|
|
Now that you have installed NATkit 2.0, you need to perform some required administrator setup tasks. This chapter contains the following sections:
Table 3-1 provides an overview of setting up NATkit 2.0 and references to more detailed information about each task. The information in the rest of this chapter follows the same order as the quick reference.
| Task | Steps | References | ||
|---|---|---|---|---|
| Step 1 Log on to the NATkit server. | "Accessing the Server" section | ||
Step 2 Familiarize yourself with the desktop interface. | "Accessing the Server" section | |||
| Step 1 Log on to the server as administrator. | "Logging In As Administrator" section | ||
Step 2 Secure the server. | "Securing the NATkit 2.0 Server" section | |||
Step 3 Configure the server. | ||||
Step 4 Log out of the server. | "Logging Out As Administrator" section | |||
| Step 1 Log on to the server as system or network administrator. | "Setting Up Downloads " section | ||
Step 2 Create download.ini file | "Setting Up Downloads " section | |||
Step 3 Test downloads. | "Setting Up Downloads " section | |||
Step 4 Select information to download | "Setting Up Downloads " section | |||
| Step 5 Log out of the server. | "Logging Out As Administrator" section |
NATkits configured by NATkit support after March 1, 2000 have the port number set to 1731. NATkits configured prior to March 1, 2000 may use port 80 or 1741. If you are installing NATkit, the default port is 80. If that port is in use, you will be prompted to use the alternative, port 1741. If you wish to use a port number besides 80 or 1741, please contact NATkit support at natkit-support@cisco.com.
If you receive an error message stating logging into port 1731, try alternate port numbers 1741 or 80:
http://server_name:1741
where server_name is the name of the machine where NATkit 2.0 was installed, and 1741 is the alternative port number you are attempting to use.
If you cannot access the NATkit server or the desktop is not displayed correctly, refer to the "Troubleshooting" appendix.
Now that you have accessed the NATkit 2.0 server, you need to log in as the administrator and set up the server for other users. The following sections explain how to perform these administrator setup tasks.
To perform adminstrator setup tasks you must log in as administrator. First, it is helpful to understand NATkit 2.0 logins and roles, which control user access to the system.
To use NATkit 2.0, you must have a valid login—a combination of a username and password. There are five groupings of access privileges in NATkit 2.0, called roles. The five roles are as follows:
Your access to application options is determined by the roles assigned to your login.
The access privileges assigned to the roles are not cumulative. That is, there is not a hierarchy of roles, with each role including all of the privileges of the role "below" it. Instead, each role is associated with a number of tasks the user can perform. The roles and their tasks are static; however, administrators can assign users to more than one role. For a full list of the roles and their corresponding access privileges, refer to the online help.
NATkit 2.0 ships with several default logins already created. These default logins are shown in Table 3-2.
| Username | Login Name | Password |
|---|---|---|
admin | Admin | — |
guest | Guest | — |
To log in as administrator, follow these steps:
Step 1 Enter the default administrator username and password in the Login Manager dialog box, as follows:
User Name:adminPassword:The password provided by NATkit support
Step 2 Click Connect.
The Login Manager dialog box is replaced by the navigation tree.
Step 3 Select Admin on the navigation tree to open the Admin drawer.
The administrator folders appear. (See Figure 3-1.) These folders contain the administrator options.
To maintain ongoing security for your server, be careful when creating new logins. Assign roles to user logins so that users can access only those application options that you want them to access.
NATkit 2.0 also provides built-in security using the features of the Solaris operating system. For more information about these security features, refer to the "NATkit 2.0 Security" appendix.
If the admin password must be changed, please inform NATkit Support before changing it. Send email to NATkit Support at natkit-support@cisco.com) with your phone number. Do not send passwords in emails.
To change the admin login password, follow these steps:
Step 1 Select Admin > User Accounts > Modify My Profile. The Modify My Profile dialog box appears (see Figure 3-2).
Step 2 Enter a password in the Password field.
Step 3 Confirm the password by entering it in the Confirm Password field. This field is required.
Step 4 Optionally, enter values for any of the other fields in the dialog box.
Step 5 Click Modify.
The dialog box is displayed until you select another option from the navigation tree.
To change the guest login password, follow these steps:
Step 1 Select Admin > User Accounts > Modify/Delete Users. The Modify/Delete User dialog box appears (See Figure 3-3).
Step 2 Select the guest login from the Users list.
Step 3 Enter the new password in the Password field.
Step 4 Confirm the new password by entering it in the Confirm Password field. This field is required.
Step 5 Optionally, enter values for any of the other fields in the dialog box.
Step 6 Click Modify. The message "User modified" appears in the lower left corner of the dialog box.
The dialog box is displayed until you select another option from the navigation tree.
To configure the system, follow these steps:
Step 1 Select Admin > System Administration > System Configuration. The System Configuration dialog box appears (see Figure 3-4).
Step 2 Select one of the following tabs to enter information or to verify that the configured information is correct:
Refer to Table 3-3 for descriptions of the information that appears in each dialog box tab.
| Tab Name | Description | Fields—Values to Enter |
|---|---|---|
Proxy | Used by NATkit 2.0 applications to connect to CCO. If the NATkit 2.0 server access to the outside world is controlled through a proxy server, this setting must be configured. | Proxy URL—Enter the system-wide proxy URL. There is no default. |
SNMP | Used by NATkit 2.0 applications to query devices for inventory collection, which includes importing and adding devices, and collecting inventory data. | Fast SNMP Timeout—Enter the amount of time, from 5 to 90 seconds, the system should wait for a a device to respond before it tries to access it again. The default is 5. Fast SNMP Retry—Enter the number of times, from 2 to 6, the system should try to access devices with fast SNMP options. The default Slow SNMP Timeout—Enter the amount of time, from 10 to 90 seconds, the system should wait for a device to respond before it tries to access it again. The default is 20. Slow SNMP Retry—Enter the number of times, from 2 to 6, the system should try to access a device with slow SNMP options. The default |
RCP | Used to specify the user when remote operations from devices are performed. It is used to authenticate any RCP transfers between the devices and the NATkit 2.0 server. The user account must exist on UNIX systems, and should also be configured on devices as local user. For additional information, refer to the "Preparing To Use NATkit 2.0 Applications" chapter, "Setting Up RCP" section. | User Name—Enter the name used by a network device when it connects to the NATkit 2.0 server to run RCP. |
Step 3 Click Apply to apply changed information.
Step 4 Click Defaults to apply the defaults already configured in the system.
Step 5 Repeat Step 2 through Step 4 until you have verified or corrected all the information displayed in the System Configuration dialog box.
The dialog box is displayed until you select another option from the navigation tree.
To end your administrator tasks, you must log out of NATkit 2.0. Follow these steps to log out:
Step 1 Close all secondary browser windows that are open. You should have only one browser window opened displaying the NATkit 2.0 interface.
Step 2 Click Logout. The Login Manager dialog box replaces the navigation tree.
Now that you have performed the necessary administrator tasks, continue installation with the "Preparing To Use NATkit 2.0 Applications" chapter.
A download.ini file needs to be created in order for NATkit to begin downloading the following types of data:
The download.ini file can be created two ways, from the NATkit GUI or from command line. In most cases the download is setup from the command line.
maxDownloadAttempts=3
availability=1
config=1
inventory=1
variables=1
syslog=1
stratalog=1
navail=1
discovery=1
customer_id=fourdigitID
customer_name=CustomerName
software_version=SoftwareVersion
encrypt_type=US
To find out the software version, customer ID, or customer name, do the following:
1. Go to the /opt/CSCONsa/bin/NSA directory
2. Enter the following: more customer.ini
Once you've created the download.ini file and placed it in the /opt/CSCOpx/htdocs/NSA/COMPANIES/*/out directory, you can test it by doing the following (provided you don't need to configure NATkit to go through a proxy. Refer to the next section if you do):
1. Log into the workstation and SU to root and SU to the ID "bin" (NATkit 2.0) or "natkuser" (NATkit 1.6).
2. Go to the /opt/CSCONsa/bin/NSA/loader.
3. Execute the download program "./dlddrv2.tcl".
4. Check the results in the "download-status" file located in /opt/CSCOpx/htdocs/NSA/COMPANIES/*/out directory.
The download module of the NATkit can accommodate a customer FTP Proxy. The first thing that needs to be done is to make sure that the NATkit can be authenticated to the FTP proxy. For more details on this, refer to the next section (Automating FTP Proxy Authentication).
After establishing that the NATkit can get authenticated to the Proxy, you'll need to make changes to the distlist file to configure it for proxy usage. Before doing so, type id from the command line to check your identity. Make sure your identity is "natkuser" if you have NATkit 1.6, and "bin" if you have NATkit 2.0.
Change the lines that read:
Outbackserver HTTP,cco.cisco.com,incoming/smarts,sstation,@smartpass
Outbackserver PFTP,cco.cisco.com,incoming/smarts,sstation,@smartpass
Outbackserver FTP,cco.cisco.com,incoming/smarts,sstation,@smartpass
To:
Outbackserver HTTP,http://cco.cisco.com,incoming/smarts,sstation,@smartpass,@default_mode,proxy.customer.com,
<httpport>
If the http proxy uses a username and password to get authentication, append the username and password after the http port, separated by commas. For example:
PFTP,proxy.customer.com,incoming/smarts,sstation@cco.cisco.com,@smartpass
FTP,proxy.customer.com,incoming/smarts,sstation@cco.cisco.com,@smartpass
Automating authentication to an FTP proxy can be accomplished by creating a .netrc (pronounces `dot netrc') file in the NATkit owners home directory.
The format of the .netrc file is as follows:
Machine <machine_name> login <username> password <password>
In addition to this, the .netrc file must be set to read/write/execute permissions for only that user. All other users should be denied all access to this file.
Posted: Tue Aug 29 15:06:15 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.