The Cisco® Catalyst® 6500 and 4000 families of modular switches deliver best-in-class industry product lines with rich features and functionality that facilitate business-critical applications and deliver business continuity. Network management solutions can help control an ever-growing network infrastructure. Without effective network management, large portions of an IT budget can be spent on operating expenses (OpEx), causing IT initiatives to be delivered late or compromised. Effective and planned use of network management tools can help drive down the OpEx and reduce total cost of ownership (TCO).
This white paper outlines how IT managers can use the CiscoWorks LAN Management Solution (LMS) to help address the OpEx challenges and effectively manage the Cisco Catalyst modular switches.
Overview of CiscoWorks LMS
CiscoWorks LMS is an integrated suite of applications for administering, monitoring, and troubleshooting Cisco networks. It provides a solid foundation of infrastructure management capabilities so that IT organizations can efficiently manage business-critical networks. CiscoWorks LMS contains the following applications:
• CiscoWorks Resource Manager Essentials (RME): Provides the tools needed to manage Cisco devices. It includes inventory and device change management, network configuration and software image management, and syslog analysis.
• CiscoWorks Campus Manager: A suite of web-based applications designed for managing networks powered by Cisco switches. These include Layer 2 device and connectivity discovery, workflow application server discovery and management, detailed topology views, end-station and user tracking.
• CiscoWorks Device Fault Manager (DFM): Provides real-time fault analysis for Cisco devices. It generates "intelligent" Cisco traps through a variety of data collection and analysis techniques. The traps can be locally displayed, emailed, or forwarded to other popular event management systems.
• CiscoWorks Internetwork Performance Monitor (IPM): A network response time and availability troubleshooting application. This tool empowers network engineers to proactively troubleshoot network performance using real-time and historical reports.
• CiscoWorks CiscoView: A web-based tool that graphically provides real-time status of Cisco devices. The tool can display detailed monitoring information on interfaces and access configuration functions.
• CiscoWorks Health and Utilization Monitor (HUM): A Simple Network Management Protocol (SNMP)-based MIB polling application that monitors network elements (such as CPU, memory, interfaces/ports, and links) for their availability and utilization levels and provides historical reporting.
In this paper we dive into each of the components from a solution perspective to get a good understanding of the major features of LMS, particularly those related to managing the Catalyst 6500 and 4000 families of switches.
CiscoWorks RME provides lifecycle management of Cisco network devices. Designed to reduce human error and eliminate many of the manual tasks associated with maintaining a network, RME helps optimize manageability and availability for your network.
The RME suite includes the following tools for simplifying the administration of your network:
• Inventory management
• Device configuration management
• Software image management
• Change audit services
• Syslog analysis
• Compliance management (baseline template)
New Features of RME in LMS 3.X
To better support the modular switches, we have added many new features in LMS 3.0, 3.0.1, and 3.1.
SNMP v3 support
Figure 1. SNMP v3 support in LMS 3.0.1
Following will be the priority if all credentials are present in Device Credential Repository (DCR).
• SNMPv3 AuthPriv
• SNMPv3 AuthNoPriv
Virtual Switching System Management
Virtual Switching System Conversion Wizard in RME
Virtual switching system (VSS) is a system virtualization technology that allows the pooling of multiple Catalyst 6500 Switches into a single virtual switch.
In LMS 3.0.1, RME has a new GUI wizard to help convert the standalone switches to a virtual switching system. The conversion wizard will first check whether the switch pairs are ready for conversion, both for hardware and software. Then by following the wizard workflow, the user can easily convert the standalone switches to VSS from the web interface without going through the command-line interface (CLI). On the back end, RME's configuration transport module will be used for transporting the configuration commands to the devices. The conversion tool will generate the required CLI commands based on the user input and will push the configuration to the devices using RME cwcli.
Figure 2 shows the RME conversion wizard for VSS.
Figure 2. RME VSS Conversion Wizard
By simply choosing the first and second switches (Figure 2), RME will check both the software and hardware to make sure VSS can be supported by these devices and then deploy the needed configurations to the switches to complete the conversion.
After the conversion, all the regular RME functions available to other device types will be available for VSS:
• Collect, archive, edit, and deploy the configuration of VSS
• Collect and report inventory of VSS
• Image upgrade and patch management for VSS
VSS Support in CiscoView
CiscoView provides options in the device-level menu to view both standby and active switches in a single view as switches between the two chassis are involved in VSS formation (Figure 3). Users can configure and monitor both switches with single management of IP addresses and a single chassis view. The view reflects the real-time state of the system including color-coded representations of the different statuses of the ports.
Figure 4. VSS in CiscoView: Active and Standby Switches Side by Side
Campus Manager Support for VSS
In LMS 3.1, we added support for VSS in Campus Manager (Figure 4). When the VSS device and two Catalyst 6500 devices are in the Device Credentials Repository (DCR), Campus Manager gives first priority to the VSS device. In data collection, the master device's previous data will be removed from Campus Manager, and new data will be collected from the master device. The standby device is unreachable in the network, but Campus Manager maintains the previous data.
Figure 5. VSS Support in Campus Manager of LMS 3.1
GOLD Support in LMS 3.1
GOLD (Generic Online Diagnostics) is a device-specific Cisco IOS® Software feature with fault-detection capabilities. Depending on hardware, GOLD can catch:
In LMS 3.1, RME supports GOLD at both the boot level and monitoring level for the modular and fixed configuration switches.
We can turn on the GOLD feature through NetConfig for both the boot level and monitoring level (Figures 6 and 7).
Figure 6. GOLD Boot-Level Configuration through NetConfig
Figure 7. GOLD Monitoring-Level Configuration through NetConfig
After the GOLD features are turned on in the devices, NetShow can be used to check the status of the GOLD test results (Figure 8).
Figure 8. NetShow Command to Pull GOLD Test Results
Figure 9 shows the details of the GOLD test results.
Figure 9. NetShow Results for GOLD Test
Syslog Analyzer in RME can also be used to get updates about the GOLD tests (Figure 10).
Figure 10. Syslog Message about GOLD Test
Smart Call Home
Smart Call Home is a service designed to decrease Mean Time to Repair (MTTR) in customer networks and therefore to improve availability by receiving call-home messages from Cisco devices in those networks. It is a feature supported in Catalyst 6500 Switches with software images from Cisco IOS Software modular version 12.2(33)SXH. Smart Call Home service exists on the Cisco back end (Cisco.com), accessible through https://tools.cisco.com/sch/. Once received, these call-home messages will be processed by Smart Call Home, which will raise service requests for serious situations or, where sufficient information exists, provide proactive recommendations to customers on corrective steps.
In LMS 3.1, to provide support for Smart Call Home in RME, a new NetConfig task is available to configure the call-home feature (create call-home profiles, configure email addresses, and so on) on the device (Figure 11) and a new NetShow command set is available to monitor the call-home configuration on the device (Figure 12). Links to Cisco.com Smart Call Home reports are provided in online help.
Figure 11. Configuring Smart Call Home Using NetConfig
Figure 12. NetShow Details about Smart Call Home
Embedded Event Manager
In LMS 3.1, Embedded Event Manager (EEM) is a new task added in NetConfig for deploying the EEM script or applet files to the Cisco IOS Software devices. An Embedded Event Manager task in NetConfig is used to register or unregister the script or applet file to the device (Figure 13). Users can select one or more files to be deployed. Users can provide an existing directory in the device or can select the option to create a new directory with the given name.
Figure 13. Configure EEM Using NetConfig
The NetShow command set Show Embedded Event Manager Info is added for EEM (Figure 14).
Figure 14. NetShow Command for EEM
Figure 15 shows the Embedded Event Manager syslog report. Syslog messages received with the HA_EM facility will be grouped.
Figure 15. Syslog Message for EEM
PoE (Power over Ethernet) support in RME and CiscoView
Power over Ethernet (POE) is the ability of the LAN switching infrastructure to provide power over a copper Ethernet cable to an endpoint (Powered device). For PoE enabled devices, there is a new PoE report in RME. This POE report will provide details including the Parent Index, Port Index, and Port Name, Admin status, max power (milliwatts) and available power (milliwatts). The information regarding PoE available ports is available in POWER-ETHERNET-MIB and CISCO-POWER-ETHERNET-EXT-MIB.
In CiscoView, you can found out the PoE details by right clicking the device and select PoE. There are three categories for the PoE details:
1. Port Power Statistics
• Port Name (ifName)
• Available Power (mW) (cpeExtPsePortPwrAvailable)
• Power Consumed (mW) (cpeExtPsePortPwrConsumption)
• Max Power Drawn (mW) (cpeExtPsePortMaxPwrDrawn)
• Power Allocated (mW) (cpeExtPsePortPwrAllocated)
• Power Priority (pethPsePortPowerPriority)
2. Port Status Counters
• Port Name (ifName)
• Power Denied Count (pethPsePortPowerDeniedCounter)
• Power Overload Count (pethPsePortOverLoadCounter)
• Power Shortage Count (PethPsePortShortCounter)
• POWER_ON to IDLE Count (pethPsePortMPSAbsentCounter)
3. Additional PoE Characteristics
• Port Name (ifName)
• Detection Status (pethPsePortDetectionStatus)
• IEEE Class (pethPsePortPowerClassifications)
• Connected PD (pethPsePortType)
• Discovery Mode (cpeExtPsePortDiscoverMode)
• Discovered (cpeExtPsePortDeviceDetected)
• IEEE Compliance (cpeExtPsePortIeeePd)
EtherChannel support in Campus Manager.
EtherChannel provides incremental Trunk speeds between Fast Ethernet (FE) and Gigabit Ethernet (GE) by grouping multiple equal-speed ports into a logical port channel. EtherChannel combines multiple FEs up to 800 Mbps or GEs up to 8 Gbps, providing fault-tolerant, high-speed links between switches, routers, and servers. The channel is treated as a single logical connection between two switches. If one of the connections fails in the EtherChannel, the other connections will be operating so that the connection is not down.
Campus Manager allows you to:
• Aggregate multiple links between switches into one or more EtherChannels.
• Configure frame distribution parameters for EtherChannel load balancing.
Campus Manager supports only PAgP, the aggregation protocol. When a user selects a port or link for configuring EtherChannel, the user is prompted with all available ports that can participate in the channel (Ports that are directly connected between devices).
Admin Group ID attribute for each port is also provided under group attribute. User can change them accordingly to choose which ports need to aggregate into a channel.
All ports that have same group value will participate in channel. Campus Manager supports only the Desirable mode for EtherChannel configuration.
Note: Campus Manager does not support EtherChannel configuration between a switch and router.
N-hop View Portlet
N-Hop View portlet is a HTML based light weight feature and is available as a part of CiscoWorks Portal. This is much faster than the regular Campus Manger Topology services. It gives more real time monitoring of the critical devices.
Here it shows how to configure the N-hop view portlet.
Figure 16. N-hop View portlet configuration
This is the N-hop view generated. Note we can show details of the device by turning on the "Show Properties".
Figure 17. N-hop View with 3 hops
Image Management for Modular Switches
Two new features were added to LMS 3.0.
• Dual supervisor support: RME software image management now supports upgrading both active and standby supervisor engines or route processors for the following devices: Catalyst 4500, Catalyst 6500 (running Cisco IOS/Cisco IOS Software modularity), Cisco 7600 Routers, Cisco 10000 Routers.
• Modular image management: Cisco IOS Software modularity images allow the user to apply maintenance packs to overcome critical security issues without the need to upgrade to a new software release. The RME software management component allows for distribution of Cisco IOS Software modularity images as well as maintenance packs.
Software modularity images and maintenance packs can be downloaded from Cisco.com.
It can be a daunting task to manage the inventory of thousands of network devices. On top of this, the users need to deal with the ever changing network environment, such as new PSIRT (Product Security Incident Response Team, http://www.cisco.com/web/go/psirt) vulnerability issues or outdated hardware devices that have reached either end of sale or end of life. CiscoWorks Resource Manager Essentials provides the following built-in reports and graphs (Figure 18):
• 24-Hour Inventory Change Report
• Chassis Slot Summary and Details
• Hardware and Software Report
• Detailed Device Report
• PSIRT Summary Report
• End of Sale and End of Life Report
• Hardware Summary Graph
• Chassis Summary Graph
• Software Version Graph
• Inventory Custom Reports
Figure 18. RME Software and Hardware Summary Reports
Users can also create custom reports to pull out data they are interested in. For example, a custom report can be generated with the serial number and associated chassis IP address for the devices.
The PSIRT Summary Report and the End of Sale and End of Life Report are two new reports added in LMS 3.0.
RME provides for the fetching and collection of end of sale/end of life information from Cisco.com at regular intervals. This report helps the user in ascertaining information about the end of sale and end of life for both devices and modules in the network. It provides a summary of the end of sale or end of life alerts based on the selected devices (Figure 19).
Figure 19. End of Sale/End of Life Report for Modular Switches
Notice that the end of sale/end of life information is not only for the device but also for the modules inside the devices.
Clicking Bulletin Number 3037 in the Bulletin Number column will show details of the end of sale/end of life message (Figure 20).
Figure 20. Detailed End of Sale/End of Life Sample Message
Similarly, RME provides for the automatic fetching and collection of PSIRT information from Cisco.com at regular intervals (Figure 21). This report helps the user in ascertaining the security vulnerabilities that affect the devices in the network. It provides a summary of the possible security alerts based on the selected devices. It also recommends upgrade to the Cisco IOS Software image version that has the fix for the security vulnerability.
Figure 21. Sample PSIRT Summary Report
Clicking a number in the PSIRT Document ID column will show a detailed message about the PSIRT.
Device Configuration Management
CiscoWorks Resource Manager Essentials offers the following tasks on configuration management:
• Fetch, archive, and deploy device configurations, including a graphical view of the version tree. The configurations can be collected and deployed through secure protocols such as Secure Shell (SSH) Protocol or SCP (Secure Copy Protocol). The shadow folders provide users an easy way to access all the configurations at one place. NetConfig can be used to edit and deploy configurations to multiple devices at the same time.
• Search and generate reports on archived data, including custom query. This can be particularly useful if the user needs to quickly locate some configuration commands across the network. For example, some office workers may complain that they are not able to browse the web. By searching the access list command "deny *www", administrators can quickly locate where HTTP is blocked.
• Compare and label configurations, compare configurations with a baseline, and check for compliance.
Baseline template is an enhanced feature in LMS 3.0. In LMS 3.1, this feature was further enhanced to be part of the Compliance Management of RME. Baseline Template can be used to enforce compliance rules on the configurations. Figure 22 shows some examples of the baseline template.
Figure 22. Baseline Template Examples
TemplateExample1 checks for the presence of configuration commands by running regular expression patterns against the configurations. TemplateExample2 andTemplateExample3 check the logical relation between the configuration commands, such as submode, parent/child, or prerequisite. TemplateExample4 checks the sequential order of the configuration commands, such as in access lists.
Software Image Management
CiscoWorks Resource Manager Essentials Software Image Manager (SWIM) offers rapid and reliable software updates by providing planning, scheduling, downloading, and monitoring activities for device software images as follows:
• Importing software images into the repository
• Distributing images to groups of devices
• Distributing image patches to groups of devices
• Analyzing images for right fit before deployment
• Scheduling image deployment as an automated job
• Tracking software bugs using the bug toolkit that connects to Cisco.com
Change Audit Services
CiscoWorks Resource Manager Essentials provides a network-level Change Audit utility that logs all inventory, configuration, and software changes made to a device. These changes are logged into a table and can be used for generating reports.
Users can convert change records into SNMP Version 1 traps and forward them to the systems of choice. Also, automated actions such as emails or scripts can be configured on creation of the change record.
Change Audit can help troubleshooting and operational efficiency by:
• Determining whether and what changes have been made in the network over a certain period of time
• Defining automated actions when changes happen
• Monitoring any software image and distribution that happened
• Tracking inventory changes
• Tracking any configuration changes
• Exporting change audit data in XML form for outside processing
The following reports are offered by Change Audit:
• Exception period report, which is based on a given time range and exception profile
• 24-hour change audit report, which provides all changes during a given time period
Syslog Analyzer of CiscoWorks Resource Manager Essentials is a central repository of all syslog messages that are forwarded and accepted in the CiscoWorks Resource Manager Essentials server (from Syslog Collector). Syslog Analyzer provides reports of network and device performance and allows users to trigger automated actions based on syslog messages.
CiscoWorks Campus Manager: Layer 2 Management
CiscoWorks Campus Manager provides an innovative and reliable system designed to address the complex needs of physical and logical Layer 2 infrastructures (Figure 23).
Figure 23. Layer 2 Topology Map by Campus Manager
CiscoWorks Campus Manager includes the following tools:
• User tracking (and end-host tracking) that now includes dynamic updating capability
• Switch port reports for tracking unused ports and last-used ports
• Data-extraction engine
New Campus Manager Features of LMS 3.0
Discrepancy and Best Practice Reports
With LMS 3.0, the user is able not only to report any physical or logical discrepancies on the network but also to fix them right on the spot (Figure 24).
Figure 24. Discrepancy Report
Enhanced Switch Port Usage Reports
Reports are enhanced, and time-based query is possible. For example, the user can query ports that have been idle since January 1. These query reports will help the user with capacity planning of the network.
CiscoWorks Device Fault Manager: Fault Management
CiscoWorks DFM (Figure 25) offers real-time fault monitoring and management, allowing network operations personnel to monitor issues that could affect network latency and performance. Through a variety of data collection and analysis techniques, CiscoWorks DFM provides an online graphical display of network alerts and generates intelligent traps, emails, and system logs that can be forwarded to other event management systems installed in the network. CiscoWorks DFM features include:
• Monitoring alerts and activities
• Notification services
• Archiving fault history
• Support for Layer 2 and Layer 3 Cisco devices
• Incremental device support
Figure 25. Cisco DFM Alerts and Activities
CiscoWorks Internet Performance Monitor: Performance Management
CiscoWorks IPM (Figure 26) is a troubleshooting application that gauges network response time and availability. It allows network administrators to proactively evaluate end-to-end network performance problems and to locate and diagnose congestion and latency problems utilizing real-time and historical statistics. CiscoWorks IPM is available as a component within CiscoWorks LAN Management Solution.
IPM features include:
• Continuous response time and latency monitoring between network device pairs
• Monitoring and measuring of jitter to optimize IP communications
• Cisco IP Service Level Agreement technology available in most Cisco IOS Software devices
• Flexible threshold crossing alerts
• Comprehensive reporting based on response time, availability, and statistics
Figure 26. IPM Sample Jitter Reports
CiscoWorks CiscoView: Graphical Element Management
CiscoWorks CiscoView is a web-based device-management application that provides dynamic status, monitoring, and configuration for a broad range of Cisco devices. CiscoWorks CiscoView aides network management by graphically displaying physical views of Cisco devices with color-coded modules and ports for at-a-glance performance and status monitoring. Configuration capabilities allow comprehensive changes to devices when the requisite security privileges are granted.
CiscoWorks CiscoView offers the following advantages:
• View real-time front and back panel display of Cisco devices
• Take advantage of CiscoWorks LAN Management Solution common device inventory
• Receive support for IPv6 device addressing
• Define granular multiple-user access rules
Health and Utilization Monitor: Performance Monitoring
CiscoWorks HUM is a new add-on product preintegrated with LMS 3.0. It is an SNMP-based MIB polling application that monitors network elements (such as CPU, memory, interfaces/ports, and links) for their availability and utilization levels and provides historical reporting.
CiscoWorks HUM 1.0 provides compelling features that network administrators can use to better understand, monitor, and analyze the utilization and availability levels of devices in the network:
• Monitors CPUs, memory, Interfaces/ports for utilization and availability levels
• Supports system-defined MIB templates to facilitate easy polling setup
• Lets users create custom MIB templates
• Provides historical trending on a daily, weekly, monthly, and annual basis
• Offers comprehensive reporting such as the device dashboard, custom reports, top-N/bottom-N reports
• Provides threshold breach event notification, reporting, and event handler support
CiscoWorks HUM provides end users with:
• Capacity planning
• A clear way to troubleshoot network performance issues
Figure 27 shows a HUM CPU Utilization Summary report, and Figure 28 shows a HUM Worst Availability report.