Table Of Contents
Setting Up the CiscoWorks2000 Server
Setting Up User Accounts
Understanding Security Levels
Performing Security Tasks
Installing Client Application Manager
Configuring the ANI Server
Setting Up Your Network
Setting Up the ANI Server
Setting Up the CiscoWorks2000 Server
The CiscoWorks2000 Server includes tools required to properly set up the server to support other CiscoWorks2000 applications. These features include:
•
Setting Up User Accounts
•Installing Client Application Manager
•Configuring the ANI Server
Setting Up User Accounts
Several CiscoWorks2000 network management and application management operations are potentially disruptive to either the network or to the applications themselves and must be protected.
To prevent such operations from being used accidentally or maliciously, CiscoWorks2000 uses a multilevel security system that only allows access to certain features to users who can authenticate themselves at the appropriate level.
CiscoWorks2000 provides two predefined login IDs, but you create additional unique login IDs for users at your company:
•guest (no password required, user role = Help Desk)
•admin (password = admin, user role = super user)
Note The login named admin is the equivalent of the superuser login for CiscoWorks2000. This login provides access to all CiscoWorks2000 tasks.
Caution
When the system is installed initially, admin is the default password. To prevent all users from accessing privileged applications, change the password for admin immediately after installation. The guest login has no password. If you require passwords, add a guest password.
Understanding Security Levels
System administrators determine user security levels when they are granted access to CiscoWorks2000. When users are granted logins to the CiscoWorks2000 application, they are assigned one or more roles. The user role or combination of roles dictates which CiscoWorks2000 applications are presented to the user on the navigation tree. shows available security levels.
Table 3-1 Security Levels
Level
|
Description
|
0
|
Help Desk
|
1
|
Approver
|
2
|
Network Operator
|
4
|
Network Administrator
|
8
|
System Administrator
|
To see which security levels are allowed to use the CiscoWorks2000 applications, run the CiscoWorks2000 Server > Setup > Security > Permissions Report.
Performing Security Tasks
Users can perform some tasks for their own accounts, but most security tasks require system administrator role privileges. When performing these security tasks (see ), consider the following:
•CiscoWorks2000 cannot recover forgotten passwords. A system administrator-level user must either change the password or delete and then add the user again.
•The username admin is reserved and cannot be deleted.
•If the administrator has changed and forgotten the admin password, contact your Cisco technical representative.
Table 3-2 Security Tasks
Task
|
Purpose
|
Action
|
All Users
|
View role permissions.
|
Displays predetermined set of applications, tools, and product features each user role can access
|
CiscoWorks2000 Server > Setup > Security > Permissions Report
|
Change password.
|
Allows users to modify their account password
|
CiscoWorks2000 Server > Setup > Security > Modify My Profile
|
View other logged-in users.
|
Displays information about currently logged in CiscoWorks2000 users and allows users to send a broadcast message to others
|
CiscoWorks2000 Server > Setup > Security >
Who Is Logged On
|
Admin Tasks
|
Add a user.
|
Creates a new user and provides appropriate user access level to CiscoWorks2000
|
CiscoWorks2000 Server > Setup > Security >
Add Users
|
Delete a user.
|
Removes user from list
|
CiscoWorks2000 Server > Setup > Security > Modify/Delete Users
|
Modify a user.
|
Allows updates to user information, such as email address, login name, password, and access level
|
CiscoWorks2000 Server > Setup > Security > Modify/Delete Users
|
Installing Client Application Manager
You can improve the performance of some CiscoWorks2000 applications by downloading and installing server files on your local machine. Whenever a client browser connects to a CiscoWorks2000 Server, you can choose to install Client Application Manager (CAM).
You can install CAM by selecting CiscoWorks2000 Server > Setup > Client Manager Admin or choosing to install when the CAM dialog box appears after accessing a CiscoWorks2000 application that uses CAM.
If the CAM dialog box appears after you make a selection from the navigation tree, you can choose not to install CAM. Click on the check box to not show the message again and click No. If you do not select the check box, the CAM dialog box will appear each time you select an application that supports client-side installed files.
Configuring the ANI Server
Some CiscoWorks2000 applications require the Asynchronous Network Interface (ANI) Server to automatically discover network devices. If your application does not use or require the ANI Server, it is not available in the navigation tree.
For applications that require the ANI Server, it is critical that you set up your network and the ANI Server to ensure that the network is properly discovered.
Setting Up Your Network
The table (see ) provides an overview of the tasks required to ensure that ANI properly discovers your network. Detailed information and instructions are available in the ANI Server Admin online help.
To perform these tasks, use the Command Line Interface (CLI) of the network devices in your network. Refer to the command reference guides for specific devices to obtain instructions about performing these tasks.
Table 3-3 Network Setup Overview
Task
|
Purpose
|
Upgrade device software.
|
To ensure that ANI Server successfully discovers and supports your network devices, upgrade your device software to the latest general deployment (GD) software release.
|
Enable CDP.
|
ANI Server uses Cisco Discovery Protocol (CDP) to discover your network devices and layout.
|
Enable ILMI on ATM devices.
|
ANI Server uses Integrated Local Management Interface (ILMI) to discover the ATM devices in your network.
|
Configure VTP and add a VTP Server.
|
VLAN Trunk Protocol (VTP), and at least one VTP Server is required to discover, display, and configure VLANs.
|
Configure VLAN trunks on Fast Ethernet and Gigabit Ethernet.
|
If a switch is connected to Fast Ethernet links and you want to configure it to carry more than one VLAN, you must enable ISL or IEEE 802.1Q.
|
Verify connectivity to devices.
|
The workstation on which ANI Server is installed must have connectivity to the devices in your network. If devices are not reachable, they will not be properly discovered.
|
Create the default LANE configuration server for ATM devices.
|
If you are running LAN Emulation (LANE) in your network, you must set up the main configuration server. Create the default LANE configuration server for ATM devices, if you do not already have one.
|
Setting Up the ANI Server
The ANI Server automatically discovers devices in your network at a defined interval. To do this, the ANI Server must have access to your network devices a discovery starting point.
You provide ANI access to your network devices by ensuring that the community strings on your devices are known to the ANI Server. The ANI Server uses your specified seed device (or a set of seed devices) to initiate discovery. See for a description of these and other tasks you can perform with the ANI Server.
.
Table 3-4 ANI Server Tasks
Task
|
Purpose
|
Action
|
Required for Initial Discovery
|
Verify Community Strings.
|
Allows the ANI Server access to your network devices.
Default community strings are public for the read-only string and private for the read-write string.
|
CiscoWorks2000 Server > Setup >
ANI Server Admin > Community Strings
|
Add seed device.
|
Initiates network discovery.
|
CiscoWorks2000 Server > Setup >
ANI Server Admin > Discovery Settings
|
Additional Tasks
|
Schedule discovery and polling.
|
Sets the frequency of network discovery and polling.
|
CiscoWorks2000 Server > Setup >
ANI Server Admin > Discovery Settings
|
Modify SNMP settings.
|
Changes the number of SNMP retries and length of SNMP timeouts.
|
CiscoWorks2000 Server > Setup >
ANI Server Admin > SNMP Settings
|
Limit discovery.
|
Narrows the network discovery by IP address or VTP domain.
|
CiscoWorks2000 Server > Setup >
ANI Server Admin > Discovery Settings
|
Synchronize devices with Essentials.
|
Provides mechanism for sharing devices and device credentials with Resource Manager Essentials.
|
CiscoWorks2000 Server > Setup >
ANI Server Admin >
Device Synchronization
|
Schedule user and host acquisition.
|
Sets the frequency of user name and host acquisition.
|
CiscoWorks2000 Server > Setup >
ANI Server Admin >
User and Host Acquisition
|
Modify system resources dedicated to discovery.
|
Assigns more or fewer system resources to ANI discovery to affect time to complete.
|
CiscoWorks2000 Server > Setup >
ANI Server Admin > Performance Settings
|
Feedback
