|
|
This chapter provides you with scenarios for using the CWSI Campus applications in your network.
The following scenarios describe how you could use the CWSI Campus software to help manage your network:
In this scenario, you will be reviewing the steps involved in configuring and monitoring a network with LANE services enabled. For detailed information about the importance of LANE services, see Chapter 1, "VlanDirector Application Overview" in the Using the Campus VlanDirector Application publication.
You can use the CWSI Campus applications for many of the LANE configuration and monitoring steps, including:
The CWSI Campus applications do not have the capability to configure LANE clients. The preferred way of creating LANE clients is by enabling VTP. However, on some devices you cannot use VTP to create LANE clients. In these cases, you must use the command line interface (CLI) of the device.
Before beginning, review the following key facts about configuring the LANE components:
Step 1 Make sure that you have the correct software image version on the ATM devices. See the CWSI Campus release notes for the recommended software image versions for your devices.
Step 2 If the devices on which LANE modules reside do not appear on the CWSI Campus map, verify SNMP connectivity on your LANE devices.
For the relationship between the ATM and Ethernet VLANs in your network to appear correctly in the VlanDirector application, you should configure your LANE clients if they do not already exist.
On Catalyst 5000 series switches, you can use VLAN Trunking Protocol (VTP) to configure LANE clients. Otherwise, you need to manually configure LANE clients using the CLI for the device. CWSI Campus does not provide LANE client creation and configuration. Refer to the software configuration guides for your specific devices for assistance creating LANE clients.
To use VTP, follow these steps:
Step 1 Enable VTP on the Catalyst 5000 series switch LANE module.
Step 2 Reset the LANE modules.
When the LANE modules appear online, VTP creates LANE clients for all the VLANs on the appropriate sub-interface
CWSI Campus requires that you have only one master configuration server. In the VlanDirector application, you configure the configuration server as part of the process of creating the default ATM-VLAN. You also create the LE server for the default ATM-VLAN.
You should create the default ATM-VLAN in the following situations:
To create the default ATM-VLAN, follow these steps:
Step 1 Start the VlanDirector application by selecting Tools > VlanDirector from the CWSI Campus map.
Step 2 Configure the configuration server and LE server by selecting Edit > Configure Default ATM-VLAN from the VlanDirector Names window.
For assistance configuring the configuration server and LE server, see the "Creating and Modifying VLANs" chapter of the Using the Campus VlanDirector Application publication.
You will notice initially that the new icon for the default VLAN appears twice: once under the domain folder and once under the fabric folder. This situation will be resolved when you rediscover the map and refresh the VlanDirector Names window.
Step 3 From the CWSI Campus Map window, select View>Rediscover Map.
Step 4 From the VlanDirector Names window, select File>Refresh.
In the Names window of the VlanDirector application, you should now see only one default VLAN name with a cloud next to it, and this VLAN should be in the VTP domain folder.
If you see two default VLAN names, and one is under a new fabric folder, you probably have not yet set up any LANE clients, or the VlanDirector application cannot find any associated LANE clients for the default VLAN.
You can use the VlanDirector application to create LANE services for the ATM VLANs that will bridge the VLAN traffic. When creating VLANs with LANE services, you must also set up the LE server for each VLAN.
Step 1 From the VlanDirector Names window, click the domain folder within which you want to create the VLAN.
Step 2 Select Edit>Create from the menu bar.
The Create Names Entry window opens with the VTP Domain displayed.
Step 3 In the Create Names Entry window, click LANE Services and enter the appropriate settings.
For assistance entering the appropriate values, see the "Creating and Modifying VLANs" chapter of the Using the Campus VlanDirector Application publication.
Step 4 Click OK to save the changes and close the window.
You will notice initially that the new icon for the new VLAN appears twice: once under the domain folder and once under the "fabric" folder. This situation will be resolved when you rediscover the map and refresh the VlanDirector Names window.
Step 5 From the CWSI Campus Map window, select View>Rediscover Map.
Step 6 From the VlanDirector Names window, select File>Refresh.
In the Names window of the VlanDirector application, you should now see only one new VLAN name with a cloud next to it, and this VLAN should be in the VTP domain folder.
If you see two default VLAN names, and one is under a new fabric folder, you probably have not yet set up any LANE clients or the VlanDirector application cannot find any associated LANE clients for the default VLAN.
If you have not yet created the LANE clients, do so now (see "Creating LANE Clients"), and repeat Steps 5 and 6. Otherwise, continue with Step 7.
Step 7 After the LANE services are configured, you need to manually enter a write memory command to save all the new LANE configurations in the LANE modules of the Catalyst series switches and the Lightstream 1010 switches. See the command reference publication for your specific device for assistance with this.
Step 8 Move ports to your new VLAN.
(a) From the CWSI Campus map, select the device you want to add to the VLAN.
(b) Click the right mouse button and select Device Ports....
(c) Select the ports you want to add to the VLAN.
(d) Drag the ports to the desired VLAN in the Names window.
Step 9 Select the VLAN in the VlanDirector Names window and verify that the correct devices are highlighted on the CWSI Campus map.
Step 10 Select the corresponding VLAN in the VTP domain folder. Use the topology filters to highlight the LANE clients, server, and configuration server.
The AtmDirector application displays status and diagnostic information about your ATM network, including the LANE services you configured using the VlanDirector application and the ATM-VLANs that were discovered by CWSI Campus.
For detailed information about monitoring the LANE devices in your network, see the "Displaying and Monitoring ATM-VLANs" chapter of the Using the Campus AtmDirector Application publication.
Step 1 Start the AtmDirector application by selecting Tools > AtmDirector from the CWSI Campus Map.
Step 2 Click the plus (+) symbol next to the ATM VLANs folder to display the names of all ATM VLANS in the fabric.
Step 3 Click once on your ATM VLAN to see the LE server and client names in the main AtmDirector window.
Step 4 Double-click the fabric name to open the fabric topology window.
The colors of the devices indicate whether the device is down and unreachable (red) or whether the device is up (green).
From the fabric topology map you can display a list of ATM-VLANs that pass through a device, and the functions of the device in each ATM-VLAN. For example, you might use this information when you want to take a device off line and need to know what will be affected.
Step 5 Select ATM-VLAN>ATM-VLAN Catalog.
Step 6 Double-click an ATM-VLAN to open the ATM-VLAN topology window.
Step 7 Verify that you can see all the LANE components (such as clients and servers).
Step 8 View the profile of the ATM VLAN, by selecting ATM-VLAN > Summary.
Step 9 Repeat Step 6 for the configuration server (ATM-VLAN > Config Server Summary), LE server (ATM-VLAN > Server Summary), and client devices (ATM-VLAN > Client Summary).
This section describes the AtmDirector application features you can use to obtain ATM-VLAN status information for client, LE server, and configuration server components.
Step 1 Start the AtmDirector application by selecting Tools > AtmDirector from the CWSI Campus Map.
Step 2 Click the plus (+) symbol next to the ATM VLANs folder to display the names of all ATM VLANS in the fabric.
Step 3 Double-click the ATM VLAN name to open the topology window.
Step 4 Choose the appropriate diagnosistic tool from the options described in Table 7-1.
| Command | Description |
|---|---|
Config Server Addresses | Displays a dialog box that shows the configuration server addresses known to the selected components in an ATM-VLAN. |
Client Status/ Control Params |
Displays a dialog box that shows the status and control parameter information for a client in an ATM-VLAN. |
Client Client ARP Information |
Displays a dialog box that provides details of the LAN Emulation Address Resolution Protocol (LE_ARP) process for a client in an ATM-VLAN. |
Server LE Server Status and Parameters |
Displays a dialog box that provide status information for a server in an ATM-VLAN. |
Step 5 Choose the appropriate performance monitoring tool from the options described in Table 7-2.
| Command | Description |
|---|---|
Client Performance | Displays a dialog box that plots the performance of a client in an ATM-VLAN. |
Broadcast Server Performance | Displays a dialog box that provides real-time graphs of the broadcast server traffic in an ATM-VLAN. |
In this scenario, yours is a small company that is growing. Last year, there were only 10 employees in the human resources and payroll departments. Now there are 34 employees. When there were only 10 employees, they could share a single server that contains a database of records. Now, however, each department needs a dedicated server.
Figure 7-1 illustrates the initial VLAN configuration of the Catalyst 3900 switch. You want to add a new ring that includes ports 1 and 2 for the employees of the human resources department and another ring that includes ports 3 and 4 for the employees of the payroll department.
You have met with the IS department and have decided to create two new rings, with ring numbers 11 and 12, and connect them with a logical bridge, which will have the bridge number of 1. Because the network contains a large number of Cisco devices, you are using VTP to distribute information about the VLANs in the network. You have decided to assign the VLAN IDs as follows:
| Ring number | VLAN ID | VLAN Name |
|---|---|---|
11 | 11 | CRF11 |
12 | 12 | CRF12 |
The bridge will be assigned a VLAN ID of 100 and a VLAN name of BRF100.
Microsegmenting the ring involves creating multiple rings, which means you are creating multiple VLANs. You are going to put the users and their servers in separate trCRFs and join them using a trBRF.
You have physically separated the servers from the users. Next, you must attach the rings and the servers to separate ports on the Catalyst 3900 switches.
On both switches, do the following:
The ports will automatically sense the speed and mode of the connection.
You must next define the VLANs. You will need a new trBRF and two trCRFs; one for the Human Resources users and their server and one for the Payroll users and their server.
Step 1 Start the VlanDirector application.
Step 2 In the Names window, click the domain folder within which you want to create the VLAN.
Step 3 Select Edit>Create from the menu bar.
The Create Names Entry window opens with the VTP Domain displayed.
Step 4 Enter BRF100 in the Name field.
Step 5 Select a color for the VLAN by clicking the down arrow to the left of the colored box. The color identifies the VLAN in the Names window and on the topology map.
Step 6 In the Purpose field, enter a word or short phrase that describes the reason for the VLAN. For example, you can enter: HR and payroll VLANs.
Step 7 In the Description field, describe the contents of the VLAN, such as, trBRF for HR and payroll Token Ring VLANs. Click the dotted button to the right of the field to display and scroll through your entry.
Step 8 In the Type field, click the Token Ring (trBRF) radio button.
Step 9 Click the Advanced check box.
The advanced parameter configuration fields appear.
Step 10 In the Vlan Index field, enter 100.
Step 11 In the Bridge Number field, enter 1.
Step 12 Click OK to save the changes and close the window.
Figure 7-2 illustrates the VLAN configuration of the Catalyst 3900 switch after the additional bridge has been configured. Notice that no rings are assigned to it yet.
After you have created the trBRF, you can create the trCRFs that you want to assign to the trBRF.
The VlanDirector application supplies valid values for the fields. Verify that the fields noted contain the required information.
To define the ring (trCRF) for the Human Resources users, complete the following steps:
Step 1 In the Names window, select the BRF100 parent folder within which you want to create the trCRF.
Step 2 Select Edit>Create from the menu bar.
The Create trCRF window opens.
Step 3 In the Name field, enter CRF11.
Step 4 Select a color for the trCRF by clicking the down arrow to the left of the colored box.
The color identifies the trCRF in the Names window and on the topology map.
Step 5 In the Purpose field, enter a word or short phrase that describes the reason for the trCRF. For example, enter:
trCRF for Human Resources department.
Step 6 In the Description field, describe the contents of the trCRF. For example, enter:
This trCRF contains the users and servers in the Human Resources department.
Click the dotted button to the right of the field to display and scroll through your entry.
Step 7 In the VLAN Index field, enter 11.
Step 8 In the Ring Number field, enter 11.
To define the ring (trCRF) for the Payroll users, repeat Step 1 through Step 4 and use the following values:
Figure 7-3 illustrates the VLAN configuration of the Catalyst 3900 switch after the additional rings have been configured. Notice that the rings are configured and associated with the bridge, but no ports are assigned to the rings.
You must next assign the ports to the appropriate rings (trCRFs).
Step 1 From the CWSI Campus map, select the Catalyst 3900 switch to which you want to add ports.
Step 2 Click the right mouse button and select Device Ports....
Step 3 Select ports 1 and 2.
Step 4 Drag ports 1 and 2 to CRF11 in the Names window in the VlanDirector application.
Step 5 Select ports 3 and 4.
Step 6 Drag ports 3 and 4 to CRF12 in the Names window in the VlanDirector application.
You now have a network with improved performance because the number of users per ring has been reduced and the servers have dedicated bandwidth. See Figure 7-4 for an overview of the resulting network.
After you have completed configuring the new trCRF VLANs for human resources and accounting, you can use the UserTracking application to verify that the end-users in the departments are connecting to the correct new VLAN.
For example, you can use the UserTracking application to find all the end-user devices that are actively connected to trCRF 11 and trCRF 12.
To verify that the end-user devices are connected to the correct trCRFs, follow these steps:
Step 1 Start the UserTracking application by selecting Tools > UserTracking from the CWSI Campus map.
Step 2 In the Query Selector Items box of the UserTracking main window, click the upper arrow button to display the choice of fields.
Step 3 Select the Ring field.
Step 4 Enter 11 in the field to the right of the arrow.
Step 5 Select the Ring field again and enter 12.
Step 6 Select the Or radio button to locate all end-user devices that are in trCRF (ring) 11 or 12.
Step 7 Click Query or select Action>Query.
You can also select by trBRF by selecting the trBRF field and entering 100 as the value to find. All end-user devices in that trBRF will appear.
You can edit the discovered fields. For example, for record keeping, you might want to enter the name of the user to match with the MAC address of their workstation. In the future, you will be able to quickly verify the VLAN that a particular user is assigned.
If you do enter information into the UserTracking application, be sure to save the modifications by clicking Save.
You have recently decided to use multilayer switching (MLS) to implement layer 3 switching in your network. To do this, you have installed a route switching module (RSM) and Netflow Feature Card (NFFC) in your Catalyst 5000 series switches. In multilayer switching, the RSM is referred to as a route processor, and the NFFC is the switch engine.
You are anxious to use CWSI Campus to help manage these MLS devices in your network, but you are somewhat confused by the different ways you can do this. Use the information in Table 7-3 to help determine the most appropriate methods for your purposes.
| Tool | How To Use | Purpose | ||||||
|---|---|---|---|---|---|---|---|---|
MLS Device Map Highlighting Filters | On the CWSI Campus map, select the MLS filters. For more information, see the "Multilayer Switching Filters" section in Chapter 4, "Viewing the CWSI Campus Map". | Allows you to highlight the route processors and switch engines in your network. This tool is useful if you want to quickly see where the MLS devices are located in your network. | ||||||
Switch Engine MLS Report | From the CWSI Campus map, click on two or more MLS devices and select Report > MLS Switching > Switch Engine For more information, see the "Interpreting MLS Reports" section in Chapter 5, "Interpreting the CWSI Campus Map". | The Switch Engines report displays:
This report allows you to quickly see the relationship among the MLS devices in your network. | ||||||
Route Processor MLS Report | From the CWSI Campus map, click on two or more MLS devices and select Report > MLS Switching > Route Processor For more information, see the "Interpreting MLS Reports" section in Chapter 5, "Interpreting the CWSI Campus Map". | The Route Processors report displays:
This report allows you to quickly see the relationship among the MLS devices in your network. | ||||||
Protocol Filtering by Port |
For more information, see "Monitoring Protocol Filter by Port" in the "Interpreting the CWSI Campus Map" chapter. For more information, see the "Monitoring Protocol Filter by Port" section in Chapter 5, "Interpreting the CWSI Campus Map". | On Catalyst 5000 series switches with NetFlow Feature Cards installed, you can filter broadcast traffic by protocol on a port-by-port basis. With protocol filtering, ports are classified into four protocol groups---IP, IPX, Group (which includes AppleTalk, DECNet, and Vines), and packets not belonging to any of these protocols. CWSI Campus provides a display of the relevant ports on these switches and their protocol filtering status. This tool can assist you in troubleshooting end-station connectivity problems based on mismatched protocols.
|
An end-user calls your network help desk reporting that she is unable to print, but she is not sure when the problem first began. She is confident that she was able to print last week, but she is not sure whether she had tried yet this week. She is still able to use her web browser and read e-mail. Your help desk personnel immediately begins using CWSI Campus to start troubleshooting the problem.
Step 1 Ask the user what cubicle number and wall jack she is attached to.
The cubicle number and wall jack are useful because your company entered this information into the Catalyst switches configuration (in the port name field) using CiscoView or the CLI during the initial setup and installation. You can use this information to help locate the user's physical network location, which helps you begin resolving the problem.
The user reports that she is in cube G6-7 on the second floor, and the computer is connected to port 4.
Step 2 Start the UserTracking application by selecting Tools > UserTracking from the CWSI Campus map.
Step 3 In the Query Selector Items box of the UserTracking main window, click the upper arrow button to display the choice of fields.
Step 4 Select the Port Name field.
Step 5 Enter the user's cubicle number and wall jack number (G6-74) in the field to the right of the arrow.
Step 6 Click Query.
The UserTracking application locates the user with reported cubicle and wall jack numbers.
The UserTracking application displays important information about this user, including the user's MAC address, Catalyst 5000 series switch, and specific port that she is connected to based on the cubicle number you entered. This information provides you with detailed information about the user's location, which can help you resolve the printing problem. You also learn that the user's is assigned to the payroll VLAN.
Step 1 Ask the user the name of the printer she is attempting to use.
The printer name is useful because, as a general practice, your company adds this information to UserTracking as new printers are added to the network.
The user responds that she is attempting to print to the printer named "Payroll2".
Step 2 In the Query Selector Items box of the UserTracking main window, click the upper arrow button to display the choice of fields.
Step 3 Select the Notes field.
Step 4 Enter the printer name (Payroll2) into the field.
Step 5 Click Query.
The UserTracking application locates the printer with this name, and you are able to verify that this printer also is assigned to the payroll VLAN. This confirms that the user and printer are in the same VLAN, and the user should have connectivity to the printer.
With the printer information in the UserTracking application, you identify the switch to which the printer is connected. Using the CWSI Campus map, you identify that this switch is connected another switch that has the Netflow Feature Card installed. This module was recently added so you now suspect that inappropriate protocol filtering may be occurring. Your next step is to determine what network protocols the user is sending and compare that to those that the printer is receiving.
You can use the TrafficDirector application to check the protocols on the switch port to which the user is connected.
These steps assume that you have a SwitchProbe attached to the switches connected to the user and to the printer.
You first need to rove the switch probe to capture traffic from the user's switch port. To set up roving, follow these steps :
Step 1 Click the Admin radio button in the TrafficDirector main window.
Step 2 Click the Config Manager icon from the Admin level window.
Step 3 Select the Switch radio button.
Step 4 Select the switch you want to rove from the switch list box.
All switch ports for the selected switch are displayed in the lower switch port list box.
Step 5 Select the user's switch port.
Step 6 Click Rove to the right of the switch port list box.
A dialog box opens indicating the currently roved port and asking for confirmation to continue roving.
Step 7 Click Yes to continue the roving process and rove to the new port.
Step 8 Click Yes to set all statistical counters to zero.
The agent roves to the selected switch port. You can now monitor the selected port with a SwitchProbe device.
Step 1 In the TrafficDirector main window, select the Agent radio button.
Step 2 Select the switch probe attached to the user's switch from the list box.
Step 3 Select the Net Protocol domain group from the list under the Domain Group list.
Step 4 Click the Protocol Monitor icon.
Step 5 The NET Protocols Protocol Monitor window opens.
Step 6 Ask the user to attempt to print.
You immediately observe that there is AppleTalk traffic coming from the user's workstation.
You then rove to the switch port on the switch to which the printer is configured. AppleTalk traffic is not coming through this port.
You now suspect that the AppleTalk traffic is being inadvertently filtered, which is why the user is unable to print. To verify this, use the CWSI Campus map to determine if protocol filtering is occurring.
To determine if the user's AppleTalk protocols are being filtered, follow these steps:
Step 1 In the CWSI Campus map, click on the switch to which the user is connecting.
Step 2 Right-click the icon of the Catalyst 5500 series switch that has the Netflow Feature Card installed to display the Device Icon menu.
Step 3 Select Device Ports.
Step 4 Locate the port information for the port to which the printer is connected.
Step 5 Compare the information in the Protocols Enabled and Protocols Seen fields.
You immediately see that Group (of which AppleTalk is a member) is listed in the Protocols Seen field, but not in the Protocols Enabled field. You have now verified that the printer is connected to a port that is filtering out AppleTalk traffic.
This switch just had the NFFC installed over the weekend, and your company is slowly removing Macintosh computers from the network. It appears that this port was misconfigured.
Step 6 Enable the AppleTalk protocols on. See the Catalyst 5000 Series Multilayer Switching User Guide publication for assistance with this step.
Step 7 The user is now able to successfully print again.
Posted: Mon Nov 15 10:29:24 PST 1999
Copyright 1989-1999©Cisco Systems Inc.