- Contents
- Overview
- Getting Started
- Monitoring and Analyzing Traffic
- Capturing and Decoding Packets
- Performing User and System Administration
- Understanding Cisco Security Packet Analyzer Deployment
- Customizing Cisco Security Packet Analyzer
- Understanding Prime Cisco Security Packet Analyzer Traffic Sources
- Configuring Cisco Security Packet Analyzer Security
- Understanding Cisco Security Packet Analyzer Behavior Reference
- GUI Field Descriptions
- Troubleshooting Network and Cisco Security Packet Analyzer Issues
- Performing System Administration
- Monitoring Packet Analyzer Health and Traffic Statistics
- Setting Network Parameters
- Setting the SNMP Agent
- Synchronizing Your System Time
- Setting Up E-Mail Notifications for Alarms
- Sharing Packet Analyzer Data by Enabling Web Data Publication
- Setting Remote Servers to Receive Syslog Messages
- Configuring Hosts to Receive SNMP Traps from Packet Analyzer
- Customizing System Preferences
- Importing/Exporting Configuration Details
- Troubleshooting Using Diagnostics Tools
- Controlling User Access
- Managing System Data
Performing User and System Administration
This chapter provides information about what user and system administration tasks are required or optional, how to generate diagnostic information when requesting technical assistance, and provide user access.
Performing System Administration
You can perform the following system administration tasks:
- Monitoring Packet Analyzer Health and Traffic Statistics
- Setting Network Parameters
- Setting the SNMP Agent
- Synchronizing Your System Time
- Sharing Packet Analyzer Data by Enabling Web Data Publication
- Setting Remote Servers to Receive Syslog Messages
- Configuring Hosts to Receive SNMP Traps from Packet Analyzer
- Customizing System Preferences
- Importing/Exporting Configuration Details
For at-a-glance details on why you may want to perform these system administration tasks, see Table 5-1 .
Monitoring Packet Analyzer Health and Traffic Statistics
Ensuring that your Packet Analyzer processes your traffic efficiently and effectively without becoming overloaded is a critical task.
To view the network traffic coming into the Packet Analyzer as well as data about its health (such as server network details and CPU, memory, and data usage) use Administration > System > Overview to check how much traffic is sent to Packet Analyzer. If you can't see any traffic coming in on this page, check the traffic source and cable connections.
Use the data provided in the Inputs and Resources tabs to determine scalability issues and to assist with troubleshooting.
Table D-68 describes the types of information of the System Overview window.
Setting Network Parameters
If you want to use IP hostname resolution in Packet Analyzer, you must configure the nameservers first. Packet Analyzer supports three DNS servers. If this task is not complete, you will be unable to perform DNS lookup. You can also set

Tip Ensure your name server addresses are correct, otherwise some of your Monitor dashboards and Capture Decode windows may seem slow to load.
To view and set your name servers:
Step 1 Choose Administration > System > Network Parameters.
The Network Parameters window displays.
Step 2 Enter or change the IPv4 or IPv6 information.
Step 3 To validate the accuracy of the nameservers, click Validate Nameservers.
Step 4 Do one of the following:
Step 5 Ensure you have turned on IP hostname resolution using Administration > System > Preferences. See Customizing System Preferences.
Setting the SNMP Agent
An SNMP Agent is a network management software module that resides in a managed device. It has local knowledge of management information and translates that information into a form compatible with SNMP.
You can manage devices with SNMPv3 in addition to SNMPv2 and SNMPv1. The Packet Analyzer polls the managed device to get its basic health and interface statistics. For Packet Analyzer blades, the managed device is the switch in which the Packet Analyzer is inserted, and the Packet Analyzer software negotiates with the switch to use SNMP and a community string to do the polling. This community string is only valid for use with the Packet Analyzer. For security purposes, the switch associates the community string with the Packet Analyzer's IP address only, and no other SNMP application can use this community string to communicate with the switch. For more information about community strings, see Working with Packet Analyzer Community Strings.
Also, to further alleviate any security concerns, the SNMP exchanges between Packet Analyzer blades and the switch take place on an internal backplane bus. These SNMP packets are not visible on any network, nor any interface outside of the switch. It is a completely secure out-of-band channel inside the switch.
For other platforms, such as Packet Analyzer appliances, you can type in any IP address and use it as the managed device. In setting managed devices, virtual Packet Analyzer platforms managed devices function just like the Packet Analyzer appliances. On all platforms, Packet Analyzer can only monitor and display data for one managed device at a time.
In this case, the managed device may only want to use SNMPv3 since it is more secure.
For RISE appliances, if the managed device is a Nexus switch/VDC, RISE service is configured on the Nexus switch SUP. When RISE service is configured, Nexus device and Packet Analyzer will automatically sync up the VDC and interfaces information. Packet Analyzer in this environment is used to manage more than one VDC's interface statistics, without moving physical data port connections between Packet Analyzer and switch.
To view and set the Packet Analyzer SNMP agent, follow these steps:
Step 1 Choose Administration > System > SNMP Agent.
Step 2 Enter or change the information in the Packet Analyzer SNMP window. The fields are detailed in Table D-69 .
Step 3 To create community strings, see Creating Packet Analyzer Community Strings.
Step 4 To delete community strings, select the entry and click Delete.
Step 5 To save the changes, click Submit.
Working with Packet Analyzer Community Strings
You use community strings so that other applications can send SNMP get and set requests to the Packet Analyzer, set up collections, poll data, and so on.
Creating Packet Analyzer Community Strings
To create the Packet Analyzer community strings:
Step 1 Choose Administration > System > SNMP Agent.
Step 2 Click Create under Packet Analyzer Community Strings.
The System SNMP Agent Dialog Box displays.
Step 3 Enter the community string (use a meaningful name).
Step 4 Enter the community string again in the Verify Community field.
Step 5 Assign read-only or read-write permissions using the following criteria:
Step 6 To make the changes, click Submit.
Deleting Packet Analyzer Community Strings
To delete the Packet Analyzer community strings:
Step 1 Choose Administration > System > SNMP Agent.
Step 2 Select an entry, then click Delete.


Testing the Router Community Strings
Before the router can send information to the Packet Analyzer using SNMP, the router community strings set in the Packet Analyzer must match the community strings set on the actual router. The Router Parameters dialog box displays the router name, hardware, Supervisor engine software version, system uptime, location, and contact information.
The local router IP address and the SNMP community string must be configured so that the Packet Analyzer can communicate with the local router.
To set the community strings on the router, use the router CLI. For information on using the CLI, see the documentation that accompanied your device.


To test router community strings:
Step 1 Choose Setup > Managed Device > Device Information.
The Device Information dialog box displays.
Step 2 Enter the Device's Community String.
Step 3 Click Test Connectivity.
Step 4 Wait for a while for Packet Analyzer to communicate with the Device. If it comes back OK, then click on Submit.
Synchronizing Your System Time
Ensure that the Packet Analyzer system time is configured correctly. If the system time is incorrect, Packet Analyzer data presentation may be inaccurate due to time ranges, hence providing incorrect interpretations of Packet Analyzer data.
Some platforms are synchronized automatically, but you must also synchronize the standard time source outside the Packet Analyzer in addition to the Packet Analyzer and the router, switch, or in order for the data to be accurate. We recommend you perform the time synchronization for your platform, especially if you see the following message on the dashboard interface: Client or Packet Analyzer time is incorrect
.
You can configure the Packet Analyzer system time by using one of the following methods:
This is valid for all platforms and is the recommended option.
Configuring the Packet Analyzer System Time with an NTP Server
To configure the Packet Analyzer system time with an NTP server:
Step 1 Choose Administration > System > System Time.
Step 2 Choose the NTP Server radio button.
Step 3 Enter one or two NTP server names or IP address in the NTP server name/IP Address text boxes.
Step 4 Select the Region and local time zone from the lists.
Step 5 To save the changes, click Submit.
Synchronizing the Packet Analyzer System Time Locally
To configure the Packet Analyzer system time locally using the Packet Analyzer command line:
Step 1 Log into the Packet Analyzer command line interface.
Step 2 Set the clock using the CLI clock set command.
clock set <hh:mm:ss:> <mm/dd/yyyy>
Step 3 On the Packet Analyzer GUI, choose Administration > System > System Time.
Step 4 Click the Local radio button.
Step 5 Select the Region and local time zone from the lists.
Step 6 Click Submit to save the changes.
Understanding Packet Analyzer System Time
Ensure that the Packet Analyzer software application's Linux system time is synchronized with the packet timestamp and the standard time source outside of the Packet Analyzerplatform. Packet timing analysis uses system time to support application response time measurements, voice and video quality metrics, packet decode data, reporting, and many other network statistics.
The Packet Analyzer gets the UTC (GMT) time from several sources, depending on its Packet Analyzer platform type. All Packet Analyzer can be set up to get their time from an external NTP server. Other Packet Analyzer platforms may prefer to use an IEEE 1588 Precision Time Protocol (PTP)-based time master due to its high accuracy and precision.
You should also configure any PTP switches that are between the Packet Analyzer and the master clock to use Edge-to Edge (E2E) mode. E2E is preferred because it reduces PTP messaging bandwidth and eliminates delay accumulation when daisy chaining many nodes. If the master clock and/or PTP switches are not configured correctly, all of the clocks on the Packet Analyzer will be synced with each other, but to the wrong time.


The clock identity is the first three octets of the MAC address, followed by “ff fe,” and then the last three octets of the MAC address, as shown in the example below.
After the Packet Analyzer acquires the time, you can set the local time zone using the Packet Analyzer System Time configuration window.
For details on how to configure the Packet Analyzer system time for your specific hardware platform, see Synchronizing Your System Time.
Setting Up E-Mail Notifications for Alarms
You can configure Packet Analyzer to provide e-mail notification of alarms and to e-mail reports.
To set up e-mail notifications:
Step 1 Choose Administration > System > E-Mail Setting.
Step 2 Check the Enable Mail check box and enter the required or optional field information.
Table D-70 describes the Mail Configuration Options.
Step 3 Check the optional Advanced Settings check box and enter the details in the fields provided.
Step 4 Click Submit to save your modifications, or click Reset to clear the dialog of any characters you entered or restore the previous settings.
Sharing Packet Analyzer Data by Enabling Web Data Publication
Web Data Publication allows general web users and websites to access (or link to) selected Packet Analyzer monitor and report windows without a login session.
Web Data Publication can be open or restricted using Access Control List (ACL) and/or publication code. The publication code, if required, must be present in the URL address or cookie to enable access to published data.
To enable Web Data Publishing:
Step 1 Choose Administration > System > Web Data Publication.
Step 2 Check the Enable Web Data Publication check box.
Step 3 Enter a Publication Code (Optional). This is the pass code required in a URL’s cookie to access the published page. For example, a publication code set to abc123 would be able to access the following published window:
http://<secpa-hostname>/application-analysis/index?publicationcode=abc123
Step 4 Enter an ACL Permit IP Address/Subnets to permit only those IP addresses or subnets access to web publications. No entry provides open access to all.
Step 5 Click Submit to enable web publishing, or click Reset to clear the dialog of any characters you entered.
Setting Remote Servers to Receive Syslog Messages
Packet Analyzer syslogs are created for alarm threshold events, voice threshold events, or system alerts. You can specify whether syslog messages should be logged locally on the Packet Analyzer, on a remote host, or both. You can use the Packet Analyzer to view the local Packet Analyzer syslogs.
If logging on a remote host, in most Unix-based systems, the syslog collector that handles the incoming syslog messages uses the facility field to determine what file to write the message to, and it will use a facility called local7. Check the syslog collector configuration to ensure that local7 is handled properly.
To set up the Packet Analyzer syslog:
Step 1 Choose Administration > System > Syslog Setting.
The Packet Analyzer Syslog Setting window displays.
Step 2 In the Remote Server Names field, enter the IP address or DNS name of up to five remote systems where syslog messages are logged. Each address you enter receives syslog messages from all three alarms (Alarm Thresholds, Voice Signaling Thresholds, and System).
Step 3 Click Submit to save your changes, or click Reset to cancel.
Configuring Hosts to Receive SNMP Traps from Packet Analyzer
Traps are used to store alarms triggered by threshold crossing events. When an alarm is triggered, you can trap the event and send it to a separate host. Trap-directed notifications can result in substantial savings of network and agent resources by eliminating the need for frivolous SNMP requests.
To configure, edit, or delete a host destination to which Packet Analyzer will send traps:
Step 1 Choose Administration > System > SNMP Trap Setting.
The SNMP Trap Setting window displays.
Step 3 In the Community field, enter the community string set in the Packet Analyzer Thresholds.
Step 4 In the IP Address field, enter the IP address to which the trap is sent if the alarm and trap community strings match.
Step 5 In the UDP Port field, enter the UDP port number.
Step 6 Click Submit to save your changes, or click Reset to cancel and leave the configuration unchanged.
Customizing System Preferences
To change the Packet Analyzer display or logging characteristics, choose Administration > System > Preferences. Table D-70 describes the fields of the Preferences window and why you may want to change the defaults.
Importing/Exporting Configuration Details
To import/export the configuration details:
Step 1 Choose Administration > System > Import/Export Configuration.
Step 2 Click Import or Export at the top of the window.
Step 3 Choose either FTP, SFTP or SCP from the protocol drop-down list.
Step 4 Enter the IP address of the host.
Step 5 Enter the username and password of the host. This is optional if you select FTP as the protocol.
Step 6 Enter the configuration filename of the application which you want to import or export.
Step 7 Enter the location where you want to import or export the application details.
Step 8 Enter the configuration filename of the DSCP which you want to import or export.
Step 9 Enter the location where you want to import or export the DSCP details.
Step 10 Enter the configuration filename of the Site which you want to import or export.
Step 11 Enter the location where you want to import or export the Site details.
Step 12 Click Import or Export.
While importing, it will replace the existing configuration details with the new details.
Troubleshooting Using Diagnostics Tools
The Diagnostics option of the Administration menu provides tools to aid in troubleshooting. You can use these tools when you have a problem that might require assistance from the Cisco Technical Assistance Center (TAC). There are options for:
For additional information on troubleshooting Packet Analyzer, see Troubleshooting Network and Packet Analyzer Issues.
System Alerts
You can view any failures or problems that the Packet Analyzer has detected during normal operations. To view System Alerts, choose Administration > Diagnostics > System Alerts.
Each alert includes a date, the time the alert occurred, and a message describing the alert. The Packet Analyzer displays up to one thousand (1,000) of the most-recent alerts. If more than 1,000 alerts have occurred, you need to use the Packet Analyzer CLI command show tech-support to see all of the alerts.
If you notice an alert condition and troubleshoot and attempt to solve the condition causing the alert, you might want to click Clear to remove the list of alerts to see if additional alerts occur.
Audit Trail
The Audit Trail option displays a listing of recent critical activities that have been recorded in an internal syslog log file. Syslog messages can also be sent to an external log using Administration > System > Syslog Setting.
The following user activities are logged in the audit trail:
- All CLI commands
- User logins (including failed attempts)
- Unauthorized access attempts
- SPAN changes
- NetFlow data source changes
- Enabling and disabling data collections
- Starting and stopping captures
- Adding and deleting users
Each log entry will contain the following:
There are two additional logs, Samba (SMB) and SSH/SFTP which are logged events from the File Sharing feature. These events get logged when the file operations are performed either on a network device through SMB or from SSH/SFTP connections.
To access the audit trail window, choose Administration > Diagnostics > Audit Trail. The Audit Trail window appears and provides a way to view the user access log and filter entries based on time, user, (IP address) from or activity. The internal log files are rotated after reaching certain size limits.
Tech Support
The Packet Analyzer syslog records Packet Analyzer system alerts that contain event descriptions and date and timestamps, indicating unexpected or potentially noteworthy conditions. This feature generates a potentially extensive display of the results of various internal system troubleshooting commands and system logs. For a list of user activities logged in the audit trail window, see Audit Trail.
This information is unlikely to be meaningful to the average user. It is intended to be used by your technical support team for debugging purposes. You are not expected to understand this information; instead, you should save the information and attach it to an e-mail message to your support team or, if applicable, Cisco TAC.
Before you can view the Tech Support page, you must enable the System Config user privilege on the Administration > Users > Local Database page. For more information on editing user privileges, see Establishing TACACS+ Authentication and Authorization.
To view the tech support information:
Step 1 Choose Administration > Diagnostics > Tech Support.
After a few minutes, extensive diagnostic information generates and displays in the window.
Step 2 To save the information, click Download log files. Save the files to your local disk. You can analyze the files locally or, if requested forward on to your technical support team for review.
To download core files from the Tech Support page, click Download log files and follow the instructions.
Controlling User Access
In order to make your Cisco Packet Analyzer solution more secure, you can take several steps including:
- Enable Secure Sockets Layer (SSL) on the Cisco Packet Analyzer for secure, encrypted HTTP sessions. See your installation guide for details.
- Enable Secure Shell (SSH) protocol for secure Telnet to the Cisco Packet Analyzer.
- Enable TACACS+ for authentication and authorization. Cisco Packet Analyzer provide support for multiple TACACS+ servers.
This section covers how to control your user’s access using the Administration options:
- Local Database
- Establishing TACACS+ Authentication and Authorization
- Configuring a TACACS+ Server to Support Packet Analyzer Authentication and Authorization
- Current User Sessions
Local Database
When you first install the Packet Analyzer, use the Packet Analyzer command-line interface (CLI) to enable the HTTP server and establish a username and password to access the Packet Analyzer for the first time.
After setting up the initial user accounts (root, admin, and webuser), you can create additional accounts, enabling or disabling different levels of access independently for each user.
Table D-72 provides information about User Privileges and describes each privilege.
For additional information about creating and editing users, see Creating a New User and Establishing TACACS+ Authentication and Authorization.
If you have forgotten your password, use the helper utility to reset your root or user passwords (see Resetting Passwords).
Resetting Passwords
There are several methods you can use to reset your Packet Analyzer passwords. Use the options documented in Table 5-2 based on your needs.
|
|
|
---|---|---|
Restart your Packet Analyzer and choose option 5 or enter reboot -helper at the Packet Analyzer CLI. |
||
The easiest way to reset Packet Analyzer passwords. This command resets both the root and guest user passwords to the factory default state. You must have appropriate privileges to reset passwords. |
||
See your platform installation guide. |
||
Delete the user for whom you have forgotten the password; then create a new one. |
||
Use if no other local users are configured other than the user for whom you have forgotten the password. Then enable http or https to prompt for the creation of a Packet Analyzer user. |
Changing Predefined Packet Analyzer User Accounts on the Switch or Router
The predefined root and guest Packet Analyzer user accounts (accessible through either a switch or router session command or a Telnet login to the Packet Analyzer CLI) are static and independent of the Packet Analyzer. You cannot change these static accounts nor can you add other CLI-based users with the Packet Analyzer.
Creating a New User
Step 1 Choose Administration > Users > Local Database.
The GUI displays the users in the local database. Checks indicate the privileges each user has for the functions listed.
The GUI displays the New User Dialog Box.
Step 3 Enter the information required to create new user and select each privilege to grant to the user. See Table D-73 for an explanation of user privileges. Table D-71 describes the fields in the New User Dialog Box.

Note If you delete user accounts while users are logged in, they remain logged in and retain their privileges. The session remains in effect until they log out. Deleting an account or changing permissions in mid-session affects only future sessions. To force off a user who is logged in, restart the Packet Analyzer.
Step 4 Select a single or multiple check box to set user privileges. Table D-73 provides information about each privilege.
Step 5 Click Submit to create the user or Reset to clear the dialog of any characters you entered.
Invalid User Name and Password Characters
For usernames, do not use the following:
- Exclamation point !
- At sign @
- Pound sign #
- Dollar sign $
- Percent %
- Carot ^
- Ampersand &
- Asterisk *
- Left or right parentheses ()
- Greater than <
- Less than >
- Comma,
- Period.
- Double quote "
- Single quote '
- Forward slash /
- Backward slash \
For web user passwords, do not use the following:
For root or guest user passwords, only the single quote is not allowed.
Establishing TACACS+ Authentication and Authorization
Terminal Access Controller Access Control System (TACACS) is an authentication protocol that provides remote access authentication, authorization, and related services such as event logging. With TACACS, user passwords and privileges are administered in a central database instead of an individual switch or router to provide scalability.
TACACS+ is a Cisco Systems enhancement that provides additional support for authentication and authorization.
When a user logs into the Packet Analyzer, TACACS+ determines if the username and password are valid and what the access privileges are.
To establish TACACS+ authentication and authorization:
Step 1 Choose Administration > Users > TACACS+. The TACACS+ Authentication and Authorization Dialog Box displays.
Step 2 Enter or select the appropriate information in Table D-74, TACACS+ Authentication and Authorization Dialog Box.
Step 3 Do one of the following:

Tip If you cannot log into the Packet Analyzer with TACACS+ configured, verify that you entered the correct TACACS+ server name and secret key.
Configuring a TACACS+ Server to Support Packet Analyzer Authentication and Authorization
In addition to enabling the TACACS+ option, you must configure your TACACS+ server so that it can authenticate and authorize Packet Analyzer users. Packet Analyzer supports ACS versions 5.2, 5.1 (including Patch 1), and 4.2.

Note Configuration methods vary depending on the type of TACACS+ server you use. When configuring Packet Analyzer within ACS 5.x, uncheck the check box for the Single Connect Device option under the TACACS+ settings.
Continue to the section specific to your particular version:
Configuring a Cisco ACS Server, Version 4.2
To configure a version 4.2 Cisco ACS server, you must perform two tasks:
- Configure the Packet Analyzer hostname and IP address on the ACS server. See Configuring Packet Analyzer on ACS for Windows NT and 2000 Systems for Version 4.2.
- Add a Packet Analyzer user or user group. See Adding a Packet Analyzer User or User Group for Version 4.2.
Configuring Packet Analyzer on ACS for Windows NT and 2000 Systems for Version 4.2
To configure a Cisco ACS TACACS+ server (version 4.2):
Step 1 Log into the ACS server.
Step 2 Click Network Configuration.
Step 4 For the Network Access Server, enter the Packet Analyzer hostname and IP address.

Note The secret key must be the same as the one configured on the Packet Analyzer.
Step 6 In the Authenticate Using field, select TACACS+.
Step 8 Continue to Adding a Packet Analyzer User or User Group for Version 4.2 to complete the next configuration task.
Adding a Packet Analyzer User or User Group for Version 4.2
To add a Packet Analyzer user or user group:
Step 2 Enter the user login name.
Step 6 If necessary, assign a user group.
Step 7 In the TACACS+ settings:
f. In the Arguments field, enter:
permit system
permit collection
permit account
permit alarm
permit view
Step 8 In Unlisted Arguments, select Deny.
Configuring a Cisco ACS Server, Version 5.x
To configure a version 5.1 (Patch 1) or 5.2 Cisco ACS server, you must perform these tasks. There is an additional configuration task that enables you to set up policy rules for your users or groups.
Use the following sections to configure your Cisco ACS server:
- Configure the Packet Analyzer hostname and IP address on the ACS server. See Configuring Packet Analyzer on ACS For Windows NT and 2000 Systems for Version 5.x.
- Add a Packet Analyzer user or user group. See Adding a Packet Analyzer User or User Group for Version 5.x.
- Set up your policy rules. See Configuring Access Policies for ACS and Packet Analyzer for Version 5.x.
Configuring Packet Analyzer on ACS For Windows NT and 2000 Systems for Version 5.x
To configure a Cisco ACS TACACS+ server (version 5.1(P1) or 5.2):
Step 1 Log into the ACS server.
Step 2 To set up an optional device type for Packet Analyzer, click Network Resources > Network Device Groups > Device Type and create a device type. For example, you may choose to name your device type Packet Analyzer_Module.
Step 3 Click Network Resources > Network Devices and AAA Clients to add Packet Analyzer devices.
Step 4 For the Network Access Server, enter the Packet Analyzer hostname and IP address.
Step 5 Under Authentication Options field, select TACACS+.
Step 6 Enter the secret key and deselect the check box for the Single Connect Device option under the TACACS+ settings.

Note The secret key must be the same as the one configured on the Packet Analyzer.
Step 8 Continue to Adding a Packet Analyzer User or User Group for Version 5.x to complete the next configuration task.
Adding a Packet Analyzer User or User Group for Version 5.x
To add a Packet Analyzer user or user group:
Step 1 Click Users and Identity Stores > Internal Identity Stores > Users.
Step 3 Enter the user login name.
Step 5 If necessary, assign a user group.
Step 6 Enter the password information.
Configuring Access Policies for ACS and Packet Analyzer for Version 5.x
In versions 5.1(P1), 5.2, and 5.3 you must set up access policies to complete your ACS and Packet Analyzer configuration.
Step 1 On the ACS server, click Policy Elements > Authorization and Permissions > Device Administration > Command Sets and click Create to create Packet Analyzer command sets.
For example, if you want to provide full access to the Packet Analyzer, create a command set called SECPAfullAccess and check the check box Permit any command that is not in the table below.
Step 2 Click Submit when you have completed entering the Packet Analyzer command sets. Ensure you include all of the following commands:
permit system
permit collection
permit account
permit alarm
permit view
Step 3 Click Access Policies > Access Services > Create to create a new Service (for example, name = secpaAdmin ; Service Type = Device Administration.)
Step 4 Go to Access Policies > Access Services > namAdmin > Authorization > Customize to set up customized conditions which are needed in later step. For example, you may choose: NDG: Device Type, Device IP Address, and so on). Replace namAdmin with the service you created in this step.
Step 5 Go to Access Policies > Access Services > namAdmin > Authorization > Create to set up the condition to qualify all login requests. Packet Analyzer devices use these conditions and follow the command set (created in Step 1
). For example, your condition may be == NDG: Device Type is All Device Types: Packet Analyzer device which you set up in Step 2.
Step 6 Click Access Policies > Service Selection Rules to choose a service (for example, the service you created in Step 3
).
Step 7 Log into the Packet Analyzer and click Packet Analyzer > Administration > Users > TACACS+ to set up the ACS server IP and secret key.
Configuring a Generic TACACS+ Server
To configure a generic TACACS+ server:
Step 1 Specify the Packet Analyzer IP address as a Remote Access Server.
Step 2 Configure a secret key for the TACACS+ server to communicate with the Packet Analyzer.

Note The secret key must be the same as the one configured on the Packet Analyzer.
Step 3 For each user or group to be allowed access to the Packet Analyzer, configure the following TACACS+ parameters:
|
|
|
|
|
|
|
system capture alarm collection view |
|
|
Current User Sessions
The Current User Sessions table is a record of the users who are logged into the application. The user session times out after 30 minutes of inactivity. After a user session times out, that row is removed from the table.
To view the current user sessions table:
Step 1 Choose Administration > Users > Current Users.
The Current User Sessions table ( Table D-75 ) displays.
Managing System Data
One of the roles of an administrator is to manage Packet Analyzer’s network data collection and retention so that it:
- Scales to fit the real needs of the system’s users.
- Minimizes the burden on monitored devices, applications, and network bandwidth.
- Survives hardware failures.
The following sections explain how to achieve these goals, and how to perform other data management tasks.
Handling Backups
It is critical to have your system backed up so that you can restore your configuration and data if required. Ensure you have sufficient data backups scheduled. Use the config upload command to back up your current configuration. For detailed instructions see your installation guide on Cisco.com.
Shrinking Storage Requirements
Network administrators are consistently looking for ways to shrink their network storage requirements and improve bandwidth efficiency on tasks like backup and recovery.
By configuring Packet Analyzer packet deduplication on supported platforms, packets whose inspected segments match another packet within the specific time window are marked as duplicates and not forwarded.
For configuration guidelines and instructions, see Configuring Hardware Deduplication.
You can also move capture files to an external storage location to save on local disk space. See About Capturing to Data Storage.