User Guide for Resource Manager Essentials Software Release 3.4 CiscoWorks2000
Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100
Customer Order Number: DOC-7813951= Text Part Number: 78-13951-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R)
User Guide for Resource Manager Essentials Copyright © 2002, Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface xi Audience xi Conventions xi Related Documentation xii Obtaining Documentation xiii World Wide Web xiii Ordering Documentation xiv Documentation Feedback xiv Obtaining Technical Assistance xv Cisco.com xv Technical Assistance Center xv Cisco TAC Web Site xvi Cisco TAC Escalation Center xvii
PART 1 About Resource Manager Essentials
CHAPTER 1 Overview 1-1 Features 1-2 Functional Architecture 1-7 CiscoWorks2000 Server 1-8 Essentials Database and Functions 1-9 Web Clients 1-9 Cisco.com 1-10 Getting Started 1-10
User Guide for Resource Manager Essentials 78-13951-01 iii Contents
RME Functions 1-11 User Tasks 1-11 Administrative Tasks 1-12 Essentials Task Usage Workflow 1-12 General System Configuration 1-13 Supported Devices 1-14 Adding Functionality and Incremental Device Support 1-14 Time Zone Implementation 1-15
CHAPTER 2 Resource Manager Essentials Applications 2-1 Device Views 2-2 Types of Views 2-2 Setting Device Credentials 2-4 System Configuration 2-5 Availability 2-6 Benefits of Availability 2-6 Availability Functional Flow 2-7 Availability Workflow 2-8 Change Audit 2-10 Change Audit Functional Flow 2-11 Configuration Management 2-14 Benefits of Configuration Management 2-14 Configuration Management Functional Flow 2-15 Configuration Archive 2-18 NetConfig, Config Editor, and Network Show Commands 2-20 NetConfig Option 2-23 Benefits of Netconfig 2-24 Network Show Commands Option 2-27 Benefits of Network Show Commands 2-27
User Guide for Resource Manager Essentials iv 78-13951-01 Contents
Config Editor Option 2-31 Benefits of Config Editor 2-31 Contract Connection 2-34 Contract Connection Workflow 2-35 Case Management 2-36 Inventory 2-37 Benefits of Inventory Management 2-37 Inventory Management Functional Flow 2-38 Job Approval 2-46 Job Approval Process 2-47 Software Management 2-49 Benefits of Software Management 2-49 Software Management Functional Flow 2-49 Syslog Analysis 2-55 Syslog Analysis Functional Flow 2-55 Syslog Analysis on Windows 2-57 Syslog Analysis Workflow 2-57 Syslog Vs Change Audit 2-58
CHAPTER 3 VPN Security Management Solution 3-1 Configuration Management Reports 3-2 Inventory Reports 3-2 VPN Syslog Analysis Reports 3-3
CHAPTER 4 Network Address Translation Support 4-1 Introducing NAT Support 4-2 Managing devices outside the NAT 4-3
User Guide for Resource Manager Essentials 78-13951-01 v Contents
PART 2 Managing Your Network—Scenarios
CHAPTER 5 Monitoring Your Devices 5-1 What You Need—Prerequisites 5-2 How To Do It—Procedures 5-2 Determine Current Network Availability 5-2 View the Latest Syslog Messages 5-3 View a Custom Report 5-4 Where You Should End Up—Verification 5-4
CHAPTER 6 Upgrading Your Device Software 6-1 What You Need—Prerequisites 6-2 How To Do It—Procedures 6-2 Perform the CCO Upgrade Analysis 6-3 Retrieve Software Images from CCO 6-4 Schedule the Software Image Upgrade 6-5 Track the Upgrade 6-7 Where You Should End Up—Verification 6-8
CHAPTER 7 Performing Maintenance on Your Essentials Server 7-1 What You Need—Prerequisites 7-2 How To Do It—Procedures 7-2 Remove Records From the Change Audit Log 7-3 Remove Images From the Software Library 7-5 Remove Old Data From the Job Control Report 7-6 Add Unmanaged Devices to Inventory 7-6 Remove Configurations From the Archive 7-7
User Guide for Resource Manager Essentials vi 78-13951-01 Contents
Where You Should End Up—Verification 7-8 Verify Change Audit Log Records Are Removed 7-8 Verify Software Images Are Removed from the Library 7-8 Verify Old Data Is Removed from the Job Control Report 7-9 Verify Unmanaged Devices Are Added to Inventory 7-9 Verify Configurations Are Removed from the Archive 7-9
CHAPTER 8 Making a Device Configuration Change Using a Template 8-1 What You Need—Prerequisites 8-2 How To Do It—Procedures 8-2 Where You Should End Up—Verification 8-4
CHAPTER 9 Configuring Multiple Devices 9-1 What You Need—Prerequisites 9-2 How To Do It—Procedures 9-2 Create a Template 9-2 Define a NetConfig Job 9-3 Where You Should End Up—Verification 9-5
CHAPTER 10 Importing Device Data to Inventory 10-1 What You Need—Prerequisites 10-2 How To Do It—Procedures 10-3 Where You Should End Up—Verification 10-4
CHAPTER 11 Managing PIX Devices through Proxy Server (Auto Update Server) 11-1 Importing Information from Proxy Server 11-2 What You Need—Prerequisites 11-4 How To Do It—Procedures 11-4
User Guide for Resource Manager Essentials 78-13951-01 vii Contents
Importing Proxy Server 11-4 Distributing Images 11-5 Where You Should End Up—Verification 11-5
CHAPTER 12 Checking Device Configuration Changes and Who Made Them 12-1 What You Need—Prerequisites 12-2 How To Do It—Procedures 12-2 Where You Should End Up—Verification 12-3
CHAPTER 13 Creating a Syslog Custom Report 13-1 What You Need—Prerequisites 13-2 How To Do It—Procedures 13-2 Where You Should End Up—Verification 13-3
CHAPTER 14 Maintaining Your Inventory Information 14-1 What You Need—Prerequisites 14-2 How To Do It—Procedures 14-2 Check the Contract Status on Network Devices 14-2 Update Device Serial Numbers 14-3 Where You Should End Up—Verification 14-4 Verify the Contract Status on Network Devices 14-4 Verify Device Serial Numbers Are Updated 14-4
User Guide for Resource Manager Essentials viii 78-13951-01 Contents
PART 3 Appendixes
APPENDIX A Troubleshooting Essentials A-1 Change Audit FAQs A-2 Configuration Management A-2 Configuration Management FAQs A-2 Troubleshooting Configuration Management A-4 Contract Connection A-6 Contract Connection FAQs A-6 Inventory A-7 Inventory FAQs A-7 Troubleshooting Inventory A-9 Software Management A-13 Software Management FAQs A-13 Troubleshooting Software Management A-21 Syslog Analysis A-25 Syslog Analysis FAQs A-25 Troubleshooting Syslog Analysis A-27 CiscoWorks2000 Server A-34 CiscoWorks 2000 Server FAQs A-34
APPENDIX B File Import Format B-1 Comma-Separated Values (CSV) File B-2 Data Integration File (DIF) B-4
APPENDIX C Essentials Command Reference C-1
I NDEX
User Guide for Resource Manager Essentials 78-13951-01 ix Contents
User Guide for Resource Manager Essentials x 78-13951-01
Preface
This manual describes Resource Manager Essentials, gives an overview of the applications that make up Resource Manager Essentials, provides conceptual information about network management, and describes common tasks you can accomplish with Resource Manager Essentials. It also contains troubleshooting information and realistic scenarios that demonstrate how you can use Resource Manager Essentials to manage and troubleshoot your network.
Audience
This guide provides descriptions and scenarios for system administrators, network managers, and other users who might or might not be familiar with Essentials. Many of the tools described are accessible to system administrators only.
Conventions
This document uses the following conventions:
Item Convention Commands and keywords boldface font Variables for which you supply values italic font Displayed session and system information screen font
User Guide for Resource Manager Essentials 78-13951-01 xi Preface Related Documentation
Item Convention Information you enter boldface screen font Variables you enter italic screen font Menu items and button names boldface font Selecting a menu item Option > Network Preferences
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Related Documentation
Note Although every effort has been made to validate the accuracy of the information in the printed and electronic documentation, you should also review the Resource Manager Essentials documentation on Cisco.com for any updates.
The following additional documentation is available:
Paper Documentation • User Guide for CiscoWorks2000 Server • Installation and Setup Guide for CD One on Solaris • Installation and Setup Guide for CD One on Windows 2000 • Installation and Setup Guide for Resource Manager Essentials on Solaris • Installation and Setup Guide for Resource Manager Essentials on Windows 2000
User Guide for Resource Manager Essentials xii 78-13951-01 Preface Obtaining Documentation
• Release Notes for CD One, 5th Edition on Solaris • Release Notes for CD One, 5th Edition on Windows 2000 • Release Notes for Resource Manager Essentials 3.4 on Solaris • Release Notes for Resource Manager Essentials 3.4 on Windows 2000
Online Documentation • Context-sensitive online help You can access the help in two ways: – Select an option from the navigation tree, then click Help. – Click the Help button in the dialog box. • PDF for: – User Guide for Resource Manager Essentials – Installation and Setup Guide for Resource Manager Essentials on Solaris – Installation and Setup Guide for Resource Manager Essentials on Windows 2000
Note Adobe Acrobat Reader 4.0 or later is required.
Obtaining Documentation
The following sections explain how to obtain documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following URL: http://www.cisco.com Translated documentation is available at the following URL: http://www.cisco.com/public/countries_languages.shtml
User Guide for Resource Manager Essentials 78-13951-01 xiii Preface Obtaining Documentation
Ordering Documentation
Cisco documentation is available in the following ways: • Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace: http://www.cisco.com/cgi-bin/order/order_root.pl • Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: http://www.cisco.com/go/subscription • Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Feedback at the top of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730. You can e-mail your comments to [email protected]. To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address: Cisco Systems Attn: Document Resource Connection 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments.
User Guide for Resource Manager Essentials xiv 78-13951-01 Preface Obtaining Technical Assistance
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world. Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to • Streamline business processes and improve productivity • Resolve technical issues with online support • Download and test software packages • Order Cisco learning materials and merchandise • Register for online skill assessment, training, and certification programs You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL: http://www.cisco.com
Technical Assistance Center
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
User Guide for Resource Manager Essentials 78-13951-01 xv Preface Obtaining Technical Assistance
Inquiries to Cisco TAC are categorized according to the urgency of the issue: • Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration. • Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue. • Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available. • Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available. Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Cisco TAC Web Site
The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL: http://www.cisco.com/tac All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register: http://www.cisco.com/register/ If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL: http://www.cisco.com/tac/caseopen If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.
User Guide for Resource Manager Essentials xvi 78-13951-01 Preface Obtaining Technical Assistance
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case. To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number. The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case. To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.
User Guide for Resource Manager Essentials 78-13951-01 xvii Preface Obtaining Technical Assistance
User Guide for Resource Manager Essentials xviii 78-13951-01
P ART 1
About Resource Manager Essentials
CHAPTER 1
Overview
The Resource Manager Essentials (Essentials) suite is part of the CiscoWorks2000 family of products. It is an enterprise solution to network management. This suite of web-based network management tools enables administrators to collect the monitoring, fault, and availability information needed to track devices critical to the network. Essentials is based on a client/server architecture that connects multiple web-based clients to a server on the network. As the number of network devices increases, additional servers or collection points can be added to manage network growth with little impact on the client browser application. By taking advantage of the scalability inherent in the intranet architecture, Essentials supports multiple users anywhere on the network. The web-based infrastructure gives network operators, administrators, technicians, Help Desk staff, IS managers, and end users access to network management tools, applications, and services. Essentials allows the network administrators to view and update the status and configuration of all Cisco devices from anywhere on the network through a standard Web browser as the Essentials client. Access can be limited by user account so that each user has access only to the specific functions and data he or she needs, thus increasing overall security and providing change-management control.
User Guide for Resource Manager Essentials 78-13951-01 1-1 Chapter 1 Overview Features
Essentials maintains a database of current network information. It can generate a variety of reports that can be used for troubleshooting and capacity planning. When devices are initially added to the Essentials inventory, the network administrator can schedule Essentials to periodically retrieve and update device information, such as hardware, software, and configuration files, to ensure that the most current network information is stored. In addition, Essentials automatically records any changes made to network devices, making it easy to identify when changes are made and by whom. Essentials applications provide the network monitoring and fault information you need for tracking devices that are critical to network uptime and application availability. They also provide tools that you can use to rapidly and reliably deploy Cisco software images and view configurations of Cisco routers and switches. Essentials applications, together with links to Cisco.com service and support, automate software maintenance to help you maintain and control your Enterprise network.
Features
Essentials works in conjunction with the CiscoWorks2000 Server, which contains a set of management services shared by multiple management applications. These management services are enabled when a suite is installed and an application that relies on one of these services is opened. If a particular suite of applications does not use a service or does not use a service to the fullest extent to which it is available, the service might not appear on the CiscoWorks2000 desktop. Essentials uses these CiscoWorks2000 services: • Database engine and utilities • Login and application-launching desktop • Event Management • Online help system • Job Management • Cisco Management Connection (CMC)
User Guide for Resource Manager Essentials 1-2 78-13951-01 Chapter 1 Overview Features
• Process Management • Security • Web server For detailed information, see User Guide for CiscoWorks2000 Server. Table 1-1 lists Essentials applications in alphabetical order, not the order in which they appear in the navigation tree:
Note Availability, Change Audit, Configuration Management, Software Management, Syslog Analysis, and VPN Management Solution applications are available, if Essentials is installed.
Ta b l e 1-1 Essentials Applications
Application Name Purpose Notes Availability • Monitor the reachability and response To use Availability options, select time of user-selected devices on the Resource Manager Essentials > network. Availability. • Collect fault and performance To administer Availability options, information for routers and switches. select Resource Manager Essentials > Administration > Availability. Change Audit • View and search a central repository of To use Change Audit options, all network changes (for example, select Resource Manager inventory, software management, and Essentials > Change Audit. so on). To administer Change Audit • Set up periods of time to monitor options, select Resource Manager network changes. Essentials > Administration > Change Audit. • Maintain the repository. • Convert changes into SNMP traps and forward them to your network management system.
User Guide for Resource Manager Essentials 78-13951-01 1-3 Chapter 1 Overview Features
Table 1-1 Essentials Applications (continued)
Application Name Purpose Notes Configuration • Maintain an active archive of device To use Configuration Management Management configuration files. options, select Resource Manager Essentials > Configuration • Search the archive for configuration Management. files based on criteria you specify. To administer Configuration • Create custom reports for repetitive tasks. Management options, select Resource Manager Essentials > • Group configuration files and label Administration > Configuration them as a set. Management. • Make configuration changes to your To use the cwconfig, cwconfig managed network devices using netconfig, cwconfig netshow and NetConfig, Config Editor, and cwconfig netshowbatch CWConfig. commands, use the command line. • Create configuration templates using NetConfig. • Edit configuration files stored in configuration archive and download files to devices using Config Editor, and CWConfig. • Create network show command sets using NetShow. • Assign users to network show command sets. • Define and schedule batch reports using NetShow that can be executed at any time you specify. Contract Verify which of your Cisco IOS devices are To use Contract Connection, select Connection covered by a service contract Resource Manager Essentials > Contract Connection. Device Views Create device views for reports. To administer Device Views options, select Resource Manager Essentials > Administration > Device Views.
User Guide for Resource Manager Essentials 1-4 78-13951-01 Chapter 1 Overview Features
Table 1-1 Essentials Applications (continued)
Application Name Purpose Notes Inventory • Import devices from databases or files. To use Inventory options, select Resource Manager Essentials > • Export device information to files. Inventory. • Add, delete, change, and list devices in your network inventory. To administer Inventory options, select Resource Manager • Schedule polling and collection to Essentials > Administration > update your network inventory. Inventory. • Display reports and graphs of your hardware and software inventory, and create Inventory custom reports. • Check and change device attributes. • Display a Year 2000 compliance report. • Allow other network management systems to manipulate Essentials devices. • Install support for new devices and enhanced support for existing devices. Job Approval Used by some applications to: To administer Job Approval options, select Resource Manager • Create and manage approver lists. Essentials > Administration > Job • Enable and disable Job Approval. Approval. • Approve and reject jobs.
User Guide for Resource Manager Essentials 78-13951-01 1-5 Chapter 1 Overview Features
Table 1-1 Essentials Applications (continued)
Application Name Purpose Notes Software • Analyze upgrade needs and perform To use Software Management Management upgrades for Cisco devices on your options, select Resource Manager network. Essentials > Software Management. • Schedule and download images from Cisco.com and maintain a local library To administer Software of images. Management options, select Resource Manager Essentials > • Validate images with devices before Administration > Software initiating downloads, define and Management. monitor the progress of scheduled jobs. • Compare images running on the devices in your network with the images on cisco.com. Syslog Analysis • Troubleshoot and track device To use Syslog options, select problems. Resource Manager Essentials > Syslog Analysis. • View summaries of real-time reports on events that are being logged to syslog To administer Syslog options, on behalf of a router or switch. select Resource Manager Essentials > Administration > • Process these messages to generate Syslog Analysis. reports. • Configure automatic actions that occur when certain message types are received. System Change system-wide configuration for To administer System Configuration SNMP, SMTP, proxy, and rcp settings. Configuration options, select Resource Manager Essentials > Administration > System Configuration.
User Guide for Resource Manager Essentials 1-6 78-13951-01 Chapter 1 Overview Functional Architecture
Functional Architecture
Essentials is based on a client-server architecture that allows multiple web-based clients to access a management server on the network. As the number of network devices increases, additional servers or collection points can easily be added with little impact on the client browser application, making it very scalable. The Essentials web-based infrastructure consists of the following main components: • CiscoWorks2000 Server • Essentials Database and Functions • Web Clients • Cisco.com
User Guide for Resource Manager Essentials 78-13951-01 1-7 Chapter 1 Overview Functional Architecture
See Figure 1-1 for a general view of the Essentials Functional Architecture:
Figure 1-1 Essentials Functional Architecture
Inventory database
Contract Cisco.com connection Reports/output
Configuration Software Inventory Availability Case management management management management
Syslog Change audit services Device analysis navigator
Data collector (Updates/changes) 77108
CiscoWorks2000 Server
Essentials relies on the CiscoWorks2000 Server for common functions such as the database engine, online help, security, login, application launching, job and process management, and the Web server. This provides a common framework and interface for all CiscoWorks2000 products. For detailed information, see User Guide for CiscoWorks2000 Server.
User Guide for Resource Manager Essentials 1-8 78-13951-01 Chapter 1 Overview Functional Architecture
Note The CiscoWorks2000 Server (CD One) must be installed prior to installing Essentials. Essentials cannot run as a standalone application. In addition, the CiscoWorks2000 Server should remain on line at all times in order to poll devices, monitor events, and perform scheduled data collection. If the server goes down, there will be an interruption in the network management information gathered and stored in Essentials.
Essentials Database and Functions
Essentials stores all critical network management information in a central database, including device inventory, software images, configuration files, syslog messages, and change records. Essentials functions interact with the database and with network devices to collect information, display reports, and automate many repetitive network management tasks. Many Essentials functions can also be configured to periodically poll network devices and update the database automatically. Essentials uses common protocols such as Simple Network Management Protocol (SNMP), Telnet, Trivial File Transfer Protocol (TFTP), and remote copy protocol (rcp) to access devices and retrieve configuration files and software images from devices.
Web Clients
The server can be accessed from any client with appropriate system requirements. Essentials clients are platform independent, allowing a UNIX client to access an Windows server or a Windows client to access a UNIX server. The only client software required is a supported web browser, such as Netscape Navigator or Microsoft Internet Explorer.
User Guide for Resource Manager Essentials 78-13951-01 1-9 Chapter 1 Overview Getting Started
Cisco.com
Essentials also connects to the Cisco.com system to obtain up-to-date product updates and technical assistance information. Access to Cisco.com is not required to use Essentials but will greatly enhance its capabilities. The following Essentials functions require access to Cisco.com, or provide enhanced features with access: • Inventory management—to produce Y2K compliance reports • Software management—to include software images from Cisco when planning and performing upgrades • Availability—to produce stack decode of abnormal device reloads • Contract connection—to check status of service contracts • Case management—to submit trouble tickets to Cisco
Getting Started
After you configure the devices, CiscoWorks2000 Server, and client, you must first invoke the CiscoWorks2000 desktop through a web browser and log in to access Essentials. After you have successfully logged into the server, the Login Manager dialog window changes to illustrate the major applications or functions installed. These applications or functions are organized in drawers. You can open a drawer and then view the various functions or open additional folders that hold more functions. When the Essentials software is installed on the CiscoWorks2000 Server, a new Resource Manager Essentials drawer is added to the CiscoWorks2000 desktop. The Resource Manager Essentials drawer contains folders and related tasks for each of the Essentials functions. In addition, the Device Navigator and Case Management functions are added to the Management Connection drawer and a VPN Management Solutions drawer is added to support reports directly related to active virtual private network (VPN) devices.
User Guide for Resource Manager Essentials 1-10 78-13951-01 Chapter 1 Overview RME Functions
RME Functions
All CiscoWorks2000 and Essentials applications and services are provided and organized in drawers. When you open an application drawer, you will find functional group folders, and individual tasks. Open a folder, and you will find more functional group folders or individual tasks. RME functionality can be found in one of three drawers: • Resource Manager Essentials (main drawer) • VPN Management Solutions (reports specific to VPN enabled devices), and • Management Connection (Case Management and Device Navigator) Each of the RME applications provides a set of features that can be used to simplify and automate many network management tasks. Within the Resource Manager Essentials drawer, tasks are divided into two categories: administrative tasks and user tasks. Locating a particular function within RME is often the most difficult part of using it.
Note The tasks displayed in the Resource Manager Essentials drawer will vary, depending on the permissions assigned to your user ID. If you do not have permission to perform a particular task, the task will not show up in the navigation tree. Also, the order of tasks and folders may vary, depending on what other components of CiscoWorks2000 are loaded.
User Tasks
User tasks (reports) are grouped into appropriate functional folders seen when the Essentials drawer is first opened (main level). For example, to run the user task of creating or viewing a detailed device report for a set of devices, select Resource Manager Essentials > Inventory > Detailed Device Report. User tasks are often performed by multiple people on a daily basis to view network information and manage and monitor Cisco devices.
User Guide for Resource Manager Essentials 78-13951-01 1-11 Chapter 1 Overview RME Functions
Administrative Tasks
Administrative tasks are also grouped by major functions, but are located in similar folders under the Administration folder. For example, to see the devices within the Essentials inventory, select Resource Manager Essentials > Administration > Inventory > List Devices. Administrative tasks should be performed by a central person and should need to be performed only once when the application is first set up, or infrequently when major changes are made to the network.
Tip It is a good idea to open and close all Essentials folders to see where various tasks are located. Try closing folders after running a particular task to help navigation for the next task.
Essentials Task Usage Workflow
All Essentials tasks follow a simple task oriented workflow:
Figure 1-2 Essentials Task Usage Workflow
Open essentials drawer
Select Select Select Specify options/ function task Devices parameters (if applicable) (task specific)
View results 77109
1. Select a function (e.g., syslog analysis, configuration management) 2. Select a task (e.g., standard report, compare configurations) 3. Select the devices to be included in the operation (if applicable)
User Guide for Resource Manager Essentials 1-12 78-13951-01 Chapter 1 Overview RME Functions
4. Specify the desired options or parameters (depending on the task) 5. View the results (e.g., display report, check job output).
General System Configuration
You must define several system parameters on the server to use some Essentials features. For example, if access to outside networks requires a proxy server, then you must define the proxy server address in Essentials in order to access Cisco.com from various Essentials functions. If you want to use e-mail to automatically notify network administrators when certain tasks and jobs are completed, then you must define your Simple Mail Transfer Protocol (SMTP) server in Essentials (Windows 2000 systems only). If you wish to use rcp (instead of TFTP) to retrieve configuration files or software images, you must define the rco username defined on the devices within Essentials. You must also verify the default SNMP timeout and retry values that will be used to poll and collect information from all devices in the inventory. These values might need to be adjusted, depending on the size of your network and the number of devices that are being polled. You must ensure that SNMP timeout values are higher than the average response time to most devices. In general, these values should be conversely related. For example, if you have a high timeout value, you should have a low number of retries or you could end up with long delays on the server waiting for SNMP messages to be processed.
User Guide for Resource Manager Essentials 78-13951-01 1-13 Chapter 1 Overview Supported Devices
To set up all these parameters, which are shared by many of the Essentials functions, follow these steps:
Note The user must have the role of system administrator to perform this task.
Step 1 Select Resource Manager Essentials > Administration > System Configuration. Step 2 Click each tab to configure the proxy, SNMP, SMTP, and rcp parameters. The SMTP tab will be available only on Windows 2000 machines because on UNIX the platform is the SMTP server.
Supported Devices
Devices supported by this suite of applications can be found in the CiscoWorks2000 navigation tree (select Server Configuration > Applications and Versions) or on cisco.com.
Adding Functionality and Incremental Device Support
If you have cisco.com access, you can go to the Essentials web page to download software enhancements and incremental device support (IDS). Consult the package readme files for additional information on installing new features and enhancements. Before performing the scenarios in this document, be sure your administrator has set up the Essentials applications and performed the administrator tasks described in the installation guide. If, for example, the proxy URL is not set, you might be unable to complete Essentials tasks outside your network.
User Guide for Resource Manager Essentials 1-14 78-13951-01 Chapter 1 Overview Time Zone Implementation
Time Zone Implementation
Many time zones are supported in Essentials. However, it is important to note that Essentials applications that have scheduling and reporting functions and that produce a time stamp will vary depending on: • Server and client—Time stamps can differ between server and client if they are located in different time zones. (The client time zone is also called the local time zone.) • Platforms—Windows 2000 and UNIX servers support different time zones. They are not synchronized. • Managed devices—These support a particular time zone set, which might be different than the time zone set supported by the client or server. • Programming languages—Essentials applications are written in Perl, Java, and C++. You might see differences in menus and reports because each language uses a different set of time zone conversion libraries.
User Guide for Resource Manager Essentials 78-13951-01 1-15 Chapter 1 Overview Time Zone Implementation
User Guide for Resource Manager Essentials 1-16 78-13951-01
CHAPTER 2
Resource Manager Essentials Applications
This chapter lists all the Essentials applications and the tasks that can be accomplished with each of these applications. The applications are: • Device Views • Availability • Change Audit • Configuration Management • Contract Connection • Case Management • Inventory • Job Approval • Software Management • Syslog Analysis
User Guide for Resource Manager Essentials 78-13951-01 2-1 Chapter 2 Resource Manager Essentials Applications Device Views
Device Views
Essentials provides device views—logical groupings that are used to specify a device or group of devices. You can define views to logically group devices into locations, types, or areas of responsibility. Device views allow you to quickly view reports on all devices of a certain type, or with specific characteristics, such as all Catalyst switches or all devices a user is responsible for. As almost every Essentials task requires the set of devices to be executed against, views provide a convenient way to create groups of devices. For example, before you can display an Inventory report, you must select the devices to be included in the report. Views can speed up the selection (instead of running the report for one device at a time).
Note Essentials graphical user interface (GUI) performance may be affected if the number of devices in the selected view is too large. You should avoid setting all devices views when the number of devices in the inventory is large. You can use system views or create custom views to keep the number of devices in a view from growing too large.
Creating a view using the Device Views application enables you to run reports for specific devices based on common attributes or user-defined characteristics.
Types of Views
Three categories of device views are available: • System Views—Predefined and available immediately after you install Essentials. System views include most major classes of Cisco devices. For example all Catalyst switches, all Cisco 7000 Series routers, and all SwitchProbes. • Custom Views—Defined by users and, when created, are available for use by anyone with the appropriate access to the server. • PrivateViews—Defined by users, but are available only to the user.
User Guide for Resource Manager Essentials 2-2 78-13951-01 Chapter 2 Resource Manager Essentials Applications Device Views
Two different types of views can be created within custom or private views: • Dynamic Views • Static Views Dynamic views are logical groups based on device attributes, such as device class or software version. The devices in a dynamic view can change based on the attribute value of devices in the Inventory. An example of a dynamic view is all devices with Cisco IOS Version 12.0. Any device that currently has this attribute would be included in the device view. All system views are dynamic. Static views are logical groups based on user-defined characteristics. Static views include any devices that you add to the view. The members of the group do not change unless you manually add or remove devices. Use static view when you do not want the membership to change automatically.
Figure 2-1 Device Views
Predefined User defined
System Custom Private
Dynamic View Static View
All Cisco IOS 12.0 Devices
User Guide for Resource Manager Essentials 78-13951-01 2-3 Chapter 2 Resource Manager Essentials Applications Device Views
Table 2-1 shows the tasks that you can accomplish with the Device Views application.
Ta b l e 2-1 Device Views Tasks
Task Purpose Action Add static Create views to monitor a specific group Select Resource Manager Essentials > views. of devices in your network inventory. Administration > Device Views > Add Static Views. Add dynamic Create views to monitor devices with Select Resource Manager Essentials > views. common attributes, such as device type. Administration > Device Views > Add Dynamic Views. Note Any new, managed device added to inventory that fits the listed attributes is automatically incorporated into the dynamic view. Change static Modify static views. Select Resource Manager Essentials > views. Administration > Device Views > Change Static Views. Delete views. Delete any views you have created. Select Resource Manager Essentials > Administration > Device Views > Delete Views. Browse Determine which devices belong to the Select Resource Manager Essentials > dynamic views. dynamic views. Administration > Device Views> Browse Dynamic Views. Browse device Determine which views a device belongs Select Resource Manager Essentials > membership. to. Administration > Device Views > Browse Device Membership.
Setting Device Credentials
Several important items must be configured correctly on every Cisco device that is going to be managed and monitored using Essentials. Details about each application and the tasks involved in setting the credentials are available later in this document.
User Guide for Resource Manager Essentials 2-4 78-13951-01 Chapter 2 Resource Manager Essentials Applications System Configuration
Table 2-2 lists all the applications and the device credentials required for proper functioning of the applications.
Ta b l e 2-2 Applications and the Device Credentials
Application Telnet Password Enable Password SNMP Read Only SNMP Read / Write NetConfig Required Required Required Not required NetShow Required Required Required Not required Config Editor Required Required Required Not required ChangeAudit Not required Not required Required Not required Configuration Required Required Required Not required Management (Telnet) Configuration Not required Not required Required Required Management (TFTP) Device Views Not required Not required Required Not required Inventory Not required Not required Required Not required SWIM Required1 Required1 Required Required Syslog Not required Not required Required Not required Availability Required Required Required Not required
1. Required in case of few devices.
System Configuration
System Configuration lets you configure system-wide information on the CiscoWorks2000 server. In this way, you can centrally locate information that is used by more than one Essentials application.
Note Network administrators should perform these tasks with care. If errors occur, users may not be able to log in.
Table 2-3 shows the tasks that you can accomplish with System Configuration.
User Guide for Resource Manager Essentials 78-13951-01 2-5 Chapter 2 Resource Manager Essentials Applications Availability
Ta b l e 2-3 System Configuration Tasks
Task Purpose Action Set up a proxy Enable applications to connect to Select Resource Manager Essentials > URL. Cisco.com. Administration > System Configuration, then select the Proxy tab. If the server access to the outside world is controlled through a proxy server, this must be configured. Define SNMP Specifies the timeout value and the Select Resource Manager Essentials > timeouts and number of retries while querying devices Administration > System Configuration, retries. for inventory collection. then select the SNMP tab. Define the Add and modify command-line Select Resource Manager Essentials > SMTP server instructions to be run automatically Administration > System Configuration, name. whenever Syslog Analysis receives a then select the SMTP tab. specific message type. Define RCP Specify the username to authenticate Select Resource Manager Essentials > usernames. RCP transfers between the devices and Administration > System Configuration, the server for remote operations. then select the RCP tab.
Availability
The Availability application lets you monitor the reachability and response time of your network devices. You can view the availability of a selected group of devices, a summary of interface status, reports of reloads (reboots) and unreachable devices, and protocol distribution graphs.
Benefits of Availability
If you experience connectivity problems trying to reach certain resources or services on the network, one of the first things you must check is the status of a device. If a device is unreachable, you will want to find out when it was last operational and whether any abnormal reloads have occurred. This can be the first step in troubleshooting the exact location of the fault. Availability helps you track the reachability of devices on your network.
User Guide for Resource Manager Essentials 2-6 78-13951-01 Chapter 2 Resource Manager Essentials Applications Availability
The Availability application periodically polls selected devices to determine device reachability, interface status, and response times. Availability reports display the status of devices, show devices that are offline for more than three hours, and summarize the percentage of Layer 3 protocol traffic forwarded on each Layer 3 device. A Reloads Report shows the cause of the past five reloads for a device and includes a link to the Cisco.com stack decoder to help troubleshoot any device failures. Availability provides reports to quickly assess the status of selected devices on the network. Information can be tracked for all devices on the network, or only critical devices to reduce the load on the network and the network management system.
Availability Functional Flow
Before device availability information will be stored in Essentials, you must select the specific device views that needs to be monitored for Availability. When devices are selected to be included in Availability polling, Essentials will poll the devices according to the schedule set by the network administrator (only one schedule for all views). Devices will be polled for reachability, response time, interface status, reload, and protocol information. This information will be updated in the Availability database after each scheduled poll, and can be viewed by displaying Availability Reports. Historical information on reachability and response times is also stored in the Essentials database and can be displayed in trend graphs under Availability Monitor.
User Guide for Resource Manager Essentials 78-13951-01 2-7 Chapter 2 Resource Manager Essentials Applications Availability
Figure 2-2 Availability Functional Flow
Poll selected devices
Reports/output
Device status Availability database Reachability Dashboard Availability Monitor Reloads Report Offline Device Report
Protocol Distribution Graph 77093
Availability Workflow
The Figure 2-3 depicts the Availability workflow and associated tasks within Essentials: • In order to retrieve Availability information from devices, each device must be in the Essentials Inventory with the proper SNMP read community string attribute. • Polling options must be set, including selecting which device views are going to be polled for availability information. When devices are selected, availability information can be viewed in any of the Availability Reports within Essentials. Information is automatically purged according to the options you set, so no ongoing maintenance is required.
Figure 2-3 Availability Workflow
Verify Device Setup View reports Requirements 77094 SNMP read community Select devices Availability reports string Change polling options 24-hour reports Device center
User Guide for Resource Manager Essentials 2-8 78-13951-01 Chapter 2 Resource Manager Essentials Applications Availability
Table 2-4 shows the tasks you can accomplish with the Availability application.
Ta b l e 2-4 Availability Manager Tasks
Task Purpose Action Set polling Select views to be monitored. You must Select Resource Manager Essentials > views and do this before you can monitor device Administration > Availability > Change options. availability. Polling Options. If your system performance is degraded by availability polling, you can add more system resources, poll fewer devices, or poll less frequently. Change polling Select default Availability polling option Select Resource Manager Essentials > options. values or to select new values from the Administration > Availability > Change drop-down list boxes. Polling Options. The polling options you set, apply to all Availability views. View the View device status for all views set for Select Resource Manager Essentials > Reachability availability monitoring. The dashboard Availability > Reachability Dashboard. Dashboard. continuously reports: • All views being polled and the number of devices in each view. • Device names of all devices in each view and the time they last responded. Monitor device Continuously monitor selected devices Select Resource Manager Essentials > availability. and access interface availability details. Availability > Availability Monitor. View the Display the most recent reloads (up to 5) Select Resource Manager Essentials > Reloads report. for selected devices. The report shows the Availability > Reloads Report. reason for each reload and when it To view reloads that occurred only within occurred. the past 24 hours, select Resource Manager Essentials > 24-Hour Reports > Reloads Report.
User Guide for Resource Manager Essentials 78-13951-01 2-9 Chapter 2 Resource Manager Essentials Applications Change Audit
Table 2-4 Availability Manager Tasks (continued)
Task Purpose Action View the Stack Decode and analyze a device’s stack Select Resource Manager Essentials > Decoder dump to enable troubleshooting of Availability > Reloads Report. Analysis. devices that reload unexpectedly. In the generated report, click on the An unexpected reload is any reload that is unexpected reload. neither initiated by you nor a result of a power-on. The Reloads report applies only to routers running Cisco IOS Release 10.2 or later and is available only for the most recent reload. View the Generate a report of managed devices that Select Resource Manager Essentials > Offline Device have not responded to polling for more Availability > Offline Device Report. report. than a specified period of time (3, 6, 12, To view only devices that have been off 24, 48, or 72 hours). line for the past 24 hours, select Resource Manager Essentials > 24-Hour Reports > Offline Device Report. View the View the distribution of IP, AppleTalk, Select Resource Manager Essentials > Protocol IPX, DECnet, VINES, and XNS packets Availability > Protocol Distribution Distribution for selected devices in a bar or pie chart. Graph. graph. This report shows the Layer 3 protocol packet types that are forwarded by the devices.
Change Audit
The Change Audit application lets you track and report network changes. It provides the capability for other Essentials applications to log change information to a central repository called the Change Audit log.
User Guide for Resource Manager Essentials 2-10 78-13951-01 Chapter 2 Resource Manager Essentials Applications Change Audit
Change Audit Functional Flow
Change Audit tracks all changes discovered by the Inventory Manager, Software Manager, and Configuration Manager. Every time one of these applications detects a change, it sends a change record to the Change Audit Service, with details of who, when, and what type of change occurred. See Figure 2-4. Inventory changes include any changes to device information stored in the Inventory database, such as chassis, interfaces, and system information. Software Management changes include upgrades to new software image versions. Configuration management changes include all changes made to configuration files on devices. This includes changes made outside of Essentials tasks, detected by the configuration archive process, as well as changes made using Essentials functionality—NetConfig or Config Editor. Inventory changes can be filtered to limit the types of changes that are stored in the Change Audit database. For example, you might not want to track every time the port status on a switch changes because users have shut down their computers connected to the switch. Software and configuration management changes cannot be filtered. You can view change records or search for specific change records to determine who made a change or when a change was made. Change reports can also be time based to quickly report on changes that have, or have not, occurred during specified time periods—possibly detecting unauthorized change activity. The Change Audit Service application can also be configured to forward change records, in the form of SNMP traps to remote servers, allowing you to monitor and view changes from a remote network-management station that has event-collection capabilities, such as HP OpenView.
User Guide for Resource Manager Essentials 78-13951-01 2-11 Chapter 2 Resource Manager Essentials Applications Change Audit
Figure 2-4 Change Audit Functional Flow
Remote server Inventory manager Filters
Inventory database Change audit database Reports/output Software manager
Software upgrades Summary detail records By user By application By time period By device Configuration Exceptions summary manager
Configuration archive NetConfig Config editor 77095
Figure 2-5 Change Audit Work Flow
View Setup change records
Define inventory filters All changes Administer trap Search change audit Generators Exceptions summary Define exception periods
Ongoing maintenance
Delete change records 77096
User Guide for Resource Manager Essentials 2-12 78-13951-01 Chapter 2 Resource Manager Essentials Applications Change Audit
Figure 2-5 depicts the Change Audit workflow and associated tasks within Essentials. Change Audit automatically stores any change records sent from the Inventory Manager, Software Manager, and Configuration Manager applications. After these applications are set up, you can view change records at any time. You are required to perform Change Audit setup tasks only if you want to filter out specific Inventory changes, forward change records to a remote server, or report on changes during specific time periods every week. Change records are stored in the Essentials database until they are removed. Therefore, ongoing maintenance is required to delete old records from the database. Table 2-5 shows the tasks that you can accomplish with the Change Audit application.
Ta b l e 2-5 Change Audit Tasks
Task Purpose Action View Change View the two log tables: Change Select Resource Manager Essentials > Audit logs. Audit summary and Change Audit 24-Hour Reports > Change Audit Report. details. Or Select any report from Resource Manager Essentials > Change Audit. Delete records Delete or schedule deletion of change Select Resource Manager Essentials > from the log. records from the Change Audit log. Administration > Change Audit > Delete Change History. Convert change Convert some or all change Select Resource Manager Essentials > records to notifications into SNMP V1 traps and Administration > Change Audit > Administer SNMP traps. send them to a destination you Trap Generator. configure. Define an Specify a period of time when no Select Resource Manager Essentials > exceptions network changes should occur. Administration > Change Audit > Define period. Exceptions Summary. Set up filtering Define one or more filter fields to Select Resource Manager Essentials > Change options. filter report data. Audit > Search Change Audit. View changes Generate a report on changes that Select Resource Manager Essentials > Change in an exception occurred in the network during a Audit > Exceptions Summary. period. defined exception.
User Guide for Resource Manager Essentials 78-13951-01 2-13 Chapter 2 Resource Manager Essentials Applications Configuration Management
Table 2-5 Change Audit Tasks (continued)
Task Purpose Action View all Generate a report that enables you to Select Resource Manager Essentials > Change change view changed data in the Change Audit > All Changes. records. Audit log. View a Generate a summary of changes Select Resource Manager Essentials > summary of made in the past 24 hours from 24-Hour Reports > Change Audit Report. changes made Change Audit log data. in the last 24-hours.
Configuration Management
The Configuration Management application stores the current, and a user-specified number of previous versions, of the configuration files for all supported Cisco devices maintained in the Inventory. It automatically tracks changes to configuration files and updates the database if a change is made.
Benefits of Configuration Management
One of the most difficult but important things to manage on a is device configuration. Often a change to the device configuration leads to network performance issues and faults. The device configuration is the key to how a device operates on the network and traffic is passed. As the network administrator, you need to be able to control and track changes to device configurations to minimize errors and assist in troubleshooting problems. This can be very difficult if several different users are making changes to the device configurations. It can also become very repetitive and time-consuming. Configuration management can help simplify and automate these tasks. Configuration Management gives you easy access to the configuration files for all file-based or Cisco IOS-based Catalyst switches, FastSwitches, and Cisco routers in the Essentials Inventory.
User Guide for Resource Manager Essentials 2-14 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
After you import devices into the Inventory and they become managed, configuration files are collected and stored in the Configuration Archive. When you change the configuration, an alert is sent to the Archive which automatically collects the latest configuration information. Before you can use the Configuration Archive, you must make sure you have completed all the necessary setup tasks. For information on these tasks, see Installation and Setup Guide for Resource Manager Essentials.
Configuration Management Functional Flow
After you add or import devices into your inventory, the configuration files for each supported device are collected and stored in the configuration archive. When you change the configuration, an alert is sent to the Archive which automatically collects the latest configuration information. In addition, a change record is sent to the Change Audit application, which collects and organizes all changes to network devices. This allows you to view all configuration changes made over any period of time or by any specific user.
User Guide for Resource Manager Essentials 78-13951-01 2-15 Chapter 2 Resource Manager Essentials Applications Configuration Management
Figure 2-6 Configuration Management Functional Flow
Syslog database Change audit v.3 v.V2 v.1
Reports/Output
Config editor
NetConfig
Network devices Network Show show comands command output 77100
User Guide for Resource Manager Essentials 2-16 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Figure 2-7 Configuration Management Workflow
Verify device Community strings requirements Telent/Enable mode access
Identify Plan Execute Verify Setup changes changes changes changes needed General setup Search archive Update archive NetConfig Browse job Create approver Compare NetConfig editor lists configurations
Ongoing maintenance and troubleshooting
Check configuration sync report Network show commands
Custom reports 77101
Figure 2-7 depicts Configuration Management workflow and associated tasks: • Verify device requirements to ensure that Essentials is able to communicate with the devices. • Create approver lists, if specific users are going to be required to approve configuration updates before they are executed and set configuration archive preferences (update schedule, number of copies to retain, and so on), and After the configuration archive is set up, it can be used to view device configurations and identify and plan necessary changes. Then, the NetConfig or Config Editor applications can be used to actually execute and confirm the changes. As ongoing maintenance, the Configuration Sync report should be checked daily to ensure that all running and startup configurations on devices match. In addition, the network administrator can use Network Show Commands and Custom reports to troubleshoot problems and gather information as needed.
User Guide for Resource Manager Essentials 78-13951-01 2-17 Chapter 2 Resource Manager Essentials Applications Configuration Management
Configuration Archive
The configuration archive maintains a history of configuration files for all managed devices on the network. The network administrator can specify how long files should be kept in the archive, how many versions should be maintained in the archive, and how often devices on the network should be polled for changes. In addition, there are multiple ways to detect changes on devices and trigger an update to the configuration archive. For example, specific syslog messages sent from the device can indicate that a change has occurred and can trigger the configuration archive to retrieve the new configuration. The configuration archive can also be scheduled to poll all devices at a specific time each week.
Figure 2-8 Configuration Archive Functional Flow
Change? 12
Poll configuration MIB (Cisco ICS software only) 9 3 Update 6
Scheduled updates Scheduled updates
Manual updates
Syslog messages 77098
User Guide for Resource Manager Essentials 2-18 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Several methods can be used to trigger the configuration archive to retrieve a new device configuration: • Scheduled updates—Essentials will retrieve configuration files for all devices at a scheduled time each day or week. If the configuration file on the device has a date later than the file in the archive, Essentials will update the archive with the most current configuration from the device and create a change record. If there is no change, the archive will not be updated. • SNMP polling—Essentials will periodically poll the configuration MIB variable on devices, according to the schedule set by the administrator, to determine if the configuration file has changed. If it has, Essentials will retrieve the most recent configuration from the device and create a change record for Change Audit. Polling uses fewer resources than full scheduled collection because configuration files are retrieved only if the configuration MIB variable is set. This method is available only for supported Cisco IOS versions. • Listen to syslog messages—If devices are configured to forward syslog messages to the Essentials server, whenever a syslog message is sent from a device to indicate that a configuration file has changed, Essentials will retrieve a new copy of the configuration file from that device.
Note The syslog message from a Cisco IOS device is severity level 5, and the similar message from a Catalyst OS device is severity level 6.
• Manual updates—You can force the configuration archive to check devices for configuration changes at any time; select Resource Manager Essentials > Configuration Management > Update Archive. This allows you to update the archive for specific devices. You can use any combination of these methods to keep the archive up-to-date, by selecting the appropriate preferences in Configuration Management. You want to keep the archive as up-to-date as possible to track changes, but remember that each configuration archive update places additional load on the network and the NMS.
User Guide for Resource Manager Essentials 78-13951-01 2-19 Chapter 2 Resource Manager Essentials Applications Configuration Management
NetConfig, Config Editor, and Network Show Commands
Two additional applications, NetConfig and Config Editor, are available to edit configuration files. The NetConfig application allows you to save sets of commands and execute those commands on multiple devices at the same time. The Config Editor application can be used to edit any device configuration that is stored in the configuration archive, and then download the new configuration to the device. The new configuration is stored in the configuration archive and will also trigger a change record to be sent to Change Audit. Additional Configuration reports specific to active virtual private network (VPN) devices are also available. The NetConfig application provides a set of wizard-based templates that can be used to update the device configuration on multiple devices all at once. The devices must already be managed by Essentials. The new configuration will be stored in the archive for each device changed, and associated change records will be created. The Network Show Command application accesses network devices in real time to display output for common show commands. This can help in troubleshooting by allowing you to display interface statistics, routing tables, and system information for selected devices. Table 2-6 shows the archive-specific tasks you can accomplish with the Configuration Management application.
User Guide for Resource Manager Essentials 2-20 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Ta b l e 2-6 Configuration Management Archive-Specific Tasks
Task Purpose Action Search for Search for configuration files based on • Select Resource Manager configuration device name or text pattern. Essentials > Configuration > files. Management > Search Archive by Device. • Select Resource Manager Essentials > Configuration Management > Search Archive by Pattern. Create, run, Create and run custom reports that gather Select Resource Manager Essentials > modify, and device configuration files from the Configuration Management > Custom delete custom archive for specified devices. Reports. reports. You can also modify and delete custom reports. Compare Compare configuration files of two Select Resource Manager Essentials > device devices or two versions of a single file. Configuration Management > Compare configuration Configurations. Compare the starting and current files. configurations of a device. Compare the current and the most recently archived configurations of a device. Find Determine whether a device’s startup and Select Resource Manager Essentials > out-of-sync running configurations are synchronized. Configuration Management > configurations. The two configurations might differ if Startup/Running Out of Sync Report you change a device configuration after or the device is booted. Select Resource Manager Essentials > 24 Hour Reports > Configuration Sync Report. Move the Move the configuration archive to a new Select Resource Manager Essentials > configuration location. Administration > Configuration archive. Management > General Setup, then select the Archive Setup tab.
User Guide for Resource Manager Essentials 78-13951-01 2-21 Chapter 2 Resource Manager Essentials Applications Configuration Management
Table 2-6 Configuration Management Archive-Specific Tasks (continued)
Task Purpose Action Specify criteria Specify when to purge configurations Select Resource Manager Essentials > for purging the from the archive. You can specify two Administration > Configuration archive. criteria: Management > General Setup, then select the Archive Setup tab. • Age. Configurations older than the specified age are purged. • Maximum number of versions. The oldest configuration is purged when the maximum number is reached. You can also choose not to purge labelled files. Modify Modify how and when the configuration Select Resource Manager Essentials > configuration archive retrieves configurations. Administration > Configuration archive Management > General Setup, then select retrieval. the Change Probe Setup tab. Change the Change the order of the protocols the Select Resource Manager Essentials > protocol order configuration archive uses to download Administration > Configuration used by the configurations from devices to the Management > General Setup, then select configuration archive. the Transport Setup tab. archive. The default order is: • TFTP (Trivial File Transport Protocol) • Telnet • SSH • RCP (Remote Copy Protocol) Update the Update the archive manually if you make Select Resource Manager Essentials > configuration a significant change to a device Configuration Management > Update archive. configuration and want the archive to Archive. reflect the changes. The configuration archive retrieves configurations at 12.30 a.m. every Friday by default. It also listens to Syslog messages and fetches the configuration.
User Guide for Resource Manager Essentials 2-22 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Table 2-6 Configuration Management Archive-Specific Tasks (continued)
Task Purpose Action Check the Check archive status for the latest attempt Select Resource Manager Essentials > archive status. to archive a device configuration (running Administration > Configuration or startup). Management > Archive Status. Configure Select configuration files from different Select Resource Manager Essentials > labels. managed devices, group them, and label Administration > Configuration them as a set. Management > Label Configuration. You can also view, modify, and remove configuration labels. Use the Access the configuration archive to This command cannot be entered from cwconfig update, export, and import configurations the desktop; use the command line. command at on devices and in the archive. the command For more information about the command line. syntax and parameters, see the cwconfig man page on UNIX systems, by entering: man -M /opt/CSCOpx/man cwconfig Locate the Access the configuration archive shadow The shadow directories cannot be configuration directory, which is an image of the most accessed from the desktop. archive shadow recent configurations gathered by the • On Solaris, as root or casuser, enter: directory. configuration archive. /var/adm/CSCOpx/files/archive/ shadow • On Windows 2000, as admin, enter: nmsroot\files\archive\shadow
NetConfig Option
Using the NetConfig option, which runs as a separate application in its own window, you can make configuration changes to your managed network devices.
User Guide for Resource Manager Essentials 78-13951-01 2-23 Chapter 2 Resource Manager Essentials Applications Configuration Management
Benefits of Netconfig
The NetConfig application provides you with wizard-based templates to simplify and reduce the time it takes to make global changes to network devices. These templates can be used to execute one or more configuration commands on multiple devices at the same time. For example, if you want to change passwords on a regular basis to increase security on devices, you can use the appropriate password template to update passwords on all devices at once. A copy of all updated configurations will be automatically stored in the configuration archive.
Figure 2-9 NetConfig Functional Flow
Create/edit Assign users Execute/ templates to templates schedule jobs
Cisco IOS software Predefined custom Assigned templates Multiple devices Catalyst Switch Adhoc commands FastSwitch device
Network administrator Any user privileges (except help desk) who has been assigned to Configuration
templates archive 77106
NetConfig uses configuration templates to create the configuration commands run on devices when a NetConfig job runs. There are three types of configuration templates: • System-defined—Provided with NetConfig, these templates simplify the creation of common configuration commands. • User-defined—Created by system administrators, these templates can contain any configuration commands. • Adhoc—Allows you to add any configuration commands to a NetConfig job while you are defining it.
User Guide for Resource Manager Essentials 2-24 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Caution NetConfig does not verify the commands entered in user and adhoc templates. These commands are executed on devices exactly as they appear in the template. If you enter incorrect configuration commands, you could misconfigure or disable the devices on which the job runs.
By default, only network administrators have access to configuration templates. Network administrators can assign template access privileges to the other system users. When you define or edit a job, the configuration templates to which you have access privileges appear in the job definition wizard. Table 2-7 shows the tasks that can be accomplished with the NetConfig option.
Ta b l e 2-7 NetConfig Tasks
Task Purpose Action Define and Define a NetConfig job to make device 1. Select Resource Manager Essentials > schedule a configuration changes, and schedule it Configuration Management > NetConfig job. to run. NetConfig > Jobs > New Job. or Click the New Job button. 2. Complete the job definition wizard. Browse and Browse the NetConfig jobs that are 1. Select Resource Manager Essentials > edit NetConfig registered on the system and edit them Configuration Management > jobs. as necessary. NetConfig > Jobs > Job Browser. or Click the Job Browser button. 2. Select a job record. 3. Click Edit Job, Copy Job, Remove Job, Stop Job, or Job Details.
User Guide for Resource Manager Essentials 78-13951-01 2-25 Chapter 2 Resource Manager Essentials Applications Configuration Management
Table 2-7 NetConfig Tasks (continued)
Task Purpose Action View a View detailed information about a 1. Select Resource Manager Essentials > NetConfig registered NetConfig job. You can also Configuration Management > job’s details. edit a job from its detailed view. NetConfig > Jobs > Job Browser. or Click the Job Browser button. 2. Select a job record. 3. Click Job Details. 4. Click Edit Job, Copy Job, Remove Job, Stop Job, or Print. Launch Launch Essentials if it is not already Select Resource Manager Essentials > Essentials. running. Configuration Management > NetConfig >Tools > Launch RME. or Click the Launch RME button. Create and edit Create and edit configuration templates Select Resource Manager Essentials > user-defined that can contain any configuration Configuration Management > configuration commands. NetConfig >Admin> Create/Edit User templates. Templates. Assign Assign access privileges to the Select Resource Manager Essentials > configuration system-defined and user templates on Configuration Management > NetConfig > template access the system. Admin > Assign Template Users. privileges to users. Set default Set the default policies for NetConfig Select Resource Manager Essentials > template jobs that are defined. Configuration Management > NetConfig > policies. Admin > Set Template Policies.
User Guide for Resource Manager Essentials 2-26 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Table 2-7 NetConfig Tasks (continued)
Task Purpose Action View online View the online help for information Select Resource Manager Essentials > help for the about the task you are performing. Configuration Management > NetConfig > task you are Help > Context-Sensitive Help. performing. or Click the Help button. Use the Define and schedule NetConfig jobs Enter the NetConfig command at the NetConfig from the command line. command line with the appropriate options command to and arguments. make batch For more information, see the online help configuration and the netconfig man page. changes.
Network Show Commands Option
As a network administrators you must be familiar with show commands used on Cisco routers and switches. Network show commands represent a set of read-only commands that you can run on routers, Catalyst switches, and FastSwitch devices. These commands display configuration or status information. You can run network Show commands from the GUI or from the command line interface.
Benefits of Network Show Commands
As an Essentials user, you can execute Show commands against many devices and view the results from Essentials, using the Network Show Commands application. This application can be used to display Show command output for multiple devices in two modes: • Immediate execution—Run the selected set of Show commands for the selected devices immediately. • Batch mode—Schedule a set of Show commands to be run against a selected set of devices.
User Guide for Resource Manager Essentials 78-13951-01 2-27 Chapter 2 Resource Manager Essentials Applications Configuration Management
You can use the Network Show tasks to organize and save one or more related Show commands into logical groups, called command sets. These command sets can then be applied to devices whenever specific configuration or status information is needed. You specify which commands you want to group together and run the commands on one or many devices. The output is displayed in a browser window. All users have access to the following six predefined command sets, which ship with Essentials. These include some of the most common Show commands used in monitoring and troubleshooting a network: • show interface info • show IP routing info • show protocol info • show switch VLAN info • show system info • show system performance In order to display output for other Show commands within Essentials, you must first define the command set, and then assign users to be able to access the command set. Essentials ships with a set of default network command sets, which you cannot edit or delete.
User Guide for Resource Manager Essentials 2-28 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Figure 2-10 Network Show commands Functional Flow
Show VLAN info Command sets
Show Show protocol interface info help
Immediate execution Network show commands Scheduled batch execution
Network Devices 12
9 3 Show output 6 77107
Table 2-8 shows the tasks you can accomplish with the Network Show Commands option.
Ta b l e 2-8 Network Show Commands Tasks
Task Purpose Action Create a Create, edit, and delete a logical group of Select Resource Manager Essentials > network show custom commands for a user or a set of Administration > Configuration command set. users. Management > Network Show > Define Command Set. Assign users to Specify which user or set of users can run Select Resource Manager Essentials > the network network show commands. Administration > Configuration show command Management > Network Show > Assign set. Users.
User Guide for Resource Manager Essentials 78-13951-01 2-29 Chapter 2 Resource Manager Essentials Applications Configuration Management
Table 2-8 Network Show Commands Tasks (continued)
Task Purpose Action Execute a Run network show commands on one or Select Resource Manager Essentials > network show more devices. Configuration Management > Network command set Show Commands > Immediate immediately. Execution. Define a batch Create a batch report containing Select Resource Manager Essentials > report. command sets and remote console Configuration Management > Network commands that can be run on a set of Show Commands > Batch Reports > devices to generate a report. Define Reports. You can also modify or delete existing reports. Schedule a Schedule reports in batches and generate Select Resource Manager Essentials > batch report. these batch reports at a specified time. Configuration Management > Network Show Commands > Batch Reports > Schedule Reports. View report View the output of a batch report. Select Resource Manager Essentials > output. Configuration Management > Network Show Commands > Batch Reports > View Report Output. Browse Browse the network show jobs that are 1. Select Resource Manager network show registered on the system and view job Essentials > Configuration jobs. details. Management > Network Show Commands > Batch Reports > Job You can also edit or delete jobs. Browser. 2. Select a job record. 3. Click Edit Job, Stop Job, Remove Job, Copy Job, or Job Details. Set job Each network show job has properties Select Resource Manager Essentials > policies. that define how the job runs. You can Configuration Management > Network configure a default policy for these Show Commands > Batch Reports > Set properties that apply to all future jobs. Job Policies.
User Guide for Resource Manager Essentials 2-30 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Table 2-8 Network Show Commands Tasks (continued)
Task Purpose Action Use the Define and execute command sets Enter the cwconfig netshow command at cwconfig command sets to be run against a set of the command line. netshow devices. For more information, see the online help command. and the cwconfig netshowbatch man page. Use the Define and schedule reports, comprising Enter cwconfig netshow batch command cwconfig multiple network show command sets to at the command line. netshow batch be run against a set of devices. For more information, see the online help command. and the cwconfig netshowbatch man page.
Config Editor Option
You can edit configuration files stored in the configuration archive and download files to devices, using the Config Editor option. This option runs as a separate application in its own window.
Benefits of Config Editor
Config Editor allows you to edit and download configuration files to devices using a GUI instead of the command line interface (CLI). Use Config Editor to edit individual device configurations within Essentials and then download them back to a device. A copy of the updated configuration will automatically be stored in the configuration archive. When a configuration file is opened with Config Editor, the file is locked so that other users will be able to make changes at the same time. While the file is locked, it is maintained in a private archive available only to the user who checked it out. If other users attempt to open the file to edit it, they will be notified that the file is already checked out and they can open only a read only copy. The file will remain locked until it is downloaded to the device or manually unlocked within Config Editor.
User Guide for Resource Manager Essentials 78-13951-01 2-31 Chapter 2 Resource Manager Essentials Applications Configuration Management
Figure 2-11 Config Editor Functional Flow
Configuration archive
Open files Config locked from editor use by other users
Show Telnet output TFTP Compare files rcp Edit files View changes Unlocked Browse jobs View locked files
Configuration editor Network (private copy)
devices 77099
Note Many applications rely on access to configuration file within the Configuration Archive (NetConfig, ACL Manager). Hence, you must ensure that all files have been unlocked before exiting Config Editor. You cannot globally unlock all files even at the administrator level; the user who checked out the file must unlock it so others have access to it. Select Resource Manager Essentials > Configuration Management > Config Editor > Tools > List Checked Out Files before exiting Config Editor to get a list of files that have to be checked in.
Table 2-9 shows the tasks you can accomplish with the Config Editor option.
User Guide for Resource Manager Essentials 2-32 78-13951-01 Chapter 2 Resource Manager Essentials Applications Configuration Management
Ta b l e 2-9 Config Editor Tasks
Task Purpose Action Edit Check out a file from the archive, and edit Select Resource Manager Essentials > configuration it. Configuration Management > Config files from the Editor > File > Open. archives. Schedule Define and schedule a download job. Select Resource Manager Essentials > download jobs. Configuration Management > Config Editor > File > Download. Print Print a configuration file. Select Resource Manager Essentials > configuration Configuration Management > Config files. Editor > File > Print. Configure job Configure a default policy for job Select Resource Manager Essentials > policies. properties that applies to all future jobs. Configuration Management > Config You can also specify if the property can Editor > Edit > Set Job Policies. be configured by other users. Set up editing Set up your editing preferences. Select Resource Manager Essentials > preferences. Configuration Management > Config Config Editor remembers your preferred Editor > Edit > Preferences. mode even across different invocations of the application. After you open a file in a specific mode, you can view it only in that mode until you unlock it. View changes. View the changes to the checked out file. Select Resource Manager Essentials > Essentials compares the current file with Configuration Management > Config the checked out version. Editor > Tools > Show Changes Made. Compare Compare the current file with any version Select Resource Manager Essentials > versions of the in the configuration archive. Configuration Management > Config configuration Editor > Tools > Compare. files. Enter comment Enter comment lines while editing a Select Resource Manager Essentials > lines. configuration file. Configuration Management > Config Editor > Tools > Insert Comment Line. List checked View a list of files checked out by all Select Resource Manager Essentials > out files. users. Configuration Management > Config Editor > Tools > List Checked Out Files.
User Guide for Resource Manager Essentials 78-13951-01 2-33 Chapter 2 Resource Manager Essentials Applications Contract Connection
Table 2-9 Config Editor Tasks (continued)
Task Purpose Action Browse and Browse the Config Editor jobs that are 1. Select Resource Manager edit Config registered on the system and edit them as Essentials > Configuration Editor jobs. necessary. Management > Config Editor > Tools > Job Browser. 2. Select a job record. 3. Click Edit Job, Copy Job, Remove Job, Stop Job, or Job Details. View job View detailed information about a 1. Select Resource Manager details. registered Config Editor job. You can also Essentials > Configuration edit a job from its detailed view. Management > Config Editor > Tools > Job Browser. 2. Select a job record. 3. Click Job Details. 4. Click Edit Job, Copy Job, Remove Job, Stop Job, or Print Job.
Note Do not launch NetConfig and ConfigEditor from the same browser window.
Contract Connection
Contract Connection lets you verify which of your Cisco IOS devices are covered by a service contract, and when they will expire. Contract Connection uses Inventory Manager, Cisco Connection Online (Cisco.com) and Contract Agent, Cisco’s internal tracking service, to provide the status of your service coverage. Contract Connection provides details on: • A list of contracts from the Contract Agent • Managed Cisco IOS devices from the Essentials package database To view contract status, however, you must have login privileges to the Cisco.com web site and a Cisco.com profile that enables access to the Contract Agent.
User Guide for Resource Manager Essentials 2-34 78-13951-01 Chapter 2 Resource Manager Essentials Applications Contract Connection
Contract Connection Workflow
Contract Connection checks the devices in your Essentials Inventory against devices logged in the Cisco Contract Agent and displays a summary. If the serial numbers of the devices in the Inventory and devices in the Contract Agent match, you can view a detailed report on the contract status, which also shows when the contract was initiated and when it will expire. Three different serial numbers can be associated with a device. This determines how Contract Connection works: • Shipment serial number—The number tagged on the device when it is shipped from Cisco. Also the number logged in the Cisco Contract Agent. • Managed serial number—The number stored in the Essentials Inventory database. It is entered or retrieved from the device when a device is added or imported into the database. • Electronic (MIB) serial number—The number stored in the device MIB. It can be set or modified through the command line interface (CLI). For Contract Connection to work properly and display contract details, the managed serial number in the Essentials Inventory must match the shipment serial number logged with the Cisco Contract Agent. If these numbers do not match, select Resource Manager Essentials > Administration > Inventory > Change Device Attributes, to edit the serial numbers. Contract Connection is currently available only for Cisco IOS devices, but support for additional devices will be added in future releases. Table 2-10 shows the task you can accomplish with the Contract Connection application.
Ta b l e 2-10 Contract Connection Task
Task Purpose Action Check the Check which of your Cisco IOS managed Select Resource Manager Essentials > status of a devices are covered by a service contract Contract Connection > Check Contract contract. and review contract details. Status.
User Guide for Resource Manager Essentials 78-13951-01 2-35 Chapter 2 Resource Manager Essentials Applications Case Management
Case Management
You can use Case Management to open and track a case for network problems that require assistance from Cisco Technical Assistance Center. Case Management can collect critical network information, such as protocol, interface, and configuration data from Essentials and send to Cisco.com. When you open a case, you can designate specific Telnet command data (if applicable) and SNMP inventory values to be collected from selected devices. Case Management will attach this information to the case description and forward it to Cisco.com, which can reduce the time it takes a Cisco representative to help resolve the problem. Inquiries to Cisco TAC are categorized according to the urgency of the issue. New cases are automatically set to Priority level 3 (P3). If your case requires higher priority handling, you must contact the Cisco TAC or your sales engineer to request that the priority be raised. For more information on priority categories, see “Technical Assistance Center” section on page -xv. Table 2-10 shows the tasks you can accomplish with the Case Management application.
Ta b l e 2-11 Case Management Task
Task Purpose Action Open a case Open a case to Cisco.com through the Select Management Connection > Case and attach CiscoWorks2000 desktop Management > Open Case. network device statistics. View status of View the history and status of your case Select Management Connection > Case cases and and update description of problems. Management > Query or Update Case. update description.
User Guide for Resource Manager Essentials 2-36 78-13951-01 Chapter 2 Resource Manager Essentials Applications Inventory
Inventory
Networks are a mix of heterogeneous and geographically dispersed systems. Tracking of hardware and software assets in such environment is very critical. Inventory details are essential as a basic requirement for all network management applications. Inventory manager provides a persistent storage and reporting scheme for the information that can be categorized into two main parts. • Network topology—devices that are part of the network and their connectivity details • Physical inventory—devices that are part of the network, their system type, system contact, physical details, hardware, software versions The more information you have about all your devices in one central place, the easier it is to locate necessary information, resolve problems quickly, and provide detailed information to interested parties.
Benefits of Inventory Management
As a network administrator, you need to be able to quickly troubleshoot problems on the network, identify when network capacity is being reached, and provide information to management on the number and types of devices being used on the network. If the network goes down, one of the first things you will need to know is what devices are running on the network. Most Essentials tasks are performed against a set of devices. Hence, information about a particular device must be available in the Essentials database. Inventory Manager is used to specify which devices to manage. Since Essentials takes advantage of many different management services to collect device information (for example, SNMP, TFTP, Telnet), each device placed into the Essentials database (Inventory) must include the necessary parameters (device attributes) for various management services (community strings, passwords). When this information is included in the Essentials Inventory, the device is considered to be managed by Essentials, and data collection from the device takes place. Therefore, nothing happens in Essentials until the devices and their attributes are included in the inventory. Inventory Manager is the starting point for all Essentials applications.
User Guide for Resource Manager Essentials 78-13951-01 2-37 Chapter 2 Resource Manager Essentials Applications Inventory
When devices are added to Essentials, Inventory Manager (and other applications within Essentials) proceed to contact the device and collect necessary information to be stored in the database. Inventory Management can now be configured to automatically poll devices on the network to look for any changes. If any changes are detected in hardware or software components, the inventory database will be updated and a change audit record will be created to inform the network manager of the change, and to document the event. This helps to ensure that the information displayed in the Inventory reports reflects the current state of network devices. The Inventory application lets you: • Import devices from databases or files. • Export device information to files. • Add, delete, change, and list devices in your network inventory. • Delete devices listed in a CSV file • Poll, update and schedule collection on devices to update your network inventory. • Display reports and graphs of your hardware and software inventory and create Inventory custom reports. • Check and change device attributes. • Display a Year 2000 compliance report. • Change system-wide configuration for SNMP, SMTP, proxy and rcp settings. • Allow other network management systems to manipulate Essentials devices.
Inventory Management Functional Flow
To use Essentials at its full potential, the device attributes of the devices in the network must be included in the Inventory. Essentials does not auto–discover devices on the network. Devices must be manually added or imported into the Inventory database before information can be displayed in reports. To simplify the process of populating the Inventory database, device information can be imported from a supported network management system, such as HP OpenView, or from a formatted text file. Essentials can also import the device data directly from Campus Manager Topology Services, which can auto–discover devices. For detailed information, see Using Campus Manager.
User Guide for Resource Manager Essentials 2-38 78-13951-01 Chapter 2 Resource Manager Essentials Applications Inventory
Figure 2-12 Inventory Management Functional Flow
Managed Devices
Manually add
devices Poll for changes/Update database
Inventory Import devices database from NMS Reports/Graphs IBM NetView HP OpenView Hardware Campus manager Software AutoUpdate Server Inventory changes Chassis slots Importfrom devices file Multiservice ports Change Custom reports audit 77103
You can use the various tasks in the Inventory Manager to populate the database, start tracking any changes to the inventory, and produce inventory reports. The database or inventory population is also the starting point for using other Essentials applications.
User Guide for Resource Manager Essentials 78-13951-01 2-39 Chapter 2 Resource Manager Essentials Applications Inventory
Figure 2-13 Inventory Management Workflow
Verify device Populate Track Create View reports requirements inventory changes device views and graphs database Community strings Add devices Schedule collection Static views Inventory reports Devices accessible Import from local Inventory poller Dyname views Custom reports from server or remote NMS or Update inventory 24-hour reports AutoUpdate server Import from file Synchronize with Campus 3.x Add and verify device attributes
Ongoing maintenance and troubleshooting
Delete devices Change/check device attributes
Export device information to text file 77104
Figure 2-13 depicts the Inventory Management workflow and Essentials tasks: • Verify device requirements to ensure that Essentials is able to communicate with the devices. • Add or import device information into the Essentials database. An extremely important part of this step is associating device attributes with the imported or added devices. These attributes include the device community strings and appropriate passwords. These are required parameters for many of the management services (for example SNMP, Telnet) used by the various Essentials applications. • Schedule periodic polling of devices to track changes, and keep the database up-to-date. • Create device views to facilitate running of reports against numerous associated devices at one time.
Note The network administrator should perform ongoing maintenance, such as deleting devices that are no longer on the network, and checking device attributes to ensure that login and Telnet authentication information is correct in the Inventory database.
User Guide for Resource Manager Essentials 2-40 78-13951-01 Chapter 2 Resource Manager Essentials Applications Inventory
Table 2-12 shows the tasks you can accomplish with the Inventory application.
Ta b l e 2-12 Inventory Manager Tasks
Task Purpose Action List managed Determine whether a particular device is Select Resource Manager devices. managed by displaying devices that have Essentials > Administration > inventory data. Inventory > List Devices. Add devices. Add devices individually by specifying basic Select Resource Manager device information for each. Essentials > Administration > Inventory > Add Devices. Import devices Import devices in bulk from a comma Select Resource Manager from a file. separated values (CSV) file or a data Essentials > Administration > integration file (DIF) instead of adding them Inventory > Import from File. individually. Import device Import device data from a supported network Select Resource Manager data from a local management system (NMS) database Essentials > Administration > host. residing on the local host. Inventory > Import from Local NMS. Device import supports these NMS databases: • HP OpenView (HP-UX, Solaris, and Windows 2000 only) • Cisco WAN Manager (Solaris only) • Tivoli NetView (AIX, Solaris, and Windows 2000 only)
User Guide for Resource Manager Essentials 78-13951-01 2-41 Chapter 2 Resource Manager Essentials Applications Inventory
Table 2-12 Inventory Manager Tasks (continued)
Task Purpose Action Import device Import device data from a supported NMS Select Resource Manager data from a database residing on a remote host. Essentials > Administration > remote host. Inventory > Import from Remote Device import supports these NMS NMS. databases: • CiscoWorks for Switched Internetworks (CWSI) • HP OpenView • Cisco WAN Manager (Solaris only) • Tivoli NetView (running on remote AIX and Solaris hosts only) Proxy Import devices from AutoUpdate Server Select Resource Manager Management Essentials > Administration > Inventory > Proxy Management. Check status of Determine whether a device import was Select Resource Manager import from successful and rectify the import if the Essentials > Administration > local host, device remains unmanaged. Inventory > Import Status. remote host, or file. Delete managed Delete managed devices, including all the Select Resource Manager devices. related device information, that you no Essentials > Administration > longer track. Inventory > Delete Devices. Delete devices Delete a group of devices from a comma Select Resource Manager from a file. separated values (CSV) file instead of Essentials > Administration > deleting them individually. Inventory > Delete from File. View status of View the status of deleted devices and see Select Resource Manager deleted devices. which ones are in a suspended state. Essentials > Administration > Inventory > Delete Device Status.
User Guide for Resource Manager Essentials 2-42 78-13951-01 Chapter 2 Resource Manager Essentials Applications Inventory
Table 2-12 Inventory Manager Tasks (continued)
Task Purpose Action Change device Change these device attributes on selected Select Resource Manager attributes. devices: Essentials > Administration > Inventory > Change Device • SNMP read and write community Attributes. strings • Telnet passwords • TACACS usernames and passwords • Enable TACACS usernames and passwords • Enable secret passwords • Local usernames and passwords • User fields • Device serial numbers Export devices Export your device and device access Select Resource Manager to a file. information to an output file in CSV or DIF Essentials > Administration > format. Inventory > Export to File. Create and view Create a customized report that gathers all or Select Resource Manager inventory any of this information about specified Essentials > Administration > custom reports. devices: Inventory > Custom Reports. • IP address To view a previously-created report, select Resource Manager • User field Essentials > Inventory > Custom • RAM size Reports. • Flash size • Port count • Hardware version • Card type • Serial number • SAA information
User Guide for Resource Manager Essentials 78-13951-01 2-43 Chapter 2 Resource Manager Essentials Applications Inventory
Table 2-12 Inventory Manager Tasks (continued)
Task Purpose Action Define filters for Define filters that determine what data is Select Resource Manager change reports. displayed in your inventory change reports. Essentials > Administration > Inventory > Inventory Change Filter. Schedule Schedule polling and collection to update Select Resource Manager inventory your network inventory. Essentials > Administration > collection. Inventory > Schedule Collection. Update Run inventory collection as a one-time event Select Resource Manager inventory for specific devices. Essentials > Administration > collection. Inventory > Update Inventory. Schedule device Schedule periodic polling of managed Select Resource Manager polling. devices. Essentials > Administration > Inventory > Inventory Poller. Since the poller uses fewer network resources, you should schedule inventory polling to run more frequently than inventory collection. Run an Determine what inventory changes were Select Resource Manager inventory made in the last 24 hours. Essentials > 24-Hour Reports > 24-hour report. Inventory Change Report. View a hardware View user-specified hardware information Select Resource Manager report. for each device. Essentials > Inventory > Hardware Report. View a software View user-specified software information for Select Resource Manager report. each device. Essentials > Inventory > Software Report. View View detailed hardware, software, chassis, Select Resource Manager information and interface information for multiple Essentials > Inventory > Detailed about devices. devices. Device Report. View a device View which managed devices are compliant Select Resource Manager Y2K compliance to the year 2000. Compliance is determined Essentials > Inventory > Year 2000 report. by device type and software version. Report.
User Guide for Resource Manager Essentials 2-44 78-13951-01 Chapter 2 Resource Manager Essentials Applications Inventory
Table 2-12 Inventory Manager Tasks (continued)
Task Purpose Action View device View a bar chart of the distribution of all Select Resource Manager information managed devices among the recognized Essentials > Inventory > Hardware within device device classes. Summary Graph. classes. View the View a bar chart of the distribution of the Select Resource Manager software major and minor software versions running Essentials > Inventory > Software versions in each on your selected devices in each device Version Graph. device class. class. View device View a bar chart showing the distribution of Select Resource Manager information in your selected devices in each device class. Essentials > Inventory > Chassis each device Summary Graph. class. View a summary View the total number of selected devices Select Resource Manager of chassis slots. and the number of devices with free slots for Essentials > Inventory > Chassis Slot each device class that supports capacity Summary. planning. View the chassis View the total slots, available slots, location, Select Resource Manager slot details. and userfield information for each device. Essentials > Inventory > Chassis Slot Details. View details on Check the switch multiservice ports, which Select Resource Manager multiservice support voice traffic, to make sure the power Essentials > Inventory > ports. supply is adequate for the number of MultiService Port Details. multiservice modules installed in each switch. Verify Ensure that the database used to store the Select Resource Manager community community strings and passwords remains Essentials > Administration > strings, synchronized with the actual devices. Inventory > Check Device Attributes. usernames, and Detect errors made when devices were added passwords. or imported.
User Guide for Resource Manager Essentials 78-13951-01 2-45 Chapter 2 Resource Manager Essentials Applications Job Approval
Table 2-12 Inventory Manager Tasks (continued)
Task Purpose Action View attribute View the results of updated device attributes. Select Resource Manager check results. Essentials > Administration > Inventory > View Check Results. View historical View all historical data associated with Select Resource Manager data. scheduled inventory collection. Essentials > Inventory > Scan History. It shows the last run, duration, devices scanned, and average scan time.
Job Approval
Software Management and Configuration Management tasks allow you to set up approval checkpoints before you run a job that will change a configuration or update the software image on a device. This can help increase the security on your network, by forcing these types of high-impact jobs to be approved before they are scheduled or executed. Moreover, other CiscoWorks2000 applications can also take advantage of this feature (for example, ACL Manager). Job Approval is used by other applications to ensure that a job be approved before it can run. Job Approval sends job requests via e-mail to the users on a job’s approver list. If none of the approvers approves the job by its scheduled run time, or if an approver rejects the job, the job is moved to the rejected state and will not run. When Job Approval is enabled, applications that use it require that the user do the following for each job that is scheduled: • Assign one or more approver lists to the job • Schedule the job to run in the future, rather than immediately
User Guide for Resource Manager Essentials 2-46 78-13951-01 Chapter 2 Resource Manager Essentials Applications Job Approval
Job Approval Process
The job approval process requires that you first create an approver list; a list of CiscoWorks2000 user accounts that must approve the job before it can be run. Users must have the role of approver to be included in an approver list. After you have created at least one approver list, you can enable the job approval feature for Software Management, Configuration Management, or both.
Figure 2-14 Job Approval Workflow
Create Enable job Schedule approver approval jobs list Software updates Configuration file changes Reports/Graphs
Approvers accept or reject Wait for Run jobs jobs via job approval task approval
Users with approval role
Delete jobs 77105
The user must have the user role of system administrator or network administrator to perform this task. You must create at least one approver list before you can enable job approval. Only users who have been assigned the approver role, will display in the list of valid user accounts for approval.
User Guide for Resource Manager Essentials 78-13951-01 2-47 Chapter 2 Resource Manager Essentials Applications Job Approval
For Software Management, you can also be specific as to the types of jobs that require approval (new image distribution, undo image distribution, retry image distribution. During scheduling of a job that requires job approval, the user will be queried to select an approver list. When scheduling is complete (the job must be scheduled for the future and not for immediate execution), an e-mail will be sent to all users on the approver list and the job will be placed in the job execution queue with a wait for approval status. The job will not run until at least one user on the approval list has accepted it. If anyone rejects the job, or if no one accepts the job by its scheduled time, the job will not run. The URL to this task is included in the e-mail. The approver can only accept or reject the job and cannot change any of the operational parameters of the job. All approvers on the list and the creator of the job will receive e-mail notification when the job is either accepted or rejected. Table 2-13 shows the tasks that can be accomplished with the Job Approval application.
Ta b l e 2-13 Job Approval Tasks
Task Purpose Action Approve or Approve or reject a job for which you are Select Resource Manager Essentials > reject jobs. an approver. Administration > Job Approval > Approve or Reject Jobs. Set up Job Enable or disable the application. Select Resource Manager Essentials > Approval. Administration > Job Approval > Edit Preferences. Create an Create a new approver list. Select Resource Manager Essentials > approver list. Administration > Job Approval > Create Approver List. Edit an Edit an existing approver list. Select Resource Manager Essentials > approver list. Administration > Job Approval > Edit Approver List. Enable jobs Enable all imported RME jobs. Select Resource Manager Essentials > Administration > Job Approval > Enable Jobs.
For information on how to perform the Job Approval tasks, see the online help.
User Guide for Resource Manager Essentials 2-48 78-13951-01 Chapter 2 Resource Manager Essentials Applications Software Management
Software Management
The Software Management application automates the steps associated with upgrade planning, scheduling, downloading software images, and monitoring your network.
Benefits of Software Management
The Software Management application provides tools making it easier to store backup copies of all Cisco software images running on network devices, as well as any additional software images that you may wish to maintain, and to plan and execute software image upgrades to multiple devices on the network at the same time. It can analyze devices against software image requirements to determine device compatibility and make recommendations prior to performing a software upgrade. If any errors occur during a software image upgrade, Software Management will allow you to roll back to the previous version. Optionally, for added security and change-management control, software images will not be downloaded unless approved by specifically assigned users. Software Management reports also allow you to track all software upgrades and monitor known bugs in the software versions running on your network.
Software Management Functional Flow
Software images must be imported into Essentials to be maintained in the Software Image Library. Images can initially be imported to the Essentials Software Library from all managed Cisco devices on the network to create a baseline backup copy of all software images running on your network. Images can also be imported from Cisco.com or the local machine to be used for software image upgrades.
User Guide for Resource Manager Essentials 78-13951-01 2-49 Chapter 2 Resource Manager Essentials Applications Software Management
Figure 2-15 Software Management Functional Flow
Network devices Cisco.com
File
Software images Browse/Search library
Track Bugs/ Sync library Change Audit Device upgrades
Reports 77258
After images are imported into the Software Image Library, the Software Management application can be configured to automatically poll devices on the network and produce a report of images running on devices that are not stored in the Essentials database. This ensures that for disaster recovery purposes, there is a backup of all software images running on the network in the software library at all times. Any image that is stored in the Software Image Library can be used to perform a software upgrade. Each step of the process is recorded in the distribution, so if there is a failure, the network administrator will know the reasons for the failure. Software Manager maintains a log of all software upgrades, to make it easy to identify and track when software modifications are made to devices. In addition, whenever a change is made to the software image on a device, a change record is sent to the Change Audit application, which collects and organizes all changes to network devices. Software Management can also be configured to periodically check Cisco.com for known software bugs, and produce a report to show all bugs that affect devices on your network.
User Guide for Resource Manager Essentials 2-50 78-13951-01 Chapter 2 Resource Manager Essentials Applications Software Management
Figure 2-16 Software management Workflow
Verify device Community strings requirements Telent/Enable mode access rcp (if desired)
Identify Plan Execute Verify Setup upgrades upgrade upgrade upgrade needed Establish preferences View bug reports Import images Distribute images Browse job status Import network View software Update upgrade View software baseline reports info history Schedule Sync & CCO/library bug jobs upgrade analysis Create approver lists
Ongoing maintenance and troubleshooting
Check syncronization report Delete old software images and job records 77111
The image depicts the Software Management workflow and associated tasks within Essentials: • Device requirements must be verified to ensure that Essentials will be able to access the devices to retrieve and upgrade software images. • Perform setup tasks to begin using Software Management. Setup tasks include setting preferences that will be used for all Software Management import and upgrade jobs, creating any approver lists that will be used to approve software jobs, and scheduling jobs to periodically synchronize the software library with network devices and check Cisco.com for known software bugs. • When Software Manager is set up, software and bug reports can be used to help identify when software upgrades might be needed. • If a software upgrade is required, Software Management features can be used to analyze whether or not devices can accommodate the new image, and to actually distribute the new images to devices on the network. • In addition, ongoing maintenance should be performed to ensure that a copy of every image running on the network is stored in the Essentials Software Library, and to remove images no longer needed from the Software Library.
User Guide for Resource Manager Essentials 78-13951-01 2-51 Chapter 2 Resource Manager Essentials Applications Software Management
Table 2-14 shows the tasks you can accomplish with the Software Management application.
Ta b l e 2-14 Software Management Tasks
Task Purpose Action Set up your Specify information such as history page Select Resource Manager Essentials > Software size, the directory where images are Administration > Software Management stored, the pathname of the Management > Edit Preferences. preferences. user-supplied script to run before and after each device software upgrade. Add images to Import images from all Software Select Resource Manager Essentials > the library. Management supported devices in your Software Management > Library > Add network into the Software Image Images. Library. Download images from Cisco.com into the Software Image Library. Add images from a device to the Software Image Library. Add images from a filesystem to the Software Image Library. Browse the Generate a report of all the images in the Select Resource Manager Essentials > library. Software Image Library. Software Management > Library > Browse Images. You can also delete images from the image library and edit image attributes. Search the Generate a report of a subset of images Select Resource Manager Essentials > library. in the Software Image Library, based on Software Management > Library > details such as, device type, image type, Search for Images. and version. You can also delete images from the image library and edit image attributes. View a Generate a synchronization report to Select Resource Manager Essentials > synchronization determine which Software Software Management > Library > report. Management-supported devices are Synchronization Report. running software images not in the Software Image Library.
User Guide for Resource Manager Essentials 2-52 78-13951-01 Chapter 2 Resource Manager Essentials Applications Software Management
Table 2-14 Software Management Tasks (continued)
Task Purpose Action Schedule a Specify the date, time, and frequency of Select Resource Manager Essentials > synchronization a synchronization job. Administration > Software job. Management > Schedule Cancel a scheduled synchronization job. Synchronization Job. Create approver Specify who can approve the various Select Resource Manager Essentials > lists. tasks necessary during a software Administration > Job Approval > Create upgrade. Approver List. Edit or delete Edit and delete the list specifying who Select Resource Manager Essentials > approver lists. can approve tasks during a software Administration >Job Approval > Edit upgrade. Approver List. Schedule image Schedule device upgrades with the Select Resource Manager Essentials > upgrade jobs. selected images. Software Management > Distribution > Distribute Images. After you schedule and complete the Select Resource Manager Essentials > image upgrade job, you can undo the Software Management > Job upgrade and roll back to the previous Management > Browse Jobs. image. Plan an upgrade Determine the impact to and Select Resource Manager Essentials > from Cisco.com. prerequisites for a new software Software Management > Distribution > deployment using images that reside in CCO Upgrade Analysis. Cisco.com. Plan an upgrade Determine the impact to and Select Resource Manager Essentials > from the library. prerequisites for a new software Software Management > Distribution > deployment using images in your Library Upgrade Analysis. software library. Review Review, modify, or remove schedule Select Resource Manager Essentials > scheduled jobs or jobs. Software Management > Job undo an upgrade. Management > Browse Jobs. You can also retry failed jobs and undo completed image upgrade jobs. View View a report of device upgrade results Select Resource Manager Essentials > consolidated job for selected jobs. Software Management > Job information. Management > Consolidated Job Report.
User Guide for Resource Manager Essentials 78-13951-01 2-53 Chapter 2 Resource Manager Essentials Applications Software Management
Table 2-14 Software Management Tasks (continued)
Task Purpose Action View recent Generate a report summarizing the most Select Resource Manager Essentials > software upgrade recent device software upgrade results 24-Hour Reports > Software Upgrade results. stored in the history database. Report. Mail or copy log Mail or copy log files if requested to do Select Resource Manager Essentials > files. so by Cisco Support after you report Software Management > Job abnormal Software Management Management > Mail or Copy Log File. behavior. Delete unnecessary log files after mailing or copying them. Browse history. Generate a summary of device software Select Resource Manager Essentials > upgrades stored in the history database. Software Management > History > Browse History. Search history by Generate a summary of software Select Resource Manager Essentials > device. upgrades for selected devices. Software Management >History > Search History by Device. Search history by Generate a summary of software Select Resource Manager Essentials > user. upgrades performed by a particular user. Software Management > History > Search History by User. Browse bugs. Compare images running on Software Select Resource Manager Essentials > Management supported devices in your Software Management > Bug Reports > network with the images on Cisco.com Browse Bugs. and report catastrophic and severe bugs specific to your network. Identify devices running deferred software images. Schedule a Specify the date, time, and frequency of Select Resource Manager Essentials > Browse Bugs a Browse Bugs job. Administration > Software job. Management > Schedule Browse Cancel a scheduled Browse Bugs job. Bugs Job. Browse bugs by Generate a summary of software image Select Resource Manager Essentials > device. bugs for a group of devices. Software Management > Bug Report > Browse Bugs by Device.
User Guide for Resource Manager Essentials 2-54 78-13951-01 Chapter 2 Resource Manager Essentials Applications Syslog Analysis
Table 2-14 Software Management Tasks (continued)
Task Purpose Action Locate devices Search for known bugs that could affect Select Resource Manager Essentials > by bugs. the devices on your network. Software Management > Bug Report > Locate Devices by Bugs. Update upgrade Update the source for upgrade Select Resource Manager Essentials > information. knowledge base files. The source can be Administration > Software either Cisco.com or a local file. Management > Update Upgrade Info.
Syslog Analysis
The Syslog Analysis application lets you centrally log and track system error messages from Cisco devices. Use logged error message data to analyze router and network performance. Before you can use Syslog Analysis, you must configure your routers and switches to forward messages either to the Essentials server directly or to a system on which you have installed a Syslog Analyzer collector (SAC). The collector filters and forwards the messages to the Essentials server. For more information on configuring network devices for Syslog Analysis, and for installing a remote SAC, see the online help.
Syslog Analysis Functional Flow
To use the Syslog Analysis features, devices must be configured to forward syslog messages to the Essentials server. When devices are configured correctly, all syslog messages will be forwarded to the Essentials server or a remote SAC. These messages are stored in the syslog facility on the server and are periodically read by the Syslog Analyzer process (approximately every 30 seconds). The Syslog Analyzer reads and processes the messages in the Syslog file, applies any filters that have been defined, and writes remaining messages to the Essentials Syslog message database. All syslog messages that can be read, and that are not filtered out, will be written to the Essentials Syslog database. The database is then used to produce Syslog reports and initiate user-defined scripts.
User Guide for Resource Manager Essentials 78-13951-01 2-55 Chapter 2 Resource Manager Essentials Applications Syslog Analysis
To reduce the load on the network and the CiscoWorks2000 Server, SACs can be configured on remote workstations to collect and periodically forward syslog messages to the Essentials server. Any filters that have been defined on the Essentials server will be synchronized on SACs during scheduled updates.
Figure 2-17 Syslog Analysis Functional Flow
Syslog Syslog messages messages
Local server Local server Syslog Syslog Message file Message file Update filters Run script Message Message - email filters filters - Print - Pages
Action filters
Remote Syslog Web site analyzer collector Reports
Local Syslog analyzer collector 77112
User Guide for Resource Manager Essentials 2-56 78-13951-01 Chapter 2 Resource Manager Essentials Applications Syslog Analysis
Syslog Analysis on Windows
Since system message logging is not part of the Windows operating system, CiscoWorks2000 adds a logging service when it is installed on Windows 2000 systems. All system messages are stored in the Syslog.log file under the ciscoworks/log directory on the server. The Syslog Analyzer then reads this file to populate the syslog database.
Syslog Analysis Workflow
Figure 2-18 Syslog Analysis Workflow
Verify device View requirements reports Setup
Syslog message Change storate options Severity level summary logging Change user URL Standard reports Define message filters Custom reports Create automated actions 24-hour reports Create custom reports Unexpected device report
Ongoing maintenance
Create custom reports Define message filters Create automated actions
Clear Syslog.log file 77110
The above chart depicts the Syslog Analysis workflow and associated tasks within Essentials. Syslog Analysis will automatically store any supported syslog messages that are forwarded from devices. You must ensure that devices are configured to forward messages to the Essentials server or a remote SAC. After the devices are configured properly, you can view Syslog reports at any time. You are required to perform Syslog Analysis setup tasks only if you want to filter out specific syslog messages, change how long syslog messages are stored, display syslog messages in a custom URL, group syslog in a custom report, or execute a user-defined script when specified syslog messages are detected.
User Guide for Resource Manager Essentials 78-13951-01 2-57 Chapter 2 Resource Manager Essentials Applications Syslog Analysis
Syslog Vs Change Audit
Many actions that trigger change audit records will also trigger generation of syslog messages. Change Audit complements syslog message logging by providing additional details about some changes, tracking changes for devices that do not generate syslog messages, and providing multiple ways to organize and view changes to network devices.
Figure 2-19 Syslog Analysis Vs Change Audit Workflow
Change Change audit database Inventory records manager
Details of Software change manager
Compliment each other Configuration manager
Syslog messages
Syslog database Network devices 77097
Cisco devices can be configured to log syslog messages and forward them to the Essentials server. These messages originate from the device in response to some activity, such as a configuration change or new software image being loaded. The Syslog Analysis feature within Essentials stores all supported forwarded syslog messages, and provides ways to sort and view them in various reports.
User Guide for Resource Manager Essentials 2-58 78-13951-01 Chapter 2 Resource Manager Essentials Applications Syslog Analysis
Change records are produced by Essentials applications that detect changes to previously collected information, including Inventory, Software, and Configuration Management. These applications send messages to the Change Audit Services when they make a change to the network, such as uploading a new Cisco IOS image, or when they detect that a change has occurred. These changes may also trigger syslog messages. The messages are logged in the Essentials syslog facility and are also passed on to Change Audit for processing. For example, a device sends a syslog message about a device- configuration change. This is passed on to Configuration Management, which determines the exact nature of the change, retrieves the new configuration file, and then writes a change record into the Change Audit log. Table 2-15 shows the tasks you can accomplish with the Syslog Analysis application.
Ta b l e 2-15 Syslog Analysis Tasks
Task Purpose Action Set up data Configure how long to store data, the Select Resource Manager Essentials > storage maximum number of messages to store, Administration > Syslog Analysis > options. and the message source. Change Storage Options. Be sure to restart your machine for the Message Source changes to take effect. Define custom Select the message types you want Select Resource Manager Essentials > reports. reported or change existing reports. Administration > Syslog Analysis > Define Custom Reports. Modify the standard reports provided with Essentials or delete reports you no longer use. You can also enable 24-hour reporting. Define Add and modify command-line Select Resource Manager Essentials > automated instructions to be executed automatically Administration > Syslog Analysis > actions. whenever Syslog Analyzer receives a Define Automated Action. specific message type. Modify existing actions and delete actions you no longer use. You can also enable or disable actions.
User Guide for Resource Manager Essentials 78-13951-01 2-59 Chapter 2 Resource Manager Essentials Applications Syslog Analysis
Table 2-15 Syslog Analysis Tasks (continued)
Task Purpose Action Define Exclude messages you do not want Select Resource Manager Essentials > message filters. reported. Administration > Syslog Analysis > Define Message Filter. You can also enable or disable filtering. View status. View the status of your Syslog Collector. Select Resource Manager Essentials > Administration > Syslog Analysis > You can view the status of the local and Syslog Collector Status. all the remote collectors that have been configured to use the Essentials server as the forwarding server. Change your Link your message reports to a Select Resource Manager Essentials > URL. customized web page. You can do this Administration > Syslog Analysis > only if you know basic CGI Change User URL. programming. Generate a Generate summaries of messages about Select Resource Manager Essentials > severity level selected devices sorted by severity level. Syslog Analysis > Severity Level summary. Summary. Generate a Generate a system message report for a Select Resource Manager Essentials > standard device or a set of devices. You can Syslog Analysis > Standard Reports. report. generate the report for the current date, or for any date in the previous week, or for all dates. You can include all the messages, or choose the severity level or alert type for which the report should be generated. Generate a Generate a full custom syslog report. You Select Resource Manager Essentials > custom report. can select a report from the custom syslog Syslog Analysis > Custom Reports. reports that are defined in Administration. Generate a summary custom syslog Select Resource Manager Essentials > report. You can see a summary of the Syslog Analysis > Custom Report various reports. Summary. Generate a Generate a syslog information report on Select Resource Manager Essentials > report for all unmanaged devices in your network. Syslog Analysis > Unexpected Device unmanaged Report. devices.
User Guide for Resource Manager Essentials 2-60 78-13951-01 Chapter 2 Resource Manager Essentials Applications Syslog Analysis
Table 2-15 Syslog Analysis Tasks (continued)
Task Purpose Action Capture syslog Capture syslog messages generating from Select Resource Manager Essentials > messages. MCS servers running WF application. Syslog Analysis > WorkFlow Report. Generate a Generate a report for the past 24 hours. Select Resource Manager Essentials > 24-hour syslog The report can be a custom report created 24-Hour Reports > Syslog Messages. report. by a system administrator or a default report.
User Guide for Resource Manager Essentials 78-13951-01 2-61 Chapter 2 Resource Manager Essentials Applications Syslog Analysis
User Guide for Resource Manager Essentials 2-62 78-13951-01
CHAPTER 3
VPN Security Management Solution
This chapter introduces VPN Security Management Solution and provides tables with the tasks that can be accomplished with it. VPN Security Management Solution is part of the CiscoWorks2000 family of products. It lets you generate these reports: • Configuration Management Reports • Inventory Reports • VPN Syslog Analysis Reports
User Guide for Resource Manager Essentials 78-13951-01 3-1 Chapter 3 VPN Security Management Solution Configuration Management Reports
Configuration Management Reports
These reports provide information on VPN related attributes including, IKE policies, Certificate Authorities, Crypto Maps, Crypto Access lists, Transform Sets, and Global SA lifetimes for VPN devices. The reports are based on the latest configuration file from the archive. You can also search VPN devices in the configuration archive. Table 3-1 shows the tasks you can accomplish with Configuration Management.
Ta b l e 3-1 Configuration Management Tasks
Task Purpose Action View VPN Generate a report on VPN related Select VPN Security Management configuration attributes for the selected VPN devices. Solution > Reports > Configuration report. Management> VPN Configuration Reports. Search VPN Search VPN devices in the configuration Select VPN Security Management devices. archive by specifying text patterns. Solution > Reports > Configuration Management> Search VPN Device by Pattern.
Inventory Reports
These reports provide a list of the VPN managed devices that support hardware encryption. They also provide information on the devices that need an image upgrade. Table 3-2 shows the tasks you can accomplish with Inventory.
User Guide for Resource Manager Essentials 3-2 78-13951-01 Chapter 3 VPN Security Management Solution VPN Syslog Analysis Reports
Ta b l e 3-2 Inventory Tasks
Task Purpose Action View hardware Generate a report on the list of managed Select VPN Security Management encryption VPN devices that support hardware Solution > Reports > Inventory > reports. encryption cards. This report lists the Hardware Encryption Report. device name, type and supported encryption card type. View image Generate a report listing the devices that Select VPN Security Management upgrade report. need an IOS image upgrade in order to be Solution > Reports > Inventory > Image IP Sec enabled. Upgrade Report.
VPN Syslog Analysis Reports
VPN Syslog Analysis lets you centrally log and track the device syslog messages. You can use the logged error message data to analyze router and network performance. You can use the VPN Syslog Analysis to produce the necessary information and message reports for VPN Messages. The VPN Syslog Analysis reports are classified as: • Point/Canned reports. These are VPN Syslog reports based on specific mnemonic groups, and are configured with a set of mnemonics. • Advanced report. This is a generic report that displays all VPN-specific Syslog messages coming from selected VPN devices. This report is generated only for devices which have VPN capabilities. Table 3-3 shows the tasks you can accomplish with Syslog Analysis.
Ta b l e 3-3 VPN Syslog Analysis Tasks
Task Purpose Action View hardware Generate a canned report on the VPN Select VPN Security Management encryption reports. devices in the network. Solution > Reports > Syslog Analysis > Hardware Encryption Report. View Generate a de-encapsulation report, Select VPN Security Management de-encapsulation which is a canned report, for the VPN Solution > Reports > Syslog Analysis > report. devices in your network. De-encapsulation.
User Guide for Resource Manager Essentials 78-13951-01 3-3 Chapter 3 VPN Security Management Solution VPN Syslog Analysis Reports
Table 3-3 VPN Syslog Analysis Tasks (continued)
Task Purpose Action View compression Generate a compression - Select VPN Security Management - decompression decompression report, which is a Solution > Reports > Syslog Analysis > report. canned report, for the VPN devices in Compression - Decompression. your network. View packet replay Generate a packet replay report, Select VPN Security Management report. which is a canned report, for the VPN Solution > Reports > Syslog Analysis > devices in your network. Packet Replay. View certificate Generate a certificate report, which is Select VPN Security Management report. a canned report, for the VPN devices Solution > Reports > Syslog Analysis > in your network. Certificate. View IKE report. Generate an IKE report, which is a Select VPN Security Management canned report, for the VPN devices in Solution > Reports > Syslog Analysis > your network. IKE. View advanced Generate an advanced report Select VPN Security Management report. displaying VPN-specific Syslog Solution > Reports > Syslog Analysis > messages coming from selected VPN Advanced. devices.
User Guide for Resource Manager Essentials 3-4 78-13951-01
CHAPTER 4
Network Address Translation Support
This chapter introduces Network Address Transalation (NAT) support in Resource Manager Essentials and provides details of the tasks you need to perform to enable support.
User Guide for Resource Manager Essentials 78-13951-01 4-1 Chapter 4 Network Address Translation Support Introducing NAT Support
Introducing NAT Support
Essentials can manage devices outside the NAT boundary using their IP addresses. As the NAT would translate between the public and private address for the Essentials servers, these devices will remain SNMP reachable. In Essentials, config fetch and image transfer commands can be performed using TFTP. Essentials uses SNMP to perform these operations. When Essentials issues an SNMP set command to a device, the device will initiate a TFTP transfer with the parameters provided through SNMP. In the SNMP command set if Essentials sets its private address, the TFTP transfer would fail as a device outside the NAT cannot reach private address of the RME servers. The Figure 4-1 depicts a typical NAT scenario. In the figure, the Essentials server is within the NAT boundary. Essentials can manage the devices within the NAT boundary using their private addresses. When Essentials tries to manage devices outside the NAT boundary you need to enable support for NAT as described in the following section.
Figure 4-1 NAT Support
NAT Boundary 77346
User Guide for Resource Manager Essentials 4-2 78-13951-01 Chapter 4 Network Address Translation Support Managing devices outside the NAT
Managing devices outside the NAT
To manage devices outside the NAT boundary:
Step 1 Open a command prompt window. Step 2 Navigate to $NMSROOT/www/classpath/com/cisco/nm/config/archive/ Step 3 Open the config.properties file in a text editor Step 4 Modify the config.properties file: USE_NAT= Yes USER_FIELD=X where X is 1 or 2 or 3 or 4. The value X corresponds to the User Fields under Resource Manager Essentials > Administration > Inventory > Add Devices
Note While adding the device outside the NAT boundary, in addition to the Device Name field, provide the public address of the Essentials server in User Field X.
While adding the device within the NAT boundary, just provide the Device Name as before. You need not enter any value in the User Field.
User Guide for Resource Manager Essentials 78-13951-01 4-3 Chapter 4 Network Address Translation Support Managing devices outside the NAT
User Guide for Resource Manager Essentials 4-4 78-13951-01
P ART 2
Managing Your Network—Scenarios
CHAPTER 5
Monitoring Your Devices
As the network administrator, when you come in to work, you want to see how your network devices are operating and be aware of any changes that might have occurred during your absence. While checking the standard reports in Syslog, you notice a number of CPU hog messages for a particular device and launch CiscoView to monitor the chassis-level information.
User Guide for Resource Manager Essentials 78-13951-01 5-1 Chapter 5 Monitoring Your Devices What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use these applications: • Availability • Syslog Analysis Before you can monitor devices, make sure that these tasks have been completed: • Availability views you want to poll are configured (select Resource Manager Essentials > Administration > Availability > Change Polling Options). • Custom reports, in addition to the standard reports, for specific syslog data that you want to monitor are configured (select Resource Manager Essentials > Administration > Syslog Analysis > Define Custom Report). For a complete description of the required tasks, refer to the online help.
How To Do It—Procedures
To monitor devices in your network: 1. Determine Current Network Availability 2. View the Latest Syslog Messages 3. View a Custom Report The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
Determine Current Network Availability
Step 1 Select Resource Manager Essentials > Availability > Availability Monitor The Select Devices dialog box displays the view being monitored for availability. Step 2 Select the applicable view from the Views column. Step 3 Select the devices you want to monitor from the Device column, then click Add. The selected devices are added to the Selected Devices column.
User Guide for Resource Manager Essentials 5-2 78-13951-01 Chapter 5 Monitoring Your Devices How To Do It—Procedures
Step 4 Click Finish. The Availability Monitor report appears. The down arrows on the Availability Monitor report represent unreachable devices; the up arrows represent reachable devices. Step 5 The Availability Monitor report contains several links for each device. Click on any of these links for details: • Device Reachability (%)—to view the corresponding Device Reachability Trend graph. • Response Time (ms)—to view the Response Time report. • Interface Status—to view the Device Finder, which displays information about the selected device. Step 6 Click Close.
View the Latest Syslog Messages
Step 1 Select Resource Manager Essentials > 24-Hour Reports > Syslog Messages. The Syslog 24-Hour report appears with the standard reports listed. Step 2 When you check the CPU Hog report, you see a device that has used too many CPU cycles. Click on the device name. The Device Center appears. Step 3 Click CiscoView from the Device Info column to launch the CiscoView application, and use it to monitor the chassis-level information for the device. For details on using CiscoView, refer to the CiscoView online help.
User Guide for Resource Manager Essentials 78-13951-01 5-3 Chapter 5 Monitoring Your Devices Where You Should End Up—Verification
View a Custom Report
Step 1 Select Resource Manager Essentials > Syslog Analysis > Custom Reports. The Custom Reports dialog box appears. Step 2 Select the applicable view from the Views column. Step 3 Select the devices from that view you want to include in the report from the Device column, then click Add. The selected devices are added to the Selected Devices column. Step 4 Click Next. The Select Report Name and Dates dialog box appears. Step 5 Select the report name and date, then click Finish. The report appears. You can print the report or save it as a CSV or as a plain text file.
Where You Should End Up—Verification
After you determine the overall availability of your network devices, review the most recent syslog messages, and review any custom reports you have created, you should have a complete picture of the state of your network.
User Guide for Resource Manager Essentials 5-4 78-13951-01 Chapter 5 Monitoring Your Devices Where You Should End Up—Verification
Throughout the work day, you can continue to monitor network device availability:
Step 1 Select Resource Manager Essentials > Availability > Reachability Dashboard. The Reachability Dashboard displays a report for each availability view. The Reachability Dashboard refreshes automatically every minute. Therefore, you can keep it on your desktop to receive constant updates. The down arrows represent unreachable devices and the up arrows represent reachable devices. Step 2 Click the Device Name links to access the Device Center for details. Step 3 Click Close when you want to close the report.
User Guide for Resource Manager Essentials 78-13951-01 5-5 Chapter 5 Monitoring Your Devices Where You Should End Up—Verification
User Guide for Resource Manager Essentials 5-6 78-13951-01
CHAPTER 6
Upgrading Your Device Software
As the network administrator, you need to upgrade all routers and switches on your network from Cisco IOS Release 11.3 to the new IOS Release 12.0 or later using images that reside in cisco.com. Before you can upgrade, you might need to generate a purchase order.
User Guide for Resource Manager Essentials 78-13951-01 6-1 Chapter 6 Upgrading Your Device Software What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use these applications: • Software Management • Change Audit Before you can upgrade devices, make sure that these tasks have been completed: • A baseline of your software library is created (select Resource Manager Essentials > Software Management > Library > Add Images and use Network as the source). • The images in your software library are synchronized with the images running in your network (select Resource Manager Essentials > Administration > Software Management > Schedule Synchronization Job). • You have received CCO login privileges. If you do not have a user account and password on CCO, contact your channel partner or enter a request on the standard CCO web site (www.cisco.com). • A Browse Bugs Job was scheduled (select Resource Manager Essentials > Administration > Software Management > Schedule Browse Bugs Job). This job helps you identify bugs that may be present in the software images running on the devices in your network. For a complete description of the required tasks, refer to the online help.
How To Do It—Procedures
To upgrade devices: 1. Perform the CCO Upgrade Analysis 2. Retrieve Software Images from CCO 3. Schedule the Software Image Upgrade 4. Track the Upgrade The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
User Guide for Resource Manager Essentials 6-2 78-13951-01 Chapter 6 Upgrading Your Device Software How To Do It—Procedures
Perform the CCO Upgrade Analysis
Performing an upgrade analysis ensures that the device meets the prerequisites for a software image upgrade. The upgrade analysis report displays RAM, Flash memory, or boot ROM upgrades needed to upgrade to a software image. It also displays Telnet information you need to configure in the Inventory application. For Catalyst switches, the report also displays upgrade path restrictions.
Step 1 Select Resource Manager Essentials > Software Management > Distribution> CCO Upgrade Analysis. The Select Filtering Criteria dialog box appears. Step 2 Select any or all of the following, then click Next: • Images newer than running image—only images that were released later than the images on your devices. • Same image feature subset as running image—all subsets for your devices. Select this if you do not want to limit your list to the current subsets. • General deployment—images with GD status. • Latest maintenance release—the most recent maintenance release. The Select Devices dialog box appears. Step 3 Select the views and devices to display, then click Next. If your CCO username and password have not been added to the database, the Login for CCO dialog box appears. Enter your CCO username and CCO password to update the user profile, then click Next. The Image Selection dialog box displays the images running on the selected devices, the images available on CCO, and match the filtering criteria set in Step 2. Step 4 Select images, then click Finish. The Upgrade Analysis Report displays upgrade recommendations. Step 5 You can switch between List Format and Table Format by clicking the appropriate button at the top of the report. Step 6 Click Close.
User Guide for Resource Manager Essentials 78-13951-01 6-3 Chapter 6 Upgrading Your Device Software How To Do It—Procedures
Retrieve Software Images from CCO
Step 1 Select Resource Manager Essentials > Software Management > Library > Add Images. The Select Image Source dialog box appears. Step 2 Select CCO, then click Next. The Select Devices dialog box appears. Step 3 Enter the names of the devices to add to your library, then click Next. Alternatively, select a view from the Views column that contains devices you want to upgrade, select the devices from the Devices column, then click Next. Step 4 Select one or more devices from the Devices column to identify a subset of device software images. This helps you to narrow your options in subsequent dialog boxes. If your Cisco.com username and password have not been added to the database, the Login for Cisco.com dialog box appears. Enter your Cisco.com username and Cisco.com password to update the user profile, then click Next. Step 5 Select the device/platform, software version, image subset and image to add to the library, then click Next. The Select Images to Add to Library dialog box verifies whether the device has enough memory for the selected image. If the device does not have enough memory, the word “Fail” appears in the Pass/Fail column. If the device does have enough memory to run the selected software image, the word “Pass” appears in the Pass/Fail column and you can perform the download.
Note You can perform a download regardless of the pass/fail status. An image that fails on one device might work on another, so you might want to add it to the image library.
Step 6 Make sure the Download check box is selected, then click Next. The Verify Images to Add to Library dialog box appears. Step 7 Verify that the information is correct, then click Schedule Download or Download Now.
User Guide for Resource Manager Essentials 6-4 78-13951-01 Chapter 6 Upgrading Your Device Software How To Do It—Procedures
If you click Download Now, Essentials downloads the image. The Add-to-Library Summary dialog box appears. Click Browse Library to see the image in the library. If you click Schedule Download, the Job Control Information dialog box appears. a. Enter the job description and optional e-mail address, schedule the job, then click Finish. The Image Import Summary dialog box appears. b. Click Browse Job Status to view the job status. c. If the job status is “Pending for Import”, click the Job ID, then in the lower pane, click the image link. The Verify Image Type dialog box appears. d. Click Next. A message notifies you that the job will take a while. e. Click OK. T The Confirm Images dialog box appears. f. Verify the details and click Next. The Edit System Image Attributes dialog box appears. g. Click Finish. The Add-to-Library Summary dialog box appears. h. Click Browse Library to see the image in the library.
Schedule the Software Image Upgrade
You have downloaded the required software images to your software library and are now prepared to set up your upgrade. As you are the system administrator, you have permissions to perform this function. As a general rule, schedule your upgrades so you do not compromise your device path. For example, if you have three devices on a path, and device A depends on device B, and device B depends on device C, you reboot from the bottom of the path so that device C is the first to reboot, device B is the second, and device A is the third.
User Guide for Resource Manager Essentials 78-13951-01 6-5 Chapter 6 Upgrading Your Device Software How To Do It—Procedures
Note The recommended maximum number of devices you should schedule per job is 12. More than 12 devices out of service at a time could affect your network performance adversely.
Step 1 Select Resource Manager Essentials > Software Management > Distribution> Distribute Images. The Select Device Type dialog box appears. Step 2 Select Cisco IOS, then click Next. The Select Cisco IOS Devices dialog box appears. Step 3 Select Device Family, Current Cisco IOS Versions, and Boot ROM Version from the View windows, click Query to add the items to the Devices list, then select the devices. Step 4 Click Next. If your CCO username and password have not been added to the database, the CCO login dialog box appears. Enter your CCO username and CCO password to update the user profile, then click Next. If you do not want to include images from CCO in the recommended images list, click Skip. The Recommended Image Upgrade dialog box appears. Step 5 To view the running status of the selected devices (Running image, Flash details, and so on), click Details. The Details report appears. Click Close. Step 6 Select the devices to upgrade. Step 7 For each device, select the desired image upgrade. Deselect check boxes for any devices you do not want to upgrade, then click Next. The system prompts for confirmation. Step 8 Click OK to continue. The Verify Image Upgrade dialog box appears.
User Guide for Resource Manager Essentials 6-6 78-13951-01 Chapter 6 Upgrading Your Device Software How To Do It—Procedures
Step 9 Check the verification status, make any necessary changes by going back to the Recommended Image Upgrade dialog box, then click Next. The Distribution Sequence dialog box appears if more than one device has been selected for upgrade. Step 10 Move the upgrades up or down the distribution sequence list as desired, then click Next. The Job Control Information dialog box appears. Step 11 Enter the job description and optional e-mail address, schedule the job, then click Next. The Work Order Report appears. Step 12 Click Finish. The Distribute Image Summary dialog box appears. Step 13 Click Browse Job Status to see the job status. The Job Status window appears. Step 14 Click the Job ID to see the job details. The Job Details report appears. This report has two parts: • The top part contains current job information, device information, and the Work Order report. • The bottom part contains either the schedule change dialog box or the job log file, depending on the state of the job. You can optionally change the schedule, then close the report.
Track the Upgrade
Step 1 Select Resource Manager Essentials > Change Audit > Search Change Audit. The Change Audit—Filter Options dialog box appears. Step 2 Select the views and devices, then click Next. A second Change Audit—Filter Options dialog box appears.
User Guide for Resource Manager Essentials 78-13951-01 6-7 Chapter 6 Upgrading Your Device Software Where You Should End Up—Verification
Step 3 Select All from the Application drop-down list box; then select Custom. Step 4 Enter the date and time the upgrade was to occur, then click Finish. The Change Audit—Searching report appears. Step 5 Select highlighted Details text in the View Details column to view the details of a particular device. Step 6 Select highlighted More Records text in the Grouped Records column to view records that stem from the same event. Step 7 Click Close.
Where You Should End Up—Verification
Verify your device software images have been upgraded by viewing the Software Upgrade report. Select Resource Manager Essentials > 24-Hour Reports > Software Upgrade Report.
User Guide for Resource Manager Essentials 6-8 78-13951-01
CHAPTER 7
Performing Maintenance on Your Essentials Server
As a network administrator you need to perform maintenance to keep your information updated and to get rid of unnecessary or outdated reports and data on the system.
User Guide for Resource Manager Essentials 78-13951-01 7-1 Chapter 7 Performing Maintenance on Your Essentials Server What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use these applications: • Change Audit • Software Management • Syslog Analysis • Inventory • Configuration Management Before you can perform maintenance tasks: • Create a historical report of network changes (select Resource Manager Essentials > Change Audit > All Changes) before you delete Change Audit records. • Run the unexpected devices report (select Resource Manager Essentials > Syslog Analysis > Unexpected Device Report) to verify which devices you need to add to inventory. For a complete description of the required tasks, refer to the online help.
How To Do It—Procedures
• Remove Records From the Change Audit Log • Remove Images From the Software Library • Remove Old Data From the Job Control Report • Add Unmanaged Devices to Inventory • Remove Configurations From the Archive The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
User Guide for Resource Manager Essentials 7-2 78-13951-01 Chapter 7 Performing Maintenance on Your Essentials Server How To Do It—Procedures
Remove Records From the Change Audit Log
Delete change records according to your auditing guidelines and disk space.
Step 1 If you have not already done so, select Resource Manager Essentials > Change Audit > All Changes and save the report. This is your historical backup. Step 2 Select Resource Manager Essentials > Administration > Change Audit > Delete Change History. The Change Audit—Filter Options dialog box appears. Step 3 Select the views you need. Devices for that particular view appears. Step 4 Select the devices, then click Next to apply additional filters. The Change Audit—Delete Change History dialog box appears. Step 5 Select the criteria for deleting your Change Audit data. Delete Change History dialog box contains these options:
Option Usage Application You can select the application name. Current application that log change records are Inventory Manager, Configuration Manager, and Software Management. An application name does not appear in the options list if there are no records for that application. The default is All Applications. Category You can select the category. Current categories are config, inventory, and swim. A category name does not appear in the options list if there are no records for that application category. The default is All Categories. User You can select the user from the drop-down list. A username does not appear in the options list if there are no records for that user. The default is All Users.
User Guide for Resource Manager Essentials 78-13951-01 7-3 Chapter 7 Performing Maintenance on Your Essentials Server How To Do It—Procedures
Option Usage Mode You can select the connection mode from the drop-down list. The connection mode options do not appear in the options list if there are no records for that option. The default is All Modes. Select Date Range Select the required date range.
Step 6 Click Next to schedule the deletion. The Change Audit—Schedule Jobs dialog box appears. Step 7 Select the Schedule Type from the drop-down list to specify a schedule for the deletion. The Schedule Type drop-down list contains these options:
Option Usage Immediate Runs the job immediately. Once Runs the job once using the selected time and date. Daily Runs the job daily as you have specified in the Run Job field. Weekly Runs the job weekly as you have specified in the Run Job field. Monthly Runs the job monthly as you have specified in the Run Job field.
Step 8 Click Finish to confirm deleting the selection. The Change Audit—Delete Change Records dialog box displays the results.
User Guide for Resource Manager Essentials 7-4 78-13951-01 Chapter 7 Performing Maintenance on Your Essentials Server How To Do It—Procedures
Note Change Audit records accumulate in the system unless they are explicitly deleted by an administrator. This will result in retention of large number of .dfr and .dfc files in the archive directory. It is recommended that you create a periodic job to purge Change Audit records. If you want to retain the change history, you can save them in CSV format and then purge them.
Remove Images From the Software Library
Step 1 Select Resource Manager Essentials > Software Management > Library > Browse Images. The Image Library Summary opens.
Caution If you delete software images from the Essentials server, you cannot restore them. You must download them from CCO or the server where your images are stored.
Step 2 Select the corresponding check boxes of the images that you need to delete, and then click Delete. A dialog box appears. • To cancel the image deletion, click Cancel. • To delete the images, click OK.
User Guide for Resource Manager Essentials 78-13951-01 7-5 Chapter 7 Performing Maintenance on Your Essentials Server How To Do It—Procedures
Remove Old Data From the Job Control Report
Step 1 To display the Job Control Report select Resource Manager Essentials > Software Management > Job Management > Browse Jobs. Step 2 Click the ID of the job you want to delete. Step 3 Click Remove.
Add Unmanaged Devices to Inventory
Step 1 If you have not already done so, run an unexpected device report (select Resource Manager Essentials > Syslog Analysis > Unexpected Device Report). Step 2 Review the report to determine which devices have been added to the network, but not to inventory. Step 3 Select Resource Manager Essentials > Administration > Inventory > Add Devices. The Add a Single Device dialog box appears. Step 4 Enter the access information in the Add a Single Device dialog box, then click Next. The Enter Login Authentication Information dialog box appears. Step 5 Enter and verify the information in the Enter Login Authentication dialog box. If the device is running Terminal Access Controller Access Control System (TACACS), enter the TACACS username and TACACS password. If you are using Software Management or Device Configuration or managing Cisco 2500 single Flash bank (SFB) devices, you must enter the read-write community string. (You should also enter the Telnet passwords.) Otherwise, upgrades will not succeed. Step 6 Click Next. The Enter Enable Authentication Information dialog box appears. If the device is running TACACS, enter the Enable TACACS username and Enable TACACS password.
User Guide for Resource Manager Essentials 7-6 78-13951-01 Chapter 7 Performing Maintenance on Your Essentials Server How To Do It—Procedures
Step 7 Enter and verify the information in the Enter Login Authentication Information dialog box. Step 8 Click Finish. The Single Device Add dialog box appears. Step 9 To add another device, click Add Another and repeat steps Step 4 through Step 7.
Remove Configurations From the Archive
Step 1 Select Resource Manager Essentials > Administration > Configuration Management > General Setup. The Configuration Manager Admin dialog box appears. Step 2 Select the Archive Setup tab. To specify when the program should purge configuration files from the archive, select one of the following: • Click Older than, then enter a number and select days, weeks, or months. • Click Maximum versions to keep, then enter the number of configurations to retain. • Click Don’t Purge Labelled Files to retain the labeled configuration files. It is not recommended that you purge according to the maximum number of versions, if you change many configurations each day. For example, if you have a known good configuration and then make 10 changes to it, you will have 11 versions stored in the archive. If you specify keeping only 10 versions in the archive, the known good configuration is purged because it is the oldest version. Step 3 Click Apply. A message that the changes to the archive were made, appears.
User Guide for Resource Manager Essentials 78-13951-01 7-7 Chapter 7 Performing Maintenance on Your Essentials Server Where You Should End Up—Verification
Where You Should End Up—Verification
After you perform maintenance tasks, verify that they were done: • Verify Change Audit Log Records Are Removed • Verify Software Images Are Removed from the Library • Verify Old Data Is Removed from the Job Control Report • Verify Unmanaged Devices Are Added to Inventory • Verify Configurations Are Removed from the Archive
Verify Change Audit Log Records Are Removed
Step 1 Select Resource Manager Essentials > Change Audit > Search Change Audit. The Change Audit - Filter Options dialog box appears. Step 2 Select All Views and All Devices, then click Next. A second Change Audit - Filter Options dialog box appears. Step 3 Select All from the Application field, Category field, User field, and Mode field, then select the dates for which you removed records, and then click Finish. The Change Audit - Search report appears. No records for your dates should appear.
Verify Software Images Are Removed from the Library
Step 1 Select Resource Manager Essentials > Software Management > Library > Browse Images. The Image Summary Report opens. Step 2 Scan the report to make sure that the software images you deleted are gone.
User Guide for Resource Manager Essentials 7-8 78-13951-01 Chapter 7 Performing Maintenance on Your Essentials Server Where You Should End Up—Verification
Verify Old Data Is Removed from the Job Control Report
Step 1 Display the Job Control Report by selecting Resource Manager Essentials > Software Management > Job Management > Browse Jobs. Step 2 Verify that the job you deleted is no longer on the report.
Verify Unmanaged Devices Are Added to Inventory
Step 1 Select Resource Manager Essentials > Administration > Inventory > List Devices. The List Devices dialog box appears. Step 2 Verify that the devices you added appear on the list.
Verify Configurations Are Removed from the Archive
Since the configurations are removed from the archive on a schedule, it is not necessary to verify if they are removed each time the job runs. To verify if configurations are removed from the archive on a schedule, view the directory: • On Windows 2000 systems, go to $NMSROOT\files\archive\config • On Unix systems, enter /var/adm/CSCOpx/files/archive/config
User Guide for Resource Manager Essentials 78-13951-01 7-9 Chapter 7 Performing Maintenance on Your Essentials Server Where You Should End Up—Verification
User Guide for Resource Manager Essentials 7-10 78-13951-01
CHAPTER 8
Making a Device Configuration Change Using a Template
For security reasons, your company’s policy is to change device Telnet passwords every three months. As the network administrator, you can accomplish this task with a system-defined template.
User Guide for Resource Manager Essentials 78-13951-01 8-1 Chapter 8 Making a Device Configuration Change Using a Template What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use only the Configuration Management application. To change Telnet passwords using this application, you must have permission to use the Telnet Password template. If you have Network Administrator permissions, you can use any template. If you do not, a network administrator must assign your permissions. For a complete description of the required tasks, refer to the online help.
How To Do It—Procedures
The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. The NetConfig application window opens. Step 2 Select Jobs > New Job. The New Job wizard appears with the Device Category dialog box open. Step 3 Select IOS from the Select Device Category drop-down list box, then click Next. The Select Devices dialog box appears.
Note Each NetConfig job can run on only one device category. You must create a separate job for each additional category of devices that you want to configure.
Step 4 Select all the Cisco IOS devices in the inventory using the device selector, then click Next. The Apply Template dialog box appears, unless you selected any devices whose configurations are not archived.
User Guide for Resource Manager Essentials 8-2 78-13951-01 Chapter 8 Making a Device Configuration Change Using a Template How To Do It—Procedures
If you selected any devices whose configurations are not archived in the configuration archive, a dialog box appears listing those devices. Click one of the buttons: • Open Archive Status. Opens the Archive Status dialog box in the CiscoWorks2000 window, where you can troubleshoot devices and add their configurations to the archive. • Cancel. Cancels device selection and returns you to Select Devices dialog box. • Continue. Removes devices whose configurations are not archived and continues the Job Definition wizard at the Apply Template dialog box. Step 5 Apply the Telnet Password configuration template by following these steps in the Apply Templates dialog box. a. Select Telnet Password from the Select Template drop-down list. b. Select enable from the Action drop-down list. c. Select vty from the Line drop-down list. Note that selecting vty will enable the password on all vty lines on each device. d. Enter the new Telnet password in the Password and Verify text boxes, then click Add. The template and its corresponding configuration commands appear in the CLI commands viewer at the bottom of the dialog box. Step 6 Click Next. The Job Properties dialog box appears. Step 7 Enter a description in the Description text box and select any other job properties to apply to the job, then click Next. • If Job Approval is enabled, the Set Approver dialog box appears. Select an approver list and enter any other optional information, then click Next. • If Job Approval is not enabled, the Work Order dialog box appears. Step 8 Review the work order. Step 9 If you need to edit the job, click Back to return to previous dialog boxes, make the necessary changes, then click Next until the Work Order dialog box appears.
User Guide for Resource Manager Essentials 78-13951-01 8-3 Chapter 8 Making a Device Configuration Change Using a Template Where You Should End Up—Verification
Step 10 Click Finish. The job is registered and runs, unless it is scheduled to run in the future. Note the job ID number that appears. Step 11 Repeat the process for each device category for which you have devices. Step 12 Verify that each job runs successfully. Refer to the section “Where You Should End Up—Verification” for more information. Step 13 After each job runs successfully, you can copy it to create a job that will change the Telnet passwords again in 3 months. To do this: a. Select Jobs > Job Browser. The Job Browser dialog box appears. b. Select the record of the job you want to copy, then click Copy Job. The job definition opens with a new job ID assigned. c. Set the schedule to start the job on the next day on which you must change the Telnet password, using the Job Properties dialog box.
Note You can edit any part of the job except the device category.
d. Click Next until the Work Order dialog box appears. e. Review the work order and make changes to the job definition, if needed. f. Click Finish to register the new job.
Where You Should End Up—Verification
After the job runs, the device configurations of the selected devices are changed. You should verify that the process was successful:
Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. The NetConfig application window opens.
User Guide for Resource Manager Essentials 8-4 78-13951-01 Chapter 8 Making a Device Configuration Change Using a Template Where You Should End Up—Verification
Step 2 Select Jobs > Job Browser. The Job Browser dialog box appears. Step 3 Locate the job’s record and check its Status entry to determine if it completed successfully. Step 4 Select the job record and click Job Details. The Job Details dialog box appears. • If the job failed, review the Download Summary page and the device details for each device to determine why it failed. • If the job completed successfully, click the Check Credentials button to verify that the new Telnet password is working correctly. For more information about browsing jobs and job details, refer to the online help.
User Guide for Resource Manager Essentials 78-13951-01 8-5 Chapter 8 Making a Device Configuration Change Using a Template Where You Should End Up—Verification
User Guide for Resource Manager Essentials 8-6 78-13951-01
CHAPTER 9
Configuring Multiple Devices
As a network administrator, you have to make one or more configuration changes on multiple devices in your network. To accomplish this task, create a custom template containing these configuration commands, and then execute it against multiple devices. You can execute the commands immediately or schedule them to run in the future.
User Guide for Resource Manager Essentials 78-13951-01 9-1 Chapter 9 Configuring Multiple Devices What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use only the NetConfig application. To create a template using this application, you must have Network Administrator permissions. To execute a job using a template, you must have permission to use the template. If you have Network Administrator permissions, you can use any template. If you do not, a network administrator must assign your permissions.
How To Do It—Procedures
• Create a Template • Define a NetConfig Job The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
Create a Template
Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. The NetConfig application window opens. Step 2 Select Admin > Create/Edit User Templates. The Create/Edit User Templates wizard appears. Step 3 Enter a name in the Name text box. Step 4 Select IOS from the Device Types drop-down list box.
Note Each NetConfig job can run on only one device category. You must create a separate job for each additional category of devices that you want to configure.
User Guide for Resource Manager Essentials 9-2 78-13951-01 Chapter 9 Configuring Multiple Devices How To Do It—Procedures
Step 5 Select Config as the command mode. Step 6 Enter the commands in the Enter CLI Commands text box or Import the file that contains the commands you wish to use. To do this: a. Click Browse. The Browse dialog box appears. b. Locate the required file, then click OK. Step 7 Enter the rollback commands, if any, in the Enter Rollback Commands text box or Import the file that contains the commands you wish to use. To do this: a. Click Browse. The Browse dialog box appears. b. Locate the required file, then click OK. Step 8 Click Assign to give permissions for the use of this template. The Assign Users dialog box appears. Step 9 Select the users to whom you wish to give permission, click the >> button, then click Finish. If there are no users available, select Server Configuration > Setup > Security> Add Users. Use the Add Users dialog box to add new users. Step 10 Click Save. The template appears in the left pane.
Define a NetConfig Job
Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. The NetConfig application window opens.
User Guide for Resource Manager Essentials 78-13951-01 9-3 Chapter 9 Configuring Multiple Devices How To Do It—Procedures
Step 2 Select Jobs > New Job. The New Job wizard appears with the Select Device Category dialog box open. Step 3 Select IOS from the Select Device Category drop-down list box, then click Next. The Select Devices dialog box appears.
Note Each NetConfig job can run on only one device category. You must create a separate job for each additional category of devices that you want to configure.
Step 4 Select the required Cisco IOS devices in the inventory using the device selector, then click Next. The Apply Template dialog box appears, unless you selected any devices whose configurations are not archived. If you selected any devices whose configurations are not archived in the configuration archive, a dialog box appears listing those devices. Click one of the buttons: • Open Archive Status. Opens the Archive Status dialog box in the CiscoWorks2000 window, where you can troubleshoot devices and add their configurations to the archive. • Cancel. Cancels device selection and returns you to Select Devices dialog box. • Continue. Removes devices whose configurations are not archived and continues the New Job wizard at the Apply Templates dialog box. Step 5 From the Select Template drop-down list box, select the template you created in the previous procedure. The commands contained in the template appear in the Commands text box. Step 6 Click Add. The template and its corresponding configuration commands appear at the bottom of the dialog box. Step 7 Click Next. The Job Properties dialog box appears. Step 8 Enter a description in the Description text box and any comments in the Config Comments text box.
User Guide for Resource Manager Essentials 9-4 78-13951-01 Chapter 9 Configuring Multiple Devices Where You Should End Up—Verification
Step 9 Specify the job schedule and other options, then click Next. • If Job Approval is enabled, the Set Approver dialog box appears. Select an approver list and enter any other optional information, then click Next. • If Job Approval is not enabled, the Work Order dialog box appears. Step 10 Review the work order. Step 11 If you need to edit the job, click Back to return to previous dialog boxes, make the necessary changes, then click Next until the Work Order dialog box appears. Step 12 Click Finish. The job is registered and runs, unless it is scheduled to run in the future. Step 13 Note the Job ID that appears. Step 14 Verify that the job runs successfully. Refer to the section “Where You Should End Up—Verification” for more information.
Where You Should End Up—Verification
After the job runs, the device configuration of the selected devices are changed. You should verify that the process was successful:
Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. The NetConfig application window opens. Step 2 Select Jobs > Job Browser. The Job Browser dialog box appears. Step 3 Locate the job record and check its status entry to determine if it completed successfully.
User Guide for Resource Manager Essentials 78-13951-01 9-5 Chapter 9 Configuring Multiple Devices Where You Should End Up—Verification
Step 4 Select the job record and click Job Details. The Job Details dialog box appears. • If the job failed, review the Download Summary page and the device details for each device to determine why it failed. • If the job completed successfully, click Check Credentials button to verify that your commands are executed correctly on the devices. For more information about browsing jobs and job details, refer to the online help.
User Guide for Resource Manager Essentials 9-6 78-13951-01
CHAPTER10
Importing Device Data to Inventory
You are the system administrator and want to import device information from HP OpenView, a network management system (NMS) that resides on a remote server, to the Inventory database. You are importing the information to a UNIX machine. (See the online help for procedures on importing device information from other NMS platforms.)
User Guide for Resource Manager Essentials 78-13951-01 10-1 Chapter 10 Importing Device Data to Inventory What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use only the Inventory application. Before you can import device data, make sure that these tasks have been completed: • The NMS is a supported system (see the Release Notes for Resource Manager Essentials 3.3 for the supported versions.) • The NMS database resides on a remote server that is a UNIX (not a Windows 2000) machine. • Your local Essentials server has the proper permissions for remotely accessing the remote username and for running the remote shell as the specified user on the remote host. To do this, verify the following on the remote server: – An .rhosts file is in the remote user’s home directory and contains an entry for the Essentials server. The username entry is +casuser. – The /etc/hosts. equiv file on the remote server does not contain any statements that disallow access by the Essentials server. – HP OpenView is running on the remote host. – The CWSI remote user is a member of the group casusers and a member of the CWSI “Known Network” database. – Tivoli NetView is running on the remote host. – Cisco WAN Manger default user name is svplus. – The CiscoWorks remote user is a member of the CiscoWorks group. On UNIX, the remote user ID is part of cscworks (or the group entered when CiscoWorks was installed) in /etc/group. – The CiscoWorks Sybase server is running on the remote host and the Sybase database uses the default query server name CW_SYBASE. • The remote shell daemon is running on the remote host. For a complete description of all the required tasks, refer to the online help.
User Guide for Resource Manager Essentials 10-2 78-13951-01 Chapter 10 Importing Device Data to Inventory How To Do It—Procedures
How To Do It—Procedures
The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
Step 1 Select Resource Manager Essentials > Administration > Inventory > Import from Remote NMS. The Remote Database Import dialog box appears. Step 2 Select the database from which you are importing from the NM Product drop-down list. Step 3 Enter the network name of the host on which the remote NMS resides in the Host Name field. Step 4 Enter the name of the remote user in the User Name field. Step 5 Select one of the choices from the Reconciliation Criteria list. Use this list to specify the resolution method if there is a conflict between a device you try to import and a managed device with the same host and domain name. • Use data from imported devices—When a conflict occurs, the imported device information overwrites existing device information. • Use data from managed devices—When a conflict occurs, the existing device information remains and the imported information is ignored. • Resolve conflicts after importing (the default)—After the import, select the information for the device integration process used to manage each device. Step 6 Select Cisco Devices Only or Customize or both from Special Options, then click Next. If you are importing non-Cisco devices or you want to enter device information, click Customize. • If you select Cisco Devices Only, devices are filtered based on the SNMP variable “sysObjectId”. (Devices are not filtered on CWSI.) • If you select Customize or CWSI, the Import Options dialog box appears. Enter the import options that apply to your NMS database.
User Guide for Resource Manager Essentials 78-13951-01 10-3 Chapter 10 Importing Device Data to Inventory Where You Should End Up—Verification
• If you installed the NMS at a user-specified location (instead of the default), click Customize and enter the Source location. • If you select Check Device Attributes, device attribute information is verified after the import. Step 7 Click Finish. The Add/Import Status Summary appears for you to verify that the import was successful.
Where You Should End Up—Verification
To verify if the devices are imported from HP OpenView:
Step 1 Select Resource Manager Essentials > Administration > Inventory > Import Status. Do one of the following: • Click on any of the statuses to view the devices in that state. • If you had selected Check Device Attributes, the number of device attribute errors is also shown. Click this field to view details. Step 2 Click Update to refresh the display during the operation. You can continue to update the display until the pending count goes to 0.
User Guide for Resource Manager Essentials 10-4 78-13951-01
CHAPTER 11
Managing PIX Devices through Proxy Server (Auto Update Server)
Your network has deployed thousands of PIX Firewall Series devices to the homes of all the employees of your company. Each employee may access the internet through a different ISP, some behind a firewall, and hence not directly manageable by the Essentials Server. As a network administrator, you need to manage these un-addressable devices. You can accomplish this task by indirectly managing the PIX devices through a supported proxy server like Auto Update Server. (See to the online help for specific procedures on importing, modifying and deleting.)
User Guide for Resource Manager Essentials 78-13951-01 11-1 Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) Importing Information from Proxy Server
Importing Information from Proxy Server
This will allow devices behind firewalls or Network Address Translation (NAT) boundaries to upgrade software images or configuration files, and pass on device status and information to the Essentials server. This option is specifically aimed at providing a solution to the problem of upgrading edge devices and to avoid the inherent complications in handling software image upgrades in the core of the network. The primary goal of the Proxy Server (Auto Update Server) is to manage devices that obtain their address through dynamic addressing. With dynamic addressing, a network management server does not know the device addresses. See Figure 11-1 for details of how The problem of not knowing the addresses necessitates having these devices contact the Essentials server instead of the server contacting them. The devices may also not be directly addressable: 1. The device contacts the Proxy Server (Auto Update server), providing its current state and device information. 2. The Proxy Server responds with a list of image files that the device should currently be running. 3. The device compares the file versions provided by the Proxy server with the ones running. If they differ, download the new versions from URLs provided. 4. If any of the files on the device have changed, the device restarts the Auto Update process to update the information about the device in the Auto Update server—this is called audit trail. (This time it would quickly figure out no updates are needed). This helps the Proxy Server (Auto Update server) maintain an audit trail to immediately know when an update has occurred successfully. The next time you may hear from a device could be a week later; if the polling frequency is a week.
Note The current version of Essentials supports only one Proxy Server
User Guide for Resource Manager Essentials 11-2 78-13951-01 Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) Importing Information from Proxy Server
Figure 11-1 Importing Information from Proxy Server
PIX device Internet
PIX device
Firewall
Auto Update server
PIX device
PIX device Internet
PIX device
NAT Boundary 77345
User Guide for Resource Manager Essentials 78-13951-01 11-3 Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use these applications: • Software Management • Inventory For a complete description of all the required tasks, refer to the online help.
How To Do It—Procedures
The purpose of this scenario is to show you how you can use specific applications to perform the following tasks: • Importing Proxy Server • Distributing Images This will help you understand how to use the applications to perform similar tasks in your network.
Importing Proxy Server
To import the proxy server, do the following:
Step 1 Select Resource Manager Essentials > Administration > Inventory > Proxy Management. The Import from Proxy Server dialog box appears. Step 2 Enter the host name of the proxy server in the Host Name field. Step 3 Enter the port number of the proxy server in the Port Number field. Step 4 Enter the user name to be used to log into the proxy server in the User Name field. Step 5 Enter the password in the Password field, and confirm the password in the Verify field. Step 6 Click Import.
User Guide for Resource Manager Essentials 11-4 78-13951-01 Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) Where You Should End Up—Verification
Distributing Images
To distribute images to the devices, do the following:
Step 1 Select Resource Manager Essentials > Software Management > Distribution > Distribute Images. Step 2 Navigate though the options to add devices, select and verify devices to upgrade. See the online help for detailed procedures.
Where You Should End Up—Verification
To verify if the devices are imported from the proxy server:
Step 1 Select Resource Manager Essentials > Administration > Inventory > Import Status. Do one of the following: • Click on any of the statuses to view the devices in that state. • If you had selected Check Device Attributes, the number of device attribute errors is also shown. Click this field to view details. Step 2 Click Update to refresh the display during the operation. You can continue to update the display until the pending count goes to 0.
To verify the list of managed devices imported from the proxy server:
Step 1 Select Resource Manager Essentials > Administration > Inventory > List Devices. Step 2 Click Update to refresh the display during the operation.
User Guide for Resource Manager Essentials 78-13951-01 11-5 Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) Where You Should End Up—Verification
User Guide for Resource Manager Essentials 11-6 78-13951-01
CHAPTER12
Checking Device Configuration Changes and Who Made Them
Slow network performance has been reported by users at the beginning of the workday. A traceroute (CiscoWorks2000 Server > Diagnostics > Connectivity Tools > Traceroute) indicates a high delay on Router A. As the network administrator, you need to determine if a recent configuration change was made on the router. If a change was made, you also identify who made it.
User Guide for Resource Manager Essentials 78-13951-01 12-1 Chapter 12 Checking Device Configuration Changes and Who Made Them What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use these applications: • Configuration Management • Change Audit No prerequisites are required. For a complete description of the required tasks, refer to the online help.
How To Do It—Procedures
The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
Step 1 Select Resource Manager Essentials > Configuration Management > Compare Configurations. The Compare Configurations window appears. Step 2 Select Startup vs Running. The Compare Configurations dialog box appears. Step 3 Select Router A using the device selector, then click Finish. The Configuration Compare report appears. Step 4 Click the Diffs Only folder in the Configlets pane. The differences between the startup and running configurations are displayed in the Startup and Running panes.
User Guide for Resource Manager Essentials 12-2 78-13951-01 Chapter 12 Checking Device Configuration Changes and Who Made Them Where You Should End Up—Verification
Where You Should End Up—Verification
Once you have verified that the startup and the running configurations are different, check to see who made the change so that you can contact the person and find out why it was made.
Step 1 If you think the change occurred within the last 24 hours, select Resource Manager Essentials > 24-Hour Reports > Change Audit Report. The Change Audit 24-Hour Summary appears. (If you are unsure when the change occurred, select Resource Manager Essentials > Change Audit > Search Change Audit.) Step 2 To view details for Router A, click Details in the View Details column. The User Name field identifies the user who made the change.
User Guide for Resource Manager Essentials 78-13951-01 12-3 Chapter 12 Checking Device Configuration Changes and Who Made Them Where You Should End Up—Verification
User Guide for Resource Manager Essentials 12-4 78-13951-01
CHAPTER13
Creating a Syslog Custom Report
As the network administrator of a network with OSPF (open shortest path first), you know an OSPF-2-NOMEMORY syslog message could potentially result in routing problems. You want to create a custom syslog report that lists OSPF NOMEMORY errors, so that you can run the report and check for problems.
User Guide for Resource Manager Essentials 78-13951-01 13-1 Chapter 13 Creating a Syslog Custom Report What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use only the Syslog Analysis application. No prerequisites are required. For a complete description of the required tasks, refer to the online help.
How To Do It—Procedures
The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
Step 1 Select Resource Manager Essentials > Administration > Syslog Analysis > Define Custom Report. The Define Custom Report dialog box appears. Step 2 Click Add. The Define Custom Report dialog box appears. Step 3 Enter a name for the report, up to 64 characters long, for example, OSPF Memory. Step 4 Select the Syslog Message Type, in this case OSPF-2-NOMEMORY. Click Add to place the alert in the Reported Messages column. Step 5 Select the 24-hour report check box to add the report to the 24-Hour report folder. Step 6 Click Finish. A confirmation message appears.
User Guide for Resource Manager Essentials 13-2 78-13951-01 Chapter 13 Creating a Syslog Custom Report Where You Should End Up—Verification
Where You Should End Up—Verification
Make sure the report was created.
Step 1 Select Resource Manager Essentials > 24-Hour Reports > Syslog Messages. The Syslog 24-Hour Report appears. Step 2 Click the OSPF Memory report to view the details. Step 3 Click Close when you are finished.
User Guide for Resource Manager Essentials 78-13951-01 13-3 Chapter 13 Creating a Syslog Custom Report Where You Should End Up—Verification
User Guide for Resource Manager Essentials 13-4 78-13951-01
CHAPTER14
Maintaining Your Inventory Information
As a network administrator you need to perform maintenance to keep your inventory information updated.
User Guide for Resource Manager Essentials 78-13951-01 14-1 Chapter 14 Maintaining Your Inventory Information What You Need—Prerequisites
What You Need—Prerequisites
In this scenario, you will use these applications: • Contract Connection • Inventory No prerequisites are required. For a complete description of the required tasks, refer to the online help.
How To Do It—Procedures
To perform maintenance tasks: • Check the Contract Status on Network Devices • Update Device Serial Numbers The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network.
Check the Contract Status on Network Devices
Step 1 Select Resource Manager Essentials > Contract Connection > Check Contract Status. The CCO Login dialog box appears. Step 2 Enter your CCO username and password, then click Next. The Select Contracts dialog box appears. If you do not see any contracts, you might not have the privileges required for Contract Agent access. Visit Cisco Service Contract Center and check your contract details. Step 3 Complete the Select Contracts dialog box: a. Press Ctrl and click the left mouse button to select individual contracts or use Shift-Click to select a range of contracts.
User Guide for Resource Manager Essentials 14-2 78-13951-01 Chapter 14 Maintaining Your Inventory Information How To Do It—Procedures
Note For AIX clients, press Ctrl and click the left mouse button to select individual contracts or multiple contracts.
b. To select devices click Next. The Select Devices dialog box appears. Select the devices, click Next. c. If you do not want to select specific contracts or devices, click Finish to select all contracts. The Transfer Data to Contract Agent dialog box appears. Step 4 Click Finish to transfer the device details from your Essentials database to the Contract Agent on Cisco.com. The Device Type Summary Report appears. Step 5 Save the report using the Save As tab or CSV format option. Step 6 Click Close.
Update Device Serial Numbers
The electronic serial number (number embedded in the software on the device) rarely matches the shipment serial number (serial number on the device at the time of shipment from Cisco) known to the Contract Agent. To update device serial numbers:
Step 1 Review a recent Device Type Summary report. Follow the “Check the Contract Status on Network Devices” procedure. Step 2 Using the report, highlight the devices that do not have their managed serial numbers. This is the number from the Essentials inventory database that the Contract Agent matches with the shipment serial number in their database.
User Guide for Resource Manager Essentials 78-13951-01 14-3 Chapter 14 Maintaining Your Inventory Information Where You Should End Up—Verification
Step 3 Retrieve the serial number for each device and enter it on your hard copy report. Select Resource Manager Essentials > Administration > Inventory > Change Device Attributes and manually enter each serial number into the Essentials inventory. For detailed procedures on changing device attributes, refer to the online help.
Where You Should End Up—Verification
After you perform maintenance tasks: • Verify the Contract Status on Network Devices • Verify Device Serial Numbers Are Updated
Verify the Contract Status on Network Devices
If the report shows that you need to update any of your contracts, contact your Cisco representative.
Verify Device Serial Numbers Are Updated
Step 1 Select Resource Manager Essentials > Contract Connection > Check Contract Status to rerun the Device Type Summary Report. Step 2 Review the device serial numbers you just added to make sure they are accurate.
User Guide for Resource Manager Essentials 14-4 78-13951-01
P ART 3
Appendixes
APPENDIX A
Troubleshooting Essentials
This appendix provides information on troubleshooting Essentials applications and Essentials-related CiscoWorks2000 Server problems.
Tip For the latest technical tips, suggestions for troubleshooting common issues, and frequently asked questions (FAQs) on most Essentials applications, you can go to the following URL:
http://www.cisco.com/warp/public/477/RME/index.html
• Change Audit FAQs • Configuration Management • Contract Connection • Inventory • Software Management • Syslog Analysis • CiscoWorks2000 Server
User Guide for Resource Manager Essentials 78-13951-01 A-1 Appendix A Troubleshooting Essentials Change Audit FAQs
Change Audit FAQs
Can I track every configuration change made to routers and switches in my network and who made them? Yes, if the devices have been enabled for syslog. All changes made on a device are logged, including changes made by outside Telnet sessions. You can enable Change Audit to listen to the syslog messages so that it can update the archive with the changed version of the configuration file and log the change. Select Resource Manager Essentials > Administration > Configuration Management > General Setup, then select the Change Probe Setup tab and enable Listen to Syslog Messages. You can check for changes by selecting Resource Manager Essentials > Change Audit > All Changes. If the change was made by an outside Telnet session, Unknown is listed in the Connection Mode column of the report.
Configuration Management
Configuration Management FAQs
• Where can I find out what devices are supported by Configuration Management? • If I import devices from a remote NMS, can I compare the startup vs. running configurations? • Can I execute Network Show Command sets for more than 10 devices? • How many Network Show Commands are allowed per command set? • Can I execute all device commands using Network Show Commands? • If I’m having problems with the Network Show Commands option, where can I check for error messages?
Where can I find out what devices are supported by Configuration Management? Select CiscoWorks2000 Server > About CiscoWorks2000 > Applications and Versions. Under the CW2000 Installed Applications, click Configuration Archive to see a list of supported devices.
User Guide for Resource Manager Essentials A-2 78-13951-01 Appendix A Troubleshooting Essentials Configuration Management
If I import devices from a remote NMS, can I compare the startup vs. running configurations? Yes, but first you must:
Step 1 Select Resource Manager Essentials > Administration > Inventory > Change Device Attributes. Step 2 Select all the devices with the same passwords. Step 3 Change the TACACS usernames and passwords.
Can I execute Network Show Command sets for more than 10 devices? No. You can execute command sets for only 10 devices.
How many Network Show Commands are allowed per command set? Each command set can contain a maximum of 6 router commands, 6 Catalyst commands and 6 FastSwitch commands.
Can I execute all device commands using Network Show Commands? No, only show commands are supported. However, commands such as help, ?, debug, ping, traceroute, and where are also supported.
If I’m having problems with the Network Show Commands option, where can I check for error messages? You can check for messages in these locations: • The Java console available with your browser. • In the Essentials server log files in /var/adm/CSCOpx/log for UNIX systems, and in NMSROOT/lib/jrun/jsm-cw2000/logs on Windows 2000 systems. • In additional log files in /opt/CSCOpx/objects/jrun/jsm-cw2000/logs on UNIX systems, and in NMSROOT/log on Windows 2000 systems. • In the Process Status dialog box. Select CiscoWorks2000 Server > Administration > Process Management > Process Status.
User Guide for Resource Manager Essentials 78-13951-01 A-3 Appendix A Troubleshooting Essentials Configuration Management
Troubleshooting Configuration Management
Use Table A-1 to help troubleshoot the Configuration Management application.
Ta b l e A-1 Configuration Management Troubleshooting Table
Symptom Probable Cause Possible Solution The archive cannot Incorrect password given Enter the correct Telnet and enable passwords for the retrieve the when adding or importing Catalyst devices in the Essentials database. The configuration the device. configuration archive uses Telnet to gather module module for Catalyst configurations for Catalyst devices. devices. The archive cannot Incorrect read and write Enter the correct read and write community strings retrieve the running community strings given in the Essentials database. configuration for a when adding or importing You can also change the order of the protocols used device. the device. to retrieve the configuration. (The configuration archive downloads configurations from devices using three different transport protocols in order: TFTP, Telnet, and rcp.) The archive cannot Incorrect password given Enter the correct Telnet and enable passwords for the retrieve the startup when adding or importing device in the Essentials database. configuration for a the device. If the device is configured for TACACS device. authentication, add the TACACS username and password (not the Telnet password) in the Essentials database when you import the device. If the device is configured for local user authentication, add the local username and password in the Essentials database. DNS hostname The device does not have Make sure the DNS server can recognize the device mismatch.The the DNS server set up to hostname, or specify the IP address instead of the ip_address is resolve the hostname. hostname. unknown to DNS.
User Guide for Resource Manager Essentials A-4 78-13951-01 Appendix A Troubleshooting Essentials Configuration Management
Table A-1 Configuration Management Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution SNMP timeout SNMP did not allow Increase the SNMP timeout values. prevents TFTP enough time for the from retrieving the operation. running configuration for a device. Network Show The device is unreachable. Enable the device. Commands execute command set error message: The device attributes have Update the device attributes in the Inventory Sorry, no output been changed. database by selecting for this command. Resource Manager Essentials > Administration > Internal error. Inventory > Change Device Attributes. Network Show Incomplete show Instead of entering an abbreviated command, such as Commands command specified. show ip, provide the complete command, for message: example show ip route. %Incomplete command. Network Show Used an invalid show Enter a valid show command. Commands error command. message: The command you entered is not a valid command. Network Show The wrong command has Make sure you enter a command that is valid for the Commands error been entered for the device. message: device. For example, a Failed to run switch command has been show commands. entered for a router. Network Show The SMTP server is not Make sure the SMTP server is running on the host. Commands mail running on the mailer error message: machine. SMTP not configured properly.
User Guide for Resource Manager Essentials 78-13951-01 A-5 Appendix A Troubleshooting Essentials Contract Connection
Contract Connection
Contract Connection FAQs
• What are the different types of serial numbers used in Contract Connection? • What do I do if the serial numbers are out of sync? • Why is the Electronic Serial Number field blank?
What are the different types of serial numbers used in Contract Connection? There are three types; two on the device and one in the inventory database: • Shipment Serial Number, which is embedded on the chassis hardware. • Electronic Serial Number, which you set using CLI when you introduce the device to the network. • Managed Serial Number, which is the serial number reflected in the inventory database.
What do I do if the serial numbers are out of sync? For Contract Connection to work properly, start with the Shipment Serial Number, because that is the serial number known to Cisco, and do the following:
Step 1 Using the CLI, as described in the device configuration guide, make sure that the Electronic Serial Number matches the Shipment Serial Number. Step 2 Change the Managed Serial Number to match the other two using Resource Manager Essentials > Inventory > Administration > Change Device Attributes.
Why is the Electronic Serial Number field blank? It is blank because it was not set in the device software when the device was introduced to the network. Update the number using the CLI, as described in the device configuration guide.
User Guide for Resource Manager Essentials A-6 78-13951-01 Appendix A Troubleshooting Essentials Inventory
Inventory populates the Managed Serial Number using SNMP to get the MIB serial number information from the Electronic Serial Number setting. If the Managed Serial Number field is blank, the inventory collector could not collect the information for one of these reasons: • The Electronic Serial Number field is not set. You can set this field by using the CLI as described in the device configuration guide, and update the inventory database by selecting Resource Manager Essentials > Inventory > Administration > Change Device Attributes. • The device does not support MIBs for serial numbers. Select Resource Manager Essentials > Inventory > Administration > Change Device Attributes to enter the information in inventory.
Inventory
Inventory FAQs
• Where can I find out what devices are supported by Inventory? • What main methods do I have for performing data collection? • How often should I run Schedule Collection? • What does the Inventory Poller do? • How do I know when a schedule collection was last performed and how long it took? • How can I see the most recent changes? • Why is the Device Serial Number field blank in inventory? • How can I make sure a device’s serial number is correct, and fix it, if it is wrong?
Where can I find out what devices are supported by Inventory? Select Server Configuration > About the Server > Applications and Versions. Under CW2000 Installed Applications, click Inventory manager to see a list of the supported devices.
User Guide for Resource Manager Essentials 78-13951-01 A-7 Appendix A Troubleshooting Essentials Inventory
What main methods do I have for performing data collection? You have the Schedule Collection option (Resource Manager Essentials > Administration > Inventory) or the Update Inventory option (Resource Manager Essentials > Administration > Inventory). Schedule Collection is the heavyweight collection method. It collects on all managed devices at a scheduled time and updates the database. Update Inventory collects information only on the devices you specify, and it collects the information right away. Update Inventory uses the same collection mechanism as Schedule Collection.
How often should I run Schedule Collection? You should run the Schedule Collection option at least once a week. If your system has more than 100 devices, you might not want to run Schedule Collection that often because it could place too heavy a load on your network. To detect changes in managed devices with the least impact on your network, use the Inventory Poller option.
What does the Inventory Poller do? The Inventory Poller uses a “lightweight” mechanism to determine whether database information is out-of-date. Although the Inventory Poller itself does not perform an actual collection, it determines whether any device information is out-of-date. If information is outdated, the Inventory Poller initiates a full collection on the pertinent devices.
How do I know when a schedule collection was last performed and how long it took? The Scan History option (Resource Manager Essentials > Inventory > Scan History) will give you this information.
How can I see the most recent changes? To view inventory changes made in the last 24 hours, use the Inventory Change Report option (Resource Manager Essentials > 24-Hours Reports). To view changes made since the last scheduled collection, use the Change Audit application.
User Guide for Resource Manager Essentials A-8 78-13951-01 Appendix A Troubleshooting Essentials Inventory
Why is the Device Serial Number field blank in inventory? The field is blank because inventory could not obtain the information from the device. This is due to one of these reasons: • The serial number was not set in the device software when the device was introduced to the network. This should have been done using CLI, as described in the device configuration guide. • The device does not support MIBs for serial numbers. In either case you can set the serial number in the inventory database by selecting Resource Manager Essentials > Administration > Inventory > Change Device Attributes, and setting the field to the serial number printed on the device chassis.
How can I make sure a device’s serial number is correct, and fix it, if it is wrong? The serial number in inventory should always match the number printed on the chassis. If the serial number does not match the number on the chassis, change it using Resource Manager Essentials > Administration > Inventory > Change Device Attributes.
Troubleshooting Inventory
Use Table A-2 to troubleshoot the Inventory application.
Ta b l e A-2 Inventory Troubleshooting Table
Symptom Probable Cause Possible Solution Device import from The user casuser is not a Add group membership before starting Essentials. local database fails. member of the (Solaris only.) CiscoWorks groups. The name resolution is Correct the name resolution. If that is not possible, incorrect. then apply remote import rules; add .rhosts to the casuser home directory. Device import from Essentials and the remote Set up Essentials and the remote NMS stations in the remote NMS fails. NMS reside in different same DNS domains. DNS domains.
User Guide for Resource Manager Essentials 78-13951-01 A-9 Appendix A Troubleshooting Essentials Inventory
Table A-2 Inventory Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution The device serial Hardware reports get data No action is required. However, you might want to numbers or the from the user-defined change the serial number so that it matches the router chassis optional serial number outside label number by selecting numbers differ field when the device or Resource Manager Essentials > Inventory > from those on router is added to Change Device Attributes. outside labels. Essentials (or through Change Device Attributes), not from the SNMP variable chassis serial number. The user-defined serial number takes precedence over the outside label number.
User Guide for Resource Manager Essentials A-10 78-13951-01 Appendix A Troubleshooting Essentials Inventory
Table A-2 Inventory Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution The device stays in The database is corrupt. Stop Essentials. Install a backup database, if you a pending state. have one; otherwise, install the basic database, px.db, over the corrupt database. 1. Back up or rename the corrupted database files: – CSCOpx/databases/rme/rme.db – CSCOpx/databases/rme/syslog.db 2. Install the basic database files: – From CSCOpx/databases/rme/orig/rme.dborig to CSCOpx/databases/rme/rme.db – From CSCOpx/databases/rme/orig/syslog.dborig to CSCOpx/databases/rme/syslog.db Both files must be copied into the database location and must be owned by user casuser and group casusers on both Windows 2000 and UNIX systems. The DIServer is not Check the process status. If the DIServer is not running. running, restart it. A broadcast address has Suspend the device. Run the address validation tool been imported and is on the device by selecting being used for an SNMP CiscoWorks2000 Server > Diagnostics > write. Connectivity Tools > Validate Device Addresses to ensure that a broadcast address or network address is not being used.
User Guide for Resource Manager Essentials 78-13951-01 A-11 Appendix A Troubleshooting Essentials Inventory
Table A-2 Inventory Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution Devices are not The access list is applied Add the permissions to the access lists on all routers. importing. to the SNMP-server community configurations. There has been an SNMP Increase the SNMP slow timeout and slow retry timeout. values. Reverse DNS lookup Add a device entry to the localhost file. failed. The device name is not Add a device entry to DNS or localhost file. configured in the DNS or localhost file. Cannot add a device The HPOV/SNMP has an Remove or rename HP OpenView version of the to the database. old version of wsnmp.dll wsnmp.dll files. files.
User Guide for Resource Manager Essentials A-12 78-13951-01 Appendix A Troubleshooting Essentials Software Management
Software Management
Software Management FAQs
• Can an option be provided during Software Management installation to update the /etc/inetd.conf file? • How does Software Management handle proxy environments? • Does Software Management support proxy with user authentication environments? • When a Software Management job is scheduled, how is the baseline determined? When I distribute a job, is an automatic backup performed? • Can I set up a periodic download of Software Management images from Cisco.com? • Is browser timeout something I should consider when downloading? • Do bug reports work for both Cisco IOS and switches? How is the filtering done? Does Software Management document how much we can filter at a granular level? • What are crypto images? • When does Software Management use the RCP protocol to transfer images? • Are there DNS dependencies for RCP to work properly for a device? • Why does Software Management sometimes leave behind image files in the tftpboot directory after an upgrade? • How much temporary space is required during image distribution? • What is the maximum recommended number of devices per upgrade job? • What is the default SNMP timeout used by Software Management? Can I configure it? • At what time will the images directory get created during the process of obtaining images from a device? Does this happen during the initial step? • Which Cisco IOS devices support bootldr images? • Does Software Management support Cisco IOS 12.0?
User Guide for Resource Manager Essentials 78-13951-01 A-13 Appendix A Troubleshooting Essentials Software Management
• Should I use special images with SWIM for 2900XL/3500XL devices? • How can I speed up Image Recommendation? • When a job is rejected, can it be edited or should I resubmit? • Can different group members edit jobs? What are the restrictions? • What is the role of the registry files in RME? • How do I upgrade Network Analysis Module (NAM) using Software Image Management (SWIM)?
Can an option be provided during Software Management installation to update the /etc/inetd.conf file? No. The Software Management installation automatically adds an entry in the /etc/inetd.conf file to start the in.tftpd process.
Note This process may not work in all environments. After installing, the administrator must ensure that the system is setup correctly to run the TFTP/RCP server.
How does Software Management handle proxy environments? Software management uses http protocol to communicate with Cisco.com for downloading images and their attributes. If you use http proxy for Internet connectivity, configure proxy URL information by selecting Resource Manager Essentials > Administration > System Configuration.
Does Software Management support proxy with user authentication environments? No.
When a Software Management job is scheduled, how is the baseline determined? When I distribute a job, is an automatic backup performed? There are two operations that import images from the network to the software library: • Baseline tasks • Synchronization The baseline task (Resource Manager Essentials > Software Management > Add Image to Library > Network) should be done only once as a part of the initial setup. This imports the images running on the network to your library.
User Guide for Resource Manager Essentials A-14 78-13951-01 Appendix A Troubleshooting Essentials Software Management
To keep the library synchronized with any new images and changes caused by upgrades from sources other than Software Management, schedule a synchronization job to run periodically at appropriate intervals. When this synchronization job runs, it looks for differences between the library and the network and allows any new images to be imported. During job distribution, Software Management backs up the current running image only if the option to backup current running image or tftp fallback was selected when the job was created.
Can I set up a periodic download of Software Management images from Cisco.com? No. However, you can schedule a one-time import from Cisco.com to occur at a later time. Software Management does not allow you to automatically import images from Cisco.com to the library based upon your preferences.
Is browser timeout something I should consider when downloading? The image import operation from Cisco.com and other devices can be done on a scheduled basis. Because this process runs as a background task on the server, the browser is not involved; however, when an immediate import operation is done, it is performed as a foreground task, and the browser can still timeout.
Do bug reports work for both Cisco IOS and switches? How is the filtering done? Does Software Management document how much we can filter at a granular level? Yes, bug reports are supported for both the Cisco IOS software and Catalyst switches. The filtering is done only on the basis of the software version and the platform. This means that a Cisco 2503 running IOS 11.3(2) will produce the same report as a Cisco 2511 access server running IOS 11.3(2). In Software Management, the features and protocols enabled on the device are not taken into account; this can result in a large number of bugs being reported against a device, not all of which may be applicable to your environment. You must manually review the bugs to find those which may be important to you.
What are crypto images? Crypto images are software images that use 56-bit Data Encryption Standard (DES) (or higher) encryption, and are subjected to export regulations. You must be a registered Cisco.com user, and be eligible and authorized to download such images.
User Guide for Resource Manager Essentials 78-13951-01 A-15 Appendix A Troubleshooting Essentials Software Management
When does Software Management use the RCP protocol to transfer images? If you select the remote copy protocol (RCP) preference under Resource Manager Essentials > Administration > Software Management > Edit Preferences, Software Management uses the RCP protocol to transfer images (upload and download) to Cisco IOS software devices that support CISCO-FLASH-MIB. Cisco Catalyst 5000 switches and Cisco 700 Series devices do not support RCP. Cisco IOS devices that do not support RCP include Cisco 7000 Series (RP-based 7000 only) and MC3810. All other Cisco IOS devices support the RCP protocol. Software Management always uses the TFTP protocol for config file updates on Cisco IOS devices.
Are there DNS dependencies for RCP to work properly for a device? Yes. If there are multiple IP addresses configured on the device, all IP addresses on the device must be configured using Domain Name System (DNS). Examples of devices with multiple IP addresses are those having many interfaces, with each interface configured with its own IP address, or a device that interfaces configured with primary and secondary IP addresses. Configure the DNS so all IP addresses are resolved to the same host name. The host name in the DNS should match the hostname in the RME Inventory.
Why does Software Management sometimes leave behind image files in the tftpboot directory after an upgrade? Software Management removes the image files from the tftpboot directory after the upgrade unless the tftp fallback job option is set. If the tftp fallback option is set, Software Management uploads the image from the device and leaves it in the tftpboot directory for fallback. Software Management also modifies the boot system commands on the device to add a fallback command to boot from the original image on the Essentials TFTP server if the upgraded image does not boot.
How much temporary space is required during image distribution? The amount of free space that is required depends upon the image file size and the number of devices that are being upgraded simultaneously. If the tftp fallback option is set, additional free disk space is required to keep the current image in the tftpboot directory. Disk space is used both in the tftpboot and temp directories.
User Guide for Resource Manager Essentials A-16 78-13951-01 Appendix A Troubleshooting Essentials Software Management
What is the maximum recommended number of devices per upgrade job? Each job upgrades devices sequentially. The duration of the upgrade varies depending on the network bandwidth and the type of devices being upgraded. The recommended maximum number of devices per job is 12.
What is the default SNMP timeout used by Software Management? Can I configure it? Software Management makes three attempts to connect to the device using SNMP. The first retry timeout interval of 10 seconds is not configurable. Subsequent retry timeout intervals are configurable and are based on the value in the slow timeout variable. To verify the timeout value, select Resource Manager Essentials > Administration > System Configuration. If the initial attempt to connect to the device fails, Software Management waits three minutes before it attempts to connect again. The three minute wait enables routing protocol or spanning tree convergence to occur, which could have been initiated because another device was rebooted during the software upgrade. The number of retries is not configurable. The underlying Software Management stack also tries three times to connect to the device. All the secondary addresses configured in DNS for the device are tried during each attempt.
At what time will the images directory get created during the process of obtaining images from a device? Does this happen during the initial step? The software images directory gets created at the time of importing an image to the library; however, this should be transparent to you.
Which Cisco IOS devices support bootldr images? The following Cisco IOS device families support bootldr images: • Cisco 4500, 4700 • Cisco 7500, RSP-based 7000 • Cisco 7200 • Access Servers 5200, 5300, 5800 • Route Switch Module (RSM) on Catalyst 5000
Does Software Management support Cisco IOS 12.0? No.
User Guide for Resource Manager Essentials 78-13951-01 A-17 Appendix A Troubleshooting Essentials Software Management
Should I use special images with SWIM for 2900XL/3500XL devices? 2900XL/3500XL devices consist of the following three images: • Regular Cisco IOS Software Image. • A TAR format HTML image that contains files for Visual Switch Manager. • A TAR format image that contains both the above mentioned images. Sotware Management uses the TAR format image that contains the Cisco IOS and HTML image. This image is posted on Cisco.com as are other images for 2900XL/3500XL. When using Essentials for software upgrades, images with description Enterprise-IOS and HTML-Use with RME 2.1 or later or Standard-IOS and HTML-Use with RME 2.1 or later should be used. When Add Image to Library from CCO/Slam Dunk is used, only these images are displayed.
How can I speed up Image Recommendation? If you include Cisco.com for Image Recommendation, try to limit the images by filtering (Resource Manager Essentials > Administration > Software Management >Edit Preferences).
When a job is rejected, can it be edited or should I resubmit? You can retry a rejected job; this creates a new job with all the parameters and attributes of the original job.
Can different group members edit jobs? What are the restrictions? The only job attribute that can be edited is the schedule time for non maker-checker jobs. Any user who has the netadmin role defined can edit jobs or create new jobs; however, in the maker-checker model, the jobs can only be approved by users who are in the approver list specified during the creation of the job.
User Guide for Resource Manager Essentials A-18 78-13951-01 Appendix A Troubleshooting Essentials Software Management
What is the role of the registry files in RME? Software Management manipulates the Windows 2000 registry to automatically manage remote authentication during the rcp transfers on Windows 2000. The following registry parameters are important for rcp service on Windows 2000: • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\DEBUG Dictates the amount of debug information written in the Windows 2000 event log. (Default = 0, Maximum = 0xff) • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\rhosts Contains the list of authenticated hosts that can run remote commands on this machine. This list is automatically managed by Software Management. • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\rusers Contains the list of authenticated remote users that can run remote commands on this machine. This list is automatically managed by Software Management. • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\NoRuserCheck If set to 1, the remote user authentication is skipped or, in other words, any remote user from authenticated hosts can run commands on this machine. (Default = 0) • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\NoRhostCheck If set to 1, the remote host authentication is skipped or, in other words, commands can be run on this machine from any remote machine. (Default = 0)
How do I upgrade Network Analysis Module (NAM) using Software Image Management (SWIM)? To upgrade NAM using using Software Image Management (SWIM): • Ensure that the passwords for NAM’s application and maintenance modes are the same.
User Guide for Resource Manager Essentials 78-13951-01 A-19 Appendix A Troubleshooting Essentials Software Management
This is because SWIM takes the password information from Inventory. However, Inventory requires the application mode password to manage the device, and SWIM requires the maintenance mode password to upgrade the device. Therefore, the passwords for NAM’s application and maintenance modes should be the same. • For a NAM card present in a Catalyst 6000 device running CatOS , ensure that you set auto logout to a value that is high enough to allow the copying of the new image. This is because a NAM image is usually very large (nearly 65 MB), and it may take between 1 to 2 hours to copy this image during SWIM upgrade. We recommend that you set the auto logout to 0 to ensure that there is no auto logout while the image is being copied. To set the auto logout value, use the CLI command, set logout 0. For a NAM card present in a Catalyst 6000 device running IOS, ensure that you set exec timeout to a value that is high enough to allow the copying of the new image. We recommend that you set the exec timeout value to 0 (exec-timeout 0 0) on all the vty lines. • Ensure that the htdocs directory under CSCOpx has enough space to stage the NAM image. During the NAM upgrade, SWIM first copies the NAM image from the NMSROOT/CSCOpx/files/sw_images directory, to the NMSROOT/CSCOpx/htdocs/swimtemp directory and then copies the NAM image to the NAM card, using HTTP. • Ensure that NAM is added with the correct Local User (root) and its password. • Ensure that NAM is added with the correct SNMP read/write community strings. Ensure that the switch, which contains NAM, is added with the correct attributes.
User Guide for Resource Manager Essentials A-20 78-13951-01 Appendix A Troubleshooting Essentials Software Management
Troubleshooting Software Management
Use Table A-3 to troubleshoot the Software Management application.
Ta b l e A-3 Software Management Troubleshooting Table
Symptom Probable Cause Possible Solution The approver cannot Job Approval is enforced Create a new job and submit it for approval. change the on the Distribute Images When the Distribute Images job requires approval, scheduled time for jobs. Software Management does not allow you to change the Distribute the scheduled time for the job from the Browse Jobs Images job using screen. Software Management. Cannot undo an Undoing a software Check the Supported Device Matrix in online help upgrade on upgrade is not supported for the supported devices and software releases. Microcom firmware on the devices. and Catalyst devices. Distribute Images Defective software is Go to Cisco.com and examine the software image. If and Image Import running on the device. it is deferred, contact your TAC representative. jobs fail on a device. If the software image is not deferred: 1. Select Resource Manager Essentials > Administration > Software Management > Edit Preferences. 2. Select Enable Debugging. 3. Rerun the job and then use the Mail or Copy Log File option to extract Software Management debugging information. 4. Send the information and a complete description of the problem to your TAC representative. A job is in a pending The Essentials server is Software Management moves the job to an error state after the not functioning correctly, state 1 hour after the scheduled time. Do not change scheduled time. has been powered off, or the job while it is pending; the system will take care has been rebooted before of it. the scheduled time. If necessary, create another job.
User Guide for Resource Manager Essentials 78-13951-01 A-21 Appendix A Troubleshooting Essentials Software Management
Table A-3 Software Management Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution A job is running, but The Essentials server is Software Management moves the job to an error the Job Details not functioning correctly, state 1 hour after the scheduled time. Do not change report shows no has been powered off, or the job while it is pending; the system will take care progress. was rebooted while the of it. job was running, causing If necessary, create another job. the job to stop. While modem or CIP Images for the 3640 Download a supported version of the software or microcode images digital modems are not firmware from http://www.cisco.com. are being added to imported in an AS5300 Check the Supported Device Matrix in online help the Software format file. for the supported devices and software releases. Management library, The Microcode firmware the image type is image is not combined displayed as firmware/DSP code. Unknown. Software Management cannot The CIP Microcode retrieve attributes version is older than 22.0 from images. Cannot schedule The at service is not If Essentials is running on a Windows 2000 system, Distribute Images running or is configured select Control Panel > Services and check that the and Image Add jobs. incorrectly. service is running. If it is not, start it manually. If Essentials is running on a Solaris system, make sure the /usr/bin/at command is present. Also make sure that the at.deny file in the /usr/lib/cron directory does not contain the casuser username. Essentials cannot Essentials needs Configure the read-write SNMP string on the upload images from read-write SNMP access device. a device. to the device. The Mail or Copy The e-mail address is Enter the correct e-mail address in the Mail or Copy Log File function incorrect. Log File options. does not mail log files. (Windows 2000 only.)
User Guide for Resource Manager Essentials A-22 78-13951-01 Appendix A Troubleshooting Essentials Software Management
Table A-3 Software Management Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution Software The devices are running Check the Supported Device Matrix in online help Management does an unsupported version of for supported devices and software releases. not recognize the IOS system software. Mica/Microcom/CIP cards on an AS5x00 or 7x00 device. Rcp is not being used The device does not 1. Make sure your device is IOS-based. to transfer software support rcp protocol. 2. Make sure that rcp is defined as the preferred images between the (Only Cisco IOS devices protocol. Essentials server and support rcp.) devices. 3. Select Resource Manager Essentials > or Administration Inventory > System Rcp is not properly Configuration to make sure that an rcp configured on the username is configured. Essentials server. If Essentials is running on a Windows 2000 system: 1. Verify that the CRMrsh service is running correctly using Control Panel > Services. 2. If the service is stopped, start it manually. 3. Launch the Event Viewer from the Administrative Tools group to make sure that the service has started properly. If Essentials is running on a Solaris system, make sure that the home directory for the rcp user account has an .rhosts file in it and that the user casuser has write privileges.
User Guide for Resource Manager Essentials 78-13951-01 A-23 Appendix A Troubleshooting Essentials Software Management
Table A-3 Software Management Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution The options to The proxy or DNS 1. Make sure the proxy URL is set up correctly. Browse Bugs by configuration is Select Resource Manager Essentials > Device and Locate incorrect. Administration > Inventory > System Devices by Bugs Configuration. result in the internal 2. If you configure a hostname for the proxy URL, error: check for the DNS configuration on the Can't resolve Essentials server. address for proxy. 3. Make sure that you are not required to enter a login each time you access the system. Multiple logins are not supported. If none of the previous steps correct the error: 1. Run your Internet browser on the server where Essentials is installed. 2. Configure the proxy in the browser. 3. Check to see if you can access www.cisco.com. 4. Call TAC and tell them the actions you have taken to troubleshoot the error and the results. The Schedule Incorrect e-mail address. Correct the e-mail address in the Schedule Synchronization Job Synchronization Job option. report is not mailed. The SMTP server is not Configure the SMTP server by selecting (Windows 2000 configured. Resource Manager Essentials > only.) Administration > Inventory > System Configuration. Unable to download The /var/tmp file has Increase the /var/tmp space. IOS (error 4151). insufficient space to accommodate the IOS image.
User Guide for Resource Manager Essentials A-24 78-13951-01 Appendix A Troubleshooting Essentials Syslog Analysis
Table A-3 Software Management Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution The CCO Upgrade The connection to Configure Cisco.com filters or select fewer numbers Analysis screen and Cisco.com from the of devices and then retry the operation. the Recommend Essentials server is slow. If these actions do not work, follow the instructions Image Upgrade The Cisco.com server is specified for the symptom: The Browse Bugs by screen time out. down. Device and Locate Devices by Bugs options result in The Cisco.com filters are the internal error: Can’t resolve address for proxy. not configured correctly. The upgrade failed. Software Management Upgrade the device to version 4.1 (any feature set), does not allow an upgrade and then upgrade to version 4.2 X.25 software from version 4.0 software image. to version 4.2 X.25 software on the Cisco 700 series.
Syslog Analysis
Syslog Analysis FAQs
Why am I not getting syslog messages for my devices? Why does the syslog window appear to lock up when daily syslog messages are being retrieved? Where does Essentials keep syslog messages? Where can I get the description of the error messages?
Why am I not getting syslog messages for my devices? You might not be getting syslog messages for one of the following reasons: • The device is not managed by Essentials. • The syslog parameters are not enabled correctly on the device.
User Guide for Resource Manager Essentials 78-13951-01 A-25 Appendix A Troubleshooting Essentials Syslog Analysis
• Too many messages are being received by the syslog program. On Windows 2000 systems, logging for the PIX firewall has a tendency to lock the syslog function due to the massive number of messages from the firewall. • Filters might be applied to incoming syslog messages. By default, Link Up/Down, PIX, Severity 7, and IOS Firewall Audit Trail messages are filtered out.
Why does the syslog window appear to lock up when daily syslog messages are being retrieved? The query program used by syslog generates large (1.5 MB and greater) HTML pages in table format, and some HTML programs have problems viewing pages this large. It might take a little longer to display large syslog reports.
Where does Essentials keep syslog messages? Look in /etc/syslog.conf to see in which files the syslog information is logged. Essentials uses only the syslog file for local7 to get information for the network devices and then writes the information to the /var/adm/CSCOpx/log/dmgtd.log file.
Where can I get the description of the error messages? To get the description of the error messages follow either of these procedures: Procedure 1
Step 1 Select Resource Manager Essentials > Syslog Analysis > Standard Reports. Step 2 Select the views and devices of the report you want then click Next. The Select Dates and Report Type dialog box appears. Step 3 Select the report type and the dates for the report. Step 4 Click Finish. Step 5 Click on * in the details column for the respective device name.
User Guide for Resource Manager Essentials A-26 78-13951-01 Appendix A Troubleshooting Essentials Syslog Analysis
Procedure 2
Step 1 Select Resource Manager Essentials > Syslog Analysis > Unexpected Device Report. Step 2 Select the dates for the report. Step 3 Click Finish. Step 4 Click on * in the details column for the respective device name.
Troubleshooting Syslog Analysis
Use Table A-4 to troubleshoot the Syslog application.
Ta b l e A-4 Syslog Troubleshooting Table
Symptom Probable Cause Possible Solution Filters are not taking It takes about 5 minutes If you need the filters to take effect immediately, effect. for filters to propagate to restart the remote Syslog Analyzer Collector. process. Message source is The syslogd is unable to Add a name resolution for the device to DNS, given as ???? (Solaris resolve the source address /etc/host, and similar items. only.) of the network device Install Solaris patch 103291-02. This will change sending the message. the ??? to an octal IP address in brackets [171.69.219.72]. This allows the format to be parsed by the syslog analyzer. New messages are A new filename needs to On Windows 2000 systems, run the registry editor, not appearing in be defined in the regedit. Then set the parameters to the name of the reports after configuration file for logging the syslog messages on changing syslog information. HKEY_LOCAL_SYSTEM > System > message file using CurrentControlSet > Services > crmlog. Syslog Analysis > On Solaris systems, modify the /etc/syslog.conf Change Storage file. (For more information, refer to the Solaris options. man pages.)
User Guide for Resource Manager Essentials 78-13951-01 A-27 Appendix A Troubleshooting Essentials Syslog Analysis
Table A-4 Syslog Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution Logging is enabled in The syslog daemons are 1. Telnet to the device and log in. the IOS/Catalyst not running properly. 2. Enter enable and the enable password. device to send Messages sent to the messages to 3. Enter configure terminal. Essentials server by Essentials, but it is network devices are 4. Enter logging on. not working. logged by a process 5. Enter the IP address of the Essentials server to independent of the Syslog receive router messages. Analyzer. 6. Enter End. On Solaris systems, this process is syslogd and on 7. On Solaris systems, view the file named in the Windows 2000 systems, local7.info line (default is this process is the /var/log/syslog_info) in the /etc/syslog.conf Essentials syslog service. file. If this file does not exist, create one and make sure it can be accessed by syslogd. 8. On Windows 2000 systems, view the file in C:\Program Files\CSCOpx\log\syslog.log. 9. Send an HUP signal to syslogd (kill -HUP 'cat/etc/syslog.pid'). If the syslog message from the device is not in the syslog file, check device configuration. If the syslog message is in the syslog file, make sure that the syslog daemons are running properly: • On Solaris systems, enter /usr/ucb/ps -aux | grep syslogd • On Windows 2000, go to the Control Panel and make sure the Essentials syslog service is running. The device is configured Make sure the device is logging to the correct incorrectly. Essentials server. (Refer to the device documentation for details on enabling syslog.)
User Guide for Resource Manager Essentials A-28 78-13951-01 Appendix A Troubleshooting Essentials Syslog Analysis
Table A-4 Syslog Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution No messages appear Network devices are not Select Resource Manager Essentials > on any generated sending messages to the Administration > Syslog Analysis > Collector syslog report. Essentials server. Status to examine the Syslog Analyzer Collector status. If the numbers are all zeros, make sure that network devices are sending messages to the Essentials server. (Refer to procedures for setting up an IOS/Catalyst device.) Remote collector Installation failure. Install a remote collector on a Windows 2000 error message: system by entering SacNTService/install. Do not Could not start add an .exe extension to the file name. the Syslog collector service on the server_name ERROR 0002: The system cannot find the file specified. (Windows 2000 only.)
User Guide for Resource Manager Essentials 78-13951-01 A-29 Appendix A Troubleshooting Essentials Syslog Analysis
Table A-4 Syslog Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution Remote collector Configuration failure. 1. Configure the remote collector. Select error messages: Control Panel > Services. Could not start 2. Select Cisco Syslog_Collector. the Syslog collector service 3. In the Startup Parameters field, enter the on the server_name location of your SAenvProperties.ini file, for ERROR 1067: The example: process terminated -pr c:\\temp\\SAenvProperties.ini. unexpectedly”and Remember to use \\ to separate the directory “SacNTService: The paths. service cannot be started without the properties file specified, please specify the properties file you want to use.” (Windows 2000 only.) The remote collector Incorrect configuration 1. Check the remote collector table for the name is not running parameters. and status of the remote collector. properly when it is 2. Make sure that the parameter SAC_SERVER installed and started is set to the hostname of the Essentials server. on a non-Essentials machine. 3. On Solaris systems, view the SAEnvProperties.ini file located in the following directory: /opt/CSCOsac/lib/classpath/com/cisco/nm/sysloga /sac 4. On Windows 2000 systems, view the SAenvProperties.ini file and ensure that the parameter SAC_PORT is set to 514. 5. Perform the ping command using the hostname to ensure that the remote collector can be reached.
User Guide for Resource Manager Essentials A-30 78-13951-01 Appendix A Troubleshooting Essentials Syslog Analysis
Table A-4 Syslog Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution Remote collector Running incorrect version Install Java 1.1.6 or later. messages in syslog of Java. file, but not in Remote collector has On Solaris systems, check if the remote collector reports. stopped. has stopped by entering: /usr/bin/ps -f | grep java. Restart the remote collector by entering: sh /opt/CSCOsac/lib/sacStart.sh. Remote collector is not On Windows 2000 systems, check using Control installed correctly. Panel > Services. If Syslog_Collector is not listed, reinstall the remote collector by entering: SacNTService.exe /install. If the collector is installed but not running, start the remote collector from the Control Panel > Services dialog box. Remember to specify the properties file using the –pr option.
User Guide for Resource Manager Essentials 78-13951-01 A-31 Appendix A Troubleshooting Essentials Syslog Analysis
Table A-4 Syslog Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution Reports are empty Processes are not running 1. Select CiscoWorks2000 Server > even though properly. Administration > Process Management > messages on Solaris Process Status and make sure the syslog systems are analyzer is running properly. If it is not, restart appended to it. /var/log/syslog_info 2. Make sure the CMLogger, RmeOrb, and and on Windows DBServer processes are running. If they are 2000 systems to not, restart the system. C:\Program Files\CSCOpx\log Timestamp problem. If the Messages Processed counter is not zero, \syslog.log. check the timestamp for a message in the syslog file. If there are two timestamps, and the second timestamp is current, the syslog analyzer uses the second. If it is older than 7 days, the reports will not display it. If the Messages Processed counter is zero and the Messages Filtered counter is not zero, change the filters. If the Messages Processed and the Messages Filtered counters are zero, but the Invalid Messages counter is not zero, contact your TAC representative.
User Guide for Resource Manager Essentials A-32 78-13951-01 Appendix A Troubleshooting Essentials Syslog Analysis
Table A-4 Syslog Troubleshooting Table (continued)
Symptom Probable Cause Possible Solution Unexpected Device The messages are from a Syslog analyzer uses all IP addresses associated report contains managed device but there with the device name to try to map it to a device syslog messages that is a name resolution managed by Inventory Manager. Verify the should not be in the problem. device-name-to-IP-address mapping: standard report. 1. On Windows 2000 systems, view the syslog.log file in C:\Program Files\CSCOpx\log. On Solaris systems, view the syslog_info file in /var/log. Note the source of the messages (hostname appears immediately after the timestamp). 2. Obtain a list of IP addresses (perform nslookup on the device name at the command prompt). 3. Select Resource Manager Essentials > Inventory > Detailed Device Report to generate a report. 4. In the Network Address column, verify that the IP addresses returned from nslookup appear on the list. If any IP addresses are not on the list, the mapping is incorrect. 5. Update the naming services (DNS,/etc/hosts, etc.) with the missing IP addresses.
User Guide for Resource Manager Essentials 78-13951-01 A-33 Appendix A Troubleshooting Essentials CiscoWorks2000 Server
CiscoWorks2000 Server
CiscoWorks 2000 Server FAQs
What kind of directory structure does CiscoWorks2000 use when backing up Resource Manager Essentials data? How do I re-initialize the Essentials database on a Solaris system? How do I re-initialize the Essentials database on a Windows 2000 system? Can I back up the database for a single application? How do I find out which devices are supported by a particular application? How do I enable or disable Java plug-in?
What kind of directory structure does CiscoWorks2000 use when backing up Resource Manager Essentials data? CiscoWorks uses a standard database structure for backing up all suites and applications. A sample directory structure for the CiscoWorks2000 server (represented by the rme acronym) follows. The Essentials directory has two databases: rme and syslog.
How do I re-initialize the Essentials database on a Solaris system? To re-initialize the Essentials database follow this procedure:
Step 1 Open a UNIX shell prompt. Step 2 Stop the database engine by entering: /etc/init.d/dmgtd stop Step 3 Navigate to /opt/CSCOpx/databases/rme directory. Step 4 Make sure that the rme.db file is writeable, and execute: rm rme.db The rme.db file is deleted.
User Guide for Resource Manager Essentials A-34 78-13951-01 Appendix A Troubleshooting Essentials CiscoWorks2000 Server
Step 5 Make sure that the syslog.db is writeable, and execute: rm syslog.db The del rme.log file is deleted. Step 6 Recreate the rme.db file from the rme.dborig file by entering: cp orig/rme.dborig rme.db Step 7 Recreate the syslog.db file from the syslog.dborig file: cp orig/syslog.dborig syslog.db Step 8 Make sure that the rme.db and syslog.db is read-only: chmod 600 rme.db and chmod 600 syslog.db Step 9 Make casuser the owner of rme.db, and casusers the group: chown casuser:casusers rme.db Step 10 Make casuser the owner of syslog.db, and casusers the group: chown casuser:casusers syslog.db Step 11 Restart the database engine by entering: /etc/init.d/dmgtd start
How do I re-initialize the Essentials database on a Windows 2000 system? To re-initialize the Essentials database follow this procedure:
Step 1 Open an MS DOS command prompt window. Step 2 Stop the database engine by entering: net stop crmdmgtd Step 3 Navigate to CSCOpx\databases\rme directory. Step 4 Make sure that the rme.db file is writeable, and execute: del rme.db The rme.db file is deleted.
User Guide for Resource Manager Essentials 78-13951-01 A-35 Appendix A Troubleshooting Essentials CiscoWorks2000 Server
Step 5 Make sure that the syslog.db is writeable, and execute: del syslog.db The del rme.log file is deleted. Step 6 Recreate the rme.db file from the rme.dborig file by entering: copy orig\rme.dborig rme.db Step 7 Recreate the syslog.db file from the syslog.dborig file: copy orig\syslog.dborig syslog.db Step 8 Make sure that the rme.db and syslog.db is read-only. Step 9 Restart the database engine by entering: net start crmdmgtd
Ta b l e A-5 Sample Essentials Backup Directory
Directory Path Description Usage Notes /tmp/1 Number of backups 1, 2, 3, ... /tmp/2/rme Application or suite Essentials backs up all application data, including images, configuration files, and other data. /tmp/1/rme/filebackup.tar All CiscoWorks2000 server Application data is stored in application tar files datafiles.txt and is compiled into tar file. /tmp/1/rme/database Essentials database directory, Files for each database: which includes both Essentials • xxx_DbVersion.txt and syslog databases • xxx.db database files • xxx.log database log files • xxx.txt database backup manifest file
User Guide for Resource Manager Essentials A-36 78-13951-01 Appendix A Troubleshooting Essentials CiscoWorks2000 Server
Can I back up the database for a single application? No. You cannot back up the database for individual applications or suites (if you have more than one installed). CiscoWorks2000 backs up all suite databases using the Back Up or Schedule Back Up options. You can restore or move suite-specific pieces when required. To restore only the Essentials database, specify the rme.db.
How do I find out which devices are supported by a particular application? Select Server Configuration > About the Server > Applications and Versions. Under CW2000 Installed Applications, click the application name to see a list of the supported devices.
How do I enable or disable Java plug-in? For applications for which the plug-in is optional, you can either enable or disable Java plug-in. To enable or disable Java Plug-in:
Step 1 Select Server Configuration > Setup > Java Plug-in Use. Step 2 Click Enable or Disable. Step 3 Click Finish.
Tip For the latest technical tips, suggestions for troubleshooting common issues, and frequently asked questions (FAQs) on most Essentials applications, you can go to the following URL:
http://www.cisco.com/warp/public/477/RME/index.html
User Guide for Resource Manager Essentials 78-13951-01 A-37 Appendix A Troubleshooting Essentials CiscoWorks2000 Server
User Guide for Resource Manager Essentials A-38 78-13951-01
APPENDIX B
File Import Format
Two methods are available for importing devices into your network inventory: • Comma-Separated Values (CSV) File • Data Integration File (DIF) For ease of use, Cisco strongly recommends the CSV format. Samples of each type of file are in this appendix.
Note The information in each file type must be entered in the order shown.
User Guide for Resource Manager Essentials 78-13951-01 B-1 Appendix B File Import Format Comma-Separated Values (CSV) File
Comma-Separated Values (CSV) File
You can create a CSV file to import devices. Select Resource Manager Essentials > Administration > Inventory > File Import to import the CSV file you created. The CSV format provides the following device information: • Full device name or IP address (required) • Read-only community string (required) • Read-write community string (optional) • Serial number (optional) • User Field 1 (optional) • User Field 2 (optional) • User Field 3 (optional) • User Field 4 (optional) • Telnet password, enable password, enable secret, TACACS user, TACACS password, TACACS enable user, TACACS enable password, local user, local password, RCP user, and RCP password (optional) The following is a sample CSV-formatted file. ; The following header line is mandatory - only the value of the ; source attribute can be modified (e.g. source = My Excel spreadsheet). cisco Systems NM data import, source = Hand edit; Version = 2.0; Type = Csv ; ; Here are the columns of the table. ; ;Col# = 1; Name = Device name (include domain unless your stie has ; unqualified device names registered in the name services ; - or - ; IP address in dotted decimal notation ;Col# = 2: Name = RO community string ;Col# = 3: Name = RW community string ;Col# = 4: Name = Serial Number ;Col# = 5: Name = User Field 1 ;Col# = 6: Name = User Field 2 ;Col# = 7: Name = User Field 3 ;Col# = 8: Name = User Field 4 ;Col# = 9; Name = Telnet password ;Col# = 10; Name = Enable password
User Guide for Resource Manager Essentials B-2 78-13951-01 Appendix B File Import Format Comma-Separated Values (CSV) File
;Col# = 11; Name = Enable secret ;Col# = 12; Name = Tacacs user ;Col# = 13; Name = Tacacs password ;Col# = 14; Name = Tacacs enable user ;Col# = 15; Name = Tacacs enable password ;Col# = 16; Name = Local user ;Col# = 17; Name = Local password ;Col# = 18; Name = Rcp user ;Col# = 19; Name = Rcp password; Comment = not used, leave blank ; ; Here are the rows of data. ; bigrouter.yourcompany.com,public,private,, dev-2501.yourcompany.com,"Not so, "" public as, thought",private,sn2501, dev-2502.yourcompany.com,public,"private",sn2502, dev-2503.yourcompany.com,public,private,sn2503,"" dev-2504.yourco.com,public,private,sn2504,us1,us2,us3,us4,tPass,ePass,eSecret,tUsr,tPass,t eUsr,tePass,LUsr,LPass,rUsr,rPass dev-2505.yourco.com,public,private,sn2505,usr1,,,usr4,,,esecret,,tUsr,tPass,,,LUsr,lPass dev-2507.yourcompany.com,public,private,sn2507, dev-2509.yourcompany.com,public,private,sn2509, dev-2510.yourcompany.com,public,private,sn2510, dev-2511.yourcompany.com,public,private,sn2511, dev-2512.yourcompany.com,public,private,sn2512, dev-2513.yourcompany.com,public,private,sn2513, dev-2514.yourcompany.com,public,private,sn2514, dev-2515.yourcompany.com,public,private,sn2515, dev-2516.yourcompany.com,public,private,sn2516, dev-4000.yourcompany.com,public,private,,Big Boys dev-4500.yourcompany.com,public,private,,Big Boys dev-7000.yourcompany.com,public,private,,Big Boys dev-7010.yourcompany.com,public,private,,Big Boys dev-2517.yourcompany.com,public,private,,,nm 25xx dev-2518.yourcompany.com,public,private,,,mylabel2 dev-2520.yourcompany.com,public,private,,,mylabel2 dev-2521.yourcompany.com,public,private,,,mylabel2 dev-2522.yourcompany.com,public,private,,,mylabel2 dev-2523.yourcompany.com,public,private,,,mylabel2 dev-2524.yourcompany.com,public,private,,,mylabel2 dev-2525.yourcompany.com,public,private,,,mylabel2 dev-4700.yourcompany.com,public,private,,yourlabel1,,yourlabel3,yourlabel4 dev-7206.yourcompany.com,public,private,, dev-7505.yourcompany.com,public,private,,,,,yourlabel4 dev-7507.yourcompany.com,public,private,, dev-7513.yourcompany.com,public,private,, dev-1200.yourcompany.com,public,private,, dev-2900.yourcompany.com,public,private,,
User Guide for Resource Manager Essentials 78-13951-01 B-3 Appendix B File Import Format Data Integration File (DIF)
dev-3000.yourcompany.com,public,private,, dev-5000.yourcompany.com,public,private,, 111.222.33.44,public,public,,
Data Integration File (DIF)
You can create a DIF to import devices. Select Resource Manager Essentials > Administration > Inventory > File Import to import the DIF file you created. The DIF is currently encoded in the ISO Latin-1 character set using an extended BNF notation as described in the Essentials online help. The DIF specifies the following characteristics of each device: • Generic format • Generic attributes • Header • Table area – Generic table attributes – Device table – Group table – User annotation table – Serial number table – TACACS table The following is a sample DIF, incorporating these characteristics. The sample file was imported from CiscoWorks. First, the DIF is defined. cisco Systems NM data import, source=CW; Version = 1.0;
The device table is defined. Table name = Device basic inventory; Version = 1.0; Column count = 7; Separator = |;
Columns for the device table are defined. Col# = 1; Name = Row#; Col# = 2; Name = Device name;
User Guide for Resource Manager Essentials B-4 78-13951-01 Appendix B File Import Format Data Integration File (DIF)
Col# = 3; Name = Domain; Col# = 4; Name = RO community string; Col# = 5; Name = RW community string; Col# = 6; Name = Telnet password; Col# = 7; Name = Enable password;
Rows of data for the device table are defined. 000001|111.22.333.4||||fooey|more 000002|landfall|cisco.com|public|private|| 000003|yet_another_router||read|write|main|charlie 000004|Pinpointed_router|organized.org|read|write|viper|eric 999999
An administrative domain table is defined. Table name = Device grouping; Version = 1.0; Column count = 4; Separator = $
Columns for the domains table are defined. Col# = 1; Name = Row# Col# = 2; Name = Group Col# = 3; Name = Device name Col# = 4; Name = Domain
Rows of data for the domain table are defined. 000001$CW_World$111.22.333.4$ 000002$CW_World$yet_another_router$ 000003$CW_World$landfall$cisco.com$ 000004$CW_Smaller than world$yet_another_router$ 999999
The user annotation table is defined. Table name = Device annotations; Version = 1.0; Column count = 7; Separator = $
Columns for the annotation table are defined. Col# = 1; Name = Row# Col# = 2; Name = Device name Col# = 3; Name = Domain Col# = 4; Name = Annotation 1 Col# = 5; Name = Annotation 2 Col# = 6; Name = Annotation 3 Col# = 7; Name = Annotation 4
User Guide for Resource Manager Essentials 78-13951-01 B-5 Appendix B File Import Format Data Integration File (DIF)
Rows of data for the annotations table are defined (the first annotation holds location; the second annotation holds the contact name). 000001$111.22.333.4$$San Jose: Bldg F$Joe Smith 000002$yet_another_router$$San Jose: Bldg A$Jill Jones 000003$landfall$cisco.com$San Jose: Bldg F$Joe Smith 000004$yet_another_router$Santa Clara: Bldg 1$George Black 999999
The serial number table is defined. Table name = Device serial numbers; Version = 1.0; Column count = 4; Separator = $ Col# = 1; Name = Row# Col# = 2; Name = Device name Col# = 3; Name = Domain Col# = 4; Name = Serial number
RCP data is provided. 000001$111.22.333.4$$jsmith$1dasf8 000002$yet_another_router$$jjones$1ruf7dhgd 000003$landfall$cisco.com$jsmith$1dasf8 000004$yet_another_router$gblack$7fghs4 999999
The TACACS table is defined. Table name = Device Tacacs access data; Version = 1.0; Column count = 7; Separator = $ Col# = 1; Name = Row# Col# = 2; Name = Device name Col# = 3; Name = Domain Col# = 4; Name = Tacacs user Col# = 5; Name = Tacacs password Col# = 6; Name = Tacacs Enable User; Col# = 7; Name = Tacacs Enable Password;
TACACS data is provided. 000001$111.22.333.4$$jsmith$3dfg6$stillJsmith$butNot3dfg6 000002$yet_another_router$$jjones$adf6789 000003$landfall$cisco.com$jsmith$3dfg6 000004$yet_another_router$gblack$jh3df7 999999
User Guide for Resource Manager Essentials B-6 78-13951-01
APPENDIX C
Essentials Command Reference
This appendix provides a list of the Essentials commands.
Command Description backup.pl Backs up the database. /opt/CSCOpx/bin/perl backup.pl backdir [logfilename [numberGen] ] crmimport Script used for CRM device data import. The crmimport command is a command line utility for the Resource Manager Essentials which is used to import device information from CiscoWorks(tm), CiscoWorks for Switched Internetworks(tm), HP OpenView(tm), Castlerock's SNMPc(tm) (on Windows 2000 only), or any other source of devices that can export lists of devices and their passwords. crmimport is similar to CRM's function Admin > Inventory > Import from File. On Unix enter: rmimport.pl [-o | -d] importFile
On Windows 2000 enter: crmimport.cmd [-o | -d] importFile
User Guide for Resource Manager Essentials 78-13951-01 C-1 Appendix C Essentials Command Reference
Command Description cwconfig CiscoWorks2000 command line tool that allows you to access the configuration archive or configurations on devices. You can use cwconfig to update, export, and import configurations on devices and in the archive. You can also compare configurations and delete old configurations. To get a list of supported commands, run the command: cwconfig -help Help on each command can be obtained as: cwconfig command -help For example: cwconfig export -help Additionally, man pages are available on UNIX installations for individual commands. To view the man page for any command, enter: man cwc -command cwinvcreport CiscoWorks2000 command line interface for the Inventory Custom Reports. cwinvcreport allows you to run the previously created Inventory Custom Reports. The output is displayed in Comma separated value (CSV) format. You can re-direct the output to an e-mail recipient or to a file. The log and the output files are created in the current directory. The report name should be given within double quotes. cwinvcreport [-d debuglevel] [-m email] [-l logfile] [-o outputfile] "reportname" You could enable debug mode and set the debug using the -d option. You could mail the output to an e-mail recipient using the -m option. You could log the error messages to a file using the -o option. • To display the list of existing reports, specify the -r option. cwinvcreport -r • To display cwinvcreport version information, specify the -v option.
cwinvcreport -v • To display the usage information, specify the -h option. cwinvcreport -h
User Guide for Resource Manager Essentials C-2 78-13951-01 Appendix C Essentials Command Reference
Command Description dbpasswd.pl Changes a database's password along with its access configuration files. dbpasswd.pl {all | dsn=data source [opwd=old password] [pfile=properties file] | listdsn} dig Sends domain name query packets to name servers. Dig (domain information groper) is a flexible command line tool which can be used to gather information from the Domain Name System servers. Dig has two modes: • Simple interactive mode which makes a single query • Batch which executes a query for each in a list of several query lines. All query options are accessible from the command line. dig [@server] domain [query-type] [query-class] [+query-option] [-dig-option] [%comment] dmgtd Process manager daemon. Specify the tcp port to use the Daemon Management protocol on. All clients will need to have the env var PX_DMGTHOST and env var set. Daemon Manager Protocol enabled applications can report additional status. Daemon Manager sends status information to Syslog (facility: LOG_DAEMON). dmgtd [ -p port -v] [ names ] import_rme.pl Restores RME files required for remote upgrade from RME 3.3.
User Guide for Resource Manager Essentials 78-13951-01 C-3 Appendix C Essentials Command Reference
Command Description pdexec / pdshow / pdterm Controls process manager. pdshow/pdexec/pdterm [ appName1 appName2 ... ]
• To get status of registered processes appName1, appName2, ..., send a request to CRM process manager using the command: pdshow [appName1 appName2 ...] • To start the registered process appName1 if it is not running, send a request to CRM process manager using the command: pdexec appName1 • To stop the registered application appName1 if it is running send a request to CRM process manager using the command: pdterm appName1 pdshow will show the status of all processes registered if no arguments are given. pdexec and pdterm require one or more appNames. where appNameN represents the registered name of each process that is registered with CRM process manager. pdmsg Broadcasts a string to all registered daemons under Daemon Management that are in the “Running Normally” state. To use this command, Daemon Management server must be running. pdmsg msg-string
User Guide for Resource Manager Essentials C-4 78-13951-01 Appendix C Essentials Command Reference
Command Description pdreg Registers and unregisters applications with CRM Process Manager. pdreg [-r appName -e pgm [-f pgmFlags ] [-d dependencies ] [-n] [-t 0|p|n ] ] | [-u appName ] | [-l appName ] • To register a process and invoke it without the -n or -t option. pdreg -r appName appName must be 25 alphanumeric characters or less. • To unregister a process and shut it down if the process is running. pdreg -u appName • To list the registry for a particular daemon. pdreg -l appName pdrun.pl A wrapper to run a command-line instruction within the CiscoWorks2000 environment. The command line instruction to be run needs to be double quoted as the argument. If the command-line instruction itself contains double quotes, precede it with a back slash. To run a command line instruction within the CiscoWorks2000 environment: perl pdrun "pdshow \"ANIServer jrm\"" ProxyAdminInterface.pl A CiscoWorks2000 command line instruction for initial recollection of data from Auto Update Server (Proxy Server). NMSROOT/bin/perl NMSROOT/cgi-bin/import/ ProxyAdminInterface.pl removeJrmJobs.pl Removes all the existing JRM jobs from cmf database. This is used in remote upgrade. removeRmeJobs.pl Deletes all the Job Information from RME database. This is used in remote upgrade.
User Guide for Resource Manager Essentials 78-13951-01 C-5 Appendix C Essentials Command Reference
Command Description restorebackup.pl Restores an earlier backup of the database. /opt/CSCOpx/bin/perl restorebackup.pl [-force] [-s groupName] [-gen generationNumber] {-d backup directory}
This script can be used for user-specific requirements to: • Restore only one group. For this, use the '-s groupName' parameter. • Restore all groups. For this, do not use the '-s' parameter. • Installed suites that includes CMF and Essentials. • See a list of the available backed-up generations. For this, enter the following at the command line: /opt/CSCOpx/bin/perl restorebackup.pl -h {-d backup directory} RmeJobCreateService.pl Creates new jobs from exported RME job data into Coyote system. Exported job data will be read from NMSROOT/rigel backup directory. Script will disable all the jobs after creation. RmeJobEnableService.pl Enables all the jobs disabled by Coyote upgrade or Job creation service.Information about list of jobs to be enabled is obtained from joblist.jrm and rmedisabledjobs.jrm under NMSROOT/setup directory. SampleEmailScript.pl Wrapper around the OS specific mail program. Accepts the usual parameters like sender, subject, email_ids, text_message and sends the message to the intended recipient. sampleEmailScript.pl -email_ids list of comma separated email addresses, -subject [subject of email] optional -from [from who] -sender [sender] -smtp [SMTP, needed for Windows 2000], -text_message [message text, '\n' character is used to break up message into multiple lines] uninstall.sh Uninstallation program that removes files and settings. Uninstallation allows you to remove only Essentials or remove CiscoWorks2000 CD One as well. To remove CD One, you must remove Essentials as well. Before removing Essentials, you must first remove any applications that depend on Essentials. uninstall.sh
User Guide for Resource Manager Essentials C-6 78-13951-01
INDEX
Contract Connection 2-34 A troubleshooting A-6 adding functionality and incremental device usage scenario, with Inventory 14-1 support, overview 1-14 workflow 2-35 advanced report, messages from selected VPN device views 2-2 devices (Syslog Analysis) 3-4 Applications and the Device Credentials applications 2-1 (table) 2-5 Availability 2-6 device credentials, setting 2-4 benefits of 2-6 Device Views (figure) 2-3 functional flow 2-7 Device Views Tasks (table) 2-4 Case Management 2-36 types of views 2-2 Case management Task (table) 2-36 Inventory 2-37 Change Audit 2-10 benefits of 2-37 functional flow 2-11 functional flow 2-38 troubleshooting A-2 hardware encryption report 3-3 Configuration Management 2-14 image upgrade report 3-3 benefits of 2-14 troubleshooting A-7 Config Editor option 2-31 unmanaged devices, adding to 7-6 Config Management Tasks (table) 3-2 usage scenario, with Contract Config Management Troubleshooting Connection 14-1 (table) A-4 VPN management solution report 3-2 configuration archive 2-18 Job Approval 2-46 functional flow 2-15 Job Approval Tasks (table) 2-48 NetConfig option 2-23 Job Approval Workflow (figure) 2-47 Network Show Commands option 2-27 process 2-47 troubleshooting A-4 Software Management 2-49
User Guide for Resource Manager Essentials 78-13951-01 IN-1 Index
benefits of 2-49 architecture, overview 1-7 Change Audit, using with 6-1 Cisco.com 1-10 functional flow 2-49 CiscoWorks2000 Server 1-8 Software Management Functional Flow Essentials database and functions 1-9 (figure) 2-50 Essentials functional architecture Software Management Tasks (table) 2-52 (figure) 1-8 Software Management Troubleshooting web clients 1-9 (table) A-21 audience for this document xi Software Management Workflow Auto Update Server (figure) 2-51 (see Proxy Server) 11-1 troubleshooting A-13 Availability application 2-6 Syslog Analysis 2-55 benefits of 2-6 Availability, using with 5-1 functional flow 2-7 certificate report 3-4 Availability Functional Flow (figure) 2-8 compression-decompression report 3-4 Availability Manager Tasks (table) 2-9 custom reports, creating 13-1 Availability Workflow (figure) 2-8 de-encapsulation report 3-3 workflow 2-8 functional flow 2-55 using with Syslog Analysis, scenario 5-1 Functional Flow (figure) 2-56 hardware encryption report 3-3 IKE report 3-4 B messages from selected VPN devices, report 3-4 backup.pl command, description C-1 packet replay report 3-4 Syslog Analysis vs. Change Audit Workflow (figure) 2-58 C Syslog Analysis Workflow (figure) 2-57 Case Management application 2-36 troubleshooting A-25 Case Management Task (table) 2-36 workflow 2-57 cautions System Configuration 2-5 regarding System Configuration Tasks (table) 2-6
User Guide for Resource Manager Essentials IN-2 78-13951-01 Index
commands entered in user and adhoc CiscoWorks2000 Server templates 2-25 architectural component 1-8 deleting software images from the FAQs on Essentials Server 7-5 backing up data for a single significance of xii application A-37 CCO (Cisco Connection Online) directory structure when backing up retrieving software images from 6-4 data A-34 upgrade analysis, performing 6-3 which devices supported by particular applications A-37 username and password, when used 14-2 CD-ROM, obtaining Cisco documentation troubleshooting A-34 on xiv command reference Change Audit application 2-10 backup.pl C-1 FAQs on tracking crmimport C-1 configuration changes A-2 cwconfig C-2 who made what changes A-2 cwinvcreport C-2 functional flow 2-11 dbpasswd.pl C-3 Change Audit Functional Flow dig C-3 (figure) 2-12 dmgtd C-3 Change Audit Tasks (table) 2-13 import_rme.pl C-3 Change Audit Work Flow (figure) 2-12 pdexec C-4 troubleshooting A-2 pdmsg C-4 usage scenarios pdreg C-5 using with Configuration pdrun.pl C-5 Management 12-1 pdshow C-4 using with multiple applications 7-1 pdterm C-4 using with Software Management 6-1 ProxyAdminInterface.pl C-5 Cisco, contact when updating RemoveJrmJobs.pl C-5 contract status on network devices 14-4 RemoveRmeJobs.pl C-5 your Contract Agent profile 14-2 restorebackup.pl C-6 Cisco.com, obtaining technical assistance through xv RmeJobCreateService.pl C-6
User Guide for Resource Manager Essentials 78-13951-01 IN-3 Index
RmeJobEnableService.pl C-6 NetConfig, Config Editor, and Network Show commands 2-20 SampleEmailScript.pl C-6 NetConfig option 2-23 uninstall.sh C-6 command sets in Network Show Commands for benefits of 2-24 more than 10 devices (FAQ) A-3 NetConfig Functional Flow (figure) 2-24 compression-decompression report (Syslog NetConfig Tasks (table) 2-25 Analysis) 3-4 usage scenarios, using alone 9-1 Configuration Management application 2-14 Network Show Commands option 2-27 benefits of 2-14 benefits of 2-27 Change Audit, using with 12-1 commands, how many per set A-3 Config Editor option 2-31 commands, inclusiveness A-3 benefits of 2-31 command sets for more than 10 Config Editor Functional Flow devices A-3 (figure) 2-32 FAQs on commands, error messages A-3 Config Editor Tasks (table) 2-33 Network Show commands Functional Flow Configuration Management Tasks (table) 3-2 (figure) 2-29 Configuration Management Troubleshooting Network Show Commands Tasks (table) A-4 (table) 2-29 FAQs on troubleshooting A-4 devices imported from NMS, comparing usage scenarios configurations A-3 using alone 8-1 finding out what devices are supported A-2 using with Change Audit 12-1 functional flow 2-15 using with multiple other applications 7-1 configuration archive 2-18 configuring multiple devices 9-1 Configuration Archive Functional Flow prerequisites 9-2 (figure) 2-18 procedures 9-2 Configuration Management Archive-Specific Tasks (table) 2-21 NetConfig job, defining 9-3 Configuration Management Functional template, creating 9-2 Flow (figure) 2-16 verifying 9-5 Configuration Management Workflow Contract Agent access (figure) 2-17 updating 14-2
User Guide for Resource Manager Essentials IN-4 78-13951-01 Index
when required 14-2 prerequisites 12-2 Contract Connection application 2-34 procedures 12-2 FAQs on serial numbers verifying 12-3 different types A-6 using a template 8-1 out of sync A-6 prerequisites 9-2 why Electronic Serial Number field might procedures 8-2 be blank A-6 verifying 8-1 troubleshooting A-6 device data, importing to Inventory 10-1 usage scenario, with Inventory 14-1 prerequisites 10-2 workflow 2-35 procedure 10-3 Contract Connection Task (table) 2-35 verification 10-4 contract status of devices devices updating configuring multiple 9-1 prerequisites 14-2 prerequisites 9-2 procedures 14-2 procedures 9-2 verifying 14-2 verifying 9-5 crmimport command, description C-1 contract status on, updating 14-4 custom reports Device Serial Number field is blank, FAQ in Syslog Analysis on A-9 creating 13-1 disabled, troubleshooting 2-25 verifying creation of 13-3 imported from NMS, comparing configurations A-3 viewing 5-4 misconfigured, troubleshooting 2-25 cwconfig command, description C-2 monitoring 5-1 cwinvcreport command, description C-2 prerequisites 5-2 procedures 5-2 D verifying 5-4 network dbpasswd.pl command, description C-3 checking contract status of 14-2 device configuration changes updating contract status on 14-4 checking 12-1
User Guide for Resource Manager Essentials 78-13951-01 IN-5 Index
Network Show command sets for more than types of views 2-2 10 (FAQ) A-3 dig command, description C-3 serial numbers directory structure used by CiscoWorks2000 updating 14-3 Server when backing up data (FAQ) A-34 verifying, FAQ on A-9 dmgtd command, description C-3 verifying update of 14-4 documentation why they may not match shipment serial numbers 14-3 feedback, providing electronically or by mail xiv software, upgrading 6-1 obtaining xiii prerequisites 6-2 on a CD-ROM xiv procedures 6-2 on the World Wide Web xiii verifying 6-8 supported ordering xiv by Configuration Management, FAQ on related xii determining A-2 by Inventory, FAQ on determining A-7 E by which applications, FAQ on determining A-37 Essentials Server syslog messages for, not getting A-25 deleting images from, caution regarding 7-5 unmanaged, adding to Inventory 7-6 maintaining 7-1 VPN configurations, removing from the advanced report, messages from archive 7-7 selected 3-4 images, removing from the software search report 3-2 library 7-5 device support, adding incremental 1-14 old data, removing from the Job Control device views application 2-2 report 7-6 device credentials, setting 2-4 overall procedures 7-2 Applications and the Device Credentials prerequisites for maintenance 7-2 (table) 2-5 records, removing from the Change Audit Device Views (figure) 2-3 log 7-3 Device Views Tasks (table) 2-4 unmanaged devices, adding to Inventory 7-6
User Guide for Resource Manager Essentials IN-6 78-13951-01 Index
verifying maintenance 7-8 NetConfig Functional Flow 2-24 Change Audit log records removed 7-8 Network Show Commands Functional Flow 2-29 configurations removed from the archive 7-9 Software Management Functional Flow 2-50 old data removed from the Job Control Software Management Workflow 2-51 report 7-9 Syslog Analysis Functional Flow 2-56 software images removed from the Syslog Analysis vs. Change Audit library 7-8 Workflow 2-58 unmanaged devices added to Inventory 7-9 Syslog Analysis Workflow 2-57 file import formats B-1 F comma-separated values (CSV) file B-2 example B-2 figures device integration file (DIF) B-4 Availability Functional Flow 2-8 example B-4 Availability Workflow 2-8 functionality, adding 1-14 Change Audit Functional Flow 2-12 Change Audit Work Flow 2-12 Config Editor Functional Flow 2-32 G Configuration Archive Functional Flow 2-18 getting started, overview 1-10 Configuration Management Functional Flow 2-16 Configuration management Workflow 2-17 H Device Views 2-3 hardware encryption report (Inventory) 3-3 Essentials functional architecture 1-8 help Essentials Task Usage Workflow 1-12 (see also troubleshooting) A-1 Importing Information from Proxy Server 11-3 online xiii Inventory Management Functional Flow 2-39 technical assistance, obtaining xv Inventory Management Workflow 2-40 Cisco.com xv Job Approval Workflow 2-47 TAC xv NAT Support 4-2
User Guide for Resource Manager Essentials 78-13951-01 IN-7 Index
prerequisites 10-2 I procedure 10-3 IKE report (Syslog Analysis) 3-4 verification 10-4 images (see software images) 3-3 reports import_rme.pl command, description C-3 hardware encryption 3-3 importing device data to Inventory 10-1 image upgrade 3-3 prerequisites 10-2 VPN management solution 3-2 procedure 10-3 troubleshooting A-7 verification 10-4 unmanaged devices, adding to 7-6 Inventory application 2-37 usage scenarios benefits of 2-37 using with Contract Connection 14-1 determining devices supported by, FAQ using with multiple applications 7-1 on A-7 inventory information, maintaining 14-1 FAQs on prerequisites 14-2 data collection methods A-8 procedures 14-2 device serial number, verifying and device serial numbers, updating 14-3 correcting A-9 network devices, checking contract status Device Serial Number field blank A-9 of 14-2 Inventory Poller A-8 verifying 14-2 most recent changes A-8 contract status on network devices 14-4 Schedule Collection, how often to run A-8 device serial numbers updated 14-4 Schedule Collection, when last Inventory Tasks (table) 3-3 performed A-8 Inventory Troubleshooting (table) A-9 what devices are supported A-7 functional flow 2-38 Inventory Management Functional Flow J (figure) 2-39 Inventory Management Workflow Job Approval application 2-46 (figure) 2-40 Job Approval Workflow (figure) 2-47 Inventory Manager Tasks (table) 2-41 process 2-47 importing device data to 10-1 Job Approval Tasks (table) 2-48
User Guide for Resource Manager Essentials IN-8 78-13951-01 Index
Job Approval Workflow (figure) 2-47 Network Address Translation Support 4-1 Introducing NAT Support 4-2 Network Show Commands (Configuration M Management option) FAQs on maintaining the Essentials Server (see Essentials Server) 7-1 commands, error messages A-3 Managing devices commands, how many per set A-3 outside the NAT 4-3 commands, inclusiveness A-3 Managing PIX Devices command sets for more than 10 devices A-3 Importing Information from Proxy Server 11-2 Network Show Commands Functional Flow (figure) 2-29 through Proxy Server (Auto Update Server) 11-1 Network Show Commands Tasks (table) 2-29 Managing PIX Devices through Proxy Server (Auto Update Server) 11-1 monitoring devices 5-1 O prerequisites 5-2 OSPF NOMEMORY errors, correcting 13-1 procedures 5-2 overview 1-1 custom report, viewing 5-4 adding functionality and incremental device network availability, determining support 1-14 current 5-2 features 1-2 syslog messages, viewing latest 5-3 Essentials Applications (table) 1-3 verifying 5-4 functional architecture 1-7 Cisco.com 1-10 N CiscoWorks2000 Server 1-8 Essentials database and functions 1-9 NetConfig (Configuration Management option) Essentials functional architecture benefits of 2-24 (figure) 1-8 NetConfig Functional Flow (figure) 2-24 web clients 1-9 NetConfig Tasks (table) 2-25 getting started 1-10 usage scenarios, using alone 9-1 RME functions 1-11
User Guide for Resource Manager Essentials 78-13951-01 IN-9 Index
administrative tasks 1-12 R system configuration 1-13 task workflow 1-12 reader comment form, submitting electronically xiv user tasks 1-11 removeJrmJobs.pl command, description C-5 supported devices 1-14 removeRmeJobs.pl command, description C-5 time zone implementaion 1-15 reports advanced, report of messages from selected P VPN devices (Syslog Analysis) 3-4 certificate report (Syslog Analysis) 3-4 packet replay report (Syslog Analysis) 3-4 compression-decompression (Syslog pdexec command, description C-4 Analysis) 3-4 pdmsg command, description C-4 custom reports in Syslog Analysis pdreg command, description C-5 creating 13-1 pdrun.pl command, description C-5 prerequisites to creating 13-2, 14-2 pdshow command, description C-4 verifying creation of 13-3 pdterm command, description C-4 viewing 5-4 PIX devices, managing through Proxy Server de-encapsulation (Syslog Analysis) 3-3 prerequisites 11-4 hardware encryption procedures 11-4 Inventory 3-3 distributing images 11-5 Syslog Analysis 3-3 importing Proxy Server 11-4 IKE report (Syslog Analysis) 3-4 verification 11-5 image upgrade (Inventory) 3-3 privileges packet replay report (Syslog Analysis) 3-4 Contract Agent Syslog Analysis 3-3 updating 14-2 VPN configuration (Configuration Management) 3-2 when required 14-2 VPN management solution (Inventory) 3-2 Proxy Server restorebackup.pl command, description C-6 Managing PIX Devices 11-1 RME functions, overview 1-11 administrative tasks 1-12
User Guide for Resource Manager Essentials IN-10 78-13951-01 Index
system configuration 1-13 removing from the software library 7-5 task workflow 1-12 retrieving from CCO 6-4 Essentials Task Usage Workflow Software Management application 2-49 (figure) 1-12 benefits of 2-49 user tasks 1-11 Change Audit, using with 6-1 RmeJobCreateService.pl command, functional flow 2-49 description C-6 Software Management Functional Flow RmeJobEnableService.pl command, (figure) 2-50 description C-6 Software Management Tasks (table) 2-52 Software Management Workflow S (figure) 2-51 Software Management Functional Flow SampleEmailScript.pl command, (figure) 2-50 description C-6 Software Management Troubleshooting Sample Essentials Backup Directory A-36 (table) A-21 Schedule Collection (Inventory) Software Management Workflow (figure 2-51 how often to run (FAQ) A-8 troubleshooting A-13 when last performed A-8 usage scenario scheduling using with Change Audit 6-1 Schedule Collection using with multiple other applications 7-1 how often to run, FAQ on A-8 supported devices, overview 1-14 when last performed, FAQ on A-8 Syslog Analysis application 2-55 software image upgrade jobs FAQs on part of scenario 6-5 location of syslog messages A-26 servers not getting syslog messages for CiscoWorks2000 (see CiscoWorks2000 devices A-25 Server) A-34 syslog window appears to lock up A-26 Essentials (see Essentials Server) 7-1 functional flow 2-55 software images on Windows 2-57 caution regarding deleting 7-5 image upgrade report 3-3
User Guide for Resource Manager Essentials 78-13951-01 IN-11 Index
Syslog Analysis Functional Flow scenario 13-1 (figure) 2-56 prerequisites 14-2 Functional Flow (figure) 2-56 procedures 13-2 reports verifying 13-3 certificate 3-4 System Configuration application 2-5 compression-decompression 3-4 System Configuration Tasks (table) 2-6 custom, creating 13-1 de-encapsulation 3-3 hardware encryption 3-3 T IKE 3-4 tables messages from selected VPN devices 3-4 Applications and the Device Credentials 2-5 packet replay 3-4 Availability Manager Tasks 2-9 syslog custom report 13-1 Case Management Task 2-36 Syslog Analysis vs. Change Audit Workflow Change Audit Tasks 2-13 (figure) 2-58 Config Editor Tasks 2-33 Syslog Analysis Workflow (figure) 2-57 Configuration Management Archive-Specific Syslog Troubleshooting (table) A-27 Tasks 2-21 troubleshooting A-25 Configuration Management Tasks 3-2 usage scenarios Configuration Management using alone 13-1 Troubleshooting A-4 using with Availability 5-1 Contract Connection Task 2-35 using with multiple other applications 7-1 Device Views Tasks 2-4 using with Availability, scenario 5-1 Essentials Applications 1-3 workflow 2-57 Inventory Manager Tasks 2-41 Syslog Analysis Tasks (table) 2-59 Inventory Tasks 3-3 Syslog Analysis vs. Change Audit Inventory Troubleshooting A-9 Workflow (figure) 2-58 Job Approval Tasks 2-48 Syslog Analysis Workflow (figure) 2-57 NetConfig Tasks 2-25 Syslog vs. Change Audit 2-58 Network Show Commands Tasks 2-29 syslog custom report (Syslog Analysis) Software Management Tasks 2-52
User Guide for Resource Manager Essentials IN-12 78-13951-01 Index
Software Management FAQs on A-2 Troubleshooting A-21 troubleshooting A-4 Syslog Analysis Tasks 2-59 Contract Connection A-6 Syslog Troubleshooting A-27 FAQs on A-6 System Configuration Tasks 2-6 disabled devices 2-25 VPN Syslog Analysis Tasks 3-3 Inventory A-7 TAC (Technical Assistance Center) FAQs on A-7 obtaining support from xv troubleshooting A-9 how the Escalation Center works xvii misconfigured devices 2-25 priority levels, understanding xvi Software Management A-13 telephone numbers xvii FAQs, access to A-13 website xvi troubleshooting A-21 Technical Assistance Center (see TAC) xv Syslog technical support xv troubleshooting A-27 (see also troubleshooting) A-1 Syslog Analysis A-25 through Cisco.com xv FAQs on A-25 through TAC xv typographical conventions used in this telephone numbers for TAC (see technical document xi support) xvii Telnet passwords, changing (scenario) 8-2 templates U for configuring multiple devices, uninstall.sh command, description C-6 creating 9-2 upgrade analysis through CCO, performing 6-3 for device configuration changes, using 8-1 upgrading devices 6-1 time zone implementation, overview 1-15 prerequisites 6-2 troubleshooting A-1 procedures 6-2 Change Audit A-2 verifying 6-8 CiscoWorks2000 Server A-34 upgrading device software 6-1 FAQs on A-34 prerequisites 6-2 Configuration Management A-2 procedures 6-2
User Guide for Resource Manager Essentials 78-13951-01 IN-13 Index
CCO upgrade analysis, performing 6-3 World Wide Web software images, retreiving from CCO 6-4 contacting TAC via xvi software image upgrade, scheduling 6-5 obtaining Cisco documentation via xiii upgrade, tracking 6-7 verifying 6-8
V
VPN Security Management Solution 3-1 Configuration Management reports 3-2 search VPN devices 3-2 VPN configuration report 3-2 Inventory reports 3-2 hardware encryption reports 3-3 image upgrade reports 3-3 Syslog Analysis reports 3-3 advanced report, messages from selected VPN devices 3-4 certificate report 3-4 compression-decompression report 3-4 de-encapsulation report 3-3 hardware encryption reports 3-3 IKE report 3-4 packet replay report 3-4 VPN Syslog Analysis Tasks (table) 3-3
W when to contact Cisco (see Cisco) 14-4
User Guide for Resource Manager Essentials IN-14 78-13951-01