|
|
This chapter contains the following sections:
 | Warning Read the installation instructions before you connect the system to its power source. |
| Warning There is the danger of explosion if the battery is replaced incorrectly. Replace the battery only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions. |
| Warning Ultimate disposal of this product should be handled according to all national laws and regulations. |
| Warning Do not work on the system or connect or disconnect cables during periods of lightning activity. |
| Warning Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces, and watches). Metal objects will heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals. |
| Warning Before working on a system that has an On/Off switch, turn OFF the power and unplug the power cord. |
| Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is off and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected. |
| Warning The device is designed to work with TN power systems. |
| Warning The ports labeled "Ethernet," "10BaseT," "Token Ring," "Console," and "AUX" are safety extra-low voltage (SELV) circuits. SELV circuits should only be connected to other SELV circuits. Because the BRI circuits are treated like telephone-network voltage, avoid connecting the SELV circuit to the telephone network voltage (TNV) circuits. |
| Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 16A international) is used on the phase conductors (all current-carrying conductors). |
| Warning This equipment is intended to be grounded. Ensure that the host is connected to earth ground during normal use. |
This section describes how to install the Director software, and includes the following topics:
This section describes pre-installation requirements for the Director, and includes the following topics:
The following software must be installed on your workstation:
| HP-UX | Sun Solaris |
|---|---|
|
|
The following free storage requirements must be met:
| Disk Area | HP-UX | Solaris |
|---|---|---|
/opt | 65 MB | 110 MB |
NetRanger Logging in /usr/nr/var | 1 GB | 1 GB |
NetRanger /usr/nr Directory | 50 MB | 50 MB |
Java Run Time Environment | 10 MB (/usr) | 12 MB (/opt)* |
*Solaris installs require 122 MB total space in /opt | ||
The RAM requirements for the Director software are dictated by the requirements of the network management software. You should run the Director on a dedicated machine with at least 96 MB of RAM. Consult your network management platform documentation for more information about RAM requirements and recommendations.
This section provides information on preparing for and installing HP OpenView, and includes the following topics:
Before you can install the NetRanger Director, make sure that user root's PATH variable contains /usr/sbin. Attempting an installation without /usr/sbin in user root's PATH will cause the installation to fail.
To check if user root's PATH variable is correct, follow these steps:
Step 1 Log on as user root.
Step 2 Type:
echo $PATH
Step 3 Check to see if "/usr/sbin" is in the output of the echo command.
Step 4 If /usr/sbin is not in the PATH variable, do one of the following:
PATH=/usr/sbin:$PATH export PATH
setenv PATH /usr/sbin:$PATH
Before you can install HP Openview on HP-UX or Solaris systems, you must set the following parameters:
To set these parameters, follow these steps:
Step 1 Log on as user root.
Step 2 Type:
/etc/set_parms initial
Step 3 Reboot the Director machine and perform the following checks:
(a) Ping your loopback address with the ping 127.0.0.1 command.
(b) Ping your IP address with the ping IP_Address command, where IP_Address is your own IP address.
(c) Resolve your loopback address with the nslookup 127.0.0.1 command.
(d) Resolve your IP address with the nslookup IP_Address command, where IP_Address is your own IP address.
(e) Resolve your host name with the nslookup hostname command, where hostname is your own host name.
(f) Verify that the timezone is correct with the date command.
Step 4 Install HP OpenView.
Step 5 Add the following lines to the /.profile for user root. Note the space between the "." and the "/":
. /opt/OV/bin/ov.envvars.sh PATH=$PATH:$OV_BIN
Step 6 On HP-UX, modify the following semaphores to the displayed values. Use the SAM utility to adjust the kernel parameters to the specified values:
semmns to 256 semmni to 128 semmnu to 90 semume to 20
To install the Director software, follow these steps:
Step 1 Log on as user root.
Step 2 Insert the NetRanger/Director CD-ROM in the CD-ROM drive.
Step 3 If the CD-ROM drive is not automatically mounted, mount it by using one of the following commands:
| OS | Command |
HP-UX | mount /dev/dsk/c0t2d0 /mnt
where /dev/dsk/c0t2d0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point |
Solaris | mount -F hsfs -r /dev/dsk/c0t6d0s0 /mnt
where /dev/dsk/c0t6d0s0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point |
Step 4 Change directories to the mount point.
Step 5 Shut down any HP OpenView sessions by clicking Exit on the Map menu.
Step 6 Run the NetRanger installation utility by typing:
./install
Step 7 When prompted, type a new password for the user netrangr. If you elect not to create a new password, do so later with the UNIX passwd command.
Step 8 When prompted to configure the Director, type y to do so immediately. In sysconfig-director, enter the following information about the Director:
(a) Director Host ID---A unique numeric identifier for the Director host.
(b) Director Organization ID---A unique numeric identifier for a collection of Sensors and Directors. Each machine within an organization must share the same unique Organization ID.
(c) Director Host Name---A unique logical name associated with the Director Host ID.
(d) Director Organization Name---A unique logical name associated with the Director Organization ID.
(e) Director IP Address---The IP address assigned to the Director workstation.
(f) HTML Browser---The full path and filename of your HTML browser (for example /opt/netscape/netscape). This step is optional.
Step 9 On SPARC systems, if kernel parameters were changed, the system prompts you to perform a reboot.
Step 10 Check the /var/adm/nrInstall.log file for errors.
This section describes Director configuration procedures, and includes the following topics:
Use this section to configure the Director only if you have not already done so via the installation utility (refer to the "Installing the Director" section of this chapter) or if you need to run sysconfig-director directly from the command line.
Step 1 As user root, type:
sysconfig-director
Step 2 Enter the following information about the Director:
(a) Director Host ID---A unique numeric identifier for the Director host.
(b) Director Organization ID---A unique numeric identifier for a collection of Sensors and Directors. Each machine within an organization must share the same unique Organization ID.
(c) Director Host Name---A unique logical name associated with the Director Host ID.
(d) Director Organization Name---A unique logical name associated with the Director Organization ID.
(e) Director IP Address---The IP address assigned to the Director workstation.
(f) HTML Browser---The full path and filename of your HTML browser (for example /opt/netscape/netscape). This step is optional.
Step 3 Exit sysconfig-director.
Not all daemons shipped with HP OpenView are needed for the Director to work. You can disable these daemons so they do not start when you type the ovstart command. Disabling these daemons provides better performance and response time, and makes managing and using HP OpenView easier.
To disable the daemons on HP-UX and Solaris, follow these steps:
Step 1 Bring down all copies of the user interface by clicking Exit on the Map menu.
Step 2 Log on as user root.
Step 3 Stop the HP OpenView daemons by typing:
ovstop
Step 4 Type each of the following commands:
ovdelobj /etc/opt/OV/share/lrf/netmon.lrf ovdelobj /etc/opt/OV/share/lrf/snmpCollect.lrf ovdelobj /etc/opt/OV/share/lrf/ovrepld.lrf ovdelobj /etc/opt/OV/share/lrf/ovactiond.lrf
If your Director machine has HP OpenView 4.x installed, also type:
ovdelobj /etc/opt/OV/share/lrf/ovtopmd.lrf
If your Director machine has HP OpenView 5.x installed, also type:
ovdelobj /etc/opt/OV/share/lrf/ovtopmd.lrf ovdelobj /etc/opt/OV/share/lrf/ovdbcheck.lrf
If your Director machine has HP OpenView 6.x installed, also type:
ovdelobj /etc/opt/OV/share/lrf/ovdbcheck.lrf ovdelobj /etc/opt/OV/share/lrf/ovsessionmgr.lrf ovdelobj /etc/opt/OV/share/lrf/ovalarmsrv.lrf
Step 5 If you disable the ovtopmd.lrf service, use a text editor to remove the text "-Initial" from the ipmap file in the $OV_REGISTRATION/C directory.
Step 1 As user root, start the HP OpenView daemons by typing:
ovstart
Step 2 As user netrangr, start the NetRanger daemons by typing:
nrstart
Step 3 Start the user interface by typing:
$OV_BIN/ovw &
Step 4 Double-click the NetRanger icon.
Step 5 If your Director machine has HP OpenView 4.x or 5.x, click Maps>Describe/Modify on the Map menu.
If your Director machine has HP OpenView 6.x, click Properties on the Map menu.
Step 6 Under Compound Status, click Propagate Most Critical.
Step 7 Click OK.
Step 8 Click Submap>Set This Submap As Home on the Map menu.
Step 9 If your Director machine has HP OpenView 4.x or 5.x, click Submap>Describe/Modify on the Map menu.
If your Director machine has HP OpenView 6.x, click Submap>Properties on the Map menu.
Step 10 Under Background Graphics, click Browse.
Step 11 From the pop-up list, select the background graphic of your choice.
The usastates.gif is a popular choice. You could also create a custom GIF file with any graphics program and use that GIF file as an HP OpenView submap background.
Step 12 Click OK, and then click OK again.
By default, user netrangr is the only user configured to use and reconfigure the NetRanger Director system. If you want to grant Director software access to another user, you must add the user to the Unix group netrangr. You must also configure the user's shell environment appropriately. Instructions for both follow:
to execute nrdirmap.
User netrangr uses the ksh UNIX shell. The environment settings for user netrangr are kept in the file /usr/nr/.profile. The .profile puts /usr/nr/bin in the $PATH, and then it sets environment variables for HP OpenView, JAVA, and Oracle.
Starting with the 2.2.0 release of NetRanger, you no longer make customizations directly to user netrangr's .profile file. Instead, you make custom changes to the .profile.custom file. Doing so keeps your customizations and special environment variables intact during upgrades.
This section describes the tasks required for configuring a Sensor, and includes the following topics:
Step 1 Position the Sensor workstation on a subnet. For more information on Sensor placement on a network, refer to "Pre-Installation Considerations."
Step 2 Attach the necessary power cables to the Sensor.
Step 3 Connect the keyboard and monitor to the Sensor.
Step 4 Attach the necessary communication cables according to your network configuration, as illustrated in Figure 3-1.
For an Ethernet or Fast Ethernet network configuration:
For a Token Ring network configuration:
For a FDDI network configuration:
Step 5 Power on the Sensor.
Step 1 Log on as user root.
Step 2 Type sysconfig-sensor at the command prompt.
The Sensor Initial Configuration Utility menu appears:
NetRanger Sensor Initial Configuration Utility Choose a value to configure one of the following parameters: 1 - IP Address 2 - IP Netmask 3 - IP Hostname 4 - Default Route 5 - COM1 Port 6 - Network Access Control 7 - NetRanger Communications Infrastructure 8 - System Date, Time and Timezone 9 - Passwords x - Exit Selection:
Step 3 To configure the Sensor, select each number and enter the appropriate information. Use Table 3-1 to help you set the Sensor's parameters.
| Parameter | Menu Option | Definition | Example |
|---|---|---|---|
IP Address | 1 | Use this option to set the Sensor's IP address. | 10.1.9.201 |
IP Netmask | 2 | Use this option to set the Sensor's netmask. | 255.255.255.0 |
IP Host name | 3 | Use this option to set the Sensor's host name. | sensor-one |
Default Route | 4 | Use this option to enter the IP address of the primary router on the LAN with the Sensor. | 10.1.1.101 |
COM1 Port | 5 | Use this option to set the COM1 port to "serial." This allows tty access through the serial port. Selecting "device" allows the user to connect a serial cable to the serial port and "tip" into a network device. | serial |
Network Access Control | 6 | Use this option to add or remove IP addresses of hosts and networks that can access the Sensor via Telnet, FTP, and TFTP. The Director must be able to access the Sensor, so make sure that its address is in the list. | 10.5.3.2 10.6.1. |
NetRanger Communications Infrastructure | 7 | Use this option to set up the following communications parameters on the Sensor:
| Host ID: 10 Org ID: 100 Org Name: qa |
System Date, Time and Timezone | 8 | Use this option to set up the following system parameters on the Sensor:
| Follow the prompts. |
Passwords | 9 | Use this option to create new passwords for users root and netrangr. |
|
Step 4 After running sysconfig-sensor, reboot the Sensor by typing:
init 6
Step 1 On the Director interface, start the HP OpenView daemons as user root by typing:
ovstart
Step 2 As user netrangr, start the NetRanger daemons by typing:
nrstart
Step 3 Start the user interface by typing:
$OV_BIN/ovw &
Step 4 Open nrConfigure by clicking Configure on the Security menu.
Step 5 On nrConfigure, right-click the Organization folder to which you want to add the Sensor and click Add Host on the shortcut menu.
The Installation Wizard starts.
Step 6 Read the instructions on the first screen of the Installation Wizard (see Figure 3-2) and click Next.
Step 7 The Installation Wizard fills in the machine's Organization name and Organization ID.
If you need to create a new Organization, click Create.
Type the machine's Host name, Host ID, and Host IP Address in the appropriate fields (see Figure 3-3).
Step 8 Click Next.
The Host Type screen opens (see Figure 3-4).
Step 9 If you are adding a new Sensor, select Initialize and add a newly installed Sensor.
If you are adding a previously configured Sensor, select Add a previously configured sensor to the browser.
If you are adding a Director, select Forward alarms to secondary Director.
Step 10 Click Next.
The Security Information screen opens (see Figure 3-5).
Step 11 Set the number of minutes for logging and shunning on an event.
Step 12 Type the name of the Sensor's interface responsible for packet capture.
Legal device names are /dev/spwr0 (Ethernet/Fast Ethernet), /dev/ptpci (FDDI), and /dev/mtok (Token Ring).
Step 13 Click Add to enter information about the network(s) the Sensor is protecting.
Step 14 Enter the IP address and network mask of a network being protected by the Sensor. To add more networks to the list, click Add and repeat Step 14 as necessary.
Step 15 Click Next.
The Cisco Router Information screen opens (see Figure 3-6).
Step 16 If you are not using a Cisco router for shunning, click Next.
Step 17 If you are using a Cisco router for shunning, type the following information about the Cisco router in the appropriate fields:
(a) The router's network host name, password, and enable password
(b) The router's Network Address Translation IP address
(c) The Sensor's command and control IP address
(d) The router's external IP address
Step 18 Click Next.
The Final screen opens (see Figure 3-7).
Step 19 Click Finish to end your new host configuration.
Starting with the 2.2.0 release of NetRanger, you no longer make customizations directly to user netrangr's .profile file. Instead, you make custom changes to the .profile.custom file. Doing so keeps your customizations and special environment variables intact during upgrades.
This section includes the following topics:
If you are upgrading a Sensor or a Director, you will need to follow these steps:
Step 1 Log on as user root.
Step 2 Insert the CD-ROM in the CD-ROM drive.
Step 3 Type the mount command to view all the mounted files.
If cdrom is not listed as a mounted file system, mount the CD-ROM drive by using one of the following commands:
| OS | Command |
HP-UX | mount /dev/dsk/c0t2d0 /mnt
where /dev/dsk/c0t2d0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point |
Solaris | mount -F hsfs -r /dev/dsk/c0t6d0s0 /mnt
where /dev/dsk/c0t6d0s0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point |
Step 4 Change directories to the mount point.
Step 5 Type:
./install
The installation procedure automatically stops NetRanger services, removes previous software versions, and installs the upgrade packages.
Step 6 If you have not rebooted your system, do so now.
If your Sensor was managing network devices, and you have upgraded it from version
2.1.1 to 2.2 or above, you must also upgrade that Sensor's device management configuration files.
To upgrade a Sensor's device management capabilities, follow these steps:
Step 1 On the Director interface, click the upgraded Sensor's icon and click Configure on the Security menu.
Step 2 In nrConfigure, double-click Device Management.
The Device Management dialog box opens.
Step 3 Click the Interfaces tab (see Figure 3-8).
Step 4 Click Add.
Step 5 Type the following information for each interface on the managed network device in the appropriate fields:
(a) IP Address---The IP address assigned to the router interface.
(b) Interface Name---The name of the router interface (for example, "ethernet0")
(c) Direction---The direction of the network traffic passing through the interface.
(d) Additional Interface/Direction Pairs---Type the name of any other interface names and traffic directions.
Step 6 Click OK to close the Device Management dialog box.
Step 7 Click Apply to apply the configuration change.
During the upgrade of a Sensor, an automatic script compares the signatures templates in the /usr/nr/etc/wgc/templates directory with any existing signature configuration files in the /usr/nr/etc directory.
If a signature is missing in the configuration files in /usr/nr/etc, the script will add the signature. This procedure automates the addition of new signatures to existing signatures during an upgrade.
This section includes the following topics:
If you are upgrading to NetRanger 2.2.1 from a previous DMP or SAP installation, reference the /usr/nr/bin/sap/upgrade.txt file to upgrade your DMP/SAP environment.
If you are upgrading to NetRanger 2.2.1 from a previous DMP or SAP installation, reference the /usr/nr/bin/sap/sql/upgrade.txt file to upgrade your Oracle reference tables.
If you have upgraded or rebuilt an organization's Director, you must use the Add Host utility to allow communication between the existing configured, operational Sensors and the newly upgraded Director.
The Add Host utility is the same utility used to add a newly installed Sensor into an organization. The only difference between adding a newly installed Sensor and a previously configured Sensor is that you select Add a previously configured sensor to the browser on the Host Type screen.
For more information refer to the "Complete the Sensor Configuration" section of this chapter.
 | TimeSaver Use this section only if you did not receive a preassembled Sensor from the factory, or need to rebuild a Sensor machine during an upgrade. |
The NetRanger CD contains software to configure and install a NetRanger Sensor on either an x86 or SPARC Solaris workstation running Solaris version 2.5.1 or 2.6.
Follow these steps to install the Sensor software:
Step 1 Log on as user root.
Step 2 Insert the CD-ROM in the CD-ROM drive.
Step 3 Type the mount command to view all the mounted filesystems.
Step 4 If the CD-ROM is not listed as a mounted file system, manually mount the CD-ROM drive:
mount -F hsfs -r /dev/dsk/c0t6d0s0 /mnt
where /dev/dsk/c0t6d0s0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point.
Step 5 If the CD-ROM drive was automatically mounted, type:
/cdrom/netranger/install
Step 6 If the CD-ROM drive was manually mounted, type:
/mnt/install
The following procedure describes how to uninstall the Director software.
Step 1 Log on as user root.
Step 2 Copy the NetRanger software removal utility to the /tmp directory by typing:
cp /usr/nr/bin/nrUninstall /tmp
Step 3 Run the NetRanger software utility by typing:
/tmp/nrUninstall -f
Step 4 Choose the system that you want to remove (usually option 1-All NetRanger Packages).
Posted: Wed Jul 19 15:21:59 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.