Table Of Contents
Performing Administrative Tasks
Using Discovery and Managing Devices
Managing Devices
Changing Management Status or Deleting Devices
Limitation on the Number of Managed Devices
View Device Management History
Specifying Device Credentials
Enter SNMP Community Strings for All Devices
Community String Guidelines
Enter HTTP Usernames and Passwords—Non-IOS Access Points
Enter Telnet and SSH Usernames and Passwords—IOS Access Points
Enter HTTP Port Settings—IOS Access Points
Managing Device Discovery
Overview: Discovery
Set Up Devices
Use Discovery Options
Set Up Discovery Filters
Schedule Discovery
Run Discovery Now
Managing Device Inventories
Run Immediate Inventory—Selected Devices
Run Scheduled Inventory—Selected Devices
Viewing Inventory and Discovery Task History
Run Log Details—Discovery and Inventory
Importing Devices
Import Devices from a File
Import Devices from a CiscoWorks Server
Exporting Devices
Exporting Devices to a CiscoWorks Server
Exporting Devices to a CSV File
Managing AAA Servers
Manage LEAP Servers
Manage RADIUS Servers
Manage EAP-MD5 Servers
Manage PEAP Servers
Managing Groups
Overview: Groups
Creating a New Static Group
Creating a New Rule-Based Group
Copying a Static Group
Copying a Rule-Based Group
Editing a Static Group
Editing a Rule-Based Group
Deleting a Static or Rule-Based Group
Managing the Appliance
Viewing WLSE Status
Managing Log Files
Log Files Displayed
Restarting the Wireless LAN Solution Engine
Managing WLSE Software
Viewing Software Status
Managing the Repository
Installing Software Updates
Browsing the Repository
Viewing Software Update History
Overview: Security
Managing Security
Overview: Authentication Modules
Selecting an Authentication Module
Managing SSL (HTTPS)
Disabling or Enabling Telnet and Selecting SSH
Viewing the Last 10 Logged-On Users
Backing Up and Restoring Data
Specifying the Backup Location
Configuring a Windows 2000 or Windows XP Server as a Backup Location
Scheduling and Running Backups
Restoring Data
Copying Configuration Data from One WLSE to Another
Using Diagnostics
Viewing and Creating a Status Report
Viewing and Creating a Self-Test Report
Viewing Processes
Specifying a Splash Screen Message
Setting the Time and Specifying Name Servers
Set the Current Local and UTC Time
Specify NTP Time Servers
Specify Name Servers
Configuring the Mail Route
Using Connectivity Tools
Using Network Tools
Using the SNMP Query Tool
General System Settings
Managing System Parameters
Updating Supported Firmware Versions
Viewing Supported Firmware Versions
Administering Users
Managing Roles
Managing Users
Add Users
Modify Users
Delete Users
Modifying Your Profile
Creating Links
Running the ACS Failed Login Report
Performing Administrative Tasks
The following subtabs are displayed when you select the Administration tab:
Note 
Some of these subtabs may not be visible to some users; what you see under the Administration tab depends on your login.
•Discover—Set up access points and bridges, routers and switches, and AAA servers so they can be managed by the WLSE. Place devices under management, configure and run discovery, specify device credentials, run inventory, view discovery and inventory history, import and export devices, specify AAA servers to monitor (see Using Discovery and Managing Devices).
•Group Management—Group devices for efficient device management (see Managing Groups).
•Appliance—Manage the Wireless LAN Solution Engine system (see Managing the Appliance).
•System—Configure parameters for collecting and retaining data, view information about supported firmware versions, and update firmware support to add newly supported versions (see Managing System Parameters).
•User Admin—Manage users and user roles (see Administering Users).
•My Profile—Change your password (see Modifying Your Profile).
•Links—Set up links to other systems (such as CiscoWorks servers) and display their desktops. Run ACS failed login reports (see Creating Links).
Using Discovery and Managing Devices
When you select Administration > Discover, the following options appear in the left pane:
•Managed Devices—View newly discovered devices, change device status, and view device management history—see Managing Devices.
•Device Credentials—Specify community strings for all managed devices and specify the HTTP usernames and passwords for access points (see Specifying Device Credentials).
•Discover—Set up devices, schedule discovery, perform an immediate discovery, set up discovery filters, and set discovery options (auto-management and access point filtering)—see Managing Device Discovery.
•Inventory—Run on-demand and scheduled inventories to collect information from managed devices before the next scheduled inventory (see Managing Device Inventories)
•Task History—View details on discovery and inventory jobs (See Viewing Inventory and Discovery Task History).
•Import Devices—Import devices from a file or from a CiscoWorks server (see Importing Devices).
•Export Devices—Export devices to a CiscoWorks server that is running RME or to a file (see Exporting Devices).
•LEAP Server—Add, modify, and delete LEAP servers (see Manage LEAP Servers).
•RADIUS Server—Add, modify, and delete RADIUS servers (see Manage EAP-MD5 Servers).
•EAP-MD5 Server—Add, modify, and delete EAP-MD5 servers (see Manage EAP-MD5 Servers).
•PEAP Server—Add, modify, and delete PEAP servers (see Manage PEAP Servers).
Managing Devices
Before you can view discovered devices or perform any operations on them, you must move the devices to the managed state. When you select Administration > Discover > Managed Devices, the following options are displayed:
•Manage/Unmanage—View newly discovered devices, change device management status, or delete devices (see Changing Management Status or Deleting Devices).
•Device History—View the management history of each discovered device (see View Device Management History).
Changing Management Status or Deleting Devices
You can use the Manage/Unmanage option to change a device's management status or delete a device.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Managed Devices > Manage/Unmanage. The device selector is displayed, showing:
•Newly discovered devices (New folder). All new devices are also listed in the Unmanaged folder.
•Managed devices (Managed folder)
•Unmanaged devices (Unmanaged folder).
Step 2 To view the contents of a folder, expand the folder.
Step 3 To modify the status of the devices in a folder, click the folder name. Select one or more devices from the list and click Manage or Unmanage in the Group Change Status window. Devices are moved into the Managed or Unmanaged folders.
You must move newly discovered devices to the managed state. Only managed devices appear in WLSE displays.
Tip If you want all discovered devices to be automatically moved to the managed state or you can to filter access point management, see Use Discovery Options.
Note There is a limitation on the number of access points and bridges that can be managed by a single Wireless LAN Solution Engine. For more information, see Limitation on the Number of Managed Devices.
Step 4 After you move devices to the managed state, inventory is run for those devices. This ensures that device attributes appear in displays, such as reports and system-defined groups without waiting for the next inventory cycle. For information about running an immediate inventory, see Managing Device Inventories.
Note When auto-manage is enabled, after devices are discovered an inventory is run automatically for the auto-managed devices. For more information about auto-manage, see Use Discovery Options.
Step 5 To view details about a device, select the device from the device selector. You can change the device's status by using the Manage and Unmanage buttons.
Note Some details may not be displayed if the corresponding parameters are not set on the device; for example, Location and Contact.
The details in the Device Details pane are as follows:
Table 6-1 Device Details Pane
Field
|
Description
|
Device Name
|
Hostname, IP address, or SNMP sysname.
|
Description
|
Detailed device description.
|
Version
|
Software version installed on the device.
|
Device Family
|
Device type.
|
SysName
|
The system name.
|
SysObjectId
|
Unique identifier that identifies the device type.
|
Location
|
Where the device is located.
|
IP Address
|
Device IP address.
|
Subnet
|
Subnet in which the device is located.
|
Network Segment
|
The network segment in which the device is located.
|
Contact
|
The person to contact for this device.
|
Step 6 To delete a device, select the device from the device selector or dialog box and click Delete.
The device will be removed from the device selector and from all tables (including trend tables).
Related Topics
•Managing Device Discovery
•Device Name and IP Address Display
Limitation on the Number of Managed Devices
The WLSE 1130 can manage 2500 access points and wireless bridges. After you have placed 2500 of these devices under management, warning messages are displayed each time you place more devices in the folder. After 2550 devices are under management, no additional devices can be placed in the Managed folder.
The WLSE 1105 can manage 500 access points and wireless bridges. After you have placed 500 of these devices under management, warning messages are displayed each time you place more devices in the folder. After 525 devices are under management, no more devices can be placed in the Managed folder.
Device discovery continues after the absolute limit is reached, but no additional devices can be placed under management.
View Device Management History
The Historical Operations table shows information on all changes in device state (from unmanaged to managed or vice versa).
Note Your login determines whether you can use this option.
Procedure
Step 1 To view the Historical Operations table, select Administration > Discover > Managed Devices > Device History. The following information is displayed:
Table 6-2 Managed Device History Information
Field
|
Description
|
Timestamp
|
Date and time when the state change occurred.
|
Device Name
|
The device's hostname.
|
IP Address
|
The device's IP address.
|
State
|
The device's state:
•New—Device was discovered but has not been moved to the managed or unmanaged state.
•Managed—Device has been moved to the managed state.
•Unmanaged—Device is unmanaged.
|
Step 2 To sort table data, click on the column heading by which you want to sort the data:
•A triangle indicates ascending order.
•An upside-down triangle indicates descending order.
•No triangle indicates that the data is not sorted.
Specifying Device Credentials
This option allows you specify device community strings, device credentials, and ports:
•SNMP Communities—Specify community strings for managed devices. See Enter SNMP Community Strings for All Devices.
•HTTP User/Password—Specify the HTTP usernames and passwords for configuring non-IOS access points. See Enter HTTP Usernames and Passwords—Non-IOS Access Points.
•Telnet/SSH User/Password—Specify the Telnet usernames and passwords for IOS access points. See Enter Telnet and SSH Usernames and Passwords—IOS Access Points.
•IOS HTTP Port Settings—Specify the HTTP ports for IOS access points. See Enter HTTP Port Settings—IOS Access Points.
Enter SNMP Community Strings for All Devices
The Wireless LAN Solution Engine uses a device's read-only SNMP community string to discover the device and populate reports and uses the read/write community string to configure the device and update firmware. If community strings are not entered correctly, the WLSE cannot communicate with the device. Both read-only and read/write community strings are required.
The default community string is public for both the read-only string and the read-write string. If the community strings on your devices differ from the defaults, you must specify the community strings before the discovery process can begin and before you can configure the devices.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Device Credentials > SNMP Communities. The SNMP Communities dialog box contains a default entry that covers all devices, provided device community strings are set to the default (public).
Step 2 To add community strings, use either of the following methods. Use the community strings you created during initial device setup. For more information, see Set Up Devices.
•Use the individual text boxes and list for the variables: Hostname (IP address), Read Community, SNMP Timeout, SNMP Retries, and Write Community. Then click Add. The community string appears in the large textbox.
•Enter the data directly in the large text box using the following syntax:
target:read_community::timeout:retries:::write_community
Note You must enter the correct number of colons between variables. Otherwise, the community strings cannot be read.
Information about the variables follows. For more details, see Community String Guidelines.
Table 6-3 Community String Guidelines
Variable
|
Description
|
Notes
|
target
|
The IP address of a device or range of devices that use these community strings.
|
If you do not specify a target, the default community strings apply to all devices in the network.
|
read_community
|
A password allowing read-only access to the target devices.
|
You must specify the read community string. Otherwise, the default value of public is used.
|
timeout
|
The length of time (seconds) the server waits for a response from the device before performing the first retry.
|
The default is 10 seconds. If you increase the timeout period, discovery could take significantly longer to complete. The minimum value is one and the maximum value is 60.
|
retries
|
Number of attempts the server makes to communicate with the device before declaring that the device has timed out.
|
The default is one retry. If you increase the number of retries, discovery takes significantly longer to complete. The default retry policy doubles the previous timeout value for retry.
|
write_community
|
The password that allows write access to the target devices.
|
You must specify the write community string. Otherwise, the default value of public is used.
|
Step 3 To modify a community string, make your changes directly in the large textbox.
Step 4 Click Save to apply your changes.
Related Topics
Community String Guidelines
Community String Guidelines
Use these guidelines when adding or modifying community strings:
•You can assign community strings to any of the following:
–Complete IP address; for example, 172.20.4.9
–Any wild cards (based on IP addresses); for example:
*.*.*.*
172.*.*.*
–Address ranges, which can include wild cards; for example:
27.20.[4-55].*
172.[21-30].[44-88].*
172.*.*.[121-255]
•You can add a combination of general and specific entries, but the WLSE reads the community strings from most specific to least specific.
•If you enter duplicate community strings for a device, the most specific community string is used.
•All printable characters, except for colons (:), are allowed in community strings.
•Spaces are not allowed in community strings.
•Comments are not allowed.
Enter HTTP Usernames and Passwords—Non-IOS Access Points
HTTP usernames and passwords are required for downloading configuration files to non-IOS access points. The password must be set on each access point, and you can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on access points, see Set Up Devices.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Device Credentials > HTTP User/Password.
Step 2 To add a username and password:
a. Enter the access point IP address or range of IP addresses that will use this username and password.
When two or more entries match the IP address of one device, the most specific address will be used.
You can use the following guidelines for entries:
Entry Type
|
Examples
|
A complete IP address.
|
171.20.4.9
|
IP address with wildcards.
|
*.*.*.*
172.*.*.*
|
IP address with ranges [X-Y], where X is less than Y, and wildards.
|
27.20..[4-55].*
172.[21-30].[44-88].*
172.*.*.[121-255]
|
b. Enter the username.
c. Enter the password.
d. Click Save. The IP address and username are added to the Current Entries textbox.
Step 3 To modify an entry:
a. Select the entry from the Current Entries text box.
b. Modify fields as needed and click Save.
Step 4 To delete an entry, select it from the Current Entries text box and click Delete.
Related Topics
"Configuring Devices"
Enter Telnet and SSH Usernames and Passwords—IOS Access Points
Telnet or SSH usernames and passwords are required for applying configuration templates to IOS access points and for upgrading firmware on IOS access points. You can enter as many usernames and passwords as necessary on the WLSE. For more information about setting passwords on IOS access points, see Set Up Devices.
Note The Telnet/SSH credentials you enter in this dialog must match the login sequence on the IOS access points. For example, if the device prompts for an enable password only, enter the Enable Password only. Do not enter a User Name or User Password. Otherwise the WLSE will not be able to open a login session on the device.
Note Only SSH1 is supported.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Device Credentials > Telnet/SSH User/Password.
Step 2 To add a username and password:
Note If the device is configured only for a Telnet password, enter a User Password, but leave the User Name field empty.
a. Enter the access point IP address or range of IP addresses that will use this username and password.
b. Enter the username.
c. Enter the password.
d. Click Save. The IP address and username are added to the Current Entries textbox.
Step 3 To modify an entry:
a. Select the entry from the Current Entries text box.
b. Modify fields as needed and click Save.
Step 4 To clear your current entries, click Clear Fields.
Step 5 To delete an entry, select it from the Current Entries text box and click Delete.
Related Topics
"Configuring Devices"
Enter HTTP Port Settings—IOS Access Points
HTTP port settings are required for reports on IOS access points; the port settings are used for the links from reports to access point Web interfaces. The port you should supply for each device is the port for accessing the access point's Web interface.
Note For non-IOS access points, there is no need to specify HTTP ports. Port information is collected during inventory.
Procedure
Step 1 Select Administration > Discover > Device Credentials > IOS HTTP Port Settings.
Step 2 To add a port:
a. Enter the IP address or range of IP addresses that use this port number.
b. Enter the port number.
c. Click Save.
Step 3 Repeat Step 2 to add more IP addresses and ports.
Managing Device Discovery
When you select Administration > Discover > DISCOVER, the following options appear:
•Discovery Options—Configure automatic management of discovered devices, set reverse DNS lookup, and filter access point management—see Use Discovery Options.
Note Before devices can be discovered, they must be properly configured—see Set Up Devices.
•Filter Rules—Limit discovery by using IP address filters (see Set Up Discovery Filters).
•Schedule Discovery—Set up scheduled discoveries (see Schedule Discovery).
•Run Discovery Now—Run one-time, immediate discoveries (see Run Discovery Now)
You can also view details on the last 15 discoveries—See Viewing Inventory and Discovery Task History.
Related Topics
•Overview: Discovery
•Set Up Devices
Overview: Discovery
You can set up regularly scheduled discoveries and run one-time discoveries.
Before the WLSE can discover devices:
•Configure discovery (see Schedule Discovery) or use the on-demand discovery option (see Run Discovery Now).
As an alternative to using Cisco Discovery Protocol (CDP) to run discovery, you can import devices from a file or from a CiscoWorks server running Resource Manager Essentials (RME). See Importing Devices.
•Devices must be properly configured for access by the WLSE. See Set Up Devices.
•Community strings must be entered on the WLSE. See Enter SNMP Community Strings for All Devices).
Discovery proceeds according to the seed devices and CDP distance that you specify. The CDP distance determines the depth of the discovery. With a CDP distance of 1, only the immediate neighbors of the seed device are discovered. With a CDP distance of 2, devices A and B that are directly connected to the seed device are discovered, and the immediate neighbors of A and B are also discovered. You should set the CDP distance so that your entire wireless network is discovered.
Devices such as PCs and workstations are not valid seed devices.
If CDP is disabled, you can still discover access points by entering their IP addresses as seed values in the discovery dialogs or by importing them from a file or from a CiscoWorks server that is running RME. However, the switches directly attached to such access points will not be discovered if CDP is disabled, and switch-related reports will be empty. Routers and switches are only discovered if they have properly configured access points attached to them.
After devices are discovered, they must be moved to the managed state—see Managing Devices. Unmanaged devices do not appear in WLSE displays. You can specify auto-management of devices and limit auto-management of access points—see Use Discovery Options.
Set Up Devices
You must set up devices so the WLSE can discover and manage them. This section describes both required and optional setup tasks for:
•Set Up Non-IOS Access Points and Bridges
•Set Up IOS Access Points
•Set Up Routers and Switches
•Set Up AAA Servers
Set Up Non-IOS Access Points and Bridges
You can set up access points and bridges in two ways:
•By using the WLSE's automatic configuration option for first-time device configuration and applying a configuration template to a number of access points. For more information, see Automating Configurations.
•By opening a web browser session on each access point and performing the tasks in the following table. To use this method, you must first configure each access point or bridge for web browsing.
Table 6-4 Set Up Procedures for Non-IOS Access Points and Bridges
Tasks
|
Procedure
|
Notes
|
1. Enable Cisco Discovery Protocol (CDP).
|
1. In the Summary Status page, click Setup.
2. Under Services: Cisco Services, click Cisco Discovery Protocol.
3. Select Enabled. Click Apply or OK.
|
CDP is required for the WLSE to discover devices on the network.
|
2. Enable SNMP.
(Optional) Set the location.
(Optional) Set the system name and system contact.
|
1. In the Summary Status page, click Setup.
2. Under Services, click SNMP.
3. Select Enabled.
4. Enter a System Name, System Location, and System Contact.
5. Click Apply or OK.
|
SNMP is required for the WLSE to discover devices, populate reports, transfer configuration information to devices, and upgrade device firmware.
Setting the location enables proper grouping of devices into system-defined location groups. For more information, see Managing Groups.
Setting the system name and system location ensures that this information is included in device detail displays.
|
3. Set the read community string.
|
1. In the Summary Status page, click Setup.
2. Under Services, click Security.
3. Click User Information; then click Add New User.
4. Create a user with all privileges, including SNMP, Firmware, Write, and Admin privileges.
In addition, for access points that are running a firmware version earlier than 12.01(T), assign Ident privileges.
5. Click Apply or OK.
|
The read community string is required for device discovery and populating reports.
|
4. Set the read-write community string.
|
1. In the Summary Status page, click Setup.
2. Under Services, click Security.
3. Click User Information; then click Add New User.
4. To create a user with SNMP read/write privileges, enter a username and password and select the Write, SNMP, Firmware, and Admin privileges.
5. Click Apply or OK.
|
The read-write community string is required for configuration and firmware jobs.
|
5. Add an HTTP user with the ability to modify firmware, and enable the User Manager.
You can use the same user that you created in Task 4, if the user has firmware privileges.
|
1. In the Summary Status page, click Setup.
2. Click Security.
3. Click User Information; then click Add New User.
4. Enter a username and password and select Firmware; then click Apply.
5. Navigate back to the Security Setup page and click User Manager.
6. Select Enabled; then click Apply or OK.
|
This allows configuration uploads from the WLSE to access points.
You must also enter HTTP users and passwords on the WLSE (see Enter HTTP Usernames and Passwords—Non-IOS Access Points).
|
6. Set up TFTP as the transfer protocol between the WLSE and access points.
|
1. In the Summary Status page, click Setup.
2. Under Services, click FTP.
3. Use the pulldown menu to select TFTP as the file transfer protocol.
4. In the Default File Server text box, enter the IP address of the WLSE.
5. Click Apply or OK.
|
TFTP is used for transferring configuration changes to access points.
|
Set Up IOS Access Points
You can set up access points and bridges in the following ways:
•Use the WLSE's automatic configuration option for first-time device configuration and applying a configuration template to a number of access points—See Automating Configurations.
•Log into each device by using Telnet or SSH and use the device's CLI commands—See Set Up IOS Access Points by Using the Device CLI.
•Log into each device's Web interface—See Set Up IOS Access Points by Using the Device Web Interface.
After you set up a device, all of its MIB variables can be accessed and the device can be discovered by the WLSE.
Note VLAN information for IOS access points might not be collected by the WLSE if WEP keys are not configured in each VLAN. This affects VLAN reports, grouping, and faults. VLAN information becomes accessible through SNMP as soon as WEP keys are configured.
Set Up IOS Access Points by Using the Device CLI
Procedure
Step 1 Use Telnet or SSH to log into the AP 1100 or AP 1210.
Step 2 Enter enable mode.
Step 3 Enter global configuration mode.
Step 4 Enable CDP by entering the following command:
Note You can find out whether CDP has been enabled by using the show cdp command in enable mode.
Note If you do not wish to use CDP, you can add all access points as seeds or import devices. For more information, see Managing Device Discovery and Importing Devices.
Step 5 Enter the following commands in the sequence shown. The first two commands set the read-only SNMP community string and create an ISO view, which enables discovery and the fault and report features on the WLSE. The third command sets a read-write community string, which allows you to use the WLSE to update access point firmware and configuration.
snmp-server view iso iso included
snmp-server community community_string view iso RO
snmp-server community community_sring RW
Note These community strings must be entered on the WLSE. See Enter SNMP Community Strings for All Devices.
Note Devices that do not have an ISO view will be placed in the Misconfigured Devices system group after discovery and fault will be generated. The fault refers to a "dot 11 MIB" problem.
Step 6 You can use either Telnet or SSH to push configuration templates to IOS access points. To use templates to configure IOS access points, you must configure either Telnet or SSH or both. See Steps 7and 8 for the procedures to enable and configure SSH and Telnet.
Step 7 To enable and configure SSH, enter the following commands. In these commands, hostname is the hostname of the acccess point, and domain_name is your network's domain name (for example, cisco.com). At the prompt for the number of bits in the modulus, press Return to accept the default or enter a value.
ip domain-name domain_name
How many bits in the modulus [512]:
The following commands are recommended, but optional:
ip ssh authentication-retries 3
Step 8 To configure Telnet, enter the following commands:
The following commands are recommended, but optional:
Step 9 Exit global configuration mode, then enter the following command:
Set Up IOS Access Points by Using the Device Web Interface
Procedure
Step 1 Log into the Web interface of the AP 1100 or AP 1210 device.
Step 2 Select SERVICES from the menu, then click CDP:
a. After Cisco Discovery Protocol (CDP), select Enabled.
b. Click Apply.
Note If you do not wish to use CDP, you can add all access points as seeds or import devices. For more information, see Managing Device Discovery and Importing Devices.
Step 3 You can use either Telnet or SSH (secure shell protocol) to push configuration templates to IOS access points. To use templates to configure IOS access points, you must configure either Telnet or SSH or both. See Steps 4 and 5 for procedures.
Step 4 To enable and configure SSH (secure shell protocol), enter the following:
a. Select SERVICES > Telnet/SSH.
b. Enable Secure Shell.
c. Enter a System Name.
d. Enter a Domain Name (for example, cisco.com).
e. (Optional) Enter the RSA key size.
f. (Optional) Enter the Authentication Timeout.
g. (Optional) Enter Authentication Retries.
h. Click Apply.
Step 5 To enable and configure Telnet:
a. Select SERVICES > Telnet/SSH.
b. Enable Telnet.
c. (Optional) Enable Teletype.
d. Enter the number of Columns.
e. Enter the number of Lines.
f. Click Apply.
Step 6 Select SNMP from the menu.
a. After Simple Network Management Protocol (SNMP), select Enabled.
a. Click Apply.
Step 7 In the SNMP Request Communities section, enter a community string for the ISO view. This community string is required for discovery and to enable the fault and report features of the WLSE.
a. Enter the community string in the SNMP Community field.
b. Enter iso in the Object Identifier field.
Note Devices that do not have an ISO view will be placed in the Misconfigured Devices system group after discovery.
c. Click Read-Only.
d. Click Apply.
Step 8 In the SNMP Request Communities section, enter a community string to enable firmware and configuration updates on the access point.
a. Enter the community string in the SNMP Community field.
b. Click Read-Write.
c. Click Apply.
Step 9 The community strings created in Steps 7 and 8 must be entered on the WLSE before the device can be discovered and other WLSE features can be used. For more information, see Enter SNMP Community Strings for All Devices.
Set Up Routers and Switches
Note Only routers and switches that have properly configured access points or bridges attached to them will be discovered.
On each router and switch, configure the following:
Table 6-5 Setup Procedures for Routers and Switches
Task
|
Procedure
|
Notes
|
1. Enable CDP and verify that access points and bridges are visible from the router or switch.
|
1. In enable mode, verify that CDP is running on the device by using one of the following commands:
–On IOS-based devices—show cdp run.
–On Hybrid OS-based Catalyst switches—show cdp.
2. If CDP is not running, in global configuration mode, enter cdp run to enable CDP.
3. To verify that access points or bridges are visible in the device's CDP table, enter show cdp neighbors.
|
CDP is required for the WLSE to discover the device.
|
2. Enable SNMP and set up community strings.
|
On IOS-based devices, enter configuration mode and use the snmp community community_string ro command.
On Hybrid OS-based Catalyst devices, enter enable mode and use the set snmp community read-only community_string command.
|
SNMP is required for the WLSE to discover and manage the device.
|
3. (Optional) Set the system name, contact, and location variables.
|
On IOS-based devices, enter configuration mode and use the following commands.
•Set system name—hostname name
•Set system contact—snmp contact contact
•Set location—snmp location location
On Hybrid OS-based Catalyst switches, enter enable mode and use the following commands:
•Set system name—set system name name command.
•Set system contact—set system contact contact
•Set location—set system location location
|
These variables make the device more manageable. The location variable enables proper grouping of devices into the system-defined Location group. For more information about groups, see Managing Groups.
The system name, system contact, and location will appear in the device detail displays.
|
Set Up AAA Servers
The WLSE can monitor the performance of AAA (Authentication, Authorization, and Accounting) services provided by CiscoSecure ACS Server. To enable monitoring, you must:
•Configure CiscoSecure ACS server to recognize the WLSE as a client. Follow the procedure in this section on each server.
•For PEAP, besides the procedure in this section, you must set up a certificate and private key on the ACS server and then enable PEAP. For more information, see the CiscoSecure ACS documentation.
•Configure the WLSE to add information about LEAP, RADIUS, EAP-MD5, and PEAP servers. For more information, see Managing AAA Servers.
Procedure
Step 1 Log into the CiscoSecure ACS Server that will provide authentication services to the wireless network.
Note You will need the IP address or name of the system on which CiscoSecure ACS Server is running when you configure the WLSE.
Step 2 Click User Setup on the left side of the initial page.
Step 3 Enter a username for the user the WLSE will use for synthetic transactions and click Add/Edit.
Step 4 Enter a password in the first set of Password and Confirm Password textboxes. Click Submit.
Note You will need this name and password when configuring the WLSE.
Step 5 Click Network Configuration on the left side of the page.
Step 6 Click Add Entry. In the Add AAA Client area, enter the WLSE information in the following text boxes:
•Client Hostname—enter the WLSE hostname (or IP address)
•Client IP—enter the WLSE IP address
•Key—enter a secret key
Note You will need this key when configuring the WLSE.
Step 7 Select RADIUS (Cisco Aironet) from the Authenticate Using list.
Step 8 Click Submit or Submit+Restart. A restart is required for the changes to take effect.
Use Discovery Options
You can modify the discovery process by specifying that all discovered devices be automatically managed, enabling reverse DNS lookup, and setting up filters for auto-management of access points.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > DISCOVER > Discovery Options.
Step 2 If DNS is configured on devices, you can enable reverse DNS lookup by selecting Use reverse DNS lookup. Use of this feature affects device name display on the WLSE as follows:
Reverse DNS lookup enabled?
|
Affect on Display
|
Yes
|
If the lookup succeeds, the device name is displayed.
|
If the lookup fails, the device IP address is displayed.
|
No
|
If the device's SNMP sysName is set, the sysName is displayed.
|
If the sysName is not set, the device IP address is displayed.
|
Step 3 To enable automatic management for all discovered devices, select Auto-Manage Devices.
All discovered devices will be automatically placed in the Managed folder.
Note If you are using the automatic configuration feature, new access points and bridges added to the network will be automatically configured if Auto-Manage is enabled. For more information, see Automating Configurations.
Step 4 To use the option for auto-managing selected access points within specified time limits, see Enabling the MAC Address Filter for Access Points.
Step 5 Click Save to save all of your changes to Discovery Options.
Related Topics
Changing Management Status or Deleting Devices
Enabling the MAC Address Filter for Access Points
This option allows you to specify access points that you want to auto-manage during a specified time interval.
Auto-management affects all discovered devices. Access point filtering affects only access points. See Table 6-6 for more information.
You can specify the access points to auto-managed by entering Ethernet MAC addresses in the text box or importing a file containing Ethernet MAC addresses. For example files, see Example MAC Address Files.
Table 6-6 Access Point Filtering Outcomes
Auto-Manage selected?
|
Enable MAC Filtering selected?
|
Result
|
No
|
No
|
All discovered devices must be manually moved to the managed state.
|
Yes
|
No
|
All discovered devices are automatically moved to the managed state.
|
Yes
|
Yes
|
Only access points listed in Access Points to Auto-Manage will be auto-managed in the time interval specified.
Note If the time interval expires, newly discovered access points will not be auto-managed. Any access points that you have manually placed in the Managed folder will still be managed.
|
To enable MAC address filtering:
Step 1 Select Administration > Discover > DISCOVER > Discovery Options.
Step 2 Select Auto-Manage Devices.
Step 3 Select Enable Filtering for Auto-Manage devices.
Step 4 In the Filters Valid fields, specify the time period for auto-management.
Note When the time period expires, you must deselect Enable Filtering. Otherwise, no newly discovered access points will be managed.
Step 5 To enter Ethernet MAC addresses in the text box:
a. Remove the default * entry before beginning. Otherwise, all access points will be auto-managed regardless of the MAC addresses you enter.
b. Enter Ethernet MAC addresses in the Enter MAC Address of access point text box (in hexadecimal format) and click >>. For example, 000b46fd0286. You can use the asterisk (*) as a wildcard; for example, *b46fd0286.
Step 6 To import a list of Ethernet MAC addresses from a file:
a. Create an ASCII file consisting of one address per line or a comma-separated list (.txt file). For more information, see Example MAC Address Files.
b. Enter the path to the file in the Import From File textbox or click Browse to find the file.
c. Click Import.
Step 7 To remove an address, select it in the Valid MAC Addresses text box and click <<.
Step 8 Click Save to save all of your changes to the Discovery Options screen (see Use Discovery Options).
Example MAC Address Files
You can use either of the following file formats to import MAC addresses for limited discovery of access points:
•One address per line; for example:
•Comma-separated list; for example:
000b466e482,0000bbe8190c2,0040965b611f,000a41047e3b,0040965b5f75,
004096588420,004096543a84,000bbe6d8bd4
Set Up Discovery Filters
You can limit discovery to certain devices by setting up filter rules to include or exclude devices. Filter rules consist of device IP addresses with optional wildcards and ranges.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > DISCOVER > Filter Rules.
Step 2 Add IP addresses to the Include Rules or Exclude Rules text boxes, one entry per line. Use standard IP address format (four octets separated by periods) in which any octet can be:
•A value between 0 and 255.
•An asterisk (*) wildcard, denoting any number from 0 to 255; for example, 10.20.*.*.
•A range in which the first number is less than the second; for example, 10.20.30[50-60].
Rules cause discovery to be limited as described in the following table.
Note Exclude rules take precedence over include rules.
Table 6-7 Effects of Include and Exclude Rules in Discovery Filters
Include Rules Defined?
|
Exclude Rules Defined?
|
Result
|
No
|
No
|
All devices are discovered.
|
No
|
Yes
|
All devices are discovered, but those that match the Exclude Rules are discarded.
|
Yes
|
No
|
Only devices that match the Include Rules are discovered.
|
Yes
|
Yes
|
Only devices that match the include rules are discovered. Devices that match the exclude rules are discarded.
|
For example, assume the IP addresses of the devices in a network are from 10.10.10.1 through 10.10.10.200:
•The include rule is 10.10.10.[40-80]
•The exclude rule is 10.10.10.[60-70]
All of the devices with the IP addresses 10.10.10.[40-80] are discovered, but those with IP addresses 10.10.10.[60-70] are discarded. Therefore, the devices discovered and retained have IP addresses 10.10.10.[40-59] and 10.10.10.[71-80].
Step 3 Click Save. Your rules will take effect for all subsequent discoveries.
Schedule Discovery
By default, discovery is enabled and runs every 24 hours. This option allows you to change the discovery schedule, specify seed devices, and set the CDP distance. You can specify that scheduled discoveries be repeated at specified intervals.
Before discovery can proceed, you must specify at least one seed device. Any supported device can function as a seed. Neighbors of seed devices are discovered by examining the contents of CDP tables.
You may want to specify multiple seed devices to:
•Shorten the discovery time.
•Discover "disconnected" networks; that is, discover devices across links on which CDP is disabled or discover devices outside the firewall.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > DISCOVER > Schedule Discovery.
Step 2 To add seed devices, enter their comma-separated IP addresses or device names in the Seed Values text box and click >>. Seed devices that you add in this dialog box will be retained so that you can use them for subsequent scheduled and immediate discoveries.
Device names must resolve to your local DNS in order to translate device names to IP addresses during discovery. The requirements for entering device names are:
•Blank spaces are not allowed.
•The first character in a name must be alphanumeric
•The only valid characters are the alphanumeric characters, the minus sign (-), and the period (.).
•The last character cannot be a minus or a period.
Tip You can add multiple seed devices at one time by copying and pasting seed device names or IP address from a file.
Note Before you can proceed to the next screen, Modify Discovery Schedule, you must have at least one seed device in the Seed Values list.
Step 3 To delete a seed device, select the IP address from the Seed Values list and click Delete.
Step 4 Select the CDP distance from the list. Set CDP distance appropriately to discover the entire wireless network; a CDP distance of 1 only discovers the immediate neighbors of the seed devices.
Note Routers and switches that do not have access points attached to them are used when computing CDP distance. However, such devices will not appear in the discovered devices list.
Step 5 If you have not entered community strings that allow the WLSE to access all devices to be discovered, click Enter community strings before running discovery. For more information about entering community strings, see Specifying Device Credentials.
Step 6 To schedule discovery, click Modify Schedule.
•Select the State Date and Start Time from the pulldown lists. Do not schedule a discovery to begin within 5 minutes of the current time. Otherwise, the discovery might not run. Use the Run Discovery Now option instead. For more information, see Run Discovery Now.
•To repeat discovery at specified intervals, click Enable. Then enter a number in the Every textbox and select the interval from the list.
Step 7 Click Next.
Step 8 Click Finish to submit your settings or Back to make changes in your settings.
Related Topics
Specifying Device Credentials
Run Discovery Now
This option allows you to run an immediate, one-time discovery.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > DISCOVER > Run Discovery Now.
Step 2 If necessary, add seed devices:
Note Any seed devices added here are used for this one-time discovery only.
a. Enter the seed device's IP address or device name in the Add Seed Value text box and click >>.
Device names must resolve to your local DNS in order to translate device names to IP addresses during discovery. The requirements for entering device names are:
–Blank spaces are not allowed.
–The first character in a name must be alphanumeric.
–The only valid characters are the alphanumeric characters, the minus sign (-), and the period (.).
–The last character cannot be a minus or a period.
b. Set the CDP distance by selecting a number from the list.
Step 3 If you have not added the community strings of all devices to be discovered, click Enter community strings before running discovery. For more information about entering community strings, see Enter SNMP Community Strings for All Devices.
Step 4 Click Run Now.
•Click Back if you want to make changes before running the discovery.
•Click Finish to run the discovery. The discovery will begin within 2 minutes.
Step 5 The Tasks History window appears; you can expand the Discovery folder to see the results of the discovery.
For information about the Tasks History window, see Viewing Inventory and Discovery Task History.
Related Topics
•Specifying Device Credentials
•Viewing Inventory and Discovery Task History
Managing Device Inventories
The WLSE automatically runs scheduled inventories on all managed devices. For information about automatic inventories, see About Automatic Inventories.
In addition, you can use the options under Administration > Discover > Inventory to run immediate or scheduled inventories of specified devices:
•Run Inventory Now—Use this option to collect complete inventory data from selected devices (see Run Immediate Inventory—Selected Devices).
•Scheduled Inventory—Use this option to schedule collection of complete inventory data from selected devices (see Run Scheduled Inventory—Selected Devices).
You can view details on the last 15 inventories—See Viewing Inventory and Discovery Task History.
You can reset the polling intervals for scheduled inventories—See Changing the Intervals for Automatic Inventories.
About Automatic Inventories
The WLSE runs 3 types of automatic inventories on a regularly scheduled basis:
•Basic inventories that collect all the information required by the WLSE to populate displays, such as reports, and to place devices in system-defined groups. Basic inventories run every 12 hours by default, and can be run on demand.
In the Task History listing, these inventories appear in the Scheduled folder.
•Client inventories that only collect information about associations of clients to access points. This inventory runs every 17 minutes by default.
In the Task History listing, these inventories appear in the Periodic - All Devices folder under the name ClientInventory.
•Performance inventories that only collect the performance attributes used in trend reports for access points, bridges, and AAA servers. This inventory runs every 13 minutes.
In the Task History listing, these inventories appear in the Periodic - All Devices folder under the name PerformanceInventory.
Changing the Intervals for Automatic Inventories
To change the automatic inventory intervals, you can use the Administration > System > System Parameters option to reset the inventory polling intervals:
•To reset the interval for the scheduled complete inventory, use the Inventory Poll Interval parameter.
•To reset the interval for the scheduled client inventory, use the Wireless Client Poll Interval parameter.
•To reset the interval for the scheduled performance inventory, use the Performance Attributes Poll Interval parameter.
For more information about resetting the intervals, see Managing System Parameters.
Run Immediate Inventory—Selected Devices
Use this option to run an immediate inventory of selected devices.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Inventory > Run Inventory Now. The device selector shows all managed devices in group folders.
Step 2 To search for devices:
a. From the list in the search area, select a method for searching:
Method
|
Description
|
Device name
|
Enter device name to search for any device.
|
IP address
|
Enter IP address to search for any device.
|
APs based on client MAC
|
Enter a client MAC address to search for both IOS and non-IOS access points. Finds only access points that are associated with the specified client.
|
APs based on client IP
|
Enter a client IP address to search for non-IOS access points only. Finds only access points that are associated with the specified client.
|
b. Enter the IP address, name, or MAC address. You can use an asterisk (*) as a wildcard to denote numbers and letters; for example, *AP or 172.*.*.*.
c. Click Search. The matching devices appear in the Search Results folder in the device selector.
Step 3 To select devices for inventory:
a. Expand the folder that contains the devices you want to include.
b. Click the device group folder. All of the devices in the group are added to the list in the Run Inventory Collection window.
Note Each immediate inventory job for selected devices contains devices from only one group.
c. From the list of devices in the group, select the devices you want to inventory.
d. Repeat steps a-c to add more devices.
Step 4 Click Run Inventory for Selected Devices. The inventory job starts immediately. Managed devices are polled and information is collected. WLSE displays are updated accordingly.
In the Tasks History window, expand the Inventory folder and the On Demand subfolder to see the results of the inventory collection.
Immediate inventories of selected devices are named InventoryRunNow_number. The number increments each time you run an inventory.
Step 5 To view details on an inventory, click the inventory name. The Run Log shows the start and end times of the inventory and the type of data that was collected for the devices you selected.
Run Scheduled Inventory—Selected Devices
Use this option to run scheduled inventories of selected devices. You can use this option when you need to inventory certain devices more frequently than the inventories provided by the automatic inventory feature.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Inventory > Scheduled Inventory. The device selector shows all managed devices in group folders.
Step 2 To search for devices:
a. From the list in the search area, select a method for searching:
Method
|
Description
|
Device name
|
Enter device name to search for any device.
|
IP address
|
Enter IP address to search for any device.
|
APs based on client MAC
|
Enter a client MAC address to search for both IOS and non-IOS access points. Finds only access points that are associated with the specified client.
|
APs based on client IP
|
Enter a client IP address to search for non-IOS access points only. Finds only access points that are associated with the specified client.
|
b. Enter the IP address, name, or MAC address. You can use an asterisk (*) as a wildcard to denote numbers and letters; for example, *AP or 172.*.*.*.
c. Click Search. The matching devices appear in the Search Results folder in the device selector.
Step 3 To select devices for inventory, select a group. All of the devices in the group appear in the Available Devices list.
Step 4 Select the entire group or devices in the group and click >>. The devices are moved to the Selected Devices list.
Step 5 Repeat Steps 3 and 4 to select more devices.
Step 6 Click Schedule.
Step 7 To run the inventory job immediately, select Run Now, then click Save.
Step 8 To schedule an inventory job:
a. Select a Start Date and Time. Do not schedule an inventory within 5 minutes of the current time; the inventory might not run. Use the Run Inventory Now option instead (see Run Discovery Now).
b. If you want the job to run again at regular intervals, select Enable Repeat. Enter an interval and select Minutes, Hours, Days, Weeks or Months.
Note The minimum interval is 30 minutes.
c. Click Save.
Step 9 To view details on the job, select Administration > Discover > Tasks History. For more information, see Viewing Inventory and Discovery Task History.
Viewing Inventory and Discovery Task History
The Administration > Discovery > Task History option allows you to view historical listings of inventories and discoveries.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Tasks History.
Step 2 To view a list of jobs, expand the Discoveries or Inventories folder. Then expand the folder that contains the type of discovery or inventory you want to see:
•Discovery—The Scheduled folder contains the last 15 scheduled discoveries. The Run Now folder contains the last 15 immediate discoveries. The Import folder contains information on the last 15 imports from a file or from CiscoWorks.
•Inventory—The Scheduled folder contains the last 15 scheduled inventories. The Periodic- All Devices folder contains the last 15 performance and client inventories. The Run Now folder contains the last 15 immediate inventories.
In each subfolder, the latest job is listed first and earliest is listed last.
Step 3 Thefolders and names of inventory and discovery jobs indicate the type of inventory or discovery as follows:
Table 6-8 Discovery Job Names
Folder Name
|
Discovery Name
|
Discovery Type
|
Scheduled
|
CDPDiscovery
|
Scheduled discoveries
|
Run Now
|
CDPDiscovery_Run_Now_number
|
On-demand discoveries
|
Import
|
CDPDiscovery_Import_Devices_number
|
Imported from a file or from a CiscoWorks server
|
RMEDiscovery
|
Imported from a CiscoWorks server
Note Two items are listed in Tasks History for each import from a CiscoWorks server: CDPDiscovery_Import_Devices and RMEDiscovery.
|
Table 6-9 Inventory Folders and Job Names
Folder Name
|
Inventory Name and Type
|
|
Periodic—All Devices
|
Inventory
|
Automatic inventories of all devices
|
ClientInventory
|
Automatic inventories of client associations with access points
|
PerformanceInventory
|
Automatic inventories of performance attributes for trend reports
|
Run Now
|
InventoryRunNow_number
|
On-demand inventories of selected devices, run by users
|
Scheduled
|
ScheduledInventory
|
Inventories of all devices, scheduled by users
|
Step 4 To view details about a job, select the job. The Run Log shows the start and end times of the job and type of data that was collected. The Run Log for immediate inventories shows which devices you selected for inventory. For more information, see Run Log Details—Discovery and Inventory.
Related Topics
•Managing Device Inventories
•Run Immediate Inventory—Selected Devices
•Run Immediate Inventory—Selected Devices
Run Log Details—Discovery and Inventory
The discovery and inventory run logs show the following information.
Discovery Messages
•Seed value entered—seed devices that you entered or imported.
•Device being updated—the device was previously discovered and information is being updated.
•New device discovered—the device was discovered for the first time.
•x.x.x.x is SNMP unreachable, unable to read CDP cache—the community strings may be set up incorrectly. See Set Up Devices.
This message might indicate a network problem, or the device might be an invalid seed device (not running CDP or SNMP), such as a PC or workstation.
•No logs available. Waiting for resources to start job—Other jobs are running and using all available resources. Information on this job will be displayed when resources are available.
•x.x.x.x does not respond to ieeedot11 attributes—make sure the SNMP community has a proper view associated.
The IOS access point has not been configured with an IOS view (see Set Up IOS Access Points) or create a configuration job to correct device settings (see Managing Configuration Jobs). Affected devices are placed in the Misconfigured Devices system group. After the device is properly configured, you can run discovery or wait for the next scheduled discovery. After discovery, the device will be placed in the proper group(s). See Managing Device Discovery.
•IP conflict for ip_address (hostname). Identifier or ethernet MAC is identifier or MAC address. If the original device was replaced, please delete it first and run discovery again—a newly discovered device has the same IP address as a previously discovered device. The new device will not be discovered until the conflict is resolved. The identifier shown is for the previously discovered device. For access points, the identifier shown is the Ethernet MAC address.
If you want both devices to be managed, assign a different IP address to the newly discovered device. If you have substituted a new device for a previous device and want to retain the IP address, delete the old device. In either case, run discovery again or wait for the next scheduled discovery. See Managing Device Discovery.
•Messages similar to the following example show information obtained during device import from CiscoWorks:
172.19.12.39,public,private,14,1.3.6.1.4.1.9.1.507,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!,!{[NOVALUE]}!
Inventory Messages
•Inventory messages show the type of data collected and the devices you selected for inventory.
•No logs available. Waiting for resources to start job—Other jobs are running. Information on your job will be displayed when resources are available.
This message also appears if there are many SNMP timeouts on the network or devices are not reachable through SNMP. In that case, the inventory job will take much longer to finish, and the next scheduled inventory will not run until the current job finishes.
Importing Devices
Instead of running discovery on the WLSE, you can import devices:
•From a file—See Import Devices from a File.
•From a CiscoWorks server running Resource Manager Essentials (RME)—See Import Devices from a CiscoWorks Server.
A one-time discovery job starts immediately after you import devices. All WLSE-supported devices in the file are used as seed devices with a CDP distance of 1. These devices are not added to the list of available seed devices in the Discovery - Configuring Seeds dialog box, but they do appear in the Discovery Run Log. For more information, see Schedule Discovery and Viewing Inventory and Discovery Task History.
Devices not supported by the WLSE are ignored during device import.
You can choose to discover some devices and import others.
The following information is imported:
•IP addresses are accepted, and hostnames are resolved to obtain the IP address. Hostnames that cannot be resolved are ignored.
•Read-only and read/write community strings are inserted into the SNMP Communities table (Administration > Discover > Device Credentials). See Specifying Device Credentials.
Note Imported credentials replace credentials that already exist in the table, but imported credentials are not matched with existing entries that contain wildcards or ranges.
Import Devices from a File
You can import devices from a CSV (comma-separated values) file. The file must be an ASCII file with a .txt suffix. You can create a CSV file by exporting devices from CiscoWorks or by creating the file with a text editor. You can view a sample CSV file in the dialog box for importing files, or see Sample Comma-Separated Values File.
The device information imported from a CSV file is limited to the device's hostname or IP address and the read and write community strings. The SNMP timeout and retry settings are not imported but you can specify their values, as described in the following procedure.
Note The imported community strings, timeouts, and retries that you import or enter while using this procedure will overwrite the information already entered on the WLSE (in Administration > Discover > Credentials > SNMP Communities). Community strings that contain wildcards will not be overwritten unless these entries are exactly matched by entries in the CSV file.
In Administration > Discover > Tasks History, the import is shown as CDPDiscovery_Import_Devices_number. For more information, see Viewing Inventory and Discovery Task History.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Import Devices > From File.
To see a sample file, click See Sample CSV File.
Step 2 Enter a pathname for the file in the Choose File dialog box or click Browse to find the file on the desktop or another network system.
Step 3 The read and write community strings for the imported devices will be imported and will overwrite community strings already entered in Administration > Discover > Credentials > SNMP Communities. Entries using wildcards will not be overwritten unless they are exactly matched by entries in the CSV file.
Step 4 The timeout and retry settings in a CSV file are not imported. If you do not specify timeout and retries, the default settings (10 seconds and 1 retry) will be assigned to the imported devices. The timeouts and retries you enter here will overwrite the timeouts and retries already entered for these devices in Administration > Discover > Credentials > SNMP Communities. To specify the timeout and retries for the imported devices:
•Enter the number of seconds in the SNMP Timeouts text box.
•Enter the number of retries in the SNMP Retries text box.
Step 5 To view the status of the previous import, if any, click Last Status. Details on the latest import are shown. If there is no previous import, a message is displayed.
Step 6 To import devices from the file you selected, click Import. Information on the imported devices is displayed, and a one-time discovery begins immediately.
Step 7 If the import succeeds, you can also view details in the discovery log. Select Administration > Discover > Tasks History. For more information, see Viewing Inventory and Discovery Task History.
Related Topics
•Import Devices from a CiscoWorks Server
•Schedule Discovery
•Specifying Device Credentials
•Viewing Inventory and Discovery Task History
Sample Comma-Separated Values File
A CSV file can contain the device information listed below. Also, see the following example CSV file. The CSV file must have a .txt suffix.
Note Only the device name or IP address and the community strings are used by the WLSE.
•Full device name or IP address (required). Include the domain in the device name unless your site has unqualified device names registered in the name service.
•Read-only community string (required).
•Read-write community string (optional).
•Serial number (optional).
•User Fields 1, 2, 3, and 4 (optional).
•Telnet password, enable password, enable secret, TACACS user, TACACS password, TACACS enable user, TACACS enable password, local user, local password, and RCP (remote copy protocol) user.
•RCP password (not used).
; The possible columns in the CSV file are listed below.
; For importing to WLSE, columns 1,2,3 are required and the
; Col# = 1: Name = Device name (include domain unless your site
; has unqualified device names registered in
; IP Address in dotted decimal notation
; Col# = 2: Name = RO community string
; Col# = 3: Name = RW community string
; Col# = 4: Name = Serial Number
; Col# = 5: Name = User Field 1
; Col# = 6: Name = User Field 2
; Col# = 7: Name = User Field 3
; Col# = 8: Name = User Field 4
; Col# = 9; Name = Telnet password
; Col# = 10; Name = Enable password
; Col# = 11; Name = Enable secret
; Col# = 12; Name = Tacacs user
; Col# = 13; Name = Tacacs password
; Col# = 14; Name = Tacacs enable user
; Col# = 15; Name = Tacacs enable password
; Col# = 16; Name = Local user
; Col# = 17; Name = Local password
; Col# = 18; Name = Rcp user
; Col# = 19; Name = Rcp password; Comment = Not used, leave blank
; Here are examples of rows of data:
1.2.2.5,public,public,,,,,,telnetpwd
bigrouter.yourcompany.com,public,private,,,,,,telnetpwd
dev-2501.yourcompany.com,"Not so, "" public as, thought",private,sn2501,
dev-2502.yourcompany.com,public,"private",sn2502,
dev-2503.yourcompany.com,public,private,sn2503,""
dev-2510.yourcompany.com,public,private,sn2510,
dev-4000.yourcompany.com,public,private,,Big Boys
dev-2517.yourcompany.com,public,private,,,nm 25xx
dev-2520.yourcompany.com,public,private,,,mylabel2
dev-4700.yourcompany.com,public,private,,yourlabel1,,yourlabel3,yourlabel4
dev-7206.yourcompany.com,public,private,,
dev-7505.yourcompany.com,public,private,,,,,yourlabel4
Import Devices from a CiscoWorks Server
You can import devices directly from a CiscoWorks server that is running Resource Manager Essentials. You can specify an immediate import, schedule an import for a future time, or schedule repeated imports. A discovery runs immediately after the device import.
The time required to import devices depends on the response from the CiscoWorks server and the number of devices imported. The following procedure explains how to check the status of the operation.
The device information imported from a CiscoWorks server is limited to the device's hostname or IP address and the read and write community strings. The SNMP timeout and retry settings are not imported.
In Administration > Discover > Tasks History, two items are listed for each import:
•RMEDiscovery—Clicking on this item displays a run log that shows the information imported for each device found on the CiscoWorks server. The WLSE uses only the hostname or IP address and the community strings.
•CDPDiscovery_Import_Devices_number—Clicking this item displays a run log that shows the results of the discovery that was run by using the information imported from the CiscoWorks server.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Import Devices > From CiscoWorks.
Step 2 Enter the following information. All fields are required; if any are left blank, the display will clear when you try to save your settings.
•The CiscoWorks server IP address.
•The port number on which the CiscoWorks server listens for HTTP requests. You may need to contact the administrator of the CiscoWorks server to obtain this information.
•The username and password of any user who has the authority to export and import device credentials on the CiscoWorks server.
Step 3 To run a one-time import:
a. Select Run Now.
b. Click Save.
Step 4 To schedule imports:
a. Select the start date from the Start Date pulldown lists.
b. Enter the start time from the Start Time pulldown lists.
c. If you want to schedule repeated imports, click Enable Repeat and set the interval by entering a number after Every and selecting Minutes, Hours, Days, Weeks, or Months from the pulldown list.
d. Click Save.
Step 5 To view the status of imports, click Last Status. Details on the latest import are shown. If there is no previous import, a message is displayed. Click Refresh to update the display.
Related Topics
•Import Devices from a File
•Schedule Discovery
•Viewing Inventory and Discovery Task History
Exporting Devices
You can export all managed devices (access points, routers, and switches) and the AAA servers you have added to the following:
•A CiscoWorks server running Resource Manager Essentials—see Exporting Devices to a CiscoWorks Server.
•A comma-separated values (CSV) file—see Exporting Devices to a CSV File.
Discovered devices that are not under management are not exported.
Exporting Devices to a CiscoWorks Server
This option allows you to export all managed devices (access points, switches, and routers) and any AAA servers you have added to a CiscoWorks server. Unmanaged devices are not exported.
The information exported consists of the IP addresses and credentials.
The time required to export devices depends on the number of devices exported and the response from the CiscoWorks server. The following procedure explains how to check the status of the operation.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Discover > Export Devices > To CiscoWorks.
Step 2 Enter the following information:
•The CiscoWorks server IP address.
•The CiscoWorks server port number. You may need to contact the administrator of the CiscoWorks server.
•The username and password of any user who has the authority to export and import device credentials on the CiscoWorks server.
Step 3 Click Export.
Step 4 To see the export status log, click Status. To refresh the status display, click Refresh.
If the Last Status button is displayed in place of the Status button, you can review the results of a previous export.
The following information is included in the export status log:
Type of Information
|
Description
|
Device information
|
Name of the device, device status, and device status details.
The string !{[NO VALUE]}! does not indicate an error; it means information was not available to the CiscoWorks server while it was sending a response to the WLSE.
|
Error messages
|
The following message means that either the host or the port specified in the WLSE export dialog was wrong:
Error: Could not connect to CiscoWorks server:ip_address on port:port_number.
|
The following message means that either the user or password specified in the WLSE export dialog was wrong:
Error: Connected to CiscoWorks server:ip_address on port:port_number successfully, but server returned error after connection.
|
Step 5 After you export devices, you can view them in CiscoWorks Resource Manager Essentials (see the Resource Manager Essentials online help for details).
Exporting Devices to a CSV File
This option allows you to export all managed devices (access points, switches, and routers) and any AAA servers you have added to a CSV file. Devices that are unmanaged are not exported.
The information exported for each device is:
•IP address or hostname
•Community strings
•Telnet password
•Enable password
For more information about CSV files, see Exporting Devices to a CSV File.
Procedure
Step 1 Select Administration > Discover > Export Devices > To CSV File. Device credentials are exported to the file in plain text.
For added security during the transmission of credentials, click Warning: Device credentials will also be exported. For added security, switch to HTTPS. HTTPS will be used for the file download.
If the Security Client window appears:
a. Click Yes.
b. Click View Certificate.
c. Click Install Certificate.
d. Click Next on each screen in the Certificate Import Wizard, then click Finish.
e. Click OK
Step 2 Click Download CSV File, then click Save. Specify the filename and location.
The file is saved to your desktop.
Managing AAA Servers
Before adding Authentication, Authorization, and Accounting (AAA) servers to the WLSE, you must configure the servers to add the WLSE as a client. For information on adding the WLSE as a client on AAA servers, see Set Up AAA Servers.
After you add AAA servers to the WLSE, the WLSE automatically performs periodic logins on each server to monitor the server's response time and availability and displays this information under Reports > Trends.
For information about changing the polling interval and response time fault thresholds for AAA server monitoring, see Specifying Fault Thresholds.
To add, modify, and delete AAA servers on the WLSE, see the following:
•Manage LEAP Servers
•Manage RADIUS Servers
•Manage EAP-MD5 Servers
•Manage PEAP Servers
Related Topics
•Displaying Faults
•Setting Server Response Time
•Specifying Fault Thresholds
•Notification Settings
Manage LEAP Servers
Before adding a LEAP server to the WLSE, you must add the WLSE as a client on the server. For information on adding the WLSE as a client, see Set Up AAA Servers.
After you add LEAP servers to the WLSE, the WLSE automatically performs periodic logins on each server to monitor the server's response time and availability.
Note Your login determines whether you can use this option.
Procedure
To add, modify or delete a LEAP server:
Step 1 To add a LEAP server:
a. Select Administration > Discover > LEAP SERVER > Add Server.
b. Complete the following:
Text Box
|
Description
|
Server Name
|
Name or IP address of the LEAP server.
|
Server Port
|
Port on the server that is used for authentication; this is always 1645.
|
Username
|
Client username that you entered on the LEAP server.
|
Password
|
Client password that you entered on the LEAP server.
|
Secret
|
Shared secret key that you entered on the LEAP server.
|
c. To add the server, click Submit. To clear all data from the textboxes, click Reset.
Step 2 To modify a LEAP server:
a. Select Administration > Discover > LEAP Server > Modify Server.
b. Select a server from the Server Name list, and enter data as described in Step 1.
c. Click Submit.
Step 3 To remove a LEAP server:
a. Select Administration > Discover > LEAP Server > Remove Server.
b. From the list, select the server you want to remove, then click Submit.
Step 4 For information on setting the polling interval and response time fault thresholds for LEAP servers, see Specifying Fault Thresholds.
Related Topics
Managing AAA Servers
Manage RADIUS Servers
Before adding a RADIUS server to the WLSE, you must add the WLSE as a client on the server. For information on adding the WLSE as a client, see Set Up AAA Servers.
After you add RADIUS servers to the WLSE, the WLSE automatically performs periodic logins on each server to monitor the server's response time and availability.
Note Your login determines whether you can use this option.
Procedure
To add, modify or delete a RADIUS server:
Step 1 To add a RADIUS server:
a. Select Administration > Discover > RADIUS SERVER > Add Server.
b. Complete the following:
Text Box
|
Description
|
Server Name
|
Name or IP address of the RADIUS server.
|
Server Port
|
Number of the port on the server that is used for authentication; this is always port 1645.
|
Username
|
Client username that you entered on the RADIUS server.
|
Password
|
Client password that you entered on the RADIUS server.
|
Secret
|
Shared secret key that you entered on the RADIUS server.
|
c. To add the server, click Submit. To clear all data from the textboxes, click Reset.
Step 2 To modify a RADIUS server:
a. Select Administration > Discover > RADIUS Server > Modify Server.
b. Select a server from the Server Name list, and enter data as described in Step 1.
c. Click Submit.
Step 3 To remove a RADIUS server:
a. Select Administration > Discover > RADIUS Server > Remove Server.
b. From the list, select the server you want to remove, then click Submit.
Step 4 For information on changing the polling interval and response time fault thresholds for RADIUS servers, see Specifying Fault Thresholds.
Manage EAP-MD5 Servers
Before adding an EAP-MD5 server server to the WLSE, you must add the WLSE as a client on the server. For information on adding the WLSE as a client, see Set Up AAA Servers.
After you add EAP-MD5 servers to the WLSE, the WLSE automatically performs periodic logins on each server to monitor the server's response time and availability.
Note Your login determines whether you can use this option.
Procedure
To add, modify or delete an EAP-MD5 server:
Step 1 To add an EAP-MD5 server:
a. Select Administration > Discover > EAP-MD5 SERVER > Add Server.
b. Complete the following:
Text Box
|
Description
|
Server Name
|
Name or IP address of the EAP-MD5 server.
|
Server Port
|
Number of the port on the server that is used for authentication; this is always port 1645.
|
Username
|
Client username that you entered on the EAP-MD5 server.
|
Password
|
Client password that you entered on the EAP-MD5 server.
|
Secret
|
Shared secret key that you entered on the EAP-MD5 server.
|
c. To add the server, click Submit. To clear all data from the textboxes, click Reset.
Step 2 To modify an EAP-MD5 server:
a. Select Administration > Discover > EAP-MD5 Server > Modify Server.
b. Select a server from the Server Name list, and enter data as described in Step 1.
c. Click Submit.
Step 3 To remove an EAP-MD5 server:
a. Select Administration > Discover > EAP-MD5 Server > Remove Server.
b. From the list, select the server you want to remove, then click Submit.
Step 4 For information on changing the polling interval and response time fault thresholds for EAP-MD5 servers, see Specifying Fault Thresholds.
Manage PEAP Servers
Before adding a PEAP server to the WLSE, you must add the WLSE as a client on the server. For information on adding the WLSE as a client, see Set Up AAA Servers.
After you add PEAP servers to the WLSE, the WLSE automatically performs periodic logins on each server to monitor the server's response time and availability.
Note Your login determines whether you can use this option.
Procedure
To add, modify or delete a PEAP server:
Step 1 To add a PEAP server:
a. Select Administration > Discover > PEAP SERVER > Add Server.
b. Complete the following:
Text Box
|
Description
|
Server Name
|
Name or IP address of the PEAP server.
|
Server Port
|
Number of the port on the server that is used for authentication; this is always port 1645.
|
Username
|
Client username that you entered on the PEAP server.
|
Password
|
Client password that you entered on the PEAP server.
|
Secret
|
Shared secret key that you entered on the PEAP server.
|
c. To add the server, click Submit. To clear all data from the textboxes, click Reset.
Step 2 To modify a PEAP server:
a. Select Administration > Discover > PEAP Server > Modify Server.
b. Select a server from the Server Name list, and enter data as described in Step 1.
c. Click Submit.
Step 3 To remove an PEAP server:
a. Select Administration > Discover > PEAP Server > Remove Server.
b. From the list, select the server you want to remove, then click Submit.
Step 4 For information on changing the polling interval and response time fault thresholds for PEAP servers, see Specifying Fault Thresholds.
Managing Groups
When you select Administration > Group Management for the first time, only the system-defined groups appear in the device selector. System-defined groups cannot be edited or deleted. For detailed information on groups, see Overview: Groups.
To view information about a group, expand folders or groups until you can select the group you want to view.
You can create your own static or rule-based groups. The group management window allows you to:
•Create a new group—See Creating a New Static Group or Creating a New Rule-Based Group.
•Create a new group by copying an existing group—See Copying a Static Group or Copying a Rule-Based Group.
Note You can create a static group by copying a rule-based group.
•Edit a group—See Editing a Static Group or Editing a Rule-Based Group.
•Delete a group—See Deleting a Static or Rule-Based Group.
Overview: Groups
The Group Management window allows you to view the existing device groups and categorize devices into named groups so that you can perform management tasks on a group of devices as a single operation.
Only managed devices can become members of groups.
A group is a named entity that can contain devices, other groups, or a combination of devices and groups. There are two types of groups:
•System-defined groups—See System-Defined Groups.
•User-defined groups—See User-Defined Groups.
The device selector lists all the current groups, both system-defined groups and user-defined groups. The number after a group name or folder shows how many objects are in the group (devices and other groups) or how many groups are in the folder. Every managed device appears in one or more of the system-defined groups, and may also appear in user-defined groups.
System-Defined Groups
You cannot edit or delete a system-defined group. The system defined groups are dynamic (rule-based), and automatically populated using information read from the devices during discovery and inventory collection. Any changes on devices are reflected in the system-defined groups only after the next discovery or inventory collection has completed.
Tip A complete listing of the supported devices can be found on cisco.com.
There are seven system-defined folders containing system-defined groups. The system-defined folders and groups are:
•Device Type folder—Contains the following groups:
–AAA servers folder—Contains LEAP, RADIUS, EAP-MD5, and PEAP groups. These servers are added to their respective groups after you add them to the WLSE. For more information about adding AAA servers, see Managing AAA Servers.
–AP 1100 group
–AP 1200 group
–AP 1210 group
–AP 340 group
–AP 350 group
Note Any Cisco Aironet 4800 access points that are being managed by the WLSE will appear in the AP350 group.
–Bridge 350 group
–Routers group
–Switches group
•SSID folder—Contains a group for each radio service set ID (SSID) that is configured on access points. For information on configuring SSIDs on access points, see Set Up Devices
•Software Version folder—Contains a group for each software version that is installed on the devices.
•Subnet folder—Contains a group for each subnet that is configured in the network.
•VLAN folder—Contains a group for each VLAN that is configured on the access points.
Note VLAN groups for IOS access points might not be populated if the WEP keys are not configured in each VLAN. VLAN information becomes accessible through SNMP as soon as WEP keys are configured.
•sysLocation folder—Contains groups based on the setting of the sysLocation parameter on devices. To enable creation of system-defined location groups, you must configure a parameter on the device that identifies the device location. See Set Up Devices for information on setting location. The null location group contains all devices that are not configured with their location information.
•Misconfigured Devices group—IOS access points that do not have an ISO view configured. See Set Up IOS Access Points or create a configuration job to correct this condition (see Managing Configuration Jobs).
Devices that get a dot11 mib view fault are automatically placed in this group.
User-Defined Groups
You can define any number of groups, which can contain subgroups and devices. User-defined groups can contain devices and other groups, so you can set up hierarchies of groups. Although there is no limit on the number of levels in the hierarchy, we recommend that you define no more than four levels. Otherwise, system performance degrades and navigation becomes difficult.
User-defined groups can either be static or rule-based. You add devices manually to static groups. For rule-based groups, you specify a set of rules that determine which devices are to be included in the group. When devices that match those rules are placed under management, they automatically become members of the rule-based group.
A user-defined group can contain system groups, which are dynamic (rule-based), as sub-groups of the user-defined group.
Related Topics
•Managing Device Discovery
•Managing Device Inventories
Creating a New Static Group
Note Your login determines whether you can use this option.
To create a new static group:
Procedure
Step 1 Select Administration > Group Management.
Step 2 Click Create Static.
Step 3 Enter a name in the Name text box. Enter a description in the Description text box (optional).
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4 By default, all new groups are added at the top level ([root]). To make your new group a subgroup of an existing group, select a group from the Subgroup Of list.
Note Your new group will be added to the Subgroups Of list so that you can create subgroups in the new group. This list contains only user-defined static groups.
Step 5 Add devices for the new group by searching for devices (optional) and selecting groups from the device selector.
a. To search for devices to add to the group:
–From the list in the search area, select a method for searching:
Method
|
Description
|
Device name
|
Enter device name to search for any device.
|
IP address
|
Enter IP address to search for any device.
|
APs based on client MAC
|
Enter a client MAC address to search for both IOS and non-IOS access points. Finds only access points that are associated with the specified client.
|
APs based on client IP
|
Enter a client IP address to search for non-IOS access points only. Finds only access points that are associated with the specified client.
|
–Enter the IP address, name, or MAC address. You can use an asterisk (*) as a wildcard to denote numbers and letters; for example, *AP or 172.*.*.*.
–Click Search. The matching devices appear in the Search Results folder in the device selector.
b. To add devices to the new group from the device selector:
–Select a group (including the Search Results group) that contains devices you want to add to the new group. The group and all of its devices are added to the Available Devices list in the Create Group dialog.
–Select the group or individual devices from the Available Devices list and click >>.
–To add more devices, select another group.
Note After a device or group is added to the Devices in Group list, it is removed from Available Devices. Clicking on the device or group adds it back to the Available Devices list.
Step 6 To remove devices from the group, select them from the Devices in Group list and click <<.
Step 7 To save the group, click Save. The new group is displayed in alphabetical order in the group list. To cancel the group creation and discard your changes, click Cancel.
Creating a New Rule-Based Group
To create a new rule-based group:
Procedure
Step 1 Select Administration > Group Management.
Step 2 Click Create rule-Based.
Step 3 Enter a name in the Name text box. Enter a description in the Description text box (optional).
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4 By default, all new groups are added at the top level ([root]). To make your new group a subgroup of another group, select a group from the Subgroup Of list.
Step 5 Define the rules for determining the devices that will be added to the group. You must select at least one rule. A rule determines which devices are in the group or which devices are excluded from the group:
•If you select Equals, devices that match the rule definition will be included in the group.
•If you select Not Equals, devices that match the rule definition will be excluded from the group.
The available rules are described in Table 6-10. You can use an asterisk (*) as a wildcard to match any number of characters.
Table 6-10 Criteria for Rule-Based Groups
Rule Name
|
Data to Select or Enter
|
Software Version
|
The name of the software version; for example, 12.01T1, 12.2(4)JA1, or 12*
|
sysLocation
|
The sysLocation defined on devices, if any. The sysLocation null matches all devices that do not have this variable set.
|
Device Type
|
Select an access point type from the list, if this group contains access points. If you select AP350, BR 350 devices will be included in the group as well.
|
Subnet
|
A subnet, in decimal-dot format; for example 172.10.10.10, or 172.*
|
SSID
|
An SSID defined on devices.
|
VLAN ID
|
The existing VLANs configured on managed access points.
|
All of the rules you select are added together (logical and). For example, if you select the following Equals rules: Device Type AP1100, subnet 171.69.* and Software Version 12.2*, only the AP1100 access points in the specified subnet and running the specified firmware will be part of the group.
If you need to group devices that match more than one parameter in a given rule you can create a group that contains subgroups. For example, a group consisting of the AP1100 access points at two different sysLocations could be constructed by creating a group that contains a subgroup for each sysLocation.
Step 6 To preview the group, click Preview. The rule(s) you defined and any currently managed devices that match the rule(s) are displayed.
Step 7 To erase all your entries in the window, click Reset.
Step 8 To save the group, click Save. The new group is added, in alphabetic order, to the list of groups.
All currently managed devices that match the group rules will be added to the group. All devices that become managed later and match the rules will also be added to the group.
Copying a Static Group
Use this procedure to create a new static group by copying an existing static group.
Note You can also create a static group by copying a user-defined rule-based group or a system-defined group. See Copying a Rule-Based Group.
Procedure
Step 1 Select Administration > Group Management. The group selector pane and group dialog box are displayed.
Step 2 Select a system group or static group and click Copy.
Step 3 Edit the name and description, if desired. The description is optional.
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4 By default, the new group will be under the same parent as the group you are copying. To make this group a subgroup of a different group, select a group from the Subgroup Of list.
Note Your new group will be added to the Subgroup Of list.
Step 5 The devices in the group you copied appear in the Devices in Group list. To add more devices, you can search for devices and select devices from existing groups. See Steps 6 and 7 for more information.
Step 6 To search for devices:
a. From the list in the search area, select a method for searching:
Method
|
Description
|
Device name
|
Enter device name to search for any device.
|
IP address
|
Enter IP address to search for any device.
|
APs based on client MAC
|
Enter a client MAC address to search for both IOS and non-IOS access points. Finds only access points that are associated with the specified client.
|
APs based on client IP
|
Enter a client IP address to search for non-IOS access points only. Finds only access points that are associated with the specified client.
|
b. Enter the IP address, name, or MAC address. You can use an asterisk (*) as a wildcard to denote numbers and letters; for example, *AP or 172.*.*.*.
c. Click Search. The matching devices appear in the Search Results group in the device selector.
d. See Step 7 for information about adding the devices from the Search Results group.
Step 7 To select devices from existing groups (including the Search Results group):
a. Select any group, including the Search Results group. Devices in that group are added to the Available Devices list in the Create Group dialog.
b. Select the group or individual devices from the Available Devices list and click >>.
c. To add more devices, select another group.
Step 8 To remove devices from the group, select them from the Devices in Group list and click <<.
Step 9 To save the new group, click Save. The group is added, in alphabetic order, to the list of groups. To cancel group creation and discard your changes, click Cancel.
Related Topics
•Editing a Static Group
•Deleting a Static or Rule-Based Group
•Overview: Groups
Copying a Rule-Based Group
By copying an existing rule-based group (a user-defined group or a system group), you can create a new rule-based group or a new static group.
Procedure
Step 1 Select Administration > Group Management.
Step 2 Select the group you want to copy and click Copy to create a rule-based group or Copy Static to create a static group.
Step 3 Edit the group name and description, if desired. A description is optional.
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4 To make this group a subgroup of another group, select a group from the Subgroup Of list. By default, the new group will be under the same parent as the group you are copying.
Note Your new group will be added to the Subgroup Of list.
Step 5 If you selected Copy Static, you can add devices to the new group by searching for devices or by adding devices from other groups. See Steps 6 and 7 for more information.
Step 6 To search for devices to add to the group:
a. From the list in the search area, select a method for searching:
Method
|
Description
|
Device name
|
Enter device name to search for any device.
|
IP address
|
Enter IP address to search for any device.
|
APs based on client MAC
|
Enter a client MAC address to search for both IOS and non-IOS access points. Finds only access points that are associated with the specified client.
|
APs based on client IP
|
Enter a client IP address to search for non-IOS access points only. Finds only access points that are associated with the specified client.
|
b. Enter the IP address, name, or MAC address. You can use an asterisk (*) as a wildcard to denote numbers and letters; for example, *AP or 172.*.*.*.
c. Click Search. The matching devices appear in the Search Results folder in the device selector.
d. See Step 7 for information about how to add devices to your group from the Search Results group.
Step 7 To add devices from other groups (including the Search Results group):
a. Select a group. Devices in that group are added to the All Available Devices list in the Create Group dialog.
b. Select the group or individual devices from the Available Devices list and click >>.
c. To add more devices, select another group.
Step 8 If you selected Copy Static to create a new static group, you can delete devices from the group by selecting them from the Devices in Group list; then clicking <<.
Step 9 If you selected Copy to create a new rule-based group, you can edit the rules as follows:
Rule Name
|
Data to Select or Enter
|
Software Version
|
The name of the software version; for example, 12.01T1, 12.2(4)JA1, or 12*
|
sysLocation
|
The sysLocation defined on devices, if any. The sysLocation null matches all devices that do not have this variable set.
|
Device Type
|
Select an access point type from the list, if this group contains access points. If you select AP350, BR 350 devices will be included in the group as well.
|
Subnet
|
A subnet, in decimal-dot format; for example 172.10.10.10, or 172.*.
|
SSID
|
An SSID defined on devices.
|
VLAN ID
|
The existing VLANs configured on managed access points.
|
Step 10 To save the group, click Save. The new group is displayed and added to the list of groups in alphabetic order. To cancel group creation and discard your changes, click Cancel.
Editing a Static Group
You can edit user-defined groups, but you cannot edit system-defined groups.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Group Management.
Step 2 Select the group and click Edit.
Step 3 Change the Name or Description by editing the text in the relevant text boxes.
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4 To make the group a subgroup of another group, select a group from the Subgroup Of list. The group you are editing will become a subgroup of the group you select.
Step 5 You can add devices to the group by searching for devices and adding devices from other groups. See Steps 6 and 7 for more information.
Step 6 To add devices to the group by searching:
a. From the list in the search area, select a method for searching:
Method
|
Description
|
Device name
|
Enter device name to search for any device.
|
IP address
|
Enter IP address to search for any device.
|
APs based on client MAC
|
Enter a client MAC address to search for both IOS and non-IOS access points. Finds only access points that are associated with the specified client.
|
APs based on client IP
|
Enter a client IP address to search for non-IOS access points only. Finds only access points that are associated with the specified client.
|
b. Enter the IP address, name, or MAC address. You can use an asterisk (*) as a wildcard to denote numbers and letters; for example, *AP or 172.*.*.*.
c. Click Search. The matching devices appear under the Search Results folder in the device selector.
d. See Step 7 to add devices to your group from Search Results.
Step 7 To add devices from another group (including the Search Results group):
a. Select the group from the group selector. The devices in the group appear in the Available Devices list.
b. Select the group or individual devices from the list and click >>. Devices are placed in the Devices in Group list.
c. To add more devices, select another group.
Step 8 To delete devices from the group, select one or more devices from the Devices in the Group list and click <<.
Step 9 To save your changes, click Save. The edited group is displayed. To discard your changes, click Cancel.
Related Topics
•Creating a New Static Group
•Deleting a Static or Rule-Based Group
•Overview: Groups
Editing a Rule-Based Group
You can edit user-defined groups, but system-defined groups cannot be edited.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Group Management.
Step 2 Select the group and click Edit.
Step 3 Change the Name or Description by editing the text in the relevant text boxes. A description is optional.
For information about the characters allowed in group names and descriptions, see Naming Guidelines.
Step 4 To make the group a subgroup of another group, select a group from the Subgroup Of list. The group you are editing will become a subgroup of the group you select.
Step 5 Edit rules as follows:
Rule Name
|
Data to Select or Enter
|
Software Version
|
The name of the software version; for example, 12.01T1, 12.2(4)JA1, or 12*
|
sysLocation
|
The sysLocation defined on devices, if any. The sysLocation null matches all devices that do not have this variable set.
|
Device Type
|
Select an access point type from the list, if this group contains access points. If you select AP350, BR 350 devices will be included in the group as well.
|
Subnet
|
A subnet, in decimal-dot format; for example 172.10.10.10, or 172.*.
|
SSID
|
An SSID defined on devices.
|
VLAN ID
|
The existing VLANs configured on managed access points.
|
Step 6 To save your changes, click Save. The edited group is displayed. To discard your changes, click Cancel.
Deleting a Static or Rule-Based Group
You can delete user-defined (static or rule-based) groups, but you cannot delete system-defined groups.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Group Management.
Step 2 Select the group from the group selector list.
Step 3 Click Delete.
Related Topics
•Overview: Groups
•Editing a Static Group
•Creating a New Static Group
Managing the Appliance
Options under the Appliance subtab allow you to manage the WLSE system and use connectivity tools. When you select Administration > Appliance, the following options are displayed:
•Status—Gather and view WLSE statistics and restart the machine (see Viewing WLSE Status).
•Software—Update, reinstall, view status, and define the repository for the WLSE software (see Managing WLSE Software).
•Security—Manage WLSE security features, such as telnet, SSL, and authentication modules (see Managing Security).
•Backup and Restore—Configure backup location, backup data, and restore data (see Backing Up and Restoring Data).
•Diagnostics—Troubleshoot, run self-tests, view process status (see Using Diagnostics).
•Splash Screen—Customize the splash screen message (see Specifying a Splash Screen Message).
•Time/NTP/Name—Set the current time (see Set the Current Local and UTC Time), specify NTP servers (see Specify NTP Time Servers), and specify IP name servers (see Specify Name Servers).
•Configure Mailroute—Specify an SMTP server for handling email notifications (see Configuring the Mail Route).
•Connectivity Tools—Test device connectivity and reachability and find the values of SNMP variables (see Using Connectivity Tools).
Note Your login determines whether you can use these options.
Viewing WLSE Status
The Status options include:
•Using log files (see Managing Log Files).
•Restarting the WLSE (see Restarting the Wireless LAN Solution Engine).
Managing Log Files
This option allows you to view the contents of WLSE log files, download logs, search for data in logs, and email logs.
Procedure
Step 1 Select Administration > Appliance > Status > View Log File. The following information is displayed:
Field
|
Description
|
Log file
|
Name of the log file.
|
Directory
|
Location of log file on WLSE.
|
File Size
|
Size of file in bytes.
|
View
|
Displays a log file in a separate window.
|
Download
|
Saves a log file to your desktop or other location.
|
Step 2 To see a log file's details, click View. For a description of each file, see Log Files Displayed.
Step 3 To download a log file, click Download.
Note If this method of saving does not work, right click the Download button for the file and use the browser menu to save the file.
Step 4 To search for specific data within the log files, select one or more log files and enter a keyword into the Keyword text box. Click Case Sensitive if you want your search to be case sensitive, then click Search. A separate window displays the results of the search.
Step 5 To email log files, select one or more files and enter one or more comma-separated email addresses in the E-Mail Selected Log Files textbox. Click Send.
Log Files Displayed
The WLSE maintains the following log files.
Log File
|
Content
|
access_log
|
Web server user access log.
|
backup.log
|
The results of backup and restore operations and of testing the reachability of the backup location. This log only appears after you have performed one of these operations.
|
daemons.log
|
Log file for logging messages that dmgtd does not log.
|
dataUpdate.log
|
Results of software upgrades and changes. This log appears only after you have performed one of these operations.
|
db2.log
|
Shows information about database startups due to installations or reboots.
|
dmgtd.log
|
Process Management daemon log file.
|
error_log
|
Web server error log.
|
faults.log
|
Log for device fault information.
|
install.log
|
Software package installation log.
|
jobvm.log
|
Log for all scheduled tasks.
|
mfgtest.log
|
Log for the manufacturing test.
|
mod_jk.log
|
Message log for hook between Tomcat and Apache.
|
snmpd.log
|
SNMP agent log file.
|
ssl_request_log
|
Log for secure socket layer web server events for https.
|
tomcat.log
|
Java servlet messages.
|
Restarting the Wireless LAN Solution Engine
This option allows you to restart the WLSE. After restart, discovery and inventory will resume at the next scheduled time.
Procedure
Step 1 Select Administration > Appliance > Status > Restart.
Step 2 Click OK to restart the WLSE.
Note To perform a manual soft restart (for example, when modifying a network interface) you can use the CLI commands. (See "Using the Command Line Interface (CLI)"—From the Online Help, click View PDF.)
Related Topics
•Managing Device Discovery
•Managing Device Inventories
Managing WLSE Software
The Software options are:
•Status—Currently installed software information, such as software description, installation date, and installation status (see Viewing Software Status).
•Define Repository—Specify the repository location. The repository provides software update services to the WLSE (see Managing the Repository).
•Software Updates—Select and install a software update from the repository. You must specify the repository before updating software so the WLSE can locate the software updates (see Installing Software Updates).
Note For complete information about installing software updates, see the Readme file that accompanies the software image on Cisco.com.
•Browse Repository—Browse the available complete images and software upgrades on the repository (see Browsing the Repository).
•Software Update History— Information about current and previous versions of installed software, including version number, install date, and installation status (see Viewing Software Update History).
Viewing Software Status
You can view information about the software currently installed on the WLSE.
Procedure
Step 1 Select Administration > Appliance > Software > Status. The Installed Software table contains the following information about all the software currently installed on the WLSE:
Field
|
Description
|
Software Name
|
Brief description of the software.
|
Installation Date
|
Date and time (UTC) the software was installed.
|
Status
|
Status of the installation.
|
Details
|
Detailed install log for this software.
|
The Last Installation Information table contains the following information about the most recent software installation:
Field
|
Description
|
Name
|
Brief description of the software.
|
Installation Status
|
Status of the installation.
|
Log File
|
Detailed install log for this software.
|
Step 2 To view details about an installation, click View Log in the Details field.
The install log for the selected installation opens. The information about the latest software installed is displayed.
Related Topics
•Viewing Software Update History
•Installing Software Updates
•Managing WLSE Software
Managing the Repository
The software repository stores the available software updates for the WLSE. The repository can be either local (on the WLSE), or remote (on a Windows NT, Windows 2000, or Windows XP server). The default is a local repository.
Downloading the Upgrade Image
Download the upgrade file from Cisco.com to an FTP server from one of the following Cisco.com URLs:
http://www.cisco.com/public/sw-center/cw2000/crypto/wlan-sol-eng
ftp://ftp.cisco.com/cisco/crypto/3DES/cw2000/wlan-sol-eng
Note WLSE update images are subject to import/export regulations respecting strong encryption. Before you are allowed to download the image, you may be directed to edit your Cisco.com profile to confirm that you are allowed to download such images.
The upgrade zip file and the info file must be in the same directory on the FTP server. Do not extract the zip file.
Defining the Repository
By defining the repository, you are telling the WLSE where to look for available software updates. You can download software from the repository and install it on the WLSE, and you can browse the available software versions on the repository.
Before you can define the repository, you must first create it:
•To create a local repository, see Creating a Local Repository.
•To create a remote repository, see Creating a Remote Repository.
Procedure
Step 1 Select Administration > Appliance > Software > Define Repository.
Step 2 To define or redefine the repository, complete the following:
Text Box
|
Description
|
Host Name
|
The hostname or IP address of the repository. For the local repository, enter localhost.
|
Port Number
|
The port number used by the software on the repository. The default port number for the local repository is 9851.
|
Description
|
A description of the repository. This text box is optional; you can enter any description.
|
Step 3 Click Connect to Repository to verify that the hostname and port number you entered are correct. If the data is incorrect, an error message appears.
Related Topics
•Installing Software Updates
•Browsing the Repository
•Managing WLSE Software
Creating a Local Repository
A WLSE can serve as the repository for itself and other WLSEs.
You use CLI commands to create a local repository.
Note To use the local repository, you must be downloading software updates from an FTP site.
For more information about CLI commands, from the online help click View PDF.
Procedure
Step 1 Open a CLI window to the WLSE, using Telnet or SSH.
Step 2 Specify the FTP site that will be the source of the software updates. Use the following CLI command:
repository source ftp://hostname/path
Step 3 Find the software you want on the FTP site.
Step 4 Download the software to the repository using the following command:
repository add package
Creating a Remote Repository
A remote repository can serve as the repository for one or more WLSEs. The remote repository can be either:
•A WLSE functioning as the remote repository for other WLSEs.
•A Windows NT, Windows 2000, or Windows XP server. A remote repository created on a Windows server is temporary; it will not exist after the server reboots.
Note If you are using a WLSE as a remote repository, see Creating a Local Repository.
To use a Windows NT, Windows 2000, or Windows XP server as a remote repository:
Procedure
Step 1 If you are using a Windows XP server as a repository to update WLSE 2.0 software and you are using the Internet Explorer 6.0 browser on the client, configure the browser on the repository as follows to make sure the update process works properly. Otherwise, the display during the update process does not work properly.
a. Install Java Plugin 1.3.1_08 or later.
b. In the browser, select Tools > Internet Options > Privacy and lower the slider all the way down to achieve the Accept all Cookies setting.
Step 2 Download the ZIP file containing the update to the respository. Then extract the file to any empty directory; for example, D:\WLSE_repository.
Note You can find the latest updates at ftp.cisco.com.
Step 3 Open a command window, create a virtual drive, and map the virtual drive to the drive containing the update file; for example:
subst f: d:\WLSE_repository
Note The virtual drive (f: in this example) will be removed after you reboot the Windows 2000, Windows NT, or Windows XP server.
Step 4 Double-click the virtual drive icon. Then, double-click the autorun.bat file if it does not automatically run.
A browser window opens.
Step 5 Enter the IP address of the WLSE.
Step 6 Log in to the WLSE as a user with system administration privileges.
Step 7 The list of available images appears.
If cookies are not enabled on the browser, the window does not appear immediately; you must perform the following steps:
a. Select Administration > Appliance > Software > Define Repository.
b. Enter the hostname or IP address of the Windows repository. Then enter 9851 for Port Number. Click Connect to Repository.
c. Select Administration > Appliance > Software > Browse Repository to check the update image
d. Select Administration > Appliance > Software > Install Software Updates.
Step 8 Select the desired image and click Install.
Step 9 To verify that the image was successfully installed, select Administration > Appliance > Software > Status.
Related Topics
Creating a Local Repository
Installing Software Updates
Note When you update or reinstall software, the WLSE stops and restarts. Therefore, you cannot access the WLSE during a software update, and you must log in again after updating software.
Note A few settings are not restored after an upgrade to WLSE 2.0 software from earlier versions. Also, data for some reports is lost. For more information, see Settings and Data Not Retained after Upgrade to WLSE 2.0.
Procedure
Step 1 If you are using Internet Explorer 6.0 on a Windows XP client to update WLSE software, make sure Java Plugin 1.3.1_08 is installed on the browser. Otherwise, certain displays during the upgrade process do not work properly.
Step 2 Before upgrading WLSE software, back up the configuration. The upgrade attempts to preserve the WLSE database, but a backup is needed in case of errors during the upgrade. For information on backing up the WLSE's configuration, see Backing Up and Restoring Data.
Step 3 Select Administration > Appliance > Software > Install Software Updates. The Install Software Updates window opens and displays information about the WLSE, the currently defined repository, and the compatible software available for updating.
Step 4 Select a software version from the Compatible Updates table, Compatible Reinstallations table, or Complete Images table.
These tables display the following information about the software you can install.
Field
|
Description
|
Name
|
Software identifier.
|
Version
|
Version number of the software.
|
Summary
|
Brief description of the software.
|
Release Date
|
Release date of the software.
|
Details
|
Detailed description of the software.
|
Step 5 To view details about any of the listed software, click README in the Details field.
Step 6 To begin the installation, make a selection from the Compatible Updates table, Compatible Reinstallations table, or Complete Images table.
Step 7 To install the selected software, click Install. The Install Software Updates window opens.
Step 8 Click Confirm to continue the installation. Click Cancel to cancel the installation.
When the installation is complete, the WLSE will be unavailable for a few minutes while it restarts. The Login screen will appear when the update is complete.
Step 9 You can view details of the installation after the installation is complete. Select Administration > Appliance > Software > Status > View Log.
Related Topics
•Managing the Repository
•Viewing Software Status
•Viewing Software Update History
•Browsing the Repository
•Managing WLSE Software
Settings and Data Not Retained after Upgrade to WLSE 2.0
The following data and settings are not retained after you upgrade a WLSE to release 2.0 software. This information cannot be restored from a backup.
Browsing the Repository
You can browse the available complete images and software upgrades on the repository using this option.
Note A repository must be defined in order to browse software. To define the repository, see Managing the Repository.
Procedure
Step 1 Select Administration > Appliance > Software > Browse Repository.
Step 2 To view detailed information about a complete image or update, click README in the Complete Images table or Updates table. These tables display the following about all the software available on the repository:
Field
|
Description
|
Name
|
Software identifier.
|
Version
|
Version number of the software.
|
Appliance Type
|
The appliance type that the software is designed for.
|
Release Date
|
Release date of the software.
|
Summary
|
Brief description of the software.
|
Details
|
Detailed description of the software. Click README to display details.
|
Related Topics
•Installing Software Updates
•Managing WLSE Software
Viewing Software Update History
This window shows only the update history, not a history of installed images. If you install a complete new image, the previous update history will be erased.
Procedure
Step 1 Select Administration > Appliance > Software > Software Update History. The following information is displayed:
Table 6-11 Software Update History Window
Field
|
Description
|
Name
|
Software identifier.
|
Version
|
Software version.
|
Summary
|
Summary of the installed software.
|
Install Date
|
The date and time (UTC) the software was installed.
|
Status
|
The status of the installed software.
|
Status
|
The status of the installation:
Success—Software was installed with no errors.
Warning—Software installed successfully with minor errors.
Error—Software installation was unsuccessful.
|
Details
|
The detailed install log for this installation, including warning and error messages.
|
Step 2 Click View Log in the Details field to view the detailed install log for a software installation.
Related Topics
•Viewing Software Status
•Browsing the Repository
•Managing WLSE Software
Overview: Security
The WLSE provides the following security features:
•Optional secure connection through a Web browser
•Connection through the CLI via Telnet or SSH
•Authentication through the local database or through alternative authentication services
•Flexible user access to managed devices and WLSE services through configurable roles.
You can manage your system's security by:
•Selecting an Authentication Module
•Disabling or Enabling Telnet and Selecting SSH
•Viewing the Last 10 Logged-On Users
•Administering Users
Managing Security
The Security options are:
•Authentication Modules—Choose the authentication module used (see Selecting an Authentication Module).
•SSL (HTTPS)—Obtain a permanent, signed Certificate Signed Request for secure Web access (see Managing SSL (HTTPS)).
•Telnet and SSH—Configure Telnet and SSH settings (see Disabling or Enabling Telnet and Selecting SSH).
•Last 10 Logins—View information about the last 10 users who have logged on to the WLSE (see Viewing the Last 10 Logged-On Users).
Overview: Authentication Modules
The WLSE provides a mechanism for authenticating users through the local authentication module and a local database of user IDs and passwords. Many network managers, however, already have an authentication service. To use your own authentication service instead of the local module, you can select one of the alternative modules:
•TACACS+
•Radius
•MS NT Domain
After you select and configure a module, all authentication transactions are performed by the authentication service associated with that module. Users log in with the user ID and password associated with the current authentication module.
The WLSE determines user roles; therefore, all users must be in the local database of user IDs and passwords. A user's role determines the services and devices that the user can access. Users must have the same user ID locally as they have in the alternative authentication source, but the local password and authentication service password do not have to be same.
Users who are authenticated by an alternative service and who are not in the local database have no roles assigned to them. Users who have no roles see only the splash screen after logging in and cannot view screens or perform tasks.
If the alternative authentication service fails, the Wireless LAN Solution Engine defaults to the Local authentication module. Even if the local user database fails, you can always log in as the admin user.
Related Topics
•Selecting an Authentication Module
•Administering Users
Selecting an Authentication Module
You can use your existing authentication method to authenticate WLSE users by selecting one of the WLSE's login modules. For information on using an authentication service for CLI access via Telnet or SSH, see Selecting an Authentication Module for CLI Access via Telnet or SSH.
Note Even if you are using your own authentication service, all users must still be in the local database of users. For information on adding users to the local database, see Administering Users.
Procedure
Step 1 Select Administration > Appliance > Security > Authentication Modules.
Step 2 Select an authentication module from the Select Module drop down list, then click Submit.
Step 3 Depending on the authentication module you selected, enter the following data, then click Submit:
•RADIUS module or TACACS+ module:
–Primary Server and Secondary Server—IP addresses or device names of the primary and secondary authentication servers. A secondary server is optional.
–Shared Secret—Secret key.
•MS NT Domain module:
–Domain—Name of the Windows domain.
–Primary Domain Controller and Backup Domain Controller—Names of the primary and backup Windows domain controllers. A backup domain controller is optional.
After you change the authentication module, you do not have to restart the WLSE. Changing the module does not affect users who are currently logged on. Users who log on after the change use the new module.
Related Topics
Overview: Authentication Modules
Selecting an Authentication Module for CLI Access via Telnet or SSH
To set up a WLSE authentication module for users to log in to the CLI by using TACACS+ or RADIUS:
Procedure
Step 1 Log in to the CLI as a user with level 15 privileges.
Step 2 Enter one of the following commands:
auth cli tacacs secret server
auth cli radius secret server
where secret is the shared secret configured on the authentication server, and server is the IP address or hostname of the authentication server.
Managing SSL (HTTPS)
SSL (secure socket layer) protocol provides a secure connection between Web clients and the WLSE. When you initially set up the WLSE, an unsigned certificate and a CSR (Certificate Signed Request) are automatically generated and SSL is enabled. The unsigned certificate expires in one year. To obtain a permanent, signed certificate, use the following procedure.
Note To establish a connection to the Wireless LAN Solution Engine using SSL, use the prefix https instead of http when entering the URL into the browser and do not append a port number to the URL.
Procedure
Step 1 Select Administration > Appliance > Security > SSL (HTTPS).
Step 2 Click View CSR. The encrypted CSR is displayed.
Step 3 Copy the encrypted CSR (between the begin and end lines). Send the CSR to a certificate authority (such as Verisign), following the authority's procedure.
Step 4 When you receive the signed certificate:
a. Copy it into an ASCII file on a client system.
b. On the same client, select Administration > Security.
c. Under SSL (HTTPS), type the path to the signed certificate or click Browse to locate the file, then click Submit Certificate.
d. To use the new certificate, you need to restart the Wireless LAN Solution Engine by logging on through the CLI, running the services stop command to stop the system, then running the services start command to restart the system.
Step 5 You should block logins on the regular HTTP port (1741):
a. Log in to the WLSE by using the console or by using Telnet or SSH.
b. Enter the following CLI command:
For more information on this command, see the User Guide for the CiscoWorks Wireless LAN Solution Engine; from the online help click View PDF.
Related Topics
Overview: Security
Disabling or Enabling Telnet and Selecting SSH
Telnet is used for connecting to the WLSE through the CLI. By default, Telnet is enabled. SSH is enabled by default. To prevent unsecure connections through the CLI, you can disable Telnet.
SSH provides a secure Telnet connection, encrypting all traffic, including passwords. By default, both SSH1 and SSH2 are used.
Procedure
Step 1 Select Administration > Appliance > Security > SSH and Telnet.
Step 2 To change the type of SSH used, select the desired SSH version from Select Protocol, then click Change Protocol.
Step 3 To enable or disable Telnet, make a selection from Telnet, then click Configure.
Changes takes place immediately.
Related Topics
Overview: Security
Viewing the Last 10 Logged-On Users
To view information about the last 10 users who have logged on to the WLSE:
Procedure
Step 1 Select Administration > Appliance > Security > Last 10 Logins.
The Last 10 Logins table shows the following information for the last 10 logins:
Field
|
Description
|
Login Name
|
User's login name.
|
Logged In Since
|
Date and time the user logged in (UTC).
|
IP Address
|
IP address of the system from which the user logged in.
|
Associated role
|
Role assigned to the user.
|
Related Topics
Overview: Security
Backing Up and Restoring Data
Backing up the WLSE saves its configuration data in case you need to restore the data. The data backed up is role and user information, discovery configuration information, and other configuration information.
When you select Administration > Appliance > Backup and Restore, the following options appear:
•Configure—You must set the backup location before you can run backups (see Specifying the Backup Location).
•Backup—Schedule a backup of WLSE data or run an immediate backup, (see Scheduling and Running Backups).
•Restore—Restore an available backup image (see Restoring Data).
Note You can restore data backed up on one WLSE to another WLSE. You cannot; however, restore backup data from a WLSE 1130 to a WLSE 1105. For information on restoring from one WLSE to another, see Copying Configuration Data from One WLSE to Another.
Specifying the Backup Location
The backup location must be running an FTP server because the WLSE uses FTP to transfer the backup data.
Note If you are using a Windows 2000 or Windows XP server as the backup location, you must configure it for UNIX directory mode. See Configuring a Windows 2000 or Windows XP Server as a Backup Location.
Procedure
Step 1 Select Administration > Appliance > Backup and Restore > Configure.
Step 2 Enter the following data:
•The hostname or IP address for the backup location.
•The username you use on the backup location machine.
•The password you use on the backup location machine. Reenter the password.
•Optional—The path to the backup location. When specifying the path on a Windows 2000 or Windows XP server:
–Use either forward slashes (/) or backslashes (\) as directory separators.
–Do not include the drive specifier (for example c:\).
–The path is relative to the ftp root.
–The backup mechanism can create one directory level for you; anything under this level must already exist.
Step 3 Click Save.
Step 4 To verify that the backup location is reachable and is running an FTP server, click Test.
Related Topics
•Scheduling and Running Backups
•Restoring Data
•Configuring a Windows 2000 or Windows XP Server as a Backup Location
Configuring a Windows 2000 or Windows XP Server as a Backup Location
To serve as a backup location, a Windows 2000 or Windows XP server must be configured for UNIX directory mode.
Procedure
Step 1 On the server, select Start > Settings > Control Panel > Administrative Tools > Internet Services Manager.
If this option is not available on the server, enable it as follows:
a. Select Start > Settings > Control Panel > Add/Remove Programs.
b. On the left side of the Add/Remove window, click Add/Remove Windows Components. The Windows Components wizard starts.
c. Check the checkbox for Internet Information Services, then click Next.
Step 2 From the Tree panel, select the Windows 2000 or Windows XP system name.
Step 3 In the Description panel, right-click Default FTP Server. Then click Properties.
Step 4 In the Home Directory tab:
•Select UNIX under Directory Listing Style.
•Select Write under FTP Site Directory.
Scheduling and Running Backups
Data backed up includes role and user information, discovery configuration information, and other configuration information. The following procedure includes a verification step; it is recommended that you always verify that the backup succeeded.
Note You should perform a backup every time you add a user.
Procedure
Step 1 Make sure the backup location has been specified (see Specifying the Backup Location).
Step 2 Select Administration > Appliance > Backup and Restore > Backup.
Step 3 To run an immediate backup, click Backup Now. The WLSE saves the backup image.
Step 4 To schedule automatic backups:
a. Enter the start date and time:
–Select Every Month or a specific month.
–Select Every Day, a day of the week, or a day of the month.
–Select the time as hours (24-hour clock) and minutes (5-minute increments).
b. Click Schedule Backup.
To cancel a scheduled backup, click Remove Scheduled Backup.
Step 5 There are several ways to verify that the backup succeeded:
•Check the log file under backup.log file under Administration > Appliance > Status > View Log File.
•Select Administration > Appliance > Backup and Restore > Restore. The backup image should be listed in the Available Images list. Click Cancel.
•Log in to the backup location system and verify that there is a backup directory containing WLSE hostname_date_time.inf and WLSE hostname_date_time.tar files.
Related Topics
Restoring Data
Restoring Data
To restore the WLSE's configuration data from a backup:
Procedure
Step 1 Select Administration > Appliance > Backup and Restore > Restore.
Step 2 From the Available Images list, select a backup image. Images are listed by Wireless LAN Solution Engine hostname and date and time of backup.
Step 3 Click Restore. The Restore Backup window opens.
Step 4 Click OK.
The Wireless LAN Solution Engine shuts down and restarts while data is being restored.
Related Topics
•Scheduling and Running Backups
•Specifying the Backup Location
Copying Configuration Data from One WLSE to Another
You can back up data from one WLSE and copy it to another by using the backup and restore features. If you are replacing one WLSE with another, see the instructions in the Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine, 2.0.
Note You cannot restore a backup from a WLSE 1130 to a WLSE 1105.
Step 1 Back up the data on the source WLSE. For more information, see Backing Up and Restoring Data.
Step 2 If you have installed a new WLSE and have not configured it yet, run the setup program and complete the initial configuration.
For information on the setup program and initial configuration, see the Quick Start Guide for CiscoWorks 1130 Wireless LAN Solution Engine or the Installation and Configuration Guide for the Cisco Works Wireless LAN Solution Engine, 2.0.
Step 3 Restore configuration data to the destination WLSE, using the backup you made in Step 1. For information on restoring backups, see Backing Up and Restoring Data.
Step 4 Run the erase config CLI command and allow the WLSE to reboot.
For more information on this command, see the User Guide for the CiscoWorks Wireless LAN Solution Engine, 2.0—from the online help, click View PDF.
Step 5 Run the setup program on the destination WLSE to restore the basic configuration settings.
Using Diagnostics
The Diagnostics options are:
•WLSE Info—Gather troubleshooting information about the WLSE status and create status reports (see Viewing and Creating a Status Report).
•Self Test—Create and display self tests (see Viewing and Creating a Self-Test Report).
•Processes—View WLSE process status, stop and start processes (see Viewing Processes).
Viewing and Creating a Status Report
The WLSE information and status report shows general WLSE status, log files, package information, database status, process status, web server information, Java class information, and log files.
Note Status reports show UTC time.
Procedure
Step 1 Select Administration > Appliance > Diagnostics > WLSE Info.
Step 2 To display a report, click its name. If there are no reports listed, you can create a report by clicking Create.
Step 3 To create a new report, click Create. It will take five to seven minutes for the report to be complete. To display the new report, click its name. If the new report is not listed, click Refresh.
Step 4 To delete a report, click the report check box, then click Delete.
Related Topics
•Viewing and Creating a Self-Test Report
•Viewing Processes
Viewing and Creating a Self-Test Report
Self-tests show the status of WLSE memory, the database, DNS setup, and backup location configuration. Self-test reports indicate whether the tests passed or failed.
Note Self-test reports show timestamps as UTC time.
Procedure
Step 1 Select Administration > Appliance > Diagnostics > Self Test.
Step 2 To display a report, click its name. If there are no reports listed, you can create a new report by clicking Create.
Step 3 To display the new report, click its name. If the report is not displayed, click Refresh.
Step 4 To delete a report, select the report check box, then click Delete.
Related Topics
•Viewing and Creating a Status Report
•Viewing Processes
Viewing Processes
You can view the status of the major processes running on the Wireless LAN Solution Engine using this option. You can also start and stop processes and access complete reports.
Procedure
Step 1 Select Administration > Appliance > Diagnostics > Processes. The Process Report displays the following:
Column
|
Description
|
Process name
|
Describes how a process is registered. For information on the processes displayed, see Processes Displayed.
|
State
|
Process status and a summary of the log file entries for the process.
|
Pid
|
Process ID. A unique number by which the operating system identifies each running program.
|
RC
|
Return code. "0" means normal program operation. Any other number typically represents an error. Refer to the error log.
|
Signo
|
Signal number. "0" means normal program operation. Any other number is the last signal delivered to the program before it terminated.
|
Start Time
|
Time (UTC) and date the process was started.
|
Stop Time
|
Time (UTC) and date the process was stopped.
|
Core
|
"Not applicable" means the program is running normally.
"Core file created" means the program is not running normally and the operating system has created a core file. The core file stores important data about processes.
|
Information
|
What the process is doing. "Not applicable" means the program is not running normally.
|
Step 2 Perform any or all of these tasks:
•To view details, click any process name. For more information, see Daemon Information.
•To view process status, click any process state. For more information, see System Log.
•To stop a process, select the check box next to the process name and click Stop. The Process Status table displays the new status and other process information. The WebServer and Tomcat processes cannot be stopped.
•To start a stopped process, select the check box next to that process name and click Start. The Process Status table displays the new status and other process information.
•To update the Process Status table with the latest data, click Refresh. The table does not automatically update.
•To see a complete report of all processes running on the WLSE, click Complete Report.
Processes Displayed
The Process Report table displays the status of the following major WLSE processes:
Process Name
|
Description
|
WLSEjobvm
|
The job virtual machine.
|
WLSEFaults
|
The fault manager.
|
WebServer
|
The Web Server.
|
Tomcat
|
The Java servlet engine.
|
ExcepReporter
|
The process that forwards traps.
|
CDPbrdcast
|
The CDP daemon that identifies Cisco devices to their immediate neighbors.
|
PerfMon
|
The process that monitors performance.
|
Daemon Information
The Daemon Information dialog box displays the following:
Field
|
Description
|
Process
|
The process name.
|
Path
|
The file location.
|
Flags
|
The flags used to register the process with the Daemon Manager.
|
Startup
|
The method used to start the process.
|
Dependencies
|
The other processes that must be running for this process to run.
|
System Log
The system log, which describes the status of the processes running in the system, displays the following:
Field
|
Description
|
Timestamp
|
The date and time the message is logged.
|
Process
|
The process that logged the message.
|
Type
|
The message type, such as INFO, WARNING, CRITICAL.
|
Information
|
The process status as known by the Daemon Manager.
|
Specifying a Splash Screen Message
The Splash Screen option allows you to set up a message that is displayed when a user logs in. After viewing the message, the user clicks Agree to continue logging in or Disagree to log out.
Procedure
Step 1 Select Administration > Appliance > Splash Screen.
Step 2 Enter the message to be displayed.
Step 3 Check the Enable check box, then click Apply. The splash screen message is enabled.
Note You must check Enable for the message to appear.
Setting the Time and Specifying Name Servers
The Administration > Appliance > Time/NTP/NAME option allows you to:
•Set the Current Local and UTC Time
•Specify NTP Time Servers
•Specify Name Servers
Set the Current Local and UTC Time
You can set the time from the Web interface or the CLI. Current local (browser) time appears in most WLSE displays, and Universal Coordinated Time (UTC) appears in log files.
Set the Current Local Time
To set the time that appears in the Web interface, use the following procedure. Because there is a single system clock, setting the time here also updates the UTC time.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Appliance > TIME/NTP/NAME.
Step 2 In the Current Time area, select the new time and date parameters from the lists and click Update.
Set the UTC Time
To set the current time on the WLSE by using the CLI, use the following command to set UTC time:
clock {set hh:mm:ss month day year}
For more information on this command, from the online help click View PDF.
Specify NTP Time Servers
This option allows you to maintain the current time on the WLSE by using NTP (Network Time Protocol) servers.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Appliance > TIME/NTP/NAME.
Step 2 To remove an NTP server, select it from the Current Servers list and click Remove.
Step 3 To add an NTP server, enter the server's IP address in the NTP Server IP Address text box and click Enable.
Specify Name Servers
You can specify the addresses of up to three name servers for name and address resolution.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Appliance > TIME/NTP/NAME.
Step 2 To remove a name server, select it from the Current Servers list and click Remove.
Step 3 To add a name server, enter its IP address in the Name Server IP Address textbox and click Enable.
Configuring the Mail Route
To ensure that WLSE email notifications reach their destinations, you can configure the WLSE's mail route by specifying an SMTP mail server. This setting affects emailing notifications about firmware and configuration jobs, emailing reports, and emailing fault notifications.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Appliance > Configure Mailroute.
Step 2 Enter the hostname or IP address of an SMTP mail server on your network and click Save.
Step 3 To remove the mail route, click Remove.
Using Connectivity Tools
When you select Administration > Appliance > Connectivity Tools, the following options for testing device connectivity and reachability are displayed:
•Network Tools—ping, traceroute, nslookup, TCP port scan, SNMP reachability (see Using Network Tools).
•SNMP Query Tool—query a device's SNMP variables (see Using the SNMP Query Tool).
Using Network Tools
The Network Tools option offers several tools for testing device connectivity.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Appliance > Connectivity Tools.
Step 2 Enter a device name or IP address in the Device text box.
Click one of the following option buttons. A results window tells you whether the connectivity test was successful. Pressing Enter will not work. You must click a button.
Table 6-12 Connectivity Tools
Button
|
Description
|
Results
|
Ping
|
Tests device reachability.
|
If successful, statistics are displayed on the packets transmitted and received.
|
Traceroute
|
Detects routing errors between the WLSE and a device.
|
If successful, the routes to the device are displayed.
|
NSLookup
|
Looks up hostname or IP address information via the name server.
|
If successful, displays the name server name and IP address and the device name and IP address.
|
TCP Port Scan
|
Finds the active ports on a device.
|
Displays the active ports.
|
SNMP Reachable
|
Tries to reach a device by using SNMP. To reach a device by using SNMP, the device's credentials must be in the WLSE database. To check this, select Administration > Discover > DEVICE CREDENTIALS > SNMP Communities.
|
If the device is reachable, its sysObjID is displayed.
|
Step 3 Click Close to close the results window.
Using the SNMP Query Tool
This tool allows you to find the value of a specified SNMP variable. Normally, this tool is used under the direction of Cisco TAC when they are assisting you with troubleshooting a problem.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > Appliance > Connectivity Tools > SNMP Query Tool.
Step 2 Enter the device's IP address or hostname and the OID of the SNMP variable.
Step 3 Click Get to display a single-value variable.
Step 4 Click Get Table to display a variable that consists of a table.
Step 5 Click Clear to clear your entries.
General System Settings
The Admin > System subtab provides options for:
•Setting global parameters—See Managing System Parameters.
•Importing information about newly supported device firmware versions—See Updating Supported Firmware Versions.
•Displaying supported versions—See Viewing Supported Firmware Versions.
Managing System Parameters
The System Parameters option allows you to reset global parameters that affect inventory polling intervals, job history retention, and retention of reports data.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > System > System Parameters. The parameters described in System Parameter Details are displayed in the System Parameters window.
Step 2 To change parameter values, select new values from the pulldown lists.
Step 3 To reset parameters to their previous values, click Reset before clicking Apply.
Step 4 To save your changes, click Apply. To return to the System Parameters window, click Back.
System Parameter Details
The following tables describe the parameters displayed when you select Administration > System > System Parameters.
•Polling Interval Parameters—Control the intervals during which inventory, wireless client, and performance data will be collected (see Table 6-13).
•Fault and Job Truncation Parameters—Control the amount of data displayed in fault history tables and job history tables (see Table 6-14).
•Data Retention Parameters—Control how long to retain the raw and aggregated data used in trend reports (see Table 6-15).
Table 6-13 Polling Interval Parameters
Parameter
|
Description
|
Values
|
Inventory Poll Interval
|
Interval during which configuration data will be collected from the devices for inventory. This is the data shown in any Web interface device detail table.
|
Default: 12 hours
Minimum: 1 hour
Maximum: 7 days
|
Wireless Client Poll Interval
|
Interval during which data is collected for client inventory. Also, the interval at which Wireless Client reports are updated. Decreasing the interval provides more data points in reports.
Tip When managing more than 1,000 access points, you should increase this parameter. The default polling interval generates too much traffic when large numbers of access points are being managed. To poll a set of clients at frequent intervals, use the Scheduled Inventory feature instead of decreasing this parameter; see Run Scheduled Inventory—Selected Devices.
|
Default: 51 minutes
Minimum: 17 minutes
Maximum: 7 days
|
Performance Attributes Poll Interval
|
Interval during which performance and utilization data are collected from the devices for the performance inventory.
To set the aggregation period of this data, change the Raw Trend Data parameter.
|
Default: 13 minutes
Minimum: 13 minutes
Maximum: 7 days
|
Table 6-14 Fault and Job Truncation Parameters
Parameter
|
Description
|
Values
|
Fault History Truncation Interval
|
How long displayed fault data is retained. This is the data shown in Fault displays.
|
Default: 15 days
Minimum: 15 days
Maximum: 60 days
|
Job History Truncation Interval
|
How long displayed job data is retained. This is the data shown in Configure > Jobs, Firmware > Jobs, and Reports > Scheduled Email Jobs.
Note Recurring jobs are truncated every day to retain the last 30 runs.
|
Default: 15 days
Minimum: 15 days
Maximum: 60 days
|
Table 6-15 Data Retention Parameters
Parameter
|
Description
|
Values
|
Raw Trend Data
|
How long the raw (unaggregated) trend data is retained.
|
Default: 2 days
Minimum: 1 day
Maximum: 5 days
|
Hourly Aggregated Data
|
How long to retain the reports data that is aggregated hourly.
|
Default: 7 days
Minimum: 1 day
Maximum: 15 days
|
Daily Aggregated Data
|
How long to retain the reports data that is aggregated daily.
|
Default: 30 days
Minimum: 1 day
Maximum: 30 days
|
Weekly Aggregated Data
|
How long to retain the reports data that is aggregated weekly.
|
Default: 6 months
Minimum: 1 month
Maximum: 12 months
|
Monthly Aggregated Data
|
How long to retain the reports data that is aggregated monthly.
|
Default: 12 months
Minimum: 1 month
Maximum: 48 months
|
Updating Supported Firmware Versions
When WLSE 2.0 was released, support was included for the access point firmware versions that were available at that time. The WLSE can be updated to add support for firmware versions that are released later. When support is available for newer versions, an update file will be posted on Cisco.com. You can download this file and import it into the WLSE.
To import new firmware support information:
Procedure
Step 1 Download the firmware version update file to your desktop or another network computer from the following URL:
http://www.cisco.com/public/sw-center/cw2000/crypto/wlan-sol-eng
The update file is listed along with the WLSE software update files. The name of the first update file to be posted is wlse-support-2.0a.tar.
Step 2 Select Administration > System > New Version Support.
Step 3 Enter the path to the device support file or click Browse.
Step 4 Click Import.
Step 5 To display the firmware versions currently supported by the WLSE, see Viewing Supported Firmware Versions.
Related Topics
Viewing Supported Firmware Versions
Viewing Supported Firmware Versions
To display firmware versions currently supported by this WLSE:
Step 1 Select Administration > System > Firmware Supported Versions.
Step 2 The access point firmware versions that are supported by this WLSE are displayed.
Step 3 To import updated firmware support, see Updating Supported Firmware Versions.
Related Topics
Updating Supported Firmware Versions
Administering Users
The options displayed when you select Administration > User Admin allow you to manage user roles and logins:
•Managing Roles—Add, modify, and delete user roles.
•Managing Users—Add, modify, and delete user accounts.
Related Topics
Modifying Your Profile
Overview: Authentication Modules
Managing Roles
Use this option to add, modify, and delete user-defined roles and to modify predefined roles. A user's role determines the tabs and subtabs the user can access. Users who have access to a subtab can perform all of the tasks under the subtab.
Note The XML API privileges are for users who will be using the XML application programming interface (API). If you are using the API, you should create different users for this purpose, and grant such users access to the API only. Access to the API is authenticated and authorization is checked. For more information about the XML API, see the Developer Guide for the CiscoWorks Wireless LAN Solution Engine on Cisco.com.
Although you cannot delete predefined roles, you can modify them. The predefined roles and their default privileges are:
•System administrator—Superuser access to the WLSE (can perform any task). The password is assigned during initial WLSE setup (using the console). You can change the password using the console or the WLSE's Manage Users option (see Managing Users).
•Network administrator—Monitoring authority, device configuration authority, and discovery configuration authority.
•Network operator—Monitoring and device configuration authority.
•Help desk—Monitoring authority only.
You can create other roles, which can be modified or deleted.
Note Your login determines whether you can use this option.
Procedure
Step 1 To access the role management window, select Administration > User Admin > Manage Roles. Role names are displayed in the center pane. To view the subtabs to which the role has access, select the role.
•The admin user can view all roles.
•Other users can only view the roles assigned to them and any roles that they have created.
Step 2 To add a role:
a. Replace the text New Role with the name you have chosen for the new role.
b. Select the check boxes next to the features the role will access. Click Add.
Note When you select a feature (for example, Display Faults), the role is granted access to the corresponding subtab (for example, Faults > Display Faults).
c. The new role appears in the list of roles.
Step 3 To modify a role, select the role. Select the check boxes for the features you want to add to the role and deselect the check boxes next to the features you want to remove from the role. Then click Modify to save the changes.
Step 4 To delete a user-defined role, select the role, then click Delete.
Related Topics
•Naming Guidelines
•Managing Users
Managing Users
Use this option to:
•Add Users
•Modify Users
•Delete Users
Add Users
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > User Admin > Manage Users. The Users list displays the current users.
•The admin user can view and modify all existing users.
•Other users can view their own logins and any users they have created.
•A user can only create users that have the roles of the existing user. For example, userA has only the system administrator role. Users created by userA can have only the system administrator role; userA cannot create users with other roles.
Step 2 Enter the following information, in the order shown:
Note To clear your entries and start over, click Clear.
Field
|
Information to Enter
|
User Name
|
Enter the name of the new user.
|
User Password
|
Enter a password for new user.
|
Confirm Password
|
Reenter the password.
|
Email
|
Enter the email address of the user (optional).
|
CLI Access
|
Select the user's access to the WLSE CLI: None, Level 0, or Level 15. By default, Level 15 is selected for System Administrator, and None is selected for other users. Users with privilege level 15 can use all commands, and users with privilege level 0 can use a subset.
|
Roles
|
Select one or more roles for the user. To add a role, select it from the pulldown list. To view a role, select it and click show role. To remove a role, select it and click remove.
|
Step 3 To add the new user, click Add. The new username is added to the Users list. To discard your changes, click Clear.
Modify Users
Note Your login determines whether you can use these options.
Procedure
To modify a user:
Step 1 Select Administration > User Admin > Add/Modify/Delete. The Users list displays the current users.
Note Only the logins created by you are displayed. If logins were created by another user, they are not visible; only their creator can display them. The admin user can view all logins.
Step 2 Select the user from the Users list and make the desired changes:
Field
|
Information to Enter
|
User Name
|
Enter the user's name.
|
User Password
|
Enter a new password for new user.
|
Confirm Password
|
Reenter the new password.
|
Email
|
Enter or change the user's email address.
|
CLI Access
|
Change the user's access to the WLSE CLI: None, Level 0, or Level 15. By default, Level 15 is selected for System Administrator, and None is selected for others. Users with privilege level 15 can use all commands, and users with privilege level 0 can use a subset. For information on commands available for each privilege level, see the User Guide for the Wireless LAN Solution Engine—From the online help, click View PDF.
|
Roles
|
Change the user's roles. To add a role, select it from the pulldown list. To view a role, select it and click show role. To remove a role, select it and click remove.
|
Step 3 Click Modify to save your changes or Clear to discard your changes.
Related Topics
•Naming Guidelines
•Managing Roles
Delete Users
If a user is deleted, all the users created by the deleted user are also removed. For example, if userA creates userB and then userA is deleted, userB is also deleted.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > User Admin > Manage Users.
Step 2 Select the username from the Users list, then click Delete. After you click OK, the user is deleted.
Modifying Your Profile
Use the My Profile tab to change your password.
Note Your login determines whether you can use this option.
Procedure
Step 1 Select Administration > My Profile > Change password.
Step 2 To change your password, enter a new password in the New Password and Re-enter New Password fields. For information on allowable characters, see Naming Guidelines.
Step 3 Click Apply to save your changes or Reset to discard your changes.
Related Topics
•Modify Users
•Naming Guidelines
Creating Links
You can link to other systems and display their desktops in the right pane or in a separate window. For example, you could link to a CiscoWorks server, to Cisco Secure ACS, or to another WLSE.
There is one preconfigured link for running the ACS Failed Login Report, which generates a report on failed logins on an ACS server. For more information, see Running the ACS Failed Login Report.
Note This feature is available to all users.
Procedure
Step 1 Select Administration > Links. The Add Links window and list of current links appear.
Step 2 To add a link:
d. Enter the name of the link and the URL of the server in the Add Link window; for example: http://cw_server:1741, creates a link to the CiscoWorks server called cw_server.
e. If you want the system's display to appear in the right pane of the WLSE display, deselect Open in New Window. Otherwise, the display opens in a separate window. It is recommended that you allow the display to open in a separate window.
f. Click Save. The link is added to the Links list in the left pane.
Step 3 To edit a link, click Edit under the name of the link in the Links list. Make your changes and click Save.
Step 4 To delete a link, select the link name in the Links list and click Delete.
Step 5 To activate a link and connect to the other system, click the link name in the left pane.
Step 6 To configure the ACS Failed Login Report link:
a. Under ACS Failed Login Report, click Edit.
b. In the URL field, enter the URL for the ACS server.
c. In the Username field, enter the administrator username created when the ACS software was installed on the ACS server.
d. In the Password field, enter the password corresponding to the administrator username.
e. Click Save.
Running the ACS Failed Login Report
The ACS failed login report shows failed logins on a specified Cisco Access Control Server (ACS).
To configure the link for an ACS failed login report:
Step 1 Select Administration > Links.
Step 2 Under ACS Failed Login Report at the left side of the screen, click Edit.
Step 3 Enter the following information:
•The URL of the ACS server.
•The username of a user on the ACS server.
•The password of a user on the ACS server.
Step 4 Click Save.
To run the ACS failed login report on a server, click the link name.
