|
|
This chapter contains the following sections:
 | Warning Read the installation instructions before you connect the system to its power source. |
| Warning There is the danger of explosion if the battery is replaced incorrectly. Replace the battery only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions. |
| Warning Ultimate disposal of this product should be handled according to all national laws and regulations. |
| Warning Do not work on the system or connect or disconnect cables during periods of lightning activity. |
| Warning Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces, and watches). Metal objects will heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals. |
| Warning Before working on a system that has an On/Off switch, turn OFF the power and unplug the power cord. |
| Warning Do not touch the power supply when the power cord is connected. For systems with a power switch, line voltages are present within the power supply even when the power switch is off and the power cord is connected. For systems without a power switch, line voltages are present within the power supply when the power cord is connected. |
| Warning The device is designed to work with TN power systems. |
| Warning The ports labeled "Ethernet," "10BaseT," "Token Ring," "Console," and "AUX" are safety extra-low voltage (SELV) circuits. SELV circuits should only be connected to other SELV circuits. Because the BRI circuits are treated like telephone-network voltage, avoid connecting the SELV circuit to the telephone network voltage (TNV) circuits. |
| Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 16A international) is used on the phase conductors (all current-carrying conductors). |
| Warning This equipment is intended to be grounded. Ensure that the host is connected to earth ground during normal use. |
The following sections describe how to install the Director software on an HP-UX or Solaris workstation:
Before you install the Director, verify that you meet the following requirements:
The following software must be installed on your workstation:
| HP-UX | Sun Solaris |
|---|---|
|
|
The following free storage requirements must be met:
| Disk Area | HP-UX | Solaris |
|---|---|---|
/opt | 65 MB | 110 MB |
NetRanger Logging in /usr/nr/var | 1 GB | 1 GB |
NetRanger /usr/nr Directory | 50 MB | 50 MB |
Java Run Time Environment | 10 MB (/usr) | 12 MB (/opt)* |
*Solaris installs require 122 MB total space in /opt | ||
The RAM requirements for the Director software are dictated by the requirements of the network management software. You should run the Director on a dedicated machine with at least 96 MB of RAM. Consult your network management platform documentation for more information about RAM requirements and recommendations.
The following sections provide information on preparing for and installing OpenView on an HP-UX or Solaris workstation:
Before you can install the NetRanger Director, make sure that user root's PATH variable contains /usr/sbin. Attempting an installation without /usr/sbin in user root's PATH will cause the installation to fail.
To check if user root's PATH variable is correct, follow these steps:
Step 1 Log on as user root.
Step 2 Type:
echo $PATH
Step 3 Check to see if "/usr/sbin" is in the output of the echo command.
Step 4 If /usr/sbin is not in the PATH variable, do one of the following:
PATH=/usr/sbin:$PATH export PATH
setenv PATH /usr/sbin:$PATH
Before you can install HP Openview on HP-UX or Solaris systems, you must set the following parameters:
To set these parameters, follow these steps:
Step 1 Log on as user root.
Step 2 Type:
/etc/set_parms initial
Step 3 Reboot the Director machine and perform the following checks:
(a) Ping your loopback address with the ping 127.0.0.1 command.
(b) Ping your IP address with the ping IP_Address command, where IP_Address is your own IP address.
(c) Resolve your loopback address with the nslookup 127.0.0.1 command.
(d) Resolve your IP address with the nslookup IP_Address command, where IP_Address is your own IP address.
(e) Resolve your host name with the nslookup hostname command, where hostname is your own host name.
(f) Verify that the timezone is correct with the date command.
Step 4 Install HP OpenView.
Step 5 Add the following lines to the /.profile for user root. Note the space between the "." and the "/":
. /opt/OV/bin/ov.envvars.sh PATH=$PATH:$OV_BIN
Step 6 On HP-UX, modify the following semaphores to the displayed values. Use the SAM utility to adjust the kernel parameters to the specified values:
semmns to 256 semmni to 128 semmnu to 90 semume to 20
Step 1 Log on as user root.
Step 2 Insert the NetRanger/Director CD-ROM in the CD-ROM drive.
Step 3 If the CD-ROM drive is not automatically mounted, mount it by using one of the following commands:
| OS | Command |
HP-UX | mount /dev/dsk/c0t2d0 /mnt where /dev/dsk/c0t2d0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point |
Solaris | mount -F hsfs -r /dev/dsk/c0t6d0s0 /mnt where /dev/dsk/c0t6d0s0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point |
Step 4 Change directories to the mount point.
Step 5 Shut down any OpenView sessions by clicking Exit on the Map menu.
Step 6 Run the NetRanger installation utility by typing:
./install
Step 7 Check the /var/adm/nrInstall.log file for errors.
Step 8 The Director installation process creates an account for the user netrangr, if it did not already exist. You must set a password for that user. To set the password, type:
passwd netrangr
Step 9 Restart the OpenView daemons by typing:
/opt/OV/bin/ovstart
After you install the Director software, you will need to perform the following configuration tasks:
The NetRanger background process configuration files enable the Director to communicate with Sensors on your network. Follow these steps to configure the background processes:
Step 1 As user netrangr, stop the NetRanger/Director services by typing:
nrstop
Step 2 As user root, type:
sysconfig-director
Step 3 Enter the following information about the Director:
(a) Director Host ID---A unique numeric identifier for the Director host.
(b) Director Organization ID---A unique numeric identifier for a collection of Sensors and Directors. Each machine within an organization must share the same unique Organization ID.
(c) Director Host Name---A unique logical name associated with the Director Host ID.
(d) Director Organization Name---A unique logical name associated with the Director Organization ID.
(e) Director IP Address---The IP address assigned to the Director workstation.
Step 4 Exit sysconfig-director.
Step 5 Log on as user netrangr and type:
nrstart
Not all daemons shipped with OpenView are needed for the Director to work. You can disable these daemons so they do not start when you type the ovstart command. Disabling these daemons provides better performance and response time, and makes managing and using OpenView easier.
To disable the daemons on HP-UX and Solaris, follow these steps:
Step 1 Bring down all copies of the user interface by clicking Exit on the Map menu.
Step 2 Log on as user root.
Step 3 Stop the OpenView daemons by typing:
ovstop
Step 4 Type each of the following commands:
ovdelobj /etc/opt/OV/share/lrf/netmon.lrf ovdelobj /etc/opt/OV/share/lrf/ovtopmd.lrf ovdelobj /etc/opt/OV/share/lrf/snmpCollect.lrf ovdelobj /etc/opt/OV/share/lrf/ovrepld.lrf ovdelobj /etc/opt/OV/share/lrf/ovactiond.lrf
Step 5 If you disable the ovtopmd.lrf service, use a text editor to remove the text "-Initial" from the ipmap file in the $OV_REGISTRATION/C directory.
Step 6 If you disable netmon.lrf and/or snmpCollect.lrf, use a text editor to remove the text "-Initial" from the xnmevents file in the $OV_REGISTRATION/C/ovsnmp directory.
Step 1 As user root, start the OpenView daemons by typing:
ovstart
Step 2 As user netrangr, start the NetRanger daemons by typing:
nrstart
Step 3 Start the user interface by typing:
$OV_BIN/ovw &
Step 4 Double-click the NetRanger icon.
Step 5 Click Maps>Describe/Modify on the Map menu.
Step 6 Under Compound Status, click Propagate Most Critical.
Step 7 Click OK.
Step 8 Click Submap>Set This Submap As Home on the Map menu.
Step 9 Click Submap>Describe/Modify on the Map menu.
Step 10 Under Background Graphics, click Browse.
Step 11 From the pop-up list, select the background graphic of your choice.
The usastates.gif is a popular choice. You could also create a custom GIF file with any graphics program and use that GIF file as an OpenView submap background.
Step 12 Click OK, and then click OK again.
By default, user netrangr is the only user configured to use and reconfigure the NetRanger Director system. If you want to grant Director software access to another user, you must add the user to the Unix group netrangr. You must also configure the user's shell environment appropriately. Instructions for both follow:
to execute nrdirmap.
User netrangr uses the ksh UNIX shell. The environment settings for user netrangr are kept in the file /usr/nr/.profile. The .profile puts /usr/nr/bin in the $PATH, and then it sets environment variables for OpenView, JAVA, and Oracle.
Starting with the 2.2.0 release of NetRanger, you no longer make customizations directly to user netrangr's .profile file. Instead, you make custom changes to the .profile.custom file. Doing so keeps your customizations and special environment variables intact during upgrades.
This section describes the following tasks you must follow to configure a Sensor:
Step 1 Position the Sensor workstation on a subnet. (For more information on Sensor placement on a network, refer to "Pre-Installation Considerations."
Step 2 Attach the necessary power cables to the Sensor.
Step 3 Connect the keyboard and monitor to the Sensor.
Step 4 Attach the necessary communication cables according to your network configuration, as illustrated in Figure 3-1.
For an Ethernet or Fast Ethernet network configuration:
For a Token Ring network configuration:
For a FDDI network configuration:
Step 5 Power on the Sensor.
Step 1 Log on as user root.
Step 2 Type sysconfig-sensor at the command prompt.
The following menu appears:
NetRanger Sensor Host Configuration Version 2.2.0 Choose a value to configure one of the following parameters: 1 - IP Address 2 - IP Netmask 3 - IP Hostname 4 - Default Route 5 - COM1 Port 6 - Network Access Control 7 - NetRanger Communications Infrastructure x - Exit Selection:
Step 3 To configure the Sensor, select each number and enter the appropriate information. Use Table 3-1 to help you set the Sensor's parameters.
| Parameter | Menu Option | Definition | Example | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
IP Address | 1 | Use this option to set the Sensor's IP address. | 10.1.9.201 | ||||||||||||||||||
IP Netmask | 2 | Use this option to set the Sensor's netmask. | 255.255.255.0 | ||||||||||||||||||
IP Host name | 3 | Use this option to set the Sensor's host name. | sensor-one | ||||||||||||||||||
Default Route | 4 | Use this option to enter the IP address of the primary router on the LAN with the Sensor. | 10.1.1.101 | ||||||||||||||||||
COM1 Port | 5 | Use this option to set the COM1 port to "serial." This allows tty access through the serial port. Selecting "device" allows the user to connect a serial cable to the serial port and "tip" into a network device. | serial | ||||||||||||||||||
Network Access Control | 6 | Use this option to add or remove IP addresses of hosts and networks that can access the Sensor via Telnet, FTP, and TFTP. The Director must be able to access the Sensor, so make sure that its address is in the list. | 10.5.3.2 10.6.1. | ||||||||||||||||||
NetRanger Communications Infrastructure | 7 | Use this option to set up the following communications parameters on the Sensor:
|
|
Step 4 After running sysconfig-sensor, reboot the Sensor by typing:
init 6
Step 5 Log on as user netrangr. The default password is attack.
Step 6 Once the initial prompt is accessed, use the su command to become the root user.
Step 7 Enter the default root password: attack. Once the root prompt is accessed, immediately change the root and netrangr passwords by using the passwd command.
Step 1 On the Director interface, open nrConfigure by clicking Configure on the Security menu.
Step 2 On nrConfigure, click Add Host on the File menu.
The Installation Wizard starts.
Step 3 Read the instructions on the first screen of the Installation Wizard (see Figure 3-2) and click Next.
Step 4 The Installation Wizard fills in the machine's Organization Name and ID.
If you need to create a new Organization, click Create.
Enter the machine's Host name, Host ID, and IP address in the appropriate fields (see Figure 3-3).
Step 5 Click Next.
The Host Type screen opens (see Figure 3-4).
Step 6 If you are adding a Sensor, select Add new Sensor reporting to this Director.
If you are adding a Director, select Forward alarms to secondary Director.
Step 7 Click Next.
The Security Information screen opens (see Figure 3-5).
Step 8 Set the number of minutes for logging and shunning on an event.
Step 9 Enter the name of the Sensor's interface responsible for packet capture.
Legal device names are /dev/spwr0 (Ethernet/Fast Ethernet), /dev/ptpci (FDDI), and /dev/mtok (Token Ring).
Step 10 Click Add to enter information about the network(s) the Sensor is protecting.
Step 11 Enter the IP address and network mask of a network being protected by the Sensor. To add more networks to the list, click Add and repeat Step 11 as necessary.
Step 12 Click Next.
The Cisco Router Information screen opens (see Figure 3-6).
Step 13 If you are not using a Cisco router for shunning, click Next.
Step 14 If you are using a Cisco router for shunning, enter the following information about the Cisco router.
(a) The router's network host name, password, and enable password
(b) The router's Network Address Translation IP address
(c) The Sensor's command and control IP address
(d) The router's external IP address
Step 15 Click Next.
The Final screen opens (see Figure 3-7).
Step 16 Click Finish to end your new host configuration.
Starting with the 2.2.0 release of NetRanger, you no longer make customizations directly to user netrangr's .profile file. Instead, you make custom changes to the .profile.custom file. Doing so keeps your customizations and special environment variables intact during upgrades.
This section includes the following topics:
If you are upgrading a Sensor or a Director, you will need to follow these steps:
Step 1 Log on as user root.
Step 2 Insert the CD-ROM in the CD-ROM drive.
Step 3 Type the mount command to view all the mounted files.
If cdrom is not listed as a mounted file system, mount the CD-ROM drive by using one of the following commands:
| OS | Command |
HP-UX | mount /dev/dsk/c0t2d0 /mnt where /dev/dsk/c0t2d0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point |
Solaris | mount -F hsfs -r /dev/dsk/c0t6d0s0 /mnt where /dev/dsk/c0t6d0s0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point |
Step 4 Change directories to the mount point.
Step 5 Type:
./install
The installation procedure automatically stops NetRanger services, removes previous software versions, and installs the upgrade packages.
Step 6 If you have not rebooted your system, do so now.
If your Sensor was managing network devices, and you have upgraded it from version
2.1.1 to 2.2 or above, you must also upgrade that Sensor's device management configuration files.
To upgrade a Sensor's device management capabilities, follow these steps:
Step 1 On the Director interface, click the upgraded Sensor's icon and click Configure on the Security menu.
Step 2 In nrConfigure, double-click Device Management.
The Device Management dialog box opens.
Step 3 Click the Interfaces tab (see Figure 3-8).
Step 4 Click Add.
Step 5 Enter the following information for each interface on the managed network device:
(a) IP Address---The IP address assigned to the router interface.
(b) Interface Name---The name of the router interface (e.g., "ethernet0")
(c) Direction---The direction of the network traffic passing through the interface.
(d) Additional Interface/Direction Pairs---Enter the name of any other interface names and traffic directions.
Step 6 Click OK to close the Device Management dialog box.
Step 7 Click Apply to apply the configuration change.
During the upgrade of a Sensor, an automatic script compares the signatures templates in the /usr/nr/etc/wgc/templates directory with any existing signature configuration files in the /usr/nr/etc directory.
If a signature is missing in the configuration files in /usr/nr/etc, the script will add the signature. This procedure automates the addition of new signatures to existing signatures during an upgrade.
This section includes the following topics:
If you are upgrading to NetRanger 2.2.0 from a previous DMP or SAP installation, reference the following file to upgrade your DMP/SAP environment:
/usr/nr/bin/sap/upgrade.txt
If you are upgrading to NetRanger 2.2.0 from a previous DMP or SAP installation, reference the following file to upgrade your Oracle reference tables:
/usr/nr/bin/sap/sql/upgrade.txt
If you have upgraded or rebuilt an organization's Director, you must use the Insert Sensor utility to allow communication between the existing configured, operational Sensors and the newly upgraded Director.
To use the Insert Sensor utility, follow these steps:
Step 1 On the Director interface, click Configure on the Security menu.
nrConfigure opens.
Step 2 On nrConfigure's File Management Utility screen, right click on the appropriate organization folder and choose Insert Sensor.
The Add Host dialog box opens.
Step 3 Enter the Sensor's Host Name and ID in the appropriate fields.
Step 4 Click OK.
The nrConfigure - IP Address dialog box opens and prompts you to enter the IP address of the Sensor that you are configuring.
Step 5 Enter the Sensor IP address and click OK.
The added Sensor should now appear in nrConfigure's File Management Utility screen.
 | TimeSaver Use this section only if you did not receive a preassembled Sensor from the factory, or need to rebuild a Sensor machine during an upgrade. |
The NetRanger CD contains software to configure and install a NetRanger Sensor on either a x86 or SPARC Solaris workstation running Solaris version 2.5.1 or 2.6.
Follow these steps to install the Sensor software:
Step 1 Log on as user root.
Step 2 Insert the CD-ROM in the CD-ROM drive.
Step 3 Type the mount command to view all the mounted filesystems.
Step 4 If the CD-ROM is not listed as a mounted file system, manually mount the CD-ROM drive:
mount -F hsfs -r /dev/dsk/c0t6d0s0 /mnt
where /dev/dsk/c0t6d0s0 is the device name of the system's CD-ROM drive and /mnt is an existing mount point.
Step 5 If the CD-ROM drive was automatically mounted, type:
/cdrom/netranger/install
Step 6 If the CD-ROM drive was manually mounted, type:
/mnt/install
The following procedure describes how to uninstall the Director software.
Step 1 Log on as user root.
Step 2 Copy the NetRanger software removal utility to the /tmp directory by typing:
cp /usr/nr/bin/nrUninstall /tmp
Step 3 Run the NetRanger software utility by typing:
/tmp/nrUninstall -f
Step 4 Choose the system that you want to remove (usually option 1 - All NetRanger Packages).
Posted: Fri Apr 30 08:21:13 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.