Manually

This section describes how to add devices one at a time and how to troubleshoot problems you might have using this method.

---

Step 1 From the CiscoWorks Desktop, select Admin > Essentials > Inventory > Add Devices.

The Add a Single Device dialog box appears.

Step 2 Enter the access information and annotations for one device.

You must fill in the Device Name field with the device name or IP address. For Inventory, all other fields in this dialog box are optional. For other applications, you might need to fill in other fields. For more information, see the Inventory Online help.

Step 3 Click Next.

The Enter Login Authentication Information dialog box appears.

You must fill in the Read Community String and Write Community String fields and verify the passwords. For Inventory, the other fields in this dialog box are optional. For other applications, you might need to fill in other fields. For more information, see the Online help.

Step 4 Click Next.

The Enter Enable Authentication Information dialog box appears.

For Inventory, all fields are optional. For other applications, you might need to fill in fields. For more information, see the Online help.

Step 5 Click Finish.

The Single Device Add dialog box appears.

Step 6 Click View Status.

The Add/Import Status Summary dialog box appears.

Step 7 Use the Add/Import Status Summary dialog box to check the status of the device you specified.

This dialog box should contain:

Device Status	Number of Devices
Managed	0
Alias	0
Pending	1
Conflicting	0
Suspended	0
Not Responding	0
Device Attribute Errors	0

If the device responded quickly, the Managed row might already contain one device.

Step 8 Click Update on the Add/Import Status Summary dialog box to update device status.

If the pending count goes from 1 to 0 after you click Update and the Managed row has 1 device, CiscoWorks SNMS was installed and configured correctly.

You might need to wait several minutes for the device to become managed. Click Update on the Add/Import Status Summary dialog box every minute or so to check current device status.

For additional information, see the Online help.

If you added a device and the Add/Import Status Summary dialog box shows that the device status has not changed from Pending even after 15 minutes, check the status of all processes to make sure they are running normally.

•To view the latest device status information, select Admin > Essentials > Inventory > Import Status, then click Update in the Add/Import Status Summary dialog box.

•To determine if the DIServer process is running, select Admin > Server Configuration > Process Management > Process Status. (The DIServer is the process responsible for validating devices and changing their status.)

Even if the DIServer process has the state Running Normally, it might be in an error state. You need to stop and restart it.

•To stop the DIServer process:

a. Select Admin > Server Configuration > Process Management > Stop Process.

The Stop Process dialog box appears.

b. Click the Process radio button.

c. In the Process Name field, select DIServer, then click Finish.

•To restart the DIServer process:

a. Select Admin > Server Configuration > Process Management > Start Process.

The Start Process dialog box appears.

b. Click the Process radio button.

c. In the Process Name field, select DIServer, then click Finish.

Step 9 Select Admin > Essentials > Inventory > Import Status to return to the Add/Import Status Summary dialog box, then click Update.

The device status should change to Managed within a couple of minutes.

---

Importing Devices from WhatsUp Gold

You can import multiple devices from WhatsUp Gold maps.

The WhatsUp Gold Map that you want to import must be loaded in WhatsUp Gold before importing to Essentials.

---

Step 1 Select Admin > Essentials > Inventory > Import from WhatsUp Gold. The available WhatsUp Gold maps listed in the Import WhatsUp Gold Devices to Essentials dialog box.

The Export WhatsUp Gold Devices to Essentials dialog box appears.

Step 2 Select the WhatsUp Gold map you want to export.

---

Note The EssentialsManagedDevices map will not be listed because this map already contains the Essentials managed devices.

---

Step 3 Click Finish.

The Add/Import Status Summary dialog box appears.

You must change the device attributes using Admin > Essentials > Inventory > Change Device Attributes after importing the devices to Essentials from WhatsUp Gold.

---

You can also import devices from a file.

To import devices from a file, extract data from your existing data source into a comma-separated value (CSV) file or data integration file (DIF), select Admin > Essentials > Inventory > Import from File.

If you have difficulty importing device information:

•Increase the SNMP timeout setting.

•Verify that you entered correct read community strings for the devices.

For additional information, see the Online help.

Creating EssentialsManagedDevices Map

This map contains the devices that are managed by the Essentials database, on WhatsUp Gold.

This map is created automatically for the first time when you:

•Add or import devices using Add devices and Import from File options in Admin > Essentials > Inventory.

or

•Discover devices using the WhatsUp Gold console and then use the Export to Essentials option from CiscoWorks Desktop > WhatsUp Gold.

or

•Discover devices using the WhatsUp Gold console and import the devices into Essentials using the option Admin > Essentials > Inventory > Import from WhatsUp Gold.

See Online help for more information.

If you have already discovered devices using WhatsUp Gold and also imported devices into Essentials, reload WhatsUpGold by selecting the WhatsUp Gold tab on the CiscoWorks Desktop.

The EssentialsManagedDevices map will be created. (This may take few seconds to appear on the WhatsUp Gold screen.)

Subsequently, you have to manually update this map whenever you manage a new device in Essentials, using the Recreate Map option.

We recommend that you do not delete or modify the EssentialsManagedDevices map.

Changing Device Attributes

You can check the device attributes such as device access, password information, and user information by selecting Admin > Essentials > Inventory > Check Device Attributes.

If any changes are required to the device attributes, you can use the Change Device Attributes option.

To edit device attributes:

---

Step 1 Select Admin > Essentials > Inventory > Change Device Attributes.

The Change Device Attributes dialog box appears.

Step 2 Select the device whose device information you want to edit, then click Next.

The Change Device Attributes dialog box displays the options.

Step 3 Select one or more options, then click Next.

A dialog box appears for each option you selected. The dialog box fields are blank and do not display current information.

Step 4 Edit dialog boxes as needed:

•To retain the current value, leave the field blank.

•To change a value, enter the new information in the field. If you are changing a local or TACACS password, you must enter the corresponding username.

•To delete a value, click Delete next to the field. If you are deleting a password, you must also enter the username.

---

Note Verify your entries before you click Next in any dialog box. If you change device attributes, you cannot undo the change, except by re-editing.

---

Step 5 After you complete editing a dialog box:

•Click Finish to apply the changes and move to the next dialog box or to exit, if you are in the final dialog box.

•Click Back to close the dialog box without changing any information.

---

Creating a Device View

After you have added devices into the CiscoWorks SNMS inventory database, you can define views to logically group devices into locations, types, or areas of responsibility. Device views allow you to quickly view reports on all devices of a certain type or with specific characteristics, such as all Catalyst switches.

Three categories of device views are available in CiscoWorks SNMS:

•System Views—Predefined and available after you install CiscoWorks SNMS. System views include most major classes of Cisco devices, such as all Catalyst switches, all Cisco 7000 Series routers, or all SwitchProbes.

•Custom Views—Defined by users and when created, are available for use by anyone with the appropriate access to the server.

•Private Views—Defined by users, but available only to the user account that created them.

Two different types of views can be created within the Custom or Private categories (all system views are dynamic views):

•Dynamic views are logical groups based on device attributes, such as device class or software version. The devices in a dynamic view appear, based on the attribute value. If the device attribute for a device in which the dynamic view is based on changes, the device will no longer be a member of that dynamic view.

If devices are added to the inventory with the same value, or an existing devices attribute is changed to the same value, as the value for the attribute that a dynamic view is based on, then they will be automatically added to the view.

An example of a dynamic view is all devices with Cisco IOS Version 12.0. Any devices that currently have this attribute would be included in the device view. All system views are dynamic.

•Static views are logical groups based on user-defined characteristics. Static views include any devices that you add to the view. The members of the logical group do not change unless you manually add or remove devices. Use static view when you do not want the membership to change automatically.

To set up and verify the CiscoWorks SNMS applications, you must create a static device view (a group of devices) that includes at least one device.

For additional information, see the Online help.

To create a static device view:

---

Step 1 From the CiscoWorks Desktop, select Admin > Essentials > Device Views > Add Static Views.

The Add Static Views dialog box appears.

Step 2 Select the view that has the device(s) you want to add from the Views column, If you have not previously configured any views, select All.

Step 3 Select the device(s) that you want to add from the Devices list, then click Add.

Step 4 Enter the view name and view description.

Step 5 Click Finish.

---

Setting Up Syslog Analysis

Syslog Analysis lets you centrally log and track messages generated by devices. You can use the logged error message data to analyze device and network performance. You can customize Syslog Analysis to produce the information and message reports that are important to your operation.

Since system message logging is not part of the Windows operating system, CiscoWorks SNMS provides Syslog message logging as a Windows service (CWCS syslog service).

The syslog service saves each system message to the default directory, SystemDrive:\Programs Files\CSCOpx\log\syslog.log.

Syslog Analysis reads the syslog.log file for messages, processes the messages, and writes them to the CiscoWorks SNMS database. CGI scripts use the database information to generate system message reports.

See the Online help for more information about Syslog Analysis.

Setting up Syslog Analysis involves:

•Specifying Country Codes

•Configuring Devices for Syslog Analysis

•Verifying the Syslog Analyzer

Specifying Country Codes

You must update the country code entry in the file, Sa.properties with the appropriate country code to make sure the Syslog timestamp conversion works correctly. Sa.properties is located in the directory,
%NMSROOT%\lib\classpath\com\cisco\nm\sysloga\sa,
where %NMSROOT% is the directory in which CiscoWorks SNMS is installed.

The country code is the 3-letter abbreviation specified as per the ISO_3166 document.

For a list of country codes, see the file, CountryCode.txt, located in the directory, %NMSROOT%\lib\classpath\com\cisco\nm\sysloga\CountryCode.txt.

---

Note You must restart Syslog Analyzer after you update the country code.

---

To terminate Syslog Analyzer, at the command prompt, enter:

%NMSROOT%\bin\pdterm SyslogAnalyzer

To start Syslog Analyzer, at the command prompt, enter:

%NMSROOT%\bin\pdexec SyslogAnalyzer

Configuring Devices for Syslog Analysis

Before you can use Syslog Analysis, you must configure devices to forward messages to CiscoWorks SNMS.

For more information about setting up devices for message logging, see the Syslog Online help, the Cisco IOS Software Documentation on Cisco.com (for Cisco IOS devices), and the appropriate reference guide.

Configuring Cisco IOS Devices

To configure Cisco IOS devices:

---

Step 1 Telnet to the device and log in.

The prompt changes to host>.

Step 2 Enter enable.

Step 3 Enter the enable password.

The prompt changes to host#.

Step 4 Enter configure terminal.

You are now in configuration mode, and the prompt changes to host(config)#.

Step 5 To make sure logging is enabled, enter logging on.

Step 6 To specify the CiscoWorks SNMS server to receive the router syslog messages, enter logging 123.45.67.89 (where 123.45.67.89 is the IP address of the server).

Step 7 Set the logging trap level by entering logging trap informational.

Severity level informational means all alert and informational messages will be logged to the server.

---

After you configure the devices, verify that Syslog is running. To do this:

---

Step 1 From the CiscoWorks Desktop, select Admin > Server Configuration > Process Management > Process Status.

The Process Status dialog box appears.

Step 2 Verify that the entry for SyslogAnalyzer has the status, Running normally.

---

Configuring Catalyst Devices

To configure Catalyst devices:

---

Step 1 Telnet to the device and log in.

The prompt changes to host>.

Step 2 Enter enable and the enable password.

The prompt changes to host(enable).

Step 3 To make sure logging is enabled, enter set logging server enable.

Step 4 Enter set logging server 123.45.67.89 (where 123.45.67.89 is the IP address of the server) to specify the server that is to receive the Catalyst switch syslog messages.

Step 5 Set the logging trap level by entering set logging all level 6 default.

Severity level 6 means all messages from level 0-6 (from alerts to informationals) will be logged to the server.

Step 6 Verify that the syslog filter file settings are correct.

---

After you configure the devices, verify that the process SyslogAnalyzer, is running by selecting Admin > Server Configuration > Process Management > Process Status.

Verifying the Syslog Analyzer

To verify that the Syslog Analyzer is processing syslog messages from the network:

---

Step 1 Log in to a managed router that is configured to send Syslog messages to the server. You must have appropriate login privileges to make configuration changes.

Step 2 Make a nondestructive change to the router configuration. For example, to change the contents of the login banner:

# enable

# configure terminal

# banner motd "This is a test"

Step 3 Wait approximately 2 minutes for the server to process the Syslog message.

Step 4 Select Essentials > Reports > Syslog Analysis > Standard Reports.

The Standard Reports dialog box appears.

Step 5 Select the device for which you made a change.

Step 6 Click Next.

The Select Dates and Report Type dialog box appears.

Step 7 Select:

•All Messages in the Report Type list.

•Today from the Dates list.

Step 8 Click Finish.

The Syslog Standard report appears.

Step 9 Verify that the report contains the Syslog message that the configuration change generated.

---

Setting Up Software Management

Cisco is constantly improving the quality and functionality of device software. As a network administrator, you need to know what versions are currently running on your devices, and you must keep informed of new software versions available to identify when upgrades are needed.

When software upgrades are required, you must plan for and manage the upgrade to minimize the disruption to the end users. The process of manually upgrading multiple devices on the network can be a very time-consuming and error-prone process.

Software Management application performs system software upgrades, boot loader upgrades, and software configuration operations on groups of routers and switches. For more information about setting up Software Management, see the the Online help.

Setting up Software Management involves the following:

•Verifying Space Requirements for Downloaded Files

•Setting Up File Transfer Servers

•Adding Device Credentials

•Configuring the SMTP Server

•Setting Software Management Preferences

Verifying Space Requirements for Downloaded Files

Before you can use Software Management, you must have sufficient space to store the software image files. You should have 2 to 20 MB of space for each image.

Setting Up File Transfer Servers

CiscoWorks Common Services installs two file-transfer servers that the Software Management application uses to transfer software files:

•A Trivial File Transfer Protocol (TFTP) server

During Software Management installation, the tftpboot directory is created under the directory in which CiscoWorks SNMS is installed (the default is SystemDrive:\Program Files\CSCOpx).

This directory saves and stores files that are loaded to a device when you use CiscoWorks SNMS applications supported by TFTP. All users have read, write, and execute privileges to the tftpboot directory.

•A remote copy (rcp) server

CiscoWorks SNMS uses rcp with devices that support rcp. For other devices, CiscoWorks SNMS uses TFTP.

You can enable rcp if you want CiscoWorks SNMS to use it with any devices.

---

Step 1 Select Admin > Essentials > Software Management > Edit Preferences.

The Edit Preferences dialog box appears.

Step 2 Deselect the Use RCP for image transfer (when applicable) check box.

Step 3 Click Finish.

---

Adding Device Credentials

Before you can use Software Management to manage device software images, you must add the required device passwords to Inventory.

Read and write community strings are required and the Telnet password is recommended. For information, see the "Setting Up Syslog Analysis" section or the Online help.

Configuring the SMTP Server

Software Management uses an SMTP server on your network to deliver reports. The default location is localhost, which means that Software Management uses the SMTP server on the server.

If you want Software Management to use an SMTP server on a different system:

---

Step 1 Select Admin > Essentials > System Configuration.

The System Configuration dialog box appears.

Step 2 Select the SMTP tab.

Step 3 Enter the name of your SMTP server in the SMTP Server field.

Step 4 Click Apply.

---

Setting Software Management Preferences

Software Management has many preferences that you can set to control how the application behaves.

To set preferences:

---

Step 1 Select Admin > Essentials > Software Management > Edit Preferences.

The Edit Preferences dialog box appears.

Step 2 Change the settings as appropriate. For more information, see the Online help.

Step 3 After you complete the changes, either:

•Click Finish to save your changes.

or

•Click Default to display the default configuration.

---

Setting Up Configuration Management

As the network administrator, you need to be able to control and track changes to device configurations in order to minimize errors and assist in troubleshooting problems.

This can be very difficult if several people are making changes to the device configurations. It can also become very repetitive and time-consuming to make the same update to each individual device on the network.

Configuration Management application can help simplify and automate these tasks.

Before Configuration Management can gather device configurations, you need to update the CiscoWorks SNMS database with passwords, modify device configurations, and modify device security. You might also need to set up NetConfig.

Entering Device Credentials

Before the configuration archive can gather device configurations, enter the following device credentials:

•Read and write community strings

•Telnet passwords for login mode and enable mode

For the configuration archive to use Telnet to gather configuration from devices, you must enter the correct credentials.

•TACACS, local, and rcp information for the devices

–If a device is configured for TACACS authentication, add the TACACS username and password, not the Telnet passwords.

–If a device is configured for local user authentication, add the local username and password.

–In case of RADIUS authentication, enter the RADIUS username and password of the device, either in the TACACS authentication fields or in the local authentication fields.

If you already added or imported devices into Inventory and did not specify this information, you can change the device attributes. For more information, see the "Setting Up Syslog Analysis" section, or the Inventory Online help.

Modifying Device Configurations

You need to modify your device configurations to enable Configuration Management to gather the configurations. After your devices become managed, the configuration files are collected and stored in the configuration archive.

For details, see the following topics:

•Making Sure Devices are rcp-enabled

•Making Sure Devices are SSH-enabled

•Configuring Devices for Syslog Analysis

Making Sure Devices are rcp-enabled

To make sure the devices are rcp-enabled, log in to each device and enter these commands in the device configurations:

# ip rcmd rcp-enable

# ip rcmd remote-host remote_username IP_address local_username enable

where IP_address is the IP address of the system on which CiscoWorks SNMS is installed. (Alternatively, you can enter the hostname.) The default remote_username and local_username are cwuser.

Making Sure Devices are SSH-enabled

Make sure the devices are SSH-enabled by logging into each device and entering the commands for the following kinds of devices:

•For Catalyst Switches Running CatOS

•For Cisco IOS Routers

For Catalyst Switches Running CatOS

To enable SSH on Catalyst switches do the following:

---

Step 1 Generate an RSA key, by entering:

sec-cat6000> (enable) set crypto key rsa 1024

A message similar to the following is displayed:

Generating RSA keys..... [OK]

Step 2 Verify the RSA key, by entering:

sec-cat6000> (enable) ssh_key_process: host/server key size: 1024/768

Step 3 Display the RSA key, by entering:

sec-cat6000> (enable) show crypto key

A message similar to the following is displayed:

RSA keys were generated at: Mon Jul 23 2001, 15:03:30 1024 65537 
1514414695360

5773328536717047857098506066347687468697169639403524406206785753387015
50888525

6996914783305378400669569876102078109594986481799653300180108447858634
72773067

6971852564183862430018810088305612411373816928200786743760582755731334
48529332

1996682019301329470978268059063378215479385405498193061651

Step 4 Specify the host or subnets which are allowed to use SSH to communicate with the switch.

For example, to specify that the IP addresses 172.18.124.0 and 255.255.255.0 be allowed to use SSH, enter:

sec-cat6000> set ip permit 172.18.124.0 255.255.255.0

---

Note If you do not perform this step, the switch will display the following error:
WARNING!! IP permit list has no entries!

---

A message similar to the following is displayed:

172.18.124.0 with mask 255.255.255.0 added to IP permit list.

Step 5 To enable SSH, enter:

sec-cat6000> (enable) set ip permit enable ssh

A message similar to the following is displayed:

SSH permit list enabled.

Step 6 Verify the SSH permit list, by entering:

sec-cat6000> (enable) sho ip permit

A message similar to the following is displayed:

Telnet permit list disabled.

Ssh permit list enabled.

Snmp permit list disabled.

Permit List Mask Access-Type

---------------- ---------------- -------------

172.18.124.0 255.255.255.0 telnet ssh snmp

Denied IP Address Last Accessed Time Type

----------------- ------------------ ------

---

For Cisco IOS Routers

To enable SSH on Cisco IOS Routers do the following:

For example, if you want router1 to act as an SSH client to the another router, you can add SSH to a second router, say router2. The routers will then be in a client-server arrangement, with router1 acting as the server and router2 acting as the client. The IOS SSH client configuration on router2 is the same as required for the SSH server configuration on router1.

---

Step 1 Configure the hostname for router1, by entering:

hostname router1

A message similar to the following is displayed:

username username password 0 password

Step 2 Configure the DNS domain on router1, by entering:

ip domain-name domain-name

Step 3 Generate the SSH key to be used, by entering:

cry key generate rsa

A message similar to the following is displayed:

ip ssh time-out 60

ip ssh authentication-retries 2

Step 4 Enable SSH transport support for vtys, by entering:

line vty 0 4

transport input SSH

---

Note By default vtys transport is through Telnet. In this case, Telnet has been disabled and only SSH is supported.

---

---

Configuring Devices for Syslog Analysis

Configure your devices for Syslog Analysis if you want the device configurations to be gathered and stored automatically in the configuration archive when syslog messages are received.

For more information, see the "Setting Up Syslog Analysis" section or see the Online help.

Modifying Device Security

To archive device configurations, Configuration Management must be able to run certain commands on the devices. You must disable the security on the devices that prevents Configuration Management from running the commands in Table 3-3.

Table 3-3 Required Configuration Management Commands 

Command Type	Command	Description
Catalyst commands	set len 0	Turns paging off for the Telnet session
	write term	Gets the running configuration
FastSwitch command	show run	Gets the running configuration
IOS commands	term len 0	Turns paging off for the Telnet session
	show run	Gets the running configuration
	show config	Gets the startup configuration

Setting Up NetConfig

The NetConfig function provides wizard-based templates to simplify and reduce the time it takes to roll out global changes to network devices. These templates can be used to execute one or more configuration commands on multiple devices at the same time.

For example, if you want to change passwords on a regular basis to increase security on devices, you can use the appropriate password template to update passwords on all devices at once. A copy of all updated configurations will be stored in the configuration archive.

This section describes how to set up NetConfig. This involves:

•Verifying Device Configurations

•Verifying Device Credentials (Attributes)

•Modifying Device Security

•Verify Device Prompts

•Configuration Job Setup

Verifying Device Configurations

NetConfig can configure only devices that have archived configurations. Use the Archive Status report to:

•Verify that the devices you want to configure have an archived configuration.

•Troubleshoot the devices that do not have an archived configuration.

To verify configuration archive status:

---

Step 1 Select Admin > Essentials > Configuration Management > Archive Status.

The Configuration Archive Status Summary dialog box appears.

Step 2 Click Update at the bottom of the dialog box to update the archive status.

Step 3 Click on a device status to view details.

•Click Successful to display information on archived configurations.

•Click Close to close the window and return to the Configuration Archive Status Summary dialog box.

•Click Failed to display information on configurations that could not be obtained. To update the archive for failed devices:

a. Click on one or more device names or click Select All.

b. Click Update Archive.

The Running Configuration Status report appears.

c. Click Update Status to refresh the device status in the archive.

d. Click Close to return to the Configuration Archive Status Summary dialog box.

•Click Not Supported to display the devices not supported by the configuration archive.

•Click Partial Failure to display the Catalyst 5000 family devices whose submodules were not pulled into the archive.

---

Verifying Device Credentials (Attributes)

Make sure every device you want to configure using NetConfig has correct device credentials in the Inventory application. NetConfig must have access to the correct credentials to make device configuration changes.

To verify device credentials, select Admin > Essentials > Inventory > Check Device Attributes. If any devices that you want to configure with NetConfig have incorrect credentials, see the "Setting Up Syslog Analysis" section or the Online help.

Modifying Device Security

In addition to running the configuration commands that you assign to each job, NetConfig must run certain commands on devices to configure them. You must disable the security on these devices that prevents NetConfig from running the commands in Table 3-4.

Table 3-4 Required NetConfig Commands 

Command Type	Command	Description
IOS Commands	term len 0	Turns paging off for Telnet session
	write term	Gets running configuration
	show config	Gets startup configuration
	write mem	Writes running configuration to startup configuration
	config t	Enters config mode
	exit	Exits config mode
Catalyst Commands	set len 0	Turns paging off for Telnet session
	write term	Gets running configuration
FastSwitch Commands	show run	Gets running configuration

Verify Device Prompts

NetConfig requires particular CLI prompt formats:

If the telnet transport mechanism is used, the following prompts are applicable.

•For IOS-based devices, FastSwitch devices:

–The login prompt must end with a greater-than symbol (>).

–The enable prompt must end with a pound sign (#).

•For Catalyst devices:

–The login prompt must end with a greater-than symbol (>).

–The enable prompt must end with the text (enable).

If the secure shell (SSH) transport mechanism is used, the following prompts are applicable. There is no support for FastSwitch devices in the SSH transport mechanism.

•For IOS-based devices:

–The login prompt may end with any one of the following: (>), (#), (:), (%).

–The login prompt may end with any one of the following: (>), (#), (:), enable prompt must end with a pound sign (#).

•For Catalyst devices:

–The login prompt may end with any one of the following: (>), (#), (:), (%).

–The enable prompt must end with the text (enable).

Default prompts use this formatting. If you have changed your defaults, verify that the prompts meet these requirements, and change them if they do not.

Configuration Job Setup

Configuration Job Setup window allows you to set up these:

•Transport Protocol Order for Config Editor, NetConfig and NetShow Jobs

•Password Policy for Config Editor, NetConfig and NetShow Jobs

Transport Protocol Order for Config Editor, NetConfig and NetShow Jobs

You can set the protocol order for Config Editor, NetConfig and NetShow jobs to download configurations and for Config Editor and NetConfig to fetch configurations. This setup provides the flexibility of using your preferred protocol order for fetching and downloading the configuration.

---

Step 1 Select Admin > Essentials > Configuration Management > Configuration Job Setup.

The Configuration Job Setup dialog box appears.

Step 2 Click the Transport tab.

Step 3 Click on the protocol to reorder, then click Up or Down to change its position in the list.

Step 4 Click Apply.

A confirmation message appears.

Step 5 Click OK.

For more information, see the Configuration Job Setup Online help.

---

Password Policy for Config Editor, NetConfig and NetShow Jobs

You have the option of entering your user name and password for job execution.

•If you have configured the password policy for job execution, and you enter your username and password, CiscoWorks SNMS ignores the username and password in the database and uses the newly entered username and password, instead.

•If you have not configured the password policy, CiscoWorks SNMS uses the user name and password in its database.

This option of entering the username and password for job execution is helpful in high security installations where device passwords are changed at frequent intervals. For example, the passwords may be changed every 60-90 seconds.

To configure the password policy for job execution:

---

Step 1 Select Admin > Essentials > Configuration Management > Configuration Job Setup.

The Configuration Job Setup dialog box appears.

Step 2 Click the Password Policy tab.

Step 3 Select a combination of policies to set the job password policy.

Step 4 Click Apply.

A confirmation message appears.

Step 5 Click OK.

For more information, see the Configuration Job Setup Online help.

---

Setting Up CiscoView Debug Preferences

You can set SNMP and activity trace and/or view the trace log. These options record trace information into a file located in the displayed directory (a subdirectory of the install directory).

---

Step 1 From the CiscoWorks Desktop, select Admin > Device Manager > CiscoView Debug options and display logs.

Step 2 Select either or both:

•SNMP Trace to display SNMP request and response pairs, MIB instance ID, data value, data type, request method, and time stamp.

•Activity Trace to display server activity such as which device and dialog boxes are open.

To see the trace activity in a separate window click View Trace.

---

Logging Out

To end your system administrator tasks, you must log out of CiscoWorks.

---

Step 1 Close all secondary browser windows. You should have only one browser window opened displaying the CiscoWorks Desktop.

Step 2 Click Logout.

The Login Manager dialog box replaces the CiscoWorks Desktop.

---