-
User Guide for the CiscoWorks WLSE and WLSE Express, 2.11
-
Index
-
Preface
-
Getting Started
-
Using the Wizard for WDS Deployment
-
Fault Monitoring
-
Managing Devices
-
Using IOS Templates
-
Using Non-IOS Templates
-
Using WLSM Templates
-
Using Wizard Templates
-
Managing Device Configuration
-
Managing Device Firmware
-
Using Reports
-
Configuring the WLAN Radio Environment
-
Using the Radio Manager
-
Managing Your WLAN Radio Environment by Sites
-
Using the Intrusion Detection System
-
Managing the WLSE System
-
Managing the WLSE System via the CLI
-
Using the Internal AAA Server
-
Using the CLI
-
Naming Guidelines
-
Glossary
-
Table Of Contents
Device Discovery and Management
Getting Started with Device Management
How the WLSE Communicates with Devices
Overview: Devices Tab Functions
Enter or Modify SNMP Community Strings for All Devices
Recommendations For Configuring SNMP Credentials
Enter HTTP Usernames and Passwords—Non-IOS Access Points
Enter Telnet/SSH Usernames and Passwords—IOS Access Points
Supported Telnet/SSH Login Sequences for IOS APs
Enter HTTP/HTTPS Port Settings—IOS Access Points
Enter WLCCP Credentials for Wireless Domain Services
Using Enhanced (WDS) Client Tracking
Configuring Enhanced Client Tracking
Prerequisites for Enhanced Client Tracking
Client Tracking vs. Client Polling
Display of RADIUS Username in Wireless Client Reports
Understanding Discovery and Management
Understanding WLSE Discovery Methods
Using the WLSE Discovery Methods
Select the Type of CDP Discovery
Enter Initiating IP Addresses (Seeds)
Verify Your Settings and Finish—Run Now
Verify Your Settings and Finish—Modify Schedule
Select the File and Set SNMP Parameters
Importing Devices from a CiscoWorks Server
Schedule the Import and Finish
Setting Advanced Discovery Options
Selecting the Device Name Format
Enable MAC Address Auto-Manage Filtering for Access Points
Using Discovery IP Address Filtering
Diagnosing Common Discovery Problems
Device Management Folders and Functions
Manually Changing the State of Devices
Limitation on the Number of Managed Devices
Handling Duplicate IP Addresses on Access Points
Changing the Polling Intervals for Automatic Inventories
Guidelines For Choosing Inventory Intervals
Deleting Inventory and Discovery Logs
About Trending and Aggregation Data
Diagnosing Common Inventory Problems
Exporting Devices to a CiscoWorks Server
Exporting Devices to a CSV File
Using the Group Details Window
Creating a Static Group by Copying a Static or Rule-Based Group
Deleting a Static or Rule-Based Group
Device Discovery and Management
The Devices tab provides options for basic device management on the WLSE. The options in this tab allow you to discover and manage devices and organize devices into easily manageable groups.
The topics covered in this chapter are:
•
Getting Started with Device Management
•
•
•
Getting Started with Device Management
This section describes two methods for deploying devices in a wireless network:
•
•
Using the Deployment Wizard
For IOS access points used within a Cisco SWAN framework, you can use WDS and the WLSE's Deployment Wizard for device configuration and deployment, instead of using manual deployment procedures. The Deployment Wizard is the preferred method for SWAN deployments. If you are using the Deployment Wizard, see "Using the Deployment Wizard."
The Deployment Wizard handles device configuration and discovery, but you must still add users manually and create your own device groupings, if desired. For information on these topics, see Managing GUI Users and Managing Groups.
Using Manual Methods
If you do not use the Deployment Wizard, you can use the configuration methods methods described in the following paragraphs.
Before you can use the WLSE to manage newly added devices, the following tasks must be performed.
•
•
•
•
•
To get started, follow the steps listed in the following illustration and explained in the following paragraphs.
Step 1: Set up devices
Before devices can be discovered and managed by the WLSE, they must be properly configured. In addition, if you are using WLSE radio management, IOS access points must be configured for Wireless Domain Service (WDS) and for LEAP authentication. For information on the minimum requirements for device setup, Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine Express, 2.11 on Cisco.com. For information on locating this document, see Finding WLSE Documentation on Cisco.com.
Step 2: Log in to the WLSE
Log in to the Web interface.
Step 3: Enter device credentials
Enter device credentials on the WLSE as follows:
•
•
•
•
•
•
Step 4: Discover devices
Initiate discovery from the WLSE or import devices as follows:
•
•
Step 5: Verify discovery
Verify that devices were discovered—see Viewing Discovery Logs.
Step 6: Move devices to managed state
Before you can use configuration, reporting, and monitoring features, devices must be managed by the WLSE. Otherwise, you must either move devices to the managed state on the WLSE after discovery, or specify that all discovered devices be automatically managed—see Managing Devices.
Step 7: Run inventory
After the devices are in the managed state, an immediate inventory runs automatically to obtain device information needed to use such WLSE features as reports and automatic grouping—see Managing Device Inventory.
You can also run inventory polling on demand for one or more devices. When new devices are discovered and managed, basic inventory and client reports are not populated until the next inventory polling occurs. However, you can use the on-demand inventory to populate these reports before the next inventory cycle starts. You can also use on-demand polling when configuration changes are made on network devices and you want the changes quickly reflected in the basic and client inventory reports.
Step 8: Create users and user roles
A user's role determines the tabs and subtabs the user can access. Users who have access to a subtab can perform all of the tasks under the subtab.
The WLSE provides several predefined roles, which you can use to control which features staff members are allowed to access. Although you cannot delete predefined roles, you can edit them or create new, user-defined roles—see Managing GUI Users.
Step 9: Create device groups
The WLSE grouping feature lets you organize managed devices into logical subsets and hierarchies. Using device grouping, you can quickly configure, upgrade, and view reports for a set of access points as a single operation—see Managing Groups.
Now you can use fault monitoring, reports, firmware upgrade, and configuration, and radio management. You can also export devices, monitor AAA servers, and use Wireless Domain Services.
How the WLSE Communicates with Devices
The WLSE communicates directly with devices through SNMP and through the device CLI. For status analysis, communication takes place through most of the MIBs supported on access points. To configure IOS-based access points, the access point CLI is used. To check configuration, the WLSE can be configured to inventory all managed access points at user-defined intervals. For status analysis, polling intervals can be configured.
For radio management, the WLSE communicates directly with access points through Wireless Domain Service (WDS) and, for some operations, directly through SNMP. This communication takes place via Cisco's Wireless LAN Context Control Protocol (WLCCP). For this communication to occur, the access points and the WLSE authenticate with the WDS through LEAP-over-WLCCP. The frequency of radio management operations can be specified through the job scheduling interface for radio management.
From the WLSE's viewpoint, all communication is through its Ethernet interfaces. For some radio management operations, the access points communicate with each by using their radios.
Overview: Devices Tab Functions
The Devices tab covers basic device management on the WLSE. The options under this tab allow you to discover and manage devices, inventory devices, and organize devices into easily manageable groups. After devices are discovered and managed, you can use all of the other WLSE management features. For more explanation of these options, see Getting Started with Device Management.
Managed devices can be exported to a file and to CiscoWorks Resource Manager Essentials.
Note
The Devices tab leads to two subtabs:
•
•
Entering Device Credentials
The Device Credentials options allow you to enter the various credentials required for WLSE management and other features to work. These options are listed in Table 4-2.
Note
The Device Credentials option lets you enter the following required device credentials:
•
•
–
–
•
The Device Credentials options are:
Enter or Modify SNMP Community Strings for All Devices
The Wireless LAN Solution Engine uses SNMP community strings to discover devices and enable other WLSE options, such as firmware updates, configuration, and radio management. If community strings are not entered correctly, the WLSE cannot communicate with the device. Both read-only and read/write community strings are required.
The default community string covers all devices and uses public for both the read-only string and the read-write string. If the community strings on your devices differ from the default, you must specify the community strings on the WLSE before devices can be discovered and managed. For guidelines on configuring community strings on your devices, see the document Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine on Cisco.com.
If you are importing devices from a file or CiscoWorks (instead of using the discovery mechanism), the community strings will also be imported. You do not need to enter the community strings here; however, if you import the strings and want to edit them, you can use this screen to do so. Also, if you imported devices and you want to customize the timeouts and retries, you can use this screen. For information about importing devices, see Importing Devices from a File and Importing Devices from a CiscoWorks Server.
If you are using the Discovery Wizard to run CDP discovery, you can enter community strings in the wizard. For more information, see Using the Discovery Wizard.
If you are using the Deployment Wizard to deploy access points in a WDS environment, you can enter community strings in the Wizard. For more information, see "Using the Deployment Wizard."
Note
Procedure
Step 1
Note
Note
Step 2
a.
b.
Result: The community string appears in the list of entries.
Step 3
a.
b.
c.
Note
Step 4
a.
b.
Note
Step 5
Related Topics
•
Recommendations For Configuring SNMP Credentials
This section contains the following information:
•
Unsupported Characters
You cannot enter the <> sequence of characters in the Read Community and Write Community textboxes; for example <abc> is not allowed. The sequence >< is allowed, and the single characters < and > are allowed.
Spaces not allowed.
The following characters are not recommended for community strings: question mark (?), double-quotes ("), dollar sign ($), plus (+), left square bracket ([), pound sign at the beginning of the string (#), exclamation mark (!), and semi-colon (;).
Community String Format
Use these guidelines when constructing entries:
•
–
–
*.*.*.*
172.*.*.*
–
27.20.[4-55].*
172.[21-30].[44-88].*
172.*.*.[121-255]
•
•
•
Multiple Entries and Order of Use
The default entry (*.*.*.*) is used when none of the specified rules match a given IP address. The default entry cannot be removed.
When there are multiple potential entries:
•
•
•
•
The order in which you add entries does not matter.
Example of Matching
For example, assume that the user specifies community strings in the following order:
1
2
3
4
5
6
The following device IP addresses match the user's community string specifications as follows:
•
•
•
•
•
•
Internally, the WLSE reorders the user specifications as follows:
172.20.30.44172.20.[20-40].*172.[20-30].[30-40].*172.[20-30].[20-50].*172.*.[20-40].**.*.*.*SNMP Timeouts and Retries
Use caution in configuring the SNMP timeouts and retries because the timeout/retry mechanism uses an exponential back-off algorithm. Follow these guidelines:
•
•
However, if you are managing devices across high latency links (for example, thin or congested WAN links) or you encounter problems with SNMP timeouts, you might need to increase the timeouts or retries. If you need to change the default timeout and retries settings, the only way to arrive at optimal settings is through experimentation. One recommended procedure is to incrementally increase the timeout settings without increasing the retries until SNMP timeouts cease:
1.
2.
3.
Continue the process until SNMP requests no longer time out. Then leave the timeout setting in place, allowing the WLSE to operate normally with these settings. If you continue to see SNMP timeouts, you might need to increase the timeout setting or increase the retries settings again.
Related Topics
Enter HTTP Usernames and Passwords—Non-IOS Access Points
HTTP usernames and passwords are required for downloading configuration files to non-IOS access points. The password must be set on each access point, and you can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on access points, see Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine Express, 2.11. For information on locating this document, see Finding WLSE Documentation on Cisco.com.
Note
Procedure
Step 1
Step 2
a.
For information on using ranges and wildcards in IP addresses, click Learn More or see Entering IP Addresses.
b.
Note
c.
d.
Step 3
a.
b.
Step 4
Enter Telnet/SSH Usernames and Passwords—IOS Access Points
Telnet or SSH (SSH1 only) usernames and passwords are required for applying configuration templates to IOS access points and for upgrading firmware on IOS access points. You can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on IOS access points, see Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine Express, 2.11. For information on locating this document, see Finding WLSE Documentation on Cisco.com.
The Telnet/SSH credentials you enter in this dialog must match the login sequence on the IOS access points. If the credentials and login sequence do not match the device, the WLSE will not be able to access the device. For more information on supported login sequences, see Supported Telnet/SSH Login Sequences for IOS APs.
If you are using the Deployment Wizard for setting up a wireless network using WDS, you can enter these usernames and passwords in the Wizard. For more information, see "Using the Deployment Wizard."
Note
Procedure
Step 1
Step 2
When adding credentials:
•
•
IP address
IP address or range of IP addresses for access points using this username and password. For details on entering address ranges and using wildcards, see Entering IP Addresses.
Username
Telnet/SSH username.
Note
User Password
Telnet/SSH password.
Confirm Password
Enable User
Telnet/SSH enable username.
Note
Enable Password
Telnet/SSH enable password.
Confirm Enable Password
Step 3
Step 4
a.
b.
Step 5
Step 6
Supported Telnet/SSH Login Sequences for IOS APs
The Telnet/SSH credentials you enter on the WLSE must match the login sequence on the IOS access points.
For example:
•
•
•
If the credentials and login sequence do not match the device, the WLSE will not be able to open a session on the device. Match the credentials and login sequence as shown in the following table.
Entering IP Addresses
IP addresses can consist of the following:
•
•
–
–
•
–
–
–
Note
Enter HTTP/HTTPS Port Settings—IOS Access Points
HTTP or HTTPS port settings are required for reports on IOS access points; the port settings are used for the links from reports to the Web interfaces of access points. The port you should supply for each device is the port for accessing the access point's Web interface.
Access points with version 12.3 and later firmware use HTTPS.
Note
Note
Procedure
Step 1
Step 2
a.
For information on using ranges and wildcards in IP addresses, click Learn More, or see Entering IP Addresses.
b.
c.
Note
d.
Step 3
Enter WLCCP Credentials for Wireless Domain Services
If you are using the WLSE to monitor Wireless Domain Services (WDS) on your network, you must enter WLCCP credentials on the WLSE for the WDS devices or an AAA server providing LEAP authentication services.
The purpose of entering the RADIUS username and password in this screen is to allow the WLSE to authenticate with the WDS device.
The WLSE authenticates to each WDS device using the same credentials.
For more information about WDS devices, see What is WDS and Why Do I Need It?.
Note
Note
To enter WLCCP credentials on the WLSE:
Step 1
Step 2
Note
Step 3
Step 4
To clear all fields and remove the WLCCP credentials, click Clear Fields.
Monitoring AAA Servers
The options in this screen allow you to:
•
•
•
Related Topics
About AAA Servers
The WLSE can monitor AAA services provided by supported AAA servers, Cisco Aironet 1100 or 1210 access points configured as AAA servers, and the WLSE's internal AAA server (available on the WLSE express only). The WLSE's AAA monitoring functionality is intended primarily to monitor the AAA server for availability and response time. Therefore, monitoring multiple protocols on the same AAA server is not supported.
For the versions of external AAA servers supported by the WLSE, see the Supported Devices Table for the CiscoWorks Wireless LAN Solution Engine Express, 2.11 at
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_11/index.htm.
Once an AAA server's credentials are added, the WLSE can monitor the avaailability, authentication, and response time for the server.
The AAA services supported by the WLSE are:
•
•
•
•
Note
Before adding Authentication, Authorization, and Accounting (AAA) servers to the WLSE, configure the servers to add the WLSE as a client. For information on adding the WLSE as a client on an ACS server, see Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine Express, 2.11 at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_11/index.htm. There are additional prerequisites for using an EAP-FAST server; see Prerequisites for Adding an EAP-FAST Server.
After you add AAA servers to the WLSE, the WLSE automatically performs periodic logins on each server to monitor the server's response time and availability and displays this information under Reports > Trends.
If authentication fails, a fault will be generated and displayed by the WLSE fault monitoring system.
If an AP 1100 or AP 1210 is registered with the WLSE as an AAA server, it cannot be managed by the WLSE as an access point that also provides wireless services. An access point can either be monitored as an AAA server or managed as an access point that provides wireless services.
If you are using Wireless Domain Services (WDS), you will also use an AAA server to allow the WLSE to authenticate with the WDS access point. For more information on configuring the WLSE for this authentication, see Enter WLCCP Credentials for Wireless Domain Services.
For information about changing the polling interval and response time fault thresholds for AAA server monitoring, see Setting AAA Server Response Time.
Prerequisites for Adding an EAP-FAST Server
Before the WLSE can monitor an EAP-FAST server, the PAC (protected access credentials) must be provisioned. Use the following procedure to issue the PAC and import it to the desktop.
Procedure
Step 1
Step 2
Step 3
Adding an AAA Server
Note
If you add an AP as an AAA server, it can no longer be managed by the WLSE as an access point providing wireless services.
You can only specify one protocol on a given AAA server, even if you are running more than one protocol on the server. For example, if you add a server and specify the PEAP protocol, you cannot add the same server again and specify the RADIUS protocol. An error message will be displayed.
There is no limitation on the number of AAA servers you can add.
Note
Procedure
Step 1
Step 2
Show List
Select the protocol type from the pulldown list:1
•
•
•
•
Server Name
Hostname or IP address of the AAA server.
In WLSE displays, the server is identified by this name.
Server Port
Port on the server that is used for authentication; this should always be 1645.
Username
Client username that you entered on the AAA server.
Password
Client password that you entered on the AAA server.
Secret
Shared secret key that you entered on the AAA server.
PAC File Password (EAP-FAST only)
Password for decrypting the .pac file and the filename of the .pac file to be uploaded from the desktop.
Note
PAC Filename (EAP-FAST only)
1 The WLSE monitors only one protocol for a given AAA server.
Step 3
Step 4
Step 5
For EAP-FAST, check the user credentials and make sure that the valid PAC file has been imported. If the PAC has expired or is invalid, re-import the PAC file from the desktop.
Step 6
a.
b.
Note
c.
Removing an AAA Server
Note
Procedure
Step 1
Step 2
Step 3
Step 4
Modifying an AAA Server
The WLSE monitors only one protocol for a given AAA server.
Note
Procedure
Step 1
Step 2
Step 3
Step 4
Modifying the hostname or IP address of an existing AAA server entry requires removing the existing server and adding it back with the new IP address or hostname.
Server Port
Port on the server that is used for authentication; this should always be 1645.
Username
Client username that you entered on the server.
Password
Client password that you entered on the server.
Secret
Shared secret key that you entered on the server.
PAC File Password (EAP-FAST only)
Password for decrypting the .pac file and the filename of the .pac file to be uploaded from the desktop.
PAC Filename (EAP-FAST only)
Step 5
Step 6
Related Topics
Using Enhanced (WDS) Client Tracking
The WLSE can track clients of IOS-based access points by querying Wireless Domain Service (WDS) for all client associations. You can use the following procedure to enable or disable this type of client tracking globally or enable it on selected WDS devices (access points or WLSM). By default, client tracking is globally disabled.
In addition to enabling client tracking, you must configure access points and the WLSE. See Prerequisites for Enhanced Client Tracking for more information.
For more information on client tracking and client polling, see About WDS Client Tracking.
For information on the IOS firmware versions that support enhanced client tracking, see the Supported Devices Table for the CiscoWorks Wireless LAN Solution Engine Express, 2.11. For information on locating this document, see Finding WLSE Documentation on Cisco.com.
Configuring Enhanced Client Tracking
Note
Procedure
Step 1
Step 2
•
•
•
–
–
Step 3
Related Topics
•
About WDS Client Tracking
This section contains information about the following:
•
•
•
Prerequisites for Enhanced Client Tracking
In addition to enabling client tracking on the WLSE, you must configure the following for WDS-based client tracking to work.
Note
•
WLCCP messages are required for the WDS to perform client tracking.
•
This feature is not available on all IOS firmware versions. All WDS access points must be upgraded to IOS firmware version 12.2(15)JA or later. See the WLSE 2.11 Supported Device Table on Cisco.com for the latest information.
If the WDS devices have firmware earlier than 12.2(15)JA, enhanced client tracking is not available. However, client tracking via client polling is available. For more information, see Client Polling.
•
These access points need not necessarily be upgraded.
•
Client tracking event reports include a WDS timestamp, which is used to display the order of events at the WDS. If all clocks are not NTP synchronized, events from different WDS devices may not be ordered correctly. You should ensure clock synchronization by configuring NTP service on the WDS and the WLSE. The NTP server should be a network NTP server that is used by all WDS devices. For information on enabling NTP on the WLSE, see Setting Time, Time Servers, Name Servers, and Web Session Timeout. For information on enabling NTP on WDS devices, see the device documentation.
Client Tracking vs. Client Polling
The WLSE obtains client data in two ways:
•
•
•
Client Polling
The WLSE automatically collects client data by polling all access points, using a configurable polling interval. Data obtained from client polling is detailed and includes traffic statistics. Polling data is only as timely as the last client polling cycle, which means that the client polling interval greatly affects the accuracy of client reports:
•
•
Wireless client polling is a fairly heavyweight process. If you have many access points to poll for client associations, polling should be less frequent. As a result, the client data will not be as accurate. Wireless client reports are updated every 51 minutes by default. To reset the client polling interval, see Changing the Polling Intervals for Automatic Inventories.
Note
Client Tracking
With client tracking, the WLSE obtains client data from WDS devices, instead of from all of the individual infrastructure access points. Client tracking provides only historical information.
Any clients that have associated with a managed access point are reported and tracked either by a corresponding managed, active WDS device which is serving the same subnet as the managed access point or a WLSM (Wireless LAN Services Module). WLSM-WDS devices can manage multiple access point subnets.
WDS devices send notifications to the WLSE when certain events occur about any client associated with access points that are registered with that WDS. Each WDS maintains an updated active cache of all clients that are associated with each registered access point within the WDS domain. These events are recorded by the WLSE and can be viewed from the Client Historical Association Report and Client Access Failure Report. These events also keep the current client association information up to date. For performance reasons, there is approximately a 2-minute delay between when the event occurs and when the event is available in reports. The reported events are:
•
•
•
•
•
Even when client tracking is enabled, the wireless client polling described in Client Polling is still required to obtain other information about client activity, such as client as client traffic statistics.
If you have a high volume of client roaming or client activity, enabling client tracking will add extra overhead and WLSE performance may be affected. However, client tracking events are optimized to consume very little network traffic and WLSE processing resources.
Although client polling occurs automatically, client tracking must be enabled on WDS devices by selecting Devices > Discover > Client Tracking. To enable client tracking and view the current state of client tracking, see Using Enhanced (WDS) Client Tracking.
Wireless Client Reports
Wireless client reports provide information about the type of client that is associating with an access point, how much bandwidth the client is using, which access points the client has associated with, and the kind of client activity.
For information on displaying wireless client reports, see Displaying Wireless Client Reports.
Display of RADIUS Username in Wireless Client Reports
The client RADIUS username is not available for:
•
•
Managing Device Discovery
Note
By default, the WLSE runs Cisco Discovery Protocol (CDP) discovery every 24 hours. After devices are discovered, they must be put under management—see Managing Devices. Unmanaged devices do not appear in WLSE displays.
The functions under the Discover subtab are described in Table 4-6.
To learn more about discovery, see About Discovery.
About Discovery
The topics covered in this section are:
•
•
•
•
•
Understanding Discovery and Management
Network devices are interrogated by the WLSE by multiple processes: discovery and inventory polling.
Device discovery is a periodic process that finds new devices and possibly topology and network changes. The discovery process can be run at scheduled intervals or on demand.
The WLSE can discover Cisco wireless access points and bridges, and Cisco switches or routers that have Cisco wireless devices directly connected to them.
Discovered devices are either managed and unmanaged. By default, newly-discovered devices are in the unmanaged state and will not be polled until you manually move them to the managed state.
You can enable an auto-manage feature that automatically moves newly discovered devices to the managed state when they are discovered. You can also apply a default device configuration to auto-managed wireless devices. Figure 4-1 illustrates the managed/unmanaged state machine.
Assuming the discovery process is successful, the WLSE discovery footprint is approximately 2500 bytes per device per discovery cycle. This is just the discovery footprint. The 2500 bytes represent a single SNMP get-request and a single SNMP get-response. This footprint may be larger if the SNMP get-response needs to be broken up across multiple protocol data units (PDU), which often happens if the device receiving the SNMP get-request has a large CDP neighbor table.
After a device is discovered for the first time and the device is auto-managed, an immediate inventory will run. However, inventory is not run automatically when discovery is run on a device that was already discovered (even if the device is automanaged). You can run an immediate inventory to update device information on the WLSE or wait for the next regular scheduled inventory.
You can view information about discovery jobs in the discovery logs (see Viewing Discovery Logs) and in the jobvm log. To view or download the jobvm log, select Admin > Appliance > Status > View Log File and select the jobvm.log file.
Figure 4-1 Device Management State Machine
Understanding WLSE Discovery Methods
Before the WLSE can manage devices, it must discover them. There are several discovery techniques:
•
•
•
•
•
Use the following table to help you decide which technique to use:
Note
Table 4-7 Discovery Options
CDP-based discovery
Use this method when wireless devices are attached to Cisco switches or routers running Cisco discovery protocol. For more information, see About CDP-Based Discovery.
Individual device seeding
If the wireless devices are connected to switches or routers that don't run CDP (for example, non-Cisco switches), this is one option.
Note
For more information, see About Individual Device Seeding.
Device import from a file
If the wireless devices are connected to switches or routers that don't run CDP (for example, non-Cisco switches), this is an option. This technique adds an entry for each device for SNMP credentials.
Note
For more information, see About Device Import From a File.
Device import from CiscoWorks Resource Manager Essentials (RME)
Use this technique if you have already inventoried the wireless devices using RME. This technique adds an entry for each device for SNMP credentials.
For more information, see About Device Import From CiscoWorks.
About CDP-Based Discovery
When the WLSE runs a CDP-based discovery, it begins by using SNMP to retrieve the list of devices in the CDP neighbor table of each seed device. It then retrieves the devices in the CDP neighbor tables from each of the CDP neighbors of the seeds. This process continues until all devices in the network are discovered for the CDP distance is reached.
Note
The CDP distance determines the depth of the discovery. With a CDP distance of 1, only the immediate neighbors of the seed device are discovered. With a CDP distance of 2, devices A and B that are directly connected to the seed device are discovered, and the immediate neighbors of A and B are also discovered.
You can specify multiple seed devices to:
•
•
Note
Interesting devices from the perspective of the WLSE are:
•
•
Because the WLSE keeps only interesting devices, try to select seed devices in a way that minimizes unnecessary WLSE discovery traffic on the network by selecting devices so that the discovery process will only touch interesting devices. This is usually not possible, but by selecting seeds wisely, a minimum number of uninteresting devices will be touched by the discovery process.
Note
CDP-based discovery can be run on-demand, at a scheduled time, or at recurring intervals. Typically, you only need to run discovery when you initially deploy the WLSE and when you deploy new wireless devices.
By default, CDP discovery is enabled and runs every 24 hours. The discovery wizard allows you to:
•
•
Devices must be properly configured for access by the WLSE before they can be discovered and managed. See Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine Express, 2.11. For information on locating this document, see Finding WLSE Documentation on Cisco.com.
If CDP is disabled, you can still discover devices by entering their IP addresses as seed values in the discovery dialogs or by importing them. However, the connectivity between access points and switches will not be discovered and switch-related reports will be empty. For more information, see About Individual Device Seeding.
About WLCCP/WDS Discovery
Note
All of the IOS access points in a subnet register with the Wireless Domain Service (WDS), and the WDS sends this data to the WLSE via WLCCP. The WLSE checks whether these devices are in the WLSE database. If not, a regular CDP discovery is run, using each device as a seed. So, new devices that register with the WDS will be automatically discovered.
WLCCP-based discovery is the only way to discover a Wireless LAN Services Module (WLSM). CDP-based discovery is not supported for this device.
These WDS discoveries do not appear in the discovery log. These discoveries are affected by any discovery filters that you have set. See Setting Advanced Discovery Options and Using Discovery IP Address Filtering.
For WLCCP discovery to work:
•
Note
•
About Alternatives to CDP
Instead of enabling CDP and using it for discovery, you can use the following methods of discovering devices:
•
•
•
About Individual Device Seeding
Although CDP-based discovery is usually the preferred option, in some network environments a CDP-based discovery is undesirable or impossible. For example, the wired network infrastructure may have non-Cisco switches or hubs that do not support CDP, or IT security policies may prohibit the use of CDP in the network.
As an alternative to using Cisco Discovery Protocol (CDP) to run discovery, you can seed each device IP into the WLSE. The WLSE setup process is similar to the regular CDP-based discovery, and is treated as such by the WLSE discovery process. Rather than using a few, well-chosen seed devices:
1.
2.
3.
Note
Note
About Device Import From a File
When a CDP-based discovery is undesirable or impossible, importing a list of devices from a file is another option in many environments. For example, the wired network infrastructure may have non-Cisco switches or hubs that do not support CDP or IT security policies may prohibit the use of CDP in the network.
Using an import file in comma separated variable (CSV) format is an alternative to individual device seeding. Because the import file may be obtained from another network inventory management application, this technique may be more practical than individual device seeding.
Use the option Devices > Discover > DISCOVER > Import From File to import devices from a CSV file. You can choose to discover some devices and import others, however devices not supported by the WLSE are ignored during device import.
A one-time discovery job starts immediately after you import devices from a CSV file. This means the following discovery options affect device import:
•
•
When you import the devices from a CSV file, the WLSE:
1.
2.
•
•
If CDP is not enabled on the wireless devices or if there are no CDP neighbors, then the WLSE will only discover the wireless devices and the WLSE cannot be used to manage the neighboring switch or router.
Note
3.
This is not a required step because the WLSE will choose the most specific entry when looking up SNMP credentials for a device, but it is recommended because it will make managing device credentials easier.
4.
•
•
The community strings that you import will overwrite the information already entered on the WLSE. You can view the information already entered in Devices > Discover > Device Credentials > SNMP Communities. Community strings that contain wildcards will not be overwritten unless these entries are exactly matched by entries in the CSV file.
•
The timeouts and retries that you enter will overwrite information already entered on the WLSE.
During the subsequent discovery:
•
•
About CSV Files
The file used for imports is an ASCII CSV (comma-separated values) file with a .txt filename suffix. You can create a CSV file by exporting devices from CiscoWorks or by creating the file with a text editor. You can also view a sample CSV file from the Discovery Wizard screens for file import, or see the following example.
A CSV file can contain the following device information:
Note
•
•
•
•
•
•
•
An example file follows.
;; The possible columns in the CSV file are listed below.;; For importing to WLSE, columns 1,2,3 are required and the; rest are optional.;; Col# = 1: Name = Device name (include domain unless your site; has unqualified device names registered in; the name services); - or -; IP Address in dotted decimal notation;; Col# = 2: Name = RO community string; Col# = 3: Name = RW community string; Col# = 4: Name = Serial Number; Col# = 5: Name = User Field 1; Col# = 6: Name = User Field 2; Col# = 7: Name = User Field 3; Col# = 8: Name = User Field 4; Col# = 9; Name = Telnet password; Col# = 10; Name = Enable password; Col# = 11; Name = Enable secret; Col# = 12; Name = Tacacs user; Col# = 13; Name = Tacacs password; Col# = 14; Name = Tacacs enable user; Col# = 15; Name = Tacacs enable password; Col# = 16; Name = Local user; Col# = 17; Name = Local password; Col# = 18; Name = Rcp user; Col# = 19; Name = Rcp password; Comment = Not used, leave blank;; Here are examples of rows of data:;1.2.3.4,public,public,,1.2.2.5,public,public,,,,,,telnetpwdbigrouter.yourcompany.com,public,private,,,,,,telnetpwddev-2501.yourcompany.com,"Not so, "" public as, thought",private,sn2501,dev-2502.yourcompany.com,public,"private",sn2502,dev-2503.yourcompany.com,public,private,sn2503,""dev-2510.yourcompany.com,public,private,sn2510,dev-4000.yourcompany.com,public,private,,Big Boysdev-2517.yourcompany.com,public,private,,,nm 25xxdev-2520.yourcompany.com,public,private,,,mylabel2dev-4700.yourcompany.com,public,private,,yourlabel1,,yourlabel3,yourlabel4dev-7206.yourcompany.com,public,private,,dev-7505.yourcompany.com,public,private,,,,,yourlabel4About Device Import From CiscoWorks
If you are using CiscoWorks Resource Manager Essentials (RME) to manage your wireless devices, you can import the devices from RME to the WLSE without configuring, scheduling, or running WLSE discovery. This process is analogous to using a CSV file to import a list of devices. Use the option Devices > Discover > DISCOVER > Discovery Wizard > Import From CiscoWorks to import devices from RME.
Immediately after a successful import, the WLSE runs discovery on all of the imported devices. Therefore, the following discovery options affect device import:
•
•
You can specify an immediate import, schedule an import for a future time, or schedule recurring imports. The time required to import devices depends on the response from the CiscoWorks server and the number of devices imported. You can check the status of the operation while it is running.
When you import the devices from CiscoWorks, the WLSE:
1.
2.
•
•
Note
If CDP is not enabled on the wireless devices or if there are no CDP neighbors, the WLSE will only discover the wireless devices.
3.
This is not a required step because the WLSE will choose the most specific entry when looking up SNMP credentials for a device, but it is recommended because it will make managing device credentials easier.
Note
4.
•
•
The WLSE provides scheduled, automated inventory imports from RME. Many customers prefer keeping a master Cisco device inventory on the RME server. Using the scheduled, automated inventory import allows customers to keep their WLSE device list in sync with the master list.
Most networks have a fairly static inventory. That is, new devices are typically added in planned roll-outs. So there really is no need to have the recurring RME import interval set very frequently. In most cases, once a week is more than frequent enough.
Using the WLSE Discovery Methods
Discovery of devices is a prerequisite to managing and monitoring them. You can discover devices by:
•
•
•
•
Pre-Discovery Checklist
The following checklist will help you confirm that the prerequisites for successful discovery have been met.
This list is only the requirements for successful device discovery. To use other WLSE features, other configuration requirements exist.
For details on setting up devices for discovery and for other configuration requirements, see Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine Express, 2.11. For help in locating this document, see Finding WLSE Documentation on Cisco.com.
•
•
–
–
–
•
•
•
About the Discovery Wizard
From Devices > Discover > DISCOVER > Discovery Wizard, you can use all of the discovery methods. To start using the wizard, see Using the Discovery Wizard. The discovery methods are:
•
•
•
Using the Discovery Wizard
The discovery wizard provides the following choices for discovering devices.
Note
Procedure
Note
Step 1
Step 2
Step 3
You can use the advanced options to:
•
•
•
Step 4
Filtering by IP address limits the range of discovery. For more information, see Using Discovery IP Address Filtering.
Step 5
Note
Running CDP Discovery
This section provides procedures for using the Discovery Wizard screens for CDP discovery. To get started, select Devices > Discover > DISCOVER > Discovery Wizard > Automatic Device Discovery based on Cisco Discovery Protocol.
Note
The tasks for running CDP discovery are described in Table 4-8.
Select the Type of CDP Discovery
The Select Type of CDP Discovery screen provides choices for running CDP Discovery.
Note
Procedure
Step 1
•
•
Step 2
Related Topics
Specify the Schedule
In this screen, you can modify the discovery schedule.
Procedure
Step 1
Do not schedule a discovery to begin within 5 minutes of the current time. Otherwise, the first discovery might not run. Use the Run Now option instead.
Step 2
Step 3
Enter SNMP Communities
The community strings for all devices to be discovered by using CDP must be entered on the WLSE.
Procedure
Step 1
Step 2
•
•
Note
Step 3
You can also find details on entering community strings and the community string requirements for discovery in Enter or Modify SNMP Community Strings for All Devices.
Step 4
Enter Initiating IP Addresses (Seeds)
You must enter at least one initiating IP address (seed device).
Procedure
Step 1
Note
Step 2
Set this value appropriately to discover the entire wireless network or the set of devices you are discovering. A CDP distance of 1 only discovers the immediate neighbors of the seed devices.
Routers and switches that do not have access points attached to them are used when computing CDP distance. However, these routers and switches will not be discovered.
Step 3
Verify Your Settings and Finish—Run Now
Procedure
Step 1
Note
Step 2
Step 3
Step 4
Discovery will begin immediately and the Discovery Run Details screen will appear, showing the details of the discovery job.
For more information about Discovery Run Details, see Viewing Discovery Logs.
Related Topics
Verify Your Settings and Finish—Modify Schedule
Procedure
Step 1
Step 2
Step 3
Discovery will begin at the Start Time you selected.
Note
Related Topics
Importing Devices from a File
This section gives procedures for using the Discovery Wizard screens for importing devices from a file.
To get started, select Devices > Discover > DISCOVER > Discovery Wizard > Import From File.
Note
The tasks for importing devices from a file are:
Table 4-9 Tasks for Import from File
Specify the file and set the SNMP retry and timeout (optional)
Verify your settings and finish
View import details
Select the File and Set SNMP Parameters
To import devices from a file, you can create the file by using a text editor or by exporting devices from a CiscoWorks server that is running Resource Manager Essentials.
For information about CSV files, see About CSV Files.
Procedure
Step 1
Step 2
Step 3
To see or edit the existing community strings on the WLSE, select Devices > Discover > Credentials > SNMP Communities.
Step 4
•
•
Step 5
Step 6
Finish the Import
Procedure
Step 1
Step 2
Step 3
Related Topics
Importing Devices from a CiscoWorks Server
This section provides procedures for using the Discovery Wizard screens for importing devices from CiscoWorks server that is running Resource Manager Essentials.
To get started, select Devices > Discover > DISCOVER > Discovery Wizard > Import from CiscoWorks.
Note
The tasks for importing devices from CiscoWorks are:
Table 4-10 Tasks for Import from CiscoWorks
Specify the CiscoWorks server
Schedule the import
View import details
Schedule the Import and Finish
This screen allows you specify a CiscoWorks server as the source of the devices to be imported. You can run a one-time import or schedule imports. For more information about importing devices from a CiscoWorks server, see About Device Import From CiscoWorks.
Procedure
Step 1
Step 2
a.
b.
Step 3
a.
b.
c.
d.
Note
Step 4
Related Topics
Setting Advanced Discovery Options
This option provides the following customizations for discovery and device management:
•
•
•
•
Note
Selecting the Device Name Format
The Name Format option lets you define the format of the device name shown in WLSE displays. You can choose from the following formats and you can specify a combination of more than one format:
•
•
•
•
If you chose this option, you must enter a description for each device in the Device Details screen under Devices > Discover > Managed Devices.
•
•
Your choice of name format affects the display of all devices, except for AAA servers. For AAA servers, the device name displayed is always the name you specify when adding the AAA server as a device to be monitored by the WLSE.
The name format(s) that you choose are used to make up a device identifier string. This string is computed for each device and shown in all WLSE displays.
The fact that long names will be truncated in some WLSE displays may influence your choice of device identifier string. For example, in tree structures, only 30 characters are shown. If you choose the hostname plus IP address as the string and you are using the fully qualified domain name as the hostname, it may be difficult to distinguish between different devices in the tree if the hostname is the first part of the string. As a workaround, you could construct the string so that the IP address is first.
You can search for devices by specifying the device description.
Procedure
To change the device identifier used for managed devices:
Step 1
Step 2
Step 3
Step 4
Result: All device names (except for AAA servers) in WLSE displays will be changed to the new format.
Note
Table 4-12 Name Formats
%dns%
The device DNS name is displayed,
Whether the DNS name is displayed, or a different identifier is displayed, depends on several factors. For details, see Enabling Reverse DNS Lookup.
If there is no DNS name, the device name is displayed as %dns%.
(%ip%)
The device IP address is displayed.
Using this string guarantees that the device name display will always be correct.
%hostname%
The device hostname is displayed. This is the default.
If the device has no hostname assigned to it, the device name is displayed as %hostname%.
%description%
A description of your choice is displayed.
You must enter a description for each device in the device detail screen accessible from Devices > Managed Devices.
Note
Note
%r0MAC%
%r1MAC%
The MAC address of the radio interface is displayed.
The MAC address formats apply only to access points and bridges, and are not applicable to switches and routers.
Only the last 6 characters of the MAC address are used in the device identifier.
If you use one of these name formats for devices other than access points, the DNS name, sysName, or IP address will be used instead. Which identifier is used depends upon whether reverse DNS lookup is enabled and the sysName is set on the device; for more information, see Enabling Reverse DNS Lookup.
%e0MAC%
The MAC address of the Ethernet 0 interface is displayed.
1 Does not affect the display the identifiers of AAA servers.
Related Topics
•
Examples and Rules for the Name Format Option
The name format can be any of the types listed when you select Learn About Name Format or any combination of these types, for example:
•
•
•
•
•
•
•
If the computed device identifier is longer than 30 characters, the WLSE will display only the first 30 characters in the device tree.
For name formats that include %e0MAC%, %r0MAC%, or %r1MAC%, only the last 6 characters of the MAC address will be used.
Name formats that include %e0MAC%, %r0MAC%, or %r1MAC% are not applicable to switches and routers.
Name formats do not apply to AAA servers; AAA servers are displayed according to the name entered when the server was added to the WLSE.
Enabling Reverse DNS Lookup
Enabling reverse DNS lookup affects hostname display on the WLSE as shown in Table 4-13. The actual identifier displayed for a device is also affected by the choices you make when specifying a device name format in Devices > Discover > DISCOVER > Advanced Options (for more information, see Selecting the Device Name Format).
Table 4-13 Effects of Reverse DNS Lookup on Device Name Display
Yes
If the lookup succeeds, the device name is displayed.
If the lookup fails, the device IP address is displayed.
No
If the device's SNMP sysName is set, the sysName is displayed.1
If the sysName is not set, the device IP address is displayed.
1 If a device's sysName contains a single quote (`) and DNS is not enabled, the IP address will be displayed instead of the sysName.
Note
Procedure
Step 1
Step 2
Step 3
Related Topics
Understanding WLSE Discovery Methods
Selecting the Device Name Format
Enable Auto-Management
Enabling this option causes all discovered devices to be automatically managed.
Note
Procedure
To enable automatic management for all discovered devices:
Step 1
Step 2
All discovered devices will be automatically placed in the Managed folder.
Note
Step 3
Step 4
Related Topics
•
Enable MAC Address Auto-Manage Filtering for Access Points
This option allows you to specify access points that you want to auto-manage during a specified time interval.
Filtering affects devices discovered through Wireless Domain Service (WDS). For more information, see About WLCCP/WDS Discovery.
Auto-management affects all discovered devices. Access point filtering affects only access points. See the following table for details on the effects of these two options.
Note
You can specify the access points to auto-managed by entering Ethernet MAC addresses in the screen or importing a file containing Ethernet MAC addresses. For example files, see Example MAC Address Files.
To enable MAC address filtering:
Step 1
Step 2
Step 3
Step 4
Note
Step 5
a.
b.
c.
Step 6
a.
b.
c.
Step 7
Step 8
Example MAC Address Files
You can use either of the following file formats to import MAC addresses for limited discovery of access points:
•
0040965b611f000a41047e3b0040965b5f75004096588420004096543a84000bbe6d8bd4000af4fb658a•
000b466e482,0000bbe8190c2,0040965b611f,000a41047e3b,0040965b5f75, 004096588420,004096543a84,000bbe6d8bd4Using Discovery IP Address Filtering
You can limit discovery to selected devices by setting up filter rules to include or exclude devices. Filter rules consist of device IP addresses with optional wildcards and ranges.
IP address filtering also affects devices discovered through Wireless Domain Service (WDS). For more information, see About WLCCP/WDS Discovery.
Note
Procedure
Step 1
Step 2
•
•
•
Rules cause discovery to be limited as described in the following table.
Note
For example, assume the IP addresses of the devices in a network are from 10.10.10.1 through 10.10.10.200:
•
•
All of the devices with the IP addresses 10.10.10.[40-80] are discovered, but those with IP addresses 10.10.10.[60-70] are discarded. Therefore, the devices discovered and retained have IP addresses 10.10.10.[40-59] and 10.10.10.[71-80].
Step 3
Related Topics
Understanding WLSE Discovery Methods
Viewing Discovery Logs
This option displays detailed logs on the results of discoveries and imports.
To delete all discovery logs, see Deleting Inventory and Discovery Logs.
Note
Note
Procedure
Step 1
A table of discovery jobs is displayed.
Step 2
Table 4-16 Discovery Job Log
Name
Type of discovery that was run:
•
•
•
•
Start Time
When the discovery started.
Recurring
•
•
State
Scheduled—Discovery will occur in the future.
Not scheduled—Run Now discoveries
User
User name—Name of the user who ran the job or who was the last user to modify the job.
WLSE—Automatic, scheduled discovery that has not been modified by a user.
End Time
When the discovery ended.
1 Two items are listed in the discovery log for each import from a CiscoWorks server: CDPDiscovery_Import_Devices and CiscoWorks Device Import.
Step 3
•
•
•
•
For more information on data shown in the Discovery Run Detail window, see Discovery Run Details Display.
If the log files show that problems occurred while running discovery, see Diagnosing Common Discovery Problems.
Step 4
Step 5
Related Topics
Deleting Inventory and Discovery Logs
Discovery Run Details Display
A typical, healthy discovery process run produces a log file similar to the following:
Seed value entered: 10.2.8.3Hop count defined: 1CDP Discovery started at 2003-03-27 22:40:11.437 (UTC)New device discovered:10.2.8.3 ( AP1200-CHAR-NET )Number of devices (re)discovered: 1CDP Discovery completed at 2003-03-27 22:40:11.737 (UTC)The log in the Discovery Run Details window shows the following information:
•
•
When you import devices, each imported device is listed as a "Seed value entered" in the log, and the "Hop count defined" value is 1.
•
•
•
•
•
Note
The messages listed in Table 4-17 may appear in the Discovery Run Details display.
Table 4-17 Messages—Discovery Run Log
172.19.12.39,public,private,14,1.3.6.1.4.1.9.1.507, !{[NOVALUE]}!,...
Messages similar to this are informational and show data obtained during device import from CiscoWorks.
CDP Discovery completed
Periodic CDP discovery end time.
Number of devices (re)discovered number
Number of devices discovered or rediscovered.
No seeds defined.
Although discovery is initially enabled and runs every 24 hours, it will not run unless you add seed devices. See Using the Discovery Wizard.
ip_address Device updated (sysname)
Device was previously discovered and information is being updated.
Inventory collection was not run for updated devices, run on-demand inventory or wait for the next scheduled inventory
An automatic inventory does not run for rediscovered devices. Run an on-demand inventory or wait for the next scheduled inventory. This is an informational message.
ip_address New device discovered (sysname)
Device was discovered for the first time.
ip_address Device being auto-managed (sysname)
Auto-management is enabled.
Inventory collection will run immediately for auto-managed devices.
Auto-management is enabled; therefore, inventory collection will run immediately for the auto-managed devices.
ip_address is SNMP unreachable, unable to read CDP cache.
The community strings may be set up incorrectly. See Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine Express, 2.11.1
This message might indicate a network problem, or the device might be an invalid seed device (not running CDP and SNMP), such as a PC or workstation.
For more information on troubleshooting SNMP problems, see Diagnosing Common Discovery Problems.
No logs available. Waiting for resources to start job.
Other running jobs are using all available resources. Information on this job will be displayed when resources are available.
x.x.x.x is reachable but unable to provide the information you requested. For IOS access points, make sure the SNMP community does not have an object identifier associated with it.
The community string associated with the device might not have an SNMP ISO view associated with it, and the WLSE cannot poll some attributes. Configure the community string in the AP as follows:
# snmp-server view iso iso included# snmp-server community community_string view iso ROwhere community_string is the AP's read-only community string.
x.x.x.x does not respond to ieeedot11 attributes.
Make sure the SNMP community has a proper view associated.
The IOS access point has not been configured with an IOS view. To correct this, you can configure the device manually (see Configuring Devices for Management by the CiscoWorks Wireless LAN Solution Engine Express, 2.11)2 or create a configuration job to correct it (see Managing Configuration Jobs). Affected devices are placed in the Misconfigured Devices system group. After the device is properly configured, you can run discovery or wait for the next scheduled discovery. After discovery, the device will be placed in the proper group(s). See Managing Device Discovery.
A newly discovered device has the same IP address as a previously discovered device. The new device will not be discovered until the conflict is resolved. The identifier shown is for the previously discovered device. For access points, the identifier shown is the Ethernet MAC address.
If you want both devices to be managed, assign a different IP address to the newly discovered device. If you substituted a new device for a previous device and want to retain the IP address, delete the old device. In either case, run discovery again or wait for the next scheduled discovery. See Managing Device Discovery.
A new device is being discovered but could not be auto-managed because the MAC filter values exclude the device or the time period selected for auto-management has expired. See Enable MAC Address Auto-Manage Filtering for Access Points.
1 For help in locating this document, see Finding WLSE Documentation on Cisco.com.
2 For help in locating this document, see Finding WLSE Documentation on Cisco.com.
Related Topics
•
Diagnosing Common Discovery Problems
This section contains information on:
•
•
Note
Troubleshooting SNMP Connectivity Problems
The most common discovery problems are related to SNMP connectivity. This type of message indicates that the WLSE attempted to retrieve the CDP neighbor table of the device, but was unable to do so because of an SNMP connectivity issue:
172.20.98.230 is SNMP unreachable, unable to read CDP cache.Typical causes of SNMP connectivity issues are:
•
•
•
•
To determine the cause of the problem:
1.
Note
2.
One common problem with both IP and SNMP connectivity is the presence of access control lists (ACLs) or firewalls in the network between the WLSE and the managed devices that might reject management traffic. Verify that management traffic is permitted from the WLSE to each of the managed devices.
3.
The SNMP Connectivity Tool retrieves a single object, whereas the discovery retrieves multiple objects. You can use the SNMP Query Tool (see Using the SNMP Query Tool) to retrieve a larger SNMP table. Then, if you have SNMP connectivity for one variable but not for the larger table, it is likely that the issue is related to the timeout and retry settings. See Step 5.
4.
•
•
•
If the SNMP configuration is not correct, reconfigure the devices and WLSE as necessary and re-run the discovery.
5.
Obtaining Detailed Discovery Logs
If the procedures in the preceding section do not solve your discovery problems, open a case with the Cisco TAC. You might be able to assist the Cisco TAC by getting more detailed discovery logs. To increase the level of logging:
Note
1.
2.
3.
4.
After the discovery runs:
1.
2.
3.
Note
Managing Devices
Note
The Managed Devices option under Devices > Discover > Managed Devices shows the management state of all discovered devices. Devices must be in the managed state before they can be polled, and before you can use the WLSE to monitor or configure them or use any of the other WLSE network management or radio management features.
By default, newly discovered devices are in the unmanaged state. You can arrange for devices to be automatically managed after they are discovered, or you can manually move devices to the managed state.
From the device tree you can also view details on any device in a folder.
Note
This section contains information on the following device management options:
•
•
•
Device Management Folders and Functions
The Managed Devices option provides the following functions:
Table 4-18
View all devices that have been discovered: newly discovered devices that are not yet managed, managed devices, unmanaged devices (devices that were once managed but are no longer managed), and devices with changed IP addresses.
Note
Manually change a device's management state.1
View details about a device.
Enter a different description for each device.
Delete devices.
1 You can also configure the WLSE to automatically manage devices as they are discovered. See Setting Advanced Discovery Options.
Note
About Managed Devices Folders
The Managed Devices display contains the following top-level folders. There is a subfolder for each type of device contained in a top-level folder; the subfolders appear only if there is at least one device of that type in the top-level folder.
Table 4-19 Managed Devices Folders
Search Results
This folder is populated after you run a successful search for devices. This folder does not contain subfolders. For information on searching for devices, see Using the Device Selector.
If a device is in any of these folders, you can view details about it, delete it from the database, or change its managed/unmanaged state.
New
Contains all devices that have been discovered but are not in the managed state.
Managed
Contains all devices that are in the managed state
Unmanaged
Contains all devices that were once managed but are not longer in the managed state.
Duplicate IP
Contains access points that are in the pending state. A device becomes pending and is placed in this folder:
•
•
•
The IP address shown for a device in this folder is the last known address for the device, before the address change occurred.
For information on how to move devices from the pending state, see Handling Duplicate IP Addresses on Access Points.
If a device is in this folder you can view details about it or delete it from the database.
Manually Changing the State of Devices
Procedure
Step 1
For information on the folders and subfolders in the tree, see About Managed Devices Folders.
Step 2
Select the devices you want to change, then click Manage or Unmanage. Devices will be moved into the Managed or Unmanaged folder.
Note
Step 3
a.
Result: The Device Detail pane is displayed. For more information on device details, see Viewing Device Details.
b.
c.
Note
Related Topics
•
Viewing Device Details
Procedure
Step 1
For information on the folders and subfolders in the tree, see About Managed Devices Folders.
Step 2
a.
b.
Result: The Device Details pane appears.
For information on the device details displayed, see Understanding Device Details.
For information on entering a description in the Description field, see Entering Device Descriptions.
Related Topics
•
Understanding Device Details
Some device details are not displayed unless the corresponding parameters are set on the device; for example, location and contact information.
The details shown in the Device Details pane are described in Table 4-20.
Table 4-20 Device Details Pane
Description
A description to be used as the device identifier in WLSE displays. Only the first 30 characters of the device identifier string will be displayed.
For information on entering a description in this field, see Entering Device Descriptions.
For details on formatting the device identifier string, see Selecting the Device Name Format.
Note
Device Name
By default, DNS name, IP address, or sysName. For information on which identifier will be displayed, see Enabling Reverse DNS Lookup.
State
Current state of the device:
•
•
•
•
•
SysDescription
Detailed device description.
Version
Software version installed on the device.
Device Family
Device type; for example, Aironet.
SysName
The system name. Not displayed unless set on the device.
Note
SysObjectId
Unique identifier that identifies the device type.
Location
Where the device is located. Not displayed unless set on the device.
Device Identity
MAC address.
For access points, this is the FastEthernet MAC address.
IP Address
Device IP address.
Subnet
Subnet in which the device is located.
Network Segment
The network segment in which the device is located.
Contact
The person to contact for this device. Not displayed unless set on the device.
Profile
Name of the fault profile that contains threshold values and policy settings for this device; for example, the Default profile.
Related Topics
•
•
Entering Device Descriptions
You can enter a description for each device in the Device Details pane. The description you enter is used in displays in one of the following ways:
•
•
Note
Procedure
Step 1
Step 2
Step 3
Result: The Device Details pane appears.
Step 4
Note
Step 5
For more information about selecting the name format, see Selecting the Device Name Format.
Result: The Device Name field changes to the new name. The new name appears in device trees and other displays.
Note
Related Topics
•
Deleting Devices
Procedure
Step 1
Step 2
Result: The Group Change Status window appears and all devices in the folder are displayed.
Step 3
Step 4
a.
Result: The Device Detail pane is displayed.
b.
Result: Deleted devices are removed from the database and from WLSE displays. Database updates could take some time if many devices are being deleted at the same time.
Related Topics
•
•
Limitation on the Number of Managed Devices
The number of devices that can be managed by a single WLSE is limited, depending on the hardware platform and (for the WLSE Express) the installed software.
•
•
•
Managed Device Limit on the WLSE 1130 and WLSE 1130-19
The WLSE 1130 and WLSE1130-19 can manage 2,500 access points and wireless bridges and up to 5,000 radios. After you have placed 2,500 access points under management, warning messages are displayed each time you add more devices to the Managed folder. After 2,550 devices are under management, no additional devices can be placed in the Managed folder.
Device discovery continues after the absolute limit (2,550 access points) is reached, but no additional devices can be placed under management.
Routers, switches, and AAA servers are not included in the 2,500-device limit.
Managed Device Limit on the WLSE 1030 Express
As shipped, the WLSE Express can manage 50 access points and wireless bridges and up to 100 radios.
After you have placed 45 access points under management, warning messages are displayed each time you add more devices to the Managed folder. After the first warning message appears, you can still add a few more devices. After 50 devices are under management, no additional devices can be placed in the Managed folder.
Device discovery continues after the absolute limit has been reached, but no additional devices can be placed under management.
Routers, switches, and external AAA servers are not included in the device limit.
Note
To display the device limit that is in effect on a WLSE, use the show version CLI command. For information on CLI commands, see "Command Line Interface (CLI) Commands."
Finding the Managed Device Limit on Your WLSE
You can display the device management limit on your WLSE by running the show version CLI command. For example:
show version(C) Copyright 2005 by Cisco Systems Inc.WLSE 1030 Release 2.11FCS Mon Mar 7 12:59:06 UTC 2005Device Limit = 100Build Version (66) Tue Mar 8 06:47:27 UTC 2005Uptime: 0 days 1 hour 34 minsLinux version 2.4.28-5_WLSE (root@app20.cisco.com) (gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-113)) #1 Mon Jan 31 16:16:56 PST 20051030VIA CPU at 1000.058 Mhz with 1025592K bytes of memory.1 Ethernet interfaces18.464Gb on diskFor information on accessing and using the CLI, see "Command Line Interface (CLI) Commands."
Related Topics
Handling Duplicate IP Addresses on Access Points
The WLSE uniquely identifies a device in network by its identity, which is the MAC address for an access point and the sysname for routers and switches.
The IP address assigned to a device might change for any of the following reasons:
•
•
•
If the WLSE discovers a device (device A) that has an IP address that was previously assigned to device B, the WLSE will assign the correct IP address to device A. The WLSE will then declare that device B has an IP address conflict, and places device B in the Duplicate IP folder.
When the WLSE finds the correct IP address for device B during discovery, it will automatically assign the IP address to device B and also remove device B from the Duplicate IP folder.
The WLSE raises a single "Duplicate IP Address Detected" fault on IP address, 127.0.0.1 regardless of the number of devices in the Duplicate IP folder. The fault will remain until the Duplicate IP folder becomes empty.
Such conflicts within WLSE might be temporary while discovery is in progress and will likely be resolved at the completion of device discovery. This depends on the discovery seeds and the CDP distance. These parameters should be set so that the WLSE discovers or rediscovers all the affected devices.
The WLSE temporarily treats the devices in the Duplicate IP folder in the same way as unmanaged devices. No active management activity will occur on these devices. The WLSE begins to actively manage such a device as soon as it discovers its correct IP address.
The WLSE can usually automatically detect and handle such IP address changes during device discovery if:
•
•
If any devices still remain in the Duplicate IP folder, you may need to do one of the following to resolve this:
•
•
When the WLSE resolves all conflicting devices, the "Duplicate IP Address Detected" fault will be automatically cleared.
Managing Device Inventory
During inventory, the WLSE retrieves device attributes in order to populate its displays (such as reports) and place devices in groups.
The WLSE automatically runs basic inventories on all managed devices and inventories on client associations and trends for specific types of devices. For information about automatic inventories, see About Inventories.
The inventory options are described in Table 4-21.
Related Topics
About Inventories
Periodic device inventory polling processes retrieve key data from managed devices. Polling processes support these features:
•
•
•
•
•
You can view information about inventory jobs in the logs (see Viewing Inventory Logs) and in the jobvm log. To view or download the jobvm log, select Admin > Appliance > Status > View Log File and select the jobvm.log file.
The WLSE features the following kinds of inventories and polling:
•
•
Automatic Scheduled Inventories
The WLSE runs 3 types of automatic inventories on a regularly scheduled basis:
•
In the inventory log, these inventories are named Periodic Inventory.
Note
•
In the inventory log, these inventories are named Client Inventory.
•
In the inventory log, these inventories are named Performance Inventory.
You can reset the polling intervals for automatic inventories. See Changing the Polling Intervals for Automatic Inventories. You can run immediate or scheduled inventories. See Running Immediate Inventories.
Immediate (Run Now) Inventories
You can run immediate inventories. You select the devices for these inventories.
These are basic inventories of all devices. These inventories collect all the information required by the WLSE to populate displays, such as reports, and to place devices in system-defined groups.
In the inventory log, these inventories are named Run Now Inventory.
Note
Changing the Polling Intervals for Automatic Inventories
Use the following procedure to change intervals for automatic inventories. For guidelines on choosing intervals, see Guidelines For Choosing Inventory Intervals.
Note
Procedure
Step 1
Step 2
•
•
•
Step 3
Related Topics
•
Guidelines For Choosing Inventory Intervals
Following are some suggestions for deciding how to set the polling intervals.
At each interval, the WLSE runs basic, performance, and client inventory. If the actual inventory data collection time exceeds the interval, the WLSE will skip an inventory polling cycle. The next inventory polling will start at the next expected time.
For example, if the recurring scheduled inventory interval is configured to run every 30 minutes and the inventory polling begins at 10:00AM and runs for 32 minutes, the next polling will not begin until 11:00AM. This means that the data may not be as granular as expected.
A second potential problem occurs when the inventory polling takes just slightly less than the interval. In this case, the WLSE will almost always be running inventory polling processes. For example, suppose the recurring scheduled inventory interval is configured to run every 30 minutes, but inventory polling takes just under 30 minutes. In this case, if an inventory polling cycle begins at, for example, 10:00AM and runs until 10:29AM, the next inventory polling begins almost immediately at 10:30AM. This situation may be completely acceptable if the network can tolerate almost constant management polling from the WLSE and if the WLSE CPU and memory utilization do not become overtaxed.
Deleting Inventory and Discovery Logs
Note
Procedure
Step 1
Step 2
Result: All discovery and inventory logs will be deleted. There is no way to delete selected logs.
Running Immediate Inventories
You can run immediate inventories of devices that you specify. The inventories you run are basic inventories that collect all the information required by the WLSE to populate displays, such as reports, and to place devices in defined groups.
Note
When new devices are discovered and managed, basic inventory and client reports are not populated until the next inventory polling occurs. However, you can use this option to populate these reports before the next inventory cycle starts.
This feature can also be useful when configuration changes are made on network devices and you want the changes quickly reflected in the basic and client inventory reports.
Procedure
Step 1
Step 2
Note
Step 3
Step 4
Step 5
Managing Polling Parameters
The Polling option allows you to:
•
•
Note
Procedure
Step 1
Step 2
a.
b.
c.
Step 3
Related Topics
About Trending and Aggregation Data
Polling Parameter Details
The following tables describe the WLSE's polling parameters.
•
•
•
For general information about polling intervals and data retention parameters and guidelines for choosing the appropriate settings, see About Inventories.
Table 4-22 Polling Interval Parameters
Inventory Poll Interval
Interval during which configuration data will be collected from the devices for inventory. This is the data shown in any Web interface device detail table.
TipDefault: 12 hours
Minimum: 10 minutes
Maximum: 7 days
Wireless Client Poll Interval
Interval during which data is collected for client inventory. Also, the interval at which Wireless Client reports are updated. Decreasing the interval provides more data points in reports.
TipDefault: 51 minutes
Minimum: 17 minutes
Maximum: 7 days
Performance Attributes Poll Interval
Interval during which performance and utilization data are collected from the devices for the performance inventory.
Default: 31 minutes
Minimum: 13 minutes
Maximum: 7 days
About Trending and Aggregation Data
Raw trending data retrieved from inventory polling is placed in database trending tables as follows:
•
•
•
•
The data in the trending and aggregation tables is periodically purged. For the minimum, default, and maximum data retention intervals, see Polling Parameter Details.
Data retention intervals are configurable globally through the system parameters interface. Under almost all circumstances, there is no reason to change the defaults. In some large WLAN deployments, however, the WLSE database may begin to grow so large that it makes sense to purge data more often. Because it may affect the accuracy of the data in the trending reports, be careful when you change the data retention intervals.
Viewing Inventory Logs
This option allows you to view historical information about inventories.
Note
Procedure
Step 1
Step 2
Step 3
Step 4
Related Topics
Diagnosing Common Inventory Problems
Run Log Details—Inventory
Most inventory run log messages show the start and end time, the type of data collected, and the devices that were inventoried.
You may also see error messages, such as the following:
•
This message also appears if there are many SNMP timeouts on the network or devices are not reachable through SNMP. In that case, the inventory job will take much longer to finish, and the next scheduled inventory will not run until the current job finishes.
Related Topics
Diagnosing Common Inventory Problems
Diagnosing Common Inventory Problems
You can view the inventory process log files using the interface in Devices > Discover > Inventory > Logs. Open the appropriate folder within the Inventory sub-tree—the tree leaves correspond to the inventory runs. The logs are sorted in each folder by start time, with the most recent runs at the top.
If you have problems with your inventory processes and you open a case with the Cisco TAC, they may ask you for the jobvm log, which you can retrieve by selecting Admin > Appliance > Status > View Log File.
You might be able to assist the Cisco TAC by getting more detailed information than what normally appears in the logs. To increase the level of logging:
Note
1.
2.
3.
4.
After the inventory runs:
1.
2.
3.
Note
Exporting Devices
You can export all managed devices (access points, routers, switches, and AAA servers) to:
•
•
Note
Exporting Devices to a CiscoWorks Server
This option allows you to export all managed devices (access points, switches, and routers) and any AAA servers you have added to a CiscoWorks server. Unmanaged devices are not exported.
The information exported consists of the IP addresses and credentials.
The time required to export devices depends on the number of devices exported and the response from the CiscoWorks server. The following procedure explains how to check the status of the operation.
Note
Procedure
Step 1
Step 2
•
•
•
Step 3
Step 4
If the Last Status button is displayed, you can review the results of a previous export.
The following information is included in the export status log:
Step 5
Step 6
Exporting Devices to a CSV File
This option allows you to export all managed devices (access points, switches, and routers) and any AAA servers you have added to a CSV file. Devices that are unmanaged are not exported.
The information exported for each device is:
•
•
•
•
For more information on CSV files, see About CSV Files.
Note
Procedure
Step 1
Note
Step 2
To launch an HTTPS session, enter the following URL:
https://wlse_ip/where wlse_ip is the IP address of the WLSE. Note that you do not append a port number to the IP address when using HTTPS.
•
•
–
–
–
–
–
–
–
–
Step 3
Note
Result: The file is saved to your desktop.
Managing Groups
When you select Devices > Group Management, the Group Details window appears. Both system-defined and user-defined groups appear in the device selector. System-defined groups cannot be edited or deleted. For detailed information on system-defined and user-defined groups, see About Groups.
The group management window allows you to:
View system and user-defined groups
Create a new static group
Create a new dynamic (rule-based) group
Create a new static or rule-based group by copying an existing group
Creating a Static Group by Copying a Static or Rule-Based Group
Edit a group
Delete a group
Related Topics
About Groups
The WLSE grouping feature lets you organize managed devices into logical subsets and hierarchies. Using device grouping, you can quickly configure, upgrade, and view reports for a set of access points as a single operation.
Note
The Group Details window allows you to view the existing device groups and categorize devices into named groups. A group is a named entity that can contain devices, other groups, or a combination of devices and groups. There are two types of groups:
•
•
The device selector lists all the current groups, both system-defined groups and user-defined groups. The number after a group name or folder shows how many objects it contains (devices and other groups) or how many groups are in the folder. Every managed device appears in one or more of the system-defined groups, and may also appear in one or more user-defined groups.
Groups can be dynamic or static:
•
•
System-Defined Groups
You cannot edit or delete a system-defined group. The system-defined groups are dynamic (rule-based), and are automatically populated by reading information from the devices during discovery and inventory collection. Any changes to devices are reflected in the system-defined groups only after the next discovery or inventory collection has completed.
System-defined groups are contained in folders; for example, the system-defined groups for device type are contained in the Device Type folder.
If devices are not configured correctly, they may not appear in the system-defined groups. For example, a WDS access point that is not correctly configured will not be included in the Active WDS or Backup WDS system groups.
Tip
For details on the system defined groups, see Table 4-27.
Table 4-27 System-Defined Groups
Device Type
A group for each device type:
•
•
•
•
•
•
•
•
•
•
•
•
•
More System Groups
•
•
•
Physical Location
Group for each building defined by users in the Location Manager.
•
•
Wireless Domain Services (WDS)
Groups for WDS devices:
•
•
Misconfigured Devices
Group for IOS access points that do not have an ISO view configured. If a dot11 mib view fault is generated, the device is automatically placed in this group.
•
•
Scanning AP
Group for access points that are configured for scanning-only mode or that have an interface configured for scanning mode.
User-Defined Groups
You can define any number of groups. User-defined groups can either be static or rule-based:
•
Although there is no limit on the number of levels in a group hierarchy, we recommend that you define no more than four levels. With too many levels, system performance degrades and navigation becomes difficult.
•
Useful user-created groups in a WLAN greatly depend on the structure of the network and the application demands. Table 4-28 contains examples of groups that might be worthwhile in a typical wireless LAN environment.
Using the Group Details Window
Note
To view details about a group and use group management functions:
Procedure
Step 1
Step 2
Table 4-29 Group Details Window Fields
Description
Description entered when the group was created or edited (if any). Can be up to 256 characters long.
Created by
Username of the creator of the group.
Type
System Group, Static Group, or Rules-Based Group.
Group Members
Member Type
Device—A device, such as access point or switch.
Subgroup—A subgroup of the group you selected.
Name
Hostname of a member device or name of a subgroup.
•
•
IP Address
IP address of a member device.
Device Type
Device type of a member device
Software Version
Software version installed on a member device.
Step 3
Table 4-30 Group Details Window Buttons
Create Static Group
Create a static group.
Create Rule-Based Group
Create a rule-based group.
Copy
Copy a static or rule-based group.
Creating a Static Group by Copying a Static or Rule-Based Group
Copy Static
Make a static copy of a rule-based group.
Edit
Edit a static or rule-based group.
Delete
Delete a static or rule-based group.
Click Delete to delete the group.
Links to Reports from the Group Details Display
The following reports can be displayed from the Group Details window by clicking the name of a device in the current group. A window opens displaying links to the following reports and a link to the Web interface of the access point.
Creating a Static Group
Note
To create a new static group:
Procedure
Step 1
Step 2
•
•
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 3
Note
Step 4
The group or device is added to the Available Devices list in the Create Group dialog.
Step 5
Note
Step 6
Step 7
Step 8
To cancel the group creation and discard your changes, click Cancel.
Related Topics
Creating a Static Group by Copying a Static or Rule-Based Group
Creating a Rule-Based Group
To create a new rule-based group:
Note
Procedure
Step 1
Step 2
•
•
Note
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 3
Note
Step 4
The available rules are described in the following table. You can use an asterisk (*) as a wildcard to match any number of characters.
•
–
–
All of the rules you select are added together (logical and). For example, if you select the following Equals rules: Device Type AP1100, subnet 171.69.* and Software Version 12.2*, only the AP1100 access points in the specified subnet and running the specified firmware will be part of the group.
If you need to group devices that match more than one parameter in a given rule you can create a group that contains subgroups. For example, a group consisting of the AP1100 access points at two different sysLocations could be constructed by creating a group that contains a subgroup for each sysLocation.
Step 5
Step 6
Step 7
All currently managed devices that match the group rules will be added to the group. All devices that become managed later and match the rules will also be added to the group.
Related Topics
Creating a Static Group by Copying a Static or Rule-Based Group
Note
Use this procedure to create a new static group by copying an existing static or rule-based group (including system-defined groups).
Procedure
Step 1
Step 2
•
•
Step 3
Names and descriptions can be up to 64 characters in length. For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4
Step 5
Step 6
a.
b.
c.
Step 7
Step 8
By default, new static groups are placed under the same parent as the group you are copying; you can select another parent from the Subgroup of list. New static groups are added to the Subgroup of list.
To cancel group creation and discard your changes, click Cancel.
Related Topics
•
Copying a Rule-Based Group
By copying an existing rule-based group (a user-defined group or a system group), you can create a new rule-based group or a new static group.
Note
Procedure
Step 1
Step 2
•
•
Step 3
Names and descriptions can be up to 64 characters in length. For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4
Step 5
Step 6
To reset the window to its contents before this session, click Reset.
To cancel group creation and discard your changes, click Cancel.
Editing a Static Group
Note
To edit a static group:
Procedure
Step 1
Step 2
Step 3
Names can be up to 64 characters long, and descriptions can be up to 256 characters long. For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4
Step 5
a.
b.
Step 6
Step 7
Related Topics
•
Editing a Rule-Based Group
Note
To edit a user-defined rule-based group:
Procedure
Step 1
Step 2
Step 3
Names can be up to 64 characters long, and descriptions can be up to 256 characters long. For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4
Step 5
Step 6
To reset the window to its contents before this session, click Reset.
To discard your changes, click Cancel.
Deleting a Static or Rule-Based Group
Note
To delete a user-defined (static or rule-based) group:
Procedure
Step 1
Step 2
Step 3
Step 4
Related Topics
