Administering the NAM

Available Languages

Download Options

PDF (479.9 KB)
View with Adobe Reader on a variety of devices

Updated:September 19, 2006

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Administering the NAM

Table Of Contents

Administering the NAM

Cisco IOS Software

Logging In to the NAM

Changing the NAM CLI Passwords

Resetting the NAM

Upgrading the NAM Software

Upgrading the NAM Application Software

Upgrading the NAM Maintenance Software

Configuring Mini-RMON

Catalyst Operating System Software

Logging In to the NAM

Changing the NAM CLI Passwords

Resetting the NAM

Upgrading the NAM Software

Upgrading the NAM Application Software

Upgrading the NAM Maintenance Software

Configuring Mini-RMON

Operating-System-Independent NAM Administration

Adding NAM Patch Software

Additional NAM Software Administrative Commands

Cisco IOS Commands

EXEC Commands

Configuration Commands

Global Configuration Mode

Interface Configuration Mode

Unsupported Supervisor Engine CLI Commands

Administering the NAM

How you administer the NAM on your switch or router depends on whether you are using the Cisco IOS software or the Catalyst operating system software. Several NAM administration tasks are common to either operating system.

The following sections describe how to administrate the NAM from the CLI for each operating system:

•Cisco IOS Software

•Catalyst Operating System Software

When you have completed administrating the software-dependent attributes for the NAM, you can configure the software-independent NAM attributes in this section:

•Operating-System-Independent NAM Administration

These sections describe how to administer the NAM:

Cisco IOS Software

This section contains the various administrative tasks you can perform on the NAM with Cisco IOS:

•Logging In to the NAM

•Changing the NAM CLI Passwords

•Resetting the NAM

•Upgrading the NAM Software

•Configuring Mini-RMON

Logging In to the NAM

The NAM has two user levels with different access privileges:

•guest—Read-only access

The default password is "guest."

•root—All read and write access

The default password is "root."

Note The root account uses the # prompt; the guest account uses the > prompt. The default root and guest passwords for the maintenance image is cisco if the NAM is the WS-SVC-NAM-1 or WS-SVC-NAM-2 module. The default root and guest passwords for the WS-X6380-NAM module is root.

Table 4-1 shows the user levels and passwords for the NAM.

Table 4-1 NAM Users and Passwords

Module

Application Image (located on the hard disk)

Maintenance Image (located on the compact flash)

WS-SVC-NAM-1 WS-SVC-NAM-2

User

Password

User

Password

root

root

root

cisco

guest

guest

guest

cisco

WS-X6380-NAM

User

Password

User

Password

root

root

root

root

guest

guest

guest

root

Note The guest account in the NAM maintenance image has All Read and All Write privileges.

When you boot into either the application image or the maintenance image and set up IP information, that information is synchronized between the images. However, if you change passwords, that information is not synchronized between the images and is not reflected on the unchanged image.

To allow remote Telnet sessions, use the exsession on command. SSH also can be used to log into the NAM. You must install the crypto patch to use this feature. To enable SSH on the NAM, use the exsession on ssh command.

To log in to the NAM, follow these steps:

Step 1 Log in to the switch or router using the Telnet connection or the console port connection.

Step 2 At the CLI prompt, establish a console session with the NAM using the session slot slot_number processor 1 command, as follows:
Router# session slot 8 processor 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.81 ... Open
Cisco Network Analysis Module (WS-SVC-NAM-1)
Step 3 At the NAM login prompt, type root to log in as the root user or guest to log in as a guest user.
login: root
Step 4 At the password prompt, enter the password for the account. The default password for the root account is "root" and the default password for the guest account is "guest."
Password: 
After a successful login, the command line prompt appears as follows:
Network Analysis Module (WS-SVC-NAM-1) Console, 2.1(1)
Copyright (c) 1999, 2000, 2001 by cisco Systems, Inc.
WARNING! Default password has not been changed!
root@localhost# 
Changing the NAM CLI Passwords

If you have not changed the password from the factory-set default, a warning message displays when you log in to the NAM.

You can use the web application on the local database. If the administrator is unknown, you can use the CLI to remove the local web users from the web user database with the rmwebusers command.

Note New passwords must be at least six characters in length, and may include uppercase and lowercase letters, numbers, and punctuation marks.

Note For the WS-SVC-NAM-1 and WS-SVC-NAM-2 module, if the NAM maintenance image passwords are lost for the root or guest account, the maintenance image must be upgraded. After the upgrade, the passwords are set to the default. See Table 4-1 or Table 4-5.

To change the password, follow these steps while you are logged in to the root account on the NAM:

Step 1 Enter this command:
root@localhost# password username
Note In NAM release 2.2, the username argument is required.

To change the root password, make a Telnet connection to the NAM and then use the password root command.

To change the guest password, make a Telnet connection to the NAM and then use the password guest command.

Step 2 Enter the new password:
Changing password for user root
New UNIX password:
Step 3 Enter the new password again:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
This example shows how to set the password for the root account:
root@localhost# password root
Changing password for user root
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
If you forget or lose the password, you can enter the clear module pc-module module-number password command from the switch CLI to restore the password for the root account to root and the guest account to guest on the application image.

Resetting the NAM

If you cannot reach the NAM through the CLI or an external Telnet session, enter the hw-module module module_number reset command to reset and reboot the NAM. The reset process requires several minutes.

When the NAM initially boots, by default it runs a partial memory test. To perform a full memory test, use the mem-test-full keyword in the hw-module module module_number reset device:partition mem-test-full command. This command is specific to Cisco IOS and is not available in Catalyst operating system software.

Note The mem-test-full option is applicable only for WS-SVC-NAM-1 and WS-SVC-NAM-2.

For information on Catalyst operating system software, refer to "Resetting the NAM" section.

When you next reset the NAM, the full memory test runs. A full memory test takes more time to complete than a partial memory test. See Table 2-3 for memory test times.

You can also use the hw-module module module_number mem-test-full command to run a memory test. This example shows a full memory test for module 5:
Router(config)# hw-module module 5 boot-device mem-test-full
To reset the module from the CLI, perform this task in privileged mode:

Task

Command

Reset the module.

hw-module module mod_num reset device:partition mem-test-full

The device:partition value is the string for PC boot device, for example: hdd:x designates the hard disk, cf:x designates the compact Flash where x is the number for the partition on each device.

When specifying boot devices, for the NAM, refer to Table 4-2.

Table 4-2 NAM Boot Devices

WS-X6380-NAM

WS-SVC-NAM-1 and WS-SVC-NAM-2

When specifying the boot device, you must use hdd:1 for the application image and hdd:2 for the maintenance image.

When specifying the boot device for the WS-SVC-NAM-1 and the WS-SVC-NAM-2, you must use hdd:1 for the application image and cf:1 for the maintenance image.

This example shows how to reset the NAM that is installed in slot 9 from the CLI:
Router# hw-module mod 9 reset cf:1 memtest-full
Proceed with reload of module? [confirm] y
% reset issued for module 9
Note When specifying the boot device for the WS-X3860-NAM, you must use hdd:1 for the application image or hdd:2 for the maintenance image. When specifying the boot device for the WS-SVC-NAM-1 and theWS-SVC-NAM-2, you must use hdd:1 for the application image and cf:1 for the maintenance image.

Upgrading the NAM Software

You can upgrade both the application software and the maintenance software. To upgrade the application software, see the "Upgrading the NAM Application Software" section. To upgrade the maintenance software, see the "Upgrading the NAM Maintenance Software" section.

The NAM application and maintenance images are not inter-changeable.

•The images for the WS-X6380-NAM should not be used to upgrade the WS-SVC-NAM-1 and WS-SVC-NAM-2.

•The images for the WS-SVC-NAM-1 and WS-SVC-NAM-2 should not be used to upgrade the WS-X6380-NAM.

Table 4-3 lists the NAM image prefixes.

Table 4-3 NAM Image Prefixes

Module

Application Image

Maintenance Image

WS-SVC-NAM-1

c6svc-nam

c6svc-nam-maint

WS-SVC-NAM-2

c6svc-nam

c6svc-nam-maint

WS-X6380-NAM

c6nam

c6nam-maint

Upgrading the NAM Application Software

To upgrade the NAM application software, follow these steps:

Step 1 Copy the NAM application software image to a directory accessible to FTP.

Step 2 Log in to the switch through the console port or through a Telnet session.

Step 3 If the NAM is running in the maintenance image, go to Step 4. If the NAM is not running in the maintenance image, enter this command in privileged mode:
Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:03:31:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:03:31:SP:The PC in slot 9 is shutting down. Please wait ...
00:03:41:%SNMP-5-COLDSTART:SNMP agent on host R1 is undergoing a cold
start
00:03:46:SP:PC shutdown completed for module 9
00:03:46:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:03:49:SP:Resetting module 9 ...
00:03:49:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:05:53:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:05:53:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:05:53:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 
Step 4 After the NAM is back online, establish a console session with the NAM and log in to the root account.
Router# session slot 9 proc 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.91 ... Open
Cisco Network Analysis Module (WS-SVC-NAM-1)
Maintenance Partition
login:root
Password:
Network Analysis Module (WS-SVC-NAM-1) Console, 1.2(1a)m
Copyright (c) 1999, 2000, 2001 by cisco Systems, Inc.
Step 5 Upgrade the NAM application software by entering either:
root@localhost# upgrade ftp-url 
ftp-url is the FTP location and name of the NAM software image file.

or
root@localhost# upgrade ftp-url --install
Note The --install option wipes and recreates all of the NAM partitions; similar to the factory default state. The --install option is only applicable to the WS-SVC-NAM-1 and WS-SVC-NAM-2 modules. If you use the --install option, the previously stored reports data (if any), will be lost.

Note If the FTP server does not allow anonymous users, use this syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.

Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the NAM.

Step 8 Reset the NAM by entering:
Router# hw-module mod 9 reset
Device BOOT variable for reset =
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:26:55:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:26:55:SP:The PC in slot 8 is shutting down. Please wait ...
Note For optimal performance on the NAM, you must use an additional one-time reboot immediately after booting to the application partition after you upgrade the NAM software.

Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account and then entering:
root@localhost# show ip
root@localhost# show snmp
root@localhost# show version
This example shows how to upgrade the NAM application software:
Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:16:06:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:16:06:SP:The PC in slot 9 is shutting down. Please wait ...
00:16:21:SP:PC shutdown completed for module 9
00:16:21:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:16:24:SP:Resetting module 9 ...
00:16:24:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:18:21:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:18:21:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:18:21:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# session slot 9 proc 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.91 ... Open
Cisco Network Analysis Module (WS-SVC-NAM-1)
Maintenance image
login:root
Password:
Maintenance image version:1.1(0.1)
root@localhost.cisco.com# upgrade ftp://mylab-pc1/pub/rmon/c6nam3.1-2-0-8.bin.gz
Downloading the image. This may take several minutes...
ftp://mylab-pc1/pub/rmon/c6nam3.1-2-0-8.bin.gz (59198K)
/tmp/upgrade.gz           [########################]   59198K |  821.24K/s
60619473 bytes transferred in 72.08 sec (821.23k/sec)
 
Upgrade file ftp://mylab-pc1/pub/rmon/c6nam3.1-2-0-8.bin.gz is downloaded.
Upgrading will wipe out the contents on the hard disk.
Do you want to proceed installing it [y|N]:y
Proceeding with upgrade. Please do not interrupt.
If the upgrade is interrupted or fails, boot into
Maintenance image again and restart upgrade.
 
Creating NAM application image file...
 
Initializing the application image partition...
Applying the image, this may take several minutes...
Performing post install, please wait...
Upgrade complete. You can boot from the Application image. 
00:21:50:%NAM-3-NO_RESP:Module 9 is not responding
Upgrade complete. You can boot the new application partition.
root@hostname.cisco.com# exit
[Connection to 127.0.0.91 closed by foreign host]
Router# 
Router# hw-module module 9 reset
Device BOOT variable for reset =
Warning:Device list is not verified.
Proceed with reload of module? [confirm] y
% reset issued for module 9
Router# 
00:24:04:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:24:04:SP:The PC in slot 9 is shutting down. Please wait ...
00:24:18:SP:PC shutdown completed for module 9
00:24:18:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:24:21:SP:Resetting module 9 ...
00:24:21:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:26:19:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:26:19:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:26:19:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Upgrading the NAM Maintenance Software

To upgrade the NAM maintenance software, follow these steps:

Step 1 Copy the NAM maintenance software image to a directory accessible to FTP.

Step 2 Log in to the switch through the console port or through a Telnet session.

Step 3 If the NAM is running in the application image go to Step 5. If the NAM is not running in the application image, enter this command in the privileged mode:
Router# hw-module module 9 reset hdd:1
Device BOOT variable for reset = hdd:1
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:31:11:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:31:11:SP:The PC in slot 9 is shutting down. Please wait ...
00:31:25:SP:PC shutdown completed for module 9
00:31:25:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:31:28:SP:Resetting module 9 ...
00:31:28:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:33:26:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:33:26:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:33:26:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Step 4 After the NAM is back online, establish a console session with the NAM and log in to the root account.

Step 5 Upgrade the NAM maintenance software by entering:
root@localhost# upgrade ftp-url 
ftp-url is the FTP location and name of the NAM software image file.

Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.

Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the NAM.

Step 8 Boot into the maintenance image with this command to reset the NAM maintenance software:
Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:16:06:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:16:06:SP:The PC in slot 9 is shutting down. Please wait ...
00:16:21:SP:PC shutdown completed for module 9
00:16:21:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:16:24:SP:Resetting module 9 ...
00:16:24:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:18:21:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:18:21:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:18:21:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 
Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account and enter the following command:
root@localhost# show ip
Step 10 (Optional) Reboot into the application image by entering:
Router# hw-module module 9 reset
This example shows how to upgrade the NAM maintenance software:
Router# 
Router# hw-module module 9 reset hdd:1
Device BOOT variable for reset = hdd:1
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
00:31:11:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:31:11:SP:The PC in slot 9 is shutting down. Please wait ...
00:31:25:SP:PC shutdown completed for module 9
00:31:25:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
00:31:28:SP:Resetting module 9 ...
00:31:28:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
00:33:26:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
00:33:26:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
00:33:26:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 
Router# session slot 9 proc 1
The default escape character is Ctrl-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.91 ... Open
Cisco Network Analysis Module (WS-SVC-NAM-2)
login:root
Password:
Cisco Network Analysis Module (WS-SVC-NAM-2) Console, 3.1(0.1)
Copyright (c) 1999-2002 by cisco Systems, Inc.
WARNING! Default password has not been changed!
root@localhost.cisco.com#
root@localhost.cisco.com# upgrade ftp://host/pub/rmon/mp.1-1-0-1.bin.gz
Downloading image...
ftp://host/pub/rmon/mp.1-1-0-1.bin.gz (11065K)
-                         [########################]   11065K |  837.65K/s
11331153 bytes transferred in 13.21 sec (837.64k/sec)
Uncompressing the image...
Verifying the image...
Applying the Maintenance image.
This may take several minutes...
Upgrade of Maintenance image completed successfully.
root@hostname.cisco.com# exit
Router# hw-module module 9 reset cf:1
Device BOOT variable for reset = cf:1
Warning:Device list is not verified.
Proceed with reload of module? [confirm]
% reset issued for module 9
Router# 
02:27:19:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
02:27:19:SP:The PC in slot 9 is shutting down. Please wait ...
02:27:36:SP:PC shutdown completed for module 9
02:27:36:%C6KPWR-SP-4-DISABLED:power to module in slot 9 set off (admin
request)
02:27:39:SP:Resetting module 9 ...
02:27:39:%C6KPWR-SP-4-ENABLED:power to module in slot 9 set on
02:29:37:%SNMP-5-MODULETRAP:Module 9 [Up] Trap
02:29:37:%DIAG-SP-6-BYPASS:Module 9:Online Diagnostics is Bypassed
02:29:37:%OIR-SP-6-INSCARD:Card inserted in slot 9, interfaces are now
online
Router# 
Configuring Mini-RMON

In Cisco IOS, you must explicitly enable mini-RMON per interface. To configure mini-RMON for each interface enter the rmon collection stats collection-control-index owner owner-string. You must enter the collection-control-index and owner-string command values.

Note The NAM only displays mini-RMON collections configured with an owner string of monitor.

This example shows how to configure mini-RMON on Fast Ethernet module 4 port 1 using control index 3000 and an owner string of monitor:
Router#  config term
Router(config)# interface fast4/1
router(config-if)# rmon collection stats 3000 owner "monitor"
router(config-if)# end
Catalyst Operating System Software

This section contains the various administrative tasks you can perform on the NAM using the Catalyst operating system software:

•Logging In to the NAM

•Changing the NAM CLI Passwords

•Resetting the NAM

•Upgrading the NAM Software

•Configuring Mini-RMON

You can administer the NAM by using the NAM Traffic Analyzer application. Refer to the User Guide for the Network Analysis Module NAM Traffic Analyzer Release 3.1 for more information about Traffic Analyzer.

You can perform these administrative tasks on the NAM:

•Add and remove NAM users and change passwords using either the CLI or the NAM Traffic Analyzer application.

•Recover passwords as superuser (but not change passwords).

•Change local and remote (TACACS+ server) users and passwords by using the NAM Traffic Analyzer application. Refer to the NAM Traffic Analyzer application online help topic "User and System Administration" for information about user and password administration.

Table 4-4 describes the user administration tasks you can perform using the CLI and NAM Traffic Analyzer application.

Table 4-4 NAM User Administration

User Interface

Add Users

Remove Users

Set Password

Recover Password

CLI

No

No

Use the password command.

No

Traffic Analyzer

Add the first user with the CLI when starting the web server. Add all subsequent users through the web GUI for the local database or through TACACS+ if the TACACS+ server is used. Additionally, you can create web users with the CLI web-user command.

Use the no web-user command.

Traffic Analyzer local database

Yes

Yes

Yes

Contact the NAM administrator to reset through the GUI.

From the NAM CLI, use the rmwebusers command.

Traffic Analyzer TACACS+

Yes

Yes

Yes

Use a TACACS+ server, or use the ip http tacacs+ disable command.

Logging In to the NAM

There are two levels of access on the NAM, each with different privileges:

•Guest—Read-only CLI access (default password is guest)

•Root—Full read-write access (default password is cisco)

Note The root account uses the # prompt; the guest account uses the > prompt. The default root and guest passwords for the maintenance image is cisco.

Table 4-5 shows the user levels and passwords for the NAM.

Table 4-5 NAM Users and Passwords

Application Image (located on the hard disk)

Maintenance Image (located on the compact flash)

User

Password

User

Password

root

root

root

cisco

guest

guest

guest

cisco

Note The guest account in the NAM maintenance image has All Read and All Write privileges.

When you boot into either the application image or the maintenance image and setup IP information, that information is synchronized between the images. If you change passwords, that information is not synchronized between the images and is not reflected on the unchanged image.

To log into the NAM, follow these steps:

Step 1 Log into the Catalyst 6500 series switch using the Telnet connection or the console port connection.

Note To make remote Telnet sessions, use the exsession on command. SSH also can be used to log into the NAM. You must install the crypto patch to use this feature. To enable SSH on the NAM, use the exsession on ssh command.

Step 2 Establish a console session with the NAM at the CLI prompt, using the session mod command:
Console> (enable) session 4
Trying NAM-4...
Connected to NAM-4.
Escape character is '^]'.
Cisco Network Analysis Module (WS-SVC-NAM-1)
login:root
Password:
Step 3 To log into the NAM, type root to log in as the root user or guest to log in as a guest user at the login prompt.
login: root
Step 4 At the password prompt, enter the password for the account. The default password for the root account is "root," and the default password for the guest account is "guest."
Password: 
After a successful login, the command-line prompt appears as follows:
Network Analysis Module (WS-SVC-NAM-1) Console, 3.1(0.1)
Copyright (c) 1999-2002 by Cisco Systems, Inc.
WARNING! Default password has not been changed!
root@localhost# 
Changing the NAM CLI Passwords

You can use these methods to change and recover passwords:

•Use a Telnet connection to the NAM and CLI.

You can configure, change, and recover root and guest passwords:

–To change the password, use a Telnet connection to the NAM, and then use the password command to change the password.

–To recover the password, use the Telnet connection to the supervisor engine, and then use the clear module password module command.

–If you forget or lose the password, you can enter the clear module password command from the switch CLI to restore the password for the root account to root and the guest account to guest.

–To restore the NAM password to the factory-set defaults, enter this command in privileged mode:
Console> (enable) clear module password module
•Use the NAM Traffic Analyzer on the local database.

You create the initial NAM Traffic Analyzer application user with the CLI. After starting NAM Traffic Analyzer, you can establish and edit additional user passwords. You use NAM Traffic Analyzer or the TACACS+ server to change passwords as follows:

–As the NAM Traffic Analyzer application administrator, you can reset passwords.

–If the administrator is unknown, you can use the CLI to remove the local web user database from the web database with the rmwebusers command.

•Use the instructions in the TACACS+ server documentation.

Note If the NAM maintenance image passwords are lost for the root or guest account, the maintenance image must be upgraded. After the upgrade, the passwords are set to the default. See Table 4-1 or Table 4-5.

If you have not changed the password from the factory-set default password, a warning message appears when you log into the NAM.

Note New passwords must be at least six characters in length, and may include uppercase and lowercase letters, numbers, and punctuation marks.

To change a password, follow these steps while logged into the NAM as root:

Step 1 Enter this command:
root@localhost# password username 
Note In NAM software release 2.2, the username argument is required.

To change the root password, make a Telnet connection to the NAM and then use the password root command.

To change the guest password, make a Telnet connection to the NAM and then use the password guest command.

Step 2 Enter the new password:
Changing password for user root
New UNIX password:
Step 3 Enter the new password again:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
This example shows how to set the password for the root account:
root@localhost# password root
Changing password for user root
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
If you forget or lose the password, you can enter the clear module password command from the CLI to restore the password for the root account to root and the guest account to guest.

Resetting the NAM

If you cannot reach the NAM through the CLI or an external Telnet session, enter the reset mod_num boot_string command to reset and reboot the NAM. The reset process requires several minutes.

When the NAM initially boots, by default it runs a partial memory test. To perform a full memory test, enter the set boot device bootseq mod# mem-test-full command. This command is specific to Catalyst operating system software and is not available in Cisco IOS software.

Note The mem-test-full option is applicable only for WS-SVC-NAM-1 and WS-SVC-NAM-2.

For Cisco IOS, refer to the "Resetting the NAM" section.

To enable a full memory test use the set boot device bootseq mod# mem-test-full command. This example shows how to do a full memory test:
Console (enable) set boot device cf:1 4 mem-test-full 
Device BOOT variable = cf:1 
Memory-test set to FULL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to FULL 
When you next reset the NAM, the full memory test runs.

This example shows how to reset the partial memory test:
Console> (enable) set boot device cf:1 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 
To reset the NAM from the CLI, perform this task in privileged mode:

Task

Command

Reset the NAM.

reset mod_num boot_string

The mod_num boot_string variable is the string for PC boot device, for example: hdd:x designates the hard disk, cf:x designates the compact flash where x is the number for the partition on each device.

When specifying boot devices, refer to Table 4-6 for boot device specifications for the NAM.

Table 4-6 NAM Boot Devices

WS-X6380-NAM

WS-SVC-NAM-1 and WS-SVC-NAM-2

When specifying the boot device, you must use hdd:1 for the application image and hdd:2 for the maintenance image.

When specifying the boot device for the WS-SVC-NAM-1 and the WS-SVC-NAM-2, you must use hdd:1 for the application image and cf:1 for the maintenance image.

This example shows how to reset the NAM, installed in slot 9:
Router# reset 9 hdd:1
Proceed with reload of module? [confirm] y
% reset issued for module 9
Note For the boot device, you can specify hdd:1 for the application image or cf:1 for the maintenance image.
Router# 
00:26:55:%SNMP-5-MODULETRAP:Module 9 [Down] Trap
00:26:55:SP:The PC in slot 8 is shutting down. Please wait ...
To reset the module to the maintenance image, from the enable mode enter the following command:
Console> (enable) reset <module #> cf:1
To reset the module to the NAM application image, from the enable mode enter the following command:
Console> (enable) reset <module #> 
This example shows how to reset the NAM that is installed in slot 4 from the CLI:
Console> (enable) reset 4
This command will reset module 4.
Unsaved configuration on module 4 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 4
SendShutDownMsg - proc_id (1):shut down PC success.
Module 4 shut down in progress, please don't remove module until shutdown comple
ted.
Module 4 is online.
You can enable a full memory test when you use the set boot device bootseq mod# mem-test-full command. This option is disabled by default. This example shows how to do a full memory test:
Console (enable) set boot device cf:1 4 mem-test-full 
Device BOOT variable = cf:1 
Memory-test set to FULL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to FULL 
When you next reset the NAM, the full memory test will run. A full memory test takes more time to complete than a partial memory test. See Table 2-3 for memory test times.

This example shows how to reset the partial memory test:
Console> (enable) set boot device cf:1 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 
Warning:Device list is not verified but still set in the boot string. 
Console> (enable) 
Console> (enable) show boot device 4 
Device BOOT variable = cf:1 
Memory-test set to PARTIAL 
Upgrading the NAM Software

You can upgrade both the application software and the maintenance software. To upgrade the application software, see the "Upgrading the NAM Application Software" section. To upgrade the maintenance software, see the "Upgrading the NAM Maintenance Software" section.

Upgrading the NAM Application Software

To upgrade the NAM application software, follow these steps:

Step 1 Copy the NAM application software image to a directory accessible to FTP.

Step 2 Log into the switch through the console port or through a Telnet session.

Step 3 If the NAM is already running in the maintenance image, go to Step 4. If the NAM is not running in the maintenance image, enter this command in privileged mode:
Console> (enable) reset mod cf:1 
Step 4 After the NAM is back online, establish a console session with the NAM and log into the root account.

Step 5 Upgrade the NAM application software by entering:
root@localhost# upgrade ftp-url 
ftp-url is the FTP location and name of the NAM software image file.

or
root@localhost# upgrade ftp-url --install
Note The --install option wipes and recreates all of the NAM partitions; similar to the factory default state.

Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.

Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the maintenance image.

Step 8 Reset to the NAM application image by entering:
Console> (enable) reset mod
Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account and entering the following commands:
root@localhost# show ip
root@localhost# show snmp
This example shows how to upgrade the NAM application software:
Console> (enable) reset 4 cf:1
This command will reset module 4.
Unsaved configuration on module 4 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 4
2002 May 07 22:21:20 %SYS-5-MOD_RESET:Module 4 reset from Software
Console> (enable) 2002 May 07 22:24:41 %SYS-3-SUP_OSBOOTSTATUS:MP OS Boot Status
:finished booting
Console> (enable) session 4
Trying NAM-4...
Connected to NAM-4.
Escape character is '^]'.
Maintenance image
login:root
Password:
Maintenance image version:1.1(0.1)
root@localhost# upgrade ftp://mylab-pc1/pub/rmon/c6nam3.1-2-0-8.bin.gz
Downloading the image. This may take several minutes...
ftp://mylab-pc1/pub/rmon/c6nam3.1-2-0-8.bin.gz (59198K)
/tmp/upgrade.gz           [########################]   59198K |  821.24K/s
60619473 bytes transferred in 72.08 sec (821.23k/sec)
Upgrade file ftp://mylab-pc1/pub/rmon/c6nam3.1-2-0-8.bin.gz is downloaded.
Upgrading will wipe out the contents on the hard disk.
Do you want to proceed installing it [y|N]:y
Proceeding with upgrade. Please do not interrupt.
If the upgrade is interrupted or fails, boot into
Maintenance image again and restart upgrade.
Creating NAM application image file...
Initializing the application image partition...
Applying the image, this may take several minutes...
Performing post install, please wait...
Upgrade complete. You can boot from the Application image.
Console> (enable) reset 4
This command will reset module 4.
Unsaved configuration on module 4 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 4
SendShutDownMsg - proc_id (1):shut down PC success.
Module 4 shut down in progress, please don't remove module until shutdown completed.
Console> (enable) 2002 May 07 23:19:03 %SYS-5-MOD_OK:Module 4 is online
Upgrading the NAM Maintenance Software

To upgrade the NAM maintenance software, follow these steps:

Step 1 Copy the NAM maintenance software image to a directory that is accessible to FTP.

Step 2 Log into the switch through the console port or through a Telnet session.

Step 3 If the NAM is running in the application image, go to Step 4. If the NAM is not running in the application image, enter this command in privileged mode:
Console> (enable) reset mod 
Step 4 After the NAM is back online, establish a console session with the NAM and log into the root account.

Step 5 Upgrade the NAM maintenance software by entering:
root@localhost# upgrade ftp-url 
ftp-url is the FTP location and the name of the NAM software image file.

Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.

Step 6 Follow the screen prompts during the upgrade.

Step 7 After completing the upgrade, log out of the NAM.

Step 8 Boot into the maintenance image with this command to reset the NAM maintenance software:
Console> (enable) reset mod cf:1
Step 9 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account, and enter the following commands:
root@localhost# show ip
root@localhost# show snmp
Step 10 (Optional) Reboot into the application image by entering:
Console> (enable) reset mod
This example shows how to upgrade the NAM maintenance software:
Console> (enable) reset 4
This command will reset module 4.
Unsaved configuration on module 4 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 4
SendShutDownMsg - proc_id (1):shut down PC success.
Module 4 shut down in progress, please don't remove module until shutdown completed.
Console> (enable) 2002 May 07 23:19:03 %SYS-5-MOD_OK:Module 4 is online
Console> (enable) session 4
Trying NAM-4...
Connected to NAM-4.
Escape character is '^]'.
Cisco Network Analysis Module (WS-SVC-NAM-2)
login:root
Password:
Cisco Network Analysis Module (WS-SVC-NAM-2) Console, 3.1(0.1)
Copyright (c) 1999-2002 by cisco Systems, Inc.
WARNING! Default password has not been changed!
root@localhost.cisco.com#
root@localhost.cisco.com# upgrade ftp://host/pub/rmon/mp.1-1-0-1.bin.gz
Downloading image...
ftp://host/pub/rmon/mp.1-1-0-1.bin.gz (11065K)
-                         [########################]   11065K |  837.65K/s
11331153 bytes transferred in 13.21 sec (837.64k/sec)
Uncompressing the image...
Verifying the image...
Applying the Maintenance image.
This may take several minutes...
Upgrade of Maintenance image completed successfully.
Configuring Mini-RMON

In Catalyst operating system software, you can enable mini-RMON for the switch.

This example shows how to configure mini-RMON:
Console (enable)# set snmp rmon enable
Operating-System-Independent NAM Administration

The following section describes NAM administration that is not dependent of the switch operating system.

Adding NAM Patch Software

To install a patch on the NAM, follow these steps:

Step 1 Log into the switch through the console port or through a Telnet session.

Step 2 If the NAM is running in the application image, go to Step 4. If the NAM is in the maintenance image, enter this command in privileged mode:

For Cisco IOS software, enter:
Console> (enable) hw-module module module_number reset
For Catalyst operating system software, enter:
Console> (enable) reset mod hdd:1 
Step 3 After the NAM is back online, establish a console session with the NAM, and then log into the root account.

Step 4 Install the patch software to the NAM software by entering:
root@localhost# patch ftp-url 
ftp-url is the FTP location and the name of the NAM patch software image file.

Note If the FTP server does not allow anonymous users, use the following syntax for the ftp-url value: ftp://user@host/absolute-path/filename. Enter your password when prompted.

Step 5 Follow the screen prompts during the patch application process.

Step 6 (Optional) Verify the initial configuration after the NAM comes back online by logging into the NAM root account and then entering these commands:
root@localhost# show ip
root@localhost# show patches
Note If HTTP or the HTTP server are running, and you are running the NAM Traffic Analyzer web application, click on the About link in the GUI to display a list of installed patches. If nothing appears, no patches were installed.
This Catalyst operating system software example shows how to apply patch software:
Console> (enable) reset 4
This command will reset module 4.
Unsaved configuration on module 4 will be lost
Do you want to continue (y/n) [n]? y
ResetPcBlade:start shutdown module 4
SendShutDownMsg - proc_id (1):shut down PC success.
Module 4 shut down in progress, please don't remove module until shutdown completed.
Console> (enable) 2002 May 07 23:19:03 %SYS-5-MOD_OK:Module 4 is online
Console> (enable) session 4
Trying NAM-4...
Connected to NAM-4.
Escape character is '^]'.
Cisco Network Analysis Module (WS-SVC-NAM-2)
login:root
Password:
Cisco Network Analysis Module (WS-SVC-NAM-2) Console, 3.1(0.1)
Copyright (c) 1999-2002 by cisco Systems, Inc.
WARNING! Default password has not been changed!
root@localhost.cisco.com#
root@localhost# patch ftp://host/pub/patch_rpms/c6nam-
3.1-strong-cryptoK9-patch-1-0.bin
Proceeding with installation. Please do not interrupt.
If installation is interrupted, please try again.
Downloading c6nam-3.1-strong-cryptoK9-patch-1-0.bin Please wait...
ftp://host/pub/patch_rpms/c6nam-3.1-strong-cryptoK9-patch-1-0 (1
K)
-                         [########################]       1K | 1071.96K/s
2022 bytes transferred in 0.00 sec (1006.91k/sec)
Verifying c6nam-3.1-strong-cryptoK9-patch-1-0. Please wait...
Patch c6nam-3.1-strong-cryptoK9-patch-1-0 verified.
Applying /usr/local/nam/patch/workdir/c6nam-3.1-strong-cryptoK9-patch-1-0. Pleas
e wait...
########################################### [100%]
########################################### [100%]
Patch applied successfully.
Additional NAM Software Administrative Commands

Refer to the Catalyst 6500 Series and Cisco 7600 Series Network Analysis Module Command Reference for information on NAM commands available through the NAM CLI.

The NAM supports these additional administrative commands:
Command

Description

clear ip

Clears the network configuration for the interface. This command is not available in the application partition. The corresponding command for the application partition is: config clear ip.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

clear log upgrade

Clears the application image upgrade log file. This command is available only in the maintenance image and the guest account in the maintenance image.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

config clear

Restores the NAM to the factory default state but does not config clear ip parameters.

Note All the config clear commands require a reboot, which is done after you are prompted. The config clear and config clear all commands wipe historic report data.

Default settings cleared include the following:

•Deleting all RMON control tables.

•Deleting all RMON1 and RMON2 filters.

•Returning the RMON configuration file to the default configuration.

•Restores the protocol directory to default.

•The web server is stopped (if a web server was running).

•These configurations are cleared:

–Remote device configuration.

–Local web users.

–All custom capture and custom decode filters.

–Report configurations.

–Web access logs.

–DSMON aggregate configurations.

•Syslog configurations are reset.

•NAM web preferences are reset.

•Autostart configurations are reset.

External Telnet sessions are switched off.

No IP host configuration data is deleted.

The NAM is rebooted automatically after entering the config clear command to allow these changes to take effect.

•This command can be used by the root account only.

config clear ip

Restores only the NAM IP parameters to the factory default state.

config clear all

Restores all NAM configuration to factory default state. This command also clears the IP parameters.

coredump ftp://host/absolute-path

Sends a core file to an anonymous FTP server after the RMON agent crashes. This command can upload multiple core files. The command uploads all of the core files for the form "core" located under the /usr/local/nam/bin directory. You should always copy and save this information to a file before calling the Cisco Technical Assistance Center (TAC). Cisco TAC needs this information to analyze and troubleshoot the NAM. Only one core dump file is maintained. A newly created core dump file overwrites an existing core dump file. This command can be used only by the root account.

Note If the FTP server does not allow anonymous users, use the following syntax: coredump ftp://user:password@host/absolute-path.

disable-guest

Disables the guest account from the maintenance image.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

enable-guest

Enables the guest account from the maintenance image.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

exsession [on | off] [ssh]

Note For enabling and disabling SSH, the crypto patch needs to be installed. See the "Configuring the HTTP Secure Server" section on page 3-22.

Controls whether or not the external Telnet sessions are accepted by the NAM from outside the switch. The default is set to off. If the exsession command is set to off, you can only make a Telnet connection to the NAM from the supervisor engine on the switch. If the exsession command is set to on, new Telnet requests from any valid IP address are accepted. This command will not drop any open sessions. This command can be used by the root account only.

exsession on—Enables Telnet.

exsession on ssh—Enables SSH.

exsession off—Disables Telnet.

exsession off ssh—Disables SSH.

[command] help

Displays a list of top-level commands or additional information for an individual command.

Note The maintenance image does not have this command. You must type a ? for help instead.

ip

Sets the IP parameters. This command is available from the application and maintenance image and the guest account in the maintenance image.

ip address ip-address netmask

Specifies the IP address and subnet for a node on the network.

ip broadcast broadcast-address

Specifies the IP broadcast address for a node on the network.

ip domain domain-name

Specifies the domain name.

ip gateway gateway-address

Specifies the default IP gateway.

ip host hostname

Specifies an IP host name.

ip hosts add ip address host_name [alias 1] [alias 2]

Adds a host entry to the hosts file.

ip hosts add ftp://user:passwd@host/full-path/filename

Adds the host entries from the remote file to the hosts file.

ip hosts delete

Deletes a host entry from the hosts file.

ip hosts delete ftp://user:passwd@host/full-path/filename

Deletes the host entries from the remote file in the hosts file.

ip nameserver [name-server1] [name-server2] [name-server3]

Specifies the IP name server used to resolve network names into network addresses.

ip nameserver disable

Disables the configured name servers.

logout

Logs you out of the shell from the maintenance image and the guest account from the maintenance image.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

nslookup hostname [server]

Allows name server queries for information about a host. If the optional server is not specified, the NAM DNS servers are used.
passwd
Sets the password for the current user. In the application software, this command requires that the user name is specified as an argument. For example:
passwd root
passwd guest
passwd-guest

Sets the password for the guest account from the maintenance image.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

patch ftp://user:passwd@host/full-path/filename

Applies a patch to the application software from the specified location.

ping [-nv] [-c count] [-i wait] [-p pattern] [-s packetsize] hostname | IP address

Sends ICMP echo-request packets to another node on the network. To configure ping, you can also use the command without arguments.

The following options are supported:

-n—Shows network addresses as numbers.

-v—Provides verbose output.

-c count—Stops after sending count ECHO_REQUEST packets.

-i wait—Waits seconds between sending each packet.

-p pattern—Up to 16 pad bytes can be used to fill out packets you send.

-s packetsize—The 8 bytes of ICMP header data.

reboot

Reboots the NAM from the application image.

rmon artmib {enable | disable}

Enables or disables the RMON ART MIB from the application image.

show

Displays the system parameters from the maintenance and guest account from the maintenance image.

show autostart

Enables reporting for statistics, address mappings, VLANs, and MIBs.

show bios

Displays system information about the BIOS and module (including NAM serial number) that the Cisco TAC might need for troubleshooting. Copy and save the information to a file before calling TAC. This command can be used by both root and guest accounts.

show certificate

Displays certificates you have installed for secure servers.

show certificate-request

Displays encrypted certificate requests for secure servers.

show cpu

Displays current processor load on the NAM CPU for all combined functions. This command can be used by both root and guest accounts.

show date

Displays current time-of-day information maintained by the NAM. This command can be used by both root and guest accounts.

show diaglog

Displays the diagnostics log file from the guest account in the maintenance image.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

show ethif

Displays the Ethernet interface information from the guest account in the maintenance image.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

show hosts

Displays the hosts file.

show images

Lists the image that is installed in the NAM application image. This command is available only from the maintenance image.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

show ip

Displays current IP configuration including the HTTP server, secure server, port, secure port, and TACACS+ information.

show log

Displays the application image log.

This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.

show log config

Displays the output of the previous configuration import. For example, the output of the config network command.

show log upgrade

Displays the maintenance image upgrade log when you are booted into application image.

Displays the application image upgrade log when you are booted into the maintenance image.

show memory

Displays system memory statistics. Memory sizes are rounded to the nearest Megabyte. This command can be used by both root and guest accounts.

show options

Displays ART MIB and voice monitoring configuration status.

show patches

Displays installed software patches.

show rxcounters

Displays RX data counters.

show snmp

Displays the SNMP configuration.
show tech-support
Displays system information without page-breaks that the Cisco TAC might need for troubleshooting. Copy and save the information to a file before calling TAC. This command can be used by the root account only.

From a UNIX system, do the following:

a. Telnet to the switch supervisor.

b. Session to the NAM module.

c. Log in to the NAM as root user.

d. In the NAM CLI type,
# show tech-support
# exit
$ exit
e. A file tech.txt is created in the UNIX system.

From a Windows system, do the following:

a. Launch Windows HyperTerminal and connect to switch supervisor.

b. Session to the NAM module.

c. Log in to the NAM as the root user.

d. In the HyperTerminal menu, select Transfer > Capture Text.

e. Enter a file name in a dialog that pops up and click Start.

f. In the NAM CLI type,
# show tech-support
# exit
g. In the Hyper Terminal menu, select Transfer > Capture Text > Stop.
show version

Displays the NAM maintenance image version, daughter card information, and NAM application image version.

•The NAM application image version is not displayed as part of the show version command output if you are running this command from the maintenance image.

•The NAM maintenance image version is not displayed as part of the show version command output if you are running this command from the application image.

snmp community community-string {ro | rw}

Sets the SNMP community string value.

traceroute [-Inv] [-f first_ttl] [-m max_ttl] [-p port] [-s src_addr] [-t tos] [-w waittime] destination host name | IP address [packetlen]

The following options are supported:

-I—Uses ICMP ECHO instead of UDP datagrams.

-n—Prints hop addresses numerically.

-v—Provides verbose output.

-f first_ttl—Sets the initial time-to-live used in the first outgoing packet.

-m max_ttl—Sets the maximum time-to-live (max number of hops) used.

-p port—Sets the base UDP port number used in probes.

-s src_addr—Forces the source address to something different than the IP address of the interface the packet is sent on.

-t tos—Sets the type-of-service in packets to the following value.

-w waittim—Sets the time (in seconds) to wait for a response to a probe.

upgrade [ftp-url] [device:partition-num]

Upgrades the maintenance image from the specified location when the NAM is booted into the application image. This command is also available from the guest account in the maintenance image.

Upgrades the NAM application image from the specified location when the NAM is booted into the maintenance image.

upgrade bios

Installs a new BIOS image. This command is available in the guest account from the maintenance image.

Caution If used improperly, this command can cause the NAM to become inoperable.

voice monitoring

Enables voice monitoring from the application image.
The NAM also supports CLI commands for the supervisor engine, which are described in more detail in the Catalyst 6500 Series Switch Command Reference publication.

Cisco IOS Commands

The NAM also supports these CLI commands, which are described in more detail in the Catalyst 6500 Series Switch Cisco IOS Command Reference publication. These commands are grouped according to mode. These sections describe the Cisco IOS commands that interact with the NAM:

•EXEC Commands

•Configuration Commands

EXEC Commands

The following commands are all performed in EXEC mode:
Command

Description

analysis module slot_number management-port access-vlan vlan_number

Sets the NAM management port and the capture mode characteristics of the interface. Sets the VLANs that are allowed when the interface is in capture mode.

analysis module slot_number data-port port_number capture [allowed-vlan vlan-list]

Sets the NAM data port and the capture mode characteristics of the interface. Sets the VLANs that are allowed when the interface is in capture mode.

set boot device partition_number module_number [fast]

Allows enabling a fast boot when setting the boot device partition using the set boot device partition_number module_number [fast] command. This option is disabled by default. This option operates similarly to the Cisco IOS [fast] command option, by skipping the BIOS memory test and allowing the NAM to boot faster.

show analysis module slot_number management-port state | traffic

Displays the management port settings.

show analysis module slot_number data-port port_number state | traffic

Displays the data port settings.

show module

Displays installed modules, versions, and states.

Note This command does not show the signature level.

reload

Reloads the entire switch.

show running-config

Displays the configuration that is currently running.

show startup-config

Displays the saved configuration.
hw-module module module_number reset word [fast]
Resets the module into the application image by default. The fast option allows you to skip the BIOS memory test for a faster boot

Note If you do not specify a boot device for this command, the <empty> message is displayed. For example:
Router# hw-module module 3 reset 
Device BOOT variable for reset = <empty>
Warning:Device list is not verified.
hw-module module slot_number reset cf:1

Resets the module into the maintenance image.

hw-module module slot_number shutdown

Resets the module into the maintenance image and shuts down the module.

show interfaces Gigabit slot_number/port_number

Displays status of the interface.

show interfaces switchport module slot_number

Displays current switch settings for the interfaces.

show interface trunk module slot_number

Displays current trunk settings for the interfaces.

clock set time date

Sets the current time and date.

clock update-calendar

Updates the calendar time to the clock time.

clock read-calendar

Updates clock time to the calendar time.
Configuration Commands

The following commands are all performed in either global configuration mode or the interface configuration mode:

•Global Configuration Mode

•Interface Configuration Mode

Global Configuration Mode

The following commands are all performed in global configuration mode:

Command

Description

power enable module slot_number

Turns on the power for the NAM if it is not already on.

no power enable module slot_number

Shuts down the NAM and removes power.

clock timezone zone offset

Sets the timezone for the switch or NAM.

clock summer-time zone recurring

Sets the switch to use summertime settings.

clock calendar valid

Sets the current calendar time as the switch time on startup.

interface GigabitEthernet slot number/port number

Begins configuration for each NAM port.

monitor session session {source {interface interface interface-number | {vlan vlan-id}} [ , | - | rx| tx | both]

Sets the sources for a SPAN session.

monitor session {session_number} {destination analysis module NAM module number data-port port}

Sets the destination for a SPAN session.

Interface Configuration Mode

The following commands are configuration commands performed in interface configuration mode:

Command

Description

switchport

Sets interface as a switchport.

switchport trunk encapsulation dot1q

Sets dot1q as the encapsulation type.

switchport trunk native vlan vlan

Sets native VLAN for the trunk port.

switchport trunk allowed vlan vlans

Sets allowed VLANs for a trunk.

switchport mode trunk

Sets the interface as a trunk port.

switchport capture

Sets the interface as a capture port.

switchport access vlan vlan

Sets the access VLAN for the interface.

switchport mode access

Sets the interface as an access port.

Unsupported Supervisor Engine CLI Commands

These CLI commands are not supported by the NAM:

•set port broadcast

•set port channel

•set port cops

•set port disable

•set port enable

•set port flowcontrol

•set port gmrp

•set port gvrp

•set port host

•set port inlinepower

•set port jumbo

•set port membership

•set port negotiation

•set port protocol

•set port qos

•set port rsvp

•set port security

•set port speed

•set port trap

•set protocolfilter

•set rgmp

•set rspan

•set snmp

•set spantree

•set trunk

•set udld

•set vlan

•set vtp

Table 4-1 NAM Users and Passwords
Module	Application Image (located on the hard disk)	Maintenance Image (located on the compact flash)
WS-SVC-NAM-1 WS-SVC-NAM-2	User	Password	User	Password
	root	root	root	cisco
	guest	guest	guest	cisco
WS-X6380-NAM	User	Password	User	Password
	root	root	root	root
	guest	guest	guest	root

Task	Command
Reset the module.	hw-module module mod_num reset device:partition mem-test-full The device:partition value is the string for PC boot device, for example: hdd:x designates the hard disk, cf:x designates the compact Flash where x is the number for the partition on each device. When specifying boot devices, for the NAM, refer to Table 4-2.

Table 4-2 NAM Boot Devices
WS-X6380-NAM	WS-SVC-NAM-1 and WS-SVC-NAM-2
When specifying the boot device, you must use hdd:1 for the application image and hdd:2 for the maintenance image.	When specifying the boot device for the WS-SVC-NAM-1 and the WS-SVC-NAM-2, you must use hdd:1 for the application image and cf:1 for the maintenance image.

Table 4-3 NAM Image Prefixes
Module	Application Image	Maintenance Image
WS-SVC-NAM-1	c6svc-nam	c6svc-nam-maint
WS-SVC-NAM-2	c6svc-nam	c6svc-nam-maint
WS-X6380-NAM	c6nam	c6nam-maint

Table 4-4 NAM User Administration
User Interface	Add Users	Remove Users	Set Password	Recover Password
CLI	No	No	Use the password command.	No
Traffic Analyzer	Add the first user with the CLI when starting the web server. Add all subsequent users through the web GUI for the local database or through TACACS+ if the TACACS+ server is used. Additionally, you can create web users with the CLI web-user command.	Use the no web-user command.
Traffic Analyzer local database	Yes	Yes	Yes	Contact the NAM administrator to reset through the GUI. From the NAM CLI, use the rmwebusers command.
Traffic Analyzer TACACS+	Yes	Yes	Yes	Use a TACACS+ server, or use the ip http tacacs+ disable command.

Table 4-5 NAM Users and Passwords
Application Image (located on the hard disk)	Maintenance Image (located on the compact flash)
User	Password	User	Password
root	root	root	cisco
guest	guest	guest	cisco

Task	Command
Reset the NAM.	reset mod_num boot_string The mod_num boot_string variable is the string for PC boot device, for example: hdd:x designates the hard disk, cf:x designates the compact flash where x is the number for the partition on each device. When specifying boot devices, refer to Table 4-6 for boot device specifications for the NAM.

Table 4-6 NAM Boot Devices
WS-X6380-NAM	WS-SVC-NAM-1 and WS-SVC-NAM-2
When specifying the boot device, you must use hdd:1 for the application image and hdd:2 for the maintenance image.	When specifying the boot device for the WS-SVC-NAM-1 and the WS-SVC-NAM-2, you must use hdd:1 for the application image and cf:1 for the maintenance image.

Command	Description
clear ip	Clears the network configuration for the interface. This command is not available in the application partition. The corresponding command for the application partition is: config clear ip. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
clear log upgrade	Clears the application image upgrade log file. This command is available only in the maintenance image and the guest account in the maintenance image. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
config clear	Restores the NAM to the factory default state but does not config clear ip parameters. Note All the config clear commands require a reboot, which is done after you are prompted. The config clear and config clear all commands wipe historic report data. Default settings cleared include the following: •Deleting all RMON control tables. •Deleting all RMON1 and RMON2 filters. •Returning the RMON configuration file to the default configuration. •Restores the protocol directory to default. •The web server is stopped (if a web server was running). •These configurations are cleared: –Remote device configuration. –Local web users. –All custom capture and custom decode filters. –Report configurations. –Web access logs. –DSMON aggregate configurations. •Syslog configurations are reset. •NAM web preferences are reset. •Autostart configurations are reset. External Telnet sessions are switched off. No IP host configuration data is deleted. The NAM is rebooted automatically after entering the config clear command to allow these changes to take effect. •This command can be used by the root account only.
config clear ip	Restores only the NAM IP parameters to the factory default state.
config clear all	Restores all NAM configuration to factory default state. This command also clears the IP parameters.
coredump ftp://host/absolute-path	Sends a core file to an anonymous FTP server after the RMON agent crashes. This command can upload multiple core files. The command uploads all of the core files for the form "core" located under the /usr/local/nam/bin directory. You should always copy and save this information to a file before calling the Cisco Technical Assistance Center (TAC). Cisco TAC needs this information to analyze and troubleshoot the NAM. Only one core dump file is maintained. A newly created core dump file overwrites an existing core dump file. This command can be used only by the root account. Note If the FTP server does not allow anonymous users, use the following syntax: coredump ftp://user:password@host/absolute-path.
disable-guest	Disables the guest account from the maintenance image. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
enable-guest	Enables the guest account from the maintenance image. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
exsession [on \| off] [ssh]	Note For enabling and disabling SSH, the crypto patch needs to be installed. See the "Configuring the HTTP Secure Server" section on page 3-22. Controls whether or not the external Telnet sessions are accepted by the NAM from outside the switch. The default is set to off. If the exsession command is set to off, you can only make a Telnet connection to the NAM from the supervisor engine on the switch. If the exsession command is set to on, new Telnet requests from any valid IP address are accepted. This command will not drop any open sessions. This command can be used by the root account only. exsession on—Enables Telnet. exsession on ssh—Enables SSH. exsession off—Disables Telnet. exsession off ssh—Disables SSH.
[command] help	Displays a list of top-level commands or additional information for an individual command. Note The maintenance image does not have this command. You must type a ? for help instead.
ip	Sets the IP parameters. This command is available from the application and maintenance image and the guest account in the maintenance image.
ip address ip-address netmask	Specifies the IP address and subnet for a node on the network.
ip broadcast broadcast-address	Specifies the IP broadcast address for a node on the network.
ip domain domain-name	Specifies the domain name.
ip gateway gateway-address	Specifies the default IP gateway.
ip host hostname	Specifies an IP host name.
ip hosts add ip address host_name [alias 1] [alias 2]	Adds a host entry to the hosts file.
ip hosts add ftp://user:passwd@host/full-path/filename	Adds the host entries from the remote file to the hosts file.
ip hosts delete	Deletes a host entry from the hosts file.
ip hosts delete ftp://user:passwd@host/full-path/filename	Deletes the host entries from the remote file in the hosts file.
ip nameserver [name-server1] [name-server2] [name-server3]	Specifies the IP name server used to resolve network names into network addresses.
ip nameserver disable	Disables the configured name servers.
logout	Logs you out of the shell from the maintenance image and the guest account from the maintenance image. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
nslookup hostname [server]	Allows name server queries for information about a host. If the optional server is not specified, the NAM DNS servers are used.
passwd	Sets the password for the current user. In the application software, this command requires that the user name is specified as an argument. For example: passwd root passwd guest
passwd-guest	Sets the password for the guest account from the maintenance image. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
patch ftp://user:passwd@host/full-path/filename	Applies a patch to the application software from the specified location.
ping [-nv] [-c count] [-i wait] [-p pattern] [-s packetsize] hostname \| IP address	Sends ICMP echo-request packets to another node on the network. To configure ping, you can also use the command without arguments. The following options are supported: -n—Shows network addresses as numbers. -v—Provides verbose output. -c count—Stops after sending count ECHO_REQUEST packets. -i wait—Waits seconds between sending each packet. -p pattern—Up to 16 pad bytes can be used to fill out packets you send. -s packetsize—The 8 bytes of ICMP header data.
reboot	Reboots the NAM from the application image.
rmon artmib {enable \| disable}	Enables or disables the RMON ART MIB from the application image.
show	Displays the system parameters from the maintenance and guest account from the maintenance image.
show autostart	Enables reporting for statistics, address mappings, VLANs, and MIBs.
show bios	Displays system information about the BIOS and module (including NAM serial number) that the Cisco TAC might need for troubleshooting. Copy and save the information to a file before calling TAC. This command can be used by both root and guest accounts.
show certificate	Displays certificates you have installed for secure servers.
show certificate-request	Displays encrypted certificate requests for secure servers.
show cpu	Displays current processor load on the NAM CPU for all combined functions. This command can be used by both root and guest accounts.
show date	Displays current time-of-day information maintained by the NAM. This command can be used by both root and guest accounts.
show diaglog	Displays the diagnostics log file from the guest account in the maintenance image. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
show ethif	Displays the Ethernet interface information from the guest account in the maintenance image. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
show hosts	Displays the hosts file.
show images	Lists the image that is installed in the NAM application image. This command is available only from the maintenance image. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
show ip	Displays current IP configuration including the HTTP server, secure server, port, secure port, and TACACS+ information.
show log	Displays the application image log. This command is used only for the WS-SVC-NAM-1 and the WS-SVC-NAM-2 module maintenance image.
show log config	Displays the output of the previous configuration import. For example, the output of the config network command.
show log upgrade	Displays the maintenance image upgrade log when you are booted into application image. Displays the application image upgrade log when you are booted into the maintenance image.
show memory	Displays system memory statistics. Memory sizes are rounded to the nearest Megabyte. This command can be used by both root and guest accounts.
show options	Displays ART MIB and voice monitoring configuration status.
show patches	Displays installed software patches.
show rxcounters	Displays RX data counters.
show snmp	Displays the SNMP configuration.
show tech-support	Displays system information without page-breaks that the Cisco TAC might need for troubleshooting. Copy and save the information to a file before calling TAC. This command can be used by the root account only. From a UNIX system, do the following: a. Telnet to the switch supervisor. b. Session to the NAM module. c. Log in to the NAM as root user. d. In the NAM CLI type, # show tech-support # exit $ exit e. A file tech.txt is created in the UNIX system. From a Windows system, do the following: a. Launch Windows HyperTerminal and connect to switch supervisor. b. Session to the NAM module. c. Log in to the NAM as the root user. d. In the HyperTerminal menu, select Transfer > Capture Text. e. Enter a file name in a dialog that pops up and click Start. f. In the NAM CLI type, # show tech-support # exit g. In the Hyper Terminal menu, select Transfer > Capture Text > Stop.
show version	Displays the NAM maintenance image version, daughter card information, and NAM application image version. •The NAM application image version is not displayed as part of the show version command output if you are running this command from the maintenance image. •The NAM maintenance image version is not displayed as part of the show version command output if you are running this command from the application image.
snmp community community-string {ro \| rw}	Sets the SNMP community string value.
traceroute [-Inv] [-f first_ttl] [-m max_ttl] [-p port] [-s src_addr] [-t tos] [-w waittime] destination host name \| IP address [packetlen]	The following options are supported: -I—Uses ICMP ECHO instead of UDP datagrams. -n—Prints hop addresses numerically. -v—Provides verbose output. -f first_ttl—Sets the initial time-to-live used in the first outgoing packet. -m max_ttl—Sets the maximum time-to-live (max number of hops) used. -p port—Sets the base UDP port number used in probes. -s src_addr—Forces the source address to something different than the IP address of the interface the packet is sent on. -t tos—Sets the type-of-service in packets to the following value. -w waittim—Sets the time (in seconds) to wait for a response to a probe.
upgrade [ftp-url] [device:partition-num]	Upgrades the maintenance image from the specified location when the NAM is booted into the application image. This command is also available from the guest account in the maintenance image. Upgrades the NAM application image from the specified location when the NAM is booted into the maintenance image.
upgrade bios	Installs a new BIOS image. This command is available in the guest account from the maintenance image. Caution If used improperly, this command can cause the NAM to become inoperable.
voice monitoring	Enables voice monitoring from the application image.

Command	Description
analysis module slot_number management-port access-vlan vlan_number	Sets the NAM management port and the capture mode characteristics of the interface. Sets the VLANs that are allowed when the interface is in capture mode.
analysis module slot_number data-port port_number capture [allowed-vlan vlan-list]	Sets the NAM data port and the capture mode characteristics of the interface. Sets the VLANs that are allowed when the interface is in capture mode.
set boot device partition_number module_number [fast]	Allows enabling a fast boot when setting the boot device partition using the set boot device partition_number module_number [fast] command. This option is disabled by default. This option operates similarly to the Cisco IOS [fast] command option, by skipping the BIOS memory test and allowing the NAM to boot faster.
show analysis module slot_number management-port state \| traffic	Displays the management port settings.
show analysis module slot_number data-port port_number state \| traffic	Displays the data port settings.
show module	Displays installed modules, versions, and states. Note This command does not show the signature level.
reload	Reloads the entire switch.
show running-config	Displays the configuration that is currently running.
show startup-config	Displays the saved configuration.
hw-module module module_number reset word [fast]	Resets the module into the application image by default. The fast option allows you to skip the BIOS memory test for a faster boot Note If you do not specify a boot device for this command, the <empty> message is displayed. For example: Router# hw-module module 3 reset Device BOOT variable for reset = <empty> Warning:Device list is not verified.
hw-module module slot_number reset cf:1	Resets the module into the maintenance image.
hw-module module slot_number shutdown	Resets the module into the maintenance image and shuts down the module.
show interfaces Gigabit slot_number/port_number	Displays status of the interface.
show interfaces switchport module slot_number	Displays current switch settings for the interfaces.
show interface trunk module slot_number	Displays current trunk settings for the interfaces.
clock set time date	Sets the current time and date.
clock update-calendar	Updates the calendar time to the clock time.
clock read-calendar	Updates clock time to the calendar time.

Command	Description
power enable module slot_number	Turns on the power for the NAM if it is not already on.
no power enable module slot_number	Shuts down the NAM and removes power.
clock timezone zone offset	Sets the timezone for the switch or NAM.
clock summer-time zone recurring	Sets the switch to use summertime settings.
clock calendar valid	Sets the current calendar time as the switch time on startup.
interface GigabitEthernet slot number/port number	Begins configuration for each NAM port.
monitor session session {source {interface interface interface-number \| {vlan vlan-id}} [ , \| - \| rx\| tx \| both]	Sets the sources for a SPAN session.
monitor session {session_number} {destination analysis module NAM module number data-port port}	Sets the destination for a SPAN session.

Command	Description
switchport	Sets interface as a switchport.
switchport trunk encapsulation dot1q	Sets dot1q as the encapsulation type.
switchport trunk native vlan vlan	Sets native VLAN for the trunk port.
switchport trunk allowed vlan vlans	Sets allowed VLANs for a trunk.
switchport mode trunk	Sets the interface as a trunk port.
switchport capture	Sets the interface as a capture port.
switchport access vlan vlan	Sets the access VLAN for the interface.
switchport mode access	Sets the interface as an access port.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

Administering the NAM

Available Languages

Download Options

Bias-Free Language

Table Of Contents