User Guide for Resource Manager Essentials

Transcription

1 User Guide for Resource Manager Essentials Software Release 3.4 CiscoWorks2000 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA USA Tel: NETS (6387) Fax: Customer Order Number: DOC = Text Part Number:

2 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB s public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iphone, IP/TV, iq Expertise, the iq logo, iq Net Readiness Scorecard, iquick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R) Copyright 2002, Cisco Systems, Inc. All rights reserved.

3 CONTENTS Preface xi Audience xi Conventions xi Related Documentation xii Obtaining Documentation xiii World Wide Web xiii Ordering Documentation xiv Documentation Feedback xiv Obtaining Technical Assistance xv Cisco.com xv Technical Assistance Center xv Cisco TAC Web Site xvi Cisco TAC Escalation Center xvii PART 1 About Resource Manager Essentials CHAPTER 1 Overview 1-1 Features 1-2 Functional Architecture 1-7 CiscoWorks2000 Server 1-8 Essentials Database and Functions 1-9 Web Clients 1-9 Cisco.com 1-10 Getting Started 1-10 iii

4 Contents RME Functions 1-11 User Tasks 1-11 Administrative Tasks 1-12 Essentials Task Usage Workflow 1-12 General System Configuration 1-13 Supported Devices 1-14 Adding Functionality and Incremental Device Support 1-14 Time Zone Implementation 1-15 CHAPTER 2 Resource Manager Essentials Applications 2-1 Device Views 2-2 Types of Views 2-2 Setting Device Credentials 2-4 System Configuration 2-5 Availability 2-6 Benefits of Availability 2-6 Availability Functional Flow 2-7 Availability Workflow 2-8 Change Audit 2-10 Change Audit Functional Flow 2-11 Configuration Management 2-14 Benefits of Configuration Management 2-14 Configuration Management Functional Flow 2-15 Configuration Archive 2-18 NetConfig, Config Editor, and Network Show Commands 2-20 NetConfig Option 2-23 Benefits of Netconfig 2-24 Network Show Commands Option 2-27 Benefits of Network Show Commands 2-27 iv

5 Contents Config Editor Option 2-31 Benefits of Config Editor 2-31 Contract Connection 2-34 Contract Connection Workflow 2-35 Case Management 2-36 Inventory 2-37 Benefits of Inventory Management 2-37 Inventory Management Functional Flow 2-38 Job Approval 2-46 Job Approval Process 2-47 Software Management 2-49 Benefits of Software Management 2-49 Software Management Functional Flow 2-49 Syslog Analysis 2-55 Syslog Analysis Functional Flow 2-55 Syslog Analysis on Windows 2-57 Syslog Analysis Workflow 2-57 Syslog Vs Change Audit 2-58 CHAPTER 3 VPN Security Management Solution 3-1 Configuration Management Reports 3-2 Inventory Reports 3-2 VPN Syslog Analysis Reports 3-3 CHAPTER 4 Network Address Translation Support 4-1 Introducing NAT Support 4-2 Managing devices outside the NAT 4-3 v

6 Contents PART 2 Managing Your Network Scenarios CHAPTER 5 Monitoring Your Devices 5-1 What You Need Prerequisites 5-2 How To Do It Procedures 5-2 Determine Current Network Availability 5-2 View the Latest Syslog Messages 5-3 View a Custom Report 5-4 Where You Should End Up Verification 5-4 CHAPTER 6 Upgrading Your Device Software 6-1 What You Need Prerequisites 6-2 How To Do It Procedures 6-2 Perform the CCO Upgrade Analysis 6-3 Retrieve Software Images from CCO 6-4 Schedule the Software Image Upgrade 6-5 Track the Upgrade 6-7 Where You Should End Up Verification 6-8 CHAPTER 7 Performing Maintenance on Your Essentials Server 7-1 What You Need Prerequisites 7-2 How To Do It Procedures 7-2 Remove Records From the Change Audit Log 7-3 Remove Images From the Software Library 7-5 Remove Old Data From the Job Control Report 7-6 Add Unmanaged Devices to Inventory 7-6 Remove Configurations From the Archive 7-7 vi

7 Contents Where You Should End Up Verification 7-8 Verify Change Audit Log Records Are Removed 7-8 Verify Software Images Are Removed from the Library 7-8 Verify Old Data Is Removed from the Job Control Report 7-9 Verify Unmanaged Devices Are Added to Inventory 7-9 Verify Configurations Are Removed from the Archive 7-9 CHAPTER 8 Making a Device Configuration Change Using a Template 8-1 What You Need Prerequisites 8-2 How To Do It Procedures 8-2 Where You Should End Up Verification 8-4 CHAPTER 9 Configuring Multiple Devices 9-1 What You Need Prerequisites 9-2 How To Do It Procedures 9-2 Create a Template 9-2 Define a NetConfig Job 9-3 Where You Should End Up Verification 9-5 CHAPTER 10 Importing Device Data to Inventory 10-1 What You Need Prerequisites 10-2 How To Do It Procedures 10-3 Where You Should End Up Verification 10-4 CHAPTER 11 Managing PIX Devices through Proxy Server (Auto Update Server) 11-1 Importing Information from Proxy Server 11-2 What You Need Prerequisites 11-4 How To Do It Procedures 11-4 vii

8 Contents Importing Proxy Server 11-4 Distributing Images 11-5 Where You Should End Up Verification 11-5 CHAPTER 12 Checking Device Configuration Changes and Who Made Them 12-1 What You Need Prerequisites 12-2 How To Do It Procedures 12-2 Where You Should End Up Verification 12-3 CHAPTER 13 Creating a Syslog Custom Report 13-1 What You Need Prerequisites 13-2 How To Do It Procedures 13-2 Where You Should End Up Verification 13-3 CHAPTER 14 Maintaining Your Inventory Information 14-1 What You Need Prerequisites 14-2 How To Do It Procedures 14-2 Check the Contract Status on Network Devices 14-2 Update Device Serial Numbers 14-3 Where You Should End Up Verification 14-4 Verify the Contract Status on Network Devices 14-4 Verify Device Serial Numbers Are Updated 14-4 viii

9 Contents PART 3 Appendixes APPENDIX A Troubleshooting Essentials A-1 Change Audit FAQs A-2 Configuration Management A-2 Configuration Management FAQs A-2 Troubleshooting Configuration Management A-4 Contract Connection A-6 Contract Connection FAQs A-6 Inventory A-7 Inventory FAQs A-7 Troubleshooting Inventory A-9 Software Management A-13 Software Management FAQs A-13 Troubleshooting Software Management A-21 Syslog Analysis A-25 Syslog Analysis FAQs A-25 Troubleshooting Syslog Analysis A-27 CiscoWorks2000 Server A-34 CiscoWorks 2000 Server FAQs A-34 APPENDIX B File Import Format B-1 Comma-Separated Values (CSV) File B-2 Data Integration File (DIF) B-4 APPENDIX C Essentials Command Reference C-1 I NDEX ix

10 Contents x

11 Preface This manual describes Resource Manager Essentials, gives an overview of the applications that make up Resource Manager Essentials, provides conceptual information about network management, and describes common tasks you can accomplish with Resource Manager Essentials. It also contains troubleshooting information and realistic scenarios that demonstrate how you can use Resource Manager Essentials to manage and troubleshoot your network. Audience This guide provides descriptions and scenarios for system administrators, network managers, and other users who might or might not be familiar with Essentials. Many of the tools described are accessible to system administrators only. Conventions This document uses the following conventions: Item Commands and keywords Variables for which you supply values Displayed session and system information Convention boldface font italic font screen font xi

12 Related Documentation Preface Item Information you enter Variables you enter Menu items and button names Selecting a menu item Convention boldface screen font italic screen font boldface font Option > Network Preferences Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication. Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Related Documentation Note Although every effort has been made to validate the accuracy of the information in the printed and electronic documentation, you should also review the Resource Manager Essentials documentation on Cisco.com for any updates. The following additional documentation is available: Paper Documentation User Guide for CiscoWorks2000 Server Installation and Setup Guide for CD One on Solaris Installation and Setup Guide for CD One on Windows 2000 Installation and Setup Guide for Resource Manager Essentials on Solaris Installation and Setup Guide for Resource Manager Essentials on Windows 2000 xii

13 Preface Obtaining Documentation Release Notes for CD One, 5th Edition on Solaris Release Notes for CD One, 5th Edition on Windows 2000 Release Notes for Resource Manager Essentials 3.4 on Solaris Release Notes for Resource Manager Essentials 3.4 on Windows 2000 Online Documentation Context-sensitive online help You can access the help in two ways: Select an option from the navigation tree, then click Help. Click the Help button in the dialog box. PDF for: Installation and Setup Guide for Resource Manager Essentials on Solaris Installation and Setup Guide for Resource Manager Essentials on Windows 2000 Note Adobe Acrobat Reader 4.0 or later is required. Obtaining Documentation The following sections explain how to obtain documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at the following URL: Translated documentation is available at the following URL: xiii

14 Obtaining Documentation Preface Ordering Documentation Cisco documentation is available in the following ways: Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace: Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at or, elsewhere in North America, by calling NETS (6387). Documentation Feedback If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Feedback at the top of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at You can your comments to [email protected]. To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address: Cisco Systems Attn: Document Resource Connection 170 West Tasman Drive San Jose, CA We appreciate your comments. xiv

15 Preface Obtaining Technical Assistance Obtaining Technical Assistance Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site. Cisco.com Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world. Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to Streamline business processes and improve productivity Resolve technical issues with online support Download and test software packages Order Cisco learning materials and merchandise Register for online skill assessment, training, and certification programs You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL: Technical Assistance Center The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center. xv

16 Obtaining Technical Assistance Preface Cisco TAC Web Site Inquiries to Cisco TAC are categorized according to the urgency of the issue: Priority level 4 (P4) You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration. Priority level 3 (P3) Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue. Priority level 2 (P2) Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available. Priority level 1 (P1) Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available. Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable. The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL: All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register: If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL: If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site. xvi

17 Preface Obtaining Technical Assistance Cisco TAC Escalation Center The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case. To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL: Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number. The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case. To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL: Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number. xvii

18 Obtaining Technical Assistance Preface xviii

19 P ART 1 About Resource Manager Essentials

20

21 CHAPTER 1 Overview The Resource Manager Essentials (Essentials) suite is part of the CiscoWorks2000 family of products. It is an enterprise solution to network management. This suite of web-based network management tools enables administrators to collect the monitoring, fault, and availability information needed to track devices critical to the network. Essentials is based on a client/server architecture that connects multiple web-based clients to a server on the network. As the number of network devices increases, additional servers or collection points can be added to manage network growth with little impact on the client browser application. By taking advantage of the scalability inherent in the intranet architecture, Essentials supports multiple users anywhere on the network. The web-based infrastructure gives network operators, administrators, technicians, Help Desk staff, IS managers, and end users access to network management tools, applications, and services. Essentials allows the network administrators to view and update the status and configuration of all Cisco devices from anywhere on the network through a standard Web browser as the Essentials client. Access can be limited by user account so that each user has access only to the specific functions and data he or she needs, thus increasing overall security and providing change-management control. 1-1

22 Features Chapter 1 Overview Essentials maintains a database of current network information. It can generate a variety of reports that can be used for troubleshooting and capacity planning. When devices are initially added to the Essentials inventory, the network administrator can schedule Essentials to periodically retrieve and update device information, such as hardware, software, and configuration files, to ensure that the most current network information is stored. In addition, Essentials automatically records any changes made to network devices, making it easy to identify when changes are made and by whom. Essentials applications provide the network monitoring and fault information you need for tracking devices that are critical to network uptime and application availability. They also provide tools that you can use to rapidly and reliably deploy Cisco software images and view configurations of Cisco routers and switches. Essentials applications, together with links to Cisco.com service and support, automate software maintenance to help you maintain and control your Enterprise network. Features Essentials works in conjunction with the CiscoWorks2000 Server, which contains a set of management services shared by multiple management applications. These management services are enabled when a suite is installed and an application that relies on one of these services is opened. If a particular suite of applications does not use a service or does not use a service to the fullest extent to which it is available, the service might not appear on the CiscoWorks2000 desktop. Essentials uses these CiscoWorks2000 services: Database engine and utilities Login and application-launching desktop Event Management Online help system Job Management Cisco Management Connection (CMC) 1-2

23 Chapter 1 Overview Features Process Management Security Web server For detailed information, see User Guide for CiscoWorks2000 Server. Table 1-1 lists Essentials applications in alphabetical order, not the order in which they appear in the navigation tree: Note Availability, Change Audit, Configuration Management, Software Management, Syslog Analysis, and VPN Management Solution applications are available, if Essentials is installed. Table 1-1 Essentials Applications Application Name Purpose Notes Availability Monitor the reachability and response time of user-selected devices on the network. Collect fault and performance information for routers and switches. Change Audit View and search a central repository of all network changes (for example, inventory, software management, and so on). Set up periods of time to monitor network changes. Maintain the repository. Convert changes into SNMP traps and forward them to your network management system. To use Availability options, select Resource Manager Essentials > Availability. To administer Availability options, select Resource Manager Essentials > Administration > Availability. To use Change Audit options, select Resource Manager Essentials > Change Audit. To administer Change Audit options, select Resource Manager Essentials > Administration > Change Audit. 1-3

24 Features Chapter 1 Overview Table 1-1 Essentials Applications (continued) Application Name Purpose Notes Configuration Management Contract Connection Maintain an active archive of device configuration files. Search the archive for configuration files based on criteria you specify. Create custom reports for repetitive tasks. Group configuration files and label them as a set. Make configuration changes to your managed network devices using NetConfig, Config Editor, and CWConfig. Create configuration templates using NetConfig. Edit configuration files stored in configuration archive and download files to devices using Config Editor, and CWConfig. Create network show command sets using NetShow. Assign users to network show command sets. Define and schedule batch reports using NetShow that can be executed at any time you specify. Verify which of your Cisco IOS devices are covered by a service contract To use Configuration Management options, select Resource Manager Essentials > Configuration Management. To administer Configuration Management options, select Resource Manager Essentials > Administration > Configuration Management. To use the cwconfig, cwconfig netconfig, cwconfig netshow and cwconfig netshowbatch commands, use the command line. To use Contract Connection, select Resource Manager Essentials > Contract Connection. Device Views Create device views for reports. To administer Device Views options, select Resource Manager Essentials > Administration > Device Views. 1-4

25 Chapter 1 Overview Features Table 1-1 Essentials Applications (continued) Application Name Purpose Notes Inventory Import devices from databases or files. Job Approval Export device information to files. Add, delete, change, and list devices in your network inventory. Schedule polling and collection to update your network inventory. Display reports and graphs of your hardware and software inventory, and create Inventory custom reports. Check and change device attributes. Display a Year 2000 compliance report. Allow other network management systems to manipulate Essentials devices. Install support for new devices and enhanced support for existing devices. Used by some applications to: Create and manage approver lists. Enable and disable Job Approval. Approve and reject jobs. To use Inventory options, select Resource Manager Essentials > Inventory. To administer Inventory options, select Resource Manager Essentials > Administration > Inventory. To administer Job Approval options, select Resource Manager Essentials > Administration > Job Approval. 1-5

26 Features Chapter 1 Overview Table 1-1 Essentials Applications (continued) Application Name Purpose Notes Software Management Analyze upgrade needs and perform upgrades for Cisco devices on your network. Schedule and download images from Cisco.com and maintain a local library of images. Validate images with devices before initiating downloads, define and monitor the progress of scheduled jobs. Compare images running on the devices in your network with the images on cisco.com. Syslog Analysis Troubleshoot and track device problems. System Configuration View summaries of real-time reports on events that are being logged to syslog on behalf of a router or switch. Process these messages to generate reports. Configure automatic actions that occur when certain message types are received. Change system-wide configuration for SNMP, SMTP, proxy, and rcp settings. To use Software Management options, select Resource Manager Essentials > Software Management. To administer Software Management options, select Resource Manager Essentials > Administration > Software Management. To use Syslog options, select Resource Manager Essentials > Syslog Analysis. To administer Syslog options, select Resource Manager Essentials > Administration > Syslog Analysis. To administer System Configuration options, select Resource Manager Essentials > Administration > System Configuration. 1-6

27 Chapter 1 Overview Functional Architecture Functional Architecture Essentials is based on a client-server architecture that allows multiple web-based clients to access a management server on the network. As the number of network devices increases, additional servers or collection points can easily be added with little impact on the client browser application, making it very scalable. The Essentials web-based infrastructure consists of the following main components: CiscoWorks2000 Server Essentials Database and Functions Web Clients Cisco.com 1-7

28 Functional Architecture Chapter 1 Overview See Figure 1-1 for a general view of the Essentials Functional Architecture: Figure 1-1 Essentials Functional Architecture Inventory database Contract connection Cisco.com Reports/output Configuration management Software management Inventory management Availability Case management Change audit services Syslog analysis Device navigator Data collector (Updates/changes) CiscoWorks2000 Server Essentials relies on the CiscoWorks2000 Server for common functions such as the database engine, online help, security, login, application launching, job and process management, and the Web server. This provides a common framework and interface for all CiscoWorks2000 products. For detailed information, see User Guide for CiscoWorks2000 Server. 1-8

29 Chapter 1 Overview Functional Architecture Note The CiscoWorks2000 Server (CD One) must be installed prior to installing Essentials. Essentials cannot run as a standalone application. In addition, the CiscoWorks2000 Server should remain on line at all times in order to poll devices, monitor events, and perform scheduled data collection. If the server goes down, there will be an interruption in the network management information gathered and stored in Essentials. Essentials Database and Functions Essentials stores all critical network management information in a central database, including device inventory, software images, configuration files, syslog messages, and change records. Essentials functions interact with the database and with network devices to collect information, display reports, and automate many repetitive network management tasks. Many Essentials functions can also be configured to periodically poll network devices and update the database automatically. Essentials uses common protocols such as Simple Network Management Protocol (SNMP), Telnet, Trivial File Transfer Protocol (TFTP), and remote copy protocol (rcp) to access devices and retrieve configuration files and software images from devices. Web Clients The server can be accessed from any client with appropriate system requirements. Essentials clients are platform independent, allowing a UNIX client to access an Windows server or a Windows client to access a UNIX server. The only client software required is a supported web browser, such as Netscape Navigator or Microsoft Internet Explorer. 1-9

30 Getting Started Chapter 1 Overview Cisco.com Essentials also connects to the Cisco.com system to obtain up-to-date product updates and technical assistance information. Access to Cisco.com is not required to use Essentials but will greatly enhance its capabilities. The following Essentials functions require access to Cisco.com, or provide enhanced features with access: Inventory management to produce Y2K compliance reports Software management to include software images from Cisco when planning and performing upgrades Availability to produce stack decode of abnormal device reloads Contract connection to check status of service contracts Case management to submit trouble tickets to Cisco Getting Started After you configure the devices, CiscoWorks2000 Server, and client, you must first invoke the CiscoWorks2000 desktop through a web browser and log in to access Essentials. After you have successfully logged into the server, the Login Manager dialog window changes to illustrate the major applications or functions installed. These applications or functions are organized in drawers. You can open a drawer and then view the various functions or open additional folders that hold more functions. When the Essentials software is installed on the CiscoWorks2000 Server, a new Resource Manager Essentials drawer is added to the CiscoWorks2000 desktop. The Resource Manager Essentials drawer contains folders and related tasks for each of the Essentials functions. In addition, the Device Navigator and Case Management functions are added to the Management Connection drawer and a VPN Management Solutions drawer is added to support reports directly related to active virtual private network (VPN) devices. 1-10

31 Chapter 1 Overview RME Functions RME Functions All CiscoWorks2000 and Essentials applications and services are provided and organized in drawers. When you open an application drawer, you will find functional group folders, and individual tasks. Open a folder, and you will find more functional group folders or individual tasks. RME functionality can be found in one of three drawers: Resource Manager Essentials (main drawer) VPN Management Solutions (reports specific to VPN enabled devices), and Management Connection (Case Management and Device Navigator) Each of the RME applications provides a set of features that can be used to simplify and automate many network management tasks. Within the Resource Manager Essentials drawer, tasks are divided into two categories: administrative tasks and user tasks. Locating a particular function within RME is often the most difficult part of using it. Note The tasks displayed in the Resource Manager Essentials drawer will vary, depending on the permissions assigned to your user ID. If you do not have permission to perform a particular task, the task will not show up in the navigation tree. Also, the order of tasks and folders may vary, depending on what other components of CiscoWorks2000 are loaded. User Tasks User tasks (reports) are grouped into appropriate functional folders seen when the Essentials drawer is first opened (main level). For example, to run the user task of creating or viewing a detailed device report for a set of devices, select Resource Manager Essentials > Inventory > Detailed Device Report. User tasks are often performed by multiple people on a daily basis to view network information and manage and monitor Cisco devices. 1-11

32 RME Functions Chapter 1 Overview Administrative Tasks Administrative tasks are also grouped by major functions, but are located in similar folders under the Administration folder. For example, to see the devices within the Essentials inventory, select Resource Manager Essentials > Administration > Inventory > List Devices. Administrative tasks should be performed by a central person and should need to be performed only once when the application is first set up, or infrequently when major changes are made to the network. Tip It is a good idea to open and close all Essentials folders to see where various tasks are located. Try closing folders after running a particular task to help navigation for the next task. Essentials Task Usage Workflow All Essentials tasks follow a simple task oriented workflow: Figure 1-2 Essentials Task Usage Workflow Open essentials drawer Select function Select task Select Devices (if applicable) Specify options/ parameters (task specific) View results Select a function (e.g., syslog analysis, configuration management) 2. Select a task (e.g., standard report, compare configurations) 3. Select the devices to be included in the operation (if applicable) 1-12

33 Chapter 1 Overview RME Functions 4. Specify the desired options or parameters (depending on the task) 5. View the results (e.g., display report, check job output). General System Configuration You must define several system parameters on the server to use some Essentials features. For example, if access to outside networks requires a proxy server, then you must define the proxy server address in Essentials in order to access Cisco.com from various Essentials functions. If you want to use to automatically notify network administrators when certain tasks and jobs are completed, then you must define your Simple Mail Transfer Protocol (SMTP) server in Essentials (Windows 2000 systems only). If you wish to use rcp (instead of TFTP) to retrieve configuration files or software images, you must define the rco username defined on the devices within Essentials. You must also verify the default SNMP timeout and retry values that will be used to poll and collect information from all devices in the inventory. These values might need to be adjusted, depending on the size of your network and the number of devices that are being polled. You must ensure that SNMP timeout values are higher than the average response time to most devices. In general, these values should be conversely related. For example, if you have a high timeout value, you should have a low number of retries or you could end up with long delays on the server waiting for SNMP messages to be processed. 1-13

34 Supported Devices Chapter 1 Overview To set up all these parameters, which are shared by many of the Essentials functions, follow these steps: Note The user must have the role of system administrator to perform this task. Step 1 Step 2 Select Resource Manager Essentials > Administration > System Configuration. Click each tab to configure the proxy, SNMP, SMTP, and rcp parameters. The SMTP tab will be available only on Windows 2000 machines because on UNIX the platform is the SMTP server. Supported Devices Devices supported by this suite of applications can be found in the CiscoWorks2000 navigation tree (select Server Configuration > Applications and Versions) or on cisco.com. Adding Functionality and Incremental Device Support If you have cisco.com access, you can go to the Essentials web page to download software enhancements and incremental device support (IDS). Consult the package readme files for additional information on installing new features and enhancements. Before performing the scenarios in this document, be sure your administrator has set up the Essentials applications and performed the administrator tasks described in the installation guide. If, for example, the proxy URL is not set, you might be unable to complete Essentials tasks outside your network. 1-14

35 Chapter 1 Overview Time Zone Implementation Time Zone Implementation Many time zones are supported in Essentials. However, it is important to note that Essentials applications that have scheduling and reporting functions and that produce a time stamp will vary depending on: Server and client Time stamps can differ between server and client if they are located in different time zones. (The client time zone is also called the local time zone.) Platforms Windows 2000 and UNIX servers support different time zones. They are not synchronized. Managed devices These support a particular time zone set, which might be different than the time zone set supported by the client or server. Programming languages Essentials applications are written in Perl, Java, and C++. You might see differences in menus and reports because each language uses a different set of time zone conversion libraries. 1-15

36 Time Zone Implementation Chapter 1 Overview 1-16

37 CHAPTER 2 Resource Manager Essentials Applications This chapter lists all the Essentials applications and the tasks that can be accomplished with each of these applications. The applications are: Device Views Availability Change Audit Configuration Management Contract Connection Case Management Inventory Job Approval Software Management Syslog Analysis 2-1

38 Device Views Chapter 2 Resource Manager Essentials Applications Device Views Essentials provides device views logical groupings that are used to specify a device or group of devices. You can define views to logically group devices into locations, types, or areas of responsibility. Device views allow you to quickly view reports on all devices of a certain type, or with specific characteristics, such as all Catalyst switches or all devices a user is responsible for. As almost every Essentials task requires the set of devices to be executed against, views provide a convenient way to create groups of devices. For example, before you can display an Inventory report, you must select the devices to be included in the report. Views can speed up the selection (instead of running the report for one device at a time). Note Essentials graphical user interface (GUI) performance may be affected if the number of devices in the selected view is too large. You should avoid setting all devices views when the number of devices in the inventory is large. You can use system views or create custom views to keep the number of devices in a view from growing too large. Creating a view using the Device Views application enables you to run reports for specific devices based on common attributes or user-defined characteristics. Types of Views Three categories of device views are available: System Views Predefined and available immediately after you install Essentials. System views include most major classes of Cisco devices. For example all Catalyst switches, all Cisco 7000 Series routers, and all SwitchProbes. Custom Views Defined by users and, when created, are available for use by anyone with the appropriate access to the server. PrivateViews Defined by users, but are available only to the user. 2-2

39 Chapter 2 Resource Manager Essentials Applications Device Views Two different types of views can be created within custom or private views: Dynamic Views Static Views Dynamic views are logical groups based on device attributes, such as device class or software version. The devices in a dynamic view can change based on the attribute value of devices in the Inventory. An example of a dynamic view is all devices with Cisco IOS Version Any device that currently has this attribute would be included in the device view. All system views are dynamic. Static views are logical groups based on user-defined characteristics. Static views include any devices that you add to the view. The members of the group do not change unless you manually add or remove devices. Use static view when you do not want the membership to change automatically. Figure 2-1 Device Views Predefined User defined System Custom Private Dynamic View Static View All Cisco IOS 12.0 devices Devices <user> is responsible for

40 Device Views Chapter 2 Resource Manager Essentials Applications Table 2-1 shows the tasks that you can accomplish with the Device Views application. Table 2-1 Device Views Tasks Task Purpose Action Add static views. Add dynamic views. Change static views. Create views to monitor a specific group of devices in your network inventory. Create views to monitor devices with common attributes, such as device type. Note Any new, managed device added to inventory that fits the listed attributes is automatically incorporated into the dynamic view. Select Resource Manager Essentials > Administration > Device Views > Add Static Views. Select Resource Manager Essentials > Administration > Device Views > Add Dynamic Views. Modify static views. Select Resource Manager Essentials > Administration > Device Views > Change Static Views. Delete views. Delete any views you have created. Select Resource Manager Essentials > Administration > Device Views > Delete Views. Browse dynamic views. Browse device membership. Determine which devices belong to the dynamic views. Determine which views a device belongs to. Select Resource Manager Essentials > Administration > Device Views> Browse Dynamic Views. Select Resource Manager Essentials > Administration > Device Views > Browse Device Membership. Setting Device Credentials Several important items must be configured correctly on every Cisco device that is going to be managed and monitored using Essentials. Details about each application and the tasks involved in setting the credentials are available later in this document. 2-4

41 Chapter 2 Resource Manager Essentials Applications System Configuration Table 2-2 lists all the applications and the device credentials required for proper functioning of the applications. Table 2-2 Applications and the Device Credentials Application Telnet Password Enable Password SNMP Read Only SNMP Read / Write NetConfig Required Required Required Not required NetShow Required Required Required Not required Config Editor Required Required Required Not required ChangeAudit Not required Not required Required Not required Configuration Required Required Required Not required Management (Telnet) Configuration Not required Not required Required Required Management (TFTP) Device Views Not required Not required Required Not required Inventory Not required Not required Required Not required SWIM Required 1 Required 1 Required Required Syslog Not required Not required Required Not required Availability Required Required Required Not required 1. Required in case of few devices. System Configuration System Configuration lets you configure system-wide information on the CiscoWorks2000 server. In this way, you can centrally locate information that is used by more than one Essentials application. Note Network administrators should perform these tasks with care. If errors occur, users may not be able to log in. Table 2-3 shows the tasks that you can accomplish with System Configuration. 2-5

42 Availability Chapter 2 Resource Manager Essentials Applications Table 2-3 System Configuration Tasks Task Purpose Action Set up a proxy URL. Define SNMP timeouts and retries. Define the SMTP server name. Define RCP usernames. Enable applications to connect to Cisco.com. If the server access to the outside world is controlled through a proxy server, this must be configured. Specifies the timeout value and the number of retries while querying devices for inventory collection. Add and modify command-line instructions to be run automatically whenever Syslog Analysis receives a specific message type. Specify the username to authenticate RCP transfers between the devices and the server for remote operations. Select Resource Manager Essentials > Administration > System Configuration, then select the Proxy tab. Select Resource Manager Essentials > Administration > System Configuration, then select the SNMP tab. Select Resource Manager Essentials > Administration > System Configuration, then select the SMTP tab. Select Resource Manager Essentials > Administration > System Configuration, then select the RCP tab. Availability The Availability application lets you monitor the reachability and response time of your network devices. You can view the availability of a selected group of devices, a summary of interface status, reports of reloads (reboots) and unreachable devices, and protocol distribution graphs. Benefits of Availability If you experience connectivity problems trying to reach certain resources or services on the network, one of the first things you must check is the status of a device. If a device is unreachable, you will want to find out when it was last operational and whether any abnormal reloads have occurred. This can be the first step in troubleshooting the exact location of the fault. Availability helps you track the reachability of devices on your network. 2-6

43 Chapter 2 Resource Manager Essentials Applications Availability The Availability application periodically polls selected devices to determine device reachability, interface status, and response times. Availability reports display the status of devices, show devices that are offline for more than three hours, and summarize the percentage of Layer 3 protocol traffic forwarded on each Layer 3 device. A Reloads Report shows the cause of the past five reloads for a device and includes a link to the Cisco.com stack decoder to help troubleshoot any device failures. Availability provides reports to quickly assess the status of selected devices on the network. Information can be tracked for all devices on the network, or only critical devices to reduce the load on the network and the network management system. Availability Functional Flow Before device availability information will be stored in Essentials, you must select the specific device views that needs to be monitored for Availability. When devices are selected to be included in Availability polling, Essentials will poll the devices according to the schedule set by the network administrator (only one schedule for all views). Devices will be polled for reachability, response time, interface status, reload, and protocol information. This information will be updated in the Availability database after each scheduled poll, and can be viewed by displaying Availability Reports. Historical information on reachability and response times is also stored in the Essentials database and can be displayed in trend graphs under Availability Monitor. 2-7

44 Availability Chapter 2 Resource Manager Essentials Applications Figure 2-2 Availability Functional Flow Poll selected devices Reports/output Device status Availability database Reachability Dashboard Availability Monitor Reloads Report Offline Device Report Protocol Distribution Graph Availability Workflow The Figure 2-3 depicts the Availability workflow and associated tasks within Essentials: In order to retrieve Availability information from devices, each device must be in the Essentials Inventory with the proper SNMP read community string attribute. Polling options must be set, including selecting which device views are going to be polled for availability information. When devices are selected, availability information can be viewed in any of the Availability Reports within Essentials. Information is automatically purged according to the options you set, so no ongoing maintenance is required. Figure 2-3 Availability Workflow Verify Device Requirements SNMP read community string Setup Select devices Change polling options View reports Availability reports 24-hour reports Device center

45 Chapter 2 Resource Manager Essentials Applications Availability Table 2-4 shows the tasks you can accomplish with the Availability application. Table 2-4 Availability Manager Tasks Task Purpose Action Set polling views and options. Change polling options. View the Reachability Dashboard. Monitor device availability. View the Reloads report. Select views to be monitored. You must do this before you can monitor device availability. If your system performance is degraded by availability polling, you can add more system resources, poll fewer devices, or poll less frequently. Select default Availability polling option values or to select new values from the drop-down list boxes. The polling options you set, apply to all Availability views. View device status for all views set for availability monitoring. The dashboard continuously reports: All views being polled and the number of devices in each view. Device names of all devices in each view and the time they last responded. Continuously monitor selected devices and access interface availability details. Display the most recent reloads (up to 5) for selected devices. The report shows the reason for each reload and when it occurred. Select Resource Manager Essentials > Administration > Availability > Change Polling Options. Select Resource Manager Essentials > Administration > Availability > Change Polling Options. Select Resource Manager Essentials > Availability > Reachability Dashboard. Select Resource Manager Essentials > Availability > Availability Monitor. Select Resource Manager Essentials > Availability > Reloads Report. To view reloads that occurred only within the past 24 hours, select Resource Manager Essentials > 24-Hour Reports > Reloads Report. 2-9

46 Change Audit Chapter 2 Resource Manager Essentials Applications Table 2-4 Availability Manager Tasks (continued) Task Purpose Action View the Stack Decoder Analysis. View the Offline Device report. View the Protocol Distribution graph. Decode and analyze a device s stack dump to enable troubleshooting of devices that reload unexpectedly. An unexpected reload is any reload that is neither initiated by you nor a result of a power-on. The Reloads report applies only to routers running Cisco IOS Release 10.2 or later and is available only for the most recent reload. Generate a report of managed devices that have not responded to polling for more than a specified period of time (3, 6, 12, 24, 48, or 72 hours). View the distribution of IP, AppleTalk, IPX, DECnet, VINES, and XNS packets for selected devices in a bar or pie chart. This report shows the Layer 3 protocol packet types that are forwarded by the devices. Select Resource Manager Essentials > Availability > Reloads Report. In the generated report, click on the unexpected reload. Select Resource Manager Essentials > Availability > Offline Device Report. To view only devices that have been off line for the past 24 hours, select Resource Manager Essentials > 24-Hour Reports > Offline Device Report. Select Resource Manager Essentials > Availability > Protocol Distribution Graph. Change Audit The Change Audit application lets you track and report network changes. It provides the capability for other Essentials applications to log change information to a central repository called the Change Audit log. 2-10

47 Chapter 2 Resource Manager Essentials Applications Change Audit Change Audit Functional Flow Change Audit tracks all changes discovered by the Inventory Manager, Software Manager, and Configuration Manager. Every time one of these applications detects a change, it sends a change record to the Change Audit Service, with details of who, when, and what type of change occurred. See Figure 2-4. Inventory changes include any changes to device information stored in the Inventory database, such as chassis, interfaces, and system information. Software Management changes include upgrades to new software image versions. Configuration management changes include all changes made to configuration files on devices. This includes changes made outside of Essentials tasks, detected by the configuration archive process, as well as changes made using Essentials functionality NetConfig or Config Editor. Inventory changes can be filtered to limit the types of changes that are stored in the Change Audit database. For example, you might not want to track every time the port status on a switch changes because users have shut down their computers connected to the switch. Software and configuration management changes cannot be filtered. You can view change records or search for specific change records to determine who made a change or when a change was made. Change reports can also be time based to quickly report on changes that have, or have not, occurred during specified time periods possibly detecting unauthorized change activity. The Change Audit Service application can also be configured to forward change records, in the form of SNMP traps to remote servers, allowing you to monitor and view changes from a remote network-management station that has event-collection capabilities, such as HP OpenView. 2-11

48 Change Audit Chapter 2 Resource Manager Essentials Applications Figure 2-4 Change Audit Functional Flow Inventory manager Inventory database Software manager Software upgrades Configuration manager Configuration archive NetConfig Config editor Filters Change audit database Summary detail records Remote server Reports/output By user By application By time period By device Exceptions summary Figure 2-5 Change Audit Work Flow Setup Define inventory filters Administer trap Generators Define exception periods View change records All changes Search change audit Exceptions summary Ongoing maintenance Delete change records

49 Chapter 2 Resource Manager Essentials Applications Change Audit Figure 2-5 depicts the Change Audit workflow and associated tasks within Essentials. Change Audit automatically stores any change records sent from the Inventory Manager, Software Manager, and Configuration Manager applications. After these applications are set up, you can view change records at any time. You are required to perform Change Audit setup tasks only if you want to filter out specific Inventory changes, forward change records to a remote server, or report on changes during specific time periods every week. Change records are stored in the Essentials database until they are removed. Therefore, ongoing maintenance is required to delete old records from the database. Table 2-5 shows the tasks that you can accomplish with the Change Audit application. Table 2-5 Change Audit Tasks Task Purpose Action View Change Audit logs. Delete records from the log. Convert change records to SNMP traps. Define an exceptions period. Set up filtering options. View changes in an exception period. View the two log tables: Change Audit summary and Change Audit details. Delete or schedule deletion of change records from the Change Audit log. Convert some or all change notifications into SNMP V1 traps and send them to a destination you configure. Specify a period of time when no network changes should occur. Define one or more filter fields to filter report data. Generate a report on changes that occurred in the network during a defined exception. Select Resource Manager Essentials > 24-Hour Reports > Change Audit Report. Or Select any report from Resource Manager Essentials > Change Audit. Select Resource Manager Essentials > Administration > Change Audit > Delete Change History. Select Resource Manager Essentials > Administration > Change Audit > Administer Trap Generator. Select Resource Manager Essentials > Administration > Change Audit > Define Exceptions Summary. Select Resource Manager Essentials > Change Audit > Search Change Audit. Select Resource Manager Essentials > Change Audit > Exceptions Summary. 2-13

50 Configuration Management Chapter 2 Resource Manager Essentials Applications Table 2-5 Change Audit Tasks (continued) Task Purpose Action View all change records. View a summary of changes made in the last 24-hours. Generate a report that enables you to view changed data in the Change Audit log. Generate a summary of changes made in the past 24 hours from Change Audit log data. Select Resource Manager Essentials > Change Audit > All Changes. Select Resource Manager Essentials > 24-Hour Reports > Change Audit Report. Configuration Management The Configuration Management application stores the current, and a user-specified number of previous versions, of the configuration files for all supported Cisco devices maintained in the Inventory. It automatically tracks changes to configuration files and updates the database if a change is made. Benefits of Configuration Management One of the most difficult but important things to manage on a is device configuration. Often a change to the device configuration leads to network performance issues and faults. The device configuration is the key to how a device operates on the network and traffic is passed. As the network administrator, you need to be able to control and track changes to device configurations to minimize errors and assist in troubleshooting problems. This can be very difficult if several different users are making changes to the device configurations. It can also become very repetitive and time-consuming. Configuration management can help simplify and automate these tasks. Configuration Management gives you easy access to the configuration files for all file-based or Cisco IOS-based Catalyst switches, FastSwitches, and Cisco routers in the Essentials Inventory. 2-14

51 Chapter 2 Resource Manager Essentials Applications Configuration Management After you import devices into the Inventory and they become managed, configuration files are collected and stored in the Configuration Archive. When you change the configuration, an alert is sent to the Archive which automatically collects the latest configuration information. Before you can use the Configuration Archive, you must make sure you have completed all the necessary setup tasks. For information on these tasks, see Installation and Setup Guide for Resource Manager Essentials. Configuration Management Functional Flow After you add or import devices into your inventory, the configuration files for each supported device are collected and stored in the configuration archive. When you change the configuration, an alert is sent to the Archive which automatically collects the latest configuration information. In addition, a change record is sent to the Change Audit application, which collects and organizes all changes to network devices. This allows you to view all configuration changes made over any period of time or by any specific user. 2-15

52 Configuration Management Chapter 2 Resource Manager Essentials Applications Figure 2-6 Configuration Management Functional Flow Syslog database v.3 v.v2 v.1 Change audit Reports/Output Config editor NetConfig Network devices Network show comands Show command output

53 Chapter 2 Resource Manager Essentials Applications Configuration Management Figure 2-7 Configuration Management Workflow Verify device requirements Community strings Telent/Enable mode access Setup Identify changes needed Plan changes Execute changes Verify changes General setup Create approver lists Search archive Compare configurations Update archive NetConfig NetConfig editor Browse job Ongoing maintenance and troubleshooting Check configuration sync report Network show commands Custom reports Figure 2-7 depicts Configuration Management workflow and associated tasks: Verify device requirements to ensure that Essentials is able to communicate with the devices. Create approver lists, if specific users are going to be required to approve configuration updates before they are executed and set configuration archive preferences (update schedule, number of copies to retain, and so on), and After the configuration archive is set up, it can be used to view device configurations and identify and plan necessary changes. Then, the NetConfig or Config Editor applications can be used to actually execute and confirm the changes. As ongoing maintenance, the Configuration Sync report should be checked daily to ensure that all running and startup configurations on devices match. In addition, the network administrator can use Network Show Commands and Custom reports to troubleshoot problems and gather information as needed. 2-17

54 Configuration Management Chapter 2 Resource Manager Essentials Applications Configuration Archive The configuration archive maintains a history of configuration files for all managed devices on the network. The network administrator can specify how long files should be kept in the archive, how many versions should be maintained in the archive, and how often devices on the network should be polled for changes. In addition, there are multiple ways to detect changes on devices and trigger an update to the configuration archive. For example, specific syslog messages sent from the device can indicate that a change has occurred and can trigger the configuration archive to retrieve the new configuration. The configuration archive can also be scheduled to poll all devices at a specific time each week. Figure 2-8 Configuration Archive Functional Flow Change? 12 Poll configuration MIB (Cisco ICS software only) Update Scheduled updates 9 Scheduled updates 6 3 Syslog messages Manual updates

55 Chapter 2 Resource Manager Essentials Applications Configuration Management Several methods can be used to trigger the configuration archive to retrieve a new device configuration: Scheduled updates Essentials will retrieve configuration files for all devices at a scheduled time each day or week. If the configuration file on the device has a date later than the file in the archive, Essentials will update the archive with the most current configuration from the device and create a change record. If there is no change, the archive will not be updated. SNMP polling Essentials will periodically poll the configuration MIB variable on devices, according to the schedule set by the administrator, to determine if the configuration file has changed. If it has, Essentials will retrieve the most recent configuration from the device and create a change record for Change Audit. Polling uses fewer resources than full scheduled collection because configuration files are retrieved only if the configuration MIB variable is set. This method is available only for supported Cisco IOS versions. Listen to syslog messages If devices are configured to forward syslog messages to the Essentials server, whenever a syslog message is sent from a device to indicate that a configuration file has changed, Essentials will retrieve a new copy of the configuration file from that device. Note The syslog message from a Cisco IOS device is severity level 5, and the similar message from a Catalyst OS device is severity level 6. Manual updates You can force the configuration archive to check devices for configuration changes at any time; select Resource Manager Essentials > Configuration Management > Update Archive. This allows you to update the archive for specific devices. You can use any combination of these methods to keep the archive up-to-date, by selecting the appropriate preferences in Configuration Management. You want to keep the archive as up-to-date as possible to track changes, but remember that each configuration archive update places additional load on the network and the NMS. 2-19

56 Configuration Management Chapter 2 Resource Manager Essentials Applications NetConfig, Config Editor, and Network Show Commands Two additional applications, NetConfig and Config Editor, are available to edit configuration files. The NetConfig application allows you to save sets of commands and execute those commands on multiple devices at the same time. The Config Editor application can be used to edit any device configuration that is stored in the configuration archive, and then download the new configuration to the device. The new configuration is stored in the configuration archive and will also trigger a change record to be sent to Change Audit. Additional Configuration reports specific to active virtual private network (VPN) devices are also available. The NetConfig application provides a set of wizard-based templates that can be used to update the device configuration on multiple devices all at once. The devices must already be managed by Essentials. The new configuration will be stored in the archive for each device changed, and associated change records will be created. The Network Show Command application accesses network devices in real time to display output for common show commands. This can help in troubleshooting by allowing you to display interface statistics, routing tables, and system information for selected devices. Table 2-6 shows the archive-specific tasks you can accomplish with the Configuration Management application. 2-20

57 Chapter 2 Resource Manager Essentials Applications Configuration Management Table 2-6 Configuration Management Archive-Specific Tasks Task Purpose Action Search for configuration files. Create, run, modify, and delete custom reports. Compare device configuration files. Find out-of-sync configurations. Move the configuration archive. Search for configuration files based on device name or text pattern. Create and run custom reports that gather device configuration files from the archive for specified devices. You can also modify and delete custom reports. Compare configuration files of two devices or two versions of a single file. Compare the starting and current configurations of a device. Compare the current and the most recently archived configurations of a device. Determine whether a device s startup and running configurations are synchronized. The two configurations might differ if you change a device configuration after the device is booted. Move the configuration archive to a new location. Select Resource Manager Essentials > Configuration > Management > Search Archive by Device. Select Resource Manager Essentials > Configuration Management > Search Archive by Pattern. Select Resource Manager Essentials > Configuration Management > Custom Reports. Select Resource Manager Essentials > Configuration Management > Compare Configurations. Select Resource Manager Essentials > Configuration Management > Startup/Running Out of Sync Report or Select Resource Manager Essentials > 24 Hour Reports > Configuration Sync Report. Select Resource Manager Essentials > Administration > Configuration Management > General Setup, then select the Archive Setup tab. 2-21

58 Configuration Management Chapter 2 Resource Manager Essentials Applications Table 2-6 Configuration Management Archive-Specific Tasks (continued) Task Purpose Action Specify criteria for purging the archive. Modify configuration archive retrieval. Change the protocol order used by the configuration archive. Update the configuration archive. Specify when to purge configurations from the archive. You can specify two criteria: Age. Configurations older than the specified age are purged. Maximum number of versions. The oldest configuration is purged when the maximum number is reached. You can also choose not to purge labelled files. Modify how and when the configuration archive retrieves configurations. Change the order of the protocols the configuration archive uses to download configurations from devices to the archive. The default order is: TFTP (Trivial File Transport Protocol) Telnet SSH RCP (Remote Copy Protocol) Update the archive manually if you make a significant change to a device configuration and want the archive to reflect the changes. The configuration archive retrieves configurations at a.m. every Friday by default. It also listens to Syslog messages and fetches the configuration. Select Resource Manager Essentials > Administration > Configuration Management > General Setup, then select the Archive Setup tab. Select Resource Manager Essentials > Administration > Configuration Management > General Setup, then select the Change Probe Setup tab. Select Resource Manager Essentials > Administration > Configuration Management > General Setup, then select the Transport Setup tab. Select Resource Manager Essentials > Configuration Management > Update Archive. 2-22

59 Chapter 2 Resource Manager Essentials Applications Configuration Management Table 2-6 Configuration Management Archive-Specific Tasks (continued) Task Purpose Action Check the archive status. Configure labels. Use the cwconfig command at the command line. Check archive status for the latest attempt to archive a device configuration (running or startup). Select configuration files from different managed devices, group them, and label them as a set. You can also view, modify, and remove configuration labels. Access the configuration archive to update, export, and import configurations on devices and in the archive. For more information about the command syntax and parameters, see the cwconfig man page on UNIX systems, by entering: Select Resource Manager Essentials > Administration > Configuration Management > Archive Status. Select Resource Manager Essentials > Administration > Configuration Management > Label Configuration. This command cannot be entered from the desktop; use the command line. Locate the configuration archive shadow directory. man -M /opt/cscopx/man cwconfig Access the configuration archive shadow directory, which is an image of the most recent configurations gathered by the configuration archive. The shadow directories cannot be accessed from the desktop. On Solaris, as root or casuser, enter: /var/adm/cscopx/files/archive/ shadow On Windows 2000, as admin, enter: nmsroot\files\archive\shadow NetConfig Option Using the NetConfig option, which runs as a separate application in its own window, you can make configuration changes to your managed network devices. 2-23

60 Configuration Management Chapter 2 Resource Manager Essentials Applications Benefits of Netconfig The NetConfig application provides you with wizard-based templates to simplify and reduce the time it takes to make global changes to network devices. These templates can be used to execute one or more configuration commands on multiple devices at the same time. For example, if you want to change passwords on a regular basis to increase security on devices, you can use the appropriate password template to update passwords on all devices at once. A copy of all updated configurations will be automatically stored in the configuration archive. Figure 2-9 NetConfig Functional Flow Create/edit templates Assign users to templates Execute/ schedule jobs Cisco IOS software Catalyst Switch FastSwitch device Predefined custom Assigned templates Adhoc commands Multiple devices Network administrator privileges Any user (except help desk) who has been assigned to templates Configuration archive NetConfig uses configuration templates to create the configuration commands run on devices when a NetConfig job runs. There are three types of configuration templates: System-defined Provided with NetConfig, these templates simplify the creation of common configuration commands. User-defined Created by system administrators, these templates can contain any configuration commands. Adhoc Allows you to add any configuration commands to a NetConfig job while you are defining it. 2-24

61 Chapter 2 Resource Manager Essentials Applications Configuration Management Caution NetConfig does not verify the commands entered in user and adhoc templates. These commands are executed on devices exactly as they appear in the template. If you enter incorrect configuration commands, you could misconfigure or disable the devices on which the job runs. By default, only network administrators have access to configuration templates. Network administrators can assign template access privileges to the other system users. When you define or edit a job, the configuration templates to which you have access privileges appear in the job definition wizard. Table 2-7 shows the tasks that can be accomplished with the NetConfig option. Table 2-7 NetConfig Tasks Task Purpose Action Define and schedule a NetConfig job. Browse and edit NetConfig jobs. Define a NetConfig job to make device configuration changes, and schedule it to run. Browse the NetConfig jobs that are registered on the system and edit them as necessary. 1. Select Resource Manager Essentials > Configuration Management > NetConfig > Jobs > New Job. or Click the New Job button. 2. Complete the job definition wizard. 1. Select Resource Manager Essentials > Configuration Management > NetConfig > Jobs > Job Browser. or Click the Job Browser button. 2. Select a job record. 3. Click Edit Job, Copy Job, Remove Job, Stop Job, or Job Details. 2-25

62 Configuration Management Chapter 2 Resource Manager Essentials Applications Table 2-7 NetConfig Tasks (continued) Task Purpose Action View a NetConfig job s details. Launch Essentials. Create and edit user-defined configuration templates. Assign configuration template access privileges to users. Set default template policies. View detailed information about a registered NetConfig job. You can also edit a job from its detailed view. Launch Essentials if it is not already running. Create and edit configuration templates that can contain any configuration commands. Assign access privileges to the system-defined and user templates on the system. Set the default policies for NetConfig jobs that are defined. 1. Select Resource Manager Essentials > Configuration Management > NetConfig > Jobs > Job Browser. or Click the Job Browser button. 2. Select a job record. 3. Click Job Details. 4. Click Edit Job, Copy Job, Remove Job, Stop Job, or Print. Select Resource Manager Essentials > Configuration Management > NetConfig >Tools > Launch RME. or Click the Launch RME button. Select Resource Manager Essentials > Configuration Management > NetConfig >Admin> Create/Edit User Templates. Select Resource Manager Essentials > Configuration Management > NetConfig > Admin > Assign Template Users. Select Resource Manager Essentials > Configuration Management > NetConfig > Admin > Set Template Policies. 2-26

63 Chapter 2 Resource Manager Essentials Applications Configuration Management Table 2-7 NetConfig Tasks (continued) Task Purpose Action View online help for the task you are performing. Use the NetConfig command to make batch configuration changes. View the online help for information about the task you are performing. Define and schedule NetConfig jobs from the command line. Select Resource Manager Essentials > Configuration Management > NetConfig > Help > Context-Sensitive Help. or Click the Help button. Enter the NetConfig command at the command line with the appropriate options and arguments. For more information, see the online help and the netconfig man page. Network Show Commands Option As a network administrators you must be familiar with show commands used on Cisco routers and switches. Network show commands represent a set of read-only commands that you can run on routers, Catalyst switches, and FastSwitch devices. These commands display configuration or status information. You can run network Show commands from the GUI or from the command line interface. Benefits of Network Show Commands As an Essentials user, you can execute Show commands against many devices and view the results from Essentials, using the Network Show Commands application. This application can be used to display Show command output for multiple devices in two modes: Immediate execution Run the selected set of Show commands for the selected devices immediately. Batch mode Schedule a set of Show commands to be run against a selected set of devices. 2-27

64 Configuration Management Chapter 2 Resource Manager Essentials Applications You can use the Network Show tasks to organize and save one or more related Show commands into logical groups, called command sets. These command sets can then be applied to devices whenever specific configuration or status information is needed. You specify which commands you want to group together and run the commands on one or many devices. The output is displayed in a browser window. All users have access to the following six predefined command sets, which ship with Essentials. These include some of the most common Show commands used in monitoring and troubleshooting a network: show interface info show IP routing info show protocol info show switch VLAN info show system info show system performance In order to display output for other Show commands within Essentials, you must first define the command set, and then assign users to be able to access the command set. Essentials ships with a set of default network command sets, which you cannot edit or delete. 2-28

65 Chapter 2 Resource Manager Essentials Applications Configuration Management Figure 2-10 Network Show commands Functional Flow Show VLAN info Command sets Show protocol info Show interface help Network show commands Immediate execution Scheduled batch execution 12 Network Devices Show output Table 2-8 shows the tasks you can accomplish with the Network Show Commands option. Table 2-8 Network Show Commands Tasks Task Purpose Action Create a network show command set. Assign users to the network show command set. Create, edit, and delete a logical group of custom commands for a user or a set of users. Specify which user or set of users can run network show commands. Select Resource Manager Essentials > Administration > Configuration Management > Network Show > Define Command Set. Select Resource Manager Essentials > Administration > Configuration Management > Network Show > Assign Users. 2-29

66 Configuration Management Chapter 2 Resource Manager Essentials Applications Table 2-8 Network Show Commands Tasks (continued) Task Purpose Action Execute a network show command set immediately. Define a batch report. Schedule a batch report. View report output. Browse network show jobs. Set job policies. Run network show commands on one or more devices. Create a batch report containing command sets and remote console commands that can be run on a set of devices to generate a report. You can also modify or delete existing reports. Schedule reports in batches and generate these batch reports at a specified time. Select Resource Manager Essentials > Configuration Management > Network Show Commands > Immediate Execution. Select Resource Manager Essentials > Configuration Management > Network Show Commands > Batch Reports > Define Reports. Select Resource Manager Essentials > Configuration Management > Network Show Commands > Batch Reports > Schedule Reports. View the output of a batch report. Select Resource Manager Essentials > Configuration Management > Network Show Commands > Batch Reports > View Report Output. Browse the network show jobs that are registered on the system and view job details. You can also edit or delete jobs. Each network show job has properties that define how the job runs. You can configure a default policy for these properties that apply to all future jobs. 1. Select Resource Manager Essentials > Configuration Management > Network Show Commands > Batch Reports > Job Browser. 2. Select a job record. 3. Click Edit Job, Stop Job, Remove Job, Copy Job, or Job Details. Select Resource Manager Essentials > Configuration Management > Network Show Commands > Batch Reports > Set Job Policies. 2-30

67 Chapter 2 Resource Manager Essentials Applications Configuration Management Table 2-8 Network Show Commands Tasks (continued) Task Purpose Action Use the cwconfig netshow command. Use the cwconfig netshow batch command. Define and execute command sets command sets to be run against a set of devices. Define and schedule reports, comprising multiple network show command sets to be run against a set of devices. Enter the cwconfig netshow command at the command line. For more information, see the online help and the cwconfig netshowbatch man page. Enter cwconfig netshow batch command at the command line. For more information, see the online help and the cwconfig netshowbatch man page. Config Editor Option You can edit configuration files stored in the configuration archive and download files to devices, using the Config Editor option. This option runs as a separate application in its own window. Benefits of Config Editor Config Editor allows you to edit and download configuration files to devices using a GUI instead of the command line interface (CLI). Use Config Editor to edit individual device configurations within Essentials and then download them back to a device. A copy of the updated configuration will automatically be stored in the configuration archive. When a configuration file is opened with Config Editor, the file is locked so that other users will be able to make changes at the same time. While the file is locked, it is maintained in a private archive available only to the user who checked it out. If other users attempt to open the file to edit it, they will be notified that the file is already checked out and they can open only a read only copy. The file will remain locked until it is downloaded to the device or manually unlocked within Config Editor. 2-31

68 Configuration Management Chapter 2 Resource Manager Essentials Applications Figure 2-11 Config Editor Functional Flow Configuration archive Open files locked from use by other users Config editor Show output Telnet TFTP rcp Unlocked Compare files Edit files View changes Browse jobs View locked files Network devices Configuration editor (private copy) Note Many applications rely on access to configuration file within the Configuration Archive (NetConfig, ACL Manager). Hence, you must ensure that all files have been unlocked before exiting Config Editor. You cannot globally unlock all files even at the administrator level; the user who checked out the file must unlock it so others have access to it. Select Resource Manager Essentials > Configuration Management > Config Editor > Tools > List Checked Out Files before exiting Config Editor to get a list of files that have to be checked in. Table 2-9 shows the tasks you can accomplish with the Config Editor option. 2-32

69 Chapter 2 Resource Manager Essentials Applications Configuration Management Table 2-9 Config Editor Tasks Task Purpose Action Edit configuration files from the archives. Schedule download jobs. Print configuration files. Configure job policies. Set up editing preferences. View changes. Compare versions of the configuration files. Enter comment lines. List checked out files. Check out a file from the archive, and edit it. Select Resource Manager Essentials > Configuration Management > Config Editor > File > Open. Define and schedule a download job. Select Resource Manager Essentials > Configuration Management > Config Editor > File > Download. Print a configuration file. Select Resource Manager Essentials > Configuration Management > Config Editor > File > Print. Configure a default policy for job properties that applies to all future jobs. You can also specify if the property can be configured by other users. Set up your editing preferences. Config Editor remembers your preferred mode even across different invocations of the application. After you open a file in a specific mode, you can view it only in that mode until you unlock it. View the changes to the checked out file. Essentials compares the current file with the checked out version. Compare the current file with any version in the configuration archive. Enter comment lines while editing a configuration file. View a list of files checked out by all users. Select Resource Manager Essentials > Configuration Management > Config Editor > Edit > Set Job Policies. Select Resource Manager Essentials > Configuration Management > Config Editor > Edit > Preferences. Select Resource Manager Essentials > Configuration Management > Config Editor > Tools > Show Changes Made. Select Resource Manager Essentials > Configuration Management > Config Editor > Tools > Compare. Select Resource Manager Essentials > Configuration Management > Config Editor > Tools > Insert Comment Line. Select Resource Manager Essentials > Configuration Management > Config Editor > Tools > List Checked Out Files. 2-33

70 Contract Connection Chapter 2 Resource Manager Essentials Applications Table 2-9 Config Editor Tasks (continued) Task Purpose Action Browse and edit Config Editor jobs. View job details. Browse the Config Editor jobs that are registered on the system and edit them as necessary. View detailed information about a registered Config Editor job. You can also edit a job from its detailed view. 1. Select Resource Manager Essentials > Configuration Management > Config Editor > Tools > Job Browser. 2. Select a job record. 3. Click Edit Job, Copy Job, Remove Job, Stop Job, or Job Details. 1. Select Resource Manager Essentials > Configuration Management > Config Editor > Tools > Job Browser. 2. Select a job record. 3. Click Job Details. 4. Click Edit Job, Copy Job, Remove Job, Stop Job, or Print Job. Note Do not launch NetConfig and ConfigEditor from the same browser window. Contract Connection Contract Connection lets you verify which of your Cisco IOS devices are covered by a service contract, and when they will expire. Contract Connection uses Inventory Manager, Cisco Connection Online (Cisco.com) and Contract Agent, Cisco s internal tracking service, to provide the status of your service coverage. Contract Connection provides details on: A list of contracts from the Contract Agent Managed Cisco IOS devices from the Essentials package database To view contract status, however, you must have login privileges to the Cisco.com web site and a Cisco.com profile that enables access to the Contract Agent. 2-34

71 Chapter 2 Resource Manager Essentials Applications Contract Connection Contract Connection Workflow Contract Connection checks the devices in your Essentials Inventory against devices logged in the Cisco Contract Agent and displays a summary. If the serial numbers of the devices in the Inventory and devices in the Contract Agent match, you can view a detailed report on the contract status, which also shows when the contract was initiated and when it will expire. Three different serial numbers can be associated with a device. This determines how Contract Connection works: Shipment serial number The number tagged on the device when it is shipped from Cisco. Also the number logged in the Cisco Contract Agent. Managed serial number The number stored in the Essentials Inventory database. It is entered or retrieved from the device when a device is added or imported into the database. Electronic (MIB) serial number The number stored in the device MIB. It can be set or modified through the command line interface (CLI). For Contract Connection to work properly and display contract details, the managed serial number in the Essentials Inventory must match the shipment serial number logged with the Cisco Contract Agent. If these numbers do not match, select Resource Manager Essentials > Administration > Inventory > Change Device Attributes, to edit the serial numbers. Contract Connection is currently available only for Cisco IOS devices, but support for additional devices will be added in future releases. Table 2-10 shows the task you can accomplish with the Contract Connection application. Table 2-10 Contract Connection Task Task Purpose Action Check the status of a contract. Check which of your Cisco IOS managed devices are covered by a service contract and review contract details. Select Resource Manager Essentials > Contract Connection > Check Contract Status. 2-35

72 Case Management Chapter 2 Resource Manager Essentials Applications Case Management You can use Case Management to open and track a case for network problems that require assistance from Cisco Technical Assistance Center. Case Management can collect critical network information, such as protocol, interface, and configuration data from Essentials and send to Cisco.com. When you open a case, you can designate specific Telnet command data (if applicable) and SNMP inventory values to be collected from selected devices. Case Management will attach this information to the case description and forward it to Cisco.com, which can reduce the time it takes a Cisco representative to help resolve the problem. Inquiries to Cisco TAC are categorized according to the urgency of the issue. New cases are automatically set to Priority level 3 (P3). If your case requires higher priority handling, you must contact the Cisco TAC or your sales engineer to request that the priority be raised. For more information on priority categories, see Technical Assistance Center section on page -xv. Table 2-10 shows the tasks you can accomplish with the Case Management application. Table 2-11 Case Management Task Task Purpose Action Open a case and attach network device statistics. View status of cases and update description. Open a case to Cisco.com through the CiscoWorks2000 desktop View the history and status of your case and update description of problems. Select Management Connection > Case Management > Open Case. Select Management Connection > Case Management > Query or Update Case. 2-36

73 Chapter 2 Resource Manager Essentials Applications Inventory Inventory Networks are a mix of heterogeneous and geographically dispersed systems. Tracking of hardware and software assets in such environment is very critical. Inventory details are essential as a basic requirement for all network management applications. Inventory manager provides a persistent storage and reporting scheme for the information that can be categorized into two main parts. Network topology devices that are part of the network and their connectivity details Physical inventory devices that are part of the network, their system type, system contact, physical details, hardware, software versions The more information you have about all your devices in one central place, the easier it is to locate necessary information, resolve problems quickly, and provide detailed information to interested parties. Benefits of Inventory Management As a network administrator, you need to be able to quickly troubleshoot problems on the network, identify when network capacity is being reached, and provide information to management on the number and types of devices being used on the network. If the network goes down, one of the first things you will need to know is what devices are running on the network. Most Essentials tasks are performed against a set of devices. Hence, information about a particular device must be available in the Essentials database. Inventory Manager is used to specify which devices to manage. Since Essentials takes advantage of many different management services to collect device information (for example, SNMP, TFTP, Telnet), each device placed into the Essentials database (Inventory) must include the necessary parameters (device attributes) for various management services (community strings, passwords). When this information is included in the Essentials Inventory, the device is considered to be managed by Essentials, and data collection from the device takes place. Therefore, nothing happens in Essentials until the devices and their attributes are included in the inventory. Inventory Manager is the starting point for all Essentials applications. 2-37

74 Inventory Chapter 2 Resource Manager Essentials Applications When devices are added to Essentials, Inventory Manager (and other applications within Essentials) proceed to contact the device and collect necessary information to be stored in the database. Inventory Management can now be configured to automatically poll devices on the network to look for any changes. If any changes are detected in hardware or software components, the inventory database will be updated and a change audit record will be created to inform the network manager of the change, and to document the event. This helps to ensure that the information displayed in the Inventory reports reflects the current state of network devices. The Inventory application lets you: Import devices from databases or files. Export device information to files. Add, delete, change, and list devices in your network inventory. Delete devices listed in a CSV file Poll, update and schedule collection on devices to update your network inventory. Display reports and graphs of your hardware and software inventory and create Inventory custom reports. Check and change device attributes. Display a Year 2000 compliance report. Change system-wide configuration for SNMP, SMTP, proxy and rcp settings. Allow other network management systems to manipulate Essentials devices. Inventory Management Functional Flow To use Essentials at its full potential, the device attributes of the devices in the network must be included in the Inventory. Essentials does not auto discover devices on the network. Devices must be manually added or imported into the Inventory database before information can be displayed in reports. To simplify the process of populating the Inventory database, device information can be imported from a supported network management system, such as HP OpenView, or from a formatted text file. Essentials can also import the device data directly from Campus Manager Topology Services, which can auto discover devices. For detailed information, see Using Campus Manager. 2-38

75 Chapter 2 Resource Manager Essentials Applications Inventory Figure 2-12 Inventory Management Functional Flow Managed Devices Manually add devices Poll for changes/update database IBM NetView HP OpenView Campus manager AutoUpdate Server Import devices from NMS Import devices from file Inventory database Change audit Reports/Graphs Hardware Software Inventory changes Chassis slots Multiservice ports Custom reports You can use the various tasks in the Inventory Manager to populate the database, start tracking any changes to the inventory, and produce inventory reports. The database or inventory population is also the starting point for using other Essentials applications. 2-39

76 Inventory Chapter 2 Resource Manager Essentials Applications Figure 2-13 Inventory Management Workflow Verify device requirements Community strings Devices accessible from server Populate inventory database Track changes Add devices Schedule collection Import from local Inventory poller or remote NMS or Update inventory AutoUpdate server Import from file Synchronize with Campus 3.x Add and verify device attributes Create device views Static views Dyname views View reports and graphs Inventory reports Custom reports 24-hour reports Ongoing maintenance and troubleshooting Delete devices Change/check device attributes Export device information to text file Figure 2-13 depicts the Inventory Management workflow and Essentials tasks: Verify device requirements to ensure that Essentials is able to communicate with the devices. Add or import device information into the Essentials database. An extremely important part of this step is associating device attributes with the imported or added devices. These attributes include the device community strings and appropriate passwords. These are required parameters for many of the management services (for example SNMP, Telnet) used by the various Essentials applications. Schedule periodic polling of devices to track changes, and keep the database up-to-date. Create device views to facilitate running of reports against numerous associated devices at one time. Note The network administrator should perform ongoing maintenance, such as deleting devices that are no longer on the network, and checking device attributes to ensure that login and Telnet authentication information is correct in the Inventory database. 2-40

77 Chapter 2 Resource Manager Essentials Applications Inventory Table 2-12 shows the tasks you can accomplish with the Inventory application. Table 2-12 Inventory Manager Tasks Task Purpose Action List managed devices. Add devices. Import devices from a file. Import device data from a local host. Determine whether a particular device is managed by displaying devices that have inventory data. Add devices individually by specifying basic device information for each. Import devices in bulk from a comma separated values (CSV) file or a data integration file (DIF) instead of adding them individually. Import device data from a supported network management system (NMS) database residing on the local host. Device import supports these NMS databases: HP OpenView (HP-UX, Solaris, and Windows 2000 only) Cisco WAN Manager (Solaris only) Tivoli NetView (AIX, Solaris, and Windows 2000 only) Select Resource Manager Essentials > Administration > Inventory > List Devices. Select Resource Manager Essentials > Administration > Inventory > Add Devices. Select Resource Manager Essentials > Administration > Inventory > Import from File. Select Resource Manager Essentials > Administration > Inventory > Import from Local NMS. 2-41

78 Inventory Chapter 2 Resource Manager Essentials Applications Table 2-12 Inventory Manager Tasks (continued) Task Purpose Action Import device data from a remote host. Proxy Management Check status of import from local host, remote host, or file. Delete managed devices. Delete devices from a file. View status of deleted devices. Import device data from a supported NMS database residing on a remote host. Device import supports these NMS databases: CiscoWorks for Switched Internetworks (CWSI) HP OpenView Cisco WAN Manager (Solaris only) Tivoli NetView (running on remote AIX and Solaris hosts only) Import devices from AutoUpdate Server Determine whether a device import was successful and rectify the import if the device remains unmanaged. Delete managed devices, including all the related device information, that you no longer track. Delete a group of devices from a comma separated values (CSV) file instead of deleting them individually. View the status of deleted devices and see which ones are in a suspended state. Select Resource Manager Essentials > Administration > Inventory > Import from Remote NMS. Select Resource Manager Essentials > Administration > Inventory > Proxy Management. Select Resource Manager Essentials > Administration > Inventory > Import Status. Select Resource Manager Essentials > Administration > Inventory > Delete Devices. Select Resource Manager Essentials > Administration > Inventory > Delete from File. Select Resource Manager Essentials > Administration > Inventory > Delete Device Status. 2-42

79 Chapter 2 Resource Manager Essentials Applications Inventory Table 2-12 Inventory Manager Tasks (continued) Task Purpose Action Change device attributes. Export devices to a file. Create and view inventory custom reports. Change these device attributes on selected devices: SNMP read and write community strings Telnet passwords TACACS usernames and passwords Enable TACACS usernames and passwords Enable secret passwords Local usernames and passwords User fields Device serial numbers Export your device and device access information to an output file in CSV or DIF format. Create a customized report that gathers all or any of this information about specified devices: IP address User field RAM size Flash size Port count Hardware version Card type Serial number SAA information Select Resource Manager Essentials > Administration > Inventory > Change Device Attributes. Select Resource Manager Essentials > Administration > Inventory > Export to File. Select Resource Manager Essentials > Administration > Inventory > Custom Reports. To view a previously-created report, select Resource Manager Essentials > Inventory > Custom Reports. 2-43

80 Inventory Chapter 2 Resource Manager Essentials Applications Table 2-12 Inventory Manager Tasks (continued) Task Purpose Action Define filters for change reports. Schedule inventory collection. Update inventory collection. Schedule device polling. Run an inventory 24-hour report. View a hardware report. View a software report. View information about devices. View a device Y2K compliance report. Define filters that determine what data is displayed in your inventory change reports. Schedule polling and collection to update your network inventory. Run inventory collection as a one-time event for specific devices. Schedule periodic polling of managed devices. Since the poller uses fewer network resources, you should schedule inventory polling to run more frequently than inventory collection. Determine what inventory changes were made in the last 24 hours. View user-specified hardware information for each device. View user-specified software information for each device. View detailed hardware, software, chassis, and interface information for multiple devices. View which managed devices are compliant to the year Compliance is determined by device type and software version. Select Resource Manager Essentials > Administration > Inventory > Inventory Change Filter. Select Resource Manager Essentials > Administration > Inventory > Schedule Collection. Select Resource Manager Essentials > Administration > Inventory > Update Inventory. Select Resource Manager Essentials > Administration > Inventory > Inventory Poller. Select Resource Manager Essentials > 24-Hour Reports > Inventory Change Report. Select Resource Manager Essentials > Inventory > Hardware Report. Select Resource Manager Essentials > Inventory > Software Report. Select Resource Manager Essentials > Inventory > Detailed Device Report. Select Resource Manager Essentials > Inventory > Year 2000 Report. 2-44

81 Chapter 2 Resource Manager Essentials Applications Inventory Table 2-12 Inventory Manager Tasks (continued) Task Purpose Action View device information within device classes. View the software versions in each device class. View device information in each device class. View a summary of chassis slots. View the chassis slot details. View details on multiservice ports. Verify community strings, usernames, and passwords. View a bar chart of the distribution of all managed devices among the recognized device classes. View a bar chart of the distribution of the major and minor software versions running on your selected devices in each device class. View a bar chart showing the distribution of your selected devices in each device class. View the total number of selected devices and the number of devices with free slots for each device class that supports capacity planning. View the total slots, available slots, location, and userfield information for each device. Check the switch multiservice ports, which support voice traffic, to make sure the power supply is adequate for the number of multiservice modules installed in each switch. Ensure that the database used to store the community strings and passwords remains synchronized with the actual devices. Detect errors made when devices were added or imported. Select Resource Manager Essentials > Inventory > Hardware Summary Graph. Select Resource Manager Essentials > Inventory > Software Version Graph. Select Resource Manager Essentials > Inventory > Chassis Summary Graph. Select Resource Manager Essentials > Inventory > Chassis Slot Summary. Select Resource Manager Essentials > Inventory > Chassis Slot Details. Select Resource Manager Essentials > Inventory > MultiService Port Details. Select Resource Manager Essentials > Administration > Inventory > Check Device Attributes. 2-45

82 Job Approval Chapter 2 Resource Manager Essentials Applications Table 2-12 Inventory Manager Tasks (continued) Task Purpose Action View the results of updated device attributes. View attribute check results. View historical data. View all historical data associated with scheduled inventory collection. It shows the last run, duration, devices scanned, and average scan time. Select Resource Manager Essentials > Administration > Inventory > View Check Results. Select Resource Manager Essentials > Inventory > Scan History. Job Approval Software Management and Configuration Management tasks allow you to set up approval checkpoints before you run a job that will change a configuration or update the software image on a device. This can help increase the security on your network, by forcing these types of high-impact jobs to be approved before they are scheduled or executed. Moreover, other CiscoWorks2000 applications can also take advantage of this feature (for example, ACL Manager). Job Approval is used by other applications to ensure that a job be approved before it can run. Job Approval sends job requests via to the users on a job s approver list. If none of the approvers approves the job by its scheduled run time, or if an approver rejects the job, the job is moved to the rejected state and will not run. When Job Approval is enabled, applications that use it require that the user do the following for each job that is scheduled: Assign one or more approver lists to the job Schedule the job to run in the future, rather than immediately 2-46

83 Chapter 2 Resource Manager Essentials Applications Job Approval Job Approval Process The job approval process requires that you first create an approver list; a list of CiscoWorks2000 user accounts that must approve the job before it can be run. Users must have the role of approver to be included in an approver list. After you have created at least one approver list, you can enable the job approval feature for Software Management, Configuration Management, or both. Figure 2-14 Job Approval Workflow Create approver list Enable job approval Software updates Configuration file changes Schedule jobs Reports/Graphs Approvers accept or reject jobs via job approval task Wait for approval Run jobs Users with approval role Delete jobs The user must have the user role of system administrator or network administrator to perform this task. You must create at least one approver list before you can enable job approval. Only users who have been assigned the approver role, will display in the list of valid user accounts for approval. 2-47

84 Job Approval Chapter 2 Resource Manager Essentials Applications For Software Management, you can also be specific as to the types of jobs that require approval (new image distribution, undo image distribution, retry image distribution. During scheduling of a job that requires job approval, the user will be queried to select an approver list. When scheduling is complete (the job must be scheduled for the future and not for immediate execution), an will be sent to all users on the approver list and the job will be placed in the job execution queue with a wait for approval status. The job will not run until at least one user on the approval list has accepted it. If anyone rejects the job, or if no one accepts the job by its scheduled time, the job will not run. The URL to this task is included in the . The approver can only accept or reject the job and cannot change any of the operational parameters of the job. All approvers on the list and the creator of the job will receive notification when the job is either accepted or rejected. Table 2-13 shows the tasks that can be accomplished with the Job Approval application. Table 2-13 Job Approval Tasks Task Purpose Action Approve or reject jobs. Set up Job Approval. Create an approver list. Edit an approver list. Approve or reject a job for which you are an approver. Select Resource Manager Essentials > Administration > Job Approval > Approve or Reject Jobs. Enable or disable the application. Select Resource Manager Essentials > Administration > Job Approval > Edit Preferences. Create a new approver list. Select Resource Manager Essentials > Administration > Job Approval > Create Approver List. Edit an existing approver list. Select Resource Manager Essentials > Administration > Job Approval > Edit Approver List. Enable jobs Enable all imported RME jobs. Select Resource Manager Essentials > Administration > Job Approval > Enable Jobs. For information on how to perform the Job Approval tasks, see the online help. 2-48

85 Chapter 2 Resource Manager Essentials Applications Software Management Software Management The Software Management application automates the steps associated with upgrade planning, scheduling, downloading software images, and monitoring your network. Benefits of Software Management The Software Management application provides tools making it easier to store backup copies of all Cisco software images running on network devices, as well as any additional software images that you may wish to maintain, and to plan and execute software image upgrades to multiple devices on the network at the same time. It can analyze devices against software image requirements to determine device compatibility and make recommendations prior to performing a software upgrade. If any errors occur during a software image upgrade, Software Management will allow you to roll back to the previous version. Optionally, for added security and change-management control, software images will not be downloaded unless approved by specifically assigned users. Software Management reports also allow you to track all software upgrades and monitor known bugs in the software versions running on your network. Software Management Functional Flow Software images must be imported into Essentials to be maintained in the Software Image Library. Images can initially be imported to the Essentials Software Library from all managed Cisco devices on the network to create a baseline backup copy of all software images running on your network. Images can also be imported from Cisco.com or the local machine to be used for software image upgrades. 2-49

86 Software Management Chapter 2 Resource Manager Essentials Applications Figure 2-15 Software Management Functional Flow Network devices Cisco.com File Track Bugs/ Sync library Device upgrades Software images Browse/Search library Change Audit Reports After images are imported into the Software Image Library, the Software Management application can be configured to automatically poll devices on the network and produce a report of images running on devices that are not stored in the Essentials database. This ensures that for disaster recovery purposes, there is a backup of all software images running on the network in the software library at all times. Any image that is stored in the Software Image Library can be used to perform a software upgrade. Each step of the process is recorded in the distribution, so if there is a failure, the network administrator will know the reasons for the failure. Software Manager maintains a log of all software upgrades, to make it easy to identify and track when software modifications are made to devices. In addition, whenever a change is made to the software image on a device, a change record is sent to the Change Audit application, which collects and organizes all changes to network devices. Software Management can also be configured to periodically check Cisco.com for known software bugs, and produce a report to show all bugs that affect devices on your network. 2-50

87 Chapter 2 Resource Manager Essentials Applications Software Management Figure 2-16 Software management Workflow Verify device requirements Community strings Telent/Enable mode access rcp (if desired) Setup Identify upgrades needed Plan upgrade Execute upgrade Verify upgrade Establish preferences Import network baseline Schedule Sync & bug jobs Create approver lists View bug reports View software reports Import images Update upgrade info CCO/library upgrade analysis Distribute images Browse job status View software history Ongoing maintenance and troubleshooting Check syncronization report Delete old software images and job records The image depicts the Software Management workflow and associated tasks within Essentials: Device requirements must be verified to ensure that Essentials will be able to access the devices to retrieve and upgrade software images. Perform setup tasks to begin using Software Management. Setup tasks include setting preferences that will be used for all Software Management import and upgrade jobs, creating any approver lists that will be used to approve software jobs, and scheduling jobs to periodically synchronize the software library with network devices and check Cisco.com for known software bugs. When Software Manager is set up, software and bug reports can be used to help identify when software upgrades might be needed. If a software upgrade is required, Software Management features can be used to analyze whether or not devices can accommodate the new image, and to actually distribute the new images to devices on the network. In addition, ongoing maintenance should be performed to ensure that a copy of every image running on the network is stored in the Essentials Software Library, and to remove images no longer needed from the Software Library. 2-51

88 Software Management Chapter 2 Resource Manager Essentials Applications Table 2-14 shows the tasks you can accomplish with the Software Management application. Table 2-14 Software Management Tasks Task Purpose Action Set up your Software Management preferences. Add images to the library. Browse the library. Search the library. View a synchronization report. Specify information such as history page size, the directory where images are stored, the pathname of the user-supplied script to run before and after each device software upgrade. Import images from all Software Management supported devices in your network into the Software Image Library. Download images from Cisco.com into the Software Image Library. Add images from a device to the Software Image Library. Add images from a filesystem to the Software Image Library. Generate a report of all the images in the Software Image Library. You can also delete images from the image library and edit image attributes. Generate a report of a subset of images in the Software Image Library, based on details such as, device type, image type, and version. You can also delete images from the image library and edit image attributes. Generate a synchronization report to determine which Software Management-supported devices are running software images not in the Software Image Library. Select Resource Manager Essentials > Administration > Software Management > Edit Preferences. Select Resource Manager Essentials > Software Management > Library > Add Images. Select Resource Manager Essentials > Software Management > Library > Browse Images. Select Resource Manager Essentials > Software Management > Library > Search for Images. Select Resource Manager Essentials > Software Management > Library > Synchronization Report. 2-52

89 Chapter 2 Resource Manager Essentials Applications Software Management Table 2-14 Software Management Tasks (continued) Task Purpose Action Schedule a synchronization job. Create approver lists. Edit or delete approver lists. Schedule image upgrade jobs. Plan an upgrade from Cisco.com. Plan an upgrade from the library. Review scheduled jobs or undo an upgrade. View consolidated job information. Specify the date, time, and frequency of a synchronization job. Cancel a scheduled synchronization job. Specify who can approve the various tasks necessary during a software upgrade. Edit and delete the list specifying who can approve tasks during a software upgrade. Schedule device upgrades with the selected images. After you schedule and complete the image upgrade job, you can undo the upgrade and roll back to the previous image. Determine the impact to and prerequisites for a new software deployment using images that reside in Cisco.com. Determine the impact to and prerequisites for a new software deployment using images in your software library. Review, modify, or remove schedule jobs. You can also retry failed jobs and undo completed image upgrade jobs. View a report of device upgrade results for selected jobs. Select Resource Manager Essentials > Administration > Software Management > Schedule Synchronization Job. Select Resource Manager Essentials > Administration > Job Approval > Create Approver List. Select Resource Manager Essentials > Administration >Job Approval > Edit Approver List. Select Resource Manager Essentials > Software Management > Distribution > Distribute Images. Select Resource Manager Essentials > Software Management > Job Management > Browse Jobs. Select Resource Manager Essentials > Software Management > Distribution > CCO Upgrade Analysis. Select Resource Manager Essentials > Software Management > Distribution > Library Upgrade Analysis. Select Resource Manager Essentials > Software Management > Job Management > Browse Jobs. Select Resource Manager Essentials > Software Management > Job Management > Consolidated Job Report. 2-53

90 Software Management Chapter 2 Resource Manager Essentials Applications Table 2-14 Software Management Tasks (continued) Task Purpose Action View recent software upgrade results. Mail or copy log files. Browse history. Search history by device. Search history by user. Browse bugs. Schedule a Browse Bugs job. Browse bugs by device. Generate a report summarizing the most recent device software upgrade results stored in the history database. Mail or copy log files if requested to do so by Cisco Support after you report abnormal Software Management behavior. Delete unnecessary log files after mailing or copying them. Generate a summary of device software upgrades stored in the history database. Generate a summary of software upgrades for selected devices. Generate a summary of software upgrades performed by a particular user. Compare images running on Software Management supported devices in your network with the images on Cisco.com and report catastrophic and severe bugs specific to your network. Identify devices running deferred software images. Specify the date, time, and frequency of a Browse Bugs job. Cancel a scheduled Browse Bugs job. Generate a summary of software image bugs for a group of devices. Select Resource Manager Essentials > 24-Hour Reports > Software Upgrade Report. Select Resource Manager Essentials > Software Management > Job Management > Mail or Copy Log File. Select Resource Manager Essentials > Software Management > History > Browse History. Select Resource Manager Essentials > Software Management >History > Search History by Device. Select Resource Manager Essentials > Software Management > History > Search History by User. Select Resource Manager Essentials > Software Management > Bug Reports > Browse Bugs. Select Resource Manager Essentials > Administration > Software Management > Schedule Browse Bugs Job. Select Resource Manager Essentials > Software Management > Bug Report > Browse Bugs by Device. 2-54

91 Chapter 2 Resource Manager Essentials Applications Syslog Analysis Table 2-14 Software Management Tasks (continued) Task Purpose Action Locate devices by bugs. Update upgrade information. Search for known bugs that could affect the devices on your network. Update the source for upgrade knowledge base files. The source can be either Cisco.com or a local file. Select Resource Manager Essentials > Software Management > Bug Report > Locate Devices by Bugs. Select Resource Manager Essentials > Administration > Software Management > Update Upgrade Info. Syslog Analysis The Syslog Analysis application lets you centrally log and track system error messages from Cisco devices. Use logged error message data to analyze router and network performance. Before you can use Syslog Analysis, you must configure your routers and switches to forward messages either to the Essentials server directly or to a system on which you have installed a Syslog Analyzer collector (SAC). The collector filters and forwards the messages to the Essentials server. For more information on configuring network devices for Syslog Analysis, and for installing a remote SAC, see the online help. Syslog Analysis Functional Flow To use the Syslog Analysis features, devices must be configured to forward syslog messages to the Essentials server. When devices are configured correctly, all syslog messages will be forwarded to the Essentials server or a remote SAC. These messages are stored in the syslog facility on the server and are periodically read by the Syslog Analyzer process (approximately every 30 seconds). The Syslog Analyzer reads and processes the messages in the Syslog file, applies any filters that have been defined, and writes remaining messages to the Essentials Syslog message database. All syslog messages that can be read, and that are not filtered out, will be written to the Essentials Syslog database. The database is then used to produce Syslog reports and initiate user-defined scripts. 2-55

92 Syslog Analysis Chapter 2 Resource Manager Essentials Applications To reduce the load on the network and the CiscoWorks2000 Server, SACs can be configured on remote workstations to collect and periodically forward syslog messages to the Essentials server. Any filters that have been defined on the Essentials server will be synchronized on SACs during scheduled updates. Figure 2-17 Syslog Analysis Functional Flow Syslog messages Syslog messages Local server Syslog Message file Local server Syslog Message file Message filters Update filters Message filters Run script - - Print - Pages Action filters Remote Syslog analyzer collector Web site Reports Local Syslog analyzer collector

93 Chapter 2 Resource Manager Essentials Applications Syslog Analysis Syslog Analysis on Windows Since system message logging is not part of the Windows operating system, CiscoWorks2000 adds a logging service when it is installed on Windows 2000 systems. All system messages are stored in the Syslog.log file under the ciscoworks/log directory on the server. The Syslog Analyzer then reads this file to populate the syslog database. Syslog Analysis Workflow Figure 2-18 Syslog Analysis Workflow Verify device requirements Syslog message logging View reports Change storate options Change user URL Define message filters Create automated actions Create custom reports Setup Severity level summary Standard reports Custom reports 24-hour reports Unexpected device report Ongoing maintenance Create custom reports Define message filters Create automated actions Clear Syslog.log file The above chart depicts the Syslog Analysis workflow and associated tasks within Essentials. Syslog Analysis will automatically store any supported syslog messages that are forwarded from devices. You must ensure that devices are configured to forward messages to the Essentials server or a remote SAC. After the devices are configured properly, you can view Syslog reports at any time. You are required to perform Syslog Analysis setup tasks only if you want to filter out specific syslog messages, change how long syslog messages are stored, display syslog messages in a custom URL, group syslog in a custom report, or execute a user-defined script when specified syslog messages are detected. 2-57

94 Syslog Analysis Chapter 2 Resource Manager Essentials Applications Syslog Vs Change Audit Many actions that trigger change audit records will also trigger generation of syslog messages. Change Audit complements syslog message logging by providing additional details about some changes, tracking changes for devices that do not generate syslog messages, and providing multiple ways to organize and view changes to network devices. Figure 2-19 Syslog Analysis Vs Change Audit Workflow Inventory manager Software manager Change records Change audit database Details of change Configuration manager Compliment each other Syslog messages Network devices Syslog database Cisco devices can be configured to log syslog messages and forward them to the Essentials server. These messages originate from the device in response to some activity, such as a configuration change or new software image being loaded. The Syslog Analysis feature within Essentials stores all supported forwarded syslog messages, and provides ways to sort and view them in various reports. 2-58

95 Chapter 2 Resource Manager Essentials Applications Syslog Analysis Change records are produced by Essentials applications that detect changes to previously collected information, including Inventory, Software, and Configuration Management. These applications send messages to the Change Audit Services when they make a change to the network, such as uploading a new Cisco IOS image, or when they detect that a change has occurred. These changes may also trigger syslog messages. The messages are logged in the Essentials syslog facility and are also passed on to Change Audit for processing. For example, a device sends a syslog message about a device- configuration change. This is passed on to Configuration Management, which determines the exact nature of the change, retrieves the new configuration file, and then writes a change record into the Change Audit log. Table 2-15 shows the tasks you can accomplish with the Syslog Analysis application. Table 2-15 Syslog Analysis Tasks Task Purpose Action Set up data storage options. Define custom reports. Define automated actions. Configure how long to store data, the maximum number of messages to store, and the message source. Be sure to restart your machine for the Message Source changes to take effect. Select the message types you want reported or change existing reports. Modify the standard reports provided with Essentials or delete reports you no longer use. You can also enable 24-hour reporting. Add and modify command-line instructions to be executed automatically whenever Syslog Analyzer receives a specific message type. Modify existing actions and delete actions you no longer use. You can also enable or disable actions. Select Resource Manager Essentials > Administration > Syslog Analysis > Change Storage Options. Select Resource Manager Essentials > Administration > Syslog Analysis > Define Custom Reports. Select Resource Manager Essentials > Administration > Syslog Analysis > Define Automated Action. 2-59

96 Syslog Analysis Chapter 2 Resource Manager Essentials Applications Table 2-15 Syslog Analysis Tasks (continued) Task Purpose Action Define message filters. View status. Change your URL. Generate a severity level summary. Generate a standard report. Generate a custom report. Generate a report for unmanaged devices. Exclude messages you do not want reported. You can also enable or disable filtering. View the status of your Syslog Collector. You can view the status of the local and all the remote collectors that have been configured to use the Essentials server as the forwarding server. Link your message reports to a customized web page. You can do this only if you know basic CGI programming. Generate summaries of messages about selected devices sorted by severity level. Generate a system message report for a device or a set of devices. You can generate the report for the current date, or for any date in the previous week, or for all dates. You can include all the messages, or choose the severity level or alert type for which the report should be generated. Generate a full custom syslog report. You can select a report from the custom syslog reports that are defined in Administration. Generate a summary custom syslog report. You can see a summary of the various reports. Generate a syslog information report on all unmanaged devices in your network. Select Resource Manager Essentials > Administration > Syslog Analysis > Define Message Filter. Select Resource Manager Essentials > Administration > Syslog Analysis > Syslog Collector Status. Select Resource Manager Essentials > Administration > Syslog Analysis > Change User URL. Select Resource Manager Essentials > Syslog Analysis > Severity Level Summary. Select Resource Manager Essentials > Syslog Analysis > Standard Reports. Select Resource Manager Essentials > Syslog Analysis > Custom Reports. Select Resource Manager Essentials > Syslog Analysis > Custom Report Summary. Select Resource Manager Essentials > Syslog Analysis > Unexpected Device Report. 2-60

97 Chapter 2 Resource Manager Essentials Applications Syslog Analysis Table 2-15 Syslog Analysis Tasks (continued) Task Purpose Action Capture syslog messages. Generate a 24-hour syslog report. Capture syslog messages generating from MCS servers running WF application. Generate a report for the past 24 hours. The report can be a custom report created by a system administrator or a default report. Select Resource Manager Essentials > Syslog Analysis > WorkFlow Report. Select Resource Manager Essentials > 24-Hour Reports > Syslog Messages. 2-61

98 Syslog Analysis Chapter 2 Resource Manager Essentials Applications 2-62

99 CHAPTER 3 VPN Security Management Solution This chapter introduces VPN Security Management Solution and provides tables with the tasks that can be accomplished with it. VPN Security Management Solution is part of the CiscoWorks2000 family of products. It lets you generate these reports: Configuration Management Reports Inventory Reports VPN Syslog Analysis Reports 3-1

100 Configuration Management Reports Chapter 3 VPN Security Management Solution Configuration Management Reports These reports provide information on VPN related attributes including, IKE policies, Certificate Authorities, Crypto Maps, Crypto Access lists, Transform Sets, and Global SA lifetimes for VPN devices. The reports are based on the latest configuration file from the archive. You can also search VPN devices in the configuration archive. Table 3-1 shows the tasks you can accomplish with Configuration Management. Table 3-1 Configuration Management Tasks Task Purpose Action View VPN configuration report. Search VPN devices. Generate a report on VPN related attributes for the selected VPN devices. Search VPN devices in the configuration archive by specifying text patterns. Select VPN Security Management Solution > Reports > Configuration Management> VPN Configuration Reports. Select VPN Security Management Solution > Reports > Configuration Management> Search VPN Device by Pattern. Inventory Reports These reports provide a list of the VPN managed devices that support hardware encryption. They also provide information on the devices that need an image upgrade. Table 3-2 shows the tasks you can accomplish with Inventory. 3-2

101 Chapter 3 VPN Security Management Solution VPN Syslog Analysis Reports Table 3-2 Inventory Tasks Task Purpose Action View hardware encryption reports. View image upgrade report. Generate a report on the list of managed VPN devices that support hardware encryption cards. This report lists the device name, type and supported encryption card type. Generate a report listing the devices that need an IOS image upgrade in order to be IP Sec enabled. Select VPN Security Management Solution > Reports > Inventory > Hardware Encryption Report. Select VPN Security Management Solution > Reports > Inventory > Image Upgrade Report. VPN Syslog Analysis Reports VPN Syslog Analysis lets you centrally log and track the device syslog messages. You can use the logged error message data to analyze router and network performance. You can use the VPN Syslog Analysis to produce the necessary information and message reports for VPN Messages. The VPN Syslog Analysis reports are classified as: Point/Canned reports. These are VPN Syslog reports based on specific mnemonic groups, and are configured with a set of mnemonics. Advanced report. This is a generic report that displays all VPN-specific Syslog messages coming from selected VPN devices. This report is generated only for devices which have VPN capabilities. Table 3-3 shows the tasks you can accomplish with Syslog Analysis. Table 3-3 VPN Syslog Analysis Tasks Task Purpose Action View hardware encryption reports. View de-encapsulation report. Generate a canned report on the VPN devices in the network. Generate a de-encapsulation report, which is a canned report, for the VPN devices in your network. Select VPN Security Management Solution > Reports > Syslog Analysis > Hardware Encryption Report. Select VPN Security Management Solution > Reports > Syslog Analysis > De-encapsulation. 3-3

102 VPN Syslog Analysis Reports Chapter 3 VPN Security Management Solution Table 3-3 VPN Syslog Analysis Tasks (continued) Task Purpose Action View compression - decompression report. View packet replay report. View certificate report. View IKE report. View advanced report. Generate a compression - decompression report, which is a canned report, for the VPN devices in your network. Generate a packet replay report, which is a canned report, for the VPN devices in your network. Generate a certificate report, which is a canned report, for the VPN devices in your network. Generate an IKE report, which is a canned report, for the VPN devices in your network. Generate an advanced report displaying VPN-specific Syslog messages coming from selected VPN devices. Select VPN Security Management Solution > Reports > Syslog Analysis > Compression - Decompression. Select VPN Security Management Solution > Reports > Syslog Analysis > Packet Replay. Select VPN Security Management Solution > Reports > Syslog Analysis > Certificate. Select VPN Security Management Solution > Reports > Syslog Analysis > IKE. Select VPN Security Management Solution > Reports > Syslog Analysis > Advanced. 3-4

103 CHAPTER 4 Network Address Translation Support This chapter introduces Network Address Transalation (NAT) support in Resource Manager Essentials and provides details of the tasks you need to perform to enable support. 4-1

104 Introducing NAT Support Chapter 4 Network Address Translation Support Introducing NAT Support Essentials can manage devices outside the NAT boundary using their IP addresses. As the NAT would translate between the public and private address for the Essentials servers, these devices will remain SNMP reachable. In Essentials, config fetch and image transfer commands can be performed using TFTP. Essentials uses SNMP to perform these operations. When Essentials issues an SNMP set command to a device, the device will initiate a TFTP transfer with the parameters provided through SNMP. In the SNMP command set if Essentials sets its private address, the TFTP transfer would fail as a device outside the NAT cannot reach private address of the RME servers. The Figure 4-1 depicts a typical NAT scenario. In the figure, the Essentials server is within the NAT boundary. Essentials can manage the devices within the NAT boundary using their private addresses. When Essentials tries to manage devices outside the NAT boundary you need to enable support for NAT as described in the following section. Figure 4-1 NAT Support NAT Boundary

105 Chapter 4 Network Address Translation Support Managing devices outside the NAT Managing devices outside the NAT To manage devices outside the NAT boundary: Step 1 Step 2 Step 3 Step 4 Open a command prompt window. Navigate to $NMSROOT/www/classpath/com/cisco/nm/config/archive/ Open the config.properties file in a text editor Modify the config.properties file: USE_NAT= Yes USER_FIELD=X where X is 1 or 2 or 3 or 4. The value X corresponds to the User Fields under Resource Manager Essentials > Administration > Inventory > Add Devices Note While adding the device outside the NAT boundary, in addition to the Device Name field, provide the public address of the Essentials server in User Field X. While adding the device within the NAT boundary, just provide the Device Name as before. You need not enter any value in the User Field. 4-3

106 Managing devices outside the NAT Chapter 4 Network Address Translation Support 4-4

107 P ART 2 Managing Your Network Scenarios

108

109 CHAPTER 5 Monitoring Your Devices As the network administrator, when you come in to work, you want to see how your network devices are operating and be aware of any changes that might have occurred during your absence. While checking the standard reports in Syslog, you notice a number of CPU hog messages for a particular device and launch CiscoView to monitor the chassis-level information. 5-1

110 What You Need Prerequisites Chapter 5 Monitoring Your Devices What You Need Prerequisites In this scenario, you will use these applications: Availability Syslog Analysis Before you can monitor devices, make sure that these tasks have been completed: Availability views you want to poll are configured (select Resource Manager Essentials > Administration > Availability > Change Polling Options). Custom reports, in addition to the standard reports, for specific syslog data that you want to monitor are configured (select Resource Manager Essentials > Administration > Syslog Analysis > Define Custom Report). For a complete description of the required tasks, refer to the online help. How To Do It Procedures To monitor devices in your network: 1. Determine Current Network Availability 2. View the Latest Syslog Messages 3. View a Custom Report The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. Determine Current Network Availability Step 1 Step 2 Step 3 Select Resource Manager Essentials > Availability > Availability Monitor The Select Devices dialog box displays the view being monitored for availability. Select the applicable view from the Views column. Select the devices you want to monitor from the Device column, then click Add. The selected devices are added to the Selected Devices column. 5-2

111 Chapter 5 Monitoring Your Devices How To Do It Procedures Step 4 Step 5 Step 6 Click Finish. The Availability Monitor report appears. The down arrows on the Availability Monitor report represent unreachable devices; the up arrows represent reachable devices. The Availability Monitor report contains several links for each device. Click on any of these links for details: Device Reachability (%) to view the corresponding Device Reachability Trend graph. Response Time (ms) to view the Response Time report. Interface Status to view the Device Finder, which displays information about the selected device. Click Close. View the Latest Syslog Messages Step 1 Step 2 Step 3 Select Resource Manager Essentials > 24-Hour Reports > Syslog Messages. The Syslog 24-Hour report appears with the standard reports listed. When you check the CPU Hog report, you see a device that has used too many CPU cycles. Click on the device name. The Device Center appears. Click CiscoView from the Device Info column to launch the CiscoView application, and use it to monitor the chassis-level information for the device. For details on using CiscoView, refer to the CiscoView online help. 5-3

112 Where You Should End Up Verification Chapter 5 Monitoring Your Devices View a Custom Report Step 1 Step 2 Step 3 Step 4 Step 5 Select Resource Manager Essentials > Syslog Analysis > Custom Reports. The Custom Reports dialog box appears. Select the applicable view from the Views column. Select the devices from that view you want to include in the report from the Device column, then click Add. The selected devices are added to the Selected Devices column. Click Next. The Select Report Name and Dates dialog box appears. Select the report name and date, then click Finish. The report appears. You can print the report or save it as a CSV or as a plain text file. Where You Should End Up Verification After you determine the overall availability of your network devices, review the most recent syslog messages, and review any custom reports you have created, you should have a complete picture of the state of your network. 5-4

113 Chapter 5 Monitoring Your Devices Where You Should End Up Verification Throughout the work day, you can continue to monitor network device availability: Step 1 Step 2 Step 3 Select Resource Manager Essentials > Availability > Reachability Dashboard. The Reachability Dashboard displays a report for each availability view. The Reachability Dashboard refreshes automatically every minute. Therefore, you can keep it on your desktop to receive constant updates. The down arrows represent unreachable devices and the up arrows represent reachable devices. Click the Device Name links to access the Device Center for details. Click Close when you want to close the report. 5-5

114 Where You Should End Up Verification Chapter 5 Monitoring Your Devices 5-6

115 CHAPTER 6 Upgrading Your Device Software As the network administrator, you need to upgrade all routers and switches on your network from Cisco IOS Release 11.3 to the new IOS Release 12.0 or later using images that reside in cisco.com. Before you can upgrade, you might need to generate a purchase order. 6-1

116 What You Need Prerequisites Chapter 6 Upgrading Your Device Software What You Need Prerequisites In this scenario, you will use these applications: Software Management Change Audit Before you can upgrade devices, make sure that these tasks have been completed: A baseline of your software library is created (select Resource Manager Essentials > Software Management > Library > Add Images and use Network as the source). The images in your software library are synchronized with the images running in your network (select Resource Manager Essentials > Administration > Software Management > Schedule Synchronization Job). You have received CCO login privileges. If you do not have a user account and password on CCO, contact your channel partner or enter a request on the standard CCO web site ( A Browse Bugs Job was scheduled (select Resource Manager Essentials > Administration > Software Management > Schedule Browse Bugs Job). This job helps you identify bugs that may be present in the software images running on the devices in your network. For a complete description of the required tasks, refer to the online help. How To Do It Procedures To upgrade devices: 1. Perform the CCO Upgrade Analysis 2. Retrieve Software Images from CCO 3. Schedule the Software Image Upgrade 4. Track the Upgrade The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. 6-2

117 Chapter 6 Upgrading Your Device Software How To Do It Procedures Perform the CCO Upgrade Analysis Performing an upgrade analysis ensures that the device meets the prerequisites for a software image upgrade. The upgrade analysis report displays RAM, Flash memory, or boot ROM upgrades needed to upgrade to a software image. It also displays Telnet information you need to configure in the Inventory application. For Catalyst switches, the report also displays upgrade path restrictions. Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Select Resource Manager Essentials > Software Management > Distribution> CCO Upgrade Analysis. The Select Filtering Criteria dialog box appears. Select any or all of the following, then click Next: Images newer than running image only images that were released later than the images on your devices. Same image feature subset as running image all subsets for your devices. Select this if you do not want to limit your list to the current subsets. General deployment images with GD status. Latest maintenance release the most recent maintenance release. The Select Devices dialog box appears. Select the views and devices to display, then click Next. If your CCO username and password have not been added to the database, the Login for CCO dialog box appears. Enter your CCO username and CCO password to update the user profile, then click Next. The Image Selection dialog box displays the images running on the selected devices, the images available on CCO, and match the filtering criteria set in Step 2. Select images, then click Finish. The Upgrade Analysis Report displays upgrade recommendations. You can switch between List Format and Table Format by clicking the appropriate button at the top of the report. Click Close. 6-3

118 How To Do It Procedures Chapter 6 Upgrading Your Device Software Retrieve Software Images from CCO Step 1 Step 2 Step 3 Step 4 Step 5 Select Resource Manager Essentials > Software Management > Library > Add Images. The Select Image Source dialog box appears. Select CCO, then click Next. The Select Devices dialog box appears. Enter the names of the devices to add to your library, then click Next. Alternatively, select a view from the Views column that contains devices you want to upgrade, select the devices from the Devices column, then click Next. Select one or more devices from the Devices column to identify a subset of device software images. This helps you to narrow your options in subsequent dialog boxes. If your Cisco.com username and password have not been added to the database, the Login for Cisco.com dialog box appears. Enter your Cisco.com username and Cisco.com password to update the user profile, then click Next. Select the device/platform, software version, image subset and image to add to the library, then click Next. The Select Images to Add to Library dialog box verifies whether the device has enough memory for the selected image. If the device does not have enough memory, the word Fail appears in the Pass/Fail column. If the device does have enough memory to run the selected software image, the word Pass appears in the Pass/Fail column and you can perform the download. Note You can perform a download regardless of the pass/fail status. An image that fails on one device might work on another, so you might want to add it to the image library. Step 6 Step 7 Make sure the Download check box is selected, then click Next. The Verify Images to Add to Library dialog box appears. Verify that the information is correct, then click Schedule Download or Download Now. 6-4

119 Chapter 6 Upgrading Your Device Software How To Do It Procedures If you click Download Now, Essentials downloads the image. The Add-to-Library Summary dialog box appears. Click Browse Library to see the image in the library. If you click Schedule Download, the Job Control Information dialog box appears. a. Enter the job description and optional address, schedule the job, then click Finish. The Image Import Summary dialog box appears. b. Click Browse Job Status to view the job status. c. If the job status is Pending for Import, click the Job ID, then in the lower pane, click the image link. The Verify Image Type dialog box appears. d. Click Next. A message notifies you that the job will take a while. e. Click OK. T The Confirm Images dialog box appears. f. Verify the details and click Next. The Edit System Image Attributes dialog box appears. g. Click Finish. The Add-to-Library Summary dialog box appears. h. Click Browse Library to see the image in the library. Schedule the Software Image Upgrade You have downloaded the required software images to your software library and are now prepared to set up your upgrade. As you are the system administrator, you have permissions to perform this function. As a general rule, schedule your upgrades so you do not compromise your device path. For example, if you have three devices on a path, and device A depends on device B, and device B depends on device C, you reboot from the bottom of the path so that device C is the first to reboot, device B is the second, and device A is the third. 6-5

120 How To Do It Procedures Chapter 6 Upgrading Your Device Software Note The recommended maximum number of devices you should schedule per job is 12. More than 12 devices out of service at a time could affect your network performance adversely. Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Select Resource Manager Essentials > Software Management > Distribution> Distribute Images. The Select Device Type dialog box appears. Select Cisco IOS, then click Next. The Select Cisco IOS Devices dialog box appears. Select Device Family, Current Cisco IOS Versions, and Boot ROM Version from the View windows, click Query to add the items to the Devices list, then select the devices. Click Next. If your CCO username and password have not been added to the database, the CCO login dialog box appears. Enter your CCO username and CCO password to update the user profile, then click Next. If you do not want to include images from CCO in the recommended images list, click Skip. The Recommended Image Upgrade dialog box appears. To view the running status of the selected devices (Running image, Flash details, and so on), click Details. The Details report appears. Click Close. Select the devices to upgrade. For each device, select the desired image upgrade. Deselect check boxes for any devices you do not want to upgrade, then click Next. The system prompts for confirmation. Click OK to continue. The Verify Image Upgrade dialog box appears. 6-6

121 Chapter 6 Upgrading Your Device Software How To Do It Procedures Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Check the verification status, make any necessary changes by going back to the Recommended Image Upgrade dialog box, then click Next. The Distribution Sequence dialog box appears if more than one device has been selected for upgrade. Move the upgrades up or down the distribution sequence list as desired, then click Next. The Job Control Information dialog box appears. Enter the job description and optional address, schedule the job, then click Next. The Work Order Report appears. Click Finish. The Distribute Image Summary dialog box appears. Click Browse Job Status to see the job status. The Job Status window appears. Click the Job ID to see the job details. The Job Details report appears. This report has two parts: The top part contains current job information, device information, and the Work Order report. The bottom part contains either the schedule change dialog box or the job log file, depending on the state of the job. You can optionally change the schedule, then close the report. Track the Upgrade Step 1 Step 2 Select Resource Manager Essentials > Change Audit > Search Change Audit. The Change Audit Filter Options dialog box appears. Select the views and devices, then click Next. A second Change Audit Filter Options dialog box appears. 6-7

122 Where You Should End Up Verification Chapter 6 Upgrading Your Device Software Step 3 Step 4 Step 5 Step 6 Step 7 Select All from the Application drop-down list box; then select Custom. Enter the date and time the upgrade was to occur, then click Finish. The Change Audit Searching report appears. Select highlighted Details text in the View Details column to view the details of a particular device. Select highlighted More Records text in the Grouped Records column to view records that stem from the same event. Click Close. Where You Should End Up Verification Verify your device software images have been upgraded by viewing the Software Upgrade report. Select Resource Manager Essentials > 24-Hour Reports > Software Upgrade Report. 6-8

123 CHAPTER 7 Performing Maintenance on Your Essentials Server As a network administrator you need to perform maintenance to keep your information updated and to get rid of unnecessary or outdated reports and data on the system. 7-1

124 What You Need Prerequisites Chapter 7 Performing Maintenance on Your Essentials Server What You Need Prerequisites In this scenario, you will use these applications: Change Audit Software Management Syslog Analysis Inventory Configuration Management Before you can perform maintenance tasks: Create a historical report of network changes (select Resource Manager Essentials > Change Audit > All Changes) before you delete Change Audit records. Run the unexpected devices report (select Resource Manager Essentials > Syslog Analysis > Unexpected Device Report) to verify which devices you need to add to inventory. For a complete description of the required tasks, refer to the online help. How To Do It Procedures Remove Records From the Change Audit Log Remove Images From the Software Library Remove Old Data From the Job Control Report Add Unmanaged Devices to Inventory Remove Configurations From the Archive The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. 7-2

125 Chapter 7 Performing Maintenance on Your Essentials Server How To Do It Procedures Remove Records From the Change Audit Log Delete change records according to your auditing guidelines and disk space. Step 1 Step 2 Step 3 Step 4 Step 5 If you have not already done so, select Resource Manager Essentials > Change Audit > All Changes and save the report. This is your historical backup. Select Resource Manager Essentials > Administration > Change Audit > Delete Change History. The Change Audit Filter Options dialog box appears. Select the views you need. Devices for that particular view appears. Select the devices, then click Next to apply additional filters. The Change Audit Delete Change History dialog box appears. Select the criteria for deleting your Change Audit data. Delete Change History dialog box contains these options: Option Application Category User Usage You can select the application name. Current application that log change records are Inventory Manager, Configuration Manager, and Software Management. An application name does not appear in the options list if there are no records for that application. The default is All Applications. You can select the category. Current categories are config, inventory, and swim. A category name does not appear in the options list if there are no records for that application category. The default is All Categories. You can select the user from the drop-down list. A username does not appear in the options list if there are no records for that user. The default is All Users. 7-3

126 How To Do It Procedures Chapter 7 Performing Maintenance on Your Essentials Server Option Mode Select Date Range Usage You can select the connection mode from the drop-down list. The connection mode options do not appear in the options list if there are no records for that option. The default is All Modes. Select the required date range. Step 6 Step 7 Click Next to schedule the deletion. The Change Audit Schedule Jobs dialog box appears. Select the Schedule Type from the drop-down list to specify a schedule for the deletion. The Schedule Type drop-down list contains these options: Option Immediate Once Daily Weekly Monthly Usage Runs the job immediately. Runs the job once using the selected time and date. Runs the job daily as you have specified in the Run Job field. Runs the job weekly as you have specified in the Run Job field. Runs the job monthly as you have specified in the Run Job field. Step 8 Click Finish to confirm deleting the selection. The Change Audit Delete Change Records dialog box displays the results. 7-4

127 Chapter 7 Performing Maintenance on Your Essentials Server How To Do It Procedures Note Change Audit records accumulate in the system unless they are explicitly deleted by an administrator. This will result in retention of large number of.dfr and.dfc files in the archive directory. It is recommended that you create a periodic job to purge Change Audit records. If you want to retain the change history, you can save them in CSV format and then purge them. Remove Images From the Software Library Step 1 Select Resource Manager Essentials > Software Management > Library > Browse Images. The Image Library Summary opens. Caution Step 2 If you delete software images from the Essentials server, you cannot restore them. You must download them from CCO or the server where your images are stored. Select the corresponding check boxes of the images that you need to delete, and then click Delete. A dialog box appears. To cancel the image deletion, click Cancel. To delete the images, click OK. 7-5

128 How To Do It Procedures Chapter 7 Performing Maintenance on Your Essentials Server Remove Old Data From the Job Control Report Step 1 To display the Job Control Report select Resource Manager Essentials > Software Management > Job Management > Browse Jobs. Step 2 Step 3 Click the ID of the job you want to delete. Click Remove. Add Unmanaged Devices to Inventory Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 If you have not already done so, run an unexpected device report (select Resource Manager Essentials > Syslog Analysis > Unexpected Device Report). Review the report to determine which devices have been added to the network, but not to inventory. Select Resource Manager Essentials > Administration > Inventory > Add Devices. The Add a Single Device dialog box appears. Enter the access information in the Add a Single Device dialog box, then click Next. The Enter Login Authentication Information dialog box appears. Enter and verify the information in the Enter Login Authentication dialog box. If the device is running Terminal Access Controller Access Control System (TACACS), enter the TACACS username and TACACS password. If you are using Software Management or Device Configuration or managing Cisco 2500 single Flash bank (SFB) devices, you must enter the read-write community string. (You should also enter the Telnet passwords.) Otherwise, upgrades will not succeed. Click Next. The Enter Enable Authentication Information dialog box appears. If the device is running TACACS, enter the Enable TACACS username and Enable TACACS password. 7-6

129 Chapter 7 Performing Maintenance on Your Essentials Server How To Do It Procedures Step 7 Step 8 Enter and verify the information in the Enter Login Authentication Information dialog box. Click Finish. The Single Device Add dialog box appears. Step 9 To add another device, click Add Another and repeat steps Step 4 through Step 7. Remove Configurations From the Archive Step 1 Step 2 Step 3 Select Resource Manager Essentials > Administration > Configuration Management > General Setup. The Configuration Manager Admin dialog box appears. Select the Archive Setup tab. To specify when the program should purge configuration files from the archive, select one of the following: Click Older than, then enter a number and select days, weeks, or months. Click Maximum versions to keep, then enter the number of configurations to retain. Click Don t Purge Labelled Files to retain the labeled configuration files. It is not recommended that you purge according to the maximum number of versions, if you change many configurations each day. For example, if you have a known good configuration and then make 10 changes to it, you will have 11 versions stored in the archive. If you specify keeping only 10 versions in the archive, the known good configuration is purged because it is the oldest version. Click Apply. A message that the changes to the archive were made, appears. 7-7

130 Where You Should End Up Verification Chapter 7 Performing Maintenance on Your Essentials Server Where You Should End Up Verification After you perform maintenance tasks, verify that they were done: Verify Change Audit Log Records Are Removed Verify Software Images Are Removed from the Library Verify Old Data Is Removed from the Job Control Report Verify Unmanaged Devices Are Added to Inventory Verify Configurations Are Removed from the Archive Verify Change Audit Log Records Are Removed Step 1 Step 2 Step 3 Select Resource Manager Essentials > Change Audit > Search Change Audit. The Change Audit - Filter Options dialog box appears. Select All Views and All Devices, then click Next. A second Change Audit - Filter Options dialog box appears. Select All from the Application field, Category field, User field, and Mode field, then select the dates for which you removed records, and then click Finish. The Change Audit - Search report appears. No records for your dates should appear. Verify Software Images Are Removed from the Library Step 1 Select Resource Manager Essentials > Software Management > Library > Browse Images. Step 2 The Image Summary Report opens. Scan the report to make sure that the software images you deleted are gone. 7-8

131 Chapter 7 Performing Maintenance on Your Essentials Server Where You Should End Up Verification Verify Old Data Is Removed from the Job Control Report Step 1 Display the Job Control Report by selecting Resource Manager Essentials > Software Management > Job Management > Browse Jobs. Step 2 Verify that the job you deleted is no longer on the report. Verify Unmanaged Devices Are Added to Inventory Step 1 Step 2 Select Resource Manager Essentials > Administration > Inventory > List Devices. The List Devices dialog box appears. Verify that the devices you added appear on the list. Verify Configurations Are Removed from the Archive Since the configurations are removed from the archive on a schedule, it is not necessary to verify if they are removed each time the job runs. To verify if configurations are removed from the archive on a schedule, view the directory: On Windows 2000 systems, go to $NMSROOT\files\archive\config On Unix systems, enter /var/adm/cscopx/files/archive/config 7-9

132 Where You Should End Up Verification Chapter 7 Performing Maintenance on Your Essentials Server 7-10

133 CHAPTER 8 Making a Device Configuration Change Using a Template For security reasons, your company s policy is to change device Telnet passwords every three months. As the network administrator, you can accomplish this task with a system-defined template. 8-1

134 What You Need Prerequisites Chapter 8 Making a Device Configuration Change Using a Template What You Need Prerequisites In this scenario, you will use only the Configuration Management application. To change Telnet passwords using this application, you must have permission to use the Telnet Password template. If you have Network Administrator permissions, you can use any template. If you do not, a network administrator must assign your permissions. For a complete description of the required tasks, refer to the online help. How To Do It Procedures The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. Step 2 Step 3 The NetConfig application window opens. Select Jobs > New Job. The New Job wizard appears with the Device Category dialog box open. Select IOS from the Select Device Category drop-down list box, then click Next. The Select Devices dialog box appears. Note Each NetConfig job can run on only one device category. You must create a separate job for each additional category of devices that you want to configure. Step 4 Select all the Cisco IOS devices in the inventory using the device selector, then click Next. The Apply Template dialog box appears, unless you selected any devices whose configurations are not archived. 8-2

135 Chapter 8 Making a Device Configuration Change Using a Template How To Do It Procedures Step 5 Step 6 Step 7 Step 8 Step 9 If you selected any devices whose configurations are not archived in the configuration archive, a dialog box appears listing those devices. Click one of the buttons: Open Archive Status. Opens the Archive Status dialog box in the CiscoWorks2000 window, where you can troubleshoot devices and add their configurations to the archive. Cancel. Cancels device selection and returns you to Select Devices dialog box. Continue. Removes devices whose configurations are not archived and continues the Job Definition wizard at the Apply Template dialog box. Apply the Telnet Password configuration template by following these steps in the Apply Templates dialog box. a. Select Telnet Password from the Select Template drop-down list. b. Select enable from the Action drop-down list. c. Select vty from the Line drop-down list. Note that selecting vty will enable the password on all vty lines on each device. d. Enter the new Telnet password in the Password and Verify text boxes, then click Add. The template and its corresponding configuration commands appear in the CLI commands viewer at the bottom of the dialog box. Click Next. The Job Properties dialog box appears. Enter a description in the Description text box and select any other job properties to apply to the job, then click Next. If Job Approval is enabled, the Set Approver dialog box appears. Select an approver list and enter any other optional information, then click Next. If Job Approval is not enabled, the Work Order dialog box appears. Review the work order. If you need to edit the job, click Back to return to previous dialog boxes, make the necessary changes, then click Next until the Work Order dialog box appears. 8-3

136 Where You Should End Up Verification Chapter 8 Making a Device Configuration Change Using a Template Step 10 Step 11 Step 12 Step 13 Click Finish. The job is registered and runs, unless it is scheduled to run in the future. Note the job ID number that appears. Repeat the process for each device category for which you have devices. Verify that each job runs successfully. Refer to the section Where You Should End Up Verification for more information. After each job runs successfully, you can copy it to create a job that will change the Telnet passwords again in 3 months. To do this: a. Select Jobs > Job Browser. The Job Browser dialog box appears. b. Select the record of the job you want to copy, then click Copy Job. The job definition opens with a new job ID assigned. c. Set the schedule to start the job on the next day on which you must change the Telnet password, using the Job Properties dialog box. Note You can edit any part of the job except the device category. d. Click Next until the Work Order dialog box appears. e. Review the work order and make changes to the job definition, if needed. f. Click Finish to register the new job. Where You Should End Up Verification After the job runs, the device configurations of the selected devices are changed. You should verify that the process was successful: Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. The NetConfig application window opens. 8-4

137 Chapter 8 Making a Device Configuration Change Using a Template Where You Should End Up Verification Step 2 Step 3 Step 4 Select Jobs > Job Browser. The Job Browser dialog box appears. Locate the job s record and check its Status entry to determine if it completed successfully. Select the job record and click Job Details. The Job Details dialog box appears. If the job failed, review the Download Summary page and the device details for each device to determine why it failed. If the job completed successfully, click the Check Credentials button to verify that the new Telnet password is working correctly. For more information about browsing jobs and job details, refer to the online help. 8-5

138 Where You Should End Up Verification Chapter 8 Making a Device Configuration Change Using a Template 8-6

139 CHAPTER 9 Configuring Multiple Devices As a network administrator, you have to make one or more configuration changes on multiple devices in your network. To accomplish this task, create a custom template containing these configuration commands, and then execute it against multiple devices. You can execute the commands immediately or schedule them to run in the future. 9-1

140 What You Need Prerequisites Chapter 9 Configuring Multiple Devices What You Need Prerequisites In this scenario, you will use only the NetConfig application. To create a template using this application, you must have Network Administrator permissions. To execute a job using a template, you must have permission to use the template. If you have Network Administrator permissions, you can use any template. If you do not, a network administrator must assign your permissions. How To Do It Procedures Create a Template Define a NetConfig Job The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. Create a Template Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. Step 2 Step 3 Step 4 The NetConfig application window opens. Select Admin > Create/Edit User Templates. The Create/Edit User Templates wizard appears. Enter a name in the Name text box. Select IOS from the Device Types drop-down list box. Note Each NetConfig job can run on only one device category. You must create a separate job for each additional category of devices that you want to configure. 9-2

141 Chapter 9 Configuring Multiple Devices How To Do It Procedures Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Select Config as the command mode. Enter the commands in the Enter CLI Commands text box or Import the file that contains the commands you wish to use. To do this: a. Click Browse. The Browse dialog box appears. b. Locate the required file, then click OK. Enter the rollback commands, if any, in the Enter Rollback Commands text box or Import the file that contains the commands you wish to use. To do this: a. Click Browse. The Browse dialog box appears. b. Locate the required file, then click OK. Click Assign to give permissions for the use of this template. The Assign Users dialog box appears. Select the users to whom you wish to give permission, click the >> button, then click Finish. If there are no users available, select Server Configuration > Setup > Security> Add Users. Use the Add Users dialog box to add new users. Click Save. The template appears in the left pane. Define a NetConfig Job Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. The NetConfig application window opens. 9-3

142 How To Do It Procedures Chapter 9 Configuring Multiple Devices Step 2 Step 3 Select Jobs > New Job. The New Job wizard appears with the Select Device Category dialog box open. Select IOS from the Select Device Category drop-down list box, then click Next. The Select Devices dialog box appears. Note Each NetConfig job can run on only one device category. You must create a separate job for each additional category of devices that you want to configure. Step 4 Step 5 Step 6 Step 7 Step 8 Select the required Cisco IOS devices in the inventory using the device selector, then click Next. The Apply Template dialog box appears, unless you selected any devices whose configurations are not archived. If you selected any devices whose configurations are not archived in the configuration archive, a dialog box appears listing those devices. Click one of the buttons: Open Archive Status. Opens the Archive Status dialog box in the CiscoWorks2000 window, where you can troubleshoot devices and add their configurations to the archive. Cancel. Cancels device selection and returns you to Select Devices dialog box. Continue. Removes devices whose configurations are not archived and continues the New Job wizard at the Apply Templates dialog box. From the Select Template drop-down list box, select the template you created in the previous procedure. The commands contained in the template appear in the Commands text box. Click Add. The template and its corresponding configuration commands appear at the bottom of the dialog box. Click Next. The Job Properties dialog box appears. Enter a description in the Description text box and any comments in the Config Comments text box. 9-4

143 Chapter 9 Configuring Multiple Devices Where You Should End Up Verification Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Specify the job schedule and other options, then click Next. If Job Approval is enabled, the Set Approver dialog box appears. Select an approver list and enter any other optional information, then click Next. If Job Approval is not enabled, the Work Order dialog box appears. Review the work order. If you need to edit the job, click Back to return to previous dialog boxes, make the necessary changes, then click Next until the Work Order dialog box appears. Click Finish. The job is registered and runs, unless it is scheduled to run in the future. Note the Job ID that appears. Verify that the job runs successfully. Refer to the section Where You Should End Up Verification for more information. Where You Should End Up Verification After the job runs, the device configuration of the selected devices are changed. You should verify that the process was successful: Step 1 Select Resource Manager Essentials > Configuration Management > NetConfig. Step 2 Step 3 The NetConfig application window opens. Select Jobs > Job Browser. The Job Browser dialog box appears. Locate the job record and check its status entry to determine if it completed successfully. 9-5

144 Where You Should End Up Verification Chapter 9 Configuring Multiple Devices Step 4 Select the job record and click Job Details. The Job Details dialog box appears. If the job failed, review the Download Summary page and the device details for each device to determine why it failed. If the job completed successfully, click Check Credentials button to verify that your commands are executed correctly on the devices. For more information about browsing jobs and job details, refer to the online help. 9-6

145 10 CHAPTER Importing Device Data to Inventory You are the system administrator and want to import device information from HP OpenView, a network management system (NMS) that resides on a remote server, to the Inventory database. You are importing the information to a UNIX machine. (See the online help for procedures on importing device information from other NMS platforms.) 10-1

146 What You Need Prerequisites Chapter 10 Importing Device Data to Inventory What You Need Prerequisites In this scenario, you will use only the Inventory application. Before you can import device data, make sure that these tasks have been completed: The NMS is a supported system (see the Release Notes for Resource Manager Essentials 3.3 for the supported versions.) The NMS database resides on a remote server that is a UNIX (not a Windows 2000) machine. Your local Essentials server has the proper permissions for remotely accessing the remote username and for running the remote shell as the specified user on the remote host. To do this, verify the following on the remote server: An.rhosts file is in the remote user s home directory and contains an entry for the Essentials server. The username entry is +casuser. The /etc/hosts. equiv file on the remote server does not contain any statements that disallow access by the Essentials server. HP OpenView is running on the remote host. The CWSI remote user is a member of the group casusers and a member of the CWSI Known Network database. Tivoli NetView is running on the remote host. Cisco WAN Manger default user name is svplus. The CiscoWorks remote user is a member of the CiscoWorks group. On UNIX, the remote user ID is part of cscworks (or the group entered when CiscoWorks was installed) in /etc/group. The CiscoWorks Sybase server is running on the remote host and the Sybase database uses the default query server name CW_SYBASE. The remote shell daemon is running on the remote host. For a complete description of all the required tasks, refer to the online help. 10-2

147 Chapter 10 Importing Device Data to Inventory How To Do It Procedures How To Do It Procedures The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Select Resource Manager Essentials > Administration > Inventory > Import from Remote NMS. The Remote Database Import dialog box appears. Select the database from which you are importing from the NM Product drop-down list. Enter the network name of the host on which the remote NMS resides in the Host Name field. Enter the name of the remote user in the User Name field. Select one of the choices from the Reconciliation Criteria list. Use this list to specify the resolution method if there is a conflict between a device you try to import and a managed device with the same host and domain name. Use data from imported devices When a conflict occurs, the imported device information overwrites existing device information. Use data from managed devices When a conflict occurs, the existing device information remains and the imported information is ignored. Resolve conflicts after importing (the default) After the import, select the information for the device integration process used to manage each device. Select Cisco Devices Only or Customize or both from Special Options, then click Next. If you are importing non-cisco devices or you want to enter device information, click Customize. If you select Cisco Devices Only, devices are filtered based on the SNMP variable sysobjectid. (Devices are not filtered on CWSI.) If you select Customize or CWSI, the Import Options dialog box appears. Enter the import options that apply to your NMS database. 10-3

148 Where You Should End Up Verification Chapter 10 Importing Device Data to Inventory Step 7 If you installed the NMS at a user-specified location (instead of the default), click Customize and enter the Source location. If you select Check Device Attributes, device attribute information is verified after the import. Click Finish. The Add/Import Status Summary appears for you to verify that the import was successful. Where You Should End Up Verification To verify if the devices are imported from HP OpenView: Step 1 Step 2 Select Resource Manager Essentials > Administration > Inventory > Import Status. Do one of the following: Click on any of the statuses to view the devices in that state. If you had selected Check Device Attributes, the number of device attribute errors is also shown. Click this field to view details. Click Update to refresh the display during the operation. You can continue to update the display until the pending count goes to

149 CHAPTER 11 Managing PIX Devices through Proxy Server (Auto Update Server) Your network has deployed thousands of PIX Firewall Series devices to the homes of all the employees of your company. Each employee may access the internet through a different ISP, some behind a firewall, and hence not directly manageable by the Essentials Server. As a network administrator, you need to manage these un-addressable devices. You can accomplish this task by indirectly managing the PIX devices through a supported proxy server like Auto Update Server. (See to the online help for specific procedures on importing, modifying and deleting.) 11-1

150 Importing Information from Proxy Server Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) Importing Information from Proxy Server This will allow devices behind firewalls or Network Address Translation (NAT) boundaries to upgrade software images or configuration files, and pass on device status and information to the Essentials server. This option is specifically aimed at providing a solution to the problem of upgrading edge devices and to avoid the inherent complications in handling software image upgrades in the core of the network. The primary goal of the Proxy Server (Auto Update Server) is to manage devices that obtain their address through dynamic addressing. With dynamic addressing, a network management server does not know the device addresses. See Figure 11-1 for details of how The problem of not knowing the addresses necessitates having these devices contact the Essentials server instead of the server contacting them. The devices may also not be directly addressable: 1. The device contacts the Proxy Server (Auto Update server), providing its current state and device information. 2. The Proxy Server responds with a list of image files that the device should currently be running. 3. The device compares the file versions provided by the Proxy server with the ones running. If they differ, download the new versions from URLs provided. 4. If any of the files on the device have changed, the device restarts the Auto Update process to update the information about the device in the Auto Update server this is called audit trail. (This time it would quickly figure out no updates are needed). This helps the Proxy Server (Auto Update server) maintain an audit trail to immediately know when an update has occurred successfully. The next time you may hear from a device could be a week later; if the polling frequency is a week. Note The current version of Essentials supports only one Proxy Server 11-2

151 Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) Importing Information from Proxy Server Figure 11-1 Importing Information from Proxy Server PIX device Internet PIX device Firewall Auto Update server PIX device PIX device Internet PIX device NAT Boundary

152 What You Need Prerequisites Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) What You Need Prerequisites In this scenario, you will use these applications: Software Management Inventory For a complete description of all the required tasks, refer to the online help. How To Do It Procedures The purpose of this scenario is to show you how you can use specific applications to perform the following tasks: Importing Proxy Server Distributing Images This will help you understand how to use the applications to perform similar tasks in your network. Importing Proxy Server To import the proxy server, do the following: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Select Resource Manager Essentials > Administration > Inventory > Proxy Management. The Import from Proxy Server dialog box appears. Enter the host name of the proxy server in the Host Name field. Enter the port number of the proxy server in the Port Number field. Enter the user name to be used to log into the proxy server in the User Name field. Enter the password in the Password field, and confirm the password in the Verify field. Click Import. 11-4

153 Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) Where You Should End Up Verification Distributing Images To distribute images to the devices, do the following: Step 1 Select Resource Manager Essentials > Software Management > Distribution > Distribute Images. Step 2 Navigate though the options to add devices, select and verify devices to upgrade. See the online help for detailed procedures. Where You Should End Up Verification To verify if the devices are imported from the proxy server: Step 1 Step 2 Select Resource Manager Essentials > Administration > Inventory > Import Status. Do one of the following: Click on any of the statuses to view the devices in that state. If you had selected Check Device Attributes, the number of device attribute errors is also shown. Click this field to view details. Click Update to refresh the display during the operation. You can continue to update the display until the pending count goes to 0. To verify the list of managed devices imported from the proxy server: Step 1 Step 2 Select Resource Manager Essentials > Administration > Inventory > List Devices. Click Update to refresh the display during the operation. 11-5

154 Where You Should End Up Verification Chapter 11 Managing PIX Devices through Proxy Server (Auto Update Server) 11-6

155 12 CHAPTER Checking Device Configuration Changes and Who Made Them Slow network performance has been reported by users at the beginning of the workday. A traceroute (CiscoWorks2000 Server > Diagnostics > Connectivity Tools > Traceroute) indicates a high delay on Router A. As the network administrator, you need to determine if a recent configuration change was made on the router. If a change was made, you also identify who made it. 12-1

156 What You Need Prerequisites Chapter 12 Checking Device Configuration Changes and Who Made Them What You Need Prerequisites In this scenario, you will use these applications: Configuration Management Change Audit No prerequisites are required. For a complete description of the required tasks, refer to the online help. How To Do It Procedures The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. Step 1 Select Resource Manager Essentials > Configuration Management > Compare Configurations. Step 2 Step 3 Step 4 The Compare Configurations window appears. Select Startup vs Running. The Compare Configurations dialog box appears. Select Router A using the device selector, then click Finish. The Configuration Compare report appears. Click the Diffs Only folder in the Configlets pane. The differences between the startup and running configurations are displayed in the Startup and Running panes. 12-2

157 Chapter 12 Checking Device Configuration Changes and Who Made Them Where You Should End Up Verification Where You Should End Up Verification Once you have verified that the startup and the running configurations are different, check to see who made the change so that you can contact the person and find out why it was made. Step 1 Step 2 If you think the change occurred within the last 24 hours, select Resource Manager Essentials > 24-Hour Reports > Change Audit Report. The Change Audit 24-Hour Summary appears. (If you are unsure when the change occurred, select Resource Manager Essentials > Change Audit > Search Change Audit.) To view details for Router A, click Details in the View Details column. The User Name field identifies the user who made the change. 12-3

158 Where You Should End Up Verification Chapter 12 Checking Device Configuration Changes and Who Made Them 12-4

159 13 CHAPTER Creating a Syslog Custom Report As the network administrator of a network with OSPF (open shortest path first), you know an OSPF-2-NOMEMORY syslog message could potentially result in routing problems. You want to create a custom syslog report that lists OSPF NOMEMORY errors, so that you can run the report and check for problems. 13-1

160 What You Need Prerequisites Chapter 13 Creating a Syslog Custom Report What You Need Prerequisites In this scenario, you will use only the Syslog Analysis application. No prerequisites are required. For a complete description of the required tasks, refer to the online help. How To Do It Procedures The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. Step 1 Select Resource Manager Essentials > Administration > Syslog Analysis > Define Custom Report. Step 2 Step 3 Step 4 Step 5 Step 6 The Define Custom Report dialog box appears. Click Add. The Define Custom Report dialog box appears. Enter a name for the report, up to 64 characters long, for example, OSPF Memory. Select the Syslog Message Type, in this case OSPF-2-NOMEMORY. Click Add to place the alert in the Reported Messages column. Select the 24-hour report check box to add the report to the 24-Hour report folder. Click Finish. A confirmation message appears. 13-2

161 Chapter 13 Creating a Syslog Custom Report Where You Should End Up Verification Where You Should End Up Verification Make sure the report was created. Step 1 Step 2 Step 3 Select Resource Manager Essentials > 24-Hour Reports > Syslog Messages. The Syslog 24-Hour Report appears. Click the OSPF Memory report to view the details. Click Close when you are finished. 13-3

162 Where You Should End Up Verification Chapter 13 Creating a Syslog Custom Report 13-4

163 14 CHAPTER Maintaining Your Inventory Information As a network administrator you need to perform maintenance to keep your inventory information updated. 14-1

164 What You Need Prerequisites Chapter 14 Maintaining Your Inventory Information What You Need Prerequisites In this scenario, you will use these applications: Contract Connection Inventory No prerequisites are required. For a complete description of the required tasks, refer to the online help. How To Do It Procedures To perform maintenance tasks: Check the Contract Status on Network Devices Update Device Serial Numbers The purpose of this scenario is to show you how you can use specific applications to perform these tasks. This will help you understand how to use the applications to perform similar tasks in your network. Check the Contract Status on Network Devices Step 1 Step 2 Step 3 Select Resource Manager Essentials > Contract Connection > Check Contract Status. The CCO Login dialog box appears. Enter your CCO username and password, then click Next. The Select Contracts dialog box appears. If you do not see any contracts, you might not have the privileges required for Contract Agent access. Visit Cisco Service Contract Center and check your contract details. Complete the Select Contracts dialog box: a. Press Ctrl and click the left mouse button to select individual contracts or use Shift-Click to select a range of contracts. 14-2

165 Chapter 14 Maintaining Your Inventory Information How To Do It Procedures Note For AIX clients, press Ctrl and click the left mouse button to select individual contracts or multiple contracts. Step 4 Step 5 Step 6 b. To select devices click Next. The Select Devices dialog box appears. Select the devices, click Next. c. If you do not want to select specific contracts or devices, click Finish to select all contracts. The Transfer Data to Contract Agent dialog box appears. Click Finish to transfer the device details from your Essentials database to the Contract Agent on Cisco.com. The Device Type Summary Report appears. Save the report using the Save As tab or CSV format option. Click Close. Update Device Serial Numbers The electronic serial number (number embedded in the software on the device) rarely matches the shipment serial number (serial number on the device at the time of shipment from Cisco) known to the Contract Agent. To update device serial numbers: Step 1 Step 2 Review a recent Device Type Summary report. Follow the Check the Contract Status on Network Devices procedure. Using the report, highlight the devices that do not have their managed serial numbers. This is the number from the Essentials inventory database that the Contract Agent matches with the shipment serial number in their database. 14-3

166 Where You Should End Up Verification Chapter 14 Maintaining Your Inventory Information Step 3 Retrieve the serial number for each device and enter it on your hard copy report. Select Resource Manager Essentials > Administration > Inventory > Change Device Attributes and manually enter each serial number into the Essentials inventory. For detailed procedures on changing device attributes, refer to the online help. Where You Should End Up Verification After you perform maintenance tasks: Verify the Contract Status on Network Devices Verify Device Serial Numbers Are Updated Verify the Contract Status on Network Devices If the report shows that you need to update any of your contracts, contact your Cisco representative. Verify Device Serial Numbers Are Updated Step 1 Step 2 Select Resource Manager Essentials > Contract Connection > Check Contract Status to rerun the Device Type Summary Report. Review the device serial numbers you just added to make sure they are accurate. 14-4

167 P ART 3 Appendixes

168

169 APPENDIX A Troubleshooting Essentials This appendix provides information on troubleshooting Essentials applications and Essentials-related CiscoWorks2000 Server problems. Tip For the latest technical tips, suggestions for troubleshooting common issues, and frequently asked questions (FAQs) on most Essentials applications, you can go to the following URL: Change Audit FAQs Configuration Management Contract Connection Inventory Software Management Syslog Analysis CiscoWorks2000 Server A-1

170 Change Audit FAQs Appendix A Troubleshooting Essentials Change Audit FAQs Can I track every configuration change made to routers and switches in my network and who made them? Yes, if the devices have been enabled for syslog. All changes made on a device are logged, including changes made by outside Telnet sessions. You can enable Change Audit to listen to the syslog messages so that it can update the archive with the changed version of the configuration file and log the change. Select Resource Manager Essentials > Administration > Configuration Management > General Setup, then select the Change Probe Setup tab and enable Listen to Syslog Messages. You can check for changes by selecting Resource Manager Essentials > Change Audit > All Changes. If the change was made by an outside Telnet session, Unknown is listed in the Connection Mode column of the report. Configuration Management Configuration Management FAQs Where can I find out what devices are supported by Configuration Management? If I import devices from a remote NMS, can I compare the startup vs. running configurations? Can I execute Network Show Command sets for more than 10 devices? How many Network Show Commands are allowed per command set? Can I execute all device commands using Network Show Commands? If I m having problems with the Network Show Commands option, where can I check for error messages? Where can I find out what devices are supported by Configuration Management? Select CiscoWorks2000 Server > About CiscoWorks2000 > Applications and Versions. Under the CW2000 Installed Applications, click Configuration Archive to see a list of supported devices. A-2

171 Appendix A Troubleshooting Essentials Configuration Management If I import devices from a remote NMS, can I compare the startup vs. running configurations? Yes, but first you must: Step 1 Step 2 Step 3 Select Resource Manager Essentials > Administration > Inventory > Change Device Attributes. Select all the devices with the same passwords. Change the TACACS usernames and passwords. Can I execute Network Show Command sets for more than 10 devices? No. You can execute command sets for only 10 devices. How many Network Show Commands are allowed per command set? Each command set can contain a maximum of 6 router commands, 6 Catalyst commands and 6 FastSwitch commands. Can I execute all device commands using Network Show Commands? No, only show commands are supported. However, commands such as help,?, debug, ping, traceroute, and where are also supported. If I m having problems with the Network Show Commands option, where can I check for error messages? You can check for messages in these locations: The Java console available with your browser. In the Essentials server log files in /var/adm/cscopx/log for UNIX systems, and in NMSROOT/lib/jrun/jsm-cw2000/logs on Windows 2000 systems. In additional log files in /opt/cscopx/objects/jrun/jsm-cw2000/logs on UNIX systems, and in NMSROOT/log on Windows 2000 systems. In the Process Status dialog box. Select CiscoWorks2000 Server > Administration > Process Management > Process Status. A-3

172 Configuration Management Appendix A Troubleshooting Essentials Troubleshooting Configuration Management Use Table A-1 to help troubleshoot the Configuration Management application. Table A-1 Configuration Management Troubleshooting Table Symptom Probable Cause Possible Solution The archive cannot retrieve the configuration module for Catalyst devices. The archive cannot retrieve the running configuration for a device. The archive cannot retrieve the startup configuration for a device. DNS hostname mismatch.the ip_address is unknown to DNS. Incorrect password given when adding or importing the device. Incorrect read and write community strings given when adding or importing the device. Incorrect password given when adding or importing the device. The device does not have the DNS server set up to resolve the hostname. Enter the correct Telnet and enable passwords for the Catalyst devices in the Essentials database. The configuration archive uses Telnet to gather module configurations for Catalyst devices. Enter the correct read and write community strings in the Essentials database. You can also change the order of the protocols used to retrieve the configuration. (The configuration archive downloads configurations from devices using three different transport protocols in order: TFTP, Telnet, and rcp.) Enter the correct Telnet and enable passwords for the device in the Essentials database. If the device is configured for TACACS authentication, add the TACACS username and password (not the Telnet password) in the Essentials database when you import the device. If the device is configured for local user authentication, add the local username and password in the Essentials database. Make sure the DNS server can recognize the device hostname, or specify the IP address instead of the hostname. A-4

173 Appendix A Troubleshooting Essentials Configuration Management Table A-1 Configuration Management Troubleshooting Table (continued) Symptom Probable Cause Possible Solution Increase the SNMP timeout values. SNMP timeout prevents TFTP from retrieving the running configuration for a device. Network Show Commands execute command set error message: Sorry, no output for this command. Internal error. Network Show Commands message: %Incomplete command. Network Show Commands error message: The command you entered is not a valid command. Network Show Commands error message: Failed to run show commands. Network Show Commands mail error message: SMTP not configured properly. SNMP did not allow enough time for the operation. The device is unreachable. Enable the device. The device attributes have been changed. Incomplete show command specified. Used an invalid show command. The wrong command has been entered for the device. For example, a switch command has been entered for a router. The SMTP server is not running on the mailer machine. Update the device attributes in the Inventory database by selecting Resource Manager Essentials > Administration > Inventory > Change Device Attributes. Instead of entering an abbreviated command, such as show ip, provide the complete command, for example show ip route. Enter a valid show command. Make sure you enter a command that is valid for the device. Make sure the SMTP server is running on the host. A-5

174 Contract Connection Appendix A Troubleshooting Essentials Contract Connection Contract Connection FAQs What are the different types of serial numbers used in Contract Connection? What do I do if the serial numbers are out of sync? Why is the Electronic Serial Number field blank? What are the different types of serial numbers used in Contract Connection? There are three types; two on the device and one in the inventory database: Shipment Serial Number, which is embedded on the chassis hardware. Electronic Serial Number, which you set using CLI when you introduce the device to the network. Managed Serial Number, which is the serial number reflected in the inventory database. What do I do if the serial numbers are out of sync? For Contract Connection to work properly, start with the Shipment Serial Number, because that is the serial number known to Cisco, and do the following: Step 1 Step 2 Using the CLI, as described in the device configuration guide, make sure that the Electronic Serial Number matches the Shipment Serial Number. Change the Managed Serial Number to match the other two using Resource Manager Essentials > Inventory > Administration > Change Device Attributes. Why is the Electronic Serial Number field blank? It is blank because it was not set in the device software when the device was introduced to the network. Update the number using the CLI, as described in the device configuration guide. A-6

175 Appendix A Troubleshooting Essentials Inventory Inventory populates the Managed Serial Number using SNMP to get the MIB serial number information from the Electronic Serial Number setting. If the Managed Serial Number field is blank, the inventory collector could not collect the information for one of these reasons: The Electronic Serial Number field is not set. You can set this field by using the CLI as described in the device configuration guide, and update the inventory database by selecting Resource Manager Essentials > Inventory > Administration > Change Device Attributes. The device does not support MIBs for serial numbers. Select Resource Manager Essentials > Inventory > Administration > Change Device Attributes to enter the information in inventory. Inventory Inventory FAQs Where can I find out what devices are supported by Inventory? What main methods do I have for performing data collection? How often should I run Schedule Collection? What does the Inventory Poller do? How do I know when a schedule collection was last performed and how long it took? How can I see the most recent changes? Why is the Device Serial Number field blank in inventory? How can I make sure a device s serial number is correct, and fix it, if it is wrong? Where can I find out what devices are supported by Inventory? Select Server Configuration > About the Server > Applications and Versions. Under CW2000 Installed Applications, click Inventory manager to see a list of the supported devices. A-7

176 Inventory Appendix A Troubleshooting Essentials What main methods do I have for performing data collection? You have the Schedule Collection option (Resource Manager Essentials > Administration > Inventory) or the Update Inventory option (Resource Manager Essentials > Administration > Inventory). Schedule Collection is the heavyweight collection method. It collects on all managed devices at a scheduled time and updates the database. Update Inventory collects information only on the devices you specify, and it collects the information right away. Update Inventory uses the same collection mechanism as Schedule Collection. How often should I run Schedule Collection? You should run the Schedule Collection option at least once a week. If your system has more than 100 devices, you might not want to run Schedule Collection that often because it could place too heavy a load on your network. To detect changes in managed devices with the least impact on your network, use the Inventory Poller option. What does the Inventory Poller do? The Inventory Poller uses a lightweight mechanism to determine whether database information is out-of-date. Although the Inventory Poller itself does not perform an actual collection, it determines whether any device information is out-of-date. If information is outdated, the Inventory Poller initiates a full collection on the pertinent devices. How do I know when a schedule collection was last performed and how long it took? The Scan History option (Resource Manager Essentials > Inventory > Scan History) will give you this information. How can I see the most recent changes? To view inventory changes made in the last 24 hours, use the Inventory Change Report option (Resource Manager Essentials > 24-Hours Reports). To view changes made since the last scheduled collection, use the Change Audit application. A-8

177 Appendix A Troubleshooting Essentials Inventory Why is the Device Serial Number field blank in inventory? The field is blank because inventory could not obtain the information from the device. This is due to one of these reasons: The serial number was not set in the device software when the device was introduced to the network. This should have been done using CLI, as described in the device configuration guide. The device does not support MIBs for serial numbers. In either case you can set the serial number in the inventory database by selecting Resource Manager Essentials > Administration > Inventory > Change Device Attributes, and setting the field to the serial number printed on the device chassis. How can I make sure a device s serial number is correct, and fix it, if it is wrong? The serial number in inventory should always match the number printed on the chassis. If the serial number does not match the number on the chassis, change it using Resource Manager Essentials > Administration > Inventory > Change Device Attributes. Troubleshooting Inventory Use Table A-2 to troubleshoot the Inventory application. Table A-2 Inventory Troubleshooting Table Symptom Probable Cause Possible Solution Device import from local database fails. (Solaris only.) The user casuser is not a member of the CiscoWorks groups. Add group membership before starting Essentials. Device import from remote NMS fails. The name resolution is incorrect. Essentials and the remote NMS reside in different DNS domains. Correct the name resolution. If that is not possible, then apply remote import rules; add.rhosts to the casuser home directory. Set up Essentials and the remote NMS stations in the same DNS domains. A-9

178 Inventory Appendix A Troubleshooting Essentials Table A-2 Inventory Troubleshooting Table (continued) Symptom Probable Cause Possible Solution The device serial numbers or the router chassis numbers differ from those on outside labels. Hardware reports get data from the user-defined optional serial number field when the device or router is added to Essentials (or through Change Device Attributes), not from the SNMP variable chassis serial number. The user-defined serial number takes precedence over the outside label number. No action is required. However, you might want to change the serial number so that it matches the outside label number by selecting Resource Manager Essentials > Inventory > Change Device Attributes. A-10

179 Appendix A Troubleshooting Essentials Inventory Table A-2 Inventory Troubleshooting Table (continued) Symptom Probable Cause Possible Solution The database is corrupt. The device stays in a pending state. The DIServer is not running. A broadcast address has been imported and is being used for an SNMP write. Stop Essentials. Install a backup database, if you have one; otherwise, install the basic database, px.db, over the corrupt database. 1. Back up or rename the corrupted database files: CSCOpx/databases/rme/rme.db CSCOpx/databases/rme/syslog.db 2. Install the basic database files: From CSCOpx/databases/rme/orig/rme.dborig to CSCOpx/databases/rme/rme.db From CSCOpx/databases/rme/orig/syslog.dborig to CSCOpx/databases/rme/syslog.db Both files must be copied into the database location and must be owned by user casuser and group casusers on both Windows 2000 and UNIX systems. Check the process status. If the DIServer is not running, restart it. Suspend the device. Run the address validation tool on the device by selecting CiscoWorks2000 Server > Diagnostics > Connectivity Tools > Validate Device Addresses to ensure that a broadcast address or network address is not being used. A-11

180 Inventory Appendix A Troubleshooting Essentials Table A-2 Inventory Troubleshooting Table (continued) Symptom Probable Cause Possible Solution Devices are not importing. Cannot add a device to the database. The access list is applied to the SNMP-server community configurations. There has been an SNMP timeout. Reverse DNS lookup failed. The device name is not configured in the DNS or localhost file. The HPOV/SNMP has an old version of wsnmp.dll files. Add the permissions to the access lists on all routers. Increase the SNMP slow timeout and slow retry values. Add a device entry to the localhost file. Add a device entry to DNS or localhost file. Remove or rename HP OpenView version of the wsnmp.dll files. A-12

181 Appendix A Troubleshooting Essentials Software Management Software Management Software Management FAQs Can an option be provided during Software Management installation to update the /etc/inetd.conf file? How does Software Management handle proxy environments? Does Software Management support proxy with user authentication environments? When a Software Management job is scheduled, how is the baseline determined? When I distribute a job, is an automatic backup performed? Can I set up a periodic download of Software Management images from Cisco.com? Is browser timeout something I should consider when downloading? Do bug reports work for both Cisco IOS and switches? How is the filtering done? Does Software Management document how much we can filter at a granular level? What are crypto images? When does Software Management use the RCP protocol to transfer images? Are there DNS dependencies for RCP to work properly for a device? Why does Software Management sometimes leave behind image files in the tftpboot directory after an upgrade? How much temporary space is required during image distribution? What is the maximum recommended number of devices per upgrade job? What is the default SNMP timeout used by Software Management? Can I configure it? At what time will the images directory get created during the process of obtaining images from a device? Does this happen during the initial step? Which Cisco IOS devices support bootldr images? Does Software Management support Cisco IOS 12.0? A-13

182 Software Management Appendix A Troubleshooting Essentials Should I use special images with SWIM for 2900XL/3500XL devices? How can I speed up Image Recommendation? When a job is rejected, can it be edited or should I resubmit? Can different group members edit jobs? What are the restrictions? What is the role of the registry files in RME? How do I upgrade Network Analysis Module (NAM) using Software Image Management (SWIM)? Can an option be provided during Software Management installation to update the /etc/inetd.conf file? No. The Software Management installation automatically adds an entry in the /etc/inetd.conf file to start the in.tftpd process. Note This process may not work in all environments. After installing, the administrator must ensure that the system is setup correctly to run the TFTP/RCP server. How does Software Management handle proxy environments? Software management uses http protocol to communicate with Cisco.com for downloading images and their attributes. If you use http proxy for Internet connectivity, configure proxy URL information by selecting Resource Manager Essentials > Administration > System Configuration. Does Software Management support proxy with user authentication environments? No. When a Software Management job is scheduled, how is the baseline determined? When I distribute a job, is an automatic backup performed? There are two operations that import images from the network to the software library: Baseline tasks Synchronization The baseline task (Resource Manager Essentials > Software Management > Add Image to Library > Network) should be done only once as a part of the initial setup. This imports the images running on the network to your library. A-14

183 Appendix A Troubleshooting Essentials Software Management To keep the library synchronized with any new images and changes caused by upgrades from sources other than Software Management, schedule a synchronization job to run periodically at appropriate intervals. When this synchronization job runs, it looks for differences between the library and the network and allows any new images to be imported. During job distribution, Software Management backs up the current running image only if the option to backup current running image or tftp fallback was selected when the job was created. Can I set up a periodic download of Software Management images from Cisco.com? No. However, you can schedule a one-time import from Cisco.com to occur at a later time. Software Management does not allow you to automatically import images from Cisco.com to the library based upon your preferences. Is browser timeout something I should consider when downloading? The image import operation from Cisco.com and other devices can be done on a scheduled basis. Because this process runs as a background task on the server, the browser is not involved; however, when an immediate import operation is done, it is performed as a foreground task, and the browser can still timeout. Do bug reports work for both Cisco IOS and switches? How is the filtering done? Does Software Management document how much we can filter at a granular level? Yes, bug reports are supported for both the Cisco IOS software and Catalyst switches. The filtering is done only on the basis of the software version and the platform. This means that a Cisco 2503 running IOS 11.3(2) will produce the same report as a Cisco 2511 access server running IOS 11.3(2). In Software Management, the features and protocols enabled on the device are not taken into account; this can result in a large number of bugs being reported against a device, not all of which may be applicable to your environment. You must manually review the bugs to find those which may be important to you. What are crypto images? Crypto images are software images that use 56-bit Data Encryption Standard (DES) (or higher) encryption, and are subjected to export regulations. You must be a registered Cisco.com user, and be eligible and authorized to download such images. A-15

184 Software Management Appendix A Troubleshooting Essentials When does Software Management use the RCP protocol to transfer images? If you select the remote copy protocol (RCP) preference under Resource Manager Essentials > Administration > Software Management > Edit Preferences, Software Management uses the RCP protocol to transfer images (upload and download) to Cisco IOS software devices that support CISCO-FLASH-MIB. Cisco Catalyst 5000 switches and Cisco 700 Series devices do not support RCP. Cisco IOS devices that do not support RCP include Cisco 7000 Series (RP-based 7000 only) and MC3810. All other Cisco IOS devices support the RCP protocol. Software Management always uses the TFTP protocol for config file updates on Cisco IOS devices. Are there DNS dependencies for RCP to work properly for a device? Yes. If there are multiple IP addresses configured on the device, all IP addresses on the device must be configured using Domain Name System (DNS). Examples of devices with multiple IP addresses are those having many interfaces, with each interface configured with its own IP address, or a device that interfaces configured with primary and secondary IP addresses. Configure the DNS so all IP addresses are resolved to the same host name. The host name in the DNS should match the hostname in the RME Inventory. Why does Software Management sometimes leave behind image files in the tftpboot directory after an upgrade? Software Management removes the image files from the tftpboot directory after the upgrade unless the tftp fallback job option is set. If the tftp fallback option is set, Software Management uploads the image from the device and leaves it in the tftpboot directory for fallback. Software Management also modifies the boot system commands on the device to add a fallback command to boot from the original image on the Essentials TFTP server if the upgraded image does not boot. How much temporary space is required during image distribution? The amount of free space that is required depends upon the image file size and the number of devices that are being upgraded simultaneously. If the tftp fallback option is set, additional free disk space is required to keep the current image in the tftpboot directory. Disk space is used both in the tftpboot and temp directories. A-16

185 Appendix A Troubleshooting Essentials Software Management What is the maximum recommended number of devices per upgrade job? Each job upgrades devices sequentially. The duration of the upgrade varies depending on the network bandwidth and the type of devices being upgraded. The recommended maximum number of devices per job is 12. What is the default SNMP timeout used by Software Management? Can I configure it? Software Management makes three attempts to connect to the device using SNMP. The first retry timeout interval of 10 seconds is not configurable. Subsequent retry timeout intervals are configurable and are based on the value in the slow timeout variable. To verify the timeout value, select Resource Manager Essentials > Administration > System Configuration. If the initial attempt to connect to the device fails, Software Management waits three minutes before it attempts to connect again. The three minute wait enables routing protocol or spanning tree convergence to occur, which could have been initiated because another device was rebooted during the software upgrade. The number of retries is not configurable. The underlying Software Management stack also tries three times to connect to the device. All the secondary addresses configured in DNS for the device are tried during each attempt. At what time will the images directory get created during the process of obtaining images from a device? Does this happen during the initial step? The software images directory gets created at the time of importing an image to the library; however, this should be transparent to you. Which Cisco IOS devices support bootldr images? The following Cisco IOS device families support bootldr images: Cisco 4500, 4700 Cisco 7500, RSP-based 7000 Cisco 7200 Access Servers 5200, 5300, 5800 Route Switch Module (RSM) on Catalyst 5000 Does Software Management support Cisco IOS 12.0? No. A-17

186 Software Management Appendix A Troubleshooting Essentials Should I use special images with SWIM for 2900XL/3500XL devices? 2900XL/3500XL devices consist of the following three images: Regular Cisco IOS Software Image. A TAR format HTML image that contains files for Visual Switch Manager. A TAR format image that contains both the above mentioned images. Sotware Management uses the TAR format image that contains the Cisco IOS and HTML image. This image is posted on Cisco.com as are other images for 2900XL/3500XL. When using Essentials for software upgrades, images with description Enterprise-IOS and HTML-Use with RME 2.1 or later or Standard-IOS and HTML-Use with RME 2.1 or later should be used. When Add Image to Library from CCO/Slam Dunk is used, only these images are displayed. How can I speed up Image Recommendation? If you include Cisco.com for Image Recommendation, try to limit the images by filtering (Resource Manager Essentials > Administration > Software Management >Edit Preferences). When a job is rejected, can it be edited or should I resubmit? You can retry a rejected job; this creates a new job with all the parameters and attributes of the original job. Can different group members edit jobs? What are the restrictions? The only job attribute that can be edited is the schedule time for non maker-checker jobs. Any user who has the netadmin role defined can edit jobs or create new jobs; however, in the maker-checker model, the jobs can only be approved by users who are in the approver list specified during the creation of the job. A-18

187 Appendix A Troubleshooting Essentials Software Management What is the role of the registry files in RME? Software Management manipulates the Windows 2000 registry to automatically manage remote authentication during the rcp transfers on Windows The following registry parameters are important for rcp service on Windows 2000: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\DEBUG Dictates the amount of debug information written in the Windows 2000 event log. (Default = 0, Maximum = 0xff) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\rhosts Contains the list of authenticated hosts that can run remote commands on this machine. This list is automatically managed by Software Management. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\rusers Contains the list of authenticated remote users that can run remote commands on this machine. This list is automatically managed by Software Management. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\NoRuserCheck If set to 1, the remote user authentication is skipped or, in other words, any remote user from authenticated hosts can run commands on this machine. (Default = 0) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmrsh\ Parameters\NoRhostCheck If set to 1, the remote host authentication is skipped or, in other words, commands can be run on this machine from any remote machine. (Default = 0) How do I upgrade Network Analysis Module (NAM) using Software Image Management (SWIM)? To upgrade NAM using using Software Image Management (SWIM): Ensure that the passwords for NAM s application and maintenance modes are the same. A-19

188 Software Management Appendix A Troubleshooting Essentials This is because SWIM takes the password information from Inventory. However, Inventory requires the application mode password to manage the device, and SWIM requires the maintenance mode password to upgrade the device. Therefore, the passwords for NAM s application and maintenance modes should be the same. For a NAM card present in a Catalyst 6000 device running CatOS, ensure that you set auto logout to a value that is high enough to allow the copying of the new image. This is because a NAM image is usually very large (nearly 65 MB), and it may take between 1 to 2 hours to copy this image during SWIM upgrade. We recommend that you set the auto logout to 0 to ensure that there is no auto logout while the image is being copied. To set the auto logout value, use the CLI command, set logout 0. For a NAM card present in a Catalyst 6000 device running IOS, ensure that you set exec timeout to a value that is high enough to allow the copying of the new image. We recommend that you set the exec timeout value to 0 (exec-timeout 0 0) on all the vty lines. Ensure that the htdocs directory under CSCOpx has enough space to stage the NAM image. During the NAM upgrade, SWIM first copies the NAM image from the NMSROOT/CSCOpx/files/sw_images directory, to the NMSROOT/CSCOpx/htdocs/swimtemp directory and then copies the NAM image to the NAM card, using HTTP. Ensure that NAM is added with the correct Local User (root) and its password. Ensure that NAM is added with the correct SNMP read/write community strings. Ensure that the switch, which contains NAM, is added with the correct attributes. A-20

189 Appendix A Troubleshooting Essentials Software Management Troubleshooting Software Management Use Table A-3 to troubleshoot the Software Management application. Table A-3 Software Management Troubleshooting Table Symptom Probable Cause Possible Solution The approver cannot Job Approval is enforced Create a new job and submit it for approval. change the on the Distribute Images When the Distribute Images job requires approval, scheduled time for jobs. Software Management does not allow you to change the Distribute the scheduled time for the job from the Browse Jobs Images job using screen. Software Management. Cannot undo an upgrade on Microcom firmware and Catalyst devices. Distribute Images and Image Import jobs fail on a device. A job is in a pending state after the scheduled time. Undoing a software upgrade is not supported on the devices. Defective software is running on the device. The Essentials server is not functioning correctly, has been powered off, or has been rebooted before the scheduled time. Check the Supported Device Matrix in online help for the supported devices and software releases. Go to Cisco.com and examine the software image. If it is deferred, contact your TAC representative. If the software image is not deferred: 1. Select Resource Manager Essentials > Administration > Software Management > Edit Preferences. 2. Select Enable Debugging. 3. Rerun the job and then use the Mail or Copy Log File option to extract Software Management debugging information. 4. Send the information and a complete description of the problem to your TAC representative. Software Management moves the job to an error state 1 hour after the scheduled time. Do not change the job while it is pending; the system will take care of it. If necessary, create another job. A-21

190 Software Management Appendix A Troubleshooting Essentials Table A-3 Software Management Troubleshooting Table (continued) Symptom Probable Cause Possible Solution A job is running, but the Job Details report shows no progress. While modem or CIP microcode images are being added to the Software Management library, the image type is displayed as Unknown. Software Management cannot retrieve attributes from images. Cannot schedule Distribute Images and Image Add jobs. Essentials cannot upload images from a device. The Mail or Copy Log File function does not mail log files. (Windows 2000 only.) The Essentials server is not functioning correctly, has been powered off, or was rebooted while the job was running, causing the job to stop. Images for the 3640 digital modems are not imported in an AS5300 format file. The Microcode firmware image is not combined firmware/dsp code. The CIP Microcode version is older than 22.0 The at service is not running or is configured incorrectly. Essentials needs read-write SNMP access to the device. The address is incorrect. Software Management moves the job to an error state 1 hour after the scheduled time. Do not change the job while it is pending; the system will take care of it. If necessary, create another job. Download a supported version of the software or firmware from Check the Supported Device Matrix in online help for the supported devices and software releases. If Essentials is running on a Windows 2000 system, select Control Panel > Services and check that the service is running. If it is not, start it manually. If Essentials is running on a Solaris system, make sure the /usr/bin/at command is present. Also make sure that the at.deny file in the /usr/lib/cron directory does not contain the casuser username. Configure the read-write SNMP string on the device. Enter the correct address in the Mail or Copy Log File options. A-22

191 Appendix A Troubleshooting Essentials Software Management Table A-3 Software Management Troubleshooting Table (continued) Symptom Probable Cause Possible Solution Software Management does not recognize the Mica/Microcom/CIP cards on an AS5x00 or 7x00 device. Rcp is not being used to transfer software images between the Essentials server and devices. The devices are running an unsupported version of IOS system software. The device does not support rcp protocol. (Only Cisco IOS devices support rcp.) or Rcp is not properly configured on the Essentials server. Check the Supported Device Matrix in online help for supported devices and software releases. 1. Make sure your device is IOS-based. 2. Make sure that rcp is defined as the preferred protocol. 3. Select Resource Manager Essentials > Administration Inventory > System Configuration to make sure that an rcp username is configured. If Essentials is running on a Windows 2000 system: 1. Verify that the CRMrsh service is running correctly using Control Panel > Services. 2. If the service is stopped, start it manually. 3. Launch the Event Viewer from the Administrative Tools group to make sure that the service has started properly. If Essentials is running on a Solaris system, make sure that the home directory for the rcp user account has an.rhosts file in it and that the user casuser has write privileges. A-23

192 Software Management Appendix A Troubleshooting Essentials Table A-3 Software Management Troubleshooting Table (continued) Symptom Probable Cause Possible Solution The options to Browse Bugs by Device and Locate Devices by Bugs result in the internal error: Can't resolve address for proxy. The Schedule Synchronization Job report is not mailed. (Windows 2000 only.) Unable to download IOS (error 4151). The proxy or DNS configuration is incorrect. Incorrect address. The SMTP server is not configured. The /var/tmp file has insufficient space to accommodate the IOS image. 1. Make sure the proxy URL is set up correctly. Select Resource Manager Essentials > Administration > Inventory > System Configuration. 2. If you configure a hostname for the proxy URL, check for the DNS configuration on the Essentials server. 3. Make sure that you are not required to enter a login each time you access the system. Multiple logins are not supported. If none of the previous steps correct the error: 1. Run your Internet browser on the server where Essentials is installed. 2. Configure the proxy in the browser. 3. Check to see if you can access 4. Call TAC and tell them the actions you have taken to troubleshoot the error and the results. Correct the address in the Schedule Synchronization Job option. Configure the SMTP server by selecting Resource Manager Essentials > Administration > Inventory > System Configuration. Increase the /var/tmp space. A-24

193 Appendix A Troubleshooting Essentials Syslog Analysis Table A-3 Software Management Troubleshooting Table (continued) Symptom Probable Cause Possible Solution The CCO Upgrade Analysis screen and the Recommend Image Upgrade screen time out. The upgrade failed. The connection to Cisco.com from the Essentials server is slow. The Cisco.com server is down. The Cisco.com filters are not configured correctly. Software Management does not allow an upgrade from version 4.0 software to version 4.2 X.25 software on the Cisco 700 series. Configure Cisco.com filters or select fewer numbers of devices and then retry the operation. If these actions do not work, follow the instructions specified for the symptom: The Browse Bugs by Device and Locate Devices by Bugs options result in the internal error: Can t resolve address for proxy. Upgrade the device to version 4.1 (any feature set), and then upgrade to version 4.2 X.25 software image. Syslog Analysis Syslog Analysis FAQs Why am I not getting syslog messages for my devices? Why does the syslog window appear to lock up when daily syslog messages are being retrieved? Where does Essentials keep syslog messages? Where can I get the description of the error messages? Why am I not getting syslog messages for my devices? You might not be getting syslog messages for one of the following reasons: The device is not managed by Essentials. The syslog parameters are not enabled correctly on the device. A-25

194 Syslog Analysis Appendix A Troubleshooting Essentials Too many messages are being received by the syslog program. On Windows 2000 systems, logging for the PIX firewall has a tendency to lock the syslog function due to the massive number of messages from the firewall. Filters might be applied to incoming syslog messages. By default, Link Up/Down, PIX, Severity 7, and IOS Firewall Audit Trail messages are filtered out. Why does the syslog window appear to lock up when daily syslog messages are being retrieved? The query program used by syslog generates large (1.5 MB and greater) HTML pages in table format, and some HTML programs have problems viewing pages this large. It might take a little longer to display large syslog reports. Where does Essentials keep syslog messages? Look in /etc/syslog.conf to see in which files the syslog information is logged. Essentials uses only the syslog file for local7 to get information for the network devices and then writes the information to the /var/adm/cscopx/log/dmgtd.log file. Where can I get the description of the error messages? To get the description of the error messages follow either of these procedures: Procedure 1 Step 1 Step 2 Step 3 Step 4 Step 5 Select Resource Manager Essentials > Syslog Analysis > Standard Reports. Select the views and devices of the report you want then click Next. The Select Dates and Report Type dialog box appears. Select the report type and the dates for the report. Click Finish. Click on * in the details column for the respective device name. A-26

195 Appendix A Troubleshooting Essentials Syslog Analysis Procedure 2 Step 1 Step 2 Step 3 Step 4 Select Resource Manager Essentials > Syslog Analysis > Unexpected Device Report. Select the dates for the report. Click Finish. Click on * in the details column for the respective device name. Troubleshooting Syslog Analysis Use Table A-4 to troubleshoot the Syslog application. Table A-4 Syslog Troubleshooting Table Symptom Probable Cause Possible Solution Filters are not taking effect. Message source is given as???? (Solaris only.) New messages are not appearing in reports after changing syslog message file using Syslog Analysis > Change Storage options. It takes about 5 minutes for filters to propagate to process. The syslogd is unable to resolve the source address of the network device sending the message. A new filename needs to be defined in the configuration information. If you need the filters to take effect immediately, restart the remote Syslog Analyzer Collector. Add a name resolution for the device to DNS, /etc/host, and similar items. Install Solaris patch This will change the??? to an octal IP address in brackets [ ]. This allows the format to be parsed by the syslog analyzer. On Windows 2000 systems, run the registry editor, regedit. Then set the parameters to the name of the file for logging the syslog messages on HKEY_LOCAL_SYSTEM > System > CurrentControlSet > Services > crmlog. On Solaris systems, modify the /etc/syslog.conf file. (For more information, refer to the Solaris man pages.) A-27

196 Syslog Analysis Appendix A Troubleshooting Essentials Table A-4 Syslog Troubleshooting Table (continued) Symptom Probable Cause Possible Solution Logging is enabled in the IOS/Catalyst device to send messages to Essentials, but it is not working. The syslog daemons are not running properly. Messages sent to the Essentials server by network devices are logged by a process independent of the Syslog Analyzer. On Solaris systems, this process is syslogd and on Windows 2000 systems, this process is the Essentials syslog service. The device is configured incorrectly. 1. Telnet to the device and log in. 2. Enter enable and the enable password. 3. Enter configure terminal. 4. Enter logging on. 5. Enter the IP address of the Essentials server to receive router messages. 6. Enter End. 7. On Solaris systems, view the file named in the local7.info line (default is /var/log/syslog_info) in the /etc/syslog.conf file. If this file does not exist, create one and make sure it can be accessed by syslogd. 8. On Windows 2000 systems, view the file in C:\Program Files\CSCOpx\log\syslog.log. 9. Send an HUP signal to syslogd (kill -HUP 'cat/etc/syslog.pid'). If the syslog message from the device is not in the syslog file, check device configuration. If the syslog message is in the syslog file, make sure that the syslog daemons are running properly: On Solaris systems, enter /usr/ucb/ps -aux grep syslogd On Windows 2000, go to the Control Panel and make sure the Essentials syslog service is running. Make sure the device is logging to the correct Essentials server. (Refer to the device documentation for details on enabling syslog.) A-28

197 Appendix A Troubleshooting Essentials Syslog Analysis Table A-4 Syslog Troubleshooting Table (continued) Symptom Probable Cause Possible Solution No messages appear on any generated syslog report. Remote collector error message: Could not start the Syslog collector service on the server_name ERROR 0002: The system cannot find the file specified. (Windows 2000 only.) Network devices are not sending messages to the Essentials server. Select Resource Manager Essentials > Administration > Syslog Analysis > Collector Status to examine the Syslog Analyzer Collector status. If the numbers are all zeros, make sure that network devices are sending messages to the Essentials server. (Refer to procedures for setting up an IOS/Catalyst device.) Installation failure. Install a remote collector on a Windows 2000 system by entering SacNTService/install. Do not add an.exe extension to the file name. A-29

198 Syslog Analysis Appendix A Troubleshooting Essentials Table A-4 Syslog Troubleshooting Table (continued) Symptom Probable Cause Possible Solution Remote collector error messages: Could not start the Syslog collector service on the server_name ERROR 1067: The process terminated unexpectedly and SacNTService: The service cannot be started without the properties file specified, please specify the properties file you want to use. (Windows 2000 only.) The remote collector is not running properly when it is installed and started on a non-essentials machine. Configuration failure. 1. Configure the remote collector. Select Control Panel > Services. Incorrect configuration parameters. 2. Select Cisco Syslog_Collector. 3. In the Startup Parameters field, enter the location of your SAenvProperties.ini file, for example: -pr c:\\temp\\saenvproperties.ini. Remember to use \\ to separate the directory paths. 1. Check the remote collector table for the name and status of the remote collector. 2. Make sure that the parameter SAC_SERVER is set to the hostname of the Essentials server. 3. On Solaris systems, view the SAEnvProperties.ini file located in the following directory: /opt/cscosac/lib/classpath/com/cisco/nm/sysloga /sac 4. On Windows 2000 systems, view the SAenvProperties.ini file and ensure that the parameter SAC_PORT is set to Perform the ping command using the hostname to ensure that the remote collector can be reached. A-30

199 Appendix A Troubleshooting Essentials Syslog Analysis Table A-4 Syslog Troubleshooting Table (continued) Symptom Probable Cause Possible Solution Install Java or later. Remote collector messages in syslog file, but not in reports. Running incorrect version of Java. Remote collector has stopped. Remote collector is not installed correctly. On Solaris systems, check if the remote collector has stopped by entering: /usr/bin/ps -f grep java. Restart the remote collector by entering: sh /opt/cscosac/lib/sacstart.sh. On Windows 2000 systems, check using Control Panel > Services. If Syslog_Collector is not listed, reinstall the remote collector by entering: SacNTService.exe /install. If the collector is installed but not running, start the remote collector from the Control Panel > Services dialog box. Remember to specify the properties file using the pr option. A-31

200 Syslog Analysis Appendix A Troubleshooting Essentials Table A-4 Syslog Troubleshooting Table (continued) Symptom Probable Cause Possible Solution Reports are empty even though messages on Solaris systems are appended to /var/log/syslog_info and on Windows 2000 systems to C:\Program Files\CSCOpx\log \syslog.log. Processes are not running properly. Timestamp problem. 1. Select CiscoWorks2000 Server > Administration > Process Management > Process Status and make sure the syslog analyzer is running properly. If it is not, restart it. 2. Make sure the CMLogger, RmeOrb, and DBServer processes are running. If they are not, restart the system. If the Messages Processed counter is not zero, check the timestamp for a message in the syslog file. If there are two timestamps, and the second timestamp is current, the syslog analyzer uses the second. If it is older than 7 days, the reports will not display it. If the Messages Processed counter is zero and the Messages Filtered counter is not zero, change the filters. If the Messages Processed and the Messages Filtered counters are zero, but the Invalid Messages counter is not zero, contact your TAC representative. A-32

201 Appendix A Troubleshooting Essentials Syslog Analysis Table A-4 Syslog Troubleshooting Table (continued) Symptom Probable Cause Possible Solution Unexpected Device report contains syslog messages that should not be in the standard report. The messages are from a managed device but there is a name resolution problem. Syslog analyzer uses all IP addresses associated with the device name to try to map it to a device managed by Inventory Manager. Verify the device-name-to-ip-address mapping: 1. On Windows 2000 systems, view the syslog.log file in C:\Program Files\CSCOpx\log. On Solaris systems, view the syslog_info file in /var/log. Note the source of the messages (hostname appears immediately after the timestamp). 2. Obtain a list of IP addresses (perform nslookup on the device name at the command prompt). 3. Select Resource Manager Essentials > Inventory > Detailed Device Report to generate a report. 4. In the Network Address column, verify that the IP addresses returned from nslookup appear on the list. If any IP addresses are not on the list, the mapping is incorrect. 5. Update the naming services (DNS,/etc/hosts, etc.) with the missing IP addresses. A-33

202 CiscoWorks2000 Server Appendix A Troubleshooting Essentials CiscoWorks2000 Server CiscoWorks 2000 Server FAQs What kind of directory structure does CiscoWorks2000 use when backing up Resource Manager Essentials data? How do I re-initialize the Essentials database on a Solaris system? How do I re-initialize the Essentials database on a Windows 2000 system? Can I back up the database for a single application? How do I find out which devices are supported by a particular application? How do I enable or disable Java plug-in? What kind of directory structure does CiscoWorks2000 use when backing up Resource Manager Essentials data? CiscoWorks uses a standard database structure for backing up all suites and applications. A sample directory structure for the CiscoWorks2000 server (represented by the rme acronym) follows. The Essentials directory has two databases: rme and syslog. How do I re-initialize the Essentials database on a Solaris system? To re-initialize the Essentials database follow this procedure: Step 1 Step 2 Step 3 Step 4 Open a UNIX shell prompt. Stop the database engine by entering: /etc/init.d/dmgtd stop Navigate to /opt/cscopx/databases/rme directory. Make sure that the rme.db file is writeable, and execute: rm rme.db The rme.db file is deleted. A-34

203 Appendix A Troubleshooting Essentials CiscoWorks2000 Server Step 5 Step 6 Step 7 Step 8 Make sure that the syslog.db is writeable, and execute: rm syslog.db The del rme.log file is deleted. Recreate the rme.db file from the rme.dborig file by entering: cp orig/rme.dborig rme.db Recreate the syslog.db file from the syslog.dborig file: cp orig/syslog.dborig syslog.db Make sure that the rme.db and syslog.db is read-only: chmod 600 rme.db and Step 9 Step 10 Step 11 chmod 600 syslog.db Make casuser the owner of rme.db, and casusers the group: chown casuser:casusers rme.db Make casuser the owner of syslog.db, and casusers the group: chown casuser:casusers syslog.db Restart the database engine by entering: /etc/init.d/dmgtd start How do I re-initialize the Essentials database on a Windows 2000 system? To re-initialize the Essentials database follow this procedure: Step 1 Step 2 Step 3 Step 4 Open an MS DOS command prompt window. Stop the database engine by entering: net stop crmdmgtd Navigate to CSCOpx\databases\rme directory. Make sure that the rme.db file is writeable, and execute: del rme.db The rme.db file is deleted. A-35

204 CiscoWorks2000 Server Appendix A Troubleshooting Essentials Step 5 Step 6 Step 7 Step 8 Step 9 Make sure that the syslog.db is writeable, and execute: del syslog.db The del rme.log file is deleted. Recreate the rme.db file from the rme.dborig file by entering: copy orig\rme.dborig rme.db Recreate the syslog.db file from the syslog.dborig file: copy orig\syslog.dborig syslog.db Make sure that the rme.db and syslog.db is read-only. Restart the database engine by entering: net start crmdmgtd Table A-5 Sample Essentials Backup Directory Directory Path Description Usage Notes /tmp/1 Number of backups 1, 2, 3,... /tmp/2/rme Application or suite Essentials backs up all application data, including images, configuration files, and other data. /tmp/1/rme/filebackup.tar /tmp/1/rme/database All CiscoWorks2000 server application tar files Essentials database directory, which includes both Essentials and syslog databases Application data is stored in datafiles.txt and is compiled into tar file. Files for each database: xxx_dbversion.txt xxx.db database files xxx.log database log files xxx.txt database backup manifest file A-36

205 Appendix A Troubleshooting Essentials CiscoWorks2000 Server Can I back up the database for a single application? No. You cannot back up the database for individual applications or suites (if you have more than one installed). CiscoWorks2000 backs up all suite databases using the Back Up or Schedule Back Up options. You can restore or move suite-specific pieces when required. To restore only the Essentials database, specify the rme.db. How do I find out which devices are supported by a particular application? Select Server Configuration > About the Server > Applications and Versions. Under CW2000 Installed Applications, click the application name to see a list of the supported devices. How do I enable or disable Java plug-in? For applications for which the plug-in is optional, you can either enable or disable Java plug-in. To enable or disable Java Plug-in: Step 1 Step 2 Step 3 Select Server Configuration > Setup > Java Plug-in Use. Click Enable or Disable. Click Finish. Tip For the latest technical tips, suggestions for troubleshooting common issues, and frequently asked questions (FAQs) on most Essentials applications, you can go to the following URL: A-37

206 CiscoWorks2000 Server Appendix A Troubleshooting Essentials A-38

207 APPENDIX B File Import Format Two methods are available for importing devices into your network inventory: Comma-Separated Values (CSV) File Data Integration File (DIF) For ease of use, Cisco strongly recommends the CSV format. Samples of each type of file are in this appendix. Note The information in each file type must be entered in the order shown. B-1

208 Comma-Separated Values (CSV) File Appendix B File Import Format Comma-Separated Values (CSV) File You can create a CSV file to import devices. Select Resource Manager Essentials > Administration > Inventory > File Import to import the CSV file you created. The CSV format provides the following device information: Full device name or IP address (required) Read-only community string (required) Read-write community string (optional) Serial number (optional) User Field 1 (optional) User Field 2 (optional) User Field 3 (optional) User Field 4 (optional) Telnet password, enable password, enable secret, TACACS user, TACACS password, TACACS enable user, TACACS enable password, local user, local password, RCP user, and RCP password (optional) The following is a sample CSV-formatted file. ; The following header line is mandatory - only the value of the ; source attribute can be modified (e.g. source = My Excel spreadsheet). cisco Systems NM data import, source = Hand edit; Version = 2.0; Type = Csv ; ; Here are the columns of the table. ; ;Col# = 1; Name = Device name (include domain unless your stie has ; unqualified device names registered in the name services ; - or - ; IP address in dotted decimal notation ;Col# = 2: Name = RO community string ;Col# = 3: Name = RW community string ;Col# = 4: Name = Serial Number ;Col# = 5: Name = User Field 1 ;Col# = 6: Name = User Field 2 ;Col# = 7: Name = User Field 3 ;Col# = 8: Name = User Field 4 ;Col# = 9; Name = Telnet password ;Col# = 10; Name = Enable password B-2

209 Appendix B File Import Format Comma-Separated Values (CSV) File ;Col# = 11; Name = Enable secret ;Col# = 12; Name = Tacacs user ;Col# = 13; Name = Tacacs password ;Col# = 14; Name = Tacacs enable user ;Col# = 15; Name = Tacacs enable password ;Col# = 16; Name = Local user ;Col# = 17; Name = Local password ;Col# = 18; Name = Rcp user ;Col# = 19; Name = Rcp password; Comment = not used, leave blank ; ; Here are the rows of data. ; bigrouter.yourcompany.com,public,private,, dev-2501.yourcompany.com,"not so, "" public as, thought",private,sn2501, dev-2502.yourcompany.com,public,"private",sn2502, dev-2503.yourcompany.com,public,private,sn2503,"" dev-2504.yourco.com,public,private,sn2504,us1,us2,us3,us4,tpass,epass,esecret,tusr,tpass,t eusr,tepass,lusr,lpass,rusr,rpass dev-2505.yourco.com,public,private,sn2505,usr1,,,usr4,,,esecret,,tusr,tpass,,,lusr,lpass dev-2507.yourcompany.com,public,private,sn2507, dev-2509.yourcompany.com,public,private,sn2509, dev-2510.yourcompany.com,public,private,sn2510, dev-2511.yourcompany.com,public,private,sn2511, dev-2512.yourcompany.com,public,private,sn2512, dev-2513.yourcompany.com,public,private,sn2513, dev-2514.yourcompany.com,public,private,sn2514, dev-2515.yourcompany.com,public,private,sn2515, dev-2516.yourcompany.com,public,private,sn2516, dev-4000.yourcompany.com,public,private,,big Boys dev-4500.yourcompany.com,public,private,,big Boys dev-7000.yourcompany.com,public,private,,big Boys dev-7010.yourcompany.com,public,private,,big Boys dev-2517.yourcompany.com,public,private,,,nm 25xx dev-2518.yourcompany.com,public,private,,,mylabel2 dev-2520.yourcompany.com,public,private,,,mylabel2 dev-2521.yourcompany.com,public,private,,,mylabel2 dev-2522.yourcompany.com,public,private,,,mylabel2 dev-2523.yourcompany.com,public,private,,,mylabel2 dev-2524.yourcompany.com,public,private,,,mylabel2 dev-2525.yourcompany.com,public,private,,,mylabel2 dev-4700.yourcompany.com,public,private,,yourlabel1,,yourlabel3,yourlabel4 dev-7206.yourcompany.com,public,private,, dev-7505.yourcompany.com,public,private,,,,,yourlabel4 dev-7507.yourcompany.com,public,private,, dev-7513.yourcompany.com,public,private,, dev-1200.yourcompany.com,public,private,, dev-2900.yourcompany.com,public,private,, B-3

210 Data Integration File (DIF) Appendix B File Import Format dev-3000.yourcompany.com,public,private,, dev-5000.yourcompany.com,public,private,, ,public,public,, Data Integration File (DIF) You can create a DIF to import devices. Select Resource Manager Essentials > Administration > Inventory > File Import to import the DIF file you created. The DIF is currently encoded in the ISO Latin-1 character set using an extended BNF notation as described in the Essentials online help. The DIF specifies the following characteristics of each device: Generic format Generic attributes Header Table area Generic table attributes Device table Group table User annotation table Serial number table TACACS table The following is a sample DIF, incorporating these characteristics. The sample file was imported from CiscoWorks. First, the DIF is defined. cisco Systems NM data import, source=cw; Version = 1.0; The device table is defined. Table name = Device basic inventory; Version = 1.0; Column count = 7; Separator = ; Columns for the device table are defined. Col# = 1; Name = Row#; Col# = 2; Name = Device name; B-4

211 Appendix B File Import Format Data Integration File (DIF) Col# = 3; Name = Domain; Col# = 4; Name = RO community string; Col# = 5; Name = RW community string; Col# = 6; Name = Telnet password; Col# = 7; Name = Enable password; Rows of data for the device table are defined fooey more landfall cisco.com public private yet_another_router read write main charlie Pinpointed_router organized.org read write viper eric An administrative domain table is defined. Table name = Device grouping; Version = 1.0; Column count = 4; Separator = $ Columns for the domains table are defined. Col# = 1; Name = Row# Col# = 2; Name = Group Col# = 3; Name = Device name Col# = 4; Name = Domain Rows of data for the domain table are defined $CW_World$ $ $CW_World$yet_another_router$ $CW_World$landfall$cisco.com$ $CW_Smaller than world$yet_another_router$ The user annotation table is defined. Table name = Device annotations; Version = 1.0; Column count = 7; Separator = $ Columns for the annotation table are defined. Col# = 1; Name = Row# Col# = 2; Name = Device name Col# = 3; Name = Domain Col# = 4; Name = Annotation 1 Col# = 5; Name = Annotation 2 Col# = 6; Name = Annotation 3 Col# = 7; Name = Annotation 4 B-5

212 Data Integration File (DIF) Appendix B File Import Format Rows of data for the annotations table are defined (the first annotation holds location; the second annotation holds the contact name) $ $$San Jose: Bldg F$Joe Smith $yet_another_router$$San Jose: Bldg A$Jill Jones $landfall$cisco.com$San Jose: Bldg F$Joe Smith $yet_another_router$Santa Clara: Bldg 1$George Black The serial number table is defined. Table name = Device serial numbers; Version = 1.0; Column count = 4; Separator = $ Col# = 1; Name = Row# Col# = 2; Name = Device name Col# = 3; Name = Domain Col# = 4; Name = Serial number RCP data is provided $ $$jsmith$1dasf $yet_another_router$$jjones$1ruf7dhgd $landfall$cisco.com$jsmith$1dasf $yet_another_router$gblack$7fghs The TACACS table is defined. Table name = Device Tacacs access data; Version = 1.0; Column count = 7; Separator = $ Col# = 1; Name = Row# Col# = 2; Name = Device name Col# = 3; Name = Domain Col# = 4; Name = Tacacs user Col# = 5; Name = Tacacs password Col# = 6; Name = Tacacs Enable User; Col# = 7; Name = Tacacs Enable Password; TACACS data is provided $ $$jsmith$3dfg6$stillJsmith$butNot3dfg $yet_another_router$$jjones$adf $landfall$cisco.com$jsmith$3dfg $yet_another_router$gblack$jh3df B-6

213 APPENDIX C Essentials Command Reference This appendix provides a list of the Essentials commands. Command backup.pl crmimport Description Backs up the database. /opt/cscopx/bin/perl backup.pl backdir [logfilename [numbergen] ] Script used for CRM device data import. The crmimport command is a command line utility for the Resource Manager Essentials which is used to import device information from CiscoWorks(tm), CiscoWorks for Switched Internetworks(tm), HP OpenView(tm), Castlerock's SNMPc(tm) (on Windows 2000 only), or any other source of devices that can export lists of devices and their passwords. crmimport is similar to CRM's function Admin > Inventory > Import from File. On Unix enter: rmimport.pl [-o -d] importfile On Windows 2000 enter: crmimport.cmd [-o -d] importfile C-1

214 Appendix C Essentials Command Reference Command cwconfig Description CiscoWorks2000 command line tool that allows you to access the configuration archive or configurations on devices. You can use cwconfig to update, export, and import configurations on devices and in the archive. You can also compare configurations and delete old configurations. To get a list of supported commands, run the command: cwconfig -help Help on each command can be obtained as: cwconfig command -help For example: cwinvcreport cwconfig export -help Additionally, man pages are available on UNIX installations for individual commands. To view the man page for any command, enter: man cwc -command CiscoWorks2000 command line interface for the Inventory Custom Reports. cwinvcreport allows you to run the previously created Inventory Custom Reports. The output is displayed in Comma separated value (CSV) format. You can re-direct the output to an recipient or to a file. The log and the output files are created in the current directory. The report name should be given within double quotes. cwinvcreport [-d debuglevel] [-m ] [-l logfile] [-o outputfile] "reportname" You could enable debug mode and set the debug using the -d option. You could mail the output to an recipient using the -m option. You could log the error messages to a file using the -o option. To display the list of existing reports, specify the -r option. cwinvcreport -r To display cwinvcreport version information, specify the -v option. cwinvcreport -v To display the usage information, specify the -h option. cwinvcreport -h C-2

215 Appendix C Essentials Command Reference Command dbpasswd.pl dig dmgtd Description Changes a database's password along with its access configuration files. dbpasswd.pl {all dsn=data source [opwd=old password] [pfile=properties file] listdsn} Sends domain name query packets to name servers. Dig (domain information groper) is a flexible command line tool which can be used to gather information from the Domain Name System servers. Dig has two modes: Simple interactive mode which makes a single query Batch which executes a query for each in a list of several query lines. All query options are accessible from the command line. dig [@server] domain [query-type] [-dig-option] [%comment] [query-class] [+query-option] Process manager daemon. Specify the tcp port to use the Daemon Management protocol on. All clients will need to have the env var PX_DMGTHOST and env var set. Daemon Manager Protocol enabled applications can report additional status. Daemon Manager sends status information to Syslog (facility: LOG_DAEMON). dmgtd [ -p port -v] [ names ] import_rme.pl Restores RME files required for remote upgrade from RME 3.3. C-3

216 Appendix C Essentials Command Reference Command pdexec / pdshow / pdterm pdmsg Description Controls process manager. pdshow/pdexec/pdterm [ appname1 appname2... ] To get status of registered processes appname1, appname2,..., send a request to CRM process manager using the command: pdshow [appname1 appname2...] To start the registered process appname1 if it is not running, send a request to CRM process manager using the command: pdexec appname1 To stop the registered application appname1 if it is running send a request to CRM process manager using the command: pdterm appname1 pdshow will show the status of all processes registered if no arguments are given. pdexec and pdterm require one or more appnames. where appnamen represents the registered name of each process that is registered with CRM process manager. Broadcasts a string to all registered daemons under Daemon Management that are in the Running Normally state. To use this command, Daemon Management server must be running. pdmsg msg-string C-4

217 Appendix C Essentials Command Reference Command pdreg pdrun.pl Description Registers and unregisters applications with CRM Process Manager. pdreg [-r appname -e pgm [-f pgmflags ] [-d dependencies ] [-n] [-t 0 p n ] ] [-u appname ] [-l appname ] To register a process and invoke it without the -n or -t option. pdreg -r appname appname must be 25 alphanumeric characters or less. To unregister a process and shut it down if the process is running. pdreg -u appname To list the registry for a particular daemon. pdreg -l appname A wrapper to run a command-line instruction within the CiscoWorks2000 environment. The command line instruction to be run needs to be double quoted as the argument. If the command-line instruction itself contains double quotes, precede it with a back slash. To run a command line instruction within the CiscoWorks2000 environment: perl pdrun "pdshow \"ANIServer jrm\"" ProxyAdminInterface.pl removejrmjobs.pl removermejobs.pl A CiscoWorks2000 command line instruction for initial recollection of data from Auto Update Server (Proxy Server). NMSROOT/bin/perl NMSROOT/cgi-bin/import/ ProxyAdminInterface.pl Removes all the existing JRM jobs from cmf database. This is used in remote upgrade. Deletes all the Job Information from RME database. This is used in remote upgrade. C-5

218 Appendix C Essentials Command Reference Command restorebackup.pl Description Restores an earlier backup of the database. /opt/cscopx/bin/perl restorebackup.pl [-force] [-s groupname] [-gen generationnumber] {-d backup directory} This script can be used for user-specific requirements to: Restore only one group. For this, use the '-s groupname' parameter. Restore all groups. For this, do not use the '-s' parameter. Installed suites that includes CMF and Essentials. See a list of the available backed-up generations. For this, enter the following at the command line: /opt/cscopx/bin/perl restorebackup.pl -h {-d backup directory} RmeJobCreateService.pl RmeJobEnableService.pl Sample Script.pl uninstall.sh Creates new jobs from exported RME job data into Coyote system. Exported job data will be read from NMSROOT/rigel backup directory. Script will disable all the jobs after creation. Enables all the jobs disabled by Coyote upgrade or Job creation service.information about list of jobs to be enabled is obtained from joblist.jrm and rmedisabledjobs.jrm under NMSROOT/setup directory. Wrapper around the OS specific mail program. Accepts the usual parameters like sender, subject, _ids, text_message and sends the message to the intended recipient. sample script.pl - _ids list of comma separated addresses, -subject [subject of ] optional -from [from who] -sender [sender] -smtp [SMTP, needed for Windows 2000], -text_message [message text, '\n' character is used to break up message into multiple lines] Uninstallation program that removes files and settings. Uninstallation allows you to remove only Essentials or remove CiscoWorks2000 CD One as well. To remove CD One, you must remove Essentials as well. Before removing Essentials, you must first remove any applications that depend on Essentials. uninstall.sh C-6

219 INDEX A adding functionality and incremental device support, overview 1-14 advanced report, messages from selected VPN devices (Syslog Analysis) 3-4 applications 2-1 Availability 2-6 benefits of 2-6 functional flow 2-7 Case Management 2-36 Case management Task (table) 2-36 Change Audit 2-10 functional flow 2-11 troubleshooting A-2 Configuration Management 2-14 benefits of 2-14 Config Editor option 2-31 Config Management Tasks (table) 3-2 Config Management Troubleshooting (table) A-4 configuration archive 2-18 functional flow 2-15 NetConfig option 2-23 Network Show Commands option 2-27 troubleshooting A-4 Contract Connection 2-34 troubleshooting A-6 usage scenario, with Inventory 14-1 workflow 2-35 device views 2-2 Applications and the Device Credentials (table) 2-5 device credentials, setting 2-4 Device Views (figure) 2-3 Device Views Tasks (table) 2-4 types of views 2-2 Inventory 2-37 benefits of 2-37 functional flow 2-38 hardware encryption report 3-3 image upgrade report 3-3 troubleshooting A-7 unmanaged devices, adding to 7-6 usage scenario, with Contract Connection 14-1 VPN management solution report 3-2 Job Approval 2-46 Job Approval Tasks (table) 2-48 Job Approval Workflow (figure) 2-47 process 2-47 Software Management 2-49 IN-1

220 Index benefits of 2-49 Change Audit, using with 6-1 functional flow 2-49 Software Management Functional Flow (figure) 2-50 Software Management Tasks (table) 2-52 Software Management Troubleshooting (table) A-21 Software Management Workflow (figure) 2-51 troubleshooting A-13 Syslog Analysis 2-55 Availability, using with 5-1 certificate report 3-4 compression-decompression report 3-4 custom reports, creating 13-1 de-encapsulation report 3-3 functional flow 2-55 Functional Flow (figure) 2-56 hardware encryption report 3-3 IKE report 3-4 messages from selected VPN devices, report 3-4 packet replay report 3-4 Syslog Analysis vs. Change Audit Workflow (figure) 2-58 Syslog Analysis Workflow (figure) 2-57 troubleshooting A-25 workflow 2-57 System Configuration 2-5 System Configuration Tasks (table) 2-6 architecture, overview 1-7 Cisco.com 1-10 CiscoWorks2000 Server 1-8 Essentials database and functions 1-9 Essentials functional architecture (figure) 1-8 web clients 1-9 audience for this document xi Auto Update Server (see Proxy Server) 11-1 Availability application 2-6 benefits of 2-6 functional flow 2-7 Availability Functional Flow (figure) 2-8 Availability Manager Tasks (table) 2-9 Availability Workflow (figure) 2-8 workflow 2-8 using with Syslog Analysis, scenario 5-1 B backup.pl command, description C-1 C Case Management application 2-36 Case Management Task (table) 2-36 cautions regarding IN-2

221 Index commands entered in user and adhoc templates 2-25 deleting software images from the Essentials Server 7-5 significance of xii CCO (Cisco Connection Online) retrieving software images from 6-4 upgrade analysis, performing 6-3 username and password, when used 14-2 CD-ROM, obtaining Cisco documentation on xiv Change Audit application 2-10 FAQs on tracking configuration changes A-2 who made what changes A-2 functional flow 2-11 Change Audit Functional Flow (figure) 2-12 Change Audit Tasks (table) 2-13 Change Audit Work Flow (figure) 2-12 troubleshooting A-2 usage scenarios using with Configuration Management 12-1 using with multiple applications 7-1 using with Software Management 6-1 Cisco, contact when updating contract status on network devices 14-4 your Contract Agent profile 14-2 Cisco.com, obtaining technical assistance through xv CiscoWorks2000 Server architectural component 1-8 FAQs on backing up data for a single application A-37 directory structure when backing up data A-34 which devices supported by particular applications A-37 troubleshooting A-34 command reference backup.pl C-1 crmimport C-1 cwconfig C-2 cwinvcreport C-2 dbpasswd.pl C-3 dig C-3 dmgtd C-3 import_rme.pl C-3 pdexec C-4 pdmsg C-4 pdreg C-5 pdrun.pl C-5 pdshow C-4 pdterm C-4 ProxyAdminInterface.pl C-5 RemoveJrmJobs.pl C-5 RemoveRmeJobs.pl C-5 restorebackup.pl C-6 RmeJobCreateService.pl C-6 IN-3

222 Index RmeJobEnableService.pl C-6 Sample Script.pl C-6 uninstall.sh C-6 command sets in Network Show Commands for more than 10 devices (FAQ) A-3 compression-decompression report (Syslog Analysis) 3-4 Configuration Management application 2-14 benefits of 2-14 Change Audit, using with 12-1 Config Editor option 2-31 benefits of 2-31 Config Editor Functional Flow (figure) 2-32 Config Editor Tasks (table) 2-33 Configuration Management Tasks (table) 3-2 Configuration Management Troubleshooting (table) A-4 FAQs on devices imported from NMS, comparing configurations A-3 finding out what devices are supported A-2 functional flow 2-15 configuration archive 2-18 Configuration Archive Functional Flow (figure) 2-18 Configuration Management Archive-Specific Tasks (table) 2-21 Configuration Management Functional Flow (figure) 2-16 Configuration Management Workflow (figure) 2-17 NetConfig, Config Editor, and Network Show commands 2-20 NetConfig option 2-23 benefits of 2-24 NetConfig Functional Flow (figure) 2-24 NetConfig Tasks (table) 2-25 usage scenarios, using alone 9-1 Network Show Commands option 2-27 benefits of 2-27 commands, how many per set A-3 commands, inclusiveness A-3 command sets for more than 10 devices A-3 FAQs on commands, error messages A-3 Network Show commands Functional Flow (figure) 2-29 Network Show Commands Tasks (table) 2-29 troubleshooting A-4 usage scenarios using alone 8-1 using with Change Audit 12-1 using with multiple other applications 7-1 configuring multiple devices 9-1 prerequisites 9-2 procedures 9-2 NetConfig job, defining 9-3 template, creating 9-2 verifying 9-5 Contract Agent access updating 14-2 IN-4

223 Index when required 14-2 Contract Connection application 2-34 FAQs on serial numbers different types A-6 out of sync A-6 why Electronic Serial Number field might be blank A-6 troubleshooting A-6 usage scenario, with Inventory 14-1 workflow 2-35 Contract Connection Task (table) 2-35 contract status of devices updating prerequisites 14-2 procedures 14-2 verifying 14-2 crmimport command, description C-1 custom reports in Syslog Analysis creating 13-1 verifying creation of 13-3 viewing 5-4 cwconfig command, description C-2 cwinvcreport command, description C-2 D dbpasswd.pl command, description C-3 device configuration changes checking 12-1 prerequisites 12-2 procedures 12-2 verifying 12-3 using a template 8-1 prerequisites 9-2 procedures 8-2 verifying 8-1 device data, importing to Inventory 10-1 prerequisites 10-2 procedure 10-3 verification 10-4 devices configuring multiple 9-1 prerequisites 9-2 procedures 9-2 verifying 9-5 contract status on, updating 14-4 Device Serial Number field is blank, FAQ on A-9 disabled, troubleshooting 2-25 imported from NMS, comparing configurations A-3 misconfigured, troubleshooting 2-25 monitoring 5-1 prerequisites 5-2 procedures 5-2 verifying 5-4 network checking contract status of 14-2 updating contract status on 14-4 IN-5

224 Index Network Show command sets for more than 10 (FAQ) A-3 serial numbers updating 14-3 verifying, FAQ on A-9 verifying update of 14-4 why they may not match shipment serial numbers 14-3 software, upgrading 6-1 prerequisites 6-2 procedures 6-2 verifying 6-8 supported by Configuration Management, FAQ on determining A-2 by Inventory, FAQ on determining A-7 by which applications, FAQ on determining A-37 syslog messages for, not getting A-25 unmanaged, adding to Inventory 7-6 VPN advanced report, messages from selected 3-4 search report 3-2 device support, adding incremental 1-14 device views application 2-2 device credentials, setting 2-4 Applications and the Device Credentials (table) 2-5 Device Views (figure) 2-3 Device Views Tasks (table) 2-4 types of views 2-2 dig command, description C-3 directory structure used by CiscoWorks2000 Server when backing up data (FAQ) A-34 dmgtd command, description C-3 documentation feedback, providing electronically or by mail xiv obtaining xiii on a CD-ROM xiv on the World Wide Web xiii ordering xiv related xii E Essentials Server deleting images from, caution regarding 7-5 maintaining 7-1 configurations, removing from the archive 7-7 images, removing from the software library 7-5 old data, removing from the Job Control report 7-6 overall procedures 7-2 prerequisites for maintenance 7-2 records, removing from the Change Audit log 7-3 unmanaged devices, adding to Inventory 7-6 IN-6

225 Index F verifying maintenance 7-8 Change Audit log records removed 7-8 configurations removed from the archive 7-9 old data removed from the Job Control report 7-9 software images removed from the library 7-8 unmanaged devices added to Inventory 7-9 figures Availability Functional Flow 2-8 Availability Workflow 2-8 Change Audit Functional Flow 2-12 Change Audit Work Flow 2-12 Config Editor Functional Flow 2-32 Configuration Archive Functional Flow 2-18 Configuration Management Functional Flow 2-16 Configuration management Workflow 2-17 Device Views 2-3 Essentials functional architecture 1-8 Essentials Task Usage Workflow 1-12 Importing Information from Proxy Server 11-3 Inventory Management Functional Flow 2-39 Inventory Management Workflow 2-40 Job Approval Workflow 2-47 NAT Support 4-2 NetConfig Functional Flow 2-24 Network Show Commands Functional Flow 2-29 Software Management Functional Flow 2-50 Software Management Workflow 2-51 Syslog Analysis Functional Flow 2-56 Syslog Analysis vs. Change Audit Workflow 2-58 Syslog Analysis Workflow 2-57 file import formats B-1 comma-separated values (CSV) file B-2 example B-2 device integration file (DIF) B-4 example B-4 functionality, adding 1-14 G getting started, overview 1-10 H hardware encryption report (Inventory) 3-3 help (see also troubleshooting) A-1 online xiii technical assistance, obtaining xv Cisco.com xv TAC xv IN-7

226 Index I IKE report (Syslog Analysis) 3-4 images (see software images) 3-3 import_rme.pl command, description C-3 importing device data to Inventory 10-1 prerequisites 10-2 procedure 10-3 verification 10-4 Inventory application 2-37 benefits of 2-37 determining devices supported by, FAQ on A-7 FAQs on data collection methods A-8 device serial number, verifying and correcting A-9 Device Serial Number field blank A-9 Inventory Poller A-8 most recent changes A-8 Schedule Collection, how often to run A-8 Schedule Collection, when last performed A-8 what devices are supported A-7 functional flow 2-38 Inventory Management Functional Flow (figure) 2-39 Inventory Management Workflow (figure) 2-40 Inventory Manager Tasks (table) 2-41 importing device data to 10-1 prerequisites 10-2 procedure 10-3 verification 10-4 reports hardware encryption 3-3 image upgrade 3-3 VPN management solution 3-2 troubleshooting A-7 unmanaged devices, adding to 7-6 usage scenarios using with Contract Connection 14-1 using with multiple applications 7-1 inventory information, maintaining 14-1 prerequisites 14-2 procedures 14-2 device serial numbers, updating 14-3 network devices, checking contract status of 14-2 verifying 14-2 contract status on network devices 14-4 device serial numbers updated 14-4 Inventory Tasks (table) 3-3 Inventory Troubleshooting (table) A-9 J Job Approval application 2-46 Job Approval Workflow (figure) 2-47 process 2-47 Job Approval Tasks (table) 2-48 IN-8

227 Index M Job Approval Workflow (figure) 2-47 maintaining the Essentials Server (see Essentials Server) 7-1 Managing devices outside the NAT 4-3 Managing PIX Devices Importing Information from Proxy Server 11-2 through Proxy Server (Auto Update Server) 11-1 Managing PIX Devices through Proxy Server (Auto Update Server) 11-1 monitoring devices 5-1 prerequisites 5-2 procedures 5-2 custom report, viewing 5-4 network availability, determining current 5-2 syslog messages, viewing latest 5-3 verifying 5-4 N NetConfig (Configuration Management option) benefits of 2-24 NetConfig Functional Flow (figure) 2-24 NetConfig Tasks (table) 2-25 usage scenarios, using alone 9-1 Network Address Translation Support 4-1 Introducing NAT Support 4-2 Network Show Commands (Configuration Management option) FAQs on commands, error messages A-3 commands, how many per set A-3 commands, inclusiveness A-3 command sets for more than 10 devices A-3 Network Show Commands Functional Flow (figure) 2-29 Network Show Commands Tasks (table) 2-29 O OSPF NOMEMORY errors, correcting 13-1 overview 1-1 adding functionality and incremental device support 1-14 features 1-2 Essentials Applications (table) 1-3 functional architecture 1-7 Cisco.com 1-10 CiscoWorks2000 Server 1-8 Essentials database and functions 1-9 Essentials functional architecture (figure) 1-8 web clients 1-9 getting started 1-10 RME functions 1-11 IN-9

228 Index P administrative tasks 1-12 system configuration 1-13 task workflow 1-12 user tasks 1-11 supported devices 1-14 time zone implementaion 1-15 packet replay report (Syslog Analysis) 3-4 pdexec command, description C-4 pdmsg command, description C-4 pdreg command, description C-5 pdrun.pl command, description C-5 pdshow command, description C-4 pdterm command, description C-4 PIX devices, managing through Proxy Server prerequisites 11-4 procedures 11-4 distributing images 11-5 importing Proxy Server 11-4 verification 11-5 privileges Contract Agent updating 14-2 when required 14-2 Proxy Server Managing PIX Devices 11-1 R reader comment form, submitting electronically xiv removejrmjobs.pl command, description C-5 removermejobs.pl command, description C-5 reports advanced, report of messages from selected VPN devices (Syslog Analysis) 3-4 certificate report (Syslog Analysis) 3-4 compression-decompression (Syslog Analysis) 3-4 custom reports in Syslog Analysis creating 13-1 prerequisites to creating 13-2, 14-2 verifying creation of 13-3 viewing 5-4 de-encapsulation (Syslog Analysis) 3-3 hardware encryption Inventory 3-3 Syslog Analysis 3-3 IKE report (Syslog Analysis) 3-4 image upgrade (Inventory) 3-3 packet replay report (Syslog Analysis) 3-4 Syslog Analysis 3-3 VPN configuration (Configuration Management) 3-2 VPN management solution (Inventory) 3-2 restorebackup.pl command, description C-6 RME functions, overview 1-11 administrative tasks 1-12 IN-10

229 Index system configuration 1-13 task workflow 1-12 Essentials Task Usage Workflow (figure) 1-12 user tasks 1-11 RmeJobCreateService.pl command, description C-6 RmeJobEnableService.pl command, description C-6 S Sample Script.pl command, description C-6 Sample Essentials Backup Directory A-36 Schedule Collection (Inventory) how often to run (FAQ) A-8 when last performed A-8 scheduling Schedule Collection how often to run, FAQ on A-8 when last performed, FAQ on A-8 software image upgrade jobs part of scenario 6-5 servers CiscoWorks2000 (see CiscoWorks2000 Server) A-34 Essentials (see Essentials Server) 7-1 software images caution regarding deleting 7-5 image upgrade report 3-3 removing from the software library 7-5 retrieving from CCO 6-4 Software Management application 2-49 benefits of 2-49 Change Audit, using with 6-1 functional flow 2-49 Software Management Functional Flow (figure) 2-50 Software Management Tasks (table) 2-52 Software Management Workflow (figure) 2-51 Software Management Functional Flow (figure) 2-50 Software Management Troubleshooting (table) A-21 Software Management Workflow (figure 2-51 troubleshooting A-13 usage scenario using with Change Audit 6-1 using with multiple other applications 7-1 supported devices, overview 1-14 Syslog Analysis application 2-55 FAQs on location of syslog messages A-26 not getting syslog messages for devices A-25 syslog window appears to lock up A-26 functional flow 2-55 on Windows 2-57 IN-11

230 Index Syslog Analysis Functional Flow (figure) 2-56 Functional Flow (figure) 2-56 reports certificate 3-4 compression-decompression 3-4 custom, creating 13-1 de-encapsulation 3-3 hardware encryption 3-3 IKE 3-4 messages from selected VPN devices 3-4 packet replay 3-4 syslog custom report 13-1 Syslog Analysis vs. Change Audit Workflow (figure) 2-58 Syslog Analysis Workflow (figure) 2-57 Syslog Troubleshooting (table) A-27 troubleshooting A-25 usage scenarios using alone 13-1 using with Availability 5-1 using with multiple other applications 7-1 using with Availability, scenario 5-1 workflow 2-57 Syslog Analysis Tasks (table) 2-59 Syslog Analysis vs. Change Audit Workflow (figure) 2-58 Syslog Analysis Workflow (figure) 2-57 Syslog vs. Change Audit 2-58 syslog custom report (Syslog Analysis) scenario 13-1 prerequisites 14-2 procedures 13-2 verifying 13-3 System Configuration application 2-5 System Configuration Tasks (table) 2-6 T tables Applications and the Device Credentials 2-5 Availability Manager Tasks 2-9 Case Management Task 2-36 Change Audit Tasks 2-13 Config Editor Tasks 2-33 Configuration Management Archive-Specific Tasks 2-21 Configuration Management Tasks 3-2 Configuration Management Troubleshooting A-4 Contract Connection Task 2-35 Device Views Tasks 2-4 Essentials Applications 1-3 Inventory Manager Tasks 2-41 Inventory Tasks 3-3 Inventory Troubleshooting A-9 Job Approval Tasks 2-48 NetConfig Tasks 2-25 Network Show Commands Tasks 2-29 Software Management Tasks 2-52 IN-12

231 Index Software Management Troubleshooting A-21 Syslog Analysis Tasks 2-59 Syslog Troubleshooting A-27 System Configuration Tasks 2-6 VPN Syslog Analysis Tasks 3-3 TAC (Technical Assistance Center) obtaining support from xv how the Escalation Center works xvii priority levels, understanding xvi telephone numbers xvii website xvi Technical Assistance Center (see TAC) xv technical support xv (see also troubleshooting) A-1 through Cisco.com xv through TAC xv telephone numbers for TAC (see technical support) xvii Telnet passwords, changing (scenario) 8-2 templates for configuring multiple devices, creating 9-2 for device configuration changes, using 8-1 time zone implementation, overview 1-15 troubleshooting A-1 Change Audit A-2 CiscoWorks2000 Server A-34 FAQs on A-34 Configuration Management A-2 FAQs on A-2 troubleshooting A-4 Contract Connection A-6 FAQs on A-6 disabled devices 2-25 Inventory A-7 FAQs on A-7 troubleshooting A-9 misconfigured devices 2-25 Software Management A-13 FAQs, access to A-13 troubleshooting A-21 Syslog troubleshooting A-27 Syslog Analysis A-25 FAQs on A-25 typographical conventions used in this document xi U uninstall.sh command, description C-6 upgrade analysis through CCO, performing 6-3 upgrading devices 6-1 prerequisites 6-2 procedures 6-2 verifying 6-8 upgrading device software 6-1 prerequisites 6-2 procedures 6-2 IN-13

232 Index CCO upgrade analysis, performing 6-3 software images, retreiving from CCO 6-4 software image upgrade, scheduling 6-5 upgrade, tracking 6-7 verifying 6-8 World Wide Web contacting TAC via xvi obtaining Cisco documentation via xiii V VPN Security Management Solution 3-1 Configuration Management reports 3-2 search VPN devices 3-2 VPN configuration report 3-2 Inventory reports 3-2 hardware encryption reports 3-3 image upgrade reports 3-3 Syslog Analysis reports 3-3 advanced report, messages from selected VPN devices 3-4 certificate report 3-4 compression-decompression report 3-4 de-encapsulation report 3-3 hardware encryption reports 3-3 IKE report 3-4 packet replay report 3-4 VPN Syslog Analysis Tasks (table) 3-3 W when to contact Cisco (see Cisco) 14-4 IN-14