|
|
Now that you have installed and set up NATkit 2.0, you must configure the NATkit applications for use. This chapter assumes the following:
This chapter consists of the following sections:
Table 4-1 provides an overview of preparing to use NATkit applications and references to more detailed information about each task. The information in the rest of this chapter follows the same order as the quick reference.
| Task | Steps | References | ||
|---|---|---|---|---|
| Step 1 Select method of discovery
| "Using Device Discovery " section | ||
Step 2 Define community strings. | "Using Device Discovery " section | |||
Step 3 Start/Stop device discovery. | "Using Device Discovery " section | |||
Step 4 (Optional) Perform optional device discovery tasks. | "Using Device Discovery " section | |||
Step 5 View current settings. | "Using Device Discovery " section. | |||
Step 6 View discovery status. | "Using Device Discovery " section | |||
| Step 1 Create the network inventory by doing either of the following:
| |||
Step 2 Create a device view. | "Creating a Device View" section | |||
Step 3 Obtain login privileges to Cisco Connection Online (CCO). |
| |||
Step 4 (Optional) Enter device serial numbers for devices that have Contract Connection service contracts by changing the device attributes. | "Changing Device Attributes (Including Serial Numbers)" section | |||
Step 5 (Optional) Perform the following optional Inventory setup tasks:
| ||||
| Step 1 See the Network Availability Monitor (NAM) User's Manual |
| ||
| Step 1 Setting up Syslog Analysis. | "Setting Up Syslog Analysis" section | ||
Step 2 Configure Cisco IOS devices for Syslog. | "Configuring Cisco IOS Devices for Syslog" section | |||
| Step 1 Add the device passwords to the inventory. | "Entering Passwords" section | ||
Step 2 Schedule the collection of the configurations. | "Scheduling Configuration Collection " section | |||
Step 3 Add required device passwords to the device inventory. | ||||
| Step 4 Obtain login privileges to CCO. | "Obtaining CCO Login Privileges " section |
Device Discovery helps you discover Cisco devices in your network to ensure that they are year 2000 compliant. After the devices are discovered, a file that lists the discovered devices is automatically exported to the Inventory application.
Once a device has been discovered and added to the inventory database, it will not be redetected in subsequent discoveries, and it will remain in the inventory database.
Because Device Discovery uses SNMP and CDP, which are standard but unreliable protocols, you will need to run device discovery several times to discover all Cisco devices in your network.
Following are the steps you need to take to set up and run the discovery process in your network and to transfer the information to the Inventory application:
After you have finished setting all the device discovery options, you can:
There are three methods of device discovery:
Discovers only Cisco Discovery Protocol (CDP)-enabled Cisco devices in your network. This method takes the least amount of time to complete, and is useful in networks that are made up entirely of Cisco devices. Products acquired by Cisco do no support CDP. CDP is supported in Cisco IOS 10.0 and later, and is not supported by WAN switches.
Discovers all SNMP-enabled Cisco devices in your network. This method takes the longest of the three methods to complete, but is the most comprehensive. In this method, device discovery finds all the devices connected to the device whose IP address is given. The process is repeated recursively until all devices are reached.
Discovers a specific range of SNMP-enabled Cisco devices in your network. This method takes more time to complete than the CDP method, but less time than the Pingsweep Starting IP Address method. This method is useful if you know the unique IP subnets in the network. In this method, device discovery finds all the devices within a range of user-supplied IP addresses. It also provides the ability to find unique IP address ranges from a single device, and performs device discovery using the address ranges.
See Table 5-1 for a comparison of each method.
| Method | BW Used | Time to Complete | Comprehen- siveness | Access | Caveats |
|---|---|---|---|---|---|
CDP | Least | Shortest | Least | CDP/ | CDP is in IOS 10.0 and above. WAN switches do not support CDP. Other company products acquired by Cisco do not support CDP. Use only in a complete/almost complete Cisco network. |
Ping Sweep Starting IP Address | Moderate | Between | Depends on user input | Ping/ | Useful if the user knows the unique IP subnets in the network |
Ping Sweep | Most | Longest | Most | Ping/ | Should be used for most complete reults. May take a long time to complete. |
Use this option to set the SNMP read-only community strings.
Discovery uses community strings to determine whether or not a device supports SNMP. For each community string you enter, discovery waits for the SNMP timeout to determine if the device supports that community. For example, if you have specified three community string names, and the SNMP timeout is set for 5000 milliseconds, it will take 15,000 milliseconds for discovery to ascertain if the device supports SNMP.
Use this option to start or stop the device discovery immediately or to schedule it to start at a predefined time. If more than one user starts, stops, or schedules device discovery at the same time, the system will accept only one request for device discovery, and will send an error message to the other.
Depending on your login level, you can perform the following optional tasks to prepare for device discovery:
Use this option to view the current settings of device discovery.
To view your current settings, select Tasks > Device Discovery > View Current Settings. The View Current Settings dialog box appears.
Use this option to view the status of device discovery.
To view the status of device discovery, select Tasks > Device Discovery > Discovery Status. The Discovery Status dialog box appears.
This section describes the tasks that you must perform to set up the Inventory application.
You can populate your network inventory in the following ways:
To import devices from an NMS database, you might have to work with the system administrator of the host on which the NMS database is running. For more information on importing from a remote system, refer to the NATkit online help.
To add device information, follow these steps:
Step 1 Select Admin > Inventory > Add Devices. The Add a Single Device dialog box appears.
Step 2 Enter the access information and annotations for one device. You must fill in the Device Name field. All other fields are optional. For more information about these fields, refer to the NATkit online help.
Step 3 Click Next.
The Add Passwords dialog box appears. You must fill in the Read Community String field and verify the password. All other fields are optional. For more information about these fields, refer to the online help.
Step 4 Click Next. The Enter Authentication Information dialog box appears.
Step 5 If required, complete the Enter Authentication Information dialog box. All fields are optional. For more information about the fields, refer to the online help.
Step 6 Click Finish. The Single Device Add dialog box appears.
Step 7 Click View Status. The Add/Import Status Summary dialog box appears.
Step 8 Use the Add/Import Status Summary dialog box to check the status of the device you specified. You should see the following device status:
| Device Status | Number of Devices |
|---|---|
Managed | 0 |
Alias | 0 |
Pending | 1 |
Conflicting | 0 |
Suspended | 0 |
Not Responding | 0 |
If the device responded very quickly, the Managed column might already contain one device when the Add/Import Status Summary dialog box appears.
Step 9 Click Update on the Add/Import Status Summary dialog box to update device status.
You can import devices by extracting data from your existing data source into a comma-separated value (CSV) file or device integration file (DIF), then using this file as input into the NATkit 2.0 database. First create a CSV or DIF file, then click Admin > Inventory > Import from File to access the CSV or DIF file and import the device information.
Before you can import devices from a remote NMS, you must perform several system and NMS configuration steps that you must perform, depending on the MS you are using.
After you configure your system and NMS, select Admin > Inventory > Import from Remote NMS to import devices from the databases listed in the Remote Database Import dialog box.
To add a WAN switch to NATkit, select Admin > Inventory > Add Devices. The Add a Single Device dialog box appears.
Enter the access information for the WAN switch, including the name of the device. The WAN switch used must be telnet accessable. Enter the ID and password information in the TACACS files, even if TACACS is not used in the network. If inventory is to be collected, the SNMP R/O community strings should be entered in the SNMP R/O field. When all information has been added, go to NATkit Utilities > Device Identification Manager > Import Devices Now! to add the device to the NATkit database.
To set up and verify the NATkit applications, you must create a static device view (a grouping of devices) that includes at least two devices.
To create the static view, follow these steps:
Step 1 Select Admin > Device Views > Add Static Views. The Add Static Views dialog box appears.
Step 2 Select the view that has the devices you want to add from the Views list. If you have not configured any views previously, select All.
Step 3 Select the devices that you want to add from the Devices list.
Step 4 Click Next. The Save Static View dialog box appears.
Step 5 Enter the view name and view description.
Step 6 Click Finish.
You must have login privileges to CCO to use several features of NATkit 2.0, including Contract Connection. If you do not have login privileges, refer to the CCO home page, www.cisco.com, to obtain a login.
To ensure that your devices have the correct device access, password information, and user information, you can change the device attributes.
To ensure that Contract Connection provides accurate contract status information, you must enter device serial numbers to the inventory entries of devices that have service contracts.
To edit device attributes, including serial numbers, follow these steps:
Step 1 Select Admin > Inventory > Change Device Attributes. The Change Device Attributes dialog box appears.
Step 2 Select the device whose device information you want to edit, then click Next.
Step 3 To change the serial numbers, select Device Serial Numbers, then click Next. The Edit Device Serial Numbers dialog box appears.
Step 4 Enter the device name and serial number, then click Next.
Now that you have set up Inventory, you can perform some optional tasks to prepare your NATkit 2.0 environment to perform inventory management tasks. Refer to the online help for information about the following tasks:
Refer to the Network Availability Monitor (NAM) User Manual for more information about setting up and using NAM.
The first step in setting up Syslog Analysis is to mount the the syslog file on the customer's syslog server or servers. The syslog file on each syslog server must be shared so that the file can be NFS mounted by NATkit. The syslog file must then be mounted by the NATkit workstation. This is a UNIX admin task and will not be covered here. Once the directories are shared and mounted, follow the steps below for each syslog file.
Step 1 Go to Admin > NATkit Syslog > Syslog Scheduler > Create New Filter Specification > Next.
Step 2 Give the task a descriptive name and select a location.
Step 3 Select the Use Default Correlation radio button.
Step 4 Click on Submit.
The following is the process for setting up syslog on the syslog server. This should not be done on the NATkit workstation. This is provided for informational purposes only.
To set up the syslog facility on a SUN workstation:
Step 1 Login to workstation as root.
Step 2 Edit the file /etc/syslog.conf by adding the following line at the end it: local7.debug /var/adm/log
where /var/adm/log is the full path of the log file you wish to create.
Step 3 Create the file in the appropriate directory. In this case, create a file called log in the /var/adm directory.
Step 4 Change to the working directory by entering the command % cd/var/adm
Step 5 Create the file by entering the command % tough log
Step 6 Change the file attribute (mode) of the file to be "rw-rw-rw-" by entering the command % chmod 0666 log
Step 7 Force the syslog process (syslogd) to read the new configuration file by entering the command % kill -HUP`cat/etc/syslog.pid`
Below is the process for configuring Cisco routers for syslog. This is also provided for informational purposes only.
To configure Cisco IOS devices for Syslog, follow these steps:
Step 1 Telnet to the device and log in. The prompt changes to host>.
Step 2 Enter enable and the enable password. The prompt changes to host#.
Step 3 Enter configure terminal. You are now in configuration mode, and the prompt changes to host(config)#.
Step 4 To make sure logging is enabled, enter logging on.
Step 5 To specify the system that will act as the syslog server (must not be a NATkit workstation), enter logging 123.45.67.89 (where 123.45.67.89 is the IP address of the syslog server).
Informational signifies severity level 6, which means all messages from levels 0-5 (from emergencies to notifications) will be logged to the NATkit server.
Before the configuration archive can gather device configurations, you need to update the NATkit database with passwords and modify device configurations.
Before the configuration archive can gather device configurations, you need to specify the Read the Read community strings and either the community strings or telnet and enable passwords (TACACS may be used) to collect configs. If you already added or imported devices and did not specify this information, you can change the device attributes. Refer to the Inventory online help for more information.
Enter the following information for all devices:
When the telnet or SNMP R/W information has been added, the next step is to schedule the collection of the configurations. This should be scheduled at a time when network traffic is at a relatively low level, i.e. Saturday morning on one network and Tuesday afternoon on another.
Before scheduling, also consider the frequency of collection. NATkit monitors syslog (if syslog has been configured) and checks the configuration of each device that sends a "config*" message. Because of this constant monitoring, frequent collection is not needed. For most networks weekly or bi-weekly collection is adequate.
To setup up a configuration collection, do the following:
Step 1 Login as admin > admin >NATkit Device Configuration > Configuration Collection Methods.
Step 2 Select the primary collection method (SNMP or telnet). Note that a method of collection can be "turned off" by selecting the None radio button.
Step 3 Login as admin > admin > NATkit Device Configuration > Configuration Collection Scheduler.
Step 4 Enter a task name. The name should clearly identify the task. For example, a network with two syslog servers named "east" and "west" might name the tasks "config_east" and "config_west".
Step 5 Select the time the collection will first run (Start Task), the time (if any) the collection will last run (End Task), and the time between collection (Run Task). Note that if the exact setup you need is not possible with the basic timer, clicking on the Advanced Timer button will bring up a more powerful scheduler.
Step 6 When you are satisfied with the name and schedule, click on Submit to place the task into the NATkit scheduler.
Before you can manage device software images, you must add the required device passwords to the device inventory. For additional information about device passwords, refer to the online help.
To add device passwords to the device inventory, follow these steps:
Step 1 Select Admin > Inventory > Change Device Attributes. The Change Device Attributes dialog box appears.
Step 2 Select the device whose device information you want to edit, then click Next. The Change dialog box appears.
Step 3 Select the options for the passwords that you want to enter, then click Next. A dialog box appears for each option you select.
Read and write community strings and a Telnet password are required for Net Audits. You must have the SNMP R/W or telnet information to collect configurations.
Step 4 In each dialog box, enter the password required for the device, then click Next.
You must have login privileges to CCO to use several features of NATkit 2.0. If you do not have login privileges, refer to the CCO home page, www.cisco.com, to obtain a login.
Posted: Wed Jul 12 18:11:13 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.