-
User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.7
-
Index
-
Preface
-
Getting Started
-
Fault Monitoring
-
Managing Devices
-
Using IOS Configuration Templates
-
Using Non-IOS Configuration Templates
-
Managing Device Configuration
-
Updating Device Firmware
-
Using Reports
-
Managing the WLAN Radio Environment
-
Viewing Your WLAN Radio Environment with Location Manager
-
Managing the WLSE System
-
Managing the WLSE System via the CLI
-
Naming Guidelines
-
Using the Command Line Interface (CLI)
-
Glossary
-
Table Of Contents
Getting Started with Device Management
Enter or Modify SNMP Community Strings for All Devices
Recommendations For Configuring SNMP Credentials
Enter HTTP Usernames and Passwords—Non-IOS Access Points
Enter Telnet/SSH Usernames and Passwords—IOS Access Points
Enter HTTP Port Settings—IOS Access Points
Enter WLCCP Credentials for Wireless Domain Services
Using Enhanced (WDS) Client Tracking
Configuring Enhanced Client Tracking
Prerequisites for Enhanced Client Tracking
Client Tracking vs. Client Polling
Understanding Discovery and Management
Understanding WLSE Discovery Methods
Select the Type of CDP Discovery
Verify Your Settings and Finish—Run Now
Verify Your Settings and Finish—Modify Schedule
Select the File and Set SNMP Parameters
Importing Devices from a CiscoWorks Server
Schedule the Import and Finish
Enable MAC Address Auto-Manage Filtering for Access Points
Using Discovery IP Address Filtering
Diagnosing Common Discovery Problems
Managing and Unmanaging Devices
Limitation on the Number of Managed Devices
Changing the Polling Intervals for Automatic Inventories
Guidelines For Choosing Inventory Intervals
About Trending and Aggregation Data
Diagnosing Common Inventory Problems
Exporting Devices to a CiscoWorks Server
Exporting Devices to a CSV File
Using the Group Details Window
Creating a Static Group by Copying a Static or Rule-Based Group
Deleting a Static or Rule-Based Group
Managing Devices
The Devices tab provides options for basic device management on the WLSE. The options in this tab allow you to discover and manage devices and organize devices into easily manageable groups.
The topics covered in this chapter are:
•
Getting Started with Device Management
•
•
•
Devices Tab Functions
The Devices tab provides the facilities for basic device management on the WLSE. The options under this tab allow you to discover and manage devices, inventory devices, and organize devices into easily manageable groups. After devices are discovered and managed, you can use all of the other WLSE management features. For a detailed guide to using these options, see Getting Started with Device Management.
Managed devices can be exported to a file and to CiscoWorks Resource Manager Essentials.
Note
The options under the Devices tab are:
•
–
–
–
–
–
–
–
•
Getting Started with Device Management
Before you can use the WLSE to manage newly added devices, you must set up the devices, configure the WLSE, discover the devices, and move the devices to the managed state. Optionally, you can set up your own device groupings to make management easier. To get started, follow the steps listed in the following illustration and explained in the following paragraphs:
Step 1: Set up devices
Before devices can be discovered and managed by the WLSE, they must be properly configured. In addition, if you are using WLSE radio management, IOS access points must be configured for Wireless Domain Service (WDS) and for LEAP authentication. For information on the minimum requirements for device setup, see the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7. This guide is shipped with each WLSE, or you can view it online on Cisco.com at
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_7/index.htm.
Step 2: Log in to the WLSE
Log in to the Web interface.
Step 3: Enter device credentials
Enter device credentials on the WLSE:
•
•
•
•
•
•
Step 4: Discover devices
Initiate discovery from the WLSE or import devices:
•
•
Step 5: Verify discovery
Verify that devices were discovered—see Viewing Discovery Logs.
Step 6: Move devices to managed state
Before you can use configuration, reporting, and monitoring features, you must either move devices to the managed state on the WLSE, or specify that all discovered devices be automatically managed—see Managing and Unmanaging Devices.
Step 7: Run inventory
After the devices are in the managed state, an immediate inventory runs automatically to obtain device information needed to use such WLSE features as reports and automatic grouping—see Managing Device Inventories.
You can also run inventory polling on demand for one or more devices. When new devices are discovered and managed, basic inventory and client reports are not populated until the next inventory polling occurs. However, you can use the on-demand inventory to populate these reports before the next inventory cycle starts. You can also use on-demand polling when configuration changes are made on network devices and you want the changes quickly reflected in the basic and client inventory reports.
Step 8: Create users and user roles
A user's role determines the tabs and subtabs the user can access. Users who have access to a subtab can perform all of the tasks under the subtab.
The WLSE provides several predefined roles, which you can use to control which features staff members are allowed to access. Although you cannot delete predefined roles, you can edit them or create new, user-defined roles—see Managing Users.
Step 9: Create device groups
The WLSE grouping feature lets you organize managed devices into logical subsets and hierarchies. Using device grouping, you can quickly configure, upgrade, and view reports for a set of access points as a single operation—see Managing Groups.
Now you can use fault monitoring, reports, firmware upgrade, and configuration, and radio management. You can also export devices, monitor AAA servers, and use Wireless Domain Services.
Specifying Device Credentials
Before the WLSE device discovery or device polling can successfully communicate with the network devices, the WLSE must be aware of the appropriate device SNMP credentials to use.
The Device Credentials option lets you enter the following required device credentials:
•
•
–
–
•
The Device Credentials options are:
•
•
•
•
•
Enter or Modify SNMP Community Strings for All Devices
The Wireless LAN Solution Engine uses SNMP community strings to discover devices and enable other WLSE options, such as firmware updates, configuration, and radio management. If community strings are not entered correctly, the WLSE cannot communicate with the device. Both read-only and read/write community strings are required.
The default community string covers all devices and uses public for both the read-only string and the read-write string. If the community strings on your devices differ from the default, you must specify the community strings on the WLSE before devices can be discovered and managed. For guidelines on configuring community strings on your devices, see the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7 on Cisco.com.
If you are importing devices from a file or CiscoWorks (instead of using the discovery mechanism), the community strings will also be imported. You do not need to enter the community strings here; however, if you import the strings and want to edit them, you can use this screen to do so. Also, if you imported devices and you want to customize the timeouts and retries, you can use this screen. For information about importing devices, see Importing Devices from a File and Importing Devices from a CiscoWorks Server.
If you are using the Discovery Wizard to run CDP discovery, you can enter community strings in the wizard. For more information, see Using the Discovery Wizard.
Note
Procedure
Step 1
Note
Note
Step 2
a.
b.
Result: The community string appears in the list of entries.
Step 3
a.
b.
c.
Note
Step 4
a.
b.
Note
Step 5
Related Topics
•
Recommendations For Configuring SNMP Credentials
This section contains the following information:
•
Community String Format
Use these guidelines when constructing entries:
•
–
–
*.*.*.*
172.*.*.*
–
27.20.[4-55].*
172.[21-30].[44-88].*
172.*.*.[121-255]
•
•
•
Multiple Entries and Order of Use
When there are multiple potential entries, the WLSE will use the best (longest) matching community string. Matching is done from left to right on the IP address field. In case of conflicts caused by overlapping address specifications, the entry listed first will be used. It is strongly recommended that you remove any ambiguity by breaking the address into non-overlapping sets.
The order in which you add entries does not matter.
The default entry (*.*.*.*) is used when none of the specified rules match a given IP address. The default entry cannot be removed.
SNMP Timeouts and Retries
Use caution in configuring the SNMP timeouts and retries because the timeout/retry mechanism uses an exponential back-off algorithm. Follow these guidelines:
•
•
However, if you are managing devices across high latency links (for example, thin or congested WAN links) or you encounter problems with SNMP timeouts, you might need to increase the timeouts or retries. If you need to change the default timeout and retries settings, the only way to arrive at optimal settings is through experimentation. One recommended procedure is to incrementally increase the timeout settings without increasing the retries until SNMP timeouts cease:
1.
2.
3.
Continue the process until SNMP requests no longer time out. Then leave the timeout setting in place, allowing the WLSE to operate normally with these settings. If you continue to see SNMP timeouts, you might need to increase the timeout setting or increase the retries settings again.
Related Topics
Enter HTTP Usernames and Passwords—Non-IOS Access Points
HTTP usernames and passwords are required for downloading configuration files to non-IOS access points. The password must be set on each access point, and you can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on access points, see the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7.
Note
Procedure
Step 1
Step 2
a.
For information on using ranges and wildcards in IP addresses, click Learn More or see Entering IP Addresses.
b.
c.
d.
Step 3
a.
b.
Step 4
Enter Telnet/SSH Usernames and Passwords—IOS Access Points
Telnet or SSH (SSH1 only) usernames and passwords are required for applying configuration templates to IOS access points and for upgrading firmware on IOS access points. You can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on IOS access points, see the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7.
The Telnet/SSH credentials you enter in this dialog must match the login sequence on the IOS access points. For example:
•
•
•
If the credentials and login sequence do not match the device, the WLSE will not be able to open a session on the device. Match the credentials and login sequence as follows:
Note
Procedure
Step 1
Step 2
•
•
IP address
IP address or range of IP addresses for access points using this username and password. For details on entering address ranges and using wildcards, see Entering IP Addresses.
Username
Telnet/SSH username.
Note
User Password
Telnet/SSH password.
Confirm Password
Enable Password
Telnet/SSH enable password.
Confirm Enable Password
Step 3
Step 4
a.
b.
Step 5
Step 6
Entering IP Addresses
IP addresses can consist of the following:
•
•
–
–
•
–
–
–
Note
Enter HTTP Port Settings—IOS Access Points
HTTP port settings are required for reports on IOS access points; the port settings are used for the links from reports to the Web interfaces of access points. The port you should supply for each device is the port for accessing the access point's Web interface.
Note
Note
Procedure
Step 1
Step 2
a.
For information on using ranges and wildcards in IP addresses, click Learn More, or see Entering IP Addresses.
b.
c.
Step 3
Enter WLCCP Credentials for Wireless Domain Services
If you are using the WLSE to monitor Wireless Domain Services (WDS) on your network, you must enter WLCCP credentials on the WLSE for the access points that provide WDS or an AAA server providing LEAP authentication services.
Note
For other configuration requirements for radio management, see the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7.
To enter WLCCP credentials on the WLSE:
Step 1
Step 2
Step 3
Step 4
To clear all fields and remove the WLCCP credentials, click Clear Fields.
Managing AAA Servers
The options in this screen allow you to:
•
•
•
Related Topics
About AAA Servers
Before adding Authentication, Authorization, and Accounting (AAA) servers to the WLSE, configure the servers to add the WLSE as a client. For information on adding the WLSE as a client on AAA servers, see the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7.
After you add AAA servers to the WLSE, the WLSE automatically performs periodic logins on each server to monitor the server's response time and availability and displays this information under Reports > Trends.
The WLSE can monitor AAA services provided by Cisco Secure Access Control Server (ACS) or Cisco Access Registrar (AR). For the versions of these products supported by the WLSE, see the Supported Devices Table for the CiscoWorks Wireless LAN Solution Engine, 2.7, on Cisco.com.
If you are using Wireless Domain Services (WDS), you will also use an AAA server to allow the WLSE to authenticate with the WDS access point. For more information, see Enter WLCCP Credentials for Wireless Domain Services.
The services supported by the WLSE are:
•
•
•
•
For information about changing the polling interval and response time fault thresholds for AAA server monitoring, see Setting Fault Thresholds.
Adding an AAA Server
Note
There is no limitation on the number of AAA servers you can add.
Note
Procedure
Step 1
Step 2
Step 3
Step 4
Removing an AAA Server
Note
Procedure
Step 1
Step 2
Step 3
Step 4
Modifying an AAA Server
Note
Procedure
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Using Enhanced (WDS) Client Tracking
The WLSE can track clients of IOS-based access points by querying Wireless Domain Service (WDS) for all client associations. You can use the following procedure to enable or disable this type of client tracking globally or enable it on selected WDS devices (access points or other devices that support WDS). By default, client tracking is globally disabled.
In addition to enabling client tracking, you must configure access points and the WLSE. See Prerequisites for Enhanced Client Tracking for more information.
For more information on client tracking and client polling, see About WDS Client Tracking.
For information on the IOS firmware versions that support enhanced client tracking, see the Supported Devices Table for the CiscoWorks Wireless LAN Solution Engine, 2.7 on cisco.com.
Configuring Enhanced Client Tracking
Note
Procedure
Step 1
Step 2
•
•
•
–
–
Step 3
Related Topics
•
About WDS Client Tracking
This section contains information about the following:
•
•
Prerequisites for Enhanced Client Tracking
In addition to enabling client tracking on the WLSE, you must configure the following for WDS-based client tracking to work:
•
WLCCP messages are required for the WDS to perform client tracking.
•
This feature is not available on all IOS firmware versions. All WDS access points must be upgraded to IOS firmware version 12.2(15)JA or later. See the WLSE 2.7 Supported Device Table on Cisco.com for the latest information.
If the WDS devices have firmware earlier than 12.2(15)JA, enhanced client tracking is not available. However, client tracking via client polling is available. For more information, see Client Polling.
•
These access points need not necessarily be upgraded.
•
Client tracking event reports include a WDS timestamp, which is used to display the order of events at the WDS. If all clocks are not NTP synchronized, events from different WDS devices may not be ordered correctly. You should ensure clock synchronization by configuring NTP service on the WDS and the WLSE. The NTP server should be a network NTP server that is used by all WDS devices. For information on enabling NTP on the WLSE, see Setting Time, Time Servers, Name Servers, and Web Session Timeout. For information on enabling NTP on WDS devices, see the device documentation.
Client Tracking vs. Client Polling
The WLSE obtains client data in two ways:
•
•
Client Polling
The WLSE automatically collects client data by polling all access points, using a configurable polling interval. Data obtained from client polling is detailed and includes traffic statistics. Polling data is only as timely as the last client polling cycle, which means that the client polling interval greatly affects the accuracy of client reports:
•
•
Wireless client polling is a fairly heavyweight process. If you have many access points to poll for client associations, polling should be less frequent. As a result, the client data will not be as accurate. Wireless client reports are updated every 51 minutes by default. To reset the client polling interval, see Changing the Polling Intervals for Automatic Inventories.
Note
Client Tracking
With client tracking, the WLSE obtains client data from WDS devices, instead of from all of the individual infrastructure access points. Client tracking provides only historical information.
Any clients that have associated with a managed access point are reported and tracked by a corresponding managed, active WDS device which is serving the same subnet as the managed access point.
WDS devices send notifications to the WLSE when certain events occur about any client associated with access points that are registered with that WDS. Each WDS maintains an updated active cache of all clients that are associated with each registered access point within the WDS domain. These events are recorded by the WLSE and can be viewed from the Client Historical Association Report and Client Access Failure Report. These events also keep the current client association information up to date. For performance reasons, there is approximately a 2-minute delay between when the event occurs and when the event is available in reports. The reported events are:
•
•
•
•
•
Even when client tracking is enabled, the wireless client polling described in Client Polling is still required to obtain other information about client activity, such as client as client traffic statistics.
If you have a high volume of client roaming or client activity, enabling client tracking will add extra overhead and WLSE performance may be affected. However, client tracking events are optimized to consume very little network traffic and WLSE processing resources.
Although client polling occurs automatically, client tracking must be enabled on WDS devices by selecting Devices > Discover > Client Tracking. To enable client tracking and view the current state of client tracking, see Using Enhanced (WDS) Client Tracking.
Wireless Client Reports
Wireless client reports provide information about the type of client that is associating with an access point, how much bandwidth the client is using, which access points the client has associated with, and the kind of client activity.
For information on displaying wireless client reports, see Displaying Wireless Client Reports.
Managing Device Discovery
By default, the WLSE runs Cisco Discovery Protocol (CDP) discovery every 24 hours. You can use the options under Devices > Discover > DISCOVER to:
•
–
–
•
–
–
Note
•
•
•
About Discovery
The topics covered in this section are:
•
•
•
•
•
Understanding Discovery and Management
Network devices are interrogated by the WLSE by multiple processes: discovery and inventory polling.
Device discovery is a periodic process that finds new devices and possibly topology and network changes. The WLSE can discover Cisco wireless access points and bridges, and Cisco switches or routers that have Cisco wireless devices attached to them. The discovery process can be run at scheduled intervals or on-demand.
Discovered devices can exist in one of two states: managed and unmanaged. By default, newly-discovered devices are in the unmanaged state and will not be polled until manually moved to the managed state.
You can enable an auto-manage feature that automatically moves newly discovered devices to the managed state when they are discovered. You can also apply a default device configuration to auto-managed wireless devices. Figure 3-1 illustrates the managed/unmanaged state machine.
Assuming the discovery process is successful, the WLSE discovery footprint is approximately 2500 bytes per device per discovery cycle. This is just the discovery footprint. The 2500 bytes represent a single SNMP get-request and a single SNMP get-response. This footprint may be larger if the SNMP get-response needs to be broken up across multiple protocol data units (PDU), which often happens if the device receiving the SNMP get-request has a large CDP neighbor table.
After a device is discovered for the first time and the device is auto-managed, an immediate inventory will run. However, inventory is not run automatically when discovery is run on a device that was already discovered (even if the device is automanaged). You can run an immediate inventory to update device information on the WLSE or wait for the next regular scheduled inventory.
Figure 3-1 Device Management State Machine
Understanding WLSE Discovery Methods
Before the WLSE can manage devices, it must discover them. There are several discovery techniques:
•
•
•
•
•
Use the following table to help you decide which technique to use:
Note
Table 3-3 Discovery Options
CDP-based discovery
Use this method when wireless devices are attached to Cisco switches or routers running Cisco discovery protocol. For more information, see About CDP-Based Discovery.
Individual device seeding
If the wireless devices are connected to switches or routers that don't run CDP (for example, non-Cisco switches), this is one option.
Note
For more information, see About Individual Device Seeding.
Device import from a file
If the wireless devices are connected to switches or routers that don't run CDP (for example, non-Cisco switches), this is an option. This technique adds an entry for each device for SNMP credentials.
Note
For more information, see About Device Import From a File.
Device import from CiscoWorks Resource Manager Essentials (RME)
Use this technique if you have already inventoried the wireless devices using RME. This technique adds an entry for each device for SNMP credentials.
For more information, see About Device Import From CiscoWorks.
About CDP-Based Discovery
When the WLSE runs a CDP-based discovery, it begins by using SNMP to retrieve the list of devices in the CDP neighbor table of each seed device. It then retrieves the devices in the CDP neighbor tables from each of the CDP neighbors of the seeds. This process continues until all devices in the network are discovered for the CDP distance is reached.
Note
The CDP distance determines the depth of the discovery. With a CDP distance of 1, only the immediate neighbors of the seed device are discovered. With a CDP distance of 2, devices A and B that are directly connected to the seed device are discovered, and the immediate neighbors of A and B are also discovered.
You can specify multiple seed devices to:
•
•
Note
Interesting devices from the perspective of the WLSE are:
•
•
Because the WLSE keeps only interesting devices, try to select seed devices in a way that minimizes unnecessary WLSE discovery traffic on the network by selecting devices so that the discovery process will only touch interesting devices. This is usually not possible, but by selecting seeds wisely, a minimum number of uninteresting devices will be touched by the discovery process.
Note
CDP-based discovery can be run on-demand, at a scheduled time, or at recurring intervals. Typically, you only need to run discovery when you initially deploy the WLSE and when you deploy new wireless devices.
By default, CDP discovery is enabled and runs every 24 hours. The discovery wizard allows you to:
•
•
Devices must be properly configured for access by the WLSE before they can be discovered and managed (see the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7).
If CDP is disabled, you can still discover devices by entering their IP addresses as seed values in the discovery dialogs or by importing them. However, the connectivity between access points and switches will not be discovered and switch-related reports will be empty. For more information, see About Individual Device Seeding.
About WLCCP/WDS Discovery
All of the IOS access points in a subnet register with the Wireless Domain Service (WDS), and the WDS sends this data to the WLSE via WLCCP. The WLSE checks whether these devices are in the WLSE database. If not, a regular CDP discovery is run, using each device as a seed. So, new devices that register with the WDS will be automatically discovered.
These WDS discoveries do not appear in the discovery log. These discoveries are affected by any discovery filters that you have set. See Setting Advanced Options and Using Discovery IP Address Filtering.
For WLCCP discovery to work:
•
•
About Alternatives to CDP
Instead of enabling CDP and using it for discovery, you can use the following methods of discovering devices:
•
•
•
About Individual Device Seeding
Although CDP-based discovery is usually the preferred option, in some network environments a CDP-based discovery is undesirable or impossible. For example, the wired network infrastructure may have non-Cisco switches or hubs that do not support CDP, or IT security policies may prohibit the use of CDP in the network.
As an alternative to using Cisco Discovery Protocol (CDP) to run discovery, you can seed each device IP into the WLSE. The WLSE setup process is similar to the regular CDP-based discovery, and is treated as such by the WLSE discovery process. Rather than using a few, well-chosen seed devices:
1.
2.
3.
Note
Note
About Device Import From a File
When a CDP-based discovery is undesirable or impossible, importing a list of devices from a file is another option in many environments. For example, the wired network infrastructure may have non-Cisco switches or hubs that do not support CDP or IT security policies may prohibit the use of CDP in the network.
Using an import file in comma separated variable (CSV) format is an alternative to individual device seeding. Because the import file may be obtained from another network inventory management application, this technique may be more practical than individual device seeding.
Use the option Devices > Discover > DISCOVER > Import From File to import devices from a CSV file. You can choose to discover some devices and import others, however devices not supported by the WLSE are ignored during device import.
A one-time discovery job starts immediately after you import devices from a CSV file. This means the following discovery options affect device import:
•
•
When you import the devices from a CSV file, the WLSE:
1.
2.
•
•
If CDP is not enabled on the wireless devices or if there are no CDP neighbors, then the WLSE will only discover the wireless devices and the WLSE cannot be used to manage the neighboring switch or router.
Note
3.
This is not a required step because the WLSE will choose the most specific entry when looking up SNMP credentials for a device, but it is recommended because it will make managing device credentials easier.
4.
•
•
The community strings that you import will overwrite the information already entered on the WLSE. You can view the information already entered in Devices > Discover > Device Credentials > SNMP Communities. Community strings that contain wildcards will not be overwritten unless these entries are exactly matched by entries in the CSV file.
•
The timeouts and retries that you enter will overwrite information already entered on the WLSE.
During the subsequent discovery:
•
•
About CSV Files
The file used for imports is an ASCII CSV (comma-separated values) file with a .txt filename suffix. You can create a CSV file by exporting devices from CiscoWorks or by creating the file with a text editor. You can also view a sample CSV file from the Discovery Wizard screens for file import, or see the following example.
A CSV file can contain the following device information:
Note
•
•
•
•
•
•
•
An example file follows.
;; The possible columns in the CSV file are listed below.;; For importing to WLSE, columns 1,2,3 are required and the; rest are optional.;; Col# = 1: Name = Device name (include domain unless your site; has unqualified device names registered in; the name services); - or -; IP Address in dotted decimal notation;; Col# = 2: Name = RO community string; Col# = 3: Name = RW community string; Col# = 4: Name = Serial Number; Col# = 5: Name = User Field 1; Col# = 6: Name = User Field 2; Col# = 7: Name = User Field 3; Col# = 8: Name = User Field 4; Col# = 9; Name = Telnet password; Col# = 10; Name = Enable password; Col# = 11; Name = Enable secret; Col# = 12; Name = Tacacs user; Col# = 13; Name = Tacacs password; Col# = 14; Name = Tacacs enable user; Col# = 15; Name = Tacacs enable password; Col# = 16; Name = Local user; Col# = 17; Name = Local password; Col# = 18; Name = Rcp user; Col# = 19; Name = Rcp password; Comment = Not used, leave blank;; Here are examples of rows of data:;1.2.3.4,public,public,,1.2.2.5,public,public,,,,,,telnetpwdbigrouter.yourcompany.com,public,private,,,,,,telnetpwddev-2501.yourcompany.com,"Not so, "" public as, thought",private,sn2501,dev-2502.yourcompany.com,public,"private",sn2502,dev-2503.yourcompany.com,public,private,sn2503,""dev-2510.yourcompany.com,public,private,sn2510,dev-4000.yourcompany.com,public,private,,Big Boysdev-2517.yourcompany.com,public,private,,,nm 25xxdev-2520.yourcompany.com,public,private,,,mylabel2dev-4700.yourcompany.com,public,private,,yourlabel1,,yourlabel3,yourlabel4dev-7206.yourcompany.com,public,private,,dev-7505.yourcompany.com,public,private,,,,,yourlabel4About Device Import From CiscoWorks
If you are using CiscoWorks Resource Manager Essentials (RME) to manage your wireless devices, you can import the devices from RME to the WLSE without configuring, scheduling, or running WLSE discovery. This process is analogous to using a CSV file to import a list of devices. Use the option Devices > Discover > DISCOVER > Discovery Wizard > Import From CiscoWorks to import devices from RME.
Immediately after a successful import, the WLSE runs discovery on all of the imported devices. Therefore, the following discovery options affect device import:
•
•
You can specify an immediate import, schedule an import for a future time, or schedule recurring imports. The time required to import devices depends on the response from the CiscoWorks server and the number of devices imported. You can check the status of the operation while it is running.
When you import the devices from CiscoWorks, the WLSE:
1.
2.
•
•
Note
If CDP is not enabled on the wireless devices or if there are no CDP neighbors, the WLSE will only discover the wireless devices.
3.
This is not a required step because the WLSE will choose the most specific entry when looking up SNMP credentials for a device, but it is recommended because it will make managing device credentials easier.
Note
4.
•
•
The WLSE provides scheduled, automated inventory imports from RME. Many customers prefer keeping a master Cisco device inventory on the RME server. Using the scheduled, automated inventory import allows customers to keep their WLSE device list in sync with the master list.
Most networks have a fairly static inventory. That is, new devices are typically added in planned roll-outs. So there really is no need to have the recurring RME import interval set very frequently. In most cases, once a week is more than frequent enough.
Pre-Discovery Checklist
The following checklist will help you confirm that the prerequisites for successful discovery have been met.
Note
•
•
–
–
–
•
•
•
About the Discovery Wizard
From Devices > Discover > DISCOVER > Discovery Wizard, you can use all of the discovery methods. To start using the wizard, see Using the Discovery Wizard. The discovery methods are:
•
•
•
Using the Discovery Wizard
The discovery wizard provides the following choices for discovering devices.
Note
Procedure
Step 1
Step 2
Step 3
Note
Running CDP Discovery
This section provides procedures for using the Discovery Wizard screens for CDP discovery. To get started, select Devices > Discover > DISCOVER > Discovery Wizard > Automatic Device Discovery based on Cisco Discovery Protocol.
Note
The tasks for running CDP discovery are:
Select the Type of CDP Discovery
The Select Type of CDP Discovery screen provides choices for running CDP Discovery.
Note
Procedure
Step 1
•
•
Step 2
Related Topics
Specify the Schedule
In this screen, you can modify the discovery schedule.
Procedure
Step 1
Do not schedule a discovery to begin within 5 minutes of the current time. Otherwise, the first discovery might not run. Use the Run Now option instead.
Step 2
Step 3
Enter SNMP Communities
The community strings for all devices to be discovered by using CDP must be entered on the WLSE.
Procedure
Step 1
Step 2
•
•
Note
Step 3
You can also find details on entering community strings and the community string requirements for discovery in Enter or Modify SNMP Community Strings for All Devices.
Step 4
Enter Initiating IP Addresses
You must enter at least one initiating IP address (seed device).
Procedure
Step 1
Note
Device names must resolve to your local DNS in order to translate device names to IP addresses during discovery. The requirements for entering device names are:
•
•
•
•
Step 2
Set this value appropriately to discover the entire wireless network or the set of devices you are discovering. A CDP distance of 1 only discovers the immediate neighbors of the seed devices.
Routers and switches that do not have access points attached to them are used when computing CDP distance. However, these routers and switches will not be discovered.
Step 3
Verify Your Settings and Finish—Run Now
Procedure
Step 1
Step 2
Step 3
Discovery will begin immediately and the Discovery Run Details screen will appear, showing the details of the discovery job.
For more information about Discovery Run Details, see Viewing Discovery Logs.
Related Topics
Verify Your Settings and Finish—Modify Schedule
Procedure
Step 1
Step 2
Step 3
Discovery will begin at the Start Time you selected.
Note
Related Topics
Importing Devices from a File
This section gives procedures for using the Discovery Wizard screens for importing devices from a file.
To get started, select Devices > Discover > DISCOVER > Discovery Wizard > Import From File.
Note
The tasks for importing devices from a file are:
Table 3-5 Tasks for Import from File
Specify the file and set the SNMP retry and timeout (optional)
Verify your settings and finish
View import details
Select the File and Set SNMP Parameters
To import devices from a file, you can create the file by using a text editor or by exporting devices from a CiscoWorks server that is running Resource Manager Essentials.
For information about CSV files, see About CSV Files.
Procedure
Step 1
Step 2
Step 3
To see or edit the existing community strings on the WLSE, select Devices > Discover > Credentials > SNMP Communities.
Step 4
•
•
Step 5
Step 6
Finish the Import
Procedure
Step 1
Step 2
Step 3
Related Topics
Importing Devices from a CiscoWorks Server
This section provides procedures for using the Discovery Wizard screens for importing devices from CiscoWorks server that is running Resource Manager Essentials.
To get started, select Devices > Discover > DISCOVER > Discovery Wizard > Import from CiscoWorks.
Note
The tasks for importing devices from CiscoWorks are:
Table 3-6 Tasks for Import from CiscoWorks
Specify the CiscoWorks server
Schedule the import
View import details
Schedule the Import and Finish
This screen allows you specify a CiscoWorks server as the source of the devices to be imported. You can run a one-time import or schedule imports. For more information about importing devices from a CiscoWorks server, see About Device Import From CiscoWorks.
Procedure
Step 1
Step 2
a.
b.
Step 3
a.
b.
c.
d.
Note
Step 4
Related Topics
Setting Advanced Options
This window provides the following options for discovery and device management:
•
•
•
Note
Enable Reverse DNS Lookup
Enabling reverse DNS lookup affects hostname (device name) display on the WLSE as follows:
Yes
If the lookup succeeds, the device name is displayed.
If the lookup fails, the device IP address is displayed.
No
If the device's SNMP sysName is set, the sysName is displayed.1
If the sysName is not set, the device IP address is displayed.
1 If a device's sysName contains a single quote (`) and DNS is not enabled, the IP address will be displayed instead of the sysName.
Note
Procedure
Step 1
Step 2
Step 3
Related Topics
Understanding WLSE Discovery Methods
Enable Auto-Management
Enabling this option causes all discovered devices to be automatically managed.
Procedure
To enable automatic management for all discovered devices:
Step 1
Step 2
All discovered devices will be automatically placed in the Managed folder.
Note
Step 3
Step 4
Related Topics
•
•
Enable MAC Address Auto-Manage Filtering for Access Points
This option allows you to specify access points that you want to auto-manage during a specified time interval.
Filtering affects devices discovered through Wireless Domain Service (WDS). For more information, see About WLCCP/WDS Discovery.
Auto-management affects all discovered devices. Access point filtering affects only access points. See the following table for details on how these two options affect each other.
You can specify the access points to auto-managed by entering Ethernet MAC addresses in the screen or importing a file containing Ethernet MAC addresses. For example files, see Example MAC Address Files.
To enable MAC address filtering:
Step 1
Step 2
Step 3
Step 4
Note
Step 5
a.
b.
c.
Step 6
a.
b.
c.
Step 7
Step 8
Example MAC Address Files
You can use either of the following file formats to import MAC addresses for limited discovery of access points:
•
0040965b611f000a41047e3b0040965b5f75004096588420004096543a84000bbe6d8bd4000af4fb658a•
000b466e482,0000bbe8190c2,0040965b611f,000a41047e3b,0040965b5f75, 004096588420,004096543a84,000bbe6d8bd4Using Discovery IP Address Filtering
You can limit discovery to selected devices by setting up filter rules to include or exclude devices. Filter rules consist of device IP addresses with optional wildcards and ranges.
IP address filtering also affects devices discovered through Wireless Domain Service (WDS). For more information, see About WLCCP/WDS Discovery.
Note
Procedure
Step 1
Step 2
•
•
•
Rules cause discovery to be limited as described in the following table.
Note
For example, assume the IP addresses of the devices in a network are from 10.10.10.1 through 10.10.10.200:
•
•
All of the devices with the IP addresses 10.10.10.[40-80] are discovered, but those with IP addresses 10.10.10.[60-70] are discarded. Therefore, the devices discovered and retained have IP addresses 10.10.10.[40-59] and 10.10.10.[71-80].
Step 3
Related Topics
Understanding WLSE Discovery Methods
Viewing Discovery Logs
This option displays details on the results of discoveries and imports.
Note
Note
Procedure
Step 1
A table of inventory jobs is displayed.
Step 2
Table 3-10 Discovery Job Log
Name
Type of discovery that was run:
•
•
•
•
Start Time
When the discovery started.
Recurring
•
•
State
Scheduled—Discovery will occur in the future.
Not scheduled—Run Now discoveries
User
User name—Name of the user who ran the job or who was the last user to modify the job.
WLSE—Automatic, scheduled discovery that has not been modified by a user.
End Time
When the discovery ended.
1 Two items are listed in the discovery log for each import from a CiscoWorks server: CDPDiscovery_Import_Devices and CiscoWorks Device Import.
Step 3
•
•
•
•
For more information on data shown in the Discovery Run Detail window, see Discovery Run Details Display.
If the log files show that problems occurred while running discovery, see Diagnosing Common Discovery Problems.
Step 4
Step 5
Discovery Run Details Display
A typical, healthy discovery process run produces a log file similar to the following:
Seed value entered: 10.2.8.3Hop count defined: 1CDP Discovery started at 2003-03-27 22:40:11.437 (UTC)New device discovered:10.2.8.3 ( AP1200-CHAR-NET )Number of devices (re)discovered: 1CDP Discovery completed at 2003-03-27 22:40:11.737 (UTC)The log in the Discovery Run Details window shows the following information:
•
•
When you import devices, each imported device is listed as a "Seed value entered" in the log, and the "Hop count defined" value is 1.
•
•
•
•
•
Note
The following messages may appear in the Discovery Run Details display.
Table 3-11 Messages—Discovery Run Log
172.19.12.39,public,private,14,1 .3.6.1.4.1.9.1.507, !{[NOVALUE]}!,...Messages similar to this are informational and show data obtained during device import from CiscoWorks.
Periodic CDP discovery end time.
Number of devices discovered or rediscovered.
Although discovery is initially enabled and runs every 24 hours, it will not run unless you add seed devices. See Using the Discovery Wizard.
Device was previously discovered and information is being updated.
An automatic inventory does not run for rediscovered devices. Run an on-demand inventory or wait for the next scheduled inventory. This is an informational message.
ip_address New device discovered (sysname)
Device was discovered for the first time.
ip_address Device being auto-managed (sysname)
Auto-management is enabled.
Auto-management is enabled; therefore, inventory collection will run immediately for the auto-managed devices.
ip_address is SNMP unreachable, unable to read CDP cache.The community strings may be set up incorrectly. See the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7.
This message might indicate a network problem, or the device might be an invalid seed device (not running CDP and SNMP), such as a PC or workstation.
For more information on troubleshooting SNMP problems, see Diagnosing Common Discovery Problems.
Other running jobs are using all available resources. Information on this job will be displayed when resources are available.
The community string associated with the device might not have an SNMP ISO view associated with, and the WLSE cannot poll some attributes. Configure the community string in the AP as follows:
# snmp-server view iso iso included# snmp-server community community_string view iso ROwhere community_string is the AP's read-only community string.
Make sure the SNMP community has a proper view associated.
The IOS access point has not been configured with an IOS view. To correct this, you can configure the device manually (see the "Setting Up Devices" chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7) or create a configuration job to correct it (see Managing Configuration Jobs). Affected devices are placed in the Misconfigured Devices system group. After the device is properly configured, you can run discovery or wait for the next scheduled discovery. After discovery, the device will be placed in the proper group(s). See Managing Device Discovery.
A newly discovered device has the same IP address as a previously discovered device. The new device will not be discovered until the conflict is resolved. The identifier shown is for the previously discovered device. For access points, the identifier shown is the Ethernet MAC address.
If you want both devices to be managed, assign a different IP address to the newly discovered device. If you substituted a new device for a previous device and want to retain the IP address, delete the old device. In either case, run discovery again or wait for the next scheduled discovery. See Managing Device Discovery.
A new device is being discovered but could not be auto-managed because the MAC filter values exclude the device or the time period selected for auto-management has expired. See Enable MAC Address Auto-Manage Filtering for Access Points.
Related Topics
•
Diagnosing Common Discovery Problems
This section contains information on:
•
•
Note
Troubleshooting SNMP Connectivity Problems
The most common discovery problems are related to SNMP connectivity. This type of message indicates that the WLSE attempted to retrieve the CDP neighbor table of the device, but was unable to do so because of an SNMP connectivity issue:
172.20.98.230 is SNMP unreachable, unable to read CDP cache.Typical causes of SNMP connectivity issues are:
•
•
•
•
To determine the cause of the problem:
1.
Note
2.
One common problem with both IP and SNMP connectivity is the presence of access control lists (ACLs) or firewalls in the network between the WLSE and the managed devices that might reject management traffic. Verify that management traffic is permitted from the WLSE to each of the managed devices.
3.
The SNMP Connectivity Tool retrieves a single object, whereas the discovery retrieves multiple objects. You can use the SNMP Query Tool (see Using the SNMP Query Tool) to retrieve a larger SNMP table. Then, if you have SNMP connectivity for one variable but not for the larger table, it is likely that the issue is related to the timeout and retry settings. See Step 5.
4.
•
•
•
If the SNMP configuration is not correct, reconfigure the devices and WLSE as necessary and re-run the discovery.
5.
Obtaining Detailed Discovery Logs
If the procedures in the preceding section do not solve your discovery problems, open a case with the Cisco TAC. You might be able to assist the Cisco TAC by getting more detailed discovery logs. To increase the level of logging:
Note
1.
2.
3.
4.
After the discovery runs:
1.
2.
3.
Note
Managing and Unmanaging Devices
Discovered devices can exist in one of two states: managed and unmanaged. By default, newly-discovered devices are in the unmanaged state and will not be polled until manually moved to the managed state.
The Manage/Unmanage window provides a view of newly discovered devices, managed devices, and unmanaged devices, allows you to manually change the management status of devices, and provides details about all devices. You can also delete devices from this window. Devices must be placed under management before you can use the WLSE to monitor and configure them.
Note
•
•
•
•
Note
Procedure
Step 1
•
•
•
Step 2
a.
b.
c.
–
–
d.
e.
Step 3
•
Note
•
–
–
–
Related Topics
•
Understanding Device Details
The details shown in the Device Details panel are:
Table 3-12 Device Details Pane
Device Name
Hostname, IP address, or SNMP sysname.
State
Whether the device is new, managed, or unmanaged.
Description
Detailed device description.
Version
Software version installed on the device.
Device Family
Device type.
SysName1
The system name.
SysObjectId
Unique identifier that identifies the device type.
Location
Where the device is located.
IP Address
Device IP address.
Subnet
Subnet in which the device is located.
Network Segment
The network segment in which the device is located.
Contact
The person to contact for this device.
Profile
Name of the profile that contains threshold values and policy settings for fault management.
1 If a device's sysName contains a single quote (`) and DNS is not enabled, the IP address will be displayed instead of the sysName.
Limitation on the Number of Managed Devices
Limits on the number of managed devices are enforced according to the type of WLSE hardware you have.
Note
•
•
Note
Managing Device Inventories
During inventory, the WLSE retrieves device attributes in order to populate its displays (such as reports) and place devices in groups.
The WLSE automatically runs basic inventories on all managed devices and inventories on client associations and trends for specific types of devices. For information about automatic inventories, see About Inventories.
You can use the inventory options to:
•
•
•
Related Topics
About Inventories
Periodic device inventory polling processes retrieve key data from managed devices. Polling processes support these features:
•
•
•
•
•
Automatic Scheduled Inventories
The WLSE runs 3 types of automatic inventories on a regularly scheduled basis:
•
In the inventory log, these inventories are named Periodic.
Note
•
In the inventory log, these inventories are named Client Inventory.
•
In the inventory log, these inventories are named Performance Inventory.
You can reset the polling intervals for automatic inventories. See Changing the Polling Intervals for Automatic Inventories. You can run immediate or scheduled inventories. See Running Immediate Inventories.
Immediate Inventories
You can run immediate inventories. You select the devices for these inventories.
In the inventory log, these inventories are named Run Now.
Note
Changing the Polling Intervals for Automatic Inventories
Use the following procedure to change intervals for automatic inventories. For guidelines on choosing intervals, see Guidelines For Choosing Inventory Intervals.
Note
Procedure
Step 1
Step 2
•
•
•
Step 3
Related Topics
•
Guidelines For Choosing Inventory Intervals
Following are some suggestions for deciding how to set the polling intervals.
At each interval, the WLSE runs basic, performance, and client inventory. If the actual inventory data collection time exceeds the interval, the WLSE will skip an inventory polling cycle. The next inventory polling will start at the next expected time.
For example, if the recurring scheduled inventory interval is configured to run every 30 minutes and the inventory polling begins at 10:00AM and runs for 32 minutes, the next polling will not begin until 11:00AM. This means that the data may not be as granular as expected.
A second potential problem occurs when the inventory polling takes just slightly less than the interval. In this case, the WLSE will almost always be running inventory polling processes. For example, suppose the recurring scheduled inventory interval is configured to run every 30 minutes, but inventory polling takes just under 30 minutes. In this case, if an inventory polling cycle begins at, for example, 10:00AM and runs until 10:29AM, the next inventory polling begins almost immediately at 10:30AM. This situation may be completely acceptable if the network can tolerate almost constant management polling from the WLSE and if the WLSE CPU and memory utilization do not become overtaxed.
Running Immediate Inventories
You can run immediate inventories of devices that you specify. The inventories you run are basic inventories that collect all the information required by the WLSE to populate displays, such as reports, and to place devices in defined groups.
Note
When new devices are discovered and managed, basic inventory and client reports are not populated until the next inventory polling occurs. However, you can use this option to populate these reports before the next inventory cycle starts.
This feature can also be useful when configuration changes are made on network devices and you want the changes quickly reflected in the basic and client inventory reports.
Procedure
Step 1
Step 2
Step 3
Step 4
Step 5
Managing Polling Parameters
The Polling option allows you to reset global parameters that affect inventory polling intervals, job history retention, and retention of data used in reports.
Note
Procedure
Step 1
Step 2
Step 3
Step 4
Related Topics
About Trending and Aggregation Data
Polling Parameter Details
The following tables describe the WLSE's polling parameters.
•
•
•
For general information about polling intervals and data retention parameters and guidelines for choosing the appropriate settings, see About Inventories.
Table 3-13 Polling Interval Parameters
Inventory Poll Interval
Interval during which configuration data will be collected from the devices for inventory. This is the data shown in any Web interface device detail table.
TipDefault: 12 hours
Minimum: 1 hour
Maximum: 7 days
Wireless Client Poll Interval
Interval during which data is collected for client inventory. Also, the interval at which Wireless Client reports are updated. Decreasing the interval provides more data points in reports.
TipDefault: 51 minutes
Minimum: 17 minutes
Maximum: 7 days
Performance Attributes Poll Interval
Interval during which performance and utilization data are collected from the devices for the performance inventory.
Default: 13 minutes
Minimum: 13 minutes
Maximum: 7 days
About Trending and Aggregation Data
Raw trending data retrieved from inventory polling is placed in database trending tables as follows:
•
•
•
•
The data in the trending and aggregation tables is periodically purged. For the minimum, default, and maximum data retention intervals, see Polling Parameter Details.
Data retention intervals are configurable globally through the system parameters interface. Under almost all circumstances, there is no reason to change the defaults. In some large WLAN deployments, however, the WLSE database may begin to grow so large that it makes sense to purge data more often. Because it may affect the accuracy of the data in the trending reports, be careful when you change the data retention intervals.
Viewing Inventory Logs
This option allows you to view historical information about inventories.
Note
Procedure
Step 1
Step 2
Step 3
Related Topics
Diagnosing Common Inventory Problems
Run Log Details—Inventory
Most inventory run log messages show the start and end time, the type of data collected, and the devices that were inventoried.
You may also see error messages, such as the following:
•
This message also appears if there are many SNMP timeouts on the network or devices are not reachable through SNMP. In that case, the inventory job will take much longer to finish, and the next scheduled inventory will not run until the current job finishes.
Related Topics
Diagnosing Common Inventory Problems
Diagnosing Common Inventory Problems
You can view the inventory process log files using the interface in Devices > Discover > Inventory > Logs. Open the appropriate folder within the Inventory sub-tree—the tree leaves correspond to the inventory runs. The logs are sorted in each folder by start time, with the most recent runs at the top.
If you have problems with your inventory processes and you open a case with the Cisco TAC, they may ask you for the jobvm log, which you can retrieve by selecting Administration > Appliance > Status > View Log File.
You might be able to assist the Cisco TAC by getting more detailed information than what normally appears in the logs. To increase the level of logging:
Note
1.
2.
3.
4.
After the inventory runs:
1.
2.
3.
Note
Exporting Devices
You can export all managed devices (access points, routers, switches, and AAA servers) to:
•
•
Note
Exporting Devices to a CiscoWorks Server
This option allows you to export all managed devices (access points, switches, and routers) and any AAA servers you have added to a CiscoWorks server. Unmanaged devices are not exported.
The information exported consists of the IP addresses and credentials.
The time required to export devices depends on the number of devices exported and the response from the CiscoWorks server. The following procedure explains how to check the status of the operation.
Note
Procedure
Step 1
Step 2
•
•
•
Step 3
Step 4
If the Last Status button is displayed, you can review the results of a previous export.
The following information is included in the export status log:
Step 5
Exporting Devices to a CSV File
This option allows you to export all managed devices (access points, switches, and routers) and any AAA servers you have added to a CSV file. Devices that are unmanaged are not exported.
The information exported for each device is:
•
•
•
•
For more information on CSV files, see About CSV Files.
Note
Procedure
Step 1
Note
Step 2
To launch an HTTPS session, enter the following URL:
https://wlse_ip/where wlse_ip is the IP address of the WLSE. Note that you do not append a port number to the IP address when using HTTPS.
•
•
–
–
–
–
–
–
–
–
Step 3
Note
Result: The file is saved to your desktop.
Managing Groups
When you select Devices > Group Management, the Group Details window appears. Both system-defined and user-defined groups appear in the device selector. System-defined groups cannot be edited or deleted. For detailed information on system-defined and user-defined groups, see About Groups.
The group management window allows you to:
View system and user-defined groups and their details
Create a new static group
Create a new dynamic (rule-based) group
Create a new static or rule-based group by copying an existing group
Creating a Static Group by Copying a Static or Rule-Based Group
Edit a group
Delete a group
Related Topics
About Groups
The WLSE grouping feature lets you organize managed devices into logical subsets and hierarchies. Using device grouping, you can quickly configure, upgrade, and view reports for a set of access points as a single operation.
Note
The Group Details window allows you to view the existing device groups and categorize devices into named groups. A group is a named entity that can contain devices, other groups, or a combination of devices and groups. There are two types of groups:
•
•
The device selector lists all the current groups, both system-defined groups and user-defined groups. The number after a group name or folder shows how many objects it contains (devices and other groups) or how many groups are in the folder. Every managed device appears in one or more of the system-defined groups, and may also appear in one or more user-defined groups.
Groups can be dynamic or static:
•
•
System-Defined Groups
You cannot edit or delete a system-defined group. The system-defined groups are dynamic (rule-based), and are automatically populated by reading information from the devices during discovery and inventory collection. Any changes to devices are reflected in the system-defined groups only after the next discovery or inventory collection has completed.
If devices are not configured correctly, they may not appear in the system-defined groups. For example, a WDS access point that is not correctly configured will not be included in the Active WDS or Backup WDS system groups.
Tip
Table 3-18 describes the system-defined groups.
Table 3-18 System-Defined Groups
Device Type
Device Type
A group for each device type:
•
•
•
•
•
•
•
•
Note
•
•
•
•
More System Groups
SSID
Group for each radio service set ID (SSID) configured on access points. For information about configuring SSIDs on access points, see the "Setting Up Devices chapter in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, Release 2.7 on Cisco.com.
Software Version
Group for each software version installed on access points.
Subnet
Group for each subnet configured in the network.
Physical Location
Physical Location
Group for each building defined by users in the Location Manager.
•
•
Wireless Domain Services (WDS)
WDS
Groups for WDS devices:
•
•
Misconfigured Devices
Misconfigured Devices
IOS access points that do not have an ISO view configured. If a dot11 mib view fault is generated, the device is automatically placed in this group.
•
•
Scanning APs
Scanning AP
Access points that are configured for scanning mode only or that have an interface configured for scanning mode.
User-Defined Groups
You can define any number of groups, and set up hierarchies of groups which can contain subgroups and devices.
Tip
User-defined groups can either be static or rule-based:
•
•
Useful user-created groups in a WLAN greatly depend on the structure of the network and the application demands. Table 3-19 contains examples of groups that might be worthwhile in a typical wireless LAN environment.
Using the Group Details Window
Note
To view details about a group and use group management functions:
Procedure
Step 1
Step 2
Table 3-20 Group Details Window Fields
Description
Description entered when the group was created or edited (if any). Can be up to 256 characters long.
Created by
Username of the creator of the group.
Type
System Group, Static Group, or Rules-Based Group.
Group Members
Member Type
Device—A device, such as access point or switch.
Subgroup—A subgroup of the group you selected.
Name
Hostname of a member device or name of a subgroup.
•
•
IP Address
IP address of a member device.
Device Type
Device type of a member device
Software Version
Software version installed on a member device.
Step 3
Table 3-21 Group Details Window Buttons
Create Static Group
Create a static group.
Create Rule-Based Group
Create a rule-based group.
Copy
Copy a static or rule-based group.
Creating a Static Group by Copying a Static or Rule-Based Group
Copy Static
Make a static copy of a rule-based group.
Edit
Edit a static or rule-based group.
Delete
Delete a static or rule-based group.
Click Delete to delete the group.
Links to Reports from the Group Details Display
The following reports can be displayed from the Group Details window by clicking the name of a device in the current group. A window opens displaying links to the following reports and a link to the Web interface of the access point.
Creating a Static Group
Note
To create a new static group:
Procedure
Step 1
Step 2
•
•
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 3
Note
Step 4
The group or device is added to the Available Devices list in the Create Group dialog.
Step 5
Note
Step 6
Step 7
Step 8
To cancel the group creation and discard your changes, click Cancel.
Related Topics
Creating a Static Group by Copying a Static or Rule-Based Group
Creating a Rule-Based Group
To create a new rule-based group:
Note
Procedure
Step 1
Step 2
•
•
Note
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 3
Note
Step 4
The available rules are described in the following table. You can use an asterisk (*) as a wildcard to match any number of characters.
•
–
–
All of the rules you select are added together (logical and). For example, if you select the following Equals rules: Device Type AP1100, subnet 171.69.* and Software Version 12.2*, only the AP1100 access points in the specified subnet and running the specified firmware will be part of the group.
If you need to group devices that match more than one parameter in a given rule you can create a group that contains subgroups. For example, a group consisting of the AP1100 access points at two different sysLocations could be constructed by creating a group that contains a subgroup for each sysLocation.
Step 5
Step 6
Step 7
All currently managed devices that match the group rules will be added to the group. All devices that become managed later and match the rules will also be added to the group.
Related Topics
Creating a Static Group by Copying a Static or Rule-Based Group
Note
Use this procedure to create a new static group by copying an existing static or rule-based group (including system-defined groups).
Procedure
Step 1
Step 2
•
•
Step 3
Names and descriptions can be up to 64 characters in length. For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4
Step 5
Step 6
a.
b.
c.
Step 7
Step 8
By default, new static groups are placed under the same parent as the group you are copying; you can select another parent from the Subgroup of list. New static groups are added to the Subgroup of list.
To cancel group creation and discard your changes, click Cancel.
Related Topics
•
Copying a Rule-Based Group
By copying an existing rule-based group (a user-defined group or a system group), you can create a new rule-based group or a new static group.
Note
Procedure
Step 1
Step 2
•
•
Step 3
Names and descriptions can be up to 64 characters in length. For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4
Step 5
Step 6
To reset the window to its contents before this session, click Reset.
To cancel group creation and discard your changes, click Cancel.
Editing a Static Group
Note
To edit a static group:
Procedure
Step 1
Step 2
Step 3
Names can be up to 64 characters long, and descriptions can be up to 256 characters long. For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4
Step 5
a.
b.
Step 6
Step 7
Related Topics
•
Editing a Rule-Based Group
Note
To edit a user-defined rule-based group:
Procedure
Step 1
Step 2
Step 3
Names can be up to 64 characters long, and descriptions can be up to 256 characters long. For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4
Step 5
Step 6
To reset the window to its contents before this session, click Reset.
To discard your changes, click Cancel.
Deleting a Static or Rule-Based Group
Note
To delete a user-defined (static or rule-based) group:
Procedure
Step 1
Step 2
Step 3
Step 4
Related Topics
