Table Of Contents
Release Notes for Cisco CNS Configuration Engine 1.3
What's New in this Release
Related Documentation
Installation Notes
Console Access
How to Redirect BIOS Messages and Functions Keys to the Serial Port
Restart and Shutdown
Migrating DCL Data and Templates from Release 1.2 to 1.3
Export Data Onto a Remote FTP Site
Install Release 1.3 Software
Migrate Data and Setup the CNS 2100 Series System
XML Transform Tool for Users Migrating from Release 1.2 to 1.3
Usage
How to Revert to Factory Setting
How to Reconfigure System Network Information
Hostname Updates
Router Configuration
Limitations and Restrictions
Open Caveats - Release 1.0
Resolved Caveats - Release 1.1
Open Caveats - Release 1.1
Resolved Caveats - Release 1.2
Open Caveats - Release 1.2
Resolved Caveats - Release 1.3
Open Caveats - Release 1.3
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco CNS Configuration Engine 1.3
The Cisco CNS Configuration Engine is a network management application that acts as a configuration service for automating the deployment and management of network devices and services. The Cisco CNS Configuration Engine runs on the Cisco CNS 2100 Series Intelligence Engine (CNS 2100 Series system) hardware platform.
Each Cisco CNS Configuration Engine manages a group of Cisco IOS devices (routers) and services they deliver, storing their configurations and delivering them as needed. The Cisco CNS Configuration Engine automates initial configurations and configuration updates, dynamically generating the device-specific configuration on-demand, and logs the results.
What's New in this Release
This section highlights the new features found in this release:
•
Modular router deployment:
–Cisco 1700 Series Internet Router
–Cisco 2600 Series Multiservice Platform
–Cisco 3600 Series Multiservice Platform
–Cisco 3700 Series Multiservice Access Router
–Cisco 7200 Series Router
•Cisco IOS Switch Support:
–Cisco Catalyst 2950 Series Switch
–Cisco Catalyst 3550 Series Switch
•SSL Security - SSL based secure last mile access between Cisco IOS Router and Configuration Engine.
Refer to the Cisco CNS Configuration Engine Administrator's Guide for more information about these feature.
Related Documentation
Other documentation related to this product include:
•Cisco CNS Configuration Engine Administrator's Guide
•Documentation Guide for Cisco CNS Configuration Engine, Release 1.3
•Cisco CNS 2100 Series Intelligence Engine Installation Guide
•Release Notes for Cisco CNS 2100 Series Intelligence Engine
•Cisco CNS 2100 Series Intelligence Engine Machine Code License
•Regulatory Compliance and Safety Information for Cisco CNS 2100 Series Intelligence Engine
•Cisco CNS Software Development Kit API Reference and Programmer Guide
Installation Notes
The Cisco CNS Configuration Engine 1.3 software is contained on a CD-ROM that is in the accessory kit.
To be able to monitor the installation activity and run the Setup program, you should have a local keyboard-mouse and VGA screen connected to your system (see "Console Access" section).
To install the software, follow these steps:
Step 1 Verify that the CNS 2100 Series system is powered down.
Step 2 Power on the system and quickly insert the Cisco CNS Configuration Engine 1.3 CD-ROM in the CD drive.
Step 3 Push the Reset button to restart the system from the CD-ROM.
The software installs automatically. When the install sequence completes, the system automatically ejects the CD-ROM and restarts into Linux from the hard drive.
During the Linux startup sequence, by default, the CNS 2100 Series system redirects and supports console login at the serial port.
However, you can choose to direct your console to the local VGA screen by following these steps:
a. During Linux start sequence, when you see the Lilo boot: prompt, hit the Tab key.
The system stops.
b. Within five seconds, enter linuxvga.
Step 4 Refer to the Cisco CNS Configuration Engine Administrator's Guide to run the Setup program.
Console Access
Normal terminal login to the box is supported by way of the local keyboard-mouse and VGA screen. It is referred to as the VGA console for ease of reference. The CNS 2100 Series system redirects and supports console login at the serial port. It is a more desirable feature because you can perform daily or emergency administrative tasks remotely, by way of the serial port.
Supporting serial port console on the CNS 2100 Series requires additional instructions. The complexity comes from the fact that although Linux provides the means of setting up the serial port as a console, Linux does not enter the picture until it starts.
The BIOS messages and the table of function keys (F1, F2, F3, and F4) that are displayed before Linux starts always go to VGA console by default. Normally, access of the function keys (F1 to F4) is not an issue unless you need to run system configuration/setup (F1), Diagnostics (F2), or re-image the CNS 2100 Series using PXEBOOT (network boot) (F4) remotely using the serial port.
How to Redirect BIOS Messages and Functions Keys to the Serial Port
Redirecting BIOS messages and function keys to the serial port requires accessing the CNS 2100 Series internal service processor menu and enabling remote video. In addition, remote video must be enabled before BIOS outputs its first message.
While connected to the serial port, you can only access the service processor menu during system restart or machine shutdown, since this is the only moment when the IBM service processor is able to reclaim the serial port. Once Linux starts, the connection to service processor is lost since the Linux OS reclaims control of the serial port.
The serial port is operated under the share mode, between the service processor and the OS. Therefore, restarting the system is not sufficient to access the service processor menu because the time between restart and when the BIOS begins is too short to trigger remote video. Instead, shut down the system (see "Restart and Shutdown" section).
At the end of a system shutdown, the message Hit ESC to log in appears. This is the greeting login message of the service processor. You can gain access to the menu by entering the predefined login name and password of the system. The complete steps for accessing the service processor are outlined as follows:
Step 1 Connect to the serial port of the CNS 2100 Series (use baud rate = 9600) and login.
Step 2 Shutdown the system using spoff <sec>
A value of 50 seconds works well. For more, see "Restart and Shutdown" section.
Step 3 Once the machine has shutdown and powered off, hit ESC a few times and you should be prompted to enter userid and password of the service processor menu.
Step 4 Enter USERID as the userID and PASSW0RD as the password.
The 0 in the password is the zero digit instead of the alphabetical letter o.
Step 5 In rapid succession, enter the following sequence:
6 4 2 0 ESC z 0
The 6 4 2 0 sequence powers on the machine.
ESC z 0 brings you out of the power-on menu and starts the remote video.
If you wait too long before entering the ESC z 0 sequence, the BIOS begins and you have missed your opportunity to start the remote video.
Note The system must be in the power-off state before entering the key sequence because the remote video must be triggered before the BIOS starts or else you cannot see the BIOS messages or function keys.
There are four function keys.
•F1 for system configuration/setup
•F2 for Diagnostics
•F3 for booting off the System Partition, for rescue purpose (not currently supported)
•F4 for network boot (PXEBOOT)
As soon as the operating system starts, LILO takes control and reconfigures the serial port for Linux use.
Restart and Shutdown
While in Linux, there are two different commands for system restart and shutdown:
•/sbin/shutdown -r now (or reboot) will restart the system. However, you will not be able to access the function keys due to the short time frame available before BIOS and Linux starts.
•For function key access, use the command spoff <sec> to power off the system and start remote video by way of the service processor menu (see "Console Access" section). The value for <sec> must be larger than 30 (spoff 50 works well).
Note The spoff <sec> command simply powers off the system after <sec> seconds.
•It is the IBM Director component wbem that detects the spoff request and triggers the system shutdown sequence, terminating processes and un-mounting file-systems.
If you don't see a proper shutdown sequence, use ps -ef | grep wbem to see if wbem is running. wbem started with the installation of IBM Director the first time you run Setup. It can be restarted using /etc/rc.d/init.d/init.wbem start.
Migrating DCL Data and Templates from Release 1.2 to 1.3
The migration utility provides a mechanism for upgrading your CNS 2100 Series environment from Release 1.2 to Release 1.3. The utility contains some Perl and UNIX shell scripts that help carry out a data migration process. It is a three step process:
1. Export data to a remote FTP site
2. Install Release 1.3 software
3. Retrieve data from the FTP site and setup the box.
Here are the details of each step:
Export Data Onto a Remote FTP Site
Before exporting the data, it is assumed that the CNS 2100 Series system has already been setup and is up running.
To export your system data onto a remote FTP site, follow these steps:
Step 1 Insert the Release 1.3 CD-ROM into the CD drive of the CNS 2100 Series system to be upgraded.
Step 2 To mount the CD-ROM, login as root and type:
mount /mnt/cdrom
Step 3 Change directory into:
/mnt/cdrom/Data Export
Step 4 Issue the data export command:
./dataexport.
Step 5 Follow the sequence of prompts to enter information of the FTP site and storage location (absolute path name including filename).
Install Release 1.3 Software
To re-image the system, while the Release 1.3 CD-ROM is still in the CD drive, at the command line,
Step 1 Enter the sync command two times:
[root@abhishek-storm bin]#sync
[root@abhishek-storm bin]#sync
Step 2 Restart the system by hitting the Reset button.
Migrate Data and Setup the CNS 2100 Series System
After the system restarted from the new installation, the following prompts appear:
This Appliance is not configured.
Please login as setup to configure the appliance.
localhost.localdomain login:
To migrate data and setup the CNS 2100 Series system, follow these steps:
Step 1 Login as root with password blender.
Step 2 Start data migration with the command:
datamigrate
The script proceeds in three stages:
1. Acquires information about the FTP server that stores the migration data and retrieves the data.
2. Starts Release 1.3 Setup prompts and configures the system.
3. Populates internal directory storage with retrieved data.
Your interface with the first stage is shown below. It employs the same interface as the non-interactive setup, except it also allows the use of eth1.
You must configure eth0 or eth1. Press <Enter> to skip!
Enter eth0 IP address: 10.1.19.102
Enter eth0 network mask: 255.255.255.0
Enter eth0 default gateway IP address: 10.1.19.6
Enter FTP server (hostname.domainname or IP address): sername.cisco.com
Enter DNS server IP address: 171.69.226.120
Enter username used for FTP server: smith
Enter FTP password: *****
Re-enter FTP password: *****
Enter absolute pathname of data file on FTP server: /users/smith/migration.tar
XML Transform Tool for Users Migrating from Release 1.2 to 1.3
An XML transformation script is added to DAT for automating the XML file conversion process that takes care of the following two problems:
•DAT uses XML file format for bulk uploading data. In release 1.2, the XML file for Bulk Upload feature conforms to a particular DTD that is published for release 1.2. In release1.3, a new DTD is introduced. XML files in release 1.2 DTD format need to be converted to release 1.3 DTD format.
•In addition, there is a release 1.2-to-release 1.3 change of the device object class attribute name for Internal Directory mode from IOSDeviceID to IOSConfigID. To comply with this change, the data present in the IOSDeviceID attribute for release 1.2 should be copied into the IOSConfigID attribute for release 1.3.
Usage
For XML file conversion, run the following shell script on the CNS 2100 Series console:
/opt/CSCOdat/XMLTransform/datxmltransformer.sh <Path to old xml> <true | false>
The system generates an XML file conforming to 1.3 DTD with the same data. The shell script takes two input arguments. The first one specifies the absolute pathname to the old (1.2) XML file. The second one, if set to true, starts the conversion of IOSDeviceID to IOSConfigID; default is false if omitted.
For example, given an XML file say "Bulkdata.xml" in release 1.2 DTD format, here is the list of steps for the conversion:
Step 1 Login to the console of CNS 2100 Series system.
Step 2 Change directories to:
/opt/CSCOdat/XMLTransform
Step 3 Issue command:
./datxmltransformer.sh ./Bulkdata.xml
The XML that is to be converted (Bulkdata.xml) must be present on the CNS 2100 Series system. The script creates a new file with the name "Bulkdata-new.xml" in the same directory as the old file. This file conforms to release 1.3 DTD. You can use it to upload the Bulkdata in Cisco CNS Configuration Engine 1.3.
How to Revert to Factory Setting
To revert to factory settings, follow these steps:
Step 1 Initiate a system backup.
For information about backup, Refer to the Cisco CNS Configuration Engine Administrator's Guide.
Step 2 Log in as root.
Use your root password.
Step 3 Type reinitialize.
This program clears your system configuration and returns you to Setup.
How to Reconfigure System Network Information
To reconfigure system network information, follow these steps:
Step 1 Log in as root.
Use your root password.
Step 2 Type relocate.
This program performs the same tasks as reinitialize, except that it backs up all data that you can restore when you run Setup.
Hostname Updates
If you want to change the hostname, country code, or location code without destroying the DCL data and templates, use the relocate command. You can use the relocate command in both internal (user-created devices and templates) and external (IMGW data) directory modes.
Router Configuration
For a router to pick up its initial configuration from the Cisco CNS Configuration Engine, install the Cisco CNS Configuration Engine before installing a router. Then establish a connection between the router and the Cisco CNS Configuration Engine. Special Cisco IOS images are available for download. Please contact your primary Cisco contact to obtain special Cisco IOS images.
Limitations and Restrictions
•All password values in Setup must contain alphanumeric characters only. Special characters have different meanings in the UNIX shell and should not be used for passwords.
•Device Name values may contain only: period (.), underscore (_), hyphen (-), and alphanumeric characters.
•Group Name values may contain only: underscore (_) and alphanumeric characters.
Open Caveats - Release 1.0
This section lists known caveats that were open for the CNS 2100 Series platform (see Table 1) and release 1.0 of the Cisco CNS Configuration Engine software application (see Table 2).
Table 1 IE2100 Series Platform
ID
|
Problem
|
Workaround
|
CSCdt16330
|
The setup program does not update the /etc/hosts and /opt/CSCOcnsie/conf/ldaputil.properties files.
|
Setup is used only at initial configure time. To reuse setup, you must first run the configure or ResetConfig commands. Before you run these commands, export system data, then import it back into the system after setup completes.
|
CSCdt33902
|
When recovering from a power-down condition, the system does not boot from flash as it should. The system halts when it reaches a point in the boot sequence where it displays the message: No boot device found.
|
To recover from this situation, cycle the system power off and on. The system boots from flash as it should.
|
CSCdt33906
|
When system power is cycled off and on during the boot process, the system goes into a state of limited command access.
|
To recover from this situation, cycle the system power off and on. The system boots from flash as it should.
|
CSCdt33917
|
When reconfiguring the system after a ResetConfig operation, the system reports numerous SCSI errors.
|
To recover from this situation, cycle the system power off and on.
|
CSCdt33930
|
Setup AdminID has same first and last name in directory.
|
This is a data display problem and does not affect the operation of the system.
|
CSCdt34494
|
Network Time Protocol (NTP) time service is not configured and not running on device.
|
Date and time values must be set up by the user on site. NTP is just one method of setting date and time values on the system. Please refer to UNIX documentation for information about how to use the NTP service.
|
CSCdt53937
|
Ethernet port-0 parameters must be specified in during Setup.
|
Ethernet port-0 is the primary Ethernet port. Ethernet port-1 has access only to a local subnet.
|
CSCdt58634
|
Gateway for second Ethernet card is not functional.
|
The CNS 2100 Series Cisco CNS Configuration Engine software supports only LAN and WAN connections on Ethernet port-0. Ethernet port-1 can be used only to access a local subnet. The gateway for the second Ethernet port is not valid.
|
CSCdt77468
|
The console port does not reset correctly.
|
You should set up communication servers to turn off the login prompt to the CNS 2100 Series. For Cisco communication servers, use the no exec setting on the line that to which the CNS 2100 Series is attached. Also, set flow control to hardware.
|
CSCdt89830
|
Configuration templates are not secure.
|
The CNS 2100 Series has no user-level security. Once the user is logged into the system, there is no permission checking. Please restrict login access to the system.
|
CSCdt93713
|
The rootenable password can be set only once; the first time you run it.
|
To change the root password, while logged in as root, run the UNIX passwd command. You should run the rootenable command only when the root account is disabled; for example, following setup on a fresh install.
|
CSCdu08322
|
Extraneous error messages when reinstalling CNS 2100 Series system software.
|
This is a data display problem and does not affect the operation of the system.
|
CSCdu08328
|
Extraneous error messages when running ResetConfig.
|
This is a data display problem and does not affect the operation of the system.
|
CSCdu08333
|
Extraneous error messages when rebooting the CNS 2100 Series. The following error messages can be ignored: Initializing system files [FAILED]Version fork errorflashed: error reading from flash [...]cat: /etc/issue.sav: No such file or directory
|
This is a data display problem and does not affect the operation of the system.
|
CSCdu17412
|
The runtime.properties file needs to be backed up.
|
If you are extending the schema and are using the OIDs provided by Cisco Systems, keep track of the OIDs used in the runtime.properties file. This file is located in the /opt/CSCOcnsie/conf directory. This file is NOT backed up by means of the current backup script. You should backup this file and restore it when upgrading or reconfiguring the CNS 2100 Series system software.
|
Table 2 Configuration Registrar 1.0
ID
|
Problem
|
Workaround
|
CSCds88082
|
Active tab does not change color on Netscape browser.
|
This is a data display problem and does not affect the operation of the system.
|
CSCds91645
|
Error message on initial template load.
|
Because of a timing issue between the applet and JavaScript, the system displays an error message the first time the applet loads. When this message shows, click on the same link again for normal operation.
|
CSCdt60040
|
Reload button resends events.Reloading a page that is generated due to a form submission causes the form to be resubmitted. After sending an event, such as Update Device, and reviewing the event on the "Events have been sent" page, if you click the web browser reload button, the event is sent again.
|
Because the reload function in the browser cannot be controlled programatically, the workaround is to avoid using the reload function. To navigate through the Cisco CNS Configuration Engine, use the links built into the user interface.
|
CSCdt78738
|
The View Device operation does not update edited group names.
|
The workaround for this problem is to delete the group that you want to edit, then create a new group with the required updates.
|
CSCdt93814
|
JServ intermittently dies during high-volume (~500) partial configuration operations.
|
Under these circumstances, JServ usually recovers on its own. However, if you get an internal server error message, click Reload for the browser, then click the link again.
|
CSCdu01134
|
Button names do not match for Administrator and Operator. On the Change-Password screen for the Administrator, the Edit button performs the same function as the Save button on the Change-Password screen for the Operator.
|
This is a data display problem and does not affect the operation of the system.
|
CSCdu01202
|
Incorrect message even when no device reference is added or deleted.
|
This is a data display problem and does not affect the operation of the system.
|
CSCdu03717
|
Invalid time value accepted for Schedule Backup cron job.
|
The time must be in hh:mm format with valid values for hh of 00-23 and mm of 00-59.
|
CSCdu04538
|
Event message window does not handle warning messages.
|
If a Cisco IOS device sends a warning message, the event window shows the message as [Internal] rather than WARN. If you click detail, the warning message can be read. Event functionality for detecting warnings from devices is functional.
|
CSCdu05946
|
Blank template filename is allowed when saving a file.
|
The template filename parameter value cannot be NULL. You must enter some value in this field.
|
CSCdu15257
|
Editing a template file greater than 24Kb causes Netscape on Solaris to crash.
|
Currently, Solaris 2.6 and 2.7 have a limitation regarding file size. This problem does not pertain to Netscape on the Microsoft Windows platform.
|
CSCdu17428
|
Attributes list contains IOSConfigID.
|
The IOSConfigID attribute in the drop-down list in the Edit Template page should not be used in normal operations. It is reserved for future product development.
|
CSCdu24659
|
Need to delete device to remove the value in IOShostname, if used.If, when you create a template, you include the IOShostname attribute, then later, you edit this parameter, updates to this device will go unanswered. This is because the device looks for the DeviceID associated with the IOShostname parameter set earlier.
|
The workaround for this problem is to delete the device in question, then add it back with the updated values.
|
Resolved Caveats - Release 1.1
This section lists caveats that were resolved for the CNS 2100 Series platform (see Table 3) and release 1.1 of the Cisco CNS Configuration Engine software application (see Table 4).
Table 3 CNS 2100 Series Platform
ID
|
Description
|
CSCdt16330
|
The setup program does not update the /etc/hosts and /opt/CSCOcnsie/conf/ldaputil.properties files.
|
CSCdt33902
|
When recovering from a power-down condition, the system does not boot from flash as it should.
|
CSCdt33906
|
When system power is cycled off and on during the boot process, the system goes into a state of limited command access.
|
CSCdt33917
|
When reconfiguring the system after a ResetConfig operation, the system reports numerous SCSI errors.
|
CSCdt33930
|
Setup AdminID has same first and last name in directory.
|
CSCdt34494
|
Network Time Protocol (NTP) time service is not configured and not running on device.
|
CSCdt53937
|
Ethernet port-0 parameters must be specified in during Setup.
|
CSCdt58634
|
Gateway for second Ethernet card is not functional.
|
CSCdt77468
|
The console port does not reset correctly.
|
CSCdt89830
|
Configuration templates are not secure.
|
CSCdt93713
|
The rootenable password can be set only once; the first time you run it.
|
CSCdu08322
|
Extraneous error messages when reinstalling CNS 2100 Series system software.
|
CSCdu08328
|
Extraneous error messages when running ResetConfig.
|
CSCdu08333
|
Extraneous error messages when rebooting the CNS 2100 Series.
|
CSCdu17412
|
The runtime.properties file needs to be backed up.
|
Table 4 Cisco CNS Configuration Engine 1.1
ID
|
Description
|
CSCds88082
|
Active tab does not change color on Netscape browser.
|
CSCds91645
|
Error message on initial template load.
|
CSCdt60040
|
Reload button resends events.
|
CSCdt78738
|
The View Device operation does not update edited group names.
|
CSCdu01134
|
Button names do not match for Administrator and Operator.
|
CSCdu01202
|
Incorrect message even when no device reference is added or deleted.
|
CSCdu03717
|
Invalid time value accepted for Schedule Backup cron job.
|
CSCdu04538
|
Event message window does not handle warning messages.
|
CSCdu05946
|
Blank template filename is allowed when saving a file.
|
CSCdu17428
|
Attributes list contains IOSConfigID.
|
Open Caveats - Release 1.1
This section lists known caveats that were open for the CNS 2100 Series platform (see Table 5) and release 1.1 of the Cisco CNS Configuration Engine software application (see Table 6).
Table 5 CNS 2100 Series Platform
ID
|
Problem
|
Workaround
|
CSCdu77514
|
ldaputil.properties shows groupOfNames as Group object class. In general, groupOfNames is used by LDAP servers as a method of grouping. The Cisco CNS Configuration Engine uses groupOfNames ObjectClass in its grouping mechanism. If it is necessary, you can use your own group object class as long as two multi-value attributes exist in that object class: member (this can be changed as well) and seealso.
|
Once you decide to use your own object class in Group, you need to modify the ldaputil.properties file by following these steps:
1. Use console access to the IE2100 and login as root.
2. Go to the /opt/CSCOcnsie/conf directory.
3. Edit the ldaputil.properties file.
4. Find the GroupObjectClassName entry:
GroupObjectClassName=groupOfNames
5. Erase groupOfNames and put in <newObjectClassName>. where your new object class name is represented here as <newObjectClassName> to yield:
GroupObjectClassName=<newObjectClassName>
6. Find the MemberAttributeName entry and change it if necessary.
7. Save the changes in ldaputil.properties.
8. Restart the httpd server.
Now, the Cisco CNS Configuration Engine is using your new group object name <newObjectClassName> to search for groups.
Caution The Cisco CNS Configuration Engine fails to operate in standalone mode if you perform mode-switching from Server mode to Standalone mode after performing this procedure.
|
CSCdu84805
|
Downloading a new image times out.
If the IE2100 had been previously configured for Ethernet port-1 and you try to upgrade or reimage your system using BldSetup.sh, the script, which uses Ethernet port-0 information is not able to pass on network information. If Ethernet port-0 is not configured, BldSetup.sh quits with a message asking you to setup your system with Ethernet port-0 first, then run the script.
|
Workaround One
If your system goes to manual installation of Linux (prompted menu) during the running of BldSetup.sh, you can revert to your previous successful installation by following these steps:
1. Manually restart your system (stop and start).
During initial stages of startup you will see the prompt, LILO: The system waits for about 3-5 seconds here at this prompt.
2. When you see the LILO: prompt press the Tab key.
All the available lilo configurations display separated by spaces in a single line. You should see RM-Install IE-2100.
If you do not see IE-2100 then you did not have a successful installation before you started to run BldSetup.sh script. Go to Workaround Two.
3. If you can see IE-2100 then type IE-2100 at the prompt, then press Enter.
This loads up your previous successful configuration.
4. Now run Setup to configure your system again.
Make sure you give proper values to Ethernet port-0.
5. Run the BldSetup.sh (web server update process).
Workaround Two
Restart you system from flash and use reimage to reimage your system. Do not use it as your first option. Try Workaround One a few times before using this option.
|
CSCdv09284
|
Primary and Secondary DNS IP address fields reversed.
It is known that the order of primary DNS and secondary DNS are reversed when they are entered into the /etc/resolv.conf file. As a result, the intended secondary DNS becomes the primary DNS and the intended primary DNS becomes the secondary DNS.
|
The way to work around this problem is to enter the two DNS IP addresses at the Setup program in reverse order: Enter the secondary DNS address when prompted for primary DNS and vice versa.
Note This workaround is only needed when two DNS are used. If one DNS is used, simply enter your DNS address at the primary DNS prompt.
|
CSCdv15180
|
Standalone configuration history lost when reinitialize not run between Setup sessions.
When the Server mode Setup is run multiple times without running reinitialize between sessions, the Standalone mode configuration history is lost and the Cisco CNS Configuration Engine is not able to completely uninitialize the Server mode.
|
To workaround this problem, follow these steps:
1. Go to the /opt/CSCOcnsie/conf/ldaputil.properties file and set the following values:
GroupContainer=ou=AppGroups
2. Run Setup again.
|
Table 6 Cisco CNS Configuration Engine 1.1
ID
|
Problem
|
Workaround
|
CSCdt93814
|
JServ intermittently dies during high-volume (~500) partial configuration operations.
|
Under these circumstances, JServ usually recovers on its own. However, if you get an internal server error message, click Reload for the browser, then click the link again.
|
CSCdu15257
|
Editing template files larger than 24Kb causes Netscape on Solaris to crash.
|
The Edit Template page currently has a 25Kb size limitation in Solaris 2.6 and 2.7; not on the Microsoft Windows platform. If the file exceeds this limit, Netscape on solaris crashes. This is not a size limitation on configurations for Cisco IOS Devices.
|
CSCdu24659
|
You have to delete the device to remove the parameter value in IOShostname, if used. If, when you create a template to remove the value in IOShostname attribute, then later, you edit this parameter, update to this device goes unanswered. This is because the device looks for the DeviceID associated with the IOShostname parameter set earlier.
|
The workaround for this problem is to delete the device in question, then add it back with the updated value.
|
CSCdu78255
|
Error on Edit Schema is persistent. The schema editor keeps the history of all the attributes added during a session. Therefore, any failure operation invalidates the following operations on the Editor.
|
The workaround is to start a new session by logging out and in again to clear the history.
|
CSCdu86428
|
Macros not working correctly in nested templates.
|
Macros are not supported in this release.
|
CSCdv02418
|
DCL limits adding more than 80 references to a group at one time.
|
If you select 80 devices or less to add to a group, there is no problem. If you want to add more than 80 devices to a group, you can add these devices in two, or more, separate transactions. The only limitation is adding 80 devices per transaction to a group.
|
CSCdv03801
|
Undo last schema update gives error. When undoing a last schema edit or reverting the schema to install state, the schema fails to reload. The following error message displays:
/opt/CSCOcnsie/html/../scripts/r
estorelastschema:
/opt/CSCOcnsie/scripts/dclschema
load.txt:
Permission denied.
This message means that the script dclschemaload.txt could not be executed due to insufficient access permission. The schema was undone or reverted successfully but that schema was not reloaded afterwards.
|
To reload the schema, go to Tools --> Directory Manager --> Reload schema and the schema reloads. To prevent this problem from occurring again, login to the CNS 2100 Series system as root and grant global execute permission to the following script:chmod +x /opt/CSCOcnsie/scripts/dclschemaload.txt
|
CSCdv05016
|
Initial configuration load for 500 devices fails intermittently.
|
Intermittent failure of an initial configuration download to the router may occur when the configuration file size is greater than 24k. Subsequent retries should be successful. The root cause of this failure is a JServ timeout (see CSCdt93814).
|
CSCdv11082
|
Issue with device update when Template attribute is NULL.
|
It is a requirement that the value of the template file attribute not be NULL when creating a new device.
|
CSCdv11084
|
Issue with device update when the Template attribute is missing.
|
It is a requirement that there be a value present for the template file attribute when creating a new device.
|
CSCdv11098
|
Issue with device update when group is selected.
|
It is a requirement that there be a value present for the Group attribute when creating a new device.
|
Resolved Caveats - Release 1.2
This section lists caveats that have been resolved for the CNS 2100 Series platform (see Table 7) and release 1.2 of the Cisco CNS Configuration Engine software application (see Table 8).
.
Table 7 CNS 2100 Series Platform
ID
|
Problem
|
CSCdu84805
|
Downloading a new image times out.
If the IE2100 had been previously configured for Ethernet port-1 and you try to upgrade or reimage your system using BldSetup.sh, the script, which uses Ethernet port-0 information is not able to pass on network information. If Ethernet port-0 is not configured, BldSetup.sh quits with a message asking you to setup your system with Ethernet port-0 first, then run the script.
|
CSCdv09284
|
Primary and Secondary DNS IP address fields reversed.
It is known that the order of primary DNS and secondary DNS are reversed when they are entered into the /etc/resolv.conf file. As a result, the intended secondary DNS becomes the primary DNS and the intended primary DNS becomes the secondary DNS.
|
CSCdv15180
|
Standalone configuration history lost when reinitialize not run between Setup sessions.
When the Server mode Setup is run multiple times without running reinitialize between sessions, the Standalone mode configuration history is lost and the Cisco CNS Configuration Engine is not able to completely uninitialize the Server mode.
|
Table 8 Cisco CNS Configuration Engine 1.2
ID
|
Problem
|
CSCdt93814
|
JServ intermittently dies during high-volume (~500) partial configuration operations.
|
CSCdu15257
|
Editing template files larger than 24Kb causes Netscape on Solaris to crash.
|
CSCdu24659
|
You have to delete the device to remove the parameter value in IOShostname, if used. If, when you create a template to remove the value in IOShostname attribute, then later, you edit this parameter, update to this device goes unanswered. This is because the device looks for the DeviceID associated with the IOShostname parameter set earlier.
|
CSCdu78255
|
Error on Edit Schema is persistent. The schema editor keeps the history of all the attributes added during a session. Therefore, any failure operation invalidates the following operations on the Editor.
|
CSCdu86428
|
Macros not working correctly in nested templates.
|
CSCdv02418
|
DCL limits adding more than 80 references to a group at one time.
|
CSCdv03801
|
Undo last schema update gives error. When undoing a last schema edit or reverting the schema to install state, the schema fails to reload. The following error message displays:
/opt/CSCOcnsie/html/../scripts/restorelastschema:
/opt/CSCOcnsie/scripts/dclschemaload.txt:
Permission denied.
This message means that the script dclschemaload.txt could not be executed due to insufficient access permission. The schema was undone or reverted successfully but that schema was not reloaded afterwards.
|
CSCdv05016
|
Initial configuration load for 500 devices fails intermittently.
|
CSCdv11082
|
Issue with device update when Template attribute is NULL.
|
CSCdv11084
|
Issue with device update when the Template attribute is missing.
|
CSCdv11098
|
Issue with device update when group is selected.
|
Open Caveats - Release 1.2
This section lists known caveats that are open for the CNS 2100 Series platform (see Table 9) and release 1.2 of the Cisco CNS Configuration Engine software application (see Table 10).
Table 9 CNS 2100 Series Platform
ID
|
Problem
|
Workaround
|
CSCdu77514
|
ldaputil.properties shows groupOfNames as Group object class. In general, groupOfNames is used by LDAP servers as a method of grouping. The Cisco CNS Configuration Engine uses groupOfNames ObjectClass in its grouping mechanism. If it is necessary, you can use your own group object class as long as two multi-value attributes exist in that object class: member (this can be changed as well) and seealso.
|
Once you decide to use your own object class in Group, you need to modify the ldaputil.properties file by following these steps:
1. Use console access to the IE2100 and login as root.
2. Go to the /opt/CSCOcnsie/conf directory.
3. Edit the ldaputil.properties file.
4. Find the GroupObjectClassName entry:
GroupObjectClassName=groupOfNames
5. Erase groupOfNames and put in <newObjectClassName>. where your new object class name is represented here as <newObjectClassName> to yield:
GroupObjectClassName=<newObjectClassName>
6. Find the MemberAttributeName entry and change it if necessary.
7. Save the changes in ldaputil.properties.
8. Restart the httpd server.
Now, the Cisco CNS Configuration Engine is using your new group object name <newObjectClassName> to search for groups.
Caution The Cisco CNS Configuration Engine fails to operate in standalone mode if you perform mode-switching from Server mode to Standalone mode after performing this procedure.
|
CSCdv85666
|
When setting up the CNS 2100 Series with the Setup program, if you enter an invalid IP address for the Ethernet0 interface, you are not re-prompted to enter a correct one. This invalid IP address causes network connectivity problems for the unit.
|
If you accidentally enter an invalid IP address for the Ethernet0 interface, proceed through the rest of Setup program, but do not commit the changes. Then log in as setup again (if the unit has never been configured before) or run the Setup program (if you are updating a previous configuration) and enter the correct values.
|
CSCdv90816
|
In the Linux operating system, the two Ethernet interfaces are defined as Ethernet0 and Ethernet1. The user is presented with this nomenclature when configuring and using these two interfaces.
The labelling on the IBM x330 hardware shows the two Ethernet interfaces as Ethernet1 and Ethernet2.
|
In the CNS 2100 Series, the hardware is labeled with ports Ethernet 1 and Ethernet 2. The software identifies these ports as Ethernet 0 and Ethernet 1.
Ethernet 1 on the hardware label refers to Ethernet 0 in the software.
Ethernet 2 on the hardware label refers to Ethernet 1 in the software.
|
CSCdw31205
|
If the serial port is not connected, reboot or shutdown -r now does not reboot the system.
This condition can also cause problems (hard disk corruption) when powering off the system using spoff 50 because file-system buffers are not flushed.
|
For reboot:
Issue the command: reboot -f. This bypasses the invocation of shutdown.
Or, connect the serial port before using reboot.
For powering off the system:
Run the following command sequence:
sync
sync
spoff 50
Repeating the sync command flushes the file-system buffers forcing changed blocks from memory to disk. Then use spoff 50 to power off the system.
Or, connect the serial port before using spoff 50.
|
CSCdw46662
|
In the Setup program, the prompt Enter the Event Gateway Debug Log does not adequately explain what the Setup program is asking for.
|
The Setup program means to ask Enable event gateway debugging (y/n)?
Respond with y or n.
|
CSCdw65776
|
If you configure the CNS 2100 Series for External Directory mode and you do not use the sample schema, you will be prompted for the elements of your schema. It is important when setting up your own schema to put the Namespace Mapper group context under the CNS context. No checking is done for this requirement, but if this requirement is not satisfied, you will not be able to view or update any devices in the user interface.
|
Run the Setup program again and configure a proper Namespace Mapper group context.
|
CSCdw84222
|
The command show version was used for displaying the software versions on the system in the previous releases. This command is not yet removed from the system, but it is obsolete. The output should be ignored.
|
Use the new command showversion.
|
CSCdw85170
|
When you change the Admin account, then run relocate or reinitialize, the Admin account is corrupted.
This occurs because of a problem in redefining the Linux administrator account username in Setup.
|
Run relocate or reinitialize before changing the administrator username.
For example, the administrator username Admin has been created in Setup. To change the administrator username from Admin to Smith, follow these steps:
Step 1 Run reinitialize.
This deletes the account for Admin, including the group name.
Warning Use reinitialize with caution. Running reinitialize erases all data files you have created, returning the system back to factory settings.
Step 2 Re-run Setup to define the administrator username to Smith.
|
Table 10 Cisco CNS Configuration Engine 1.2
ID
|
Problem
|
Workaround
|
CSCdu85243
|
The Search functionality is inconsistent.
|
On the screens View Device, Edit Device, Delete Device, Update Device, Edit User, Delete User and Order Entry, the search is wildcard-enabled and case-insensitive. Also, the search string is not shown along with the search results.
On the Tools->View Logs->Events Log screen, the search is not wildcard-enabled and is case-sensitive. The search string is shown along with the search results.
|
CSCdv04599
|
TibGate getting killed after fetching large number of mappings.
When using the Namespace Mapper feature, there is a limitation of 150 mappings per subject name. If more than 150 mappings are provided, the CNS Event Gateway stops functioning.
|
Limit the number of mappings per subject name to 150.
|
CSCdv05930
|
Tools->Directory Manager->Edit Schema The Unique ID for this attribute is editable. Any value can be given to this attribute. Since this value is OID for this attribute it should follow the standards used for creating OIDs.
|
When adding items to the schema of the Cisco Configuration Registrar, it is important that the values for the Unique ID actually be unique. No checking is done to ensure that they really are unique. An attempt to add an item with the same ID as a previous item results in the schema failing to reload from that point forward.
The workaround is to revert to the factory schema and re-do any modifications made since then.
|
CSCdv70366
|
The directory API does not support special characters in device names, such as < & etc.
The API does not accept special characters in username or password fields.
|
When using the Intelligent Modular Gateway feature of the CNS 2100 Series to configure a device by means of Telnet or SSH, it is not possible to use punctuation characters in the username or password for the target device.
|
CSCdw37706
|
All users can be deleted using Cisco CNS Configuration Engine user interface.
|
It is possible to use the delete user functionality in the web-based user interface to remove users with administrator access. If all users with administrative access are removed, it is no longer possible to log into the user interface with administrator privileges.
The workaround is to run reinitialize to revert to factory settings, set up the unit again, and then restore your data from your last backup.
|
CSCdw58345
|
When creating, then deleting a DeviceID longer than 64 characters, DCL crashes.
|
Do not create any user-specified identifier (such as a DeviceID) that is longer than 64 characters. Such identifiers causes internal processes to fail.
|
CSCdw83530
|
No warning given to user when reverting back to original schema.
|
Be careful when choosing to revert the schema back to the original schema. If there are any devices that are actually using new schema elements that were not in the original schema, those devices become unusable if you revert to the original schema.
Therefore, customers who have extended their schema and have actually used new schema elements in device objects should not revert to the original schema.
|
CSCdw84916
|
Device update fails when the uniquedeviceid and uniqueconfigid of the device are different.
|
In External Directory mode, it is important to set the DeviceID of each object to match its ConfigID. This is the default behavior, but it can be changed. If the DeviceID of an object does not match its ConfigID, you are not able to access that device from the Configuration Registrar user interface.
This also means that IOS devices must be careful when they use the cns id command to change their IDs from the default of the device hostname. If they use the cns id command, they must also use the cns id ... event command so the IDs match.
|
CSCdw89165
|
DAT allows addition of device with same cn= in different containers.
|
It is important to make all device IDs in the system unique. It is possible, using the Directory Administration Tool, to create duplicate device IDs if they are in different containers from namesakes that have already been created.
This should not be done, because the software does not operate properly when you try to update the device using the Configuration Registrar.
|
CSCdw89291
|
Inconsistent behavior in View and Update screen when template is invalid.
|
It is important to specify template attributes for device objects with a value ending in .cfgtpl.
If the template value does not end in .cfgtpl, inconsistent behavior (such as being unable to update the device) will result.
|
CSCdx01553
|
The TibGate log in /var/log/CNS/TibGateLog uses up the full space allocated to the partition in two days.
|
The Event Gateway debugging option should only be enabled for short periods of time (less than one day). The reason is that the log will exhaust available disk space within two days of the debugging being turned on.
In addition, after the debugging log has been captured, the debugging log should be turned off (by running setup again), and then the files in /opt/CSCOcnsie/logs should be cleaned up.
|
Resolved Caveats - Release 1.3
This section lists caveats that have been resolved for the CNS 2100 Series platform (see Table 11) and release 1.3 of the Cisco CNS Configuration Engine software application (see Table 12).
.
Table 11 CNS 2100 Series Platform
ID
|
Problem
|
CSCdu77514
|
ldaputil.properties shows groupOfNames as Group object class. In general, groupOfNames is used by LDAP servers as a method of grouping. The Cisco CNS Configuration Engine uses groupOfNames ObjectClass in its grouping mechanism. If it is necessary, you can use your own group object class as long as two multi-value attributes exist in that object class: member (this can be changed as well) and seealso.
|
CSCdw31205
|
If the serial port is not connected, reboot or shutdown -r now does not reboot the system.
This condition can also cause problems (hard disk corruption) when powering off the system using spoff 50 because file-system buffers are not flushed.
|
CSCdw46662
|
In the Setup program, the prompt Enter the Event Gateway Debug Log does not adequately explain what the Setup program is asking for.
|
CSCdw65776
|
If you configure the CNS 2100 Series for External Directory mode and you do not use the sample schema, you will be prompted for the elements of your schema. It is important when setting up your own schema to put the Namespace Mapper group context under the CNS context. No checking is done for this requirement, but if this requirement is not satisfied, you will not be able to view or update any devices in the user interface.
|
CSCdw84222
|
The command show version was used for displaying the software versions on the system in the previous releases. This command is not yet removed from the system, but it is obsolete. The output should be ignored.
|
CSCdw85170
|
When you change the Admin account, then run relocate or reinitialize, the Admin account is corrupted.
This occurs because of a problem in redefining the Linux administrator account username in Setup.
|
Table 12 Cisco CNS Configuration Engine 1.3
ID
|
Problem
|
CSCdu85243
|
The Search functionality is inconsistent.
|
CSCdv05930
|
Tools->Directory Manager->Edit Schema The Unique ID for this attribute is editable. Any value can be given to this attribute. Since this value is OID for this attribute it should follow the standards used for creating OIDs.
|
CSCdw37706
|
All users can be deleted using Cisco CNS Configuration Engine user interface.
|
CSCdw83530
|
No warning given to user when reverting back to original schema.
|
CSCdw84916
|
Device update fails when the uniquedeviceid and uniqueconfigid of the device are different.
|
CSCdw89165
|
DAT allows addition of device with same cn= in different containers.
|
CSCdw89291
|
Inconsistent behavior in View and Update screen when template is invalid.
|
CSCdx01553
|
The Event Gateway debugging log exhausts available disk space within two days of turning on the debugging option.
|
Open Caveats - Release 1.3
This section lists known caveats that are open for the CNS 2100 Series platform (see Table 13) and release 1.3 of the Cisco CNS Configuration Engine software application (see Table 14).
Table 13 CNS 2100 Series Platform
ID
|
Problem
|
Workaround
|
CSCdw58345
|
The current version of LDAP directory is unable to handle attributes more than 64 characters, which causes internal processes to fail.
|
When running the Setup program on the CNS 2100 Series, do not create any user-specified identifiers that are longer than 64 characters.
|
CSCdv70366
|
The directory API does not support special characters in device names, such as < & etc.
The API does not accept special characters in username or password fields.
|
When using the Intelligent Modular Gateway feature of the CNS 2100 Series to configure a device by means of Telnet or SSH, it is not possible to use punctuation characters in the username or password for the target device.
|
CSCdv85666
|
When setting up the CNS 2100 Series with the Setup program, if you enter an invalid IP address for the Ethernet0 interface, you are not re-prompted to enter a correct one. This invalid IP address causes network connectivity problems for the unit.
|
If you accidentally enter an invalid IP address for the Ethernet0 interface, proceed through the rest of Setup program, but do not commit the changes. Then log in as setup again (if the unit has never been configured before) or run the Setup program (if you are updating a previous configuration) and enter the correct values.
|
CSCdv90816
|
In the Linux operating system, the two Ethernet interfaces are defined as Ethernet0 and Ethernet1. The user is presented with this nomenclature when configuring and using these two interfaces.
The labelling on the IBM x330 hardware shows the two Ethernet interfaces as Ethernet1 and Ethernet2.
|
In the CNS 2100 Series, the hardware is labeled with ports Ethernet 1 and Ethernet 2. The software identifies these ports as Ethernet 0 and Ethernet 1.
Ethernet 1 on the hardware label refers to Ethernet 0 in the software.
Ethernet 2 on the hardware label refers to Ethernet 1 in the software.
|
Table 14 Cisco CNS Configuration Engine 1.3
ID
|
Problem
|
Workaround
|
CSCdv04599
|
TibGate getting killed after fetching large number of mappings.
When using the Namespace Mapper feature, there is a limitation of 150 mappings per subject name. If more than 150 mappings are provided, the CNS Event Gateway stops functioning.
|
Limit the number of mappings per subject name to 150.
|
CSCdy15293
|
The reload button in the web-based user interface might not work properly when reload is pressed number of times.
|
To clear this problem, close and restart the web browser.
|
CSCdy48492
|
When there are about 5,000 devices to be displayed in the Update or Delete Device screens it takes about 10 minutes to display all the devices in the screen.
|
When you click on the Update or Delete Device links in the Devices menu please wait for sometime for the browser to display all the devices and the corresponding check boxes.
|
CSCdy48788
|
When the Bulkupload data contains invalid attributes, DAXMLservelet stops working and logs invalid errors. This is a problem in the current LDAP directory version.
|
Validate that there are no invalid attributes in the Bulkupload data. If for some reason the system goes into this state, then reload the Cisco CNS Configuration Engine software.
|
CSCdy53209
|
The Event Gateway (TibGate) is unable to allocate memory. This problem is noticed in stress cases only.
|
Reduced usage of memory should help the problem.
|
CSCdy61014
|
Currently due to resource constraints, it is not possible to have all 5,000 devices connect to the Event Gateway (TibGate) all at once.
|
The workaround is to stagger device connection in multiple waves of 500 devices per wave.
|
CSCdy62870
|
Authentication server may become unresponsive when many events (2000 or so) are sent (via event bus) to the IMGW devices.
|
There is no workaround. Httpd would have to be restarted to restore the authentication server.
|
CSCdy63149
|
When more than 500 simultaneous connections come in, the configuration service can leave a spinning java thread utilizing CPU cycles. However, this thread is scheduled whenever other threads come in.
|
Currently, the only workaround is to reload Cisco CNS Configuration Engine software to get rid of the thread.
|
CSCdy68363
|
This is a known problem when over loading the Webserver.
|
When NSM provider mode (algorithmic) was tested by bringing up 100 clients at a time with 1,000 seconds delay before another set of 100 clients, all 5,000 clients were able to establish connection with TibGate successfully.
|
CSCdy72661
|
Event Gateway (TibGate) authentication request timeout option not set to support 5,000 devices.
|
None. This parameter is set automatically by the setup program.
|
CSCdy80613
|
Currently due to limited resources, it takes a long time for all 5,000 devices to receive configuration updates.
|
Issue updates in staggered waves of 500 devices per wave.
|
CSCdy83389
|
When 5000 devices try to post their inventory information and connect to Event Gateway upon receiving their configurations, it may take up to an hour before the last configuration is received. During this period, most of the device authentication requests are queued and timeout due to the default authentication timeout value of 180 seconds.
|
The devices will retry automatically and will ultimately get authenticated.
|
CSCdz14956
|
Under stress conditions over a period of weeks it has been noticed that the EventMonitor on the GUI stops logging the events.
|
To restart the EventMonitor log, restart the CNS 2100 Series system.
|
CSCdz20043
|
GUI: Tools -> Data Manager -> UpdateProductList, the option on the UpdateProductList page Download from Cisco Web site does not work. This is because the default URL specified in the properties is incorrect.
|
Specified URL option and enter the URL explicitly.
|
CSCdz33665
|
When SSL is turned on and 5,000 devices post their configurations, then connect to the Event Gateway (TibGate) upon receiving their configurations, all 5,000 successfully connect to the Event Gateway. But, if all 5,000 disconnect from the Event Gateway and reconnect, the CNS 2100 Series system experiences out of memory failures and the number of devices that successfully reconnect to the Event Gateway is reduced. The problem gets worse for each subsequent 5,000 disconnect and reconnect sequence.
|
The number of devices using SSL, either connecting to Apache configuration server or connecting to the Event Gateway (TibGate, should be limited to 3,000 or less.
|
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
Copyright © 2002, Cisco Systems, Inc.
All rights reserved.
