Cisco LMS 4.2_User Guide

(1)

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA

http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Administration of Cisco Prime LAN

Management Solution 4.2

(2)

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT

LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

(3)

C O N T E N T S

Preface

xxiii

Notices

xxvii

OpenSSL/Open SSL Project

i-xxvii

License Issues

i-xxvii

C H A P T E R 1

Overview of Administration

1-1

How the guide is organized?

1-1

Administration Tasks

1-3

Understanding the System Dashboard

1-8

Cisco Prime Product Updates

1-8

Critical Message Window

1-8

Device Credentials and AAA Information

1-9

Log Space Usage

1-10

Process Status

1-11

System Backup Status

1-11

User Login Information

1-12

Job Information Status

1-12

Audit Trail Information

1-13

Job Approval

1-14

Syslog Collectors Information

1-15

Supported Device Finder Portlet

1-15

VRF Collector Summary

1-18

Collection Summary Portlet

1-19

C H A P T E R 2

Setting up Security

2-1

Managing Security in Single-Server Mode

2-1

Setting up Browser-Server Security

2-2

Enabling Browser-Server Security From the LMS Server

2-3

Disabling Browser-Server Security From the LMS Server

2-3

Setting up Local User Policy

2-4

Setting up Local Users

2-6

(4)

Contents

Importing Local Users Using CLI

2-8

Importing Users From ACS

2-9

Adding and Modifying a Local User

2-9

Adding Local Users Using CLI

2-11

Assigning Roles on NDG Basis

2-13

Modifying Your Profile

2-13

Creating Self Signed Certificates

2-14

Creating a Self Signed Certificate From the User Interface

2-15

Working With Third Party Security Certificates

2-16

Managing Security in Multi-Server Mode

2-16

Setting up Peer Server Account

2-17

Setting up System Identity Account

2-18

Setting up Peer Server Certificate

2-19

Enabling Single Sign-On

2-20

Single Sign-On Setup

2-20

Navigating Through the Single Sign-On Domain

2-21

Changing the Single Sign-On Mode

2-22

Setting up the Authentication Mode

2-24

Authentication Using Login Modules - Overview

2-24

Cisco Secure ACS Support for LMS Applications

2-26

Setting the Login Module to Pluggable Authentication Modules

2-26

Managing Roles

2-36

Managing Cisco.com Connection

2-39

Setting up Cisco.com User Account

2-39

Setting Up the Proxy Server

2-40

Support Settings

2-40

C H A P T E R 3

Administering LMS Server

3-1

Using Daemon Manager

3-2

Managing Processes

3-3

LMS Back-end Processes

3-6

Server Back-end Processes

3-6

Inventory, Config and Image Management Processes

3-11

Network Topology, Layer 2 Services and User Tracking Processes

3-14

(5)

Contents

Restoring Data

3-20

Changing the Database Password

3-22

Effects of Backup-Restore on DCR

3-24

Master-Slave Configuration Prerequisites and Restore Operations

3-26

Effects of Backup-Restore on Groups

3-27

Backup for Cisco Prime Infrastructure

3-28

Licensing Cisco Prime LMS

3-29

Compliane and Audit Manager (CAAM) Server License

3-30

Configuring a Default SMTP Server

3-31

Collecting Server Information

3-31

Collecting Self Test Information

3-33

Messaging Online Users

3-34

Managing Resources

3-35

Modifying System Preferences

3-36

Configuring Log Files Rotation

3-38

Configuring Disk Space Threshold Limit

3-43

Effects of Third Party Backup Utility and Virus Scanner

3-44

Configuring TFTP

3-44

Cisco Prime Integration Application Settings

3-45

C H A P T E R 4

Administering Discovery Settings and Device and Credential Repository

4-1

Scheduling Device Discovery

4-1

Configuring Device Selector

4-5

Selecting Devices for Device Management Tasks

4-6

Searching Devices

4-7

Performing Simple Search

4-7

Performing Advanced Search

4-8

Device Selector Settings

4-10

Understanding Device Groups

4-10

Customizing Device Grouping

4-12

Customizing Display Order of Device Groups

4-14

Administering Device and Credential Repository

4-15

Changing DCR Mode

4-15

Configuring Device Polling

4-18

(6)

Contents

Renaming User Defined Fields

4-21

Deleting User Defined Fields

4-22

Configuring Default Credentials

4-22

Using Default Credentials

4-22

Important Notes on Default Credentials

4-23

Default Credentials Behavior in Multi-Server Setup

4-23

Configuring Default Credential Sets

4-24

Configuring Default Credential Set Policy

4-27

C H A P T E R 5

Managing Groups

5-1

Groups - Components and Basic Concepts

5-2

Groups in Single-Server and Multi-Server Setup

5-3

Groups in Single Server Scenario

5-3

Groups in Multi-Server Scenario

5-3

Device Group Administration

5-4

Creating Groups

5-5

Specifying Group Properties

5-7

Defining Group Rules

5-9

System Defined Attributes

5-13

Assigning Group Membership

5-25

Viewing Group Details

5-26

Modifying Group Details

5-27

Refreshing Groups

5-28

Deleting Groups

5-28

Exporting Groups

5-29

Sample Export Groups Output File

5-29

Exporting Groups From User Interface

5-30

Importing Groups

5-31

Important Notes on Importing Groups

5-31

Importing Groups From User Interface

5-31

Overview of Subnet Based Groups

5-32

Accessing Subnet Based Groups

5-32

Understanding Subnet Based Groups

5-33

Creating Groups Based on Subnet

5-33

DCR Mode Changes and Group Behavior

5-33

(7)

Contents

Entering the Port and Module Group Properties Details

5-37

Selecting Group Source

5-38

Defining Rule Expression for Port or Module Groups

5-39

Understanding the Summary

5-46

Viewing Port and Module Group Details

5-47

Editing Port and Module Groups

5-48

Deleting Port and Module Groups

5-49

Working with Fault System-defined Groups

5-50

LMS System-defined Groups

5-50

Fault System Defined Groups

5-51

Working with Customizable Groups

5-52

Managing Fault Groups

5-53

Editing and Creating Fault Groups

5-54

Editing a Fault Group

5-55

Creating a Fault Group

5-58

Understanding Rules

5-61

Finalizing Fault Group Membership

5-64

Viewing the Fault Group Summary

5-65

Viewing Fault Group Details

5-65

Viewing Fault Membership Details

5-66

Refreshing Fault Membership

5-67

Deleting Fault Groups

5-68

Understanding Collector Group Rules

5-68

IPSLA Collector Group Administration Process

5-71

Understanding IPSLA Collector Group Administration

5-72

Working with User-Defined Collector Groups

5-73

Creating and Modifying User-Defined Collector Groups

5-73

Setting Collector Group Properties

5-73

Defining Collector Group Rules

5-75

Assigning Collector Group Membership

5-77

Viewing the Collector Group Summary

5-78

Deleting User-Defined Collector Groups

5-79

Viewing User-Defined Collector Groups

5-79

Viewing Collector Group Details

5-79

Viewing Membership Details

5-80

Refreshing User-Defined Collector Group Membership

5-81

(8)

Contents

C H A P T E R 6

Administering Data Collection

6-1

Modifying Data Collection SNMP Timeouts and Retries

6-1

Scheduling Data Collection

6-3

Data Collection Critical Device Poller

6-4

Compliance and Audit Settings

6-5

Compliance Data Collection

6-5

Compliance Data Collection Jobs

6-7

Import Contracts

6-7

Import Policy Updates

6-8

C H A P T E R 7

User Tracking and Dynamic Updates

7-1

Understanding User Tracking

7-1

Using User Tracking

7-2

Accessing UT Data

7-2

Various Acquisitions in User Tracking

7-3

Using User Tracking Administration

7-4

Viewing User Tracking Acquisition Information

7-6

Configuring User Tracking Acquisition Actions

7-7

Using User and Host Acquisition

7-8

Modifying UT Acquisition Settings

7-8

Configuring Rogue MAC List

7-16

Modifying UT Acquisition Schedule

7-19

Modifying Ping Sweep Options

7-20

Configuring UT Subnet Acquisition

7-21

Deleting User Tracking Purge Policy Details

7-22

Configuring UT Acquisition in Trunk for End Host Discovery

7-23

Importing Information on End Host Users

7-24

Understanding Dynamic Updates

7-24

MAC User-Host Information Collector (MACUHIC) Process

7-26

User Tracking Manager (UTManager) Process

7-26

UTLite

7-26

Viewing Dynamic Updates Process Status

7-27

Enabling SNMP Traps on Switch Ports

7-27

SNMP MAC Notification Listener

7-29

(9)

Contents

Using User Tracking Utility

7-34

Understanding UTU

7-34

Hardware and Software Requirements for UTU

7-35

Downloading UTU

7-35

Installing UTU

7-36

Installing UTU in Silent Mode

7-36

Installing UTU in Normal Mode

7-37

Accessing UTU

7-38

Configuring UTU

7-39

Searching for Users, Hosts or IP Phones Using UTU

7-40

Uninstalling UTU

7-45

Upgrading to UTU 2.0

7-45

Re-installing UTU 2.0

7-46

C H A P T E R 8

Administering Collection Settings

8-1

Using the Inventory Job Browser

8-2

Viewing Job Details

8-6

Creating and Editing an Inventory Collection or Polling Job

8-7

Stopping, Cancelling or Deleting an Inventory Collection or Polling Job

8-9

Timeout and Retry Settings

8-9

Secondary Credentials

8-11

Changing the Schedule for System Inventory Collection or Polling, Compliance Policy and PSIRT/EOX

System

8-12

Changing the Schedule for System Inventory Collection or Polling Settings

8-12

Changing the Schedule for Compliance Policy and PSIRT/EOS and EOL settings

8-13

PSIRT or End-of-Sale or End-of-Life Data Administration

8-14

Changing the Data Source for PSIRT/EOS/EOL Reports

8-14

Generating PSIRT/End-of-Sale/End-of-Life Report using Data from Cisco.com

8-16

Generating PSIRT/End-of-Sale/End-of-Life Report using Data from Local File Location

8-16

Administering VRF Lite

8-18

Using VRF Lite Collector Settings

8-18

Scheduling VRF Lite Collector

8-19

Modifying VRF Lite SNMP Timeouts and Retries

8-20

Modifying Fault Management SNMP Timeout and Retries

8-21

Configuring Fault Management Rediscovery Schedules

8-22

Suspending and Resuming a Rediscovery Schedule

8-22

(10)

Contents

Device Management Functions

8-26

Performance Management SNMP Timeouts and Retry Settings

8-27

IPSLA Application Settings

8-28

Copying IPSLA Configuration to Running-Config

8-29

Managed Source Interface Setting

8-29

Setting Up Archive Management

8-30

Preparing to Use the Archive Management

8-30

Entering Device Credentials

8-30

Modifying Device Configurations

8-32

Enabling rcp

8-32

Enabling scp

8-33

Enabling https

8-33

Configuring Devices to Send Syslogs

8-33

Modifying Device Security

8-34

Router Commands

8-34

Switches Commands

8-35

Content Networking—Content Service Switch Commands

8-35

Content Networking—Content Engine Commands

8-35

Cisco Interfaces and Modules—Network Analysis Modules

8-35

Security and VPN—PIX Devices

8-36

Moving the Configuration Archive Directory

8-36

Enabling and Disabling the Shadow Directory

8-37

Configuring Exclude Commands

8-38

Configuring Fetch Settings

8-40

Understanding Configuration Retrieval and Archival

8-40

Schedule Periodic Configuration File Archival

8-40

Schedule Periodic Configuration Polling

8-41

Manual Updates (Sync Archive function)

8-41

Using Version Summary

8-41

Timestamps of Configuration Files

8-42

How Running Configuration is Archived

8-42

Change Audit Logging

8-43

Defining the Configuration Collection Settings

8-43

Configuring Transport Protocols

8-46

Requirements to Use the Supported Protocols

8-46

(11)

Contents

Viewing Common Syslog Collector Status

8-51

Subscribing to a Common Syslog Collector

8-52

Testing Syslog Collector Subscription

8-53

Understanding the Syslog Collector Properties File

8-55

Timezone List Used By Syslog Collector

8-58

C H A P T E R 9

Monitoring and Troubleshooting Settings

9-1

Configuring Fault Poller Settings For Topology

9-1

Loading MIB Files

9-2

Configuring RMON

9-5

Modifying the Parameters

9-6

Enabling RMON on All Ports in Selected Devices

9-7

Enabling RMON on Selected Ports in Selected Devices

9-7

Disabling RMON

9-8

Configuring Topology Settings

9-8

Viewing Restricted Topology

9-9

C H A P T E R 10

Notification and Action Settings

10-1

Understanding Notifications and Subscriptions

10-2

Customizing LMS Events

10-5

Configuring Event Sets and Notification Groups for Subscriptions

10-6

Configuring Event Sets

10-6

Configuring Fault Notification Groups

10-7

Setting Up a Fault Notification Group as Static or Dynamic

10-8

Managing Fault SNMP Trap Notifications

10-9

Adding an SNMP Trap Notification Subscription

10-10

Editing an SNMP Trap Notification Subscription

10-11

Suspending an SNMP Trap Notification Subscription

10-11

Resuming an SNMP Trap Notification Subscription

10-12

Deleting an SNMP Trap Notification Subscription

10-12

Managing Fault E-Mail Configurations

10-13

Managing Fault E-Mail Notification Subscriptions

10-13

Adding and Editing an E-Mail Notification Subscription

10-14

Managing Fault E-Mail Subject Customization

10-16

Managing Fault Syslog Notifications

10-17

(12)

Contents

Resuming a Syslog Notification Subscription

10-20

Deleting a Syslog Notification Subscription

10-21

Configuring Fault SNMP Trap Receiving and Forwarding

10-21

Enabling Devices to Send Traps to LMS

10-22

Enabling Cisco IOS-Based Devices to Send Traps to LMS

10-23

Enabling Catalyst Devices to Send SNMP Traps to LMS

10-23

Integrating SNMP Trap Receiving with Other Trap Daemons or NMSs

10-24

Updating the SNMP Trap Receiving Port

10-24

Configuring SNMP Trap Forwarding

10-25

Performance SNMP Trap Notification Groups

10-25

Creating a Trap Receiver Group

10-26

Editing a Trap Receiver Group

10-27

Deleting a Trap Receiver Group

10-29

Filtering Trap Receiver Groups

10-29

Performance Syslog Notification Groups

10-31

Creating a Syslog Receiver Group

10-32

Editing a Syslog Receiver Group

10-33

Deleting a Syslog Receiver Group

10-34

Filtering Syslog Receiver Groups

10-35

Defining Automated Actions

10-36

Creating an Automated Action

10-37

Editing an Automated Action

10-39

Guidelines for Writing Automated Script

10-41

Enabling or Disabling an Automated Action

10-41

Exporting or Importing an Automated Action

10-41

Deleting an Automated Action

10-42

Automated Action: An Example

10-42

Verifying the Automated Action

10-44

Defining Syslog Message Filters

10-44

Creating a Filter

10-45

Editing a Filter

10-46

Enabling or Disabling a Filter

10-47

Exporting or Importing a Filter

10-47

Deleting a Filter

10-48

Inventory and Config Collection Failure Notification

10-48

(13)

Contents

C H A P T E R 11

Administering Change Audit and Software Management

11-1

Setting Up Preferences

11-2

Performing Change Audit Tasks

11-2

Performing Maintenance Tasks

11-3

Setting the Purge Policy

11-4

Performing a Forced Purge

11-5

Config Change Filter

11-7

Defining Exception Periods

11-7

Creating an Exception Period

11-8

Enabling and Disabling an Exception Period

11-8

Editing an Exception Period

11-9

Deleting an Exception Period

11-9

Defining Change Audit Automated Actions

11-10

Understanding the Automated Action Window

11-10

Creating an Automated Action

11-11

Editing an Automated Action

11-13

Enabling and Disabling an Automated Action

11-13

Exporting and Importing an Automated Action

11-14

Deleting an Automated Action

11-14

Software Management Administration Tasks

11-15

Viewing/Editing Preferences

11-15

Selecting and Ordering Protocol Order

11-19

How Recommendation Filters Work for an IOS Image

11-20

Setting Change Report Filters

11-22

C H A P T E R 12

Managing Jobs

12-1

Using Job Browser

12-1

Configuring Default Job Policies

12-5

Defining the Default Job Policies

12-6

Configuring NetShow Job Policies

12-11

Defining Default Job Policies

12-12

Purging Configuration Management Jobs

12-13

Defining Protocol Order

12-14

Masking Credentials

12-15

Enabling Approval and Approving Jobs Using Job Approval

12-15

(14)

Contents

Assigning Approver Lists

12-18

Setting Up Job Approval

12-18

Approving and Rejecting Jobs

12-20

Using Device Selector

12-23

Using Simple Search

12-24

Using Advanced Search

12-25

Using the All Tab

12-30

Using the Search Results Tab

12-32

Using the Selection Tab

12-32

Editing Device Attributes

12-33

Attribute Error Report

12-36

Device Attributes Export File Format

12-36

C H A P T E R 13

Working With Software Center

13-1

Performing Software Updates

13-2

Viewing the List of Installed Applications and Packages

13-2

Selecting Software Updates

13-3

Downloading Software Updates

13-4

Performing Device Update

13-4

Viewing Package Map

13-5

Viewing Device Map

13-5

Checking for Updates

13-6

Deleting Packages

13-7

Scheduling Device Package Downloads

13-8

Scheduled Job

13-9

Event Log

13-10

Point Patch Update

13-10

Using the Software Center CLI Utility

13-11

Querying Updates on the LMS Server

13-12

Installing Device Packages

13-12

Uninstalling Device Packages

13-13

Downloading Software Updates

13-13

Downloading Device Updates

13-14

Downloading Point Patch Updates

13-15

(15)

Contents

C H A P T E R 14

Discrepancies and Best Practices Deviations

14-1

Understanding Discrepancies and Best Practices Deviations

14-1

Interpreting Discrepancies

14-2

Trunking Related Discrepancies

14-2

Trunk Negotiation Across VTP Boundary

14-3

Native VLANs Mismatch

14-4

Trunk VLANs Mismatch

14-4

Trunk VLAN Protocol Mismatch

14-4

VLAN-VTP Related Discrepancies

14-5

VTP Disconnected Domain

14-5

No VTP Server in Domain with at least One VTP Client

14-5

Link Related Discrepancies

14-6

Link Duplex Mismatch

14-6

Link Speed Mismatch

14-8

Link Trunk/NonTrunk Mismatch

14-9

Port Related Discrepancy

14-10

Port is in Error Disabled State

14-10

Device Related Discrepancy

14-11

Devices With Duplicate SysName

14-11

Spanning Tree Related Discrepancy

14-11

Port Fast Enabled on Trunk Port

14-11

Interpreting Best Practices Deviations

14-12

Channel Ports Related Best Practices Deviations

14-13

Non-channel Port in Desirable Mode

14-13

Channel Port in Auto Mode

14-14

Spanning Tree Related Best Practices Deviations

14-15

BPDU Filter Disabled on Access Ports

14-16

BPDU-Guard Disabled on Access Ports

14-17

BackboneFast Disabled in Switch

14-18

UplinkFast not Enabled

14-20

Loop Guard and Port Fast Enabled on Ports

14-22

Trunk Ports Related Best Practices Deviations

14-23

Non-trunk Ports in Desirable Mode

14-23

Trunk Ports in Auto Mode

14-25

VLAN Related Best Practices Deviations

14-25

VLAN Index Conflict

14-26

(16)

Contents

Access Ports Related Best Practice Deviation

14-28

CDP Enabled on Access Ports

14-28

Cisco Catalyst 6000 Devices Related Best Practice Deviation

14-29

High Availability not Operational

14-29

Customizing Discrepancies Reporting and Syslog Generation

14-30

C H A P T E R 15

Report Setting

15-1

Specifying User Tracking Report Purge Policy

15-1

Specifying Domain Name Display

15-2

Set Report Publish Location

15-2

C H A P T E R 16

Purge Settings

16-1

Purging Reports Jobs and Archived Reports

16-1

Purging VRF Management Reports Jobs and Archived Reports

16-2

Purging Configurations from the Configuration Archive

16-2

Syslog Administrative Tasks

16-4

Setting the Syslog Backup Policy

16-5

Setting the Syslog Purge Policy

16-6

Performing a Syslog Forced Purge

16-7

Purging Configuration Management Jobs

16-8

Scheduling a Configuration Management Purge Job

16-10

Enabling a Configuration Management Purge Job

16-11

Disabling a Configuration Management Purge Job

16-11

Performing an Immediate Purge for Configuration Management Jobs

16-12

Performance Purge Jobs

16-12

Performance Purge Data

16-14

View Performance Purge Details

16-17

IPSLA Data Purging Settings

16-18

Configuring the Daily Fault History Purging Schedule

16-20

C H A P T E R 17

Debugging Options

17-1

Configuring Discovery Logging

17-1

Maintaining Log Files

17-2

(17)

Contents

Fault Management Log Files

17-8

Performance Debugging Settings

17-9

IPSLA Debugging Settings

17-11

Config and Image Management Debugging Settings

17-13

Configuring Logging

17-17

Fault Debugging Settings

17-18

Setting Debugging Options for Topology and User Tracking

17-20

Setting up Debugging Options for Data Collection

17-20

Setting up Debugging Options for Network Reports

17-23

Setting Debugging Options for Device Groups

17-24

Setting Debugging Options for Topology

17-24

Debugging Options for User Tracking Server

17-25

Debugging Dynamic Updates

17-26

Debugging Options for User Tracking Reports

17-29

Debugging Options for Dynamic User Tracking Console

17-29

Debugging Options for CiscoView

17-30

Setting VRF Lite Debugging Options

17-30

VRF Lite Server Debugging Settings

17-31

VRF Lite Collector Debugging Settings

17-32

VRF Lite Client Debugging Settings

17-33

VRF Lite Utility Debugging Settings

17-33

C H A P T E R 18

Understanding LMS Tasks

18-1

Understanding Admin Tasks

18-1

Understanding System Tasks

18-2

Understanding Trust Management Tasks

18-7

Understanding Network Tasks

18-8

Understanding Collection Tasks

18-13

Understanding Report Tasks

18-17

Understanding Fault and Event Report Tasks

18-18

Understanding Report Archives Tasks

18-19

Understanding Report Designer Tasks

18-19

Understanding Inventory Report Tasks

18-20

Understanding Audit Report Tasks

18-20

Understanding Technology Report Tasks

18-21

(18)

Contents

Understanding Configuration Archive Tasks

18-25

Understanding Configuration Tools Tasks

18-26

Understanding ConfigCLI Tasks

18-28

Understanding Configuration Workflows Tasks

18-29

Understanding Configuration Job Browsers Tasks

18-30

Understanding Compliance Tasks

18-30

Understanding Monitor Tasks

18-31

Understanding Performance Settings Tasks

18-31

Understanding Fault Settings Tasks

18-33

Understanding Threshold Settings Tasks

18-33

Understanding Troubleshooting Tools Tasks

18-34

Understanding Monitoring Tools Tasks

18-35

Understanding Inventory Tasks

18-36

Understanding Group Management Tasks

18-36

Understanding Job Browsers Tasks

18-37

Understanding Device Administration Tasks

18-37

Understanding Inventory Tools Tasks

18-38

Understanding Work Center Tasks

18-38

Understanding Smart Install Tasks

18-39

Understanding Auto Smartports Tasks

18-39

Understanding Identity Tasks

18-39

Understanding EnergyWise Tasks

18-40

A P P E N D I X A

CLI Tools

A-1

Setting Up Local Users Through CLI

A-2

Adding Local Users

A-2

Importing Local Users

A-4

Importing Users From ACS

A-5

Migrating User Details from LMS 3.2 to LMS 4.x versions

A-5

Changing Cisco Prime User Password Through CLI

A-6

Managing Processes Through CLI

A-8

Viewing Process Details Through CLI

A-8

Viewing Brief Details of Processes

A-9

Viewing Processes Statistics

A-10

(19)

Contents

Setting up Browser-Server Security

A-16

Enabling Browser-Server Security From the Command Line Interface (CLI) On Windows

Platforms

A-16

Enabling Browser-Server Security From the Command Line Interface (CLI) On Solaris/Soft Appliance

Platforms

A-17

Disabling Browser-Server Security From the Command Line Interface (CLI) On Windows

Platforms

A-18

Disabling Browser-Server Security From the Command Line Interface (CLI) On Solaris/Soft Appliance

Platforms

A-18

Backing up Data Using CLI

A-20

Using LMS Server Hostname Change Scripts

A-20

Running the Hostname Change Script

A-23

Using DCR Features Through CLI

A-25

Viewing the Current DCR Mode Using CLI

A-25

Viewing Device Details

A-26

Changing DCR Mode Using CLI

A-26

Using Group Administration Features Through CLI

A-27

Exporting Groups Through CLI

A-28

Importing Groups Through CLI

A-29

Deleting Stale Groups Using CLI

A-30

User Tracking Command Line Interface

A-30

Exporting Switch Port Usage Report

A-34

Using Lookup Analyzer Utility

A-35

Understanding UTLite

A-37

Installing UTLite Script on Active Directory/Windows

A-38

Installing UTLite Script on NDS

A-40

Uninstalling UTLite Scripts From Windows

A-41

Uninstalling UTLite Scripts From Active Directory

A-41

Uninstalling UTLite Scripts From NDS

A-42

User Tracking Debugger Utility

A-42

Understanding Debugger Utility

A-42

Using Debugger Utility

A-43

Configuring Switches to Send MAC Notifications to LMS Server

A-43

Administration Command Line Interface

A-44

SNMP Configuration on Devices

A-46

(20)

Contents

Troubleshooting the Cisco Prime LMS Server

B-2

Verifying Server Status

B-3

Troubleshooting Suggestions

B-5

Frequently Asked Questions

B-6

User Tracking FAQs

B-7

VRF Lite FAQs

B-9

Cisco Prime LMS Server FAQs

B-14

General

B-15

Important URLs

B-26

Security

B-27

Software Center

B-30

Event Distribution Services and Event System Services

B-32

Backup and Restore

B-33

Database

B-34

Apache and Tomcat

B-36

Fault Management FAQs

B-42

Device Performance Management FAQs

B-43

IPSLA Performance Management FAQs

B-44

A P P E N D I X C

Data Extraction Engine

C-1

Overview of Data Extraction Engine

C-1

The cmexport Command

C-2

Running cmexport Command

C-2

cmexport Arguments and Options

C-3

Mandatory Arguments

C-4

Optional Arguments

C-4

Function-Specific Options

C-5

Displaying Help

C-5

Uses of cmexport

C-5

cmexport User Tracking

C-6

cmexport Topology Command

C-9

cmexport Discrepancy Command

C-12

cmexport Manpage

C-14

Command Line Syntax

C-14

(21)

Contents

DEE Developer’s Reference

C-16

Schema for User Tracking Data

C-17

User Tracking Schema for Switch Data

C-18

User Tracking Schema for Phone Data

C-19

User Tracking Schema for Subnet Data

C-19

Schema for Topology Data

C-20

Schema for Discrepancy Data

C-21

Using Servlet to Export Data from LMS

C-22

A P P E N D I X D

Understanding Cisco Prime Security

D-1

General Security

D-1

Server Security

D-2

Server–Imposed Security

D-2

Files, File Ownership, and Permissions

D-2

Runtimer

D-3

Remote Connectivity

D-4

Access to Systems Other Than the Cisco Prime LMS Server

D-4

Access Control

D-4

System Administrator-Imposed Security

D-5

Connection Security

D-5

Security Certificates

D-5

Terms and Definitions

D-6

A P P E N D I X E

Commands to Enable MAC Notification Traps on Devices

E-1

Overview of Dynamic Updates

E-1

Configuring Switches With MAC Notification Commands

E-2

Device Operating System Version-Specific Commands

E-2

List of Commands to Enable MAC Notification Traps on Devices

E-3

A P P E N D I X F

Recommended Best Practices

F-1

Basic Server and Client Requirements

F-1

Best Practices to Reclaim Disk Space Using Purging Method

F-1

Purging Databases

F-2

Purging Jobs

F-3

Purging Archives

F-4

(22)

Contents

(23)

Preface

Administration in Cisco Prime LAN Management Solution (LMS) 4.2 groups all the activities and tasks that a user with Network or System Administrator privileges needs to perform.

This preface details the related documents that support the Admin feature, and demonstrates the styles and conventions used in this guide. This preface contains:

• Audience

• Document Conventions

• Product Documentation

Audience

This guide is for users who are skilled in network administration and management, and for network operators who use this guide to make configuration changes of devices using LMS. The network administrator or operator should be familiar with the following:

• Basic Network Administration and Management

• Basic Solaris System Administration

• Basic Windows System Administration

• Basic Soft Appliance System Administration

• Basic LMS Administration

Document Conventions

Table 1 describes the conventions followed in the user guide.

Table 1 Conventions Used

Item Convention

Commands and keywords boldface font

Variables for which you supply values italic font

(24)

Preface

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.

Product Documentation

Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

Table 2 describes the product documentation that is available.

Variables you enter italic screen font

Menu items and button names boldface font

Selecting a menu item in paragraphs Option > Network Preferences

Selecting a menu item in tables Option > Network Preferences

Table 1 Conventions Used (continued)

Item Convention

Table 2 Product Documentation

Document Title Available Formats

Administration of Cisco Prime LAN Management Solution 4.2 (this document)

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/ user/guide/admin/admin.html

• PDF version part of Cisco Prime LMS 4.2 Product DVD.

Context-sensitive online help Select an option from the navigation tree, then

click Help. Getting Started with Cisco Prime LAN

Management Solution 4.2 • On Cisco.com at http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/ user/guide/getting_started/ lms42_getstart_guide.html

Configuration Management with Cisco Prime LAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/ user/guide/configuration/config.html

(25)

Preface

Monitoring and Troubleshooting with Cisco Prime LAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/us er/guide/lms_monitor/lms_mnt.html

Inventory Management with Cisco PrimeLAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/us er/guide/inventory/inventory.html

Technology Work Centers in Cisco Prime LAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/us er/guide/workcenters/wcug.html

Reports Management with Cisco PrimeLAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/us er/guide/reports/lms42_reports_guide.html

Installing and Migrating to Cisco Prime LAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/in stall/guide/install.html

• PDF version part of Cisco Prime LMS 4.2 Product DVD.

Navigation Guide for Cisco Prime LAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/N avigation/guide/lms42_nav_guide.html

Open Database Schema Support in Cisco Prime LAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/da tabase_schema4.2/guide/dbviews.html

Table 2 Product Documentation (continued)

(26)

Preface

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Release Notes for Cisco Prime LAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/re lease/notes/lms42rel.html

Supported Devices Table for Cisco Prime LAN Management Solution 4.2

• On Cisco.com at

http://www.cisco.com/en/US/docs/net_mgmt/ ciscoworks_lan_management_solution/4.2/de vice_support/table/lms42sdt.html

Documentation Roadmap for Cisco Prime LAN Management Solution 4.2

Printed document part of Software kit

Table 2 Product Documentation (continued)

(27)

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected].

OpenSSL License:

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: “This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”.

4. The names “OpenSSL Toolkit” and “OpenSSL Project” must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].

(28)

Notices

5. Products derived from this software may not be called “OpenSSL” nor may “OpenSSL” appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

“This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)”.

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS”' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]).

Original SSLeay License:

Copyright © 1995-1998 Eric Young ([email protected]). All rights reserved. This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]). Copyright remains Eric Young’s, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

“This product includes cryptographic software written by Eric Young ([email protected])”. The word ‘cryptographic’ can be left out if the routines from the library being used are not cryptography-related.

(29)

Notices

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

(30)

Notices

(31)

C H A P T E R

1

Overview of Administration

This guide is intended for Local Area Network (LAN) administrators and management professionals who perform LAN configurations and monitor LAN performance.

The Admin menu groups all the activities and tasks that a user with Network or System Administrator privileges can perform.

This section explains:

• How the guide is organized?

• Administration Tasks

• Understanding the System Dashboard

How the guide is organized?

The Administration user guide is organized as follows:

Table 1-1 Administration User Guide

Chapter Description

Chapter 1, “Overview of Administration” Provides information on the organization of Administration with Cisco Prime LMS user guide, and describes the System Dashboard portlets in LMS.

Chapter 2, “Setting up Security” Describes the security mechanisms that help to prevent unauthenticated access

to LMS server, Cisco Prime applications, and data. LMS provides features for managing security while operating in single-server and multi-server modes.

Chapter 3, “Administering LMS Server” Describes how to use administrative features to ensure that the server is perform-ing properly.

You can manage processes, set up backup parameters, update licensing informa-tion, collect server informainforma-tion, manage jobs and resources, and configure sys-tem-wide information on the Cisco Prime LMS Server.

Chapter 4, “Administering Discovery Settings and Device and Credential Repos-itory”

Describes how to configure discovery settings, and perform administrative tasks in DCR.

(32)

Chapter 1 Overview of Administration How the guide is organized?

Chapter 5, “Managing Groups” Describes how to use the Grouping feature in LMS.

LMS 4.2 has a more robust device grouping which can support 600 device groups. The other grouping services that are available in LMS are:

• Fault Group

• IPSLA Collector Group

• Port and Module Group

Chapter 6, “Administering Data Collec-tion”

Describes how to use Data Collection.

Chapter 7, “User Tracking and Dynamic Updates”

Describes how to use User Tracking and Dynamic Updates. User Tracking allows you to track end stations.

Dynamic Updates are asynchronous updates that are based on SNMP MAC no-tifications traps.which

Chapter 8, “Administering Collection Settings”

Describes how to configure the various collection settings in LMS.

Chapter 9, “Monitoring and Troubleshoot-ing SettTroubleshoot-ings”

Describes how to configure all the administrative tasks that you need to perform to monitor and troubleshoot your network using LMS.

Chapter 10, “Notification and Action Settings”

Describes how to configure the the administrative tasks involved in setting up no-tification, syslog settings.

You can also customize the names and event severity, create and activate a noti-fication subscriptions, and setup up automated actions for Change Audit tasks and syslogs.

Chapter 11, “Administering Change Audit and Software Management”

Describes how to perform Change Audit tasks and set your preference to download images.

Chapter 12, “Managing Jobs” Describes how to manage jobs in LMS, and set up job approval for certain

modules in LMS.

Chapter 13, “Working With Software Center”

Describes how to use the Software Center to check for software and device support updates, download them to their server file system along with the related dependent packages, and install the device updates.

Chapter 14, “Discrepancies and Best Practices Deviations”

Describes how to use the Discrepancies Reporting module of LMS to view the discrepancies and best practices deviations in your network.

Chapter 15, “Report Setting” Describes how to configure some settings for generating reports and set a report

publish location.

Chapter 16, “Purge Settings” Describes how to configure the purge settings of all modules in LMS.

Chapter 17, “Debugging Options” Describes how to configure the debugging settings of all modules in LMS.

You can also view the details of all the log files.

Chapter 18, “Understanding LMS Tasks” Describes all LMS tasks.

Appendix A, “CLI Tools” Describes all the CLI utilities that are available for the administrator in LMS 4.2.

Table 1-1 Administration User Guide (continued)

(33)

Chapter 1 Overview of Administration

Administration Tasks

Administration Tasks

The System Administration tasks are grouped into:

• Authentication Mode Setup

• Backup • Cisco.com Settings • Debug Settings • Group Management • License Management • Log Rotation • Server Monitoring • SMTP Default Server

• Device Management Functions

• Software Center

• System Preferences

• User Management

The Network Administration tasks are grouped into:

• Change Audit Settings

• Discovery Settings

• PSIRT, EOS and EOL Settings

• Configuration Job Settings

• Device Credential Settings

• Best Practises Deviation Settings

• Display Settings

• Monitor and Troubleshoot

• Notification and Action Settings

• Purge Settings

• Resource Browser

• Software Image Management

Appendix D, “Understanding Cisco Prime Security”

Describes the various levels of security implemented in Cisco Prime LMS.

Appendix E, “Commands to Enable MAC Notification Traps on Devices”

Provides information on the list of commands that needs to run on each device to enable MAC Notification traps

Table 1-1 Administration User Guide (continued)

(34)

Chapter 1 Overview of Administration Administration Tasks • Data Collection • Fault • Inventory • Performance • Syslog • User Tracking • VRF Lite

Apart from the system administration and network administration tasks, you can also perform:

• Trust Management – Local Server – Multi Server • Job Management – Job Browser – Job Approval

The two dashboards in the Admin menu are:

• System Dashboard. For more information, see Understanding the System Dashboard

• Device Status Dashboard.

This section is explained in the Inventory Online Help.

IPv6 Support in LMS

(35)

Application IPv6 Supported Features

Common Services The following features in Common Services support IPv6:

• Device Discovery

Common Services Device Discovery allows you to discover devices from IPv6 networks, using CDP and Ping Sweep on IP Range Device Discovery modules.

• DCR and Grouping Services

DCR supports IPv6 and stores the expanded format of IPv6 Addresses that are discovered by the CDP and Ping Sweep on IP Range modules.

• Device Polling

The device polling feature allows you to poll device using IPv6 address.

• Device Selector

The device selector feature allows you to search a device using IPv6 address either in a compressed format or in a expanded format.

• Configuring Default Credentials

You can define a default credential policy type based on the standard IPv6 Address format (6 octets separated by periods).

You can now create group rules based on IPv6 management addresses. LMS supports IPv6 Addressing scheme in the following Device Discovery pages:

• Seed Device Setting Page

• SNMP Settings Page

• Filter Settings Page

In the Device Troubleshooting home page, the existing IP Address field supports IPv6 Addresses.

(36)

Chapter 1 Overview of Administration Administration Tasks

Inventory, Config and Image Management

The following features/technologies in Inventory, Config and Image Management support IPv6:

• Assigning an IPv6 Address to a Layer 3 device or VLAN

• Retrieving software files from a device

• Distributing different versions of software to a device

• Scheduling retrieval of software from a device

• Retrieving configuration files from a device

• Distributing a new configuration to a device

• Distributing a historical configuration file to a device

• Scheduling distribution of configuration files to a device

• Provisioning Auto Smart Ports on ASP-capable devices

• Medianet

• Provisioning Identity on Identity-capable devices

• Configuring Syslogs

• IPv6 sorting in Work Center Grids.

CiscoView CiscoView allows you to enter an IPv6 Address of a device to display the device view for configuring and remote monitoring.

(37)

Network Topology, Layer 2 Services and User Tracking

The following features in Network Topology, Layer 2 Services and User Tracking support IPv6:

• Data Collection

The following tasks related to Data Collection are supported in the IPv6 environment:

– SNMP Timeout and Retry configuration for IPv6 devices

– Viewing Data Collection Metrics and reports for IPv4/IPv6 devices

– Creating group rules based on IPv6 Subnet and IPv6 Subnet Masks

– Device-based debugging for IPv6 devices

• Topology

The following tasks related to Topology are supported in the IPv6 environment:

– Setting an IPv6 Address as the preferred Management Address from Topology view

– Cross-launching Inventory, Config and Image Management and CiscoView from Topology Services - Device Dashboard and Add to Critical Poller

– Selecting IPv6 devices for Device Type Topology Filter

• Network Topology, Layer 2 Services and User Tracking Reports IP Address fields in all these reports except User Tracking reports can now display IPv6 Addresses.

You can sort the reports based on IP Addresses (IPv4 and IPv6).

• VLAN Configuration

The following VLAN related configurations are supported in the IPv6 environment:

– Configure VLAN

– Delete VLAN

– Create Private VLAN

– Delete Private VLAN

– Configure Port Assignment

– Configure Promiscuous Ports

– Create Trunk

– Modify Trunk Attributes Monitoring and

Troubleshooting

LMS supports IPv6 Addressing scheme in Device Performance Management.

(38)

Chapter 1 Overview of Administration Understanding the System Dashboard

Understanding the System Dashboard

The System Dashboard has the following portlets:

Note The data in these portlets does not appear based on any role-based authorization, both device-level or user-level authorization.

• Cisco Prime Product Updates

• Critical Message Window

• Device Credentials and AAA Information

• Log Space Usage

• Process Status

• System Backup Status

• User Login Information

• Job Information Status

• Audit Trail Information

• Job Approval

• Syslog Collectors Information

• Supported Device Finder Portlet

• VRF Collector Summary

• Collection Summary Portlet

Cisco Prime Product Updates

You can view the recent updates and announcements of Cisco Prime products using Cisco Prime Product Updates.

Critical Message Window

In the Critical Message Window portlet, you can view the alerts for Cisco Prime Drive Utilization and for processes that are down. For details, see Utilizing Space in the Cisco Prime Drive.

For instance, if the usage of the drive exceeds the specified limit, the alerts appear. You can click the help link to view the details, and can reduce drive utilization.

You must configure the refresh time in the portlets. You can also get information about:

(39)

Understanding the System Dashboard

• Single Sign On (SSO) master unreachability, which is applicable only for a slave server.

Utilizing Space in the Cisco Prime Drive

You can use the space in Cisco Prime LMS drive in the following ways:

• Delete the unwanted log files from the NMSROOT directory.

• Use the log rotate functionality, to rotate the logs to other drives.

• Remove unwanted files from the NMSROOT drive.

Note The Authentication modes appear in the Critical Message Window portlet (in red) if you do not have full privileges in the Device Credential and AAA Information portlet.

Table 1-2lists the Critical Message Window portlet details.

Device Credentials and AAA Information

The Device Credentials and AAA Information portlet allows you to view the information about the device credentials, admin settings, security settings, and device polling status.

The security settings enable you to view the security settings in LMS such as the Authentication mode, and Single sign-on configuration.

Table 1-3 lists the Device Credentials and AAA Information portlet details.

Table 1-2 Critical Message Window Portlet

Details Description

Cisco Prime Drive Utilization Displays the utilization of the drive for Windows, Solaris and Soft Appliance.

For Windows:

Drive is where the product is installed. For example, 'C' drive in case of "C/Program Files/CSCOpx"

For Solaris/Soft Appliance:

The portlet displays the File System utilization of the following:

/opt - Product Installed location /var - Log file details location. Processes xyz are down.

For example:ESS, EssMonitor, Proxy and so on.

Displays the processes that are down.

All the processes that are down are displayed in red in the portlet.

However, when Fault processes such as DFMCTMStartup and Data Purge are down, they are not displayed in the Critical Message Window portlet.