Feedback
Table Of Contents
Internal Directory Mode Setup Prompts
External Directory Mode Setup Prompts
Verifying Software Installation
Redefining Hostname, Domain Name, and Country Code
Installing Replacement Cisco 2116 System
Enabling Telnet Following Software Installation
Linux System Configuration
This chapter provides information about how to use the Setup program to configure a Cisco 2116 Intelligence Engine running Linux for Cisco Configuration Engine.
Note
Telnet connection to the network interface of Configuration Engine 1.5 is disabled for security reasons. Instead of Telnet, use SSH. However, you can still use Telnet connection for local serial-port access.
Running Setup
System configuration for Configuration Engine 1.5 on a Cisco 2116 running Linux is accomplished using the Setup program.
You must run the Setup program when you start the system for the first time.
You must connect to the system using the serial port to use the Setup program. The parameters for using the serial port are 9600-N-8-1. Alternatively, you can connect a VGA monitor to the Cisco 2116.
If this is the first time running Setup, or you have just run reinitialize or relocate, you cannot connect to the system using SSH. SSH is only possible if the network interfaces are configured.
To run Setup, follow these steps:
Step 1
When the system finishes the startup routine, a login prompt appears.
Step 2
The Setup program starts.
Step 3
Use the following conventions when running the Setup program:
•
After you enter a response, you cannot edit it again. To change an entered response you must exit the Setup program and enter your responses again. You can exit the Setup program in two ways:
–
The login prompt appears. Use the login setup to run the Setup program.
–
The Setup program exits without saving the configuration.
•
Step 4
For an example of the Internal Directory mode prompts, see "Internal Directory Mode Setup Prompts"on this page.
For an example of the External Directory mode prompts, see "External Directory Mode Setup Prompts" section.
Step 5
Step 6
After you save the configuration, the shell prompt appears.
Re-executing Setup
You cannot run Setup a second time by logging in as setup because that account is disabled for security reasons after it is used once successfully. To re-execute Setup, login as root, then enter the setup command in the shell prompt.
Limitations and Restrictions
•
•
•
•
Internal Directory Mode Setup Prompts
The following sample shows the standard set of prompts for Internal Directory mode:
Notes
•
•
Entering Network Appliance SetupType ctrl-c to exitFor detail information about the parameters in this setup, refer to "Cisco Configuration Engine 1.5 Administrator Guide".Interactive or non-interactive setup? 0=interactive, 1=non-interactive. 0Choose operational mode of system. 0=internal directory mode, 1=external directory mode. 0Please enter the password you would like to use as the root password for the IE2100. Warning: If you lose this password, the root account will be locked out of maintaining the IE2100.Enter root password: ******Re-enter root password: ******Enter hostname: mainstreetEnter domain name: cisco.comUser-level shell account for IE2100 has read-only monitoring andtroubleshooting access. However, no configuration changes are possible withthis account.Enter username for user-level shell account: adminEnter password for user-level shell account: *****Re-enter password for user-level shell account: *****You must configure eth0 or eth1. Press <Enter> to skip!Enter eth0 IP address: 10.1.19.12Enter eth0 network mask: 255.255.255.0Enter eth0 default gateway IP address: 10.1.19.6Enter eth1 IP address:Enter primary DNS server IP address: 171.68.226.120Enter secondary DNS server IP address (optional):Enter country code: usEnter company code: ciscoConfiguration Engine user ID is used to log in to the web-based GUI andmanage network device objects and templates. This account does NOT have shell access.Enter Configuration Engine login name: adminEnter Configuration Engine login password: *****Re-enter Configuration Engine login password: *****Enter internal LDAP server port number: [389]Enter internal LDAP server password: *****Re-enter internal LDAP server password: *****Email service settings:-----------------------Enter SMTP server (hostname.domainname or IP address):Encryption settings:--------------------Enable cryptography (crypto) between Event Gateway(s)/Config Server and device(s) (y/n)? [y]Certificates already exist. Overwrite (y/n)? [y]Enter certificate FTP server (hostname.domainname or IP address): ringerEnter username used for FTP server: jbgoodeEnter FTP password: ********Re-enter FTP password: ********Enter absolute pathname of remote key file: /users/jbgoode/cert/server.keyEnter absolute pathname of remote certificate file: /users/jbgoode/cert/server.crtEnabling plaintext operation will increase security risk.Enable plaintext between Config Server and devices/GUI administration (y/n)? [n] yEnable plaintext operation between Event Gateway and devices (y/n)? [n] yEnter port number for http web access: [80]Enter port number for https web access: [443]Enter Tomcat internal port number: [8009]Enter Tomcat shutdown port number:[8005]Authentication settings:------------------------IOS Devices are normally authenticated before being allowed to connect tothe Event Gateway/Config Server. Disabling authentication will increasesecurity risk.Enable authentication (y/n)? [n] yEvent services settings:------------------------Enter Event Gateway application parameter(s) for NSM: [config]Enable Event Gateway debug log (y/n)? [n]Enter log file rotation timer (minutes, 0 = no rotation): [15]Enter max log file size (Kbytes): [3072]Enable log backup (y/n)? [y]Each Event Gateway process serves 500 devices. Maximum number of EventGateways allowed is 11.Enter number of Event Gateways that will be started with crypto operation: 10Enter number of Event Gateways that will be started with plaintext operation: [0]1Enter Event Bus Network Parameter: [mainstreet]Enter Event Bus Service Parameter: [7500]Enter Event Bus Daemon Parameter: [7500]Enable Event Bus routing daemon logging (y/n)? [n]Enter http port for Event Bus Web Administration GUI: [7580]Event Bus Web Admin port should always be closed unless the Web admin GUI is needed. Keeping web admin port open is a security risk.Would you like to open Event Bus Web Administration port (y/n)? [n]Current settings for IMGW:--------------------------Gateway ID: mainstreetRun as daemon (y/n)? yTimeout in seconds for entire Telnet operation to complete: 180Timeout in seconds between prompts during Telnet session: 60Concurrent Telnet session limit: 20Hoptest success retry interval (sec): 7200Hoptest failure retry interval (sec): 3600Logging level (verbose, error, silent): errorLog file prefix: IMGW-LOGLog file size (bytes): 50331648Log file rotation timer (seconds): 60Logging mode (append, overwrite): appendAlternative username prompt for device using TACACS/RADIUS:Alternative password prompt for device using TACACS/RADIUS:Re-configure IMGW (y/n)? [n]File Servers settings:----------------------An internal FTP server can be enabled for image distributions.** WARNING **This is not recommended for large-scale distributions and will introduce the security risks associated with running a read-only FTP server.Enable internal FTP server (y/n)? [y]Note: this is a READ-ONLY ftp account.Enter username for internal FTP server account: mackieEnter password for internal FTP server account: *******Re-enter password for internal FTP server account: ******Enable internal TFTP server (y/n)? [y]Commit changes (y/n):Parameter Descriptions
Interactive or non-interactive setup: In interactive setup, you set up the appliance by entering all configuration inputs manually. In non-interactive setup, you download a configuration file that can be run and sets up the system automatically.
Root password: This is the password for logging into the root-user account of Linux. Setup prompts you to redefine the root password whenever it detects that the root password is set to the factory default blender. You can change the root password using Linux password command passwd.
Username/password for user-level shell account: This is the username-password pair to be created in Linux for administrative purposes. This account does not have root privileges.
Eth0/Eth1 IP address/network mask: IP address and network mask of the system. You can configure one or both Ethernet card(s) for network connectivity.
Default gateway IP address: This is the gateway IP address that makes up the default route in the routing table.
Primary/secondary DNS server IP address: This is the server that provides domain-name to IP address translation service. Only the first one is required. The second one is optional.
Country/company code: These are the information used to define the internal storage structure of the internal directory.
Configuration Engine login name/password: Define the administrator account and password for accessing the Configuration Engine 1.5 GUI.
Enter internal LDAP server password: Define internal-directory-account password.
Enter internal LDAP server port number: Define the port number that should be used by LDAP server. The default value is 389.
•
•
•
–
–
–
–
•
–
–
–
•
•
Email Service Setting
Enter SMTP server (hostname.domainname or IP address): Specifies the SMTP server hostname or IP address to enable email notification service. The SMTP server is used to send out email. This parameter is optional. If you do not wish to provide email service, leave it blank.
Encryption Settings
Enable cryptography (crypto) between Event Gateway(s)/Config Server and device(s) (y/n): This option enables crypto (SSL) operation. The web server listens on TCP port 443, and responds to https requests (for example, https://machine/config/login.html). The event gateway listens to ports 11012, 11014, and so on (depending on the number of gateways started). All data between the Cisco 2116 and the far end is encrypted. The SSL protocol (combined with valid certificates) ensures that the Cisco 2116 is authenticated by the far end. In order to complete SSL configuration, valid certificates need to be placed on the Cisco 2116. See Section "Configuring SSL Certificates" section for details. For testing, after configuration open an SSL connection to each port (openssl s_client -connect hostname:port). This should be done for both enable and disable cases.
If disabling crypto operation, the rest of the prompts in this section are omitted.
Certificates already exist, Overwrite (y/n): If certificate already exists, choose whether to download and overwrite the existing one. If there is no certificate initially on the appliance, this prompt is disabled.
Certificate FTP server: Specify the location of the FTP server for downloading the certificate. Input can either be an IP address or in the form of hostname.domain. For the latter case, the DNS entered earlier is used for the hostname.domain-to-IP address resolution.
Username/password for FTP server: Specify the login name and password for accessing the FTP server.
Absolute pathname of remote key file and certificate file: Specify the locations of the key and certificate files on the FTP server.
Enable plaintext operation between Config Server and devices/GUI administration (y/n): This option enables plaintext config server operation. In addition to listening on TCP port 443 for crypto connections, the web server also listens on TCP port 80 for plaintext connections, responding to HTTP requests (for example, http://machine/config/login.html). If crypto is disabled, plaintext between Config Server and devices/GUI administration is enabled.
Enable plaintext operation between Event Gateway and devices (y/n): This prompt enables/disables the prompt: number of Event Gateways that will be started with plaintext operation, which is in Event service settings (see "Event Service Settings" section).
Port number for http web access: Specify the port number to be used for http web access. The default is 80.
Enter port number for https web access: Specify the port number to be used for secure http web access. The default is 443.
Enter Tomcat internal port number: Specify the port number for internal communication between Apache and Tomcat. The default is 8009.
Enter Tomcat shutdown port number: Specify the shutdown port number for Tomcat. The default is 8005.
Authentication Settings
Enable authentication (y/n): Enable IOS device authentication mechanism within the Cisco 2116. To test, attempt to connect an IOS device, with an incorrect password, to the Configuration Engine 1.5. The password can be changed on IOS with the hidden command cns password newPassword.
Tip
Table 2-3 Valid Values for Authentication Parameters
Enable authentication
y, n
Event Service Settings
Event Gateway application parameter(s) for NSM: Specifies the application namespace to be used in NameSpace Mapper for resolving mapping. The default namespace used is config.
Event Gateway debug log: Send Event Gateway debug output to the log file: /var/log/CNSCE/evt_gateway.
Log file rotation timer (minutes, 0 = no rotation): The time period to check whether event gateway log files should be log-rotated in current working directory. If the value is 0 then the event log files are not log-rotated. The default value is 2 minutes if event gateway debug logging is turned on and 5 minutes if event gateway debug logging is turned off. Valid values are 0 to 1440.
Max log file size (Kbytes): The file size above which log-rotation starts. The default is 3072 Kbytes. Valid values are 1 to 2097152 (Kbytes).
Log backup (y/n)? Indicates whether the event gateway log-rotated file should be copied to the backup directory /var/log/CNSCE/evt_gateway/backup. Default is y; log files in /var/log/CNS are tarred, time stamped and moved into the backup directory.
Number of Event Gateways that will be started with crypto operation: Specify the number of Event Gateway processes that should be started in crypto mode; for example, the number of Event Gateways that communicate with devices using SSL. Note: that if crypto operation is disabled, this prompt is also disabled.
Number of Event Gateways that will be started with plaintext operation: Specify the number of Event Gateway processes that should be started in plaintext mode; for example, the number of Event Gateway that communicate with devices without using SSL. Note that the total number of Event Gateways, whether or not it is started for crypto operation, should not exceed 11.
Event Bus Network Parameter: Specify the outbound network interface of Cisco 2116 for publishing events. It can be an IP address, the name of the local network interface, a hostname, or multicast address.
Event Bus Service Parameter: Specify the UDP port used for publishing and listening to events among Event Bus daemons. Dedicating a port for communication between an Cisco 2116 and its managing devices can reduce traffic caused by listening to other unrelated events. The default is 7500.
Enter Event Bus Daemon Parameter: Specify the TCP port that should be used for the TCP connections between Event Bus daemon and its client applications. The default is 7500.
Enable Event Bus routing daemon logging (y/n)? Enable or disable Event Bus logging. The default is disable. Log file can be found at /var/log/CNSCE/rvrd/rvrd.log.
Enter http port for Event Bus Web Administration GUI: Specify the http port for accessing Event Bus Web Administration interface. The default is 7580.
Would you like to open Event Bus Web Administration port (y/n)? Enable or disable the http port for Event Bus Web interface access.
Re-configure IMGW: This yes/no prompt determines whether setup should display the section of prompts for re-configuring IMGW related parameters. Regular user should always answer n.
Valid inputs for the network parameter consists of up to three parts, separated by semicolons: network, multicast groups, and send address as in this example:
eth0 network onlyeth0;224.1.1.1 one multicast groupeth0;224.1.1.1,224.1.1.5;224.1.1.6 two multicast groups, send addressPart One—Network: Part one identifies the network, which you can specify in several ways: Host name, Host IP address, Network name (where supported), Network IP number, or Interface name (where supported; for example, eth0).
Part Two—Multicast Groups: Part two is a list of zero or more multicast groups specified as IP addresses, separated by commas. Each address in part two must denote a valid multicast address.
Part Three—Send Address: Part three is a single send address. If present, this item must be an IP address, not a host name or network name.
Re-configure IMGW Parameters
This section shows the set of prompts required for re-configuring the IMGW settings.
Re-configure IMGW (y/n)? [n] yEnter Gateway ID: [mainstreet]Run as daemon (y/n)? [y]Enter timeout in seconds for a CLI command to complete: [180]Enter timeout in seconds to get the next prompt in Telnet session: [60]Enter concurrent Telnet session limit: [20]Enter hoptest success retry interval (sec): [7200]Enter hoptest failure retry interval (sec): [3600]Enter logging level (verbose, error, silent): [error]Enter log file prefix: [IMGW-LOG]Enter log file size (bytes): [50331648]Enter log file rotation timer (seconds): [60]Enter logging mode (append, overwrite): [append]Alternative username prompt for device using TACACS/RADIUS:Alternative password prompt for device using TACACS/RADIUS:Parameter Descriptions
Gateway ID: Unique identifier assigned to the IMGW process. It is always set to hostname by default.
Run as daemon: Set to y for normal use. n is only used for debugging purposes.
Timeout in seconds for a CLI command to complete: The maximum waiting time in seconds for a CLI to complete.
Timeout in seconds to get the next prompt in Telnet session: The maximum waiting time in seconds to get the next prompt in Telnet session.
Concurrent Telnet session limit: The maximum simultaneous Telnet connections that IMGW supports.
Hoptest success retry interval: Time interval in minutes for IMGW to check device in the Success list (devices for which connectivity-check succeeded).
Hoptest failure retry interval: Time interval in minutes for IMGW to check device in the Failure list (devices for which connectivity-check failed).
Logging level: Verbose mode logs both error and debugging messages. Error mode logs only error messages. Silent mode does not log any message.
Log file prefix: A prefix used to construct the name of the log file. The resulting filename is made up of the prefix and the IMGW gateway ID.
Log file size: Log file size that triggers log rotation.
Log file rotation timer: Time in seconds after which to check log-file size for log rotation.
Logging mode: Select whether to append new log to the end of the log file or overwrite the previous log.
Alternative username/password prompts for device using TACACS/RADIUS: When a device is authenticated by TACACS+ or RADIUS servers, the username/password prompts which are returned to the Telnet users are configurable. The alternative username/password prompts allow you to choose your own set of username/password prompts. If no inputs are entered, the default username/password prompts Username: and Password: are assumed.
File Server Settings
Enable internal FTP server (y/n)? This option enables the internal FTP server used as an image repository for the Image Service in the Internal Directory mode. This is a read-only account. The default value is no (n).
Enter username/password for internal FTP server account: This is the username-password pair to be created in Linux for devices to pull images. This account has read-only privilege.
Enable internal TFTP server (y/n)? This option enables the internal TFTP server. This account has read-only privileges (with the exception noted below). The default value is no (n).
•
•
•
–
–
External Directory Mode Setup Prompts
Most of the prompts in External Directory mode are identical to those for the Internal Directory mode except for the introduction of the External Directory mode settings and sample schema.
In the External Directory mode, the system is configured to contact the external directory storage for device information. Certain information that makes up the schema of the external directory such as attribute names (in the device class) and container locations must be entered during Setup.
To simplify the inputs, you can choose to use the predefined sample schema and construct your external directory accordingly.
Note
The sample shows the prompts for External Directory mode where the sample schema is enabled.
Notes
•
•
Entering Network Appliance SetupType ctrl-c to exitFor detail information about the parameters in this setup, refer to "Cisco Configuration Engine 1.5 Administrator Guide".Interactive or non-interactive setup? 0=interactive, 1=non-interactive. 0Choose operational mode of system. 0=internal directory mode, 1=external directory mode. 1Please enter the password you would like to use as the root password for the IE2100. Warning: If you lose this password, the root account will be locked out of maintaining the IE2100.Enter root password: ******Re-enter root password: ******Enter the hostname: mainstreetEnter the domain name: cisco.comUser-level shell account for IE2100 has read-only monitoring and troubleshooting. However, no configuration changes are possible with thisaccount.Enter username for user-level shell account: adminEnter password for user-level shell account: *****Re-enter password for user-level shell account: *****You must configure eth0 or eth1. Press <Enter> to skip!Enter eth0 IP address: 10.1.19.12Enter eth0 network mask: 255.255.255.0Enter eth0 default gateway IP address: 10.1.19.6Enter eth1 IP address:Enter primary DNS server IP address: 171.68.226.120Enter secondary DNS server IP address (optional):Enter country code: usEnter company code: ciscoEmail service settings:-----------------------Enter SMTP server (hostname.domainname or IP address):Encryption settings:--------------------Enable cryptography (crypto) between Event Gateway(s)/Config Server and device(s) (y/n)? [y]Certificates already exist. Overwrite (y/n)? [y]Enter certificate FTP server (hostname.domainname or IP address): ringerEnter username used for FTP server: jbgoodeEnter FTP password: ********Re-enter FTP password: ********Enter absolute pathname of remote key file: /users/jbgoode/cert/server.keyEnter absolute pathname of remote certificate file: /users/jbgoode/cert/server.crtEnabling plaintext operation will increase security risk.Enable plaintext operation between Config Server and devices/GUI administration (y/n)? [n] yEnable plaintext operation between Event Gateway and devices (y/n)? [n] yEnter port number for http web access: [80]Enter port number for https web access: [443]Enter Tomcat internal port number: [8009]Enter Tomcat shutdown port number:[8005]Authentication settings:------------------------IOS Devices are normally authenticated before being allowed to connect to the Event Gateway/Config Server. Disabling authentication will increase security risk.Enable authentication (y/n)? [n] yEvent services settings:------------------------Enter Event Gateway application parameter(s) for NSM: [config]Enable Event Gateway debug log (y/n): [n]Enter log file rotation timer (minutes, 0 = no rotation): [15]Enter max log file size (Kbytes): [3072]Enable log backup (y/n)? [y]Each Event Gateway process serves 500 devices. Maximum number of Event Gateways allowed is 11.Enter number of Event Gateways that will be started with crypto operation: 10Enter number of Event Gateways that will be started with plaintext operation: [0]1Enter Event Bus Network Parameter: [mainstreet108]Enter Event Bus Service Parameter: [7500]Enter Event Bus Daemon Parameter: [7500]Enable Event Bus routing daemon logging (y/n)? [n]Enter http port for Event Bus Web Administration GUI: [7580]Event Bus Web Admin port should always be closed unless the Web admin GUI is needed. Keeping web admin port open is a security risk.Would you like to open Event Bus Web Administration port (y/n)? [n]External directory settings:----------------------------Enter IP address of remote directory server: 10.10.18.7Enter port number of remote directory server: 389Enter external directory server login name: adminEnter external directory server password: *****Re-enter external directory password: *****Enter User DN: cn=admin,o=butterflyEnter Cisco-CE context: ou=cns,o=butterflyUse sample schema (y/n): [y]Current settings of IMGW:-------------------------Gateway ID: mainstreetRun as daemon (y/n)? yTimeout in seconds for a CLI command to complete: 180Timeout in seconds to get the next prompt in Telnet session: 60Concurrent Telnet session limit: 20Hoptest success retry interval (sec): 7200Hoptest failure retry interval (sec): 3600Logging level (verbose, error, silent): errorLog file prefix: IMGW-LOGLog file size (bytes): 50331648Log file rotation timer (seconds): 60Logging mode (append, overwrite): appendAlternative username prompt for device using TACACS/RADIUS:Alternative password prompt for device using TACACS/RADIUS:Re-configure IMGW (y/n)? [n]Parameter Descriptions
These parameter descriptions are for those parameters unique to the External Directory mode. The general parameter descriptions for the sample above (common to both modes) are listed beginning with "Parameter Descriptions" section.
IP address of remote directory server: The location of the external directory expressed as IP address.
Port number of remote directory server: The service port number of the external directory.
Remote directory server login name: Directory user that has the administrative privileges for all objects under Cisco-CE context; for example, admin.
Remote directory server password: Directory user password.
User DN: The complete distinguished name for the remote directory administrative user.
Cisco-CE context: Directory context (DN) under which all Cisco Configuration Engine objects are created. This includes device objects, group objects, application objects, and event objects. These objects can be created inside containers under Cisco-CE context.
Use sample schema: Select y for enabling the predefined sample schema and n for otherwise. See "Sample Schema" for the definition and default values of sample schema.
Sample Schema
If you answer the first prompt (Use sample schema (y/n):) with y indicating that you want to use the sample schema, the default values shown in brackets in the sample below are used for all sample schema attributes and they do not appear.
If you answer the first prompt with n indicating you do not want to use the sample schema as is, the attributes of the sample schema appear along with their default values in brackets. You can overwrite any of these default values to create your own schema:
Use sample schema (y/n): nEnter container name under which device objects are stored:[ou=CNSDevices]Enter container name under which generic objects are stored:[ou=GenericDevices]Enter container name under which PIX device objects are stored:[ou=PIXDevices]Enter container name under which linecard objects are stored:[ou=LinecardDevices]Enter container name under which application objects are stored:[ou=CNSApplications]Enter container name under which IMGW objects are stored:[ou=imgw]Enter objectclass for device object:[IOSConfigClass]Enter template attribute name in device objectclass:[IOSconfigtemplate]Enter config ID attribute name in device objectclass:[IOSConfigID]Enter event ID attribute name in device objectclass:[IOSEventID]Enter device category attribute name in device objectclass:[ou=AdminDeviceType]Enabling Modular Router feature allows you to configure linecards independently of the slot numbers.Would you like to use Modular Router Feature (y/n)? [n] yEnter IOS device type attribute name in device objectclass:[IOSlinecardtype]Enter IOS sub devices attribute name in device objectclass:[IOSsubdevices]Enter IOS main device attribute name in device objectclass:[IOSmaindevice]Enter IOS slot attribute name in device objectclass:[IOSslot]Enter interfaces info attribute name in device objectclass:[IOSinterfacesinfo]Enter controllers info attribute name in device objectclass:[IOScontrollersinfo]Enter voiceports info attribute name in device class:[IOSvoiceportsinfo]Enter Cisco-CE group attribute name in device: [parent]Enter password attribute name in device object class: [AuthPassword]Enter objectclass for bootstrap password object: [CNSBootstrapPwdClass]Enter bootstrap password attribute name in bootstrap password objectclass: [CNSBootPassword]Definitions
Device objects container name: The container in the directory under which device objects are created.
Generic device object container name: The container in the directory under which generic device objects are created.
PIX device object container name: The container in the directory under which PIX device objects are created.
Linecard object container name: The container in the directory under which linecard objects are created.
Application objects container name: The container in the directory under which application objects are created.
IMGW object container name: The container in the directory under which IMGW objects are created.
Object class: The name of the user-defined object class for device object.
Template attribute name: Attribute of the device class (as specified in the Object-class prompt) that specifies the template file for the device object. Note that this is not the template file itself, just the name of the attribute that has the value of the template filename.
Config ID attribute name: Attribute of the device class that uniquely identifies the device in the config-server domain.
Event ID attribute name: Attribute of the device class that uniquely identifies a device within the Event Gateway server.
Device category attribute name: The device category attribute name in the device objectclass.
Use Modular Router Feature: Select y to enable this feature. This requires additional schema definitions for line cards. Therefore additional prompts appear for the schema attributes.
IOS device type attribute name: This field is used for modular routers to identify a type of line or network card. During the data-population phase, you need to populate this field with the product name of the line or network card that this subdevice is used for. This field is applicable only for subdevice objects. It should NOT be populated for the main device.
IOS sub devices attribute name: This field is used to establish the relationship between the main device objects (used to model a device) and the subdevice objects (used to model line and network cards) in a modular device. During the data-population phase, you store reference to the main device object to which this subdevice is attached. The reference is the main device object ConfigID field.
IOS main device attribute name: This field is used to establish the relationship between the main device objects (used to model a device) and the subdevice objects (used to model line and network cards) in a modular device. During the data-population phase, you store the list od subdevice ConfigIDs attached to the main device.
IOS slot device attribute name: Attribute that stores the inventory details related to slot numbering.
Interfaces info attribute name: Attribute that stores the inventory details related to interfaces.
Controllers info attribute name: Attribute that stores the inventory details related to controllers.
Voiceports info attribute name: Attribute that stores the inventory details related to voice-ports.
Group attribute: The attribute of the device class that specifies the group(s) to which the device object belongs. Note that this is only an attribute name, but not the groups themselves.
Password attribute name in device object class: The attribute of the device class that stores the value that the CNS 2100 Series expects as the password from the IOS device. If bypass authentication is "y", this prompt is disabled.
Objectclass for bootstrap password object: The name of the user-defined object class for the bootstrap password object. If bypass authentication is "y", this prompt is disabled.
Bootstrap password attribute name in bootstrap password object class: The attribute of the bootstrap password class that stores the value that the CNS 2100 Series uses as the bootstrap password. If bypass authentication is "y", this prompt is disabled.
Non-Interactive Setup
The non-interactive Setup operates in two transfer modes:
•
•
The upload interface provides the means for capturing the current Cisco 2116 configuration and transferring it onto an FTP server.
The download interface provides the means for retrieving the predefined Cisco 2116 settings and configuring the system autonomously.
Upload Interface
The upload interface makes use of the same set of prompts in download interface for setting up network connectivity and FTP transport, except that there are no hostname and domain name prompts because the setup must have been used once already.
Note
Notes
•
•
Entering Network Appliance SetupType ctrl-c to exitFor detail information about the parameters in this setup, refer to "Cisco Configuration Engine 1.5 Administrator Guide."Interactive or non-interactive setup? 0=interactive, 1=non-interactive. [0] 1Choose transfer mode. (D)ownload, (U)pload: [D] UYou must configure eth0 or eth1. Press <Enter> to skip!Enter eth0 IP address: [10.1.19.105]Enter eth0 network mask: [255.255.255.0]Enter eth0 default gateway IP address: [10.1.19.6]Enter eth1 IP address:Enter FTP server (hostname.domainname or IP address): 10.1.19.105Enter username used for FTP server: rootEnter FTP password: *******Re-enter FTP password: *******Enter absolute pathname of remote directory: /remoteEnter password for encrypting setup's data: *******Re-enter password for encrypting setup's data: *******Definitions
Transfer mode: Start download or upload interface.
Eth0 IP address/network mask/gateway IP address: Same as in the internal/external directory modes.
Eth1 IP address/network mask/gateway IP address: Same as in the internal/external directory modes.
FTP server/username/password: Same as in the internal/external directory modes.
Absolute pathname of remote directory: The absolute pathname of a remote directory on the FTP server that is used for storing the predefined Cisco 2116 settings.
Password for encrypting setup's data: This password is used to generate a encryption key for encrypting the password data in the data file.
Download Interface
The download interface consists of prompts that set up network connectivity. After committing the settings, it downloads the configuration data and asks you for a final review of the data before configuration starts.
Notes
•
•
[root@rain106 root]# setupEntering Network Appliance SetupType ctrl-c to exitFor detail information about the parameters in this setup, refer to "CiscoConfiguration Engine 1.5 Administrator Guide."Interactive or non-interactive setup? 0=interactive, 1=non-interactive. [0] 1Choose transfer mode. (D)ownload, (U)pload: [D]Enter hostname: mainstreet106Enter domain name: cisco.comYou must configure eth0 or eth1. Press <Enter> to skip!Enter eth0 IP address: 10.1.19.106Enter eth0 network mask: 255.255.255.0Enter eth0 default gateway IP address: 10.1.19.6Enter eth1 IP address:Enter FTP server (hostname.domainname or IP address): 10.1.19.105Enter username used for FTP server: rootEnter FTP password: *******Re-enter FTP password: *******Enter absolute pathname of remote directory: /remoteEnter password for decrypting setup's data: *******Re-enter password for decrypting setup's data: *******Commit changes (y/n): yEnabling networking ...FTP 10.1.19.105:/remote/setuptemplate.pl ...FTP 10.1.19.105/remote/varsetup.dat ...perl ./setuptemplate.plRunning ./setuptemplate.pl ...Data download completed. Note that Event Bus NetworkParameter is set to mainstreet106 by default.You can redefine it while reviewing the parameters.Review parameters before committing (y/n)? [y]Definitions
Transfer mode: Start download or upload interface.
Hostname/Domain name: Same as in the internal/external directory modes. These prompts appear when setup is run for the first time or after reinitialize is run.
Eth0 IP address/network mask/gateway IP address: Same as in the internal/external directory modes.
Eth1 IP address/network mask/gateway IP address: Same as in the internal/external directory modes.
FTP server/username/password: Same as in the internal/external directory modes.
Absolute pathname of remote directory: The absolute pathname of a remote directory on the FTP server that is used for storing the predefined Cisco 2116 settings.
Password for decrypting setup's data: This password is used to generate a de-cryption key for decrypting the password data in the data file. This password must be the same as that entered at the upload interface. An incorrect decryption password fails to decrypt data. A mechanism is implemented to detect incorrect encryption password and aborts the operation.
Review parameters after Download (y/n): Select whether to review the downloaded inputs. If selected y, setup interface is started so that you are able to review and modify the downloaded settings, as they appear as the default values.
Notes:
The Event Bus network parameter is a machine-specific parameter and is reset to the hostname by default at non-interactive-setup download, as indicated in the following notice:
Data download completed. Note that Event Bus Network Parameter is set to mainstreet106 by default.You can redefine it while reviewing the parameters.However, you can choose to redefine it at the parameter-review section.
Registering System in DNS
Register the system in DNS, using the system hostname as its DNS name.
Caution
Events are sent to the router with the hostname as the identifier, not the IP address. Consequently, if the Cisco 2116 system is not registered in DNS, the routers are not able to find it and cannot download configurations.
Configuring SSL Certificates
To configure SSL, you must generate a valid certificate:
Step 1
% openssl genrsa -out server.key 1024% chown root:root server.key% chmod 400 server.key% openssl req -new -key server.key -out server.csrStep 2
Step 3
Assuming that the signed file is server.crt, then the files server.key and server.crt are transferred (FTP) into the Cisco 2116 as part of its setup process.
Note
Verifying Configuration
After you run the Setup program, verify that the Cisco 2116 system is configured correctly:
Step 1
Step 2
# nslookup <dns_name>where <dns_name> is the DNS name of a host that is registered in DNS. If the system cannot obtain the IP address of the host from DNS, run the Setup program again and verify the correct IP address for the DNS Server(s).
Step 3
# ping <ip_address>where <ip_address> is the IP address of a host that is accessible on the network. A DNS server is an excellent host to ping because it should always be running and accessible.
Step 4
Step 5
Enter the system IP address in a web browser.
For example, if the system IP address is 10.1.58.5, in a web browser enter the URL http://10.1.58.5/config/login.html. If plain text has NOT been enabled for the configuration server, enter https://10.1.58.5/config/login.html.
Step 6
Verifying Software Installation
Once the system has been installed, you can verify the installation of the Cisco Configuration Engine by following these steps:
Step 1
The Cisco Configuration Engine supports Microsoft Internet Explorer 5.0 or Netscape 4.7 or later.
Step 2
For example: http://<ip_address>
where: <ip_address> is the IP address you entered during Cisco 2116 system Setup. You can use the hostname if the name has been defined and registered within your DNS domain.
Note
The Cisco Configuration Engine login page appears.
Step 3
The Home page appears.
If you have reached the Cisco Configuration Engine Home page (Figure 2-1), you have verified the successful installation on the Cisco Configuration Engine.
Figure 2-1 Internal Directory Mode Home Page
Reverting to Factory Setting
To revert to factory settings, follow these steps:
Step 1
Step 2
Use your root password.
Step 3
This program clears your system configuration and returns you to Setup.
Step 4
Redefining Hostname, Domain Name, and Country Code
If you want to redefine Cisco 2116 system network information; such as hostname, domain name, and country/location code without destroying the directory data and templates, use the relocate command.
The relocate command is designed to backup and erase existing directory data so that you can redefine the Cisco 2116 system network information using the Setup program.
To change Cisco 2116 system network information, follow these steps:
Step 1
Use your root password.
Step 2
This program performs the same tasks as reinitialize, except that it backs up all data that you can restore when you run Setup. It also saves the configuration templates.
Step 3
Recovering Root Password
To recover and redefine your root password, follow these steps:
Step 1
Login: root
Password: blender
If it has, continue to Step 2 to erase the root account password.
Step 2
Step 3
The the name of the boot image appears.
Step 4
linuxserial single (or linuxvga single).
This starts you into single-user mode on your serial port (or VGA console) where you should see the prompt:
sh-2.04#
Step 5
sh-2.04 # passwdNew UNIX password:Retype new UNIX password:passwd: all authentication tokens updated successfullysh-2.04#Step 6
exit
This returns you to the remaining startup sequence.
Step 7
Installing Replacement Cisco 2116 System
This section describes the tasks you should perform when installing a replacement Cisco 2116 system (a new unit intended to replace an existing unit).
Removing Old System
Before removing the old system:
Step 1
For information about backups, refer to your Cisco Configuration Engine Administrator Guide.
Step 2
Step 3
The system shuts down.
Step 4
Installing Replacement System
To install a replacement system, complete the following steps:
Step 1
Step 2
See the "Running Setup" section.
Step 3
Step 4
For information about restore, refer to your Cisco Configuration Engine Administrator Guide.
Restarting Cron Daemon
The time base for the Cisco 2116 system should be set to Coordinated Universal Time (UTC). If time is changed, you must restart the cron daemon.
To restart the cron daemon, follow these steps:
Step 1
Step 2
Example:
Kernel 2.2.16-11bipsec.uid32 on an i586login: adminPassword:Copyright (c) 2000 Cisco Systems, Inc.Appliance 1.0 Wed Feb 21 22:20:29 UTC 2001Build Version (152) Wed Nov 15 12:00:13 PST 2000bash $suPassword:Step 3
# /etc/rc.d/init.d/crond restart
Example:
# /etc/rc.d/init.d/crond restartStopping cron daemon: [ OK ]Starting cron daemon: [ OK ]#
Re-imaging System
If the image on your hard disk has become corrupted, but the disk is operational (you can restart from the hard disk), simply reimage your system by installing the Cisco Configuration Engine 1.5 CD-ROM.
Critical System Information
Before you reimage your Cisco 2116 system, record the following information about your Cisco 2116 system:
•
•
•
•
You need this information when you run Setup after the reimage procedure.
Enabling Telnet Following Software Installation
Telnet access is disabled following installation of the Release 1.5 software. To enable Telnet for local access only, complete these steps:
Step 1
Step 2
Change: disable =yes
to: disable =no
Step 3
Cisco IOS Configuration
In order to fully support the Image Service feature of Configuration Engine 1.5, the status keyword and status-url arguments for the image CLI command must be specified. If they are not specified, status messages from the device are sent as events on the Integration Bus. The Configuration Server does not listen to status events.
The correct syntax for the image CLI command is:
image server http://<IE-2116-K9_hostname>/cns/HttpMsgDispatcher status http://<IE-2116-K9_hostname>/cns/HttpMsgDispatcherwhere:
•
•
