|
|
Now that you have installed and set up Essentials, you must configure the Essentials applications for use. This chapter assumes the following:
This chapter consists of the following sections:
Table 5-1 provides a quick reference overview of tasks for preparing to use Essentials applications. It also includes references to where you can find more details about each task.
| Task | Steps | References | ||
|---|---|---|---|---|
| Step 1 Create the network inventory by doing either of the following:
| |||
Step 2 Create a device view. | ||||
Step 3 Obtain login privileges to Cisco Connection Online (CCO). |
| |||
Step 4 (Optional) Enter device serial numbers for devices that have Contract Connection service contracts by changing the device attributes. | "Changing Device Attributes (Including Serial Numbers)" section | |||
Step 5 (Optional) Perform the following optional Inventory setup tasks:
| ||||
| Step 1 Create a device view with at least two devices. |
| ||
Step 2 Verify that Availability functions correctly. | ||||
| Step 1 Configure your routers for syslog analysis. | "Configuring Routers and Switches for Syslog Analysis" section | ||
Step 2 Verify the settings in the syslog configuration file. | "Verifying the Settings in the Syslog Configuration File" section | |||
Step 3 Verify that syslog messages are being processed by the Syslog Analyzer | ||||
| Step 1 Enter device passwords. | |||
Step 2 Modify device configurations to allow the Configuration Archive to collect configurations. | ||||
| Step 1 Add the device passwords to the inventory. | |||
Step 2 Set your Software Management Preferences. | ||||
Step 3 Obtain login privileges to CCO for importing software images. | "Obtaining CCO Login Privileges" section CCO home page at www.cisco.com | |||
Step 4 Set up TFTP. | ||||
Step 5 Set up RCP. | ||||
Step 6 Allow the user bin to use at and cron. | ||||
Step 7 (Optional) perform the following optional Software Management setup tasks:
| "Performing Optional Software Management Setup Tasks" section |
This section describes how to set up the Inventory application.
You can populate your network inventory in the following ways:
To import devices from an NMS database, you might have to work with the system administrator of the host on which the NMS database is running. For more information on importing locally or remotely, refer to the Essentials online help.
The following sections describe how to add device information using these methods. For additional information, refer to Getting Started With Resource Manager Essentials and the online help.
To add device information, follow these steps:
Step 1 Select Admin > Inventory > Add Devices. The Add a Single Device dialog box appears.
Step 2 Enter the access information and annotations for one device. You must fill in the Device Name field. All other fields are optional. For more information about these fields, refer to the Essentials online help.
Step 3 Click Next.
The Add Passwords dialog box appears. You must fill in the Read Community String field and verify the password. All other fields are optional. For more information about these fields, refer to the online help.
Step 4 Click Next. The Enter Authentication Information dialog box appears.
Step 5 If required, complete the Enter Authentication Information dialog box. All fields are optional. For more information about the fields, refer to the online help.
Step 6 Click Finish. The Single Device Add dialog box appears.
Step 7 Click View Status. The Add/Import Status Summary dialog box appears.
Step 8 Use the Add/Import Status Summary dialog box to check the status of the device you specified. You should see the following device status:
| Device Status | Number of Devices |
|---|---|
Managed | 0 |
Alias | 0 |
Pending | 1 |
Conflicting | 0 |
Suspended | 0 |
Not Responding | 0 |
If the device responded very quickly, the Managed column might already contain one device when the Add/Import Status Summary dialog box appears.
Step 9 Click Update on the Add/Import Status Summary dialog box to update device status.
For additional information, refer to Getting Started With Resource Manager Essentials or online help.
You can import devices by extracting data from your existing data source into a comma-separated value (CSV) file or device integration file (DIF), then using this file as input into the Essentials database. First create a CSV or DIF file, then click Admin > Inventory > Import from File to access the CSV or DIF file and import the device information. For additional information, refer to Getting Started With Resource Manager Essentials or online help.
Select Admin > Inventory > Import from Local NMS to import devices from the databases listed in the Local Database Import dialog box. For additional information, refer to Getting Started With Resource Manager Essentials or online help.
Before you can import devices from a remote NMS, you must perform several system and NMS configuration steps that you must perform, depending on the MS you are using. For additional information, refer to Getting Started With Resource Manager Essentials or online help.
After you configure your system and NMS, select Admin > Inventory > Import from Remote NMS to import devices from the databases listed in the Remote Database Import dialog box.
To set up and verify the Essentials applications, you must create a static device view (a grouping of devices) that includes at least two devices. For additional information, refer to Getting Started With Resource Manager Essentials or online help.
To create the static view, follow these steps:
Step 1 Select Admin > Device Views > Add Static Views. The Add Static Views dialog box appears.
Step 2 Select the view that has the devices you want to add from the Views list. If you have not configured any views previously, select All.
Step 3 Select the devices that you want to add from the Devices list.
Step 4 Click Next. The Save Static View dialog box appears.
Step 5 Enter the view name and view description.
Step 6 Click Finish.
You must have login privileges to CCO to use several features of Essentials, including Contract Connection. If you do not have login privileges, refer to the CCO home page, www.cisco.com, to obtain a login.
To ensure that your devices have the correct device access, password information, and user information, you can change the device attributes.
To ensure that Contract Connection provides accurate contract status information, you must enter device serial numbers to the inventory entries of devices that have service contracts.
To edit device attributes, including serial numbers, follow these steps:
Step 1 Select Admin > Inventory > Change Device Attributes. The Change Device Attributes dialog box appears.
Step 2 Select the device whose device information you want to edit, then click Next.
Step 3 To change the serial numbers, select Device Serial Numbers, then click Next. The Edit Device Serial Numbers dialog box appears.
Step 4 Enter the device name and serial number, then click Next.
Now that you have set up Inventory, you can perform some optional tasks to prepare your Essentials environment to perform inventory management tasks. Refer to the online help for information about the following tasks:
To verify Availability using the test device view that you created, follow these steps:
Step 1 Select Admin > Availability > Change Polling Options.
Step 2 Select the test device view that you created in the All Views list, then click Add to add it to the Polled Views list.
This creates a view for Availability polling.
Step 3 Click Next. The Change Polling Options dialog box appears.
Step 4 Select 5 Minutes from the Verify device reachability every drop-down list, then click Finish.
Step 5 Wait for at least 10 minutes to ensure that Availability polls the devices in your test device view.
Step 6 Select Tasks > Availability > Reachability Dashboard. The Reachability Dashboard appears.
The devices in your test device view should appear in the Reachability Dashboard.
Now that you have configured one Availability view and specified polling parameters, you can monitor devices and run various reports. For details about using Availability, refer to Getting Started With Resource Manager Essentials and the online help.
Syslog Analysis lets you centrally log and track messages generated by devices. You can use the logged error message data to analyze router and network performance. You can customize Syslog Analysis to produce the information and message reports that are important to your operation. The following sections describe how to set up Syslog Analysis.
Before you can use Syslog Analysis, you must configure the routers (IOS devices) and switches (Catalyst 5000 series devices) to forward messages to Essentials or a system on which you have installed the distributed Syslog Analyzer collector. For more information about setting up routers for message logging, refer to the online help, the Cisco IOS Software Documentation on CCO (for IOS devices), and the appropriate Catalyst 5000 series reference guides (for Catalyst 5000 series devices).
To configure Cisco IOS devices for Syslog, follow these steps:
Step 1 Telnet to the device and log in. The prompt changes to host>.
Step 2 Enter enable and the enable password. The prompt changes to host#.
Step 3 Enter configure terminal. You are now in configuration mode, and the prompt changes to host(config)#.
Step 4 Enter logging on to make sure logging is enabled.
Step 5 Enter logging 123.45.67.89 (where 123.45.67.89 is the IP address of the server) to specify the Essentials server that is to receive the router syslog messages.
Step 6 Set the appropriate logging trap level by entering logging trap informational to limit the types of messages that can be logged to the Essentials server.
Informational signifies severity level 6, which means all messages from levels 0-5 (from emergencies to notifications) will be logged to the Essentials server.
Step 7 Verify that Syslog is running.
(a) From the Essentials interface, select System Admin > Process Status. The Process Status dialog box appears.
(b) Verify that the entry for Syslog Analyzer has the status Running.
Step 8 Verify that the Syslog configuration file settings are correct. Refer to the "Verifying the Settings in the Syslog Configuration File" section for instructions.
To configure Catalyst devices for Syslog, follow these steps
Step 1 Telnet to the device and log in. The prompt changes to host>.
Step 2 Enter enable and the enable password. The prompt changes to host(enable).
Step 3 Enter set logging server enable to make sure logging is enabled.
Step 4 Enter set logging server 123.45.67.89 (where 123.45.67.89 is the IP address of the server) to specify the Essentials server that is to receive the router syslog messages.
Step 5 Set the appropriate logging trap level by entering set logging level informational to limit the types of messages that can be logged to the Essentials server.
Informational signifies severity level 6, which means all messages from level
0-5 (from emergencies to notifications) will be logged to the Essentials server.
Step 6 Verify that Syslog is running.
(a) From the Essentials interface, select System Admin > Process Status. The Process Status dialog box appears.
(b) Verify that the entry for Syslog Analyzer has the status Running.
Step 7 Verify that the Syslog configuration file settings are correct. Refer to the "Verifying the Settings in the Syslog Configuration File" section for instructions.
To check the path and permissions of the file pointed to by local7.info in the syslog configuration file /etc/syslog.conf on the Essentials server, follow these steps:
Step 1 Make sure that the facility.level definition is set to local7.info, and that the following line is present (note that there must be a tab between local7.info and the path/filename):
local7.infopath/filename
Where path/filename is the full path to a file.
Step 2 Make sure that the syslog process (syslogd) can both read and write to the file.
Step 3 If you modify the /etc/syslog.conf file, you must restart the syslog process (syslogd). Enter the following command to stop and restart syslogd:
kill -HUP `cat /etc/syslog.pid`
To verify that syslog messages from the network are being processed by Syslog Analyzer, follow these steps:
Step 1 Log in to a managed router that is configured to send Syslog messages to the Essentials server with appropriate login privileges to make configuration changes.
Step 2 Make a nondestructive change to the router configuration. For example, change the contents of the login banner by entering the following commands:
# enable # configure terminal
The prompt changes to #>.
#> banner motd / This is a test / #> end
Step 3 Wait approximately two minutes for the Syslog message generated by the router configuration change to be processed by the server.
Step 4 From Essentials, select Tasks > Syslog Analysis > Standard Reports. The Standard Reports dialog box appears.
Step 5 Select the device for which you made a change. Click Help if needed.
Step 6 Click Next. The Select Dates and Report Type dialog box appears.
Step 7 Select the following:
Step 8 Click Finish. The Syslog-Standard report appears.
Verify that the report contains the Syslog message generated by the configuration change that you made.
Before the configuration archive can gather device configurations, you need to update the Essentials database with passwords and modify device configurations.
Before the configuration archive can gather device configurations, you need to specify the Read and Write community strings, Telnet and Enable passwords, and TACACS, Local, and RCP information for the devices. If you already added or imported devices and did not specify this information, you can change the device attributes. Refer to the Inventory online help or Getting Started With Resource Manager Essentials for more information.
Enter the following information for all devices:
You need to modify your device configurations to enable the configuration archive to gather the configurations by performing the following steps:
Step 1 Make sure the devices are RCP-enabled by entering the following commands in the device configurations:
# ip rcmd rcp-enable # ip rcmd remote-host remote_username 123.45.678.90 local_username enable
where 123.45.678.90 is the IP address of the machine where Essentials is installed. (Alternatively, you can enter the host name instead of the IP address.) The default remote_username and local_username are cwuser.
Step 2 Configure your devices for Syslog Analysis. See the "Setting Up Syslog Analysis" section for more information.
After you have performed these steps on your devices and they become managed, the configuration files are collected and stored in the configuration archive.
Software Management performs system software, boot loader upgrades, and software configuration operations on groups of routers and switches. See the CW2000 Release Notes (HP-UX) for the devices supported by Software Management. For more information about setting up Software Management, refer to the online help.
Before you can use Software Management, you must have sufficient space to store the software image files. You should have 2 to 8 MB of space for each image.
This section describes the tasks that you must perform to set up Software Management.
Before you can manage device software images using Software Management, you must add the required device passwords to the device inventory. For additional information about device passwords, refer to the online help.
To add the required device passwords to the device inventory, follow these steps:
Step 1 Select Admin > Inventory > Change Device Attributes. The Change Device Attributes dialog box appears.
Step 2 Select the device whose device information you want to edit, then click Next. The Change dialog box appears.
Step 3 Select the options for the passwords that you want to enter, then click Next. A dialog box appears for each option you select.
Read and write community strings are required and Telnet password is recommended for Software Management.
Step 4 In each dialog box, enter the password required for the device, then click Next.
Software Management has many preferences that you can set to control how the application behaves. To set these preferences, follow these steps:
Step 1 Select Admin > Software Management > Edit Preferences. The Edit Preferences dialog box appears.
Step 2 Change the preferences settings as appropriate.
For more information about Software Management preferences settings, refer to the online help.
Step 3 After you finish, do one of the following:
You must have login privileges to CCO to use several features of Essentials, including Software Management. If you do not have login privileges, refer to the CCO home page, www.cisco.com, to obtain a login.
You must have a file transfer server installed on your system. You must enable a Trivial File Transfer Protocol (TFTP) server because it is the default file transfer server type.
During Software Management installation, if the installation tool cannot find a TFTP server, it tries to add one. If the installation tool cannot find or create a TFTP server, install and enable the TFTP server and verify that a /usr/tftpdir directory exists, as explained in the following sections.
If you are using standard HP-UX software, you can add and configure the TFTP server (TFTPD) by following these steps:
Step 1 Log in as superuser.
Step 2 Using a text editor, edit the /etc/inetd.conf file.
(a) Look in the file /etc/inetd.conf for the line that invokes TFTPD. If the line begins with a pound sign [#], remove the pound sign with your text editor. Depending on your system, the line that invokes the TFTP server might look similar to the following:
tftp dgram udp wait root /usr/lbin/tftpd tftpd
(b) Save the changes to the edited file and exit your text editor.
Step 3 At the UNIX prompt, enter the following command to display the process identification number for the inetd configuration:
# /usr/bin/ps -ef | grep -v grep | grep inetd
The system response is similar to the following:
root 119 1 0 12:56:14 ? 0:00/usr/bin/inetd -s
The first number in the output (119) is the process identification number of the inetd configuration.
Step 4 To enable your system to read the edited /etc/inetd.conf file, enter the following command:
# kill -HUP 119 where 119 is the process identification number identified in Step 3.
Step 5 Verify that TFTP is enabled by entering either of the following commands:
# netstat -a | grep tftp
which should return output similar to the following:
*.tftp Idle
or enter:
# /opt/CSCOpx/bin/mping -s tftp localhost_machine_name
which returns the number of modules sent and received, for example:
sent:5 recvd:5 . . .
If the output shows that zero modules were received, TFTP is not enabled. Repeat these steps, beginning with Step 1, to make sure you have enabled TFTP.
Essentials uses the /usr/tftpdir directory when transferring files between the Essentials server and network devices. The files are removed after the transfer is complete, but multiple jobs (for example, image distribution, image import, or config file scan) could be running at the same time.
Each of these jobs requires its own space. Software image sizes, for example, can be up to 9 MB. To ensure that jobs run successfully, make sure there is sufficient space available in the /usr/tftpdir directory.
If the /usr/tftpdir directory does not exist on your system, follow these steps to create it:
Step 1 Enter the following command:
# mkdir /usr/tftpdir
Step 2 Make sure all users have read, write, and execute permissions to the /usr/tftpdir directory by entering the following command:
# chmod 777 /usr/tftpdir
The /usr/tftpdir directory now exists and has the correct permissions.
You can also enable a Remote Copy (RCP) server on the Essentials server and select it as the active file transfer server. If you select RCP as the active server and then attempt to transfer files to a device that does not support RCP, Essentials will use TFTP to transfer the files. The following sections describe how to enable RCP and select it as the active file transfer method.
To use RCP, you must create a user account on the system to act as the remote user to authenticate the RCP commands issued by devices. This user account must own an empty .rhosts file in its home directory to which the user bin has write access.
You can choose the name of this user account because you can configure the Essentials server to use any user account. The default user account name is cwuser. The examples in this procedure use the default name cwuser. If you choose to use a different name, substitute that name for cwuser.
To create and configure the RCP remote user account, follow these steps while logged in as root:
Step 1 Add a user account named cwuser to the system by entering the following command:
# useradd -m -c "user account to authenticate remote copy operations" \ cwuser
Step 2 Navigate to the cwuser home directory.
Step 3 Create the .rhosts file by entering the following command:
# touch .rhosts
Step 4 Change the owner of the .rhosts file by entering the following command:
# chown cwuser:bin .rhosts
Step 5 Change the permissions of the .rhosts file by entering the following command:
# chmod 0664 .rhosts
Step 6 If you did not use the default user name cwuser, configure the Essentials server to use the user account that you created as the RCP remote user account.
(a) Log on to the Essentials server as admin.
(b) Select Admin > System Admin > System Configuration.
The System Configuration dialog box appears.
(c) Select the RCP tab.
(d) Enter the name of the user account that you just created in the User Name field, then click Finish.
To add and configure the standard HP-UX RCP server software, follow these steps:
Step 1 Log in as a superuser.
Step 2 Using a text editor, edit the /etc/inetd.conf file.
#], remove the pound sign with your text editor. Depending on your system, the line that invokes the rshd server might look similar to the following:
shellstreamtcpnowaitroot/usr/lbin/remshdrmshd
Step 3 At the UNIX prompt, enter the following command to display the process identification number for the inetd configuration:
# /usr/bin/ps -ef | grep -v grep | grep inetd
The system response is similar to the following:
root 119 1 0 12:56:14 ? 0:00/usr/bin/inetd -s
The first number in the output (119) is the process identification number of the inetd configuration.
Step 4 To enable your system to read the edited /etc/inetd.conf file, enter the following command:
# kill -HUP 119
where 119 is the process identification number identified in Step 3.
Step 5 Verify that rshd is enabled by entering the following command:
# netstat -a | grep shell
which should return output similar to the following:
*.shell*.*0 0 0 0LISTEN
By default, Essentials uses RCP with devices that support RCP. For devices that do not support RCP, Essentials uses TFTP to transfer files.
You can disable RCP if you do not want Essentials to use RCP with any devices. To do this, follow these steps:
Step 1 Select Admin > Software Management > Edit Preferences.
Step 2 Select the Use RCP for image transfer (when applicable) check box.
Software Management uses at and cron to schedule Software Management image transfers to devices. The process that performs the download is executed as bin, so the user bin must be allowed to use at.
To allow the user bin to use at, follow these steps:
Step 1 If an at.deny file exists in the directory /var/adm/cron, make sure that bin is not listed in it. Remove bin from the at.deny file using a text editor if necessary.
Step 2 If an at.allow file exists in the directory /var/adm/cron, make sure that bin is listed in it. Add bin to the at.allow file using a text editor if necessary.
Step 3 If neither an at.allow nor an at.deny file exist in the directory /var/adm/cron, create an at.allow file and add bin to it using a text editor.
To allow the user bin to use cron, follow these steps:
Step 1 If a cron.deny file exists in the directory /var/adm/cron, make sure that bin is not listed in it. Remove bin from the cron.deny file using a text editor if necessary.
Step 2 If a cron.allow file exists in the directory /var/adm/cron, make sure that bin is listed in it. Add bin to the cron.allow file using a text editor if necessary.
Step 3 If neither a cron.allow nor a cron.deny file exist in the directory /var/adm/cron, create a cron.allow file and add bin to it using a text editor.
Now that you have set up Software Management, you can perform some optional tasks that will prepare your Essentials environment to perform software management tasks. Refer to the online help for information about the following optional tasks:
Posted: Thu Sep 30 10:05:53 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.