|
|
These notes supplement both the User Manual and API Reference for Cisco IP Manager version 1.0.10(c), which updates the 1.0 release. (The most recently published edition of the User Manual is the 1.0 version. Significant changes were made to the API, and the API Reference has been updated to version 1.0.10.)
Problems reported for API operations do not impact the GUI application and GUI problems do not impact API operations unless otherwise noted in the text.
1. Hardware requirements listed in the Overview chapter of the User's Guide have been changed. The center and ding packages should be installed on an Ultra 60 with a minimum of 512 MB of RAM and a 2 GB hard drive (if packages are installed separately, each host should meet these specifications).The machine on which you install the dnem package should be an Ultra 10 with at least 256 MB of RAM.
If your IP Manager environment consists of more than 1,000 network elements, you should increase RAM to 1 GB on the ding host.
These estimates assume an average of six interfaces per router, moderate use of access lists, and typical WAN connectivity. You may need additional resources if your network has a larger number of interfaces per router, makes extensive use of access lists, or is heavily meshed.
Disk space required for installation is as follows:
| Package | Installation (includes tar file) | Installed (tar file deleted) |
|---|---|---|
center | 200 MB | 100 MB |
ding | 100 MB | 50 MB |
dnem | 40 MB | 20 MB |
gui | 400 MB | 200 MB |
Orbix | 350 MB | 175 MB |
Total (all packages) | 1.1 GB | 545 MB |
2. All messages generated by CNGSServer (which generates the Netsys reports) will be directed to stderr, not stdout.
3. Whenever the Cisco-supplied GUI application contacts a server, the GUI application will stop waiting for a response after 10 minutes (600 seconds). The length of the wait can be changed by entering a new TIMEOUT value in the PSSetup.properties file located in the GUI/java subdirectory of your IP Manager installation. The value must be in the range of 60..1200 seconds, and must be greater than the telnet timeout value of any NEMServer in the system (NEMServers have a default timeout value of 120 seconds and a minimum of 50). Note that the GUI application will not check to see if its timeout is larger than any NEMServer's timeout value. Coordination of these values is the responsibility of the Cisco IP Manager administrator.
If the value is set below the acceptable minimum, it will be increased to the minimum value. If set above the acceptable maximum, it will be decreased to the maximum.
4. The NEMServer will now wait for a set period of time (the default is 120 seconds) for a response whenever it initiates a communications request. This value can be changed (range: 50..1200) by using the -w command line flag when the server is launched; by using the new script setElementOpTimeout, which has been added to the SRVRS subdirectory of your IP Manager installation; or from the Domain Properties window of the Cisco-supplied GUI application.
The setElementOpTimeout script changes the timeout value in the ipmgr.launch.csh file (which sets command-line parameters for all servers). Enter the following on the command line:
setElementOpTimeout <seconds>
Relaunch the server.
If the value is set below the acceptable minimum, it will be increased to the minimum value. If set above the acceptable maximum, it will be decreased to the maximum.
5. The NEMServer timeout value, as well as telnet retry count and prompt timeout values, can also be set in the Domain Properties window (right click on a domain in the Cisco-supplied GUI and choose the Properties command, then choose either the NEM Server or NEM Backup Server tab). Previously, as documented in the User Manual, page 4-7, the telnet values (prompt timeout was called retry timeout) could be set only when the NEMServer was launched, and there was no Operation Timeout value.
Each of these values can now be set by the administrator from within the GUI application (the fields remain read only for all other users).
The Operation Timeout value is the number of seconds the NEMServer will wait for an operation to complete. If the operation is not completed successfully within this time, an error code will be returned and the NEMServer will stop waiting for the operation to finish. This is the same value that is set by the -w flag when the server is launched, or by the setElementOpTimeout script. The Retry Count (same as the -r launch flag) designates the number of times the server will attempt to connect. The Prompt Timeout value (-T flag) is the number of seconds the server will wait for a prompt on each telnet attempt. If the contacted server does not reply with its prompt in this time, the operation will be terminated, without waiting for the operation timeout to expire.
6. The maximum value for the NEMServer's Telnet prompt timeout has been increased The range is now 3..50 seconds. The default remains 5. If the value is greater than the maximum allowed, it will be decreased to 50. If the value is less than the minimum, it will be increased to 3. The prompt timeout value is called the Telnet wait prompt interval in the usage text displayed when the server is launched without an argument.
7. If your Oracle database is not configured to grow dynamically, it could refuse to import new configurations when its maximum size has been reached. To allow automated datafile extensions, include the "autoextend" directive when you create your tablespace as described in the User Manual, Chapter 3, "Getting Started." At the SVRMGR prompt, enter the following on the command line:
connect internal; CREATE TABLESPACE CIPM_DAT DATAFILE '/<your data directory>/CIPM_DAT_01.dbf' size 200M AUTOEXTEND ON NEXT 50M MAXSIZE UNLIMITED
8. Whenever the LOGServer receives a message generated by a client application, it calculates a GMT timestamp based on the time of receipt according to the LOGServer's local clock. When the Cisco-supplied GUI application retrieves the message from the database, it converts this calculated GMT timestamp to its own local time zone. The Log Viewer window displays both the GMT timestamp and the local translation.
Even if the clocks of both client and log server hosts are synchronized, the timestamp generated by the client application at the time the message was created may not exactly match the time of receipt recorded by the LOGServer, due to packet communication delays. The timestamp generated by the original client machine is stored in the database and is available via the API, but it is not currently used by the Cisco-supplied GUI application.
9. The Cisco IP Manager NEMServer can recognize and respond to a variety of prompts generated by Authentication servers. The prompts recognized by NEMServer by default are the Username: and Password: prompts that are IOS defaults. The setCustomizedPrompt utility, located in the SRVRS subdirectory of your Cisco IP Manager installation, allows you to set up to two additional user name and password prompts (the default prompts are always checked). Usage is:
setCustomizedPrompt <alternate username 1> <alternate password 1><alternate username 2> <alternate password 2>
If spaces are included in the prompts, the prompt text must be enclosed in quotation marks. None of the alternate prompts can contain the forward slash character (`/").
If you execute the utility with no arguments, all prompts will be reset to their default values. If you leave some arguments empty, those prompts will be reset to their default values.
You should use only VTY to connect with Authentication servers. The Console connect method is not supported.
10. A telnet login option has been added to the Element Properties window of the Cisco-supplied GUI application. If VTY is the selected Connect Method and the Store User Name & Password checkbox is checked, fields for user name, password and enable password will be displayed, and the values you enter will be used for telnet operations. If the option is not checked, your Cisco IP Manager login name and password will be used.
11. To turn the telnet trace feature on or off, you should use the setTelentTraceOn/Off scripts rather than editing the IOS.common.debug.exp file (see the section "Debugging NEMServer Configuration Errors" in the "Advanced Usage" appendix of the CIPM User Manual). You should only edit this file to use the log_enable and exp_internal options when you need to troubleshoot a specific problem. Leave them off during normal operations. These options not only slow down the process but also could cause the telnet session to timeout before completion.
12. Once you have configured a Cisco IP Manager installation and launched the servers for the first time, your entire database may be invalidated if you change either the hostname or the domain of any of the machines on which any of the server software or the database is installed. This can occur if you move a machine from cisco.com to somewhere-else.com, for example.
If you plan to install the system in a lab environment initially and then later move it to a working network which uses a different domain name, you should not specify a domain name during the lab installation. Contact your Cisco customer support engineer for advice.
13. If you want to execute the ipmgr.killit utility from within a script (as part of the auto shutdown procedure described on page 3-23 of the User Manual, for example), enter the command in the script with the -nw (no wait) flag, as follows:
ipmgr.killit -nw
14. The CIPM NEMServer reserves socket ports 9000 through 9059. If these ports are used by non-CIPM processes, telnet sessions may be disrupted.
15. A memory-management problem will sometimes prevent the display of a CIPM Integrity, Syntax, or Unconnected WAN Interfaces report. If you attempt to open one of these reports and an out-of-memory message is displayed, check Java's memory usage by choosing the About command on the CIPM Help menu. The total memory figure displayed refers to the amount of memory currently allocated to CIPM by the Java Virtual Machine (JVM). The free memory figure refers to the amount of allocated total memory that is not currently in use. If the amount of available memory (free memory plus the difference between total memory and the maximum allowed) is small, the JVM may not be able to supply CIPM with enough memory to display the report. Exit and restart the GUI application to clear the memory-management error condition.
CIPM puts a 64-megabyte cap on the amount of memory the JVM is allowed to claim. This can be changed with the Java Runtime Environment flag -mx by editing the ipmgr.gui script. Search for jre -mx and specify memory in megabytes, kilobytes, or bytes, as:
jre -mx70m jre -mx70k jre -mx70
However, if you allocate more than the default maximum value, you will increase the risk of memory contention, especially when any of the CIPM servers are running on the same host as the GUI application.
16. The status message displayed in the Configuration Reports window may report "Configuration check finished" even though no report is displayed, if the GUI application's timeout limit has been reached before the CNGSServer finishes generating the report. If this happens and CNGSServer has not sent an out-of-memory message to stdout, try increasing the GUI application's timeout value.
17. An out-of-memory message may be generated and sent to stdout by the CNGSServer if your baseline is too large or too complex. This situation is separate from, and unrelated to, the Java memory allocation problem described previously. The GUI application will simply time out, without opening a report viewing window. If this happens and the CNGSServer has sent an out-of-memory message to stdout, try reducing the size and complexity of the baseline by selecting a subset of devices (keeping in mind that a CNGSServer analysis only makes sense for configurations that make up a contiguous set---that is, a set of routers that are directly interconnected). Increasing RAM---either system or swap---may also help.
18. The Import and Export buttons on the Configuration Reports window (which opens when you select the Add to Analysis Baseline command on the Options menu in the Element Manager window) allow you to save and reopen a baseline. Choose the Export button to save the currently opened baseline. In the file-locator dialog that opens, select a directory and enter a filename. The baseline will be saved as a text file listing the elements as they appear in the Configuration Reports window. Choose the Import button to locate and open a previously saved baseline file. Imported baselines will be added to the currently opened baseline. If you want the baseline to consist of only the elements named in the imported file, choose the Configuration Report window's Delete All button before importing.
19. The GUI application's Log Viewer holds up to 5,000 log records in memory. If there are less than 5,000 records in the database and no filters are in effect to limit the view, then all records in the database will be present in the view. The Export and Export All commands on the Log Server window's File menu will produce the same result---all log records will be exported, with either command.
20. When uploading or downloading configurations, the Abort button on the status window will always be disabled unless you have selected multiple elements. This button will cause the upload or download operation to halt, but only after the operation currently underway has been completed. That is, if you have selected elementOne, elementTwo, and elementThree, initiated an upload operation and then choose the Abort button while the elementOne upload is in progress, the elementOne upload will continue until finished, then the operation will halt without uploading from elementTwo or elementThree.
21. To upload from multiple devices, the menu command is Upload from Elements, not Group Upload from Elements as documented in the User Manual (page 4-19). Also, all elements must be in the same domain (also true of downloading to multiple elements).
22. If you check the Update Startup Config before Reload checkbox on the Reload Element dialog, the startup configuration will be updated immediately, even if the reload is scheduled to occur later.
23. Use of attributes (${...}, $[...], and $<...>) and data values in template body text must conform to the rules specified in the User Manual regardless of where they appear in the body text, including banner text and comments. This is true whether you use the GUI application or the API.
24. CIPM allows you to specify only a port password, without a username, for a communications server line. When Console is selected as the Connect Method in the Device Properties window (or con is specified as connectType in the device's ElementStruct in the API), the communications server cannot be configured to use login local---which requires both a password and a username---on its outgoing lines. However, login local is allowed for entry into the communications server itself, since both username and password can be specified for the server in CIPM.
25. The Orbix daemon must be running continuously on each IP Manager host machine. If the daemon stops for any reason, you must stop all servers on that host and relaunch them after the daemon has been started again. See the Getting Started chapter and Advanced Usage appendix of the User Manual for more information about the Orbix daemon.
26. The Cisco IP Manager software is not designed to work with routers configured with customized prompts. The system expects the last character of the prompt to be either the # or the > marker. If you use the Cisco IOS prompt command, you must end your prompt with the %p option. This tells the router to append the default markers to your custom text. Enter the prompt command as:
prompt MyPrompt%p
The router will then generate subsequent prompts as:
MyPrompt#
or
MyPrompt>
If you omit the %p option, the router will generate the prompt as:
MyPrompt
...and communication with the router will be disrupted.
27. The Cisco IP Manager system has been tested with the following devices and Cisco Internetwork Operating System (Cisco IOS) versions (n means no, not tested; y means yes, tested):
| Device | Cisco IOS Release Version | Connection Type | |||||
|---|---|---|---|---|---|---|---|
| 11.0 | 11.1 | 11.2 | 11.3 | 12.0 | VTY | Console | |
7513 | n | y | y | y | n | y | y |
7507 | n | n | y | y | n | y | y |
7200 | n | n | y | y | n | y | y |
5300 | n | n | n | y | n | y | y |
5200 | n | n | y | y | n | y | y |
4500 | n | n | y | y | n | y | y |
3810 | n | n | n | y | n | y | y |
2524 | y | n | y | y | n | y | y |
2525 | n | y | y | y | n | y | y |
25181 | n | n | n | n | n | n | n |
2514 | n | n | y | y | n | y | y |
2505 | n | n | y | y | n | y | y |
1600 | n | y | n | n | n | y | y |
GSR 12000 | n | n | n | y | n | y | y |
LS 1010 | n | y | y | n | n | y | y |
MGX 88002 | n | n | n | n | y | n | y |
28. The file ipm_client.tar.z on your installation CD contains a pair of Java utilities which can be used in conjunction with an operating Cisco IP Manager installation to modify device configurations in an existing network. See the document titled Cisco IP Manager Configuration Control Scripts in your software package. The document is also included in PDF format on your CIPM installation CD. The Java utilities are invoked via C shell scripts, which are included in the ipm_client package.
The following previously reported problems have been resolved:
Problem: The Cisco IP Manager GUI application sometimes erroneously reported "no valid NEMServer configured for this domain" when a user attempted to create an element.
Status: Closed.
Reason: Problem fixed; situation no longer occurs.
Problem: Entering a series of spaces as the login user name in the Device Properties window caused the device to repeatedly prompt the server for a user name indefinitely.
Status: Closed.
Reason: Problem fixed; router will now return an "invalid login" message.
Problem: The CTM::lockIt() operation in the API only worked for the SuperUser.
Status: Closed.
Reason: Problem fixed. Operation now works as designed.
Problem: The CTM::getAllTemplates() operation in the API never retrieved any templates, even though the return code indicates success.
Status: Closed.
Reason: Problem fixed. Operation now works as designed.
Problem: The GUI application displayed an "out of resources" message and the Go button in the Configuration Reports window was disabled, when multiple GUI applications launched the report-generating server (CNGSServer) simultaneously.
Status: Closed.
Reason: Problem fixed; situation no longer occurs.
Problem: The GUI application stopped functioning when a user chose the Apply button while updating user information in the User Authentication Manager.
Status: Closed.
Reason: Problem fixed; situation no longer occurs
Problem: The NEM::writeConfig() API operations occasionally returned a value of 2024, which is supposed to indicate that the router's IOS parser has generated a message, even though no IOS parser message was received in the response buffer.
Status: Closed.
Reason: Problem fixed; situation no longer occurs.
Problem: NEMServer hosts with slow CPUs were not always able to force devices to reload properly after downloading configurations.
Status: Closed.
Reason: Problem was traced to a special condition that existed only in a specific test environment; will not occur under normal operating conditions.
Problem: Some configuration lines were being truncated in the GUI application's Download Status window.
Status: Closed.
Reason: This was a display problem that occurred when using config term mode, and was related to the $ marker used by routers to show that text has been scrolled when echoing back configuration lines. The problem has been resolved, except that the $ character may now appear within the echoed text, and some characters may be repeated. Display of the configuration text in the Download Status window is considered to be incidental to the operation; you should already have validated the configuration before reaching this part of the process.
Problem: CIPM displayed an "object already exists" message even though it was deleted prior to creating a copy.
Workaround: The problem has been resolved.
Problem: The API operation CTM::TemplateManagement::getAllTemplates() allowed non-registered users to obtain templates.
Workaround: The problem has been resolved. The API works as designed.
The following items list known problems in Cisco IP Manager 1.0. The most recently reported problems are listed first, by their identifiers in the Distributed Defect Tracking System (DDTs) used by Cisco to track product defects and enhancement requests.
Problem: When the primary NEMServer becomes unavailable, the backup NEMServer fails to take over.
Workaround: None. Do not rely on CIPM automatically switching to the backup NEMServer.
Problem: When downloading to a device, not all IOS messages returned by the router are displayed in the CIPM Download Status window. If you choose to update the startup configuration after downloading, for example, the status window will contain messages about the download operation, but feedback from the write mem (update) operation will not be displayed.
Workaround: Seperate the download and update operations by using the Update command on the Options menu (right-click on an element in the Element Manager window) after the download is complete, instead of using the Update option on the Download Options window.
Problem: When downloading to a device in config term mode, the last line in the IOS message sent by the device, signifying that the download operation is ended, is clipped from the display in the CIPM Download Status window.
Workaround: None.
Problem: Logging in via console line fails sometimes.
Workaround: Do not use the IOS prompt characters # and > in a device's banner. (The setCheckPromptOn utility described in the Cisco IP Manager User Manual is not always successful in determining when these characters are used in a banner.)
Problem: The API operation NEMServer::getElementListByGroupName() does not validate the UserName_s uname in parameter. A list will be returned regardless of username.
Workaround: Don't rely on this operation to validate usernames.
Problem: The NEMserver can fail if a list of devices is being deleted in a continuously flowing operation (most likely via an external client program) at the same the GUI is performing read operations (such as refreshing the display while the domain containing the elements is open) on these listed devices.
Workaround: Avoid deleting a list of devices while the GUI is simultaneously using them, or delete devices manually using the GUI's Element Manager window.
Problem: After an extensive test cycle that put the Event Server through heavy stress by creating and deleting multiple devices numerous times, Cisco's QA team observed some memory loss in certain servers, most notably ES. Because of the large number of events required to produce the observed results, Cisco does not believe this will be a problem in a production environment. This problem was observed during the same test cycle that produced CSCdm45231.
Workaround: Avoid deleting a list of devices while the GUI is using these devices simultaneously. Contact Cisco support if excess memory loss is observed.
Problem: The API operation NEMServer::getElementListByElementName does not validate the UserName_s uname in parameter. A list will be returned regardless of username.
Workaround: Don't rely on this operation to validate usernames.
Problem: If a device's running configuration does not contain a version statement, there will be no response in the Verify Connectivity tab of the GUI application's Device Properties window.
Problem: An incorrect message is displayed when when an unsuccessful attempt is made to connect to an element via console. The message advises the user to "check element ip address," which is not appropriate when connecting via the console port.
Problem: Whenever you attempt to initialize a router with no starting config, the router will respond with a prompt asking if you want to enter a configuration dialog. This will cause the initialization attempt from the GUI application's Download Options dialog to fail.
Workaround: Clear the message box and try it again. The second time should work.
Problem: The script for restarting after a reboot (User Manual, p. 3-23) does not work as shown. When the su command is given, you must use the form of the command which sets the user environment to the oracle user's environment.
Workaround: Issue the su command followed by a dash, as follows:
su - oracle -c "<$ORACLE_HOME>/bin/dbstart"
Note also that in order to use the ipmgr.killit command in the restart script, you must use the -nw flag with the command, or else the utility will wait for user response before continuing.
Problem: Data entered in the Login Security control group of the Element Properties window is not updated properly when you change from one Connect Method to another. Only one set of login data is stored in the database; the fields should contain the same information when either VTY or Console is selected.
Workaround: The information displayed in the Login Security fields is stored in one area of RAM when the Connect Method is VTY and in a different area of RAM when the Connect Method is Console. These two memory areas are not being updated properly by the GUI application. Always close and then reopen the Element Properties window after clicking the Apply button. This forces the application to retrieve the current data from the database. This is a display problem only; current data is always retrieved from the database when communications operations are initiated.
Problem: Data values entered into the spreadsheet portion of a template will not be saved if a device is not specified in the first column of the row. This is by design. The device name is mandatory. However, the GUI application will not warn you that some data will be discarded when you save the template and exit the Configuration Builder window.
Workaround: Always specify a value in the device column for every row of data.
Problem: A "Non-utilized Rule in Access List" warning in the Integrity Check report may actually mean your configuration has duplicated an access list entry, rather than hidden a rule. This may occur if you are using the Cisco IP Manager software to update an existing configuration by applying a partial configuration containing the duplicate access-list rule.
Problem: The GUI application sometimes terminates unexpectedly. This seemingly random, intermittent problem has been observed primarily on machines running the Cisco-supplied GUI application via X windows and appears to be a Java-related problem. If it occurs, simply relaunch the GUI application.
If you are installing the ding package on a machine other than the one on which the center package is installed, you must edit the Orbix.hosts file as described on page 3-16 of the User Manual. However, you should add the name of the host on which the center package is installed, not the ding package.
The example shown should read:
CNGSServer:<center installation hostname>:
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Thu Sep 2 09:20:01 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.