|
|
November 29, 1999
These release notes describe the caveats for the Solaris server version of CiscoWorks2000 CD One 1st Edition.
These release notes provide the following information:
Table 1 lists the time zone acronyms that are supported in the CiscoWorks2000 applications that use the time zone feature. These time zones can be configured on Resource Manager Essentials (RME) managed devices. Details in Table 1 are:
When configuring time zones on CiscoWorks2000 servers, use the supported value in Column 3. To set time zones on CiscoWorks2000 Solaris servers, edit the TZ value in the /etc/default/init file.
To help you understand the importance of setting time zones correctly, the following steps illustrate how time zones are converted as they are passed from devices to servers to clients in different time zones:
1. An event occurs on a managed device, and the application message containing the device's time zone information is sent to the server.
2. An application daemon on the server reads the incoming message, converts the time zone to GMT, and stores it in the RME database.
3. When a client requests a report, the GMT time stored in the RME database is converted to the server time zone, and displayed in RME reports. Because Perl and Java process RME reports differently, the report will display the server time zone as an acronym or an offset from GMT (as shown in Column 4.)
1 Offset from GMT | 2 Area Covered (Country/City) | 3 Time Zone Setting on Server | 4 Output in Report | |
|---|---|---|---|---|
| GMT | Acronym | |||
+9:00, 9:30, 10:00, 11:00 | Australia | Australia/(Region) | GMT + Offset | ACT, AEST, AET, EAST |
+9:00 | Japan/Tokyo | Japan |
| JST |
+8:00 | China | PRC |
| CST |
+4:00 | Russia/Moscow | W-SU | GMT + 4:00 |
|
+2:00, | Cairo, Helsinki, Israel | EET | GMT +2:00, | EET |
+1:00, | Central Europe | MET |
| CEST, MET |
None, | Great Britain/London | GB | GMT +0, |
|
None | Africa | GMT | GMT |
|
-4:00 | Brazil | Brazil/Western | GMT -4:00 |
|
-5:00 | Canada | Canada/Eastern |
| CDT (DST) CST |
-5:00 | U.S. Eastern Time | EST5EDT |
| EST, |
-6:00 | U.S. Central Time | CST6CDT |
| CST, CDT (DST) |
-7:00 | U.S. Mountain Time | MST7MDT |
| MST, MDT (DST) |
-8:00 | U.S. Pacific Time | PST8PDT |
| PST, PDT (DST) |
-10:00 | Hawaii | US/Hawaii |
| HST |
This section contains notes and caveats that apply to CiscoWorks2000 CD One 1st Edition. Caveats are categorized in the following sections, as shown:
The following information was omitted from the CiscoWorks2000 documentation.
The CiscoWorks2000 server software is not designed to be a fully secured environment in and of itself. It provides some of the security controls necessary for a web-based network management system but relies heavily on the end user's own security measures and control to provide a secure computing environment for CiscoWorks2000 applications. The CiscoWorks2000 server provides and requires three levels of security:
This section describes the general and server security levels. The application security levels are described in Getting Started with CiscoWorks2000 Server.
The CiscoWorks2000 server provides an environment that allows the deployment of web-based network management applications. Web access provides an easy to use and easy to access computing paradigm that is much harder to secure than the traditional style of computing that requires a login to an operating system before applications can be executed.
The CiscoWorks2000 server provides the security mechanisms (authentication and authorization) needed to prevent unauthenticated access to the CiscoWorks2000 server and unauthorized access to CiscoWorks2000 applications and data. Since the CiscoWorks2000 applications are capable of changing the behavior and security of your network devices, it is critical that access to the applications and servers be limited to those personnel who need access to applications or the data that the applications provide. Limit CiscoWorks2000 logins to just the systems administrator. Limit connectivity access to the CiscoWorks2000 server by putting it behind a firewall.
The following are two aspects of CiscoWorks2000 Server security:
The CiscoWorks2000 Server uses the basic security mechanisms of the UNIX operating system to protect the code and data files that reside on the server.
The CiscoWorks2000 Server provides the following security mechanisms:
The exception is the root user ID. To prevent a potentially harmful program from being executed by the daemon manager with root permissions, the daemon manager will execute only a limited set of CiscoWorks2000 programs that need root privilege. This list is not documented to preclude any user from trying to impersonate these programs.
CiscoWorks2000 foreground processes (typically cgi-bin programs or servlets) are executed under the control of the web server's children processes or the servlet engine which all run as the user bin.
CiscoWorks2000 uses standard UNIX tftp and rcp services and requires that access to the directories that these services read and write to for the user bin.
The CiscoWorks2000 server must allow the user bin to run "cron" and at jobs so that the Resource Manager Essentials Software Image Manager to run image download jobs.
The UNIX user bin is a user ID that is not typically enabled for login. Using this user ID as the user ID under which to install the CiscoWorks2000 server software makes the installation process easier and, in general, provides more limited access to the CiscoWorks2000 server because bin is not a valid login ID as there is no password assigned to it. There are some issues to consider regarding the use of the user ID bin - the bin user on UNIX systems is capable of performing system and possibly network-wide operations that could be harmful to the system or the network. Because of this we recommend that the system administrator review and adopt the security recommendations in the System Administrator-Imposed Security section below.
Web servers have a long history or being susceptible to break ins. The version of the Apache web server that is in the current release of the CiscoWorks2000 Server has had a lot of security related bug fixes. The CiscoWorks2000 server development team knows of no specific ways to break into or back doors to the server but to maximize CiscoWorks2000 Server security, we suggest that you follow these guidelines:
Place your network management servers behind firewalls to prevent access to the systems from outside of your organization.
| ID | Summary | Explanation |
|---|---|---|
CSCdm30938 | Update Archive does not work on a multi-processor Solaris machine. | Following installation of CiscoWorks2000 on the Solaris platform with multiple processors, cwconfig functionality gets disabled, and several error messages appear in the log file /var/adm/CSCOpx/log/daemons.log. The following are symptoms of this problem:
This is a know issue with Java 1.2 and Solaris 2.6. To workaround, perform the following steps: Step 1 Make sure the /etc/hosts has the hostname of the machine as the first entry (not localhost or anything else). Step 2 Make sure the /etc/nsswitch.conf file specifies the word "files" before "dns." |
CSCdp40189 | Attempts to use the CD One installation script to save data from an existing RME 2.x installation may fail if the existing RME 2.x is installed on Solaris 2.5.1, or on a Solaris 2.6 system which lacks the patches required for a full CD One installation. | To migrate data from an existing RME 2.x installation to RME 3.0 installed on a different machine, you must insert the CD One CD-ROM on the RME 2.x machine and run the setup.sh script in order to save the existing data. You must then exit the installation script before beginning the installation process. This procedure may fail if the existing RME 2.x is installed on Solaris 2.5.1, or on a Solaris 2.6 system which lacks the patches requires by the CD One installation, due to checks in the setup.sh script (checking for the required OS version and patches needed to install CD One). This leaves the user unable to save his existing data. To save the existing data, follow these steps: Note You must have root or super-user privileges.
Step 1 Mount the CD One media and change directory to the install directory:
Step 2 Enter Bourne shell:
Step 3 Make the temporary setup directory:
Step 4 Define and export these environment variables:
Step 5 Run the upgradebg.sh script, and respond to the prompts as shown below:
Step 6 Respond to the prompts as follows: |
CSCdp40189 (continued) |
| You will receive the following message: Other comments from script are not shown here.
Step 7 Enter Yes at the following prompt:
Step 8 Enter <CR> to use the default /opt/CW2000/OldData directory at the following prompt: The script saves the existing data, and setup uninstalls the other products.
Step 9 Enter No at the following prompt: You will then receive the following message:
Step 10 Remove the temporary directory created in step 3: Step 11 Move the saved data to the new RME 3.0 system (via tar, ftp, etc) or nfs-mount the directory where the data was saved, and then on the new system use the script bg2rigel.pl as described in the RME 3.0 installation guide. |
CSCdp81495 | Installation is aborted because a required Solaris patch is not installed. | If you're unable to continue the installation after successfully installing the Solaris patch, contact your technical support representative. |
| ID | Summary | Explanation |
|---|---|---|
None. | Log file location not supplied in other documentation. | The CiscoView log file can be found in the CiscoWorks2000 install directory located in /www/classpath/cv.log. The location of this log file is displayed in the CiscoView Administration Page located under Device Manager > Administration > CiscoView Server Admin > Setting debug options and display log. The client can also bring up a window to display the entries in the log file at real time through the administration page. Since this log file is on the server, it will contain trace and error messages for all the CiscoView clients. Trace and Error entries will be appended to the CiscoView log file on the server until the system administrator clears the log file explicitly through the CiscoView Administration page. |
CSCdm53849 | Launching a second CiscoView window from the desktop replaces the current CiscoView window. | When launching multiple CiscoView windows by clicking CiscoView, the new CiscoView window replaces the current CiscoView window, as opposed to opening a new window. |
CSCdp14743 | It may take a long time to bring up a device view in certain cases. | Bringing up the chassis view of a selected device may take a long time. This may occur due to name service lookup failures when the device and/or the sub-devices do not have name service entries. |
| ID | Summary | Explanation |
|---|---|---|
CSCdm66707 | For these devices, Tx port is shown as Fx port. | None. |
| ID | Summary | Explanation |
|---|---|---|
CSCdm84593 | Help does not work from the Monitor Components window. | Hyperlink is incorrect for help in Monitor Components window in this device and produces Step 1 Launch CiscoView for this device. Step 2 Right click Ethernet Port, and click Monitor. Step 3 Click Help in the Monitor Components window. Step 4 When the Help window opens, and typical interface information appears, click the highlighted parameters in this window. |
CSCdp08478 | Help is showing the "How to use help" page instead of the actual help page. | After launching CiscoView, open the Catalyst device. The help page does not appear for the following selections:
|
| ID | Summary | Explanation |
|---|---|---|
CSCdm71801 | Cable Modem Details dialog box lacks the functionality of its counterpart in CiscoView 4.2. | The following functionality is not available in the CiscoView uBR7200 device package:
|
| ID | Summary | Explanation |
|---|---|---|
CSCdm92048 | CT3IP interface processor is not viewable. | CiscoView does not display the CT3-IP interface processor installed in a 7513 router. |
CSCdm92052 | Port adapter PA-MC-4T1 is not viewable. | The port adapter in not viewable. Clicking on the slot brings up the Configure window. |
| ID | Summary | Explanation |
|---|---|---|
CSCdm61980 | Cannot launch CiscoView by double clicking device icon in network management system (NMS) after integration with NMS. | The application set as the default using Change Integration options may still not be invoked following a double click from topology of NMS. Consequently, if you double click on a Cisco device icon from the topology, nothing may happen. Some NMS or NMS adapters may not support this. |
CSCdm91445 | Application registration change causes full integration if you run Change Integration options and change the application parameters only (such as browser, server and port number) and integrate. | When this happens, MIB, icon and application integration happens instead of application registration only. If user runs Change Integration options and just changes the application registration information, the integration should only do application integration and not full integration. |
| ID | Summary | Explanation | ||||
|---|---|---|---|---|---|---|
None. | Two additional user roles (Developer and Export Data) are displayed in the security user account windows. | They are not available for general use, only for Management Connection certification and third-party developers. | ||||
None. | Parameter must be set using Netscape 4.61. | MOZILLA_HOME must be set to the Netscape installation directory. | ||||
None. | Non-CiscoWorks2000 software is not supported. | The CiscoWorks2000 server does not support software that is not included in the CiscoWorks2000 Family. | ||||
CSCdp17038 | Help page is broken on double clicking the help node. | In Netscape, some help pages display a Transfer Interrupted message after double-clicking the help table of contents. To workaround, clear the cache by selecting Edit > Preferences > Advanced > Cache and selecting the Clear Memory Cache and Clear Disk Cache options. | ||||
None. | Netscape 4.6.1 sometimes leaves a process running after browser is closed. | Sometimes one of Navigator 4.6.1's process continues running after the browser is closed. Any attempt to restart the browser while the process is running causes problems with the new browser window. To avoid this problem, open the Task Manager. Search the process list for all instances of netscape.exe, select them with the mouse, and click End Task. Restart Navigator. | ||||
CSCdm59501 |
| Running both Netscape and Internet Explorer sometimes causes problems with the CiscoWorks2000 browser. Also, if two instances of Internet Explorer 5.0 are running, it might interfere with the GUI. To avoid this, use only one instance of one type of browser at a time. | ||||
CSCdm83204 | Applets not working when accessed as local host. | Netscape does not operate well when the local host is used in place of the system name of IP address. To work around this, always refer to the local system by its name or IP address. Do not use local host. | ||||
CSCdp15013 | Help index does not appear | This applies to Internet Explorer 5.0 users only. The online help system's index does not work in Internet Explorer 5.0 when you log in to a CiscoWorks2000 server, log out, then log in again using the same browser instance. To avoid this, exit Internet Explorer and restart it after logging out of a CiscoWorks2000 server and before logging in to a CiscoWorks2000 server again. | ||||
CSCdp06564 | Upgrade to RME 3.0 causes administrator's password to be reset. | When you are upgrading an RME 2.x installation to 3.0, the system administrator's password is reset to "admin." To work around this, after installing CD One, but before installing RME 3.0, log in and change the admin password to that of RME 2.x. Then proceed with the installation of RME 3.0. | ||||
CSCdp22109 | The CAM Admin page appears to be stuck. | Internet Explorer on Win95 and Win98 only---With the CiscoWorks2000 desktop browser window maximized, after selecting "install CAM" in the CAM Admin page, the cursor changes into an hour glass and nothing appears. The "Choose Directory to Place CAM Registry" dialog box is behind the browser window and waiting for user input. To workaround, minimize the CiscoWorks2000 desktop browser window to view the dialog box. | ||||
CSCdp25390 | If you maximize, restore, or resize the Netscape Navigator browser, the browser reloads all frames. Multiple instances of some applications might be invoked, which uses a lot of memory. | To work around this problem, avoid maximizing, restoring, or resizing the screen. Close any extra instances of applications. |
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Wed Feb 23 17:15:09 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.