Dell OpenManage Network Manager User Guide
Notes, and Cautions A NOTE indicates important information that helps you make better use of your computer or software. A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this document is subject to change without notice. © 2011 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Contents Important Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 What’s New in This Version . . . . . . . . . . . . . . . . . . . . 25 Updating Your License . . . . . . . . . . . . . . . . . . . . . 25 A Note About Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Updating an Existing Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Cancelling the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Uninstalling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Stopping Servers . . . . . . . . . . . . . . . . . . . . . . . . . 56 Linux Command Line Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HTTP/HTTPS/WBEM . 84 . . . . . . . . . . . . . . . . . . . . . . . . . . 85 . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 SNMP v1/v2 SNMP v3 . 83 . . . . . . . . . . . . . . . . . . . . . Telnet / SSH . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 User Groups . . . . . . . .
Allow Same Character Consecutively . . . . . . . . . . . . Require Password Match Regular Expression . . . . . . . . 112 113 Group Rights Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 5 Licensing and System Controls . . . . . . . . . . . . . . . . . . . . . . . .115 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Default MySQL Restoration 8 . . . . . . . . . . . . . . . . . 139 The Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141 Introducing the Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Starting the Server . . . . . . . . . . . . . . . . . . . . . . . 141 Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Command Line Options . . . . . . . . . . . . . . . . . . . . . 141 Properties Best Practices . . . . . . . . . . .
Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Hiding and Displaying the Navigation Window . . . . . . . . . 165 Work Area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Column Titles . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Color Conventions . . . . . . . . . . . . . . . . . . . . . . . 165 Detail Panels . . . . . . . . . . . . . . . . . . . . . . . . . . 165 MIB Browser . . . . . . . . . . . . . . . . . . . .
Discover . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Resource Discovery Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Creating and Editing Resource Discovery Profiles . . . . . . . 205 General . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Discovery Options . . . . . . . . . . . . . . . . . . . . . . . . . . 206 . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Schedule Audit . . . . . . . . . . . . . . . . . . . . . . . . . . .
TACACS+ Settings . . . . . . . . . . . . . Password Settings . . . . . . . . . . . . . File Management -> Copy Files . . . . . . . Port Based Authentication . . . . . . . . . Port and Trunk Settings . . . . . . . . . . . Broadcast Control . . . . . . . . . . . . . Address Table -> Address Aging . . . . . . Address Table -> Static Addresses . . . . . Address Table -> Dynamic Address . . . . . GARP Settings . . . . . . . . . . . . . . . Spanning Tree -> Bridge Settings . . . . . .
Logging -> System Logs. . . . . . Logging -> Remote Log Servers . . Policy . . . . . . . . . . . . . . Advanced -> VLAN Management . Advanced -> IP Based ACL . . . . Advanced -> MAC Based ACL . . Advanced -> ACL Bindings . . . . DHCP IP Interface Parameters . . ARP . . . . . . . . . . . . . . . LACP Settings . . . . . . . . . . Cable Test . . . . . . . . . . . . Password Management . . . . . Host Name Mapping . . . . . . . Domain Naming System . . . . . Default Domain Name . . . . . . DHCP Relay . . . . . .
RMON -> Statistics . . . . . . . . . . . . . . Stack Management -> Stack Configuration . . Stack Management -> Stack Summary . . . . Stack Management -> Stack Port Summary . Stack Management -> Stack Port Counters . . Stack Management -> Stack Port Diagnostics Stack Management -> Supported Switches . iSCSI -> Global . . . . . . . . . . . . . . . . iSCSI -> Session . . . . . . . . . . . . . . . iSCSI -> Target . . . . . . . . . . . . . . . . VLAN -> GVRP Global Parameters . . . . . . VLAN -> Private VLAN . .
VLAN -> Bind IP Subnet to VLAN . . . . . . . . . . . . . . . . Multicast Forward All . . . . . . . . . . . . . . . . . . . . . . Additional Dell Screens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . File Management -> Active Images . . . . . . . . . . . . . . . File Management -> File System . . . . . . . . . . . . . . . . Management Interface . . . . . . . . . . . . . . . . . . . . . VLAN -> Protocol Group . . . . . . . . . . . . . . . . . . . .
IDS Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 436 Rule Sets . . . . . . . . . . . . . . . . . . . . . . . . . . 438 Service Sets . . . . . . . . . . . . . . . . . . . . . . . . . Aggregated Devices -> Device Options . . Aggregated Devices -> AE Interfaces . . Class of Service -> Code Points . . . . . . Class of Service -> Forwarding Classes . . Class of Service -> Drop Profiles . . . . . Class of Service -> Schedulers . . . . . . Class of Service -> Scheduler Maps . . .
RSVP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500 PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 Protocols -> BGP Peer Groups Protocols -> OSPF Areas . . . Area Range . . . . . . . . . . . . . . . . . . . . . . . . . 506 510 512 . . . . . . . . . . . . . . . . . . . . . . . . . . 512 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514 Interface . LSP Stub/NSSA . . . . . . . . . .
System -> Syslog Users . . . . . . . . . . . . . System Authentication -> Authentication Order . System Authentication -> Radius / TACACs . . . System Authentication -> Login User . . . . . . System Authentication -> Login Class . . . . . . Integrated Bridging -> Bridge Domain . . . . . PIC Configure -> Chassis Hardware . . . . . . Configuring Interfaces . . . . . . . . . . . . . Options . . . . . . . . . . . . . . . . . . . . . KeepAlives . . . . . . . . . . . . . . . . . . . . . . . . . .
Service Options . . . . . . . . . . . . . . . . . . . . . . . Channelized PICs -> Channel Groups . Channelized PICs . . . . . . . . . . . Channel Properties . . . . . . . . DS0 Channel Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612 . . . . . . . . . . . . . Show Screens . . . . . . . . . . . . . . . . Channelized IQ Interface Partitioning . . . . . Channelized Interface Configure -> Partitions Configure -> Clear Channel . . . . . . . . . . J-series Restore . . . . . .
Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .649 Locations Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649 Location Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651 Change Tracking . . . . . . . . . . . . . . . . . . . . . . . . 652 Custom Fields . . . . . . . . . . . . . . . . .
Network Services . . . . . . . . . . . . . . . . . . . . . . Port Speed & Duplex . 695 . . . . . . . . . . . . . . . . . . . . . 696 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 697 System Information Task 695 . . . . . . . . . . . . . . . . . . . . Time Servers . . . . . . . . . . . . . . . . . . . . . . . . . Batch Operations . . . . . . . . . . . . . . . . . . . . . . 697 698 Save and Execute Options . . . . . . . . . . . . . . . . . . . 698 Status . . . . . . . . . . . . . .
Audit Trail Logs . . . . . . . . . . . . . . . . . . Configuration File Records . . . . . . . . . . . . Discovery Definition Data Records . . . . . . . . Event History DAP Parameters . . . . . . . . . . Inventory Change and Tracking DAP Parameters . Inventory Records . . . . . . . . . . . . . . . . Job DAP Parameters . . . . . . . . . . . . . . . Learned MAC Address DAP Parameters . . . . . Log DAP Parameters . . . . . . . . . . . . . . . Notification DAP Parameters . . . . . . . . . . . Order Summaries . .
Schedule Info . . . . . . . . . . . . . . . . . . . . . . . . . 750 31 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .753 Introducing Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753 View Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 754 32 Active Performance Monitor . . . . . . . . . . . . . . . . . . . . . . . . . .
33 Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .801 Alarms Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801 Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801 Unrecognized Events . . . . . . . . . . . . . . . . . . . . . . 803 Alarm Severity and Count . . . . . . . . . . . . . . . . . . . . 803 Alarm Manager . . . . . . . . . . . . .
Email Options . . . . . . . . . . Email Variables from Alarms . Trap Forwarding Process . . . . . . . . . . . . . . . . . 838 839 . . . . . . . . . . . . . . . . . . . 846 . . . . . . . . . . . . . . . . 35 File Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .849 File Server Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849 External Servers . . . . . . . . . . . . . . . . . . . . . . . .
Creating or Modifying a Label . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 893 Label Group Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894 Appendix A: Database Sizing . . . . . . . . . . . . . . . . . . . . . . 897 Introducing Database Sizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 897 Database Aging Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Preface Important Information This application can give you automated, consolidated configuration and control of network resources. Consult this product’s Release Notes for information about additional changes not covered in the user guide. This Guide This guide outlines the features of an entire suite of applications, some of which are optional. What’s New in This Version This is an update to a previous major release with the following features. Consult the product release notes for more specifics.
Settings -> Permissions -> Register License menu item to open a file browser. Locate the license file, and click the Register License button. Your updated license should be visible in Settings -> Permissions -> View Licenses. NOTE: If you update your installation from a previous one where you upgraded license, you must also reregister those licenses. You must restart application server or wait up to 15 minutes before a license modification takes effect.
1 Hardware, Operating Systems and Ports Used System Basics System requirements vary depending on how you use it. You should base the minimum configuration of any system on expected peak load. Typically a configuration running all elements of a system on a single server spends 95% of its time idle and 5% of its time trying to keep pace with the resource demands.
Finally: In Vista, you must either to disable User Account Control or run application server as service. Another option is to run as administrator on startappserver. In Vista, right click the startappserver icon and select run as administrator. CAUTION: To manage Windows systems—you must install this application on a Windows host. • Linux—This application supports Redhat® (Enterprise® version 4, 4r5 or 5) and SUSE® (version 9 or 10) Linux, 64-bit only.
An Alternative for RedHat Linux 1 Copy /usr/lib/libtcl8.4.so from a 32-bit RH system to /usr/local/lib/32bit on your 64-bit RedHat system 2 As root, execute: ln –s /usr/local/lib/32bit/libtcl8.4.so /usr/lib/libtcl8.4.
Hard drive space requirements listed here, and other hardware requirements are based on expected maximum use for average installations and are only intended to be an approximate guide. NOTE: This software version is not compatible with Windows NT.
The numbers here reflect both SNMP traps as well as Syslog messages. Syslog messages can be recieved at a higher rate without loss and are inspected very quickly, but escalated syslog messages must still go through general event processing and correlation.
The Full installation is really just a client plus database size. The same footprint exists for any type of installation with the actual databases being the only difference. Applications can add required space for client as well as additional space for database server. The 750MB difference in the numbers above is simply a default setting in installer that requires an additional 750MB for data space.
b. Edit vsftpd.conf file with a text editor. c. Uncomment the line #listen = YES d. Change umask = 000 (must be at least 011) e. Save vsftpd.conf f. Run this process to stop the FTP process: /sbin/service vsftpd stop g. Run this to restart the FTP process: /sbin/service vsftpd start h.
6 Modify the following in the TFTP file located in /etc/xientd.d server_args = -u ftp-user1 -s /home/ftp-user1 This sets the same directory for ftp & tftp disable = no Save the file, then restart xinetd by going to System -> Administration -> Server settings -> Services, and enter the root password. Select xinetd a click on Restart or click Stop, then click Start. 7 34 Run the following in a shell to verify TFTP is running: netstat -a | grep tftp. A response should indicate such a process is running.
Ports Used You must sometimes configure this application’s port availability on firewalls. Sometimes, excluding applications from firewall interference is all that is required (see Ports and Application To Exclude from Firewall on page 41). The following are some of the standard port assignments for installed components. These are often configurable (even for “standard” services like FTP or HTTP), so these are the typical or expected port numbers rather than guaranteed assignments.
Destination Port(s) Service File(s) Notes Used from Client 234, 5, 7 (TCP) Telnet n/a MedSrv -> NtwkElement, nonsecure craft access Yes medserver1 254, 5, 7 (TCP) com.dorado.mbeans.OWE [user.root]\oware\jbossmailMBean (mail) 3.2.7\owareconf\owareservice.xml AppSrv -> SmtpRelay, communication channel to email server from Appserver 694, 5, 7 (UDP) TFTP (Configurable No internally), F, MedSrv -> TFTPSrv n/a No NtwkElement -> TFTPSrv medserver1 1614, 5, 7 (UDP) com.dorado.media tion.snmp.
Destination Port(s) Service File(s) Notes 10994, 5, 7 (TCP) org.jboss.naming.Naming [user.root]\oware\jbossService (JBOSS) 3.2.7\owareconf\jbossroot-service.xml Used from Client MedSrv -> AppSrv, Yes user client -> AppSrv, user client > MedSrv, (JBOSS naming service & OWARE context server URL), app/medserver 10992, 4, 5, 7 (TCP) OWARE.CONTEXT.SER VER.URL MedSrv -> AppSrv, Yes user client -> AppSrv. user client > MedSrv. (JBOSS naming service & OWARE context server URL) client [user.
Destination Port(s) Service File(s) Notes 25064, 5, 7 (TCP) JMS [user.root]\oware\lib\owa MedSrv -> AppSrv Yes SONICMQ_CLIENT_PO pp server.properties user client -> RT (JMS) AppSrv, (JMS SonicMQ client port) app/medserver 25074, 7 (TCP) JMS [user.root]\oware\lib\owa AppSrv -> AppSrv SONICMQ_CONFIG_PO pp server.properties MedSrv -> AppSrv, RT (JMS - SonicMQ client port), app/ medserver No 25084, 7 JMS SONICMQ_INTERBRO KER_POR T (JMS) No [user.root]\oware\lib\owa AppSrv -> AppSrv, pp server.
Destination Port(s) Service 44464, 5, 7 (TCP) org.jboss.invoca [user.root]\oware\jbosstion.jrmp.server.JRMPInv 3.2.7\owareconf\jboss– oker (JBOSS) root-service.xml (AppSrv ->AppSrv, Yes AppSrv -> MedSrv, MedSrv -> AppSrv, user client -> AppSrv, user client > MedSrv) app/ medserver 5988, 5989 WBEM Daemon (5989 is the secure port) defaults You can add ports and daemons in monitored services. These are only the default. WBEM requires one port, and only one, per daemon. No 78002(TCP) org.jboss.ha.
Destination Port(s) Service File(s) Notes Used from Client 90014, 6, 7 (UDP) mediation.listener.multi cast.intercomm.port [user.root]\lib\owmediatio MedSrv <-> MedSrv No n listeners.properties (mediation listener multicast intercommunications port) medserver3 31310 (TCP) 4, 6, 7 JBoss AppSrv -> AppSrv No 455664, 5 (UDP) org.jboss.ha.frame [user.root]\jbossAppSrv -> Multicast, No work.server.ClusterPartiti 3.2.7\owareconf \cluster- (JBoss HA frame on service.
Ports and Application To Exclude from Firewall Exclude java.exe, tcp port 21 and udp port 69 from firewall interference to let the application function. The java process to exclude from firewall blocking is \oware3rd\ jdk[version number]\jre\bin\java.exe.. The embedded database process is mysqldmax-nt.exe (in Windows, the path is oware3rd\mysql\[version number]\bin\mysql-max-nt.exe). Consult your DBA for Oracle processes, if applicable.
Hardware, Operating Systems and Ports Used
2 Installation Installation Overview and Prerequisites The installation process installs the application, including its foundation class software. For hardware requirements, and other prerequisites, consult the sections following System Basics on page 27. This application is incompatible with any other software using the standard SNMP ports (162, for example), or other raw sockets. Either stop the conflicting application before you install this one, or stop this one whenever you want to use the alternative.
Basic Network Considerations This application communicates with devices over a network. In fact, you must be connected to a network for Application Server to start successfully. Firewalls, or programs using the same ports on the same machine where this application is installed can interfere with its ability to communicate with devices. See Ports Used on page 35. Your corporate network may have barriers to communication with this software that are outside the scope of these instructions.
Fixed IP Address OpenManage Network Manager is a web server, among other things, and so must be installed to a host with a fixed IP address. For demonstration purposes, you can rely on dynamic IP address assignment (DHCP) with a long lease, but this is not recommended for production installations. Windows Prerequisites This application requires a temp directory on the host where it is being installed. If the install launcher cannot extract a Java Virtual Machine (JVM), then it cannot run.
Best practice is to install as the user designated as DBA and admin of the system. If necessary, create the appropriate user and login as this user for running the install program. The installing user must have create privileges for the target directory. By default, this directory is /opt/dorado. CAUTION: Linux sometimes installs a MySQL database with the operating system. Before you install this application, remove any MySQL if it exists on your Linux machine.
Installing the Application If you are installing the software on a machine with multiple Network Interface Cards (NICs), installation prompts you to select one IP address for the system you are installing. 1 Log in as a user with administrator’s permissions on the Windows machine where you want to install the software or as any non-root account on Linux. CAUTION: You must install to Linux as a non-root user with the permission to create directories in the selected installation path.
Client Installation—This installs client software. It does not configure the machine to run a Mediation Agent or Application Server. A subsequent screen asks you to fill in the partition where this machine is a client. NOTE: To allow a client to connect without multicast, add the following property to the client’s owareapps\installprops\lib\installed.properties file. OWARE.CONTEXT.SERVER.URL=jnp://[HostName]:1099 NOTE: This application supports a web client.
10 The setup program automatically installs all of the managed system software for your hardware configuration. 11 If you are installing on Linux, you must run a setup script in a separate shell, logged in as root user. Installation prompts you to run a generated script after the install phase finishes. This script records information in case you need technical assistance and installs some files as root. Open a new shell, log in as root, and run the listed script ($OWARE_USER_ROOT/install/ root/setup.
To start the client, either use the icons in the Start menu (in Windows), the icon on the desktop (Linux), or type redcell on a command line in a shell with the Oware environment. When you license new features, you must restart the application server and client. NOTE: Since disabling legacy web services enhances performance, they are disabled by default. To enable them, add the following line to $OWARE_USER_ROOT/owareapps/installprops/lib/ installed.properties: com.dorado.core.ws.
pmgetstatus If you elect to autostart your Application Server, you can run the pmgetstatus script from a command line to see the status of Application Servers. If you run oware first in the shell where you run pmgetstatus, this script will automatically be on the path. Here is its usage (produced by typing the script name followed by -?): Usage: pmgetstatus [-h ] [-p ] [-i [-r ]] Oware utility for reporting status on managed server processes.
The tray icons themselves indicate the current service condition. Icon Status Offline (no status available, or not controlled by server manager) Running (initializing, or shutting down) Ready Stopped You can also right-click the icon to see the client menu. Figure 2-2. Process Monitor Client Menu The logs item let you view logged items for Server Manager, or Application Server. You can Start or Stop the service(s) running on your host.
The IP address also appears in database connection properties: com.dorado.meta_database.name=//192.168.0.10:3306/owmetadb com.dorado.jdbc.database_name.mysql=//192.168.0.10:3306/owbusdb To change the IP address, stop the server, set these properties to the new IP address and delete the content of the oware/temp directory. Then restart the server. ipaddresschange A simpler alternative to changing properties is to use the ipaddresschange script.
oware.appserver.web.https.port=8443 You may then change the port values for these property entries and restart the Application Server. Special setup (outside the scope of this document) is necessary to run a web server on port numbers lower than 1024 on many operating systems. CAUTION: Do not change the system time while the Application Server is running. If you must change the system time, shut down the server before the change, and restart it afterwards.
configuration and not application installation so it cannot stop unless you kill the process. If you do manage to abort the install after file transfer completes (after the “creating uninstaller” message goes away), then you must run the uninstaller to remove the software. CAUTION: Cancellation is not recommended. You may strand processes that you must then manually shut down. Some directories and files would be left behind after the automatic rollback that occurs when cancelling an install.
Uninstalling removes all installed files and files created by using the installed system (that it has permission to delete). It does not remove directories that were not created by this application’s installation or runtime. User-created directories in the product’s directory path remain after product removal. NOTE: Uninstaller may freeze on hosts with inadequate resources. Also: The uninstaller deletes uninstall.exe, if you press the cancel button.
Linux Command Line Installation You can run a Linux installation from a command line with text prompts that are equivalent to the graphic interface prompts described in Installing the Application on page 47, and the following pages. Here is the command line to run the text-only installation: install/linux/linuxinstall -console Modified Files The following system files may be modified during root installation: /etc/.dsienv - installed /etc/my.cnf - installed /etc/rc2.d/S75owaredb — installed /etc/rc2.
# Application Overrides #============================================ # set event template cache timeout to 1 minute redcell.assurance.batch.processing.event.template.cache.expiration=60000 CAUTION: If any of the dependency directory names (for example, owareapps/redcell) do not exist, then the application does not load override file. Consult the comments in the properties files you are overriding for further information about specific properties.
Ports Used This application uses the following ports. Ensure your firewalls or other network security measures do not block these ports. Port Number Used by... 1098 Naming service (JNDI) 1099 Naming service (JNDI) 3100 HA Naming Service (JNDI) 3200 HA Naming Service (JNDI RMI) 4444 JRMP invocation (RMI) 4445 Pooled JRMP invocation (RMI) 6500 to 6510 Mediation cut-through 80 HTTP 443 HTTPS 8093 JMS The client HTTP cut-through goes directly to the device from the client.
• swap—swap is the space allocated for the operating system to use as part of its virtual memory to augment physical memory. If something in memory has not been used for a while, the operating system will move it to disk temporarily. Recommendations for this are typically for two to three times the physical memory, however we usually determine the amount available based on physical memory. If you have 512MB, specify 1.5-2.0GB.
Web Client on UNIX Systems Xvfb must be running to have a web client work correctly. This is automated when you have application server start automatically. Confirm xvfb is running as follows: >ps -ef | grep Xvfb root 14860 14855 0 12:14:36 pts/3 0:00 /usr/X11R6/bin/Xvfb :1 -screen 0 1152x900x8 dorado 16099 14502 0 14:51:24 pts/1 0:00 grep Xvfb This is an example; the path that appears when you grep depends on your operating system.
Installation
3 Managing the Runtime Environment Runtime Requirements This application runs as a thin client. It gets services from an application server, which must be up and running before any clients start. Application Server Clients do not run if they cannot connect to an application server. Instead, a warning appears and the clients shut down. If a client loses connection to the application server (for example, if the application server restarts) a Connection Lost dialog appears.
these with any text editor. See Overriding Properties on page 57 for more information about configuring application server. See Chapter 6, Properties for additional details. See also the results of startappserver -h from a command line for additional command line options. JMX Console The JMX Console is a management tool to assist in fine-tuning the application’s JMS environment. Once your application server is running, access this console in a browser at this URL: http:// localhost:8080/jmx-console.
Database Timeout When managing large networks or equipment with many interfaces, you may have to increase the com.dorado.bom.lock_timeout property in owdatabase.properties. Increase this setting based on the size of the equipment being managed. Generally, you should set this value to the maximum number of interfaces you expect your network elements to have. For example, if the element is expected to have 500 logical interfaces then the timeout value should be set to 500.
Managing the Runtime Environment
4 Security Security Overview This application enforces security several ways, including permissions, authentication, and security policies. The various Managers and interfaces that set and view security settings appear in the Permissions submenu, shown below. Access it by selecting Settings -> Permissions. Figure 4-1. Permissions Submenu You can also create resource roles (from File -> Open -> Inventory -> Resource Roles, see Chapter 15, Resource Roles for details).
Security Events This application emits security events. The base security event is OWSecurityEvent. Here are the rest of the Security Events, with comments where their title does not make their function selfevident: • • • • • • • • • • • 68 Security OWSecurityAccountResetEvent OWSecurityClientTerminationEvent — Success of previous event request, emitted just before client termination. OWSecurityLoggedOnEvent — Response to previous event's request; user monitor listens to build list of active clients.
User Manager The application’s User Manager, shown below, lets you create and manage users, and associate information with them like passwords, group membership, and contact information. Select Settings -> Permissions -> User Manager to display the User Manager. Figure 4-2. User Manager The User Manager displays the User ID, First and Last Name, Status (enabled or disabled) and whether the user is Locked Out. The detail panels at the bottom of the screen display those for the selected user.
The User Manager has these controls: - New — Opens a dialog where you can add new users to the system. See Adding or Modifying a User on page 71 for more information. NOTE: Best practice is to add new users rather than making changes to administrative privileges. - Open — Opens an edit dialog populated with the information for the selected user. See Adding or Modifying a User on page 71 for more information. - Delete—Removes the selected user from the list (and the application).
- —The installing user is seeded during database creation during installation (not for client installations). The login is the operating system’s name for the installing user. You can neither log in with this account nor delete it. - OWAdmin—A seeded administrative account. You can log in with this account, and cannot disable it, but you can change its password. You cannot delete this account. - admin—A seeded administrative account, which is the core application component.
General The General tab lets you enter and edit identifying and contact information for the selected (or newly created) user. Figure 4-3. User Manager: General Tab The following are the fields on this tab (described when not self-evident): General - User ID — (Required) Enter an ID for this user. If you are modifying an existing user, this field is read-only. The User ID must be unique; if it matches an existing User ID, the application generates an error.
- Fax Number — Select a fax number type from the drop-down list, then enter a fax number for the user. - Password — (Required) Enter the password for this user. For security purposes, the characters appear as a series of asterisks. The default security does not require the password to contain mixed-case letters, numbers, or special characters. Once a user has been created, this field becomes read-only. - Confirm Password — (Required) Re-enter the password for this user.
Statistics This portion of the screen displays statistics for the selected user. - Last Login — The time and date of this user’s last login. - Last Login IP Address — The IP address of the host for this user’s last login. - Last Login Attempts — The number of attempts this user made when last trying to log in. - Previous Login — The time and date of this user’s previous login. - Previous Login IP Address — The IP address of the host for this user’s previous login.
Figure 4-4. Functional Permissions Configure permissions by checking the actions that appear in the row with the permission. These determine a user’s capabilities within the application. NOTE: The description in the lower panel also may indicate additional dependencies to take into account when configuring your permissions. Generally, the following describes the effects of enabling these actions:. Action Default Behavior read When checked, this enables the Edit menu item on the action menu.
Action Default Behavior add This enables the New menu item on the action menu. If you do not check this action, then the New menu item does not appear. delete When checked, this enables the Delete menu item on the action menu within managers. The functional permissions that use these actions—and their descriptions—appear in this screen. The description appears at the bottom of the screen when you select a permission’s row.
Figure 4-5. All Permissions This screen typically displays more checked permissions than the Permissions screen, since it shows the combination of User and Group permissions. NOTE: This screen appears only for individual users, not groups. You also cannot see the permission descriptions on this screen. For that, return to the Permissions screen. User Group Manager The User Group Manager lets you create user groups (see User Manager on page 69 for instructions about creating users themselves).
Figure 4-6. User Group Manager Click New or select a group and click Open to modify a group. See Adding or Modifying a Group for a description of the editor. To remove a group, select it, then select Delete. You cannot delete some groups; for example, you cannot delete Administrators. Select Copy to duplicate an existing, selected user group. See Copying a User Group on page 79 for more about this process. You must re-name copied groups. Clicking Help opens context-sensitive help for this screen.
Figure 4-7. Group Editor Enter or modify the appropriate information in the Group Editor’s fields and click OK to save the entry. The following are the fields in this dialog: Name — The name of the group (read-only if editing, rather than creating). This entry is required, and must be unique. Description — A description of the group. This entry is optional. Permissions Use this screen as described in Permissions on page 74.
Default Role and User By default, a role (user group) and two users exist when you install your application. Here are the defaults: - Role: Administrator User: admin (a case-sensitive login). Windows installations create a user with the same name as the login for whoever did the installation. This user is not attached to any role. It is also often unused.
- Open—Edits a selected authentication object (see Authenticator Editor on page 82). - Print—Create an Acrobat report of the items displayed in the inventory (change the filter and click Go to change this display). You must have the free Acrobat reader installed for this to function. See Adobe’s website to download and install this application. - Delete—Removes the selected authentication object from those listed.
Authenticator Editor The Authenticator Editor is the interface where you create and modify authentication objects. It contains the following pages: General, Equipment, and User Groups. The General page is different, depending on the Authentication Type. These types include: • • • • • • • EMC FTP HTTP/HTTPS/WBEM SNMP v1/v2 SNMP v3 Telnet / SSH Windows NOTE: The Audit section of this manager catalogs actions in which the application used the authentication.
- Use for EMS—Checking this lets this application—the entire element management system (EMS)—use this authentication. Otherwise, authentications are only available to individual users who have permissions to use them. If none of the associated credentials are marked Use for EMS then the software chooses the set of authentications to which the current user has access. Administrators typically use this capability to control access to cut-thru session capabilities (read vs.
If none of the associated credentials are marked Use for EMS then the software chooses the set of authentications to which the current user has access. Administrators typically use this capability to control access to cut-thru session capabilities (read vs. read-write) when a command line interface is present to the managed device. NOTE: Resync fails if you do not check this box. Select FTP Parameters - Password — The password for the User ID this object uses. - Confirm Password — Confirm the password.
capability to control access to cut-thru session capabilities (read vs. read-write) when a command line interface is present to the managed device. NOTE: Resync fails if you do not check this box. Select HTTP/HTTPS Parameters - UserID—The login ID. - Confirm Password — Confirm the password. Confirm your entries here with File -> Save or by clicking on the Save icon or button. SNMP v1/v2 Enter information for v1 or v2 SNMP authenticators through the General (SNMP) page, shown below.
capability to control access to cut-thru session capabilities (read vs. read-write) when a command line interface is present to the managed device. NOTE: Resync fails if you do not check this box. Select HTTP/HTTPS Parameters - Read Community —The default is public. - Write Community —The default is private. - Trap Community— The default is public. Confirm your entries here with File -> Save or by clicking on the Save button or icon.
Changing the value of engineID may have important side-effects, altering both the acceptable SNMP community string and command line password for a device. If this occurs, re-configure the device’s authorized users. CAUTION: When creating the SNMPv3 user account for OpenManage Network Manager ensure that all MIBs are included in that user’s view.
- Privacy Key— Enter the privacy key. The application uses this to generate a secret key. Specifying MD5 requires the privacy key to be 16 characters long while SHA requires the privacy key to be 20 characters long. CAUTION: OpenManage Network Manager does note support the same user ID with different authentication schemes in the same deployment. If you need to deploy a portion of the network with SHA and another with MD5 you must use different user IDs.
capability to control access to cut-thru session capabilities (read vs. read-write) when a command line interface is present to the managed device. NOTE: Resync fails if you do not check this box. Select Telnet / SSH Parameters - User ID—The user login. - Password / Confirm— The password for the User ID this object uses. - Enable User ID—The user login, if the device needs a different login for an enabled user. Consult your device’s manuals for more about this.
Figure 4-16. General (Windows) Page Before you can expect to manage servers with a Windows Management Interface driver, you must download and install the latest version of the Microsoft.Net™ framework. The WMI login for this software must also be credentials must be for a domain user who also belongs to the administrator group on the WMI device for complete functionality. Both this and .NET installation are requirements for any installation managing WMI devices.
Equipment The Equipment page provides an interface through which you can associate managed resources with the authentication object you are creating or editing. - To add equipment—Click Add. The Select Equipment page appears. Click an equipment object in the list to select it; the selected object then appears in the lower pane. A turn key icon appears if the selected object contains subcomponents (cards and ports, for example); click on the turn key to display a tree representation of those subcomponents.
• • • • Enabling Strict Host Key Checking Populating the SSH known_hosts File Troubleshooting SSH SSH HostKey Errors Enabling Strict Host Key Checking To enable strict host key checking you need to configure a host entry in the SSH configuration file setting StrictHostKeyChecking to yes. The default SSH configuration file located in $OWARE_USER_ROOT/owareapps/ezmediation/lib/default_ssh_config. Make a copy of this file, renaming it to ssh_config.
~:ssh -o StrictHostKeyChecking=ask -l admin 192.168.1.118 The authenticity of host '192.168.1.118 (192.168.1.118)' can't be established. RSA key fingerprint is 90:b7:2a:e0:64:30:6a:74:9c:e8:7b:75:61:48:52:7b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.118' (RSA) to the list of known hosts. admin@192.168.1.118's password: Last login: Thu Sep 10 14:23:08 2009 from 10.35.35.2 --- JUNOS 9.5R1.
Troubleshooting SSH To trouble shoot SSH configuration issues and host keys debug output can be helpful. Turn on log4j debug for com.dorado.mediation.cli and you should see debug that looks something like the following (d:\Dell is $OWARE_USER_ROOT in the following): loading SSH config from 'd:\Dell\owareapps\ezmediation\lib\ssh_config' loading host '*' adding property 'compression.s2c' = 'none' adding property 'compression.
By default, RADIUS authentication is commented out in this file. To use RADIUS, uncomment this section (changing to >). Then, configure the options (example server, secret, prompts, NAS-IP-Address). Here is an example of the application’s freeradius implementation on helix. PAGE 137Modifying the MySQL File Systems If you have upgraded from older operating systems (Windows® 3.1, for example), you may still have a FAT file system that limits your database size or expansion beyond 2GB. The database is a file as far as the operating system is concerned, and FAT limits file size. There is also a 4GB limit on early versions of NTFS that may linger because of upgrades. To change the installed database sizes, you must edit the configuration file: • Windows: %SystemRoot%\my.
• You can add as many entries as you like. However, you can use initial, max and autoextend only in the last entry, and must change the first entry to reflect the actual size of the database. The name of filepath must be valid on the filesystems. However, you must always have your leaf directory in the path as ibdata. • Database Backup / Restoration The recommended procedures for database backup and restoration for the embedded database follows.
2 Recreate the database mysqladmin -u USERNAME -p create DATABASE or mysqadmin -u USERNAME --password=[password] create DATABASE 3 Import the backup data mysql -u USERNAME -p DATABASE < FILENAME.mysql or mysql -u USERNAME --password=[password] DATABASE < FILENAME.mysql Default MySQL Backup The following command lines back up owbusbd and owmetadb to a file. The following also assumes you have run the oware command in the shell, and have changed directories to owareapps/db_backup.
Database Management
8 The Application Server Introducing the Application Server The Application Server is the central engine for all components on both server and client systems, relieving clients of significant programming infrastructure overhead. The Application Server is a set of Enterprise JavaBeans (EJBs) embedded within EJBs provide remote access from clients to other components—the Virtual Rule Machine (VRM), Mediation Services, the Event Channel, and other services.
Properties Best Practices Best practice is to configure application and mediation servers by overriding properties that configure them. If you do not override properties settings, any upgrade to your software resets them to the defaults. Override properties in the files owareapps\installinfo. You can read the properties files overridden in oware\lib and in owareapps\ \lib for details about what can change.
9 Starting The Application Overview: Starting the Application This application enforces security at the client level. You must have a valid user ID and password to log on to the application and use its features. You must also have an installed license (see Installing Licensing on page 144). Before you can start to use this application, you must start Application Server. Starting Application Server starts both application server and mediation service “daemons” on UNIX.
Figure 9-1. About Process Monitor NOTE: System changes can make the server manager system tray icon disappear in Windows while the process is still running. If you cannot make your icon reappear, try running pmtray -r from a command line, then restart the server manager with pmtray.
>oware >licenseimporter g:\path\license.xml When it is finished, you should see: importing.....done The g:\path portion of this command line is an example. Correct it to wherever you have stored your license file—typically on the directory where you installed from. NOTE: If you import a license that, for example, changes the application’s capabilities, it does not immediately take effect. You must restart application server or wait at least 15 minutes.
Change Password After your initial login, the application prompts you to change the password. By default, this does not restrict the password to having special character(s), or number(s). It also allows both upper and lower case letters for the new password. Figure 9-4. Change Password Dialog You can set password constraints in the application (provided you have permissions to do so). See the online help for details.The Settings -> Change Password menu item lets you change your password later.
The About Box To see which products are installed, and what versions, select the Help -> About menu item. Figure 9-5. About Box The about box appears with the products listed on the left, and the version information for the selected product on the right. About boxes for device drivers list supported devices and their operating systems.
after a colon. If you have a popup blocker installed, you may have to click a link in the first web page that opens. When the web client opens, it presents a login screen. Once you log in, a subset of the application’s services appear on the left navigation pane. NOTE: When you first log in, you may have to restart the browser once you have reset your password. For information about how to use the interface for web client capabilities, consult the relevant portion of this guide.
This disables the HTTP connector thereby securing the server. To use HTTPS, then, use a URL like this: https://MyAppserver:443 To force the client to use HTTPS (secure) for web connections to the server (such as opening the toner ordering pages) add the following line to owareapps/installprops/lib/ installed.properties (this will be the same file as above when addressing this issue with the client when running locally on the server). appserver.enable.
Web vs. Java Clients Web clients are more limited than Java clients. For example, the “are you sure you want to do this?” confirming dialog boxes that appear on Java clients do not appear on the web.
Web Client Java Client Propagation Policies Propagation Policies File management Configuration Files OS Images (firmware deployment) Configuration Labels Configuration Labels Configuration Generation Templates Schemas OS/Firmware Download and Save (on appserver) File Servers File Servers Active Monitoring Monitors Monitors Dashboard Views Dashboard Views Retention Policies Retention Policies Reports Reports Reports Report Templates Report Templates System Services Audit Trails Audit Trail
Starting The Application
10 Navigation Overview This section explains how to navigate the application. The application’s Portal consists of the following sections: • • • Toolbar Menu Bar Work Area Drag and Drop This software lets you drag and drop columns within screens that display information in tables. One caveat: since the screen has so much information, the “drop zone” can sometimes be small. Figure 10-1.
Toolbar The toolbar at the top of the initial screen is always visible. Figure 10-2. Toolbar (two pieces of the same bar) Hover the cursor over an icon for a text description. The following are in order, left-to-right. These icons are active (not grayed out) only when relevant: - Home—The initial home page for the admin user is a screen that prompts that user to discover devices on the network. Otherwise, it opens the screen you have specified as your home page.
Layout Bar Between the toolbar icons and buttons, two pick lists let you quickly select layouts. Figure 10-4. Layout Bar This lets you alter the following: -
screen as described in Layout -> New / Edit / Delete on page 162. To close a layout without deleting panels, use the Toolbar button. To re-open a layout (as you last modified or created it), use the Layout Bar. Action Button / Right-Click Menu You can access the menu to manipulate items appearing on a screen either with the action button in the right end of the title bar, or by right-clicking a selected item.
Move Up / Down / Left / Right—This selection appears in some layout menus—in detail panels, for example. These relocate the selected panel in the screen. Other panels automatically relocate to accommodate the moved panel. Available Attribute List (+) The Available Attribute List button (a plus sign when the panel is closed, a minus sign when it is open) in the title bar toggles the appearance of a list of attributes that appear as columns in the screen to the left. Figure 10-7.
Figure 10-8. Quick Group As described above, you can click the left two icons above the attribute panel to add or remove a selected attribute from the displayed columns in the list of equipment. You can also drag an attribute name to the list to display it there as a column. The two icons on the right above the attribute panel let you display groups (or un-group displays) of devices based on the attributes selected.
Filters consist of an attribute (equipment attributes like Operational State), an operator (like in / not in, is / is not) and a match term (like Active, Busy). Some operators like in / not in permit multiple match terms. To enter multiple match terms, select a term in the far right pick list, then click the plus sign (+). You can also select listed match terms and delete them (X). For other managers, you can create a different kind of filter.
Figure 10-11. Multiple Filter Criteria - Expanded You can click the Go button in either the summary and expanded filter to see the effect of the filter. The funnel-and-plus does not appear when a filter can appear in the available space (when it does not have enough criteria to require this summary / expanded view pair). Updates in the database that could cause changes to a derived attribute (column headings are typically italic for such attributes) are typically not automatically reflected in the manager.
Figure 10-12. MDI View NOTE: You can cascade and tile MDI windows from the Window menu. When you have MDI windows open, the upper right corner has icons that let you (from left to right) minimize, maximize and close the window. Closing the window is equivalent to Cancel. It abandons edits Figure 10-13. Minimize, Maximize, and Close MDI Window Browser view fills the work area with the selected screen(s). Use the Windows menu (or Ctrl+F6) to cycle between screens.
Figure 10-14. Status Bar To the left of the status bar text, a progress bar appears that tracks current operations’ progress. The left text displays the logged in user, and the right text displays the partition name where application server is running. This partition name turns red when the client loses connection to the application server. Layout -> New / Edit / Delete This menu appears when applicable. It lets you create (New), Edit or Delete a layout for the application.
Layout and Organization - Select the layout style—Select a radio button for the layout style you want. These include single column, two column with the narrow column on the right, and two column with the narrow column on the left. The appropriate column content selectors appear when you select a radio button. - Narrow / Wide Column—Use the pick list(s) below these labels to select from available layout column contents.
Settings -> Configuration This menu lets you open Control Settings and Inventory Config (Inventory Config on page 174) editors. The application’sAdministration Section describes most of these items. Settings -> Options The screen that appears after you select this menu item lets you select the default page that appears when you open the application (the Set Home page button), or move a navigation tree node to or from the Favorites node (the Add / Remove Favorites button).
Hiding and Displaying the Navigation Window You can conceal the navigation window to increase the size of your work area. To hide the navigation window click on small arrows on the bar between it and the work area. This is a toggle; click those arrows again to redisplay the navigation window. Or, to resize it, drag the bar to a new location. NOTE: By default, the navigation window collapses the tree it displays. You can click the nodes to un-collapse it.
Figure 10-17. Detail Panels The Edit button appears at the bottom of detail panels if you can edit their contents. Cancel your edit if you want to return to the previous parameters. NOTE: To refresh detail panels, select another item in the manager, then re-select the one for which you want details refreshed. MIB Browser Direct access SNMP sessions open a MIB browser where you can examine existing MIBs, or (with the Add button) add more MIBs.
Figure 10-18. Direct Access SNMP You can also open this screen directly from the navigation panel’s MIB Browser icon, or from the File -> Open -> System Services menu, and examine selected MIBs there. This screen displays available MIBs in the upper left corner. Click Add to load any additional MIBs. Select a listed MIB, and a tree of its nodes appear in the lower left corner. The selected node’s description appears in the right panels.
Devices Tab The Device tab includes the MIB Property and Value fields. Multiple pairs like these can appear on this screen. You can see the selected values at the bottom of this tab. You can also Refresh the values with that button, or Export the values in a comma-separated value (.csv) file that resembles the following: "instance","sysApplInstallPkgManufacturer" "1.3.6.1.2.1.54.1.1.1.1.2","1.3.6.1.2.1.54.1.1.1.1.
11 Common Operations Overview This section discusses conventions used throughout these guides (online and print) and operations common to the application. Conventions The following conventions appear throughout this information: Selecting Items From Menus The phrase “select Inventory -> Locations from the File -> Open -> menu or the Navigation Window” means you should do one of the following: • • Click on the menu item listed. (Inventory is a subitem in the Open menu item in the File menu.
Figure 11-1. Search Fields To use this feature, enter that is a partial match for the item you want then click the search icon (magnifying glass) to display the first match. Clicking the drop-down list that replaces the match field displays all matches. To clear the selection, click the red X at the right. Clicking the command button (...) still opens a selector with all available matches. If you already have a selection, then the delete (X) button conceals the search button.
If the service type or drive specifies no filter, OpenManage Network Manager uses the default filter for that attribute (not the whole screen, just the field), inserting the filter . NOTE: Hover your cursor over the field to see a tooltip outlining its filtering possibilities. The GO Button To save loading the query time, you can configure the application so managers do not automatically run their default filter when you open them (running this filter is the default behavior).
Creating My Favorites By default, two nodes of the navigation pane appear in My Favorites at its top: Resource Discovery, and Resources. Figure 11-2. My Favorites, and Add to Favorites Right-click any node in the navigation pane and select Add to Favorites to duplicate it in the My Favorites node. Saving Some dialogs have a Save button to save the results of your actions with that screen.
To move a single item from one list to another, select it and click on the > or < button. To move several items from one list to another, hold down the Ctrl key while clicking on the desired items. Click on the > or < buttons. To move all items from one list to another, click on the >> or << button, if it is available. You can see such lists in the Discovery Wizard when you select authentication objects. Sorting Columns in Managers You can sort lists of items in a column.
Subnets therefore repeat in increments of 16 (16, 32, 48...etc.) This address must therefore be part of the 192.168.10.32 subnet, and the broadcast address is 47. The valid host range is 33 - 46. Class B subnets are a little more complex. For example: 172.16.10.33 subnet mask: 255.255.255.224. Subnets repeat in increments of 32 (256-224 = 32; 32, 64, 96...etc.). This is between 10.32 and 10.64, and the broadcast address is 10.63. NOTE: Free subnet calculators are available on the internet.
In the initial screen the Entity Type and Descriptions appear listed in rows. Select a row and click Configure to edit settings for this type. The Config Editor appears. NOTE: You must restart the client and server to see the effect of some changes in this editor. Client restart is necessary to see the effects of presentation style changes, and application restart is necessary to see the effects of change tracking alterations, or custom fields.
• • Change Tracking Topology Presentation NOTE: Not all types of data support all the example options that appear here. NOTE: Some fields are ambiguously named. If you want to make Vendor Name bold and red, you can do so in the Vendors manager, but that change does not appear in the Resources screen (change the Vendor Name field in Managed Equipment if you want that). You must also close and re-open screens where you want such changes to occur for them to be visible.
The condition then appears as a row in the middle of this screen. The first column of this table indicates its priority (the lower the number, the higher the priority). You can change priority order of selected rows with the up/down arrows below this list. The second column is a reminder of the Condition you set, and the third is an example of what text looks like when the attribute fits the condition. NOTE: Best practice makes the most inclusive condition the highest priority.
- Background Color—Select the background of the cell displaying the attribute information from the color picker that appears when you click the Command Button (...) to the right of the displayed color. - Bold Font—Check to activate. - Italic Font—Check to activate. - Condition—Select whether you want to Match Any or Match All of the conditions you add. The display then reflects an attribute condition. The attribute already appears, by default.
Figure 11-7. Config Editor - Custom Fields This screen lets you edit rows describing custom fields directly. Click in a column and start typing (some are read-only). The following are the columns: - Attribute Name—This is a simple identifier, like Custom1, Custom2, and so on. (read only). For example, you could create an attribute for Data Center ID and have that appear for searches and sorts. - Data Type—This describes the data type of the custom attribute (String, Integer, Date, Boolean– read only).
Figure 11-8. Custom Field in Editor Find an example of the equipment in the Resources manager, select it, and click Open to see the custom field. You can also create filters to display equipment based on custom field contents. NOTE: If you use the pre-existing custom attributes in this editor (re-labeled for your purposes), they have a dedicated column in the database so you can search and filter based on their values.
Setting up change tracking is an administrative task. You must first use the Inventory Config screen to select a type of inventory, then configure Change Tracking for that type. Select the attributes to track in the Change Tracking screen. You no longer must re-start the application server after having selected which attributes to track before any changes become visible.
Figure 11-11. Topology Presentation The screens vary, depending on the entity you are editing, the following describes a representative example. The Contact-related screen displays the following: Select the desired Graphic - Node Graphic—Select the desired graphic when this entity appears in Topology screens from the pick list. The contents of the next section (Mapping for Attributes in the Graphic) depends on the graphic you select here. Installation seeds the available graphics on the pick list.
Mapping for Attributes in the Graphic This portion of the screen displays the attributes associated with the selected graphic (or other entity). With the buttons to the right of this portion of the screen, you can Clear Mapping which removes any previous association for the attribute, or Edit Mapping which opens the editor below this screen. Specify Graphic Attribute to Entity Mapping This portion of the screen displays a text area (Label Expression) in which the selected Entity Attribute mappings appear.
Audit / Results The result of many application actions appears in a job status screen. These are preserved and catalogued in Audit Trail Manager. Figure 11-12. Results Screen At its top, this screen displays a series of actions and sub-actions as a tree. When you select an individual action, Message Details (if available) appear in the lowest panel.
Online Help You can access the online help by opening the Help -> Help topics menu item, clicking on the Help icon in the Toolbar, or by pressing the F1 key. This displays the Online Help Table of Contents, or a screen appropriate for the context. Figure 11-13. Online Help System Pressing F1 typically displays help relevant to the screen that has focus in your application. Doubleclick a topic to open that topic in the right panel.
Troubleshooting You can now use the getlogs script to package relevant logs if you need technical support. This script creates a logs.jar file in the root installation directory, and moves any existing copy of logs.jar to oware\temp. This jar compresses all logs necessary for troubleshooting. Read the jar yourself, or forward this jar to technical support to help troubleshoot.
12 Discovery Resource Discovery Overview Discovery is how the application identifies and catalogs network elements. Once discovery identifies a network element, you can create Resources, so the application can communicate with the element. The type and depth of discovery depends on installed applications and device drivers. Discovery based on installed drivers consists of physical discovery and (potentially) link discovery.
Discovery for admin User The first time a OpenManage Network Manager client screen appears, after logging in, admin users get a special shortcut screen that offers discovery. Clicking Begin Discovery the discovery wizard opens for initial discovery of devices on your network. After completing discovery, by default, a QuickView layout appears with the discovered devices. Figure 12-1. QuickView Layout Consult the online help for additional information.
1 Discover the device. 2 If there are any problems with any devices, then telnet to any problem devices and verify that telnet works / authentication is good. 3 If there are SNMP problems, use this application’s SNMP tool. Here’s how to use that SNMP tool: 1 With the application server running, open a shell (Start -> Run cmd). In that shell, type the following commands (followed by [Enter]): 2 oware. 3 snmpapitalk.
To enable full management functionality, including “deep discovery,” and advanced configuration and provisioning capabilities, you must install the applicable Standard Devices Driver(s) to match your network’s devices. (see Database Aging Policy Editor on page 718) NOTE: This software supports interface statistics collection only for devices which have a standard device driver installed.
Notice that you can Select Discovery Options, Select Filtering Options (Not Available for Inspection), and Select Discovery Activities (Listed in Execution Order). The Activities default to one list, but you can add any Activity available in OpenManage Network Manager with the Select Activity command button (…) and search. For the sake of this exercise, we will accept all defaults here. 10 Returning to the Discovery tab, click the Inspect button at the bottom of the screen.
Resource Discovery The Resource Discovery screen sets up the process of retrieving network and device information for the OpenManage Network Manager database See Example Workflow on page 190 for an example of how to use this capability. To begin, select Resource Discovery from the File -> Open -> Inventory menu, or from the Navigation Window, or by clicking the magnifying glass icon in the toolbar to launch the Discovery screen, open to the Discovery tab.
Select Network Type and Address On this screen, select the types of targets with a pick list at the top left corner, and fill in the data in the field to the right of this pick list. Figure 12-2. Resource Discovery—Discovery Tab The following are the types of target entries available - IP Address(es)—In this field, you can enter many IP addresses, rather than one-at-a-time. This accepts entries in the following formats: –IP Address: 192.168.0.1 –IP Range: 192.168.0.1-192.168.0.
- File—A text list of IP addresses, one per line. Use the command button (...) to open a file browser, or type in the fully qualified path and filename. CAUTION: This text file does not support wildcards like the asterisk (*). Also: Best practice is to use a plain text editor to produce this file. Using formatted text (like Wordpad) can prevent OpenManage Network Manager from seeing the list of IP addresses. - Multicast SLP—(Service Location Protocol) SLP dynamically locates services in the network.
Up/down/top/bottom icons also appear in this toolbar so you can rearrange the order of these authentications. To move checked (Selected) items to the top of the list, click Resort. Click the Select icon or the checkbox in the list of authentications to use them with the selected item. Discovery targets often have multiple authentications, and you can check any number of those available. When you select multiple authentication credentials, OpenManage Network Manager tries each one in the listed order.
New / Edit Authentication You can select authentication(s) to go with a selected discovery target with the checkboxes that appear in the list of existing authentications in the Select Authentication panel. In addition, you can Add or Edit authentications to associate with that target. When you Add an authentication, or Edit an existing one, an authentication editor opens in the bottom of the screen. Figure 12-3.
Select Network Address(es) and Authentication(s) This screen displays the discovery target devices and authentications you have selected and configured. Figure 12-4. Selected Targets You can Add more devices with that button to the right of the list, or Edit a selected target to reconfigure the authentication. Doing so opens the Select Network Type and Address screen again. Click Remove to delete a listed target, and use the up/down/top/bottom buttons to re-order selected targets.
Options This screen lets you configure a variety of global discovery options for the targets configured in the Discovery tab (described in the Resource Discovery section) Figure 12-5.
- ICMP Ping Device(s)—Check to send an ICMP ping to the target devices. Checking this activates the next checkbox. Select Filtering Options (Not Available for Inspection) This portion of the screen lets you configure filters for discovery targets. Inspect does not use what you configure here. It has the following fields and checkboxes: - Filter By...Entering items in these fields activates the Vendor, Location, and Device Type filters. Use the command (...
You can also use the up/down/top/bottom arrows to reorder selected rows, reordering what activities discovery executes. Regardless of the row order, however, device-based tasks run first, and groupbased tasks (like link discovery) run last, since groups depend on their member information. Clicking Reorder moves the activities with Select checked to the top of the list. After you have configured this tab, you can click the Inspect button or click the Discover button.
From left to right, the icons let you select all devices for discovery, unselect them, select and unselect a single device, and change authentications. When you click Change Authentication, a screen like Select Network Address(es) and Authentication(s) screen appears. Use this screen to repair or replace invalid authentications. All available authentications appear, with those connected to the device selected appearing checked. You can Add, Select Edit, and re-order these with the buttons above the list.
Discover Clicking the Discover button actually executes the discovery you have configured, storing the information retrieved from devices in the OpenManage Network Manager database. Figure 12-8. Discovery—Results Clicking this button displays a standard OpenManage Network Manager audit screen. This displays the messages between OpenManage Network Manager and the discovered devices, including the post-discovery activities.
The final discovery panel, whether appearing for a Resource Discovery Profile or at the end of the a conventional basic / advanced discovery process presents asynchronous information. If you click Finish before the process is done, the discovery process still continues. While that is occurring you may not see elements being discovered in their resync schedule until the discovery job is actually complete. Executing scheduled resync while discovery is still ongoing may result in exceptions.
Resource Discovery Profiles Creating a Resource Discovery Profile lets you store information about what you want to discover, along with any authentication needed for that device. Profiles let you store the parameters for discovery, and configure defaults for manual discovery, so you can easily execute (or schedule) repeated discoveries. To use profiles, either click Execute on the Profile Manager screen, or go to the scheduler (see Chapter 30, Schedules) and set up a schedule to run the profile.
- Inspect—Inspect the selected profile(s). See Inspect on page 200 for details. - Import / Export—Import or export the listed profiles from/to an XML file. CAUTION: If the imported profiles refer to authentication credentials that do not exist on the system to which you have imported them, they do not work. - Help—Open the online help for this screen. The Reference Tree detail panel at the bottom of this manager displays a selected Profile’s authentications and tasks.
Discovery Configure fields in this tab to specify the devices and methods of discovery. Figure 12-12. Discovery Profile Editor - Discovery Tab This tab works like the one described in Resource Discovery on page 192. Consult that section for details about how to enter discovery targets and authentications. Notice that even when you provide an existing credential, you can re-configure the timeout, retry and port parameters for that credential.
Figure 12-14. Discovery Profile Editor - Options Tab Schedule This is the standard OpenManage Network Manager schedule information screen described in Schedule Info on page 750. You can also initiate scheduled profile discovery from the OpenManage Network Manager schedule manager described in that chapter. Audit This screen records the history of this profile’s use. See Chapter 24, Audit Trails for more information about audits and how the application saves them.
Discovery
13 Resources The following sections describe screens available in this manager • • • • Introducing Resources Dell PowerConnect Device Driver Dell PowerConnect B-Series Device Driver Dell PowerConnect J-series Device Driver Introducing Resources The Resources manager lets you manage devices you have discovered or created on your network. Optional applications and device drivers may increase the basic functionality described here, so your screens may not exactly match those appearing on the following pages.
Figure 13-1. Resources NOTE: You must click Go to refresh this list after some operations. Resources displayed here refresh every 60 seconds, unless you modify or override the default interval as specified in redcell.properties. In the default view, resources appear listed in the top of the screen, and details of a selected resource appears at the bottom in detail panels.
Figure 13-2. Detail Panel Click Edit to alter the contents of the panel, and Apply to accept your changes (Cancel leaves edit mode without saving changes). Another convention is that writable fields without contents appear light blue. Once you write in them, the fields turn green until they are saved to the database. If the save fails, then the green remains visible. The editor screens covered in General on page 218 and Reference Tree on page 221 describe several default panels.
Figure 13-3. Filtering on Group Membership NOTE: Click the command button (...) to select one or more groups, and use the red “X” to delete a selected group. The operators are in and not in. The IP data type now supports a LIKE operator. When you select LIKE in a filter, you can use a question mark (?) to replace a digits within the IP address. This means you can retrieve all IP addresses that contain 192.168.1??.???, for example.
Action Button / Right-Click Menu Click the action button on the right of the title bar to expose a menu with additional capabilities for this screen. This menu’s contents are also typically available when you right click a listed item (on web clients, you must use the action button on web clients). The exact contents of the menu depend on the installed options. These can include the following: Figure 13-4. Action Menu - New—Create a new resource.
- Map—Open a topology view. - Direct Access—Open a telnet, SNMP or http session to the selected resource. First, respond to the screen where you select the kind of session. After you select, a command line shell (for Telnet Sessions), MIB viewer screen (for SNMP Sessions) or web page in a browser opens that is connected to the device, using the associated authentication. See Direct Access Details on page 215 for more information.
Figure 13-6. Event Management Alarms–Opens an Alarm window displaying the alarms filtered so they are only those related to the selected resources. You can change the filter manually to fine tune the display. Resync Alarms—Re-queries the database for alarms for the selected device(s) to update topology. A confirming dialog appears if you select this menu item. Click OK to dismiss it. - Key Metrics—If Performance Monitoring is installed in your system, this opens the key metrics screen.
Figure 13-7. Telnet Direct Access NOTE: For direct access to devices configured without an enable password, create login credentials for such devices that do not include any enable information, only a user ID and password. You would then enter enable mode manually, after the direct access window opens.
You may see the following error messages related to cut thru dialogs: - SSH v2 Protocol Invalid server's version string – Cut thru tried to use SSH protocol version v2 to connect to the device running SSH protocol v1 Auth fail – Authentication Failure, please validate the user name and password used for cut thru with the device. - SSH v1 Protocol Login & password not accepted - Authentication Failure, please validate the user name and password used for cut thru with the device.
You can modify all default values. You can also set other values, including device-specific general (name, description, location) and technical (IP address, vendor, model) information. You can also set resource behavior and the resource icons. Note that the resource name must be unique. NOTE: Some discovery processes occur even after you click Finish in the discovery wizard.
General - Name—The name of the resource; this name must be unique, and limited to 255 characters. The application automatically truncates names at this length, removing discovered or appended characters after 255. Discovery automatically adds the IP address to the end of the discovered name, but even that is truncated if the name’s length exceeds 255 characters. - Description—A description of the resource. - Vendor—The vendor that manufactures/distributes this resource.
Active—Device is operable and currently in use with operating capacity available to support further services. Busy—Operable and currently in use with no operating capacity to spare. - Notes—Text notes. You must click Save for these to persist. Properties IP Address—The IP address of the resource. - Hostname—The DNS name of the resource; this name must be unique. - Firmware Version—This resource’s firmware version. - Hardware Version—This resource’s hardware version. - Model—The resource’s model number.
Reference Tree The Reference Tree displays the selected resource’s connection to subcomponents, authentications, contacts, locations and vendors. Figure 13-9. Preview Detail Panel To change anything in a sub-component, select the node and right-click (select Open) or doubleclick the node in the Preview detail panel. You can also right-click and select Map to see the selected node displayed in a topology.
Object Groups This panel shows a list of Object groups to which the resource has been assigned. Object Groups are defined in the Object Group Manager. Figure 13-10. Resource Editor—Object Groups Panel These groups control which users may view and/or edit device information. See your the Administration Section for more information about the Object Group Manager where you make them. NOTE: Only User-Created Groups appear in this window.
Custom Attributes This panel displays any configured custom attributes for the selected device. Figure 13-11. Custom Attributes See Custom Fields on page 178 for more about creating or modifying these. Management Interfaces Click Add to create a new Management Interface to add to the Management Interfaces list. Figure 13-12.
Select an existing, listed interface and click the Edit button in the lowest panel to alter it. Click Apply to accept your edits, or Cancel to abandon them. The following are the fields on the Management Interface Editor(s): - IP Address—The IP address of the Management Interface. - Protocol Type—The Management Interface type; select from the following alternatives: FTP HTTP, HTTPS, ICMP, IPMI, LDP, PORT9100, SNMP (v1,2,3), SSH, SSHv2, Simple Telnet, TL1, Telnet, WMI, WBEM, XNM-Clear-Text, XMN-SSL.
The Engine ID/Target ID for the System concatenates 00000063000100A1 with the local IP address (in hex). For example, if the IP Address is 192.168.0.154 then the Engine ID is 00000063000100A1C0A8009A. The first portion of the Engine ID is always 00000063000100A1, and the value of oware.local.ip.address property in installed.properties provides four decimal values that, when converted to HEX, provide the remainder of the Engine ID.
This screen configures the application database, not the selected resource. For changes here to take effect so authentication can provide information for other panels, you must click Save, close the Resource Editor, and re-open it. CAUTION: If you add an authentication, before it can be effective, you must associate it with Management Interfaces. Make sure the device has a management interface to match the authentication. Without this, resync fails.
Discovery This panel displays information only for DiscoveredEntities (otherwise unclassified managed objects). Figure 13-15. Resource Editor—Discovery Panel It appears with the following fields: - Discovered Date / Time—The time this resource was first discovered.
Audit This screen catalogs the actions involving the selected device, notification, report, and so on. Figure 13-16. Resources Manager—Audit It also can appear in connection with other portions of this application and with optional add-ons. Its location within the tree of nodes tells which portion of the application the audit panel tracks. The topmost audit trail node lists general audit trails and those for any other such audit panels.
Dell PowerConnect Device Driver Sections here discuss the Dell™ PowerConnect™ Device Driver-related panels, and how this device driver changes Resource Editor and other aspects of the application’s operation. The exact appearance and order of the screens described here depends on the device selected in Resource Manager. Not all fields described below appear in all screens, just as all features are not supported by all models. Screen and tree appearance may vary slightly, even if they are supported.
System Settings This screen lets you manage basic system settings for a selected device. Figure 13-1. System Settings The following are fields on this screen, defined when not self-evident: - System Name—Text.
Figure 13-2. Systems Settings in Group Operations Wizard See Group Operations Wizard on page 691 for more information.
IP Address This screen lets you manage IP Address settings for a selected device. Not all fields described here appear in all screens—the exact appearance depends on the selected device. Figure 13-3. IP Address Setting Possible Screens: Other Switches -> 3424, 3448, 3424P, 3448P, 5316M, 5324, 6024 Switches: Two types of screens can appear here, depending on the equipment. One has fields to fill in (all are described below), the other has a list of IP addresses.
- IP Address Mode—Possible modes: Static, DHCP, BOOTP (does not appear in all screens). If you select Static mode, when it appears, it enables the following three fields (otherwise, these are not write-able): - IP Address—The IP Address. - Net Mask / Subnet Mask—The net or subnet mask. - Gateway IP Address—The gateway’s IP address. - Port—Select a port from the pick list - LAG—Select a LAG from the pick list. - VLAN / Management VLAN—Select a VLAN from the pick list.
- Confirm New Password—Encrypted password. Mandatory if password protection is enabled. - Privilege Level—Select from pick list. NOTE: You can sort columns by clicking on them. The sorted column has an arrow in it. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. Management Security Authentication Profile This screen lets you enable/disable an http interface, and sets the port, if enabled.
The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. Management Security -> Select Authentication This screen does not appear for all devices. Figure 13-6. Select Authentication In it you can select the authentication to use with the device you are editing with the relevant pick lists. The Configure button at the bottom of this screen sends the selected configuration to the device.
Radius Settings Depending on the selected equipment all or some of the following fields appear in Resource Editor. Figure 13-7. Radius Settings Or... The following are fields, described when not self-evident, on this screen. All are mandatory unless otherwise described. - Default Timeout for Reply—In Seconds. - Default Retries—the number of retries. - Default Dead Time (minutes)—Minutes of dead time.
Management Security -> RADIUS Servers This screen appears for some equipment. Figure 13-8. RADIUS Servers Click Add (or Edit when you select a server listed) to open the editor on the lower panel. This screen has settings for the following (described when not self-explanatory): Radius Server Editor - IP Address—The IP address of the radius server. - Authentication Port—The port where server authentication occurs. - Priority—Lower numbers are higher priorities.
- Dead Time (0-2000) - Specifies the amount of time (in seconds) that a RADIUS server is bypassed for service requests. The range is 0-2000. - Key String—The authentication key string, between 1 - 16 characters. Source IP Address—Select Use Default or specify the source. 0.0.0.0 disables this. - Usage Type—Select from the pick list (All, Login, Dot1x). This field does not appear on all device’s screens. Click Apply to apply table entry edits, and Configure to implement any changes.
Management Security -> Line Password The Line Password screen contains fields for defining line passwords for management methods. Figure 13-10. Line Password The screen includes the following fields: - Password for Console/Telnet/Secure Telnet (0-159 Characters)—The line password for accessing the device in a console, Telnet, or Secure Telnet session. Passwords can contain a maximum of 159 characters. - Confirm Password—Confirms the new line password. The password appears as asterisks.
Management Security -> Enable Password The Modify Enable Password screen sets a local password to control access to Normal, Privileged, and Global Configuration. Figure 13-11. Enable Password The screen includes the following fields: - Enable Access Level—Access level associated with the enable password. Possible field values are 1-15. This does not appear in some screens. - Password (0-159 Characters)—The currently configured enable password. - Confirm Password—Confirms the new enable password.
TACACS+ Settings The following fields—or a subset of them—appear in the Editor to manage TACACS+ Settings. Figure 13-12. TACACS+ Settings The following are the fields on this screen. All are mandatory unless otherwise described. Not all fields appear for all devices. Default Settings - Source IP Address—The source of TACACS+ authentication. - Secret Text String / Key String—The TACACS+ key. Appears as a password, and is encrypted.
In the middle of this screen, you can add alternative TACACS+ servers to the default specified above. Click Add (or Edit if you want to edit a selected, existing server), and the TACACS+ Server Editor appears in the lowest panel on this screen. Click Delete to remove a listed, selected server. Click Apply to accept your server edits, and list the server, or Cancel to abandon those edits. TACACS+ Server Editor - IP Address—The address of the TACACS+ server.
- Confirm New Password—Encrypted password. Mandatory if password protection is enabled. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. File Management -> Copy Files You can copy and delete files from the Copy Files screen. Figure 13-14. Copy Files. After a configuration change user is presented with an option to copy running to startup config.
Figure 13-15. Port Based Authentication You can Edit listed settings for the selected device in this screen (Add and Remove are disabled). Select an existing port authentication configuration listed in the upper portion of the screen and click Edit; the editor opens. This screen contains the following fields: - Port Based Authentication State Enabled— When checked, enables port based authentication on the device. - Authentication Method—The Authentication method used.
RADIUS—The RADIUS servers does port authentication. RADIUS, None—The RADIUS server first does port authentication. If the port is not authenticated, then no authentication method is used, and the session is permitted. Click Remove to delete a selected, listed item. You can Add, Edit or Remove port authentications for the selected device in this screen.
Figure 13-16. Port and Trunk Settings This screen lets 60xx switches (firmware v2.0 and above) implement private edge VLANs. When you open selected Dell equipment from Resource Manager, right-click a port in the Reference Tree details panel and select Open. Then click on the Port Settings node. You can then add a port to trunk group. You must disable Auto-Negotiation to add port to the Trunk Members. The following are fields on this screen (not all appear with all devices).
Port Information - Name—Read-only description of the selected device. - Description—Optional text describing this setting. Port States - Admin State Enabled—Checkbox. Enables or disables traffic forwarding through the port. - Operational State Enabled—Checkbox. When the port is operationally active it is receiving and transmitting traffic. Port Settings - Auto-Negotiation Enabled—Checkbox. See other fields for impacts from selecting this.
- PVE—Appears only if enabled on the selected device and port.This is for 60xx devices, with firmware v2.0 and above. Select from pick list. This enables a port as a Private VLAN Edge (PVE) port. When a port is defined as PVE, it bypasses the Forwarding Database (FDB), and forwards all Unicast, Multicast and Broadcast traffic to an uplink (except MAC-to-me packets). Uplinks can be a port or LAG. Traffic from the uplink is distributed to all interfaces.
Figure 13-17.
The following are checkboxes that can appear on this screen: - Broadcast Control Enabled - Unicast Control Enabled - Multicast Control Enabled - Rate Threshold (frames/second)—Select from options available on the pick list, or type a figure in the text field (the tooltip specifies a valid range), depending on the device. If more than one of these fields appears in the screen, a label describes the device for which the threshold applies. This field has unique ranges per families of equipment.
Address Table -> Static Addresses This screen appears for some devices. Figure 13-19. Static Addresses Add Edit, or Remove static addresses (VLAN ID, MAC Address, Interface, and Status) on a device with the buttons at the bottom of the listed addresses on the left. Click Apply to enter your edits (Cancel to abandon them). The Static Address Editor has the following fields: - VLAN ID—Select an ID from the pick list. (Does not appear for all devices.
Address Table -> Dynamic Address The Dynamic Address Table contains specific dynamic MAC Address information, including the VLAN ID, ports associated with the MAC address, and the MAC address. It does not appear on all switches. Figure 13-20. Dynamic Address Table Select query parameters with the pick lists at the top of this screen, then click Query (or Refresh) to renew the device information on this screen.
GARP Settings When equipment permits GARP settings, a screen with the following is available when you open a port to edit (right-click on a port in the Reference Tree details panel and select Open). Figure 13-21. GARP Settings The following are fields on this screen. All are mandatory. Values are in centiseconds (hundredths of a second), and are valid for ranges that vary according to device.
Spanning Tree -> Bridge Settings This screen lets you manage Spanning Tree Bridge Settings. Figure 13-22. Spanning Tree–Bridge Settings The following are fields on this screen. They are all mandatory: - Spanning Tree Enabled—Check to enable - Priority—Valid Values: 0-65535. - Hello Time (seconds)—Valid Values: 1-10 - Maximum Age (seconds)—Valid Values: 6-40 - Forward Delay (seconds) —Valid Values: 4-30 - Operation Mode—Select from the values on the pick list (does not appear on all screens).
Figure 13-23. Rapid Spanning Tree You can Add, Edit or Remove RSTP settings for the selected device in this screen (although some devices restrict actions to viewing the settings when you click Edit). Click Remove to delete a selected, listed item. When you click Add (or select an existing interface listed in the RSTP Settings portion of the screen and click Edit) the RSTP Editor opens (the lower portion of the screen) with the following fields: - Interface—Port or LAG on which Rapid STP is enabled.
- Fast Link Operational Status—Indicates if Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is automatically placed in the forwarding state. - Point-to-Point Admin Status—Auto/Enable/Disable establishing a point-to-point link, or specifies that the device to automatically establish a point-to-point link.
Spanning Tree -> LAG Settings The Spanning Tree LAG Settings screens contains fields for assigning Spanning Tree Protocol (STP) aggregating port parameters. Figure 13-24. Spanning Tree -> LAG Spanning Settings You can Add, Edit or Remove LAG Spanning Tree settings for the selected device in this screen. Click Remove to delete a selected, listed item.
- Path Cost (1-200000000)—The LAG’s contribution to the root path cost. The path cost is adjusted to a higher or lower value, and forwards traffic when a path is rerouted. The path cost has a value of 1 to 200000000. If the path cost method is short, the LAG cost default value is 4. If the path cost method is long, the LAG cost default value is 20000. - Root Guard—Check to enable. - Current State—Current (read-only) STP state of a LAG.
The screen appearance varies, depending on the model of the selected device. The following are fields that may be on this screen. When they appear, they are all mandatory: - Spanning Tree Enabled—Checkbox. - Fast Link—Checkbox. - Priority—Valid Values: 0-65535. For 53X switches, this is 0-255 in steps of 16. - Path Cost—Valid Values: 1-10 - Current State—A read-only report of the current state. - Port Rate—Indicates if Fast Link is enabled or disabled for the port or LAG.
Figure 13-26. MSTP Settings The MSTP Settings page contains the following fields: Global Settings - Region Name (1-32)—Specifies a user-defined MST region name. - Revision (0-65535)—Specifies unsigned 16-bit number that identifies the revision of the current MST configuration. The revision number is required as part of the MST configuration. - Max Hops (1-40)—Specifies the total number of hops that occur in a specific region before the BPDU is discarded.
Instance Settings To add instances, click Add (or click Edit to modify an existing, selected instance). You can delete a listed instance by selecting it, then clicking Remove. Click Apply to accept the edits you have configured and add it to the list. Cancel abandons your edits. If you are editing an instance, the following appears: Instance Details - Instance ID—Specifies the ID of the spanning tree instance. The field range is 1-15.
Spanning Tree -> Spanning Tree This screen manages global, Bridge, and root status for the selected device’s spanning tree Figure 13-27. Spanning Tree -> Spanning Tree. This screen has the following fields: Global Settings - Spanning Tree Enabled— Check to enable. - Operation Mode— Select from the pick list. Choices include Classic STP, Rapid STP, and Multiple STP. - BDPU Handling— Specifies BPDU packet handling when the spanning tree is disabled on an interface.
Bridge Settings - Priority— (0-61440). Specifies the bridge priority value. When switches or bridges are running STP, each are assigned a priority. After exchanging BPDUs, the switch with the lowest priority value becomes the root bridge. - Hello Time— (1-10). Specifies the switch Hello time, which indicates the amount of time in seconds a root bridge waits between configuration messages. The default value is 2.
Spanning Tree -> MSTP Interface Settings This screen manages MSTP Interface Settings. Use it to assign MSTP settings to specific interfaces. Figure 13-28. MSTP Interface Settings The MSTP Interface Setting page contains the following parameters: - Instance ID—Lists the MSTP instances configured on the device. Possible field range is 0-15. - Interface—Assigns either ports or LAGs to the selected MSTP instance. - Port State— Indicates whether the port is enabled or disabled in the specific instance.
Backup – Provides a backup path to the designated LAN. Backup ports occur only when two ports are connected in a loop by a point-to-point link. Backup ports also occur when a LAN has two or more connections connected to a shared segment. Disabled – Indicates the port is not participating in the Spanning Tree. - Mode—Defines Mode of the MSTP interface for that specific instance.
Quality of Service -> Port Settings This screen appears for ports on only selected switch models (53xx and 60xx) and lets you configure QoS port settings. Figure 13-29. QoS Port Settings This screen contains the following fields: - Default Port Priority—Enter a priority (lower numbers are higher priority). - Trust Enabled—Check to enable. - Number of Egress Traffic Classes—A read-only display of how many classes.
Class of Service -> Traffic Classes You can prioritize classes of traffic on an entire device (not a port) with this screen. Figure 13-30. Class of Service -> Traffic Classes The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed.
Class of Service -> Queue Scheduling Use this screen for queue scheduling on an entire device (not a port). Figure 13-31. Class of Service -> Queue Scheduling The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed.
Class of Service -> IP Port Priority Use this screen to set the IP Port priority for your device. Figure 13-32. Class of Service -> IP Port Priority If you enable IP port priority with the checkbox at the top of this screen, you can add or edit a TCP/ UDP port and assign it a class of service priority in this screen. Use the Add, Edit and Remove buttons to manage configured ports in the table. When you select Add or Edit, the editor appears below the table.
Class of Service -> IP Precedence/DSCP Use this screen to enable/disable (with the checkbox) and manage the IP port precedence for the selected device. Figure 13-33. Class of Service -> IP Precedence If you check to enable IP precedence, you can select IP Precedence entries (upper table) and DSCP Priorities (lower table). Select an item, and its value appears in the Class of Service Value field for the appropriate table. When you change the value, you must click the Apply button next to that field.
QOS -> CoS Mapping This resembles Class of Service -> Traffic Classes on page 267. Figure 13-34. QOS -> Class of Service Mappings This screen contains the following columns: - Class of Service—Lists Class of Service with queue selection from the drop-down menu. - Queue—Selects a queue for each Class of Service from the drop-down menu. Default queues are displayed initially. - Restore Defaults—Restores default queue values when checked, after you click Configure.
- Interface—Select the interface with the pick list. - Trust Mode—Select with the pick list. This determines which packet fields to use for classifying packets entering the device. When it finds no rules, the device maps traffic containing the predefined packet field (CoS or DSCP) according to the relevant trust modes table, mapping traffic not containing a predefined packet field to best effort. The possible Trust Mode field values are the following: Untrusted–Returns to the non-trusted state. CoS(802.
Priority Flow Control This screen manages priority flow control (PFC). It specifies ports individually for PFC configuration and applies Priority based Actions to the selected ports. Figure 13-36. Priority Flow Control You can modify the Port Security Settings selected in the upper panel by clicking the Edit button to the right of their list. The Port Security Editor appears at the bottom of the screen when you do. It contains the following fields: - Interface—The (read only) port designator.
- Priority—This displays the priority value for which you can configure an action (drop/no-drop) on the selected interface. NOTE: The No Drop policy can only be applied to two Priorities at any time. Click Apply to accept your edits, or Cancel to abandon them for the selected port. QOS -> CoS Interface This screen lets you configure CoS for interfaces. Figure 13-37. QOS -> CoS Interface It contains the following fields: - Interface Type—Select either Port, LAG or Global with the radio buttons.
- Minimum Bandwidth—Enter a percentage of the maximum negotiated bandwidth for the port. Specify a percentage from 0 to 100, in increments of 5. - Scheduler Type—Select the scheduler with the pick list. This selects the type of queue processing. Options are Weighted and Strict. Defining on a per-queue basis lets you create the desired service characteristics for different types of traffic. Weighted round robin associates a weight to each queue. This is the default.
The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. QOS -> TCP/UDP Mapping This screen handles the TCP and UDP to Queue mapping. Use it as you would other editor screens to manage those mappings. Figure 13-39. TCP and UDP to Queue Mappings When you Add or Edit a mapping, the editor panel appears in the panel below the TCP and UDP tabs. Click Apply to confirm your edits (Cancel to abandon them).
QOS -> Global Settings The Global Settings screen lets you enable/disable QoS management (with the checkbox), and set the Trust Mode with a pick list. Figure 13-40. QOS -> Global Settings The available choices for Trust Mode include None, CoS (802.1), DSCP, and TCP/UDP Port. The TCP/UPD Port option is not available in all switches. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed.
The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. SNMP -> Traps This screen lets you manage SNMP Trap Settings. Existing SNMP trap settings appear in the SNMP Trap Table showing the following columns: Destination, Community and Version. When you elect to add or edit a row in this table, the lower panel displays an editor. Figure 13-42.
SNMP -> Communities This screen lets you manage SNMP Community Settings. Existing SNMP settings appear listed at the top of this screen. When you elect to add or edit a row in this table the lower panel displays an editor. Figure 13-43. SNMP -> Communities You can also select a row and Remove it.The following are fields on this screen. They are mandatory: Community String—Text for the community string. - Access Mode—Values: Read-Only, Read-Write, SNMP Admin. Not all these options appear for all switches.
Allow Gets Allow Traps These checkboxes and the Community field appear when you elect to Add or Edit a row in the table. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. SNMP -> Views / Filters These screens manage SNMP views and filters for the selected device. Figure 13-44. SNMP -> Views or SNMP -> Filters The Notification Filter page filters or notifications traps based on OIDs.
Figure 13-45. SNMP -> SNMP Global Parameters This screen has the following fields: - Local Engine ID—Text for the Engine ID (retrieved from the equipment). - SNMP Notifications—Select from enable / disable. - Authentication Notification—Select from enable / disable. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed.
SNMP -> Access Control Groups This screen manages the SNMP access control groups for the selected equipment. Figure 13-46. SNMP -> Access Control Groups When you Add or Edit a group, the editor panel appears below. Select one and click Delete to remove a row. Click Apply to confirm your edits (Cancel to abandon them). Here are the fields that appear in the editor: - Groups Name—The group identifier. Groups are user-defined lists to which access control rules are applied.
Auth No Priv.–Authenticates SNMP messages without encrypting them. Auth Priv–Users are authenticated by the SNMPv3 entity before the entity allows the user to access any of the values in the MIB objects on the agent. In addition, all of the requests and responses from the management application to the SNMPv3 entity are encrypted, so that all the data is completely secure. - Context Prefix—(0-30 Characters - does not appear in all device’s screens).
SNMP -> User Security Model This screen manages the user security model for the selected equipment. Figure 13-47. SNMP -> User Security Model When you Add or Edit a security model, the editor panel appears below. Select one and click Delete to remove a row. Click Apply to confirm your edits (Cancel to abandon them). Here are the fields that appear in the editor: - User Name—The model identifier. Engine ID Select from Local or Remote with the radio buttons.
- Authentication Key/Confirm —Enter a key. - Privacy—Select from the pick list (None, DES, DESKey). The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. SNMP -> Notification Recipients (SNMP v3) This screen manages the notification recipients for the selected equipment. Figure 13-48. SNMP -> Notification Recipients (SNMP v3) When you Add or Edit a recipient, the editor panel appears below.
The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. Multicast -> Multicast Settings If you want to assign a multicast IP to a VLAN, you must know the ports associated with the VLAN. When you select a VLAN ID, the Available Ports (left select panel) dynamically changes showing the user the ports currently assigned to this VLAN. This makes it easy to quickly add a multicast address.
Figure 13-49. Assigning a Multicast IP When you select an address, the multicast ports for that address appear in the middle panel. You can enable the following with checkboxes at the top of this screen: GVRP Enabled—Checkbox to enable/disable GVRP.
- Bridge Multicast Filtering Enabled—Enables or disables bridge Multicast filtering. Disabled is the default value. IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled. This does not appear on all devices’ screens. - IGMP Snooping Enabled—Enables or disables IGMP Snooping on the device. This does not appear on all devices’ screens. Disabled is the default value.
Multicast -> Multicast Forwarding This screen manages multicast forwarding for devices that support it. Figure 13-50. Multicast -> Multicast Forwarding When you Edit a forwarding selection, the editor panel appears below. Select one and click Delete to remove a row. Click Apply to confirm your edits (Cancel to abandon them). Here are the fields that appear in the editor: - VLAN—A read-only reminder of the related VLAN.
Multicast -> IGMP Settings This screen lets you manage IGMP. Fields described below do not all appear for all selected devices. Some IGMP screens are as simple as a checkbox (enabling IGMP). Figure 13-51. IGMP Settings Possible Screens: Other Switches -> 5324 / 5316 Switches | v Click Add (or Edit when you select an address listed) to open the editor on the lower panel. Click Apply to enter an listed item you have edited, or Cancel to abandon your edits. Not all fields appear for all devices.
Fields for switches other than 5324 / 5316 - IGMP Enabled—Checkbox. - Act as IGMP Querier—Checkbox. - IGMP Query Count—Valid Values: 2 - 10 - IGMP Query Interval—Valid Values: 60 - 125 - IGMP Report Delay—Valid Values: 5 - 30 - IGMP Query Timeout—Valid Values: 300 - 500 - IGMP Version—Select from pick list. Fields for 5324 / 5316 switches Click Remove to delete a selected, listed setting. Click Add (or select an existing setting and click Edit) to open the editor in the bottom panel.
Multicast -> IGMP Settings This screen manages IGMP proxy settings for the selected device. Figure 13-52. Multicast -> IGMP Proxy Settings You must have configured at least one router interface before configuring or displaying data for an IGMP proxy interface, and it should not be an IGMP routing interface. This screen has the following fields: - Interface—A read-only reminder of the IGMP proxy interface. - Interface Mode—Select from the pick list (Enabled / Disabled). The default is Disabled.
Logging -> System Logs This screen lets you manage System Logging. Figure 13-53. System Logs The following are fields on this screen. They are all mandatory: - System Log Enabled—Checkbox. - Flash Level—Valid Values: 0-7 - RAM Level—Valid Values: 0-7 - File Level—Appears on some screens. The Level Legend is there to remind you of the values for levels selected above. The Configure button at the bottom of this screen sends the selected configuration to the device.
Logging -> Remote Log Servers This screen lets you manage Remote Logging. Figure 13-54. Remote Logs Click Add (or Edit when you select a log facility listed) to open the editor on the lower panel. Click Apply to enter an listed item you have edited, or Cancel to abandon your edits. Not all fields appear for all devices. This screen has settings for the following: - Server IP Address/UDP Port—The IP address and port of the log server. - Facility—Select from the pick list.
Advanced -> VLAN Management VLAN Management lets you assign an interface to any VLAN except the default interface. This also lets you change the interface VLAN mode—Trunk or Access—and the Tagging state. Figure 13-55. Policy: VLAN Management.
Select a VLAN in the top left panel, then a port in the middle panel and click Edit (or simply click New without selecting a VLAN). The ports and their tagged state appear in an editor. Click Apply to confirm your edits (Cancel to abandon them). Click Configure to implement your edits; Refresh to re-query the database for them. Select a listed VLAN and click Remove to delete it from the list. NOTE: You can modify only the name for the default VLAN The screens below are not available for all equipment.
Advanced -> IP Based ACL This screen (not available on all devices) lets you determine access control lists based on IP addresses. Here, you can associate multiple ACEs to the ACL. The source and destination port fields are enabled only when you select TCP or UDP as the protocol. Figure 13-56. IP Based ACL.
In this screen you can Add, Edit and Remove IP-based ACLs listed in the upper panel. Select the listed properties below these, click Add or Edit, and an editor appears where you can add or alter the ACE No, Protocol, Source IP, Destination IP, and Action. Source Port and Destination Port are enabled when you select TCP or UDP protocols. Click Remove to delete a selected, listed item. Click Apply to confirm your edits (Cancel to abandon them).
Select a listed ACL in the upper panel, and the listed details in the lower panels. You can Add, Edit, or Remove a listed ACL. When you Add or Edit a selected ACL, an editor appears where you can enter the ACL Name. Click Add (or Edit for existing ACE/Mac combinations) to enter the ACE No (or check Auto Gen) and the Destination MAC. Click Apply to ACE Table to accept the lowest panel’s edits. Click Remove to delete a selected, listed item.
Advanced -> ACL Bindings This screen lists the bindings for Access Control Lists. You can use this screen to associate IP or MAC-based ACLs to Interfaces (Port, LAG, VLAN), or to unassociate them from the ACL. You can specify either IP-Based or MAC-Based ACLs with the pick box below the listed bindings. Figure 13-58. Access Control List Binding This table lists the IfIndex, Interface, ACL Name and whether it is Assigned. The Refresh button updates the screen.
DHCP IP Interface Parameters The DHCP IP Interface screen configures the DHCP clients connected to the 34xx switch module. Figure 13-59. DHCP IP Parameters You can Edit DHCP IP Interface settings for the selected device in this screen. When you select an existing interface listed in the upper portion of the screen and click Edit the Editor opens (the lower portion of the screen) with the following fields: - Interface—Choose the specific interface connected to the switch module -Port, LAG, or VLAN.
ARP The Address Resolution Protocol (ARP) converts IP addresses into physical addresses, and maps the IP address to a MAC address. ARP allows a host to communicate with other hosts only when the IP address of its neighbors is known. Figure 13-60. ARP Settings - The ARP Settings screen contains the following fields: - Global Settings/Interface Settings—Select this option to activate the fields for ARP global settings. - ARP Entry Age Out (sec) (1-40000000)—Before the entry is deleted from the table.
Figure 13-61. ARP Interface Settings You can Edit ARP Interface settings for the selected device in this screen. Click Add to create a new group of settings, or select an existing interface listed in the upper portion of the screen and click Edit the editor opens (the lower portion of the screen) with the following fields: - Interface—The interface number of the port, LAG, or VLAN that is connected to the Ethernet switch module.
LACP Settings The Link Aggregation Control Protocol (LACP) Settings screen contains information for configuring LACP LAGs. Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed. NOTE: This setting is applicable only for external ports. Aggregated Links can be manually setup or automatically established by enabling LACP on the relevant links. Figure 13-62. LACP Settings Click Remove to delete a selected, listed item.
- Interface—The interface number to which timeout and priority values are assigned. (does not appear for all devices) - LACP Port Priority (1-65535)—LACP priority value for the port. - LACP Timeout—Administrative LACP timeout. (Short, Long). NOTE: This screen is not available for all equipment. Click Apply to accept the edits you have configured and add it to the list. Cancel abandons your edits. Click Configure to send any altered configuration to the device.
Cable Test This screen lets you perform a cable test on ports on the selected equipment. Figure 13-63. Cable Test Select a Port from the pick list and click Test Now. This displays the Test Result, Cable Fault Distance, Last Update, and Approximate Cable Length. The results of any previous tests appear in the Integrated Test Results Table. NOTE: This screen is not available for all equipment.
Password Management This screen lets you configure password management settings for some devices. Figure 13-64. Password Management It has the following fields (checkboxes enable the fields): - Password Minimum Length (8-64)—Enter a number or use the spinners. - Consecutive Passwords Before Re-use—Select a number with the pick list. - Enable Login Attempts—Select a number with the pick list. - Enable Password Aging—Enter the days until expiration. (Does not appear for all devices.
Host Name Mapping This screen manages host name mapping for some selected devices. Figure 13-65. Host Name Mapping Host Names and their corresponding IP address appear in a list at the top of this screen. To add a new hostname/IP pair, click Add, or click Edit to alter an existing selected pair, and the editor appears at the bottom of the screen with the two fields to create or alter. Click Remove to delete a selected, listed item. Click Apply to accept your edits, or Cancel to abandon them.
Domain Naming System This screen manages domain naming for some selected devices. Figure 13-66. Domain Naming System Under Global Settings elect whether the DNS Status is Enabled / Disabled. DNS servers appear listed under this. To create new servers (alter an existing one), click Add (or select a listed server and click Edit). The DNS Server Editor appears with a field where you can enter the DNS Server IP address, and, in some screens, a checkbox to check if you want this one to be active.
Default Domain Name This screen configures the default domain name for some selected equipment. Figure 13-67. Default Domain Name This screen has the following fields: - Default Domain Name—The domain name you want to be the default. - Type—This read-only field displays the type. For example, DHCP. - Remove—Check this to remove the domain default. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen.
This screen has the following fields: - DHCP Relay—Select from Enabled / Disabled. DCHP Servers Enter a DHCP server in the blank field next to Add, then click that button to list one here. Select a listed server and click Remove to delete it from the list. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen. UDP Relay This screen controls UPD relay characteristics for the selected equipment. Figure 13-69.
LLDP Global LLDP (Link Layer Discovery Protocol) discovers network neighbors by standardizing methods for network devices to advertise themselves to other system, and to store discovered information. Device discovery information includes Device Identification, Device Capabilities, and Device Configuration. The advertising device transmits multiple advertisement message sets in a single LAN packet. The multiple advertisement sets are sent in the packet Type Length Value (TLV) field.
- Notification Interval (seconds)—Indicates that rate at which LLDP notifications are sent. The possible field range is 5 - 3600 seconds. The default value is 5 seconds. (Does not appear for all devices) Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen. LLDP Port The LLDP Port Settings let you define port types, states, and the type of information advertised for ports selected. Figure 13-71.
Disable–Indicates that LLDP is disabled on the port. Select from the pick list. - Notifications Enabled—Check to enable. Unchecked indicates that the device LLDP advertisement settings are disabled, and LLDP advertisement settings are user defined. This is the default value. - Transmit Management Information—Check to enables transmission of management address instance. - System Name—Check to enable advertising the system name. - System Description—Check to enable advertising this.
- Port ID—Displays the neighbor’s Port ID. Click Refresh to renew the device information on this screen. LLDP Med Local Media Policy This screen sets LLDP Med local media policy for the selected device. Figure 13-73. LLDP Med Local Media Policy You can Edit settings for the selected device in this screen.
Video Conferencing—Indicates that the network policy is defined for a Video Conferencing application. Streaming Video—Indicates that the network policy is defined for a Streaming Video application. Video Signaling—Indicates that the network policy is defined for a Video Signalling application. - VLAN ID—Displays the VLAN ID for which the network policy is defined. - VLAN Type—Indicates the VLAN type for which the network policy is defined.
LLDP MED Port Settings This screen lets you manage LLDP MED Port settings for the selected device. Figure 13-74. LLDP MED Port Settings You can Add or Edit MED Port settings for the selected device in this screen. Select a listed port and click Remove to delete it. Select a port listed and click Edit, and the editor opens (the lower portion of the screen) with the following fields: - Port—The name of the port. This is read-only when you edit an existing port.
IPv6 Interface This screen manages IP v6 interfaces for the selected device. Figure 13-75. IPv6 Interface This screen contains the following fields: Global Settings - IPv6 Interface—The IPv6 interface that has been selected for configuration. - No of DAD Attempts—Defines the number of consecutive neighbor solicitation messages that are sent on an interface while Duplicate Address Detection (DAD) is performed on unicast IPv6 addresses on this interface.
- ICMP Error Rate Limit Interval—The rate-limit interval for ICMPv6 error messages in milliseconds. The value of this parameter together with the Bucket Size parameter (below) determines how many ICMP error messages may be sent per time interval. For example, a rate-limit interval of 100 ms and a bucket size of 10 messages translates to 100 ICMP error messages per second. - Send ICMP Unreachable—Specifies whether transmission of ICMPv6 Address Unreachable messages is enabled.
- Prefix—Specifies the length of the IPv6 prefix. The length is a decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). The Prefix field is applicable only on a static IPv6 address defined as a Global IPv6 address.
Unlike IPv4, the IPv6 default gateway can have multiple IPv6 addresses which may include up to one user-defined static address and multiple dynamic addresses learned via router solicitation message. The user-defined default gateway has a higher precedence over an automatically advertised router. When removing an IP interface, all of its default gateway IP addresses are removed. Dynamic IP addresses cannot be removed. An Alert message appears once a user attempts to insert more than one user-defined address.
IPv6 ISATAP Tunnel This screen manages ISATAP tunnel settings for the selected device. Figure 13-77. IPv6 ISATAP Tunnel The IPv6 ISATAP Tunnel Page defines the tunneling process on the device, which encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 network. The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an IPv6 transition mechanism which is defined as a tunneling IPv6 interface. It transmits IPv6 packets between dual-stack nodes on top of an IPv4 network.
• • When an ISATAP router IPv4 address is not resolved via DNS process, the status of the ISATAP IP interface remains Active. The system does not have a default gateway for ISATAP traffic until the DNS procedure is resolved. For an ISATAP Tunnel to work properly over an IPv4 network, you must set up an ISATAP Router. The editor screen contains the following fields: - Status—Specifies the status of ISATAP on the device. The possible field values are: Enabled or Disabled (the default value).
IPv6 Neighbors This screen defines IPv6 Neighbors for the selected equipment. Figure 13-78. IPv6 Neighbors These definitions are like the functionality of the IPv4 Address Resolution Protocol (ARP). IPv6 Neighbors enables detecting Link Local addresses within the same subnet, and includes a database for maintaining reachability information about the active neighbors paths. These devices typically support a total of up to 256 neighbors obtained either statically or dynamically.
- Incomplete — Indicates that an address resolution is in progress and the link-layer address of the neighbor has not yet been determined. - Reachable — Indicates that the neighbor is known to have been reachable recently (within tens of seconds ago). - Stale — Indicates that the neighbor is no longer known to be reachable but until traffic is sent to the neighbor, no attempt is made to verify its reachability.
Each dynamic entry also has an associated invalidation timer value (extracted from Router Advertisements) used to delete entries that are no longer advertised. - IPv6 Address — Defines the destination IPv6 address. - Prefix Length — Specifies the length of the IPv6 prefix. The Prefix field is applicable only when the IPv6 Static IP address is defined as a Global IPv6 address. The range is 5 - 128. - Interface — Displays the interface that is used to forward the packet.
Access Profile This screen manages the access control list (ACL) profiles for the selected device. Figure 13-80. Access Profile Access Control Lists (ACL), which consist of Access Control Entries (ACE), allow network managers to define classification actions and rules for specific ingress ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are denied entry, the user can disable the port.
Access Profile Editor This panel lists the access profiles available on the selected device. You can Add, or Edit ACLs for the selected device in this screen. Select a listed ACL and click Remove to delete it. Click Add, or select a listed interface and click Edit, and the editor opens (the lower portion of the screen) with the following fields: - ACL Name—The identifier for the ACL. Click Add, or Edit to add rules for an ACL. Click Apply to ACE Table to accept your configured rules.
System Banner This screen configures the banner messages for the selected device. Figure 13-81. System Banner This has the following fields that configure various command shell banners for the selected device. - MOTD Banner—The message-of-the-day is the message that appears when you first connect to the device. - Login Banner—The message that appears in a session just before the login prompt. - Exec Banner—The message that appears after you log in.
Voice VLAN This screen manages SNMP voice VLAN for the selected device. Figure 13-82. Voice VLAN Check the Voice VLAN Admin Mode (Enabled) checkbox to enable Voice VLAN administration. Click Edit on one of the listed interfaces to edit its settings in the lowest panel. Click Apply to accept your edits (or Cancel to abandon them). The following fields appear in the settings editor: - Interface—A read-only reminder of the interface you are editing.
LLDP Connections This screen displays the LLDP connections for the selected device. Figure 13-83. LLDP Connections This shows the Interface, Chassis ID, Port ID, and System name for LLDP connections detected. Click Refresh to re-query the device.
LLDP Statistics This screen displays the LLDP statistics for the selected device. Figure 13-84. LLDP Statistics The top of the screen displays when this information was last updated (Last Update), in addition to Totals for Inserts, Deletes, Drops and Ageouts for the device (all interfaces) Below, this screen displays the Interface, Rx Totals, Tx Totals, Discards, Errors, Ageout, TLV discards, TLV Unknowns, TLV MED, TLV 802.1, and TLV 803.1 statistics detected for each interface.
Management Interface This screen sets up the management interface for the device. Figure 13-85. Management Interface This screen has the following fields: - IP Address / Net Mask—The IP address and net mask of the management interface. - Default Gateway—The default gateway for the management interface. - Protocol—The protocol to use. Options can include none, BOOTP, and DHCP. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen.
Management Security This screen manages security for managing the selected device. Figure 13-86. Management Security This screen has the following fields: SSL Config... - Admin Mode—Select Enable / Disable from the pick list. - Secure Port—Enter the port number. - Protocol Level—Select from the pick list. Options can include Both, SSL30, or TLS10. SSH Config... - Admin Mode—Select Enable / Disable from the pick list. - Protocol Level—Select from the pick list. Options can include Both, SSL10, or SSL20.
DHCP Filtering This screen lets you manage DHCP filtering for interfaces on the selected device. Figure 13-87. DHCP Filtering You can Edit DHCP interface settings for the selected device in this screen. At the top of the screen, you can Enable / Disable the Global DHCP Settings. Select an interface listed and click Edit. The editor opens (the lower portion of the screen) with the following fields: - Interface Name—A read-only reminder of the interface name. - DHCP Trust Mode— Select Enable or Disable.
Figure 13-88. PoE This screen has the following fields: - Unit No:—Select the unit from the pick list. Global - Power Status—A read-only display. On/Off indicates that the power supply unit is/is not functioning. Faulty indicates that the power supply unit is functioning, but an error has occurred. For example, a power overload or a short circuit. - Nominal Power—A read-only display. Indicates the actual amount of power the device can supply. The field value appears in Watts.
- Traps—Enables or Disables receiving PoE device traps. The default is disabled. Port Settings - Select a Port—Select the port from the pick list. This is the specific interface for which PoE parameters are defined and assigned to the powered interface connected to the selected port. - PoE Admin Status— Select the status from the pick list. This indicates the device’s PoE mode. The possible field values are: Auto–Enables the Device Discovery protocol, and provides power to the device using the PoE module.
0.44 – 12.95–Indicates that the port is assigned a power consumption level of 0.44 to 12.95 Watts. 0.44 – 3.8–Indicates that the port is assigned a power consumption level of 0.44 to 3.8 Watts. 3.84 – 6.49–Indicates that the port is assigned a power consumption level of 3.84 to 6.49 Watts. 6.49 – 12.95–Indicates that the port is assigned a power consumption level of 6.49 to 12.95 Watts. - Powered Device—Enter text in the field. Provides a user-defined powered device description.
RMON -> History Control The RMON History Control screen contains information about samples of data taken from ports. Figure 13-89. RMON History Control You can Edit RMON History Control settings for the selected device in this screen. Click Remove to delete a selected, listed item.
Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen. RMON -> Events Control This screen lets you manage the RMON Events. Figure 13-90. RMON Events Control You can Edit RMON Event Control settings for the selected device in this screen.
- Owner—The Ethernet switch module or user that defined the event. Click Apply to accept the edits you have configured and add it to the list. Cancel abandons your edits. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen. RMON -> Alarms The RMON Alarms screen contains fields for setting network alarms. Network alarms occur when a network problem, or event, is detected. Rising and falling thresholds generate events. Figure 13-91.
- Interface— The interface number for which RMON statistics appear. - Counter Name— The selected MIB variable. - Counter Value— The value of the selected MIB variable. - Sample Type— Specifies the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are: Delta— Subtracts the last sampled value from the current value. The difference in the values is compared to the threshold.
RMON -> Statistics This screen displays the RMON statistics for the selected device. Figure 13-92. RMON -> Statistics These statistics are read-only, but at the top of the screen, you can select from among the discovered interfaces with the Interface pick list. Here are the fields: - Drop Events—Number of dropped events that have occurred on the interface since the device was last refreshed. - Received Bytes (Octets)—Number of octets received on the interface since the device was last refreshed.
- Broadcast Packets—Number of good broadcast packets received on the interface since the device was last refreshed. This number does not include Multicast packets - CRC & Align Errors— Number of CRC and Align errors that have occurred on the interface since the device was last refreshed. - Oversize Packets—Number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed.
Stack Management -> Stack Configuration This screen configures stack configuration for the selected device. On some devices, it consists of a single checkbox to switch the master from Unit-1 to Unit-2. Check to activate this switch. Other devices have a series of more complex screen. Figure 13-93. Stack Management -> Stack Configuration This screen has the following fields: - Unit ID—Select the identifier for the unit to be configured.
- Hardware Management—Management preference by hardware configuration to be considered for selection as Management unit. - Admin Preference—Determines whether this unit can become the master switch. Values range from Disable (the unit cannot support Master Switch function) to Preference 12. The higher value means that the unit is more desirable than another unit with lower value for running the management function.
- Switch ID—Select the identifier for the unit. The maximum number of units allowed in the stack is 8. - Interface—Identifies the stack interface assigned to the unit. - Configured Stack Mode—Indicates whether or not each unit is able to participate in the stack. - Running Stack Mode—Indicates whether or not each unit is actually participating in the stack. - Link status—Indicates whether or not the stack interface for each unit is operating.
- Pre Configured Model Identifier—A 16-byte character string to identify the pre-configured model of the selected unit. - Plugged-In Model Identifier—A 16-byte character string to identify the plugged-in model of the selected unit. - Switch Status—Displays the status of the selected unit.
- Transmit Error Rate (Errors/sec)— The number of errors transmitted per second. - Total Errors—Total number of errors transmitted. - Rx Data Rate (Mb/s)—Indicates the speed at which the data is received. - Receive Error Rate (Errors/sec)—Indicates the number of errors received per second. - Total Errors—Total number of errors received. Stack Management -> Stack Port Diagnostics This screen displays stack port diagnostic settings. Figure 13-97.
- TBYT—Transmitted bytes. - RFCS—Received frame check sequence errors. - RJBR—Received jabbers. - ROVR—Received oversized packets. - TERR—Transmit errors. Stack Management -> Supported Switches This screen summarizes stack port counters for the selected device. Figure 13-98. Stack Management -> Stack Port Counters Select a unit to display a its stack port counter data.
- Management Preference—Determines whether this unit is capable of becoming the master switch. If the value is set to zero then the unit cannot support the Master Switch function. A higher value means that the unit is more desirable than another unit with lower value for running the management function. The device manufacturer sets the initial value of this field. - Expected Code Type—The release number and version number of the code expected.
Figure 13-100. iSCSI -> Session Click a row to view the configuration of its contents in the lower panel. It contains the following fields: - Session ID—The iSCSI session ID. - Aging Time—The time left until the session ages out and is removed. - Target Name—The name of the target. - Session Initiator / IP Address / Port —The name of the initiator, its address and port.
iSCSI -> Target This screen displays the iSCSI target settings for the selected device. Figure 13-101. iSCSI -> Target Click Remove to delete a selected, listed item. You can Edit target settings for the selected device in this screen. Click Add to create a new setting, or select an existing setting listed in the upper portion of the screen and click Edit the editor opens (the lower portion of the screen) with the following fields: - IP Address—The address of the iSCSI target. The IP address 0.0.0.
VLAN -> GVRP Global Parameters GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without having to individually configure each bridge and register VLAN membership. Figure 13-102. GRVP Global Parameters The GVRP Global Parameters screen enables GVRP globally. GVRP can also be enabled on a perinterface basis.
Click Apply to accept the edits you have configured and add it to the list. Cancel abandons your edits. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen. VLAN -> Private VLAN This screen configures Private VLANs on the selected device. Figure 13-103. VLAN -> Private VLAN Click Remove to delete a selected, listed item.
Community VLANs Enter a community VLAN number in the field under Add Community VLAN, then click Add to list one here. You can also select a listed VLAN and click Remove to delete it from the list. NOTE: Private VLANs only appear on some devices. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen.
• • • • • • • IP interfaces are not configured on the Destination (or Monitoring). GVRP is not enabled on the Destination (or Monitoring). The Destination (or Monitoring) port is not a VLAN member. Only one Destination (or Monitoring) port can be defined. A maximum of 4 ports can be monitored (both Rx and Tx). All packets are transmitted tagged from the destination port. Monitored all RX/TX packets to the same port. NOTE: Internal ports may be effected by enabling Port Mirroring.
• • • Provides authentication methods. Supports routing protocols. Provides larger distribution and smaller bandwidth overhead requirements. Figure 13-105. Routing: RIP The application’s RIP screen includes the following fields. Global Settings - RIP Enabled—Enables or disables RIP on the device. - Redistribute OSPF Routes—When enabled, redistributes routes from OSPF to RIP. Redistribution of routes involves importing foreign routing interfaces to the OSPF protocol.
RIP Interface Editor When you Edit an interface, you can alter the following fields (displayed in the Interface Settings table): - Interface—A read-only reminder of the current interface. - Status Enabled—Check to enable. - RIP Version—The type of RIP being broadcast. Possible values are: Version 1–Broadcasts RIP updates compliant with RFC 1058. Version 2–Indicates the device is broadcasting RIP 2 updates. - RIP Mode—The type of RIP operation.
Static Routes Use this screen to define static routes. Figure 13-106. Routing: Static Routes You can Edit listed settings for the selected device in this screen. Click Remove to delete a selected, listed item. Click Add to create a new group of settings, or select an existing interface listed in the upper portion of the screen and click Edit the editor opens with the following fields: - Destination IP—Static route’s destination IP network.
- Metric—Number of hops to the destination network. OSPF -> Global Settings The Open Shortest Path First (OSPF) internal gateway protocol enables routers to exchange link state messages by gathering network information and determining the best routing path based on node distance. (OSPF discovers the best routing path based on node distance.) OSPF is a link state protocol rather than a distance vector protocol and, therefore, needs less bandwidth than RIP.
- Router ID—The router ID number. By default, this is an IP address on the device. Router ID is an optional field, with a default value of the smallest device IP interface. - Number of External LSAs—The number of external link-state advertisements (LSAs) in the link-state database. - Area Border Router—Indicates whether the device is an area border router. If the device is configured as an ABR, the device is connected to two or more areas. One area is the backbone area.
OSPF -> Areas The Areas screen contains information for defining and maintaining OSPF areas within which interfaces and virtual links are defined. Once you create an OSPF area, OSPF is automatically enabled on all IP interfaces. Figure 13-108. Routing OSPF Areas You can Edit listed settings for the selected device in this screen. Click Remove to delete a selected, listed item.
Area Range(s) Click Add to add OSPF area ranges to those listed here, or select one and click Remove to delete it. When you add a range, the OSPF Area Range Editor opens at the bottom of the screen. This editor has the following fields: - Range IP Address / Mask—The range IP address and mask of the OSPF area. - LSDB Type—The link state database type. Select from nssa, or summary. - Advertise—Check to advertise this range. Click Apply to VRRP Table to accept your edits, or Cancel to abandon them.
OSPF -> Interface After OSPF global parameters and areas are defined, you can configure OSPF on each interface. The OSPF Interface table enables IP routing using OSPF-specific information. Figure 13-109. Routing OSPF Interface You can Edit listed settings for the selected device in this screen. Click Remove to delete a selected, listed item.
- Priority—(0-255) The interface priority. The value 0 indicates that you cannot define the device as the designated device on the current network. If more than one device has the same priority, the router ID is used. The default is 1. - Area ID—The OSPF interface area ID. - Admin Status Enabled—Enables or disables the OSPF process. - Hello Interval—(1-65535) Time (seconds) between Hello packets. All devices attached to a common network must have the same Hello interval. The default is 10 seconds.
eliminating the need for configuration of dynamic routing or router discovery protocols on every end-host. The Virtual Router Redundancy Protocol (VRRP) page sets the switch’s VRRP routing parameters. Figure 13-110.
You can Edit listed settings for the selected device in this screen. Click Remove to delete a selected, listed item. Click Add to create a new group of settings, or select an existing interface listed in the upper portion of the screen7 and click Edit the editor opens. The VRRP screen contains the following fields: VRRP Interface Editor - Interface—Interface type and number attached to the VRRP router. Select from the pick list.
VRRF Settings - Index—the ifIndex (assigned by the device) of the interface (port/LAG/VLAN) selected to associate a virtual router. - Interface Name—A unique identifier for the particular interfaces. BOOTP / DHCP Relay This screen manages Bootp and DHCP relay settings for the selected device. Figure 13-111. BOOTP / DHCP Relay This screen has the following fields: - Maximum Hop Count—Enter the maximum number of hops. This is the maximum number of hops a client request can take before being discarded.
Click Configure to send your entries to the device, or Refresh to re-query the device to update this screen. Reset Check the checkbox on this screen to reset the device. Figure 13-112. Reset Device Click Configure to send your reset request to the device. Dell Default Screens Depending on the model, all or a subset of the following screens may appear.
• • • • • VLAN -> Interface Settings VLAN -> Double VLAN Settings VLAN -> Bind MAC to VLAN VLAN -> Bind IP Subnet to VLAN Multicast Forward All Time Synchronization This screen lets you set the time synchronization for this switch. Figure 13-113. Time Synchronization It has the following fields: - Clock Source—Select from the pick list (SNTP, none). - Date (MM/DD/YY)—Enter a date, or select from the calendar that appears when you click the command button (...).
Other—The DST definitions are user-defined based on the device locality. If Other is selected, you must define the From and To fields that appear with this selection. For example, DST begins on the 25th October 2007 5:00 am, the two From fields will be 25Oct07 and 5:00. Recurring Enabled—Check this to enable a recurring daylight savings time. Use the pick lists to configure the Date fields that appear above the Time fields.
Port Based Authentication The Port Based Authentication screen for switches contains fields for configuring port-based authentication. Figure 13-115. Port Based Authentication You can Edit listed settings for the selected device in this screen (Add and Remove are disabled). Select an existing port authentication configuration listed in the upper portion of the screen and click Edit; the editor opens.
- Port Based Authentication State Enabled— When checked, enables port based authentication on the device. - Authentication Method—The Authentication method used. The pick list values include: None—No authentication method is used to authenticate the port. RADIUS—The RADIUS servers does port authentication. RADIUS, None—The RADIUS server first does port authentication. If the port is not authenticated, then no authentication method is used, and the session is permitted.
- Max EAP Requests (1-10)—The total amount of EAP requests sent. If a response is not received after the defined period, the authentication process is restarted. The field default is 2 retries - Make Guest VLAN—Select Enable or Disable. Port Security You can increase network security by limiting access on a specific port only to users with specific MAC addresses. Locked ports limit access to users with specific MAC addresses.
Figure 13-116. Port Security Click Remove to delete a selected, listed item. You can Add, Edit or Remove ports for the selected device in this screen.
Max Learned Addresses—The maximum number of addresses learned of this port. (Does not appear in all screens) Click Apply to accept the port settings you have configured and add it to the list. Cancel abandons your edits. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen. Multiple Hosts The Multiple Hosts screen provides information for defining advanced port-based authentication settings for specific ports. Figure 13-117.
- Multiple Hosts—Enables or disables a single host to authorize multiple hosts for system access. This setting must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port. - Action on Single Host Violation—Defines the action to be applied to packets arriving in singlehost mode, from a host whose MAC address is not the client (supplicant) MAC address. You can define this field only if you select disable in the Multiple Hosts pick list.
Authenticated Users The Authenticated Users screen displays user port access lists. Figure 13-118. Authenticated Users Click on a row displayed in the Authenticated Users Settings table to see the row in the Authenticated Users Editor in the lower portion of this screen. The screen includes the following fields: - User Name—List of users authorized via the RADIUS Server. - Port—The port number(s) used for authentication - per user name.
SNTP -> Global Settings This screen lets you set global SNTP for the selected device. Figure 13-119. Global SNTP Settings Configure SNTP with the following fields and selections: - Poll Interval—The seconds between polling (60 - 86400) - Receive Broadcast Server Updates—Select Enable or Disable. - Receive Anycast Server Updates—Select Enable or Disable. - Receive Unicast Server Updates—Select Enable or Disable. - Send Unicast Requests—Select Enable or Disable.
SNTP -> Authentication This screen lets you create authentications for SNTP. Figure 13-120. SNTP Authentication - SNTP Authentication—When checked, this enables authenticating an SNTP session between the device and an SNTP server. Click Remove to delete a selected, listed item. You can Add, Edit or Remove SNTP authentications for the selected device in this screen.
SNTP -> Servers With this screen, you can configure (adding or enabling) the SNTP servers. The SNTP Servers page enables the device to request and accept SNTP traffic from a server. Figure 13-121. SNTP Servers Click Remove to delete a selected, listed item.
Up—The SNTP server is currently operating normally. Down—The SNTP server is currently not operating normally. Unknown—The SNTP server status is currently unknown. - Last Response—The last time a response was received from the SNTP server. - Offset—Timestamp difference between the device local clock and the acquired time from the SNTP server. - Delay—The amount of time it takes to reach the SNTP server. Click Apply to accept the server you have configured and add it to the list. Cancel abandons your edits.
Click Apply to accept the edits you have configured and add it to the list. Cancel abandons your edits. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen. Copy Files You can copy and delete files from the Copy Files screen. Figure 13-123. Copy Files After a configuration change use this screen to copy running to startup config.
LAG Settings The Switch -> LAG Settings screen contains fields for configuring parameters for configured LAGs. The device supports up to eight ports per LAG, and eight LAGs per system. NOTE: If you modify port configuration while the port is a LAG member, the configuration change is only effective after the port is removed from the LAG. Figure 13-124. LAG Settings You can Edit LAG settings for the selected device in this screen. Click Remove to delete a selected, listed item.
Admin Advertisement— When enabled, check Max Capability, 10 Full, 100 Full or 1000 Full. Speed—The speed at which the LAG is operating. - Back Pressure—Enable/Disable Back Pressure mode on the LAG. Back Pressure mode is effective on the ports operating in Half Duplex in the LAG. - Flow Control—Enable/Disable/Auto Negotiation. Flow Control mode is effective on the ports operating in Full Duplex in the LAG. Click Apply to accept the edits you have configured and add it to the list. Cancel abandons your edits.
Figure 13-125. VLAN ->Protocol Group You can Add, Edit or Remove Protocol Group settings for the selected device in this screen. Click Remove to delete a selected, listed item. When you click Add (or select an existing interface listed in the Protocol Group Settings portion of the screen and click Edit) the Protocol Group Editor opens (the lower portion of the screen) with the following fields: - Frame Type—The packet type. Possible field values are Ethernet, RFC1042, and LLC Other.
VLAN -> Protocol Port The Protocol Port page adds interfaces to Protocol groups. For more information about protocol filtering, see VLAN -> Protocol Group on page 386. Figure 13-126. VLAN Protocol Port You can Add, Edit or Remove Protocol Port settings for the selected device in this screen. Click Remove to delete a selected, listed item.
VLAN -> Interface Settings This screen manages VLAN interface settings if the selected device support them. Figure 13-127. VLAN -> Interface Settings You can Edit VLAN interface settings for the selected device in this screen. Click Remove to delete a selected, listed item.
VLAN -> Double VLAN Settings This screen lets you set double VLAN settings if the selected device supports them. Figure 13-128. VLAN -> Double VLAN Settings You can Edit double VLAN port settings for the selected device in this screen. Click Remove to delete a selected, listed item.
VLAN -> Bind MAC to VLAN This screen lets you map a MAC entry to the VLAN table. After you specify the source MAC address and the VLAN ID, the MAC to VLAN configurations are shared across all ports of the switch. The MAC to VLAN table supports up to 128 entries. Figure 13-129. VLAN -> Bind MAC to VLAN You can Add, Edit or Remove MAC/VLAN pairs for the selected device in this screen. Click Remove to delete a selected, listed item.
VLAN -> Bind IP Subnet to VLAN The Bind IP Subnet to VLAN page lets you assign an IP Subnet to a VLAN. Figure 13-130. VLAN -> Bind IP Subnet to VLAN You can Add, Edit or Remove IP Subnet/VLAN pairs for the selected device in this screen. Click Remove to delete a selected, listed item.
Multicast Forward All The Bridge Multicast Forward All page contains fields for attaching ports or LAGs to a device attached to a neighboring Multicast router/switch. Once you enable IGMP Snooping, Multicast packets are forwarded to the appropriate port or VLAN. Figure 13-131. Multicast Forward All You can Edit Bridge Multicast Forwarding settings for the selected device in this screen. Click Remove to delete a selected, listed item.
The table in the lower portion of this screen contains the settings for managing router and port settings. Port Type can be any of the following: Static—Attaches the port to the Multicast router or switch as a static port. Forbidden—Forbidden. If the port is not attached to a Multicast router or switch, this is handled by the Associated with VLAN check box in the application.
File Management -> Active Images This screen configures active images on the selected device. Figure 13-132. File Management -> Active Images Click Edit to modify a listed image, and the Active Image Editor panel appears below the list of such images. Click Apply to accept any changes you make to the edited image, or Cancel to abandon those changes. The editor includes the following fields: - Unit—A read-only display of the unit for the active image.
File Management -> File System This screen lets you configure the description of images available on the file system Figure 13-133. File Management -> File System. This screen lets you Edit selected images when you click that button after selecting them. Click Apply to accept any changes you make to the edited image, or Cancel to abandon those changes. The editor includes the following fields: - File Name—A read-only display of the file name. - Description—A text description of the file.
Management Interface This screen sets up the management interface for the device. Figure 13-134. Management Interface - This screen has fields that let you Enable/Disable SNMP, Telnet, SSH, and Web. A warning appears on this screen to remind you that disabling SSH/Telnet will restrict commandline interface access. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen.
VLAN -> Protocol Group This screen sets up the VLAN protocol group(s) for the device. Figure 13-135. VLAN -> Protocol Group You can Add, Edit or Remove VLAN protocol configurations for the selected device in this screen. Click Remove to delete a selected, listed item.
- Interface—Click the arrows to move Allowed interfaces to Selected interfaces. Click Configure to send any altered configuration to the device. Click Refresh to renew the device information on this screen.
Dell PowerConnect B-Series Device Driver This driver lets you discover and manage Dell PowerConnect B-Series devices on your network. Supported Powerconnect B-series systems include the following models: B-MLXe-4, B-MLXe-8, BMLXe-16, B-MLXe-16, B-DCX4S-24, B-FCX624 I/E, B-FCX648 I/E, B-FCX6xx-S, B-TurboIron, BRX4, B-RX8, B-RX16, B-8000/8000e, and B-DCX4. Systems also include 3800, 3850, 3900, 200E, 2014, 2016, 2040, 2024, 4100, 4900, 5000, 76000, 12000, 24000, 48000, DCX 8000e, 8000, BigIron RX4, RX8.
- Banner—The system’s banner. - Current Date / Time—The system’s date and time. Click Configure to send this configuration to the device, or Refresh to update the information. Fabric -> Hardware Activation This screen lets you activate the switch and/or individual ports on the selected equipment. Figure 13-2. Fabric -> Hardware Activation Check the Enable Switch checkbox to activate the entire switch.
SNMP -> Syslog Daemon This screen configures the syslog daemon for the selected equipment. Figure 13-3. SNMP -> Syslog Daemon Click Add to enter a new IP address for syslog daemon. Select a listed IP address and click Delete to remove it. Once you have entered an IP address, click Apply to list it, or click Cancel to abandon your edits. Click Configure to send this configuration to the device, or Refresh to update the information.
SNMP -> Settings This screen manages SNMP settings for the selected equipment. Figure 13-4. SNMP -> Settings This screen has the following fields and settings: Edit SNMP agent Settings - Event Trap Level (min)—Select the minimum trap level from the pick list. The equipment sends traps of this level or higher. - Enable Authentication Traps—Check to enable. - Track config changes—Check to enable. Read Write Communities This panel lists three trap community string settings and the trap recipient IP Address.
Policy -> Status Settings This screen configures policy status settings for the selected equipment. Figure 13-5. Policy -> Status Settings This has the following fields where you can set policy for permitting Marginal or Down elements of the equipment. - Number of faulty Ports—The faulty ports permitted. - Missing GBICs—Missing GBICs. - Power supply status—The status of the equipment’s power supplies. - Temperature in enclosure—The enclosure’s temperature permitted. - Fan speed—The fan speed.
Zone -> Manage Zone This screen manages ports in zones for the selected equipment. Figure 13-6. Zone -> Manage Zone A Zone is a region within the fabric, where switches and devices can communicate. A device can only communicate with other devices connected to the fabric within its specified zone. The members of a zone are determined using the following methods: • • • Alias names Switch domain and port area number pair. WWN Click New Zone to add a zone to the pick list at the top of this screen.
Zone -> Manage Zone Sets This screen manages zone configurations for the selected device. The maximum number of items that can be stored in the zoning configuration depends on the switches in the fabric. Figure 13-7. Zone -> Manage Configs Click New Zone Set to add a configuration to the pick list at the top of this screen, or select a member of that list to modify an existing Zone Set. Select a configuration and click Delete or Copy to remove or copy a listed configuration.
Zone -> Manage Aliases This screen manages aliases for zones for the selected device. Figure 13-8. Zone -> Manage Aliases Click New Alias to add a configuration to the pick list at the top of this screen, or select a member of that list to modify an existing Alias. Select a configuration and click Delete or Copy to remove or copy a listed Alias. Click Configure to send this configuration to the device, or Refresh to update the information.
Show -> System This screen displays system settings for the selected device. Figure 13-9. Show -> System Click Refresh to update the information.
Show -> Domains This screen displays system settings for the selected device. Figure 13-10. Show -> Domains Click Refresh to update the information.
Show -> Switch Status This screen displays system settings for the selected device. Figure 13-11. Show -> Switch Status Click Refresh to update the information.
Dell PowerConnect J-series Device Driver The following sections discuss the J-series Device Driver-related device driver panels, and how this device driver changes Equipment Editor and other aspects of OpenManage Network Manager’s operation.The IRM (Internet Router Module) is used with the Lucent CBX device. NOTE: If a J-series device has multiple management IP addresses, discovery by subnet, CIDR or IP range saves only the last IP address configured in the list of management interfaces.
} } Radius Server You must either define a user or provice user access with a radius server, as follows. login { user superguy { class super-user; authentication { encrypted-password "$1$iX9M87qC$rBJubIgZ.8cjJyuxnn5cG/"; # SECRET-DATA } } } MTU Configuration for L3 VPNs Provisioning L3 VPNs one customer site at a time works well, but trying to provision two sites or more at the same time, may fail, leaving stray configurations on the router that may cause more problems.
Making a Link This describes the process of making and verifying an ISIS link between two J-series devices: 1 After you discover two J-series devices (we’ll call them “A” and “B”) right-click an interface (fe 0/0/0) and select Open. 2 In Configure -> Units, select the iso tab, click Enable, and enter 49.0001.0245.0245.0245.00 as the ISO Network Address. An ISO address—for example, 49.0001.0118.0118.0118.00—is 16 bytes. Reading from right-to-left, the last 00 is the NSAP selector and is always 00.
6 Select the Level 1 tab 7 Enter an Authentication Key, for example, MyKey 8 Select authentication type.
18 Set 49.0001.0118.0118.0118.00 as its iso address under fxp0.0 Check if ISIS adjacency formed 19 You can check for ISIS adjacency manually with the command show isis adjacency after you telnet to either / both hosts. 20 Alternatively, you can discover the ISIS Peer Link using OpenManage Network Manager 21 Open the Link manager (Inventory -> Links) 22 Select action -> Discover Links from that menu.
Batch Group Operations • • • • • Protocols— See Protocols -> ISIS Interfaces on page 516, Protocols -> LDP Interfaces on page 519, Protocols -> MPLS Interfaces on page 520, Protocols -> OSPF Areas on page 510, Protocols -> RIP Groups on page 525 and Protocols -> RSVP Interfaces on page 523. Bootp and Bootp Interfaces in Forwarding Options -> Bootp on page 464 and Forwarding Options -> Bootp Interfaces on page 465.
Figure 13-1. Adaptive Services PIC NOTE: Adaptive services require a license. Contact your sales representative for more information. If you have a license, use the Settings -> Permissions -> Register License menu item to open a dialog that lets you locate the license file. Select the file, and click Register License in the dialog, and you can use the licensed product. You can install the ASP PIC on any M Series Router but the M7i and M10i includes an integrated version.
Figure 13-2. Adaptive Services Flow • • • Applications IPSEC Proposals, Policies, and Rules. Stateful Firewalls • Stateful Firewall Rules • Network-Address-Translation (NAT) • NAT Pools • NAT Rules • • • IDS Rules Service-Sets Apply Service-Sets to Interfaces Applications An application protocol defines application parameters using information from network Layer 3 and above. In this screen, you can select the properties of applications.
Figure 13-3. Adaptive Services Applications Add, Edit or Delete selected applications. Click Export to save a description of these listed items to a file. When you Add or Edit a selected application set, the following fields appear: - Name—An identifier for the application. - Application Protocol—Select the protocol from the pick list.
- Source Port—Select the source from the pick list (see Destination Port for available options. - ICMP Code—Select the ICMP Code from the pick list.
Figure 13-4. Adaptive Services—Application Add, Edit or Delete selected application sets from those selected at the bottom of this screen. Click Export to save a description of the listed items to a file. When you Add or Edit a selected application set, the selection panel appears. Use the arrows to move applications from the Available to the Selected panel (and back).
Figure 13-5. Adaptive Services—Stateful Firewall Rules Click Add (or select an existing rule and click Edit) to open the firewall rules editor. You can also click Delete to remove a selected firewall rule at the top of this screen. Click Export to save a description of the listed items to a file. Once you have edited a rule, click Apply to accept your edits for the list, or click Cancel to abandon them. The editor has the following fields: - Rule Name—An identifier for the stateful firewall ruleset.
- Term Name—The identifier for the term. - Active—Check this to enable the term. Firewall filters consist of one or more terms that specify the filtering criteria and the action to take if a match occurs. Some handy definitions: - Match Criteria tab —Specifies values or fields that the packet must contain including the IP destination address or the TCP protocol. - Action tab—Specifies what to do if a packet matches the match conditions.
Click one of the Available applications or application sets, and click the right arrow (>) to move it to the Selected panel. You can also use the up/down arrows below the Selected panel to reorder selected items. Action tab This tab lets you configure an action once this term’s match criteria are met. Figure 13-7. Firewall Rule Term Actions.
Figure 13-8. Adaptive Services—NAT Pool Properties Click Add, Edit, Delete or Export to manage the listed pools at the top of this screen. Click Export to save a description of the listed items to a file. When you Add or Edit, you can specify either a single specific address, a prefix, or an address range. For example: Pool: My-New-Pool address-range low 192.168.8.3 high 192.168.8.31; port automatic; Click Apply to accept your edits, or Cancel to abandon them.
Figure 13-9. Adaptive Services—NAT Rules In the first screen, select the Name, Direction (only input/output here), and Rule Set. Click Export to save a description of the listed items to a file. Click Add (or select an existing rule and click Edit) to open the NAT rules editor. You can also click Delete to remove a selected rule at the top of this screen. Click Export to save a description of the listed items to a file.
Select a Stateful Firewall term to Add/Edit: The firewall rule terms appear listed on the left. Use the Add/Edit/Delete/Export buttons in this portion of the screen to manage them. The editor for terms appears in the right panel. Here are the fields you can configure in this screen: This screen also describes how to configure the rule’s Match Criteria. These include Destination and Source Addresses and defined Applications or Application Sets (see Match Criteria tab on page 425).
Figure 13-10. Adaptive Services—IP Sec IKE Proposal Use the Add, Edit, Delete, and Export buttons to manage the security proposals listed in the table at the top of this screen. Like other screens, the Name field is a unique identifier for the configured proposal. The Type selection determines what fields appear below it. Here, we selected IPSec Proposal.
Figure 13-11. Adaptive Services—IP Sec Proposal The fields: - Description—A text description of the proposal. - Authentication Algorithm—Select from the pick list: hmac-md5-96 (128 bit) or hmac-sha1-96 (160 bit). - Authentication Method—Select from the pick list alternatives: dsa-signatures, rsa-signatures, or pre-shared key. - Diffie Hellman Group—Select from the pick list: - Encryption Algorithm—Select from the pick list: 3des-cbc (1192 bits), or dec-cbc (48 bits) - Lifetime—The lifetime of an IPSec SA.
Figure 13-12. Adaptive Services—IP Security Policies (IKE Edit). You can create multiple, prioritized IKE/IPSec policies at each peer to ensure that at least one proposal matches a remote peer’s proposal. When you Add or Edit (after selecting one in the table at the top of the screen) a policy, the policy editor appears at the bottom of the screen. The Name and Description fields are similar whether the policy is IP Sec or IKE (a unique identifier, and a text description, respectively).
- Pre Shared Key—A text field appears for a new encryption key. Select Format as text or Hexadecimal. This authenticates peers. It must match its peer’s key. By default, the format is alphanumeric, but, with the pick list, you can specify hexadecimal formatting. - Local-ID Value—Select from a pick list, and fill in the field, if necessary. This specifies local parameters for IKE Phase 1 Negotiation. - Remote-ID Value—Select from a pick list, and fill in the field, if necessary.
- Proposal—Select from the Available list and move proposals to the Selected panel with the arrows. These originate with proposals created in IP Security–IP Sec Proposal on page 430. The up/down arrows determine in which order the application applies proposals. IP Security Rules This screen lets you configure IP Security rules. Figure 13-14. IP Security Rules Click Add (or select an existing rule and click Edit) to open the rules editor.
Editing / Creating an IP Security Term The rule terms appear listed on the left. Use the Add/Edit/Delete/Export buttons in this portion of the screen to manage them. The editor for terms appears in the right panel. Configure the match criteria tab as in Match Criteria tab on page 425. In the Action tab, here are the fields you can configure: - Remote Gateway—Enter the IP address of the remote gateway. - Syslog—Check if you want to syslog information about the packet.
IDS Rules The Adaptive Services PIC (AS PIC) supports a limited set of intrusion detection services (IDS) to perform attack detection. It detects various types of denial of service (DoS) and directed denial of service (DDoS) attacks. It also detect attempts at network scanning and probing. Finally, it detects anomalies in traffic pattern, such as sudden bursts or decline in bandwidth. It redirects attack traffic to a collector for analysis. This driver also supports IDS as a group operation.
- Active—Check this to activate the rule. - Match Direction—input/output. These specify the side of the interface where the rule applies. Editing / Creating an IDS Rule The rule terms appear listed on the left. Use the Add/Edit/Delete/Export buttons in this portion of the screen to manage them. The editor for terms appears in the right panel. Configure the match criteria tab as in Match Criteria tab on page 425. In the Action tab, here are the fields you can configure: The Action tab in the term editor.
The Configure button at the bottom of the screen executes the desired configuration on the selected equipment. Click the Refresh button to re-query for these items. Rule Sets This screen lets you configure Adaptive Services rule sets. Figure 13-17. Adaptive Services Rule Sets Click Add (or select an existing rule set and click Edit) to open the rules sets editor. You can also click Delete to remove a selected rule set at the top of this screen.
Rules In the lowest panel, rules for the selected type appear in the Available panel. Use the left/right arrows to move the rules you want as part of a set to the Selected panel. The up/down arrows below this panel arrange the order to apply these rules. The Configure button at the bottom of the screen executes the desired configuration on the selected equipment. Click the Refresh button to re-query for these items.
- Interface service—The service set retains the input-interface information even after services are applied, so that functions like filter-class forwarding that depend on input-interface information continue to work. You must specify a Service Interface if you select this option. - Next-Hop service—The service set is a forwarding next hop. Useful when services need to apply to an entire VRF or when routing decisions determine that services need to occur.
Figure 13-19. Aggregated Devices -> Device Options This screen has the following fields: - Ethernet Device Count—The number of ethernet devices aggregated. - Sonet Device Count—The number of Sonet devices aggregated. - The maximum number of aggregated devices you can configure is 128. The Configure button at the bottom of these screens executes the desired configuration on the selected equipment.Click the Refresh button to re-query for these items.
Figure 13-20. Aggregated Devices -> AE Interfaces You configure an aggregated Ethernet virtual link by specifying the link number as a physical device and then associating a set of ports that have the same speed and are in full-duplex mode. The physical interfaces can be either Fast Ethernet, Gigabit Ethernet, Gigabit Ethernet IQ, or 10Gigabit Ethernet devices.
- Enable—Check this to activate the interface. - Flow Control—By default, flow control regulates the amount of traffic sent out a Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet interface. This is useful if the remote side of the connection is a Fast Ethernet or Gigabit Ethernet switch. You can disable flow control if you want the routing platform to permit unrestricted traffic.
Click Apply to accept your edits, and Cancel to abandon them. The Configure button at the bottom of these screens executes the desired configuration on the selected equipment.Click the Refresh button to re-query for these items. Class of Service -> Code Points This panel displays the available code points defined on the device. It also lets you create new code points. Figure 13-21. Code Points Click Add to create a new code point, or select one from those listed and select Edit.
- Type—Code point type being created (Select from the pick list). - Bits—Using the code-point alias means using these bits. The Configure button executes the desired configuration on the selected equipment.Click the Refresh button to re-query for these items. Class of Service -> Forwarding Classes This Panel manages COS forwarding classes—also known as ordered aggregates in the IETF's DiffServ architecture.
Click Add to create a new property, or select one from those listed and select Edit. Click Delete to remove selected properties. Click Export to save a description of the listed items to a file. Click Apply to accept your edits, or Cancel to abandon them. The Forwarding Class Properties panel has the following fields: Forwarding Class Properties - Queue Number—0 - 3 - Class Name—Each queue can have only one unique name. The Configure button executes the desired configuration on the selected equipment.
you, in effect, select Discrete. There, specify the fill-level and drop-probability percentage values. If you select Interpolate, you can configure each drop probability up to 64 Fill-level/ Drop-probability pairs, or a profile represented as a series of line segments Click Add to create a new drop profile, or select one from those listed and select Edit. Click Delete to remove selected profile. Click Export to save a description of the listed items to a file.
Figure 13-24. COS Scheduler Panel Use the Add, Edit and Remove buttons to manage rows here. Click Apply to accept your edits, or Cancel to abandon them. When you Add or Edit a selected schedule, the fields appearing in the lower panel are the following: - Name—Any valid name up to 64 characters. - Transmit Rate—0 to 100 percent.
Class of Service -> Scheduler Maps This screen manages scheduler maps for COS. This lets you associate the schedulers with forwarding classes and scheduler maps. You can then associate each scheduler map with an interface, thereby configuring the hardware queues, packet schedulers, and RED processes that operate according to this mapping. Figure 13-25. COS Scheduler Map Use the Add, Edit and Remove buttons to manage rows here. Click Apply to accept your edits, or Cancel to abandon them.
Figure 13-26. COS Rewrite Rules Panel Use the Add, Edit and Remove buttons to manage rows in these tables. When you Add or Edit a selected rewrite rule, the lower panel lets you edit that rule’s properties. Click Apply to accept your edits and make the rewrite rule part of the table in the upper part of the screen. Click Cancel to abandon your edits. The editor portion of the screen has the following fields: Rewrite Rule Properties Name—Any name length 64 characters or less.
Class of Service -> Classifiers These let you associate incoming packets with a forwarding class and loss priority and, based on the associated forwarding class, let you assign packets to output queues. This application supports behavior aggregate (BA) or code point traffic classifiers. Code points determine each packet's forwarding class and loss priority.
Forwarding Class These classes are class defined in Class of Service -> Forwarding Classes on page 445. Select a class/ loss priority combination from those listed on the left, then check the matching code point (the list changes depending on the Traffic Type you select. Rewrite rules can have only one code point associated with each combination. Code points are defined and retrieved from the screen described in Class of Service -> Code Points on page 444.
Figure 13-29. COS Forwarding Policy Panel Use the Add, Edit and Remove buttons to manage rows in these tables. Click Apply to accept your edits, or Cancel to abandon them. The portion of the screen that appears when you click Add or Edit has the following fields: Forwarding Policy Properties - Next-Hop Name—Any name up to 64 characters. Forwarding Classes This area displays a table of Forwarding Class and Next-Hope Value fields.
Figure 13-30. Class of Service -> Interfaces The Add button lets you configure additional interfaces (click Edit to alter an existing, selected interface). Click Apply to add your edits to the list, or Cancel to abandon those edits. When you add or edit an interface, you can configure the following: - Name—Interface name, wildcards accepted - Scheduler Map—Scheduler map applied to this physical interface. This pick list comes from the configuration done in Class of Service -> Scheduler Maps on page 449.
- Unit Number—Enter a wild card (* signifies all logical units for this interface), or a logical unit number. - Shaping rate (6.4 & above)—Bandwidth rate for this interface (1000 - 32000000000 bits per second). - Forwarding class—Select a forwarding class assigned to incoming packets from the pick list. These are defined and created in Class of Service -> Forwarding Classes on page 445. - Scheduler Map—Select the scheduler map applied to this logical interface from the pick list.
Figure 13-32. Class of Service -> Interfaces -> Rewrite Rules Tab Here, you can configure the following with pick lists, or checkboxes: - DSCP—Differentiated Services code point (DSCP) rewrite rule. - EXP—EXP rewrite rule. - Protocol—Specify protocol matching criteria. mpls-any—Apply to MPLS packets, write MPLS header only. mpls-inet-both—Apply to IPv4 MPLS packets, write MPLS and IPv4 header. mpls-inet-both-non-vpn—Apply to IPv4 MPLS packets, write MPLS and IPv4 header for only non VPN traffic.
Figure 13-33. Class of Service -> Fragmentation Map Use the Add, Edit and Remove buttons to manage rows here. Click Apply to accept your edits, or Cancel to abandon them. Click Export to save a file describing the listed items. When you Add or Edit a selected property, the fields appearing in the lower panel are the following: Name—A unique identifier for the fragmentation map. Active—Check to make this fragmentation map active. Select the other options that you wish to apply to that forwarding class.
Class of Service -> Routing Instance This configures a routing instance on the selected device, letting you associate EXP classifiers with routing-instances. Figure 13-34. Class of Service -> Routing Instances NOTE: Available only on routers with JunOS 7.3+ Use the Add, Edit and Remove buttons to manage rows in these tables. Click Apply to accept your edits, or Cancel to abandon them. The portion of the screen that appears when you Add or Edit lets you add or alter a Routing-Instance.
Figure 13-35. Class of Service -> Traffic Control Profiles Use the Add, Edit and Remove buttons to manage rows here. Click Export to save a file describing the listed items. When you Add or Edit a selected property, the fields appearing in the lower panel are the following: - Name—A unique identifier for the control profile. - Active—Check to make this profile active. - Scheduler Map—Select from the pick list. See Class of Service -> Scheduler Maps on page 449 for the source of this list.
Redundant Routing Engine (RE) Support This driver offers Redundant Routing-Engine Support. For routers with redundant Routing Engines (RE), you can configure a master and backup RE. By default, the RE in slot RE0 is the master, and the RE in slot RE1 is the backup. The backup RE ill assume mastership once a loss signal is detected from the master. See Configure -> Redundancy on page 462 for more information.
} targets { 192.168.0.64; } } The groups section of the config attempts to find the configured IP addresses for the REs. There should be a section for each RE as shown in the example below: groups { re0 { system { host-name morgan-re0; } interfaces { fxp0 { description "10/100 Management Interface"; unit 0 { family inet { address 10.255.10.103/24; } } } } } re1 { system { host-name morgan-re1; } interfaces { fxp0 { description "10/100 Management Interface"; unit 0 { family inet { address 10.255.10.
} } } } Updating IP Addresses on Routing Engines The following property helps those who manage the router with a loopback address or port other than the management port and (for some reason) need to configure the IP on the routing engines (REs). com.dorado.devicedriver.juniper.updatemanagement=true If set to true (the default), this always updates the management interfaces after a failover between REs.
Figure 13-36. Configuring Redundancy You can view current status of the REs. You can view the Host Name, IP Address, Interface, and Status for both REs. Configurable redundancy options include: - Synchronize All Commits—Enables automatically committing synchronization between REs. - Keep Alive Time—Seconds to wait before switching to backup. - On Loss of Keep-Alives—When checked, enables switching when keep-alives are lost. - Graceful switchover—Enables graceful switchover when failure occurs.
Figure 13-37. Configuring Routing Engines The Configure button at the bottom of these screens executes the desired configuration on the selected equipment.Click the Refresh button to re-query for these items. Forwarding Options -> Bootp This screen manages DHCP / Bootp Relay server settings.
Figure 13-38. DHCP / Bootp Relay Servers Use the Add or Remove buttons to manage rows in this table. - Max Hop Count—The max hop count for the selected interface. Range: 1-16 - Min Wait Time—The minimum wait time. Range: 0 - 30000 seconds. (If you leave this blank, the equipment assumes the default remains unchanged.) - Servers—This table lists IP addresses of DHCP / Bootp Relay servers. Enter an address, and click Add to list one in the table. Select one and click Delete to remove it from the list.
Figure 13-39. DHCP / Bootp Relay Interface Use the Add or Delete buttons to manage rows in this table of interfaces. Click Export to save a description of the listed items to a file. Here are the columns you can edit within the rows here: - Interface Name—The interface name. (Add / Remove) - Listen—A checkbox to set whether this interface is listening. - Max Hop Count—The max hop count for the selected interface. Range: 1-16 - Min Wait Time—The minimum wait time. Range: 0 - 30000 seconds.
Policy Options -> Policers Policing, or rate limiting, lets you limit the amount of traffic that passes into or out of an interface. It is an essential component of firewall filters that thwart denial-of-service (DoS) attacks. You can define specific classes of traffic on an interface and apply a set of rate limits to each. You can use a policer in one of two ways: as part of a filter configuration or as an individual policer statement that applies to each family on an interface.
Policer Properties - Name—A unique identifier for the Policer - Bandwidth-Limit—The average number of bits per second permitted. Units can be bits, kilobits (kbps) megabits (mbps) or gigabits (gbps). - Bandwidth-Rate—Rate-limit based upon port speed. You must specify the percentage as a complete decimal number between 1 and 100. - Burst-Rate-Limit—The maximum size permitted for bursts of data that exceed the given bandwidth limit. Units can be bits, kilobits (kbps) megabits (mbps) or gigabits (gbps).
Figure 13-41. Policy Options -> Firewall Filters This screen filters traffic according to Match condition(s) which can include addresses, ports and other criteria. It can also apply various administrative functions to the Firewall Policy like policers, accounting filters and logging. Click Export to save a description of the listed items to a file. Click Add (or select an existing rule and click Edit) to open the rules editor. You can also click Delete to remove a selected rule at the top of this screen.
- Interface Specific—Check to make this filter specific to an interface. Match Criteria Tab You can specify multiple match conditions in a filter, effectively chaining together a series of match action operations to apply to the packets on an interface. If multiple match conditions exist you can also select and reorder them (indicating the order they apply) using the Up and Down buttons. Select the Advanced Type, enter the fields for that type and then click Add to add the criteria.
- Fragment Offset—Enter a value under the table and click Add. - Icmp code—Select a value from the pick list and click Add. Values include communicationprohibited-by-filter, destination-host-prohibited, destination-host-unknown, destinationnetwork-prohibited, destination-.
To match multiple bit-field values, use the logical operators listed below. The operators are listed in order, from highest precedence to lowest precedence. Operations are left-associative. Logical Operator Description (...
Match Condition Description ip-options number IP options. In place of the numeric value, you can specify one of the following text synonyms (the field values are also listed): loose-source-route (131), record-route (7), router-alert (148), strictsource-route (137), or timestamp (68). tcp-flags number TCP flags. Normally, you specify this match in conjunction with the protocol match statement to determine which protocol is being used on the port.
Figure 13-43. Action Tab The following describes this screen’s fields. - Packet Action—The following actions are valid: No-Action–Does nothing. Accept–Accepts the packet sends it to its destination. Discard–Discards the packet and does not process it further. You cannot log or sample discarded packets. Reject–Rejects the packet and returns a rejection message. You can log or sample Rejected packets. This activates the Message Type pick list below. Next Term–Evaluate the next term in the firewall filter.
Port Mirror—Port mirrored traffic is copied and sent to another interface. Policy Options -> Firewall Filter Interfaces This screen manages firewall filter interfaces associated with firewall filters. Figure 13-44. Policy Options -> Firewall Filter Interfaces For a description of how to configure filters, see Policy Options -> Firewall Filters on page 468. Click Export to save a description of the listed items to a file.
Select Interface to Add / Details / Delete Click Add / Details to add or edit the interface configuration, or click Delete to delete a selected, listed interface. Select an interface from the pick list and check inet, input, output as appropriate for that interface. Click Apply to accept your edits and list the interface. Notice that you can use the up/down arrows to re-order selected interfaces. Interfaces at the top of the list have priority over those at the bottom.
- Name—Name that identifies the list of IPv4 or IPv6 address prefixes. - Active—Mark this item active or inactive in the configuration. - Apply Path—Expand a prefix-list to include all prefixes implied by a defined path. These paths are strings of elements composed of identifiers or configuration keywords that point to a set of prefixes. You can include wildcards (enclosed in angle brackets) to match more than one identifier.
To remove a community, select it and click Delete. Click Add or Edit to create a new, or modify an existing, selected item. Click Export to save a description of the listed items to a file. When you are adding or editing, the following fields appear: - Name—Name that identifies the regular expression. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters. - Active—Check this to make the community active in the configuration.
the group as a whole and to give the group precedence. The grouped path can itself include regular expression operators. Pre-defined Community Names You also can specify community-id as one of the following well-known community names, which are defined in RFC 1997, BGP Communities Attribute: - no-advertise—Routes in this community name must not be advertised to other BGP peers. - no-export—Routes in this community must not be advertised outside a BGP confederation boundary.
Using UNIX Regular Expressions When specifying community-ids, you can use UNIX-style regular expressions to specify the AS number and the member identifier. A regular expression consists of two components, which you specify in the following format: term - term—identifies the string to match. - operator—specifies how the term must match. The following table lists the regular expression operators supported for the community attribute.
[] Set of characters. One character from the set can match. To specify the start and end of a range, use a hyphen (-). To specify a set of characters that do not match, use the caret (^) as the first character after the opening square bracket ([). () A group of terms that are enclosed in the parentheses. If enclosed in quotation marks with no intervening space (“()”), indicates a null. Intervening space between the parentheses and the terms is ignored.
Figure 13-47. Policy Options -> Policy Statements NOTE: You must license this service. To remove a community, select it and click Delete. Click Export to save a description of the listed items to a file. Click Add or Edit to create a new, or modify an existing, selected item. When you are adding or editing, the following fields appear: - Name—Name that identifies the policy. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long.
You can Add or Edit a policy statement term (with an accompanying Match Criteria and Action) with those buttons on the left side of the lower screen. Select a term and click Delete to remove it from those listed. Select a policy and use the up/down arrows to re-arrange (re-prioritize) those listed. Click Apply to accept your term edits, or Cancel to abandon them. Common to the two tabs are these fields: - Term Name—An identifier of the terms within the policy.
Figure 13-49. Route Filter A match occurs if it meets the Match If… condition described in the table below. The appearance of Match If fields to the right of the Match Type selection varies depending on which Match Type you select. Match Type Match If … exact The route shares the same most-significant bits (described by prefix-length), and prefix-length is equal to the route's prefix length.
Action Policy Actions can contain the following attributes: - Packet Action—Choose to accept the route and propagate it (or reject it) here. After accepting a route, no other terms in the routing policy and no other routing policies are evaluated. After you reject a route, no other terms in the routing policy and no other routing policies are evaluated. - Next—Select next Policy to skip to and evaluate the next routing policy. Any accept or reject action specified in the then statement is skipped.
For BGP, if the attribute value is not known, it is initialized to 100 before the routing policy is applied. - Communities—(BGP only) Add the specified communities to the set of communities in the route. Manage these as you would the community selection described previously in the Match Criteria tab. Click Apply to accept your edits, or Cancel to abandon them. Clicking Configure sends these items as configured to the selected equipment. Refresh re-queries for field values on this screen.
• • • RSVP RIP PIM BGP This tab lets you control the basic BGP settings. It has the following fields: General Settings - Description—A Text Description for BGP. Check Disable BGP to reserve these settings without applying them. - Local AS—Local autonomous system number - Loops—Maximum number of times this AS can be in an AS path (1 - 10). - Local Address—Address of local end of BGP session - Peer AS—Peer autonomous system number (1 - 65,535), - Authentication Key—MD5 authentication key.
Figure 13-51. Routing Protocols -> Setup: OSPF General - This screen has the following fields: General Settings - Rib Group Name—Routing table group for importing OSPF routes. - Disable OSPF—Disables OSPF Protocols on this device. - Overload Timeout (available only if overload is selected)—Time after which overload mode is reset (60 - 1800 seconds) - Overload—Set the overload mode (repel transit traffic) - External Preference—Preference of external routes. - Preference—Preference of internal routes.
- LSP Metric into Summary (only available if Shortcuts is selected)—Advertise LSP metric into summary LSAs - No Topology—Disable dissemination of TE link-state topology information The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. ISIS This tab lets you control ISIS settings for the selected device. Figure 13-52.
- Reference Bandwidth—Bandwidth for calculating metric defaults. Set the reference bandwidth used in calculating the default interface cost. The cost is calculated using the following formula: cost = reference-bandwidth/bandwidth. Default: 10 Mbps. Range: 9600 through 1,000,000,000,000 Mbps - SPF Delay—Time to wait before running an SPF (milliseconds).
using the JUNOS ISIS software with another implementation of ISIS, the other implementation must be configured to use the same password for the domain, the area, and all interfaces adjacent to the router. - Authentication Type— Enable authentication and specify the authentication scheme for IS-IS. If you enable authentication, you must specify a password by including the authenticationkey statement.
Here are the fields on this screen: General Settings - Keepalive interval—(1 - 65535 seconds). - Keepalive timeout—(1 - 65535 seconds) - Preference—Set the route preference level for LDP routes. (0 - 255) Graceful Restart Configure graceful restart attributes. Enable LDP graceful restart on the LDP master protocol instance. - Recovery time—Time required for recovery (120 - 1800 seconds) Specifies the amount of time a router waits for LDP to restart gracefully. Configure the recovery time, in seconds.
MPLS This tab configures the top level MPLS protocol options. Figure 13-54. Protocols -> Setup: MPLS (Diff-Serv TF) This tab has the following fields: - Advertise Hold Time—Do not advertise when the LSP goes from up to down, for a certain period of time known as hold time. Enter number of seconds. - Class of Service—(CoS) value given to all packets in the LSP. The CoS value might affect the scheduling or queuing algorithm of traffic traveling along an LSP.
constrained-path computation is enabled; that is, for which the no-cspf statement is not configured. To avoid extensive resource consumption that might result because of frequent path recomputations, or to avoid destabilizing the network as a result of constantly changing LSPs, best practice is either to leave the timer value sufficiently large or to disable the timer value. By default, the optimize timer is disabled. - Preference—Preference for the route.
BGP and IGP destinations—Ingress routes are installed in the inet.0 routing table. If IGP shortcuts are enabled, the shortcut routes are automatically installed in the inet.0 routing table. BGP and IGP destinations with routes—Ingress routes are installed in the inet.0 and inet.3 routing tables. This option is used to support VPNs. Use MPLS Routes—On both BGP and IGP destinations. Use ingress routes for forwarding only, not for routing.
You are not required to configure the traffic engineering classes. The following table shows the default values for everything in the traffic engineering class matrix. The default mapping is expressed in terms of the default forwarding classes defined in the CoS configuration.
Figure 13-56. Protocols -> Setup:MPLS (Bandwidth) You can either set it generally (with the Bandwidth radio button and the field to its right), or Per Class (similarly). Options This screen lets you configure MPLS options. Figure 13-57. Protocols -> Setup:MPLS (Options) It has the following checkboxes: - Advertise explicit Null—Advertise label 0 to the egress router of an LSP. - Disable TTL Propagation—Enter number of seconds.
- Enable IPv6 Tunneling—Allow IPv6 routes to be resolved over an MPLS network by converting all routes stored in the inet.3 routing table to IPv4-compatible IPv6 addresses and then copying them into the inet6.3 routing table. This routing table can be used to resolve next hops for inet6 and inet6-vpn routes. - Don’t Record Transit Routers—Check to enable. - Run Aggressive Optimization—If enabled, the LSP reoptimization is based solely on the IGP metric.
Figure 13-59. Protocols -> Setup: RSVP This tab has the following fields: General Settings - Disable—Check to disable RSVP - Preemption—Select from the pick list. Available options: Run RSVP session preemption to accommodate new sessions (normal)–(the default) Preempt RSVP sessions to accommodate new higher-priority sessions when bandwidth is insufficient to handle all sessions.
- Max Recovery Time—The maximum amount of time the router stores the state of neighboring routers when they undergo a graceful restart. The value applies to all neighboring routers, so it should be based on the time that the slowest RSVP neighbor requires for restart. Default: 180 seconds. Range: 1 through 3600 seconds - Maximum Restart Time—The maximum amount of time the router waits between when it discovers that a neighboring router has gone down and when it declares the neighbor down.
Multicast RIPv2 packets (multicast)—Multicast RIP version 2 packets. This is the default. Do not send RIP updates (none)—Do not send RIP updates. Broadcast RIPv1 packets (version-1)—Broadcast RIP version 1 packets. - Authentication Type—Options include the following: None–No authentication Simple password authentication—Uses a text password that is included in the transmitted packet. The receiving router uses an authentication key (password) to verify the packet.
Figure 13-61. Protocols -> Setup: PIM This screen has the following fields: - Rib Group Name—The name of the routing table group. The name must be one that you previously defined with the rib-group statement when editing/adding routing-options in the command line interface. - VPN Group Address—The IP address of the VPN group. - Assert Timeout—Enter the time.
Rendezvous Point - Auto RP Mode—Configure automatic Rendezvous Point (RP) announcement and discovery. You can configure a mode-dynamic way of assigning RPs in a multicast network by means of auto-RP. When you configure auto-RP for a router, the router learns the address of the RP in the network automatically. Auto-RP operates in PIM version 1 and version 2.
Figure 13-62. Protocols -> Setup: PIM (Static) When you Add or Edit, the editor on the right appears with these fields: - Address—Configure the anycast rendezvous point (RP) addresses in the RP set. You can contribute multiple addresses in an RP set. - Version—Select the PIM version. Default: 2. - Group Ranges—Enter local group range of addresses (enter an address below the list and click Add.
Figure 13-63. Protocols -> Setup: PIM (Static) It has the following fields: - Address—Enter local address. This configures the router's local address for anycast rendezvous point (RP). If this statement is omitted, the application uses the router ID as this address. - Hold Time—Enter local hold time in seconds. This specifies how long a neighbor should consider the sending router (this router) to be operative (up). Range: 0 through 255. - Priority—Enter local priority.
Figure 13-64. Protocols -> Setup: PIM (Static) Click to select Available import / export bootstrap policies, and click the arrows to move the desired policies to the Selected side of this tab. Use the up/down arrows below the Selected policies to re-order their application. These control incoming and outgoing PIM bootstrap messages. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed.
Figure 13-65. Routing Protocols: BGP Peer Groups—Neighbors Use the Add, Edit or Delete buttons to manage rows in the table at the top of this screen. Click Export to save a description of the listed items to a file. When you select a group to Edit or Add a new one, the editor panel in the lower part of the screen opens. Use Export to save these groups in a file. Click Apply in the top right of the screen to accept your edits, or Cancel to abandon them.
- Authentication Key—MD5 authentication key. - Cluster ID—An identifier for the peer group cluster. Checkbox Options: Check any of the following to enable them: • • • • • • • • • • Active—Mark this item as active. Include Next Hop multi protocol updates. Log message for peer state transitions. Mulitipath— Allow load sharing among multiple BGP paths. No Aggregator ID—Set router ID in aggregator path attribute to 0. Hide local AS paths—Hide this local AS in paths learned from this peering.
Figure 13-67. Routing Protocols: BGP Peer Groups—Allow Configure peer connection networks as you did in the Neighbors section, above. Import Here, you can configure an ordered list of import policies. Figure 13-68. Routing Protocols: BGP Peer Groups—Import Click an Available import policy, then click the arrows between Available and Selected to move that policy to the Selected Column. You can use the arrows below the Selected column to re-arrange selected policies.
Figure 13-69. Routing Protocols: BGP Peer Groups—Export Click an Available export policy, then click the arrows between Available and Selected to move that policy to the Selected Column. You can use the arrows below the Selected column to re-arrange selected policies. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. Protocols -> OSPF Areas This screen manages OSPF Area settings.
Figure 13-70. Routing Protocols: BGP Peer Groups—Export To Add or Edit existing OSPF areas to the table at the top of this screen, click those buttons. Click Export to save a description of the listed items to a file. Select a row and click Delete to remove it from the table. When you add or edit a row, the editor appears in the bottom of this screen. Click Apply to accept your edits, or Cancel to abandon them.
• • • • Interface LSP Stub/NSSA Peer Interface Area Range - Area Range—Configure area ranges (network/mask-length). Enter an area range at the bottom of this table and click Add to enter it among those listed. Select a listed item and click Delete to remove it from the list. Click Apply to accept the entire list. Interface This tab lets you configure interfaces. Figure 13-71.
Click Add (or select an interface and click Edit) in the lower right portion of the screen, and the right screen becomes an editor for the interface. Click Delete to remove a selected interface from those listed. This editor has the following to configure: - Name—Select an interface to configure. - Interface Type—Select type of interface - Disable—Disable OSPF on this interface.
Md5 Panel If applicable, enter a Key ID and Key in the provided fields, then click Add to include these in the Key IDs listed. You can also select a listed key, and click Delete to remove it. LSP This tab lets you configure LSPs for the selected OSPF interface. Figure 13-72. Routing Protocols: OSPF LSP This panel lets you enter the Name of label-switched path to be advertised, and the Interface metric (1 - 65535).
Figure 13-73. Routing Protocols: OSPF Stub/NSSA Configure the following with this tab: - Type—Select from the pick list: Stub - Configure a stub area NSSA - Configure a not-so-stubby area - Summaries/No-Summaries—Check to activate. (These are mutually exclusive, but you can also activate neither). Summaries flood summary LSAs into this stub/nssa area. - Default Lsa—Check to activate. - Type-7—Flood type 7 default LSA if no-summaries is configured. Check to activate.
Figure 13-74. Routing Protocols: OSPF Peer Interface Click Add (or select an interface listed on the left and click Edit) to open the editor in the right panel. Select an interface and click Delete to remove it from the list. Click Apply to accept your edits; Cancel abandons them. Configure the following with this tab: - Name—Use the pick lists to locate an available interface. - Disable—Check to disable OSPF on this interface. - Dead Interval—1 - 65535 seconds.
Figure 13-75. Routing Protocols: ISIS Levels 1 & 2 Use the Add Edit and Remove buttons to manage rows in this table. Click Apply to accept your edits and Cancel to abandon them. When you add or edit an interface listed, an editor appears in the lower portion of the screen. The following are its fields: - Name—Interface or Unit to which settings apply. LSP Interval— Interval between LSP transmissions (milliseconds) The following are checkbox options.
- No IPv4 Multicast—Do not include this interface in the IPv4 multicast topology - No IPv6 Multicast—Do not include this interface in the IPv6 unicast topology - Point to Point—Treat interface as point to point The following tabs let you do additional configuration for ISIS interfaces: Level 1 and 2 These tabs have the following fields: - Disable—Disable IS-IS for given level. - Hello Auth Key—Authentication key (password) for hello packets.
Figure 13-77. Routing Protocols: ISIS BFD Options This screen has the following fields: - Minimum Interval—Minimum transmit and receive interval (1 - 255,000 milliseconds). - Min Receive Interval—Minimum receive interval (1 - 255,000 milliseconds). - Min Transmit Interval—Minimum transmit interval (1 - 255,000 milliseconds). - Multiplier—Detection time multiplier (1 - 255). CSN Options This tab configures the rate of complete sequence number (CSN) packets (for LAN interfaces only). Figure 13-78.
Figure 13-79. Routing Protocols: LDP Use the Add, Edit, Delete, or Export buttons to manage rows in this table. The following are the fields you can alter for the selected row: - Name—Interface or Unit to which settings apply. - Disable—Check to disable IDP for the named interface/unit. - Hello Interval—Hello interval (1 - 65,535 seconds). - Hold Time—Hello hold time (1 - 65,535 seconds).
Figure 13-80. Routing Protocols: MPLS Use the Add, Edit, Delete, or Export buttons to manage rows in the Select MPLS Interface to Add/ Edit/Delete table. The following are fields you can alter in the selected interface: - Name—Interface or Unit to which settings apply. Select from a pick list. - Disable—Check to disable IDP for the named interface/unit. Select Label Map to Add / Edit / Delete Use the Add or Remove buttons to manage Label Map rows in the table.
The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. Protocols -> PIM Interfaces This screen manages PIM interfaces for the selected device. Figure 13-81. Protocols -> PIM Interfaces Click Add to configure a new interface, or Edit to modify a selected, existing interface. If you want to remove a listed interface, select it and click Delete. Click Export to save a file describing items listed here.
- Hello Interval—Enter the number of seconds to designate how often the router sends PIM hello packets out of an interface. Range: 0 through 255 - Priority—Enter the router's likelihood to be elected as the bootstrap router. A higher value corresponds to a higher priority. Range: 0 through a 32-bit number. Default: 0. (The router has the least likelihood of becoming the bootstrap router and sends packets with a priority of 0.
Figure 13-82. Routing Protocols: RSVP Interfaces Use the Add, Edit, Delete, Export buttons to manage the list of interfaces in the table at the top of this screen. Click Export to save a file describing items listed here. When you are done adding or editing, click Apply to accept your edits, or Cancel to abandon them. When you add or edit, the editor at the bottom of this screen opens, letting you modify the following: - Name—Interface or Unit to which settings apply.
Protocols -> RIP Groups This screen controls RIP groups. Figure 13-83. Protocols -> RIP Groups Click Add or Edit a selected row to open the editor in the bottom panel. Click Apply to accept your edits, or Cancel to abandon them. Use Export to save these items in a file. The editor has the following fields: Group Name—Name of the RIP Group to configure. Preference—Preference of routes learned by this group. Metric Out—Default metric of exported routes (1 - 15).
- Receive—Configure RIP receive options: both - Accept both RIPv1 and RIPv2 packets none - Do not receive RIP packets version-1 - Accept RIPv1 packets only version-2 - Accept only RIPv2 packets - Send—Configure RIP send options: broadcast - Broadcast RIPv2 packets (RIPv1 compatible) multicast - Multicast RIPv2 packets none - Do not send RIP updates version-1 - Broadcast RIPv1 packets Check zero—Check reserved fields on incoming RIPv1 packets Message Size—Number of route entries per update message (25 - 255)
L2 Circuit -> Neighbors This screen manages Layer 2 Circuit neighbors. Figure 13-85. L2 Circuit -> Neighbors The top of this screen lists Layer 2 circuit neighbors. Click Add (or select a row and click Edit) to see the editor in the lowest panel. Select a row and click Delete to remove it. Use Export to save a description of these items in a file. Click Apply to accept your edits, or Cancel to accept them. The editor has the following fields: - Neighbor Address—The IP address of the neighbor.
- Protect Interface—Name of the protect interface. - Community Name—Community associated with this Layer 2 circuit. - Description—Text description of the Layer 2 circuit. - MTU Number—MTU to be advertised for this Layer 2 circuit (512 - 65535). - PSN Tunnel—Endpoint of the transport tunnel on the remote PE. - Control Word / No Control Word—Check Control Word to enable the use of control word. Check No Control Word to disable control word.
- End Interface Name—Interface name of the other end point. - Description—A text description of the Layer 2 circuit. - Protect Interface—Name of protect interface. - End Protect Interface—Interface name of the other end point. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. Protocols -> VRRP Groups For Fast Ethernet and Gigabit Ethernet interfaces only, use this screen to configure VRRP groups.
- Active—Mark this item active or inactive in the configuration. - Interface Name—Fast Ethernet or Gigabit Ethernet interface to configure this VRRP Group. - Inet Address—Inet Address to configure this VRRP Group. If no Inet address set exists, you can enter one with a text field. - Priority—Router's priority for being elected to be the master router in the VRRP group.
- Virtual Addresses—When you are configuring VRRP on Fast Ethernet and Gigabit Ethernet interfaces only, configure the addresses of the virtual routers in a VRRP group. You can configure up to eight addresses. Addresses of one or more virtual routers. Do not include a prefix length. If the address is the same as the interface's physical address, the interface becomes the master virtual router for the group.
• Forwarding Table Route Options - Router Identifier—Specify the router's IP address. - Route Distinguisher—Identifier used in route distinguishers for routing instances. - Enable Route Recording—Enable route recording. Graceful or hitless routing restart options. - Disable graceful restart - disables graceful restart - Restart Duration—Maximum time for which router is in graceful restart (120 - 900) Autonomous This tab describes Autonomous System numbers. Figure 13-89.
- Confederation Members—Autonomous system numbers of confederation members (1 65535). Maximum Routes This tab describes maximum routes and warning messages. Figure 13-91. Routing Options -> General -> Maximum Routes - Maximum Paths—Maximum number of paths (1 - 4294967295). Configure an upper limit for the number of routes installed in a routing table. - Threshold % (can only configure if max routes is set)—Percentage of limit to start warnings (1 100).
- Unicast Reverse Path —Select from the pick list. Options include Default, Active Paths, Feasible Paths. The Configure button at the bottom of these screens executes the desired configuration on the selected equipment.Click the Refresh button to re-query for these items. Routing Options -> Static Routes This screen manages routing options for static routes. Figure 13-93.
Discard Packets—Drop packets to destination; send no ICMP unreachables. Receive Packets—Install a receive route for the destination - Type— Select from the pick list: Default - Do not configure. Active—Remove inactive route from forwarding table. Passive—Retain inactive route in forwarding table. You can specify up to four metric values, starting with metric (for the first metric value) and continuing with metric2, metric3, and metric4. You also can specify a secondary preference value (preference2).
Figure 13-94. LSP Next Hop This screen has the following fields: - LSP Name—Select an existing LSP from the pick list or select Specify LSP from the pick list and type in an LSP that has not been created on the field below the list. Metric —Enter an LSP metric value (1 - 65,535). Preference—Enter an LSP preference value (1 - 255). P2MP LSP Next Hop This tab configures Point-to-Multipoint (P2MP) LSPs. Figure 13-95.
Preference—Enter an LSP preference value (1 - 255). NOTE: The LSP Name blank field does not appear in the screen in Figure 13-95 because the pick list is not set to Specify LSP. The device only allows one P2MP to be configured. You can configure multiple next hop LSP values. The Configure button at the bottom of these screens executes the desired configuration on the selected equipment.Click the Refresh button to re-query for these items.
Aggregate Route Properties - Destination—Destination address or network. - Active—Check to activate this route. - Type—Select from the pick list. Options include Default, Active and Passive. - Preference / Preference2—Enter a preference value. A lower number indicates a more preferred route (1-255). The second field on these lines indicates the type of route (1-16). - Metric / Metric2/ Metric3 / Metric4 —Enter a metric (1-65,535). The second field on these lines indicates the type of metric (1-16).
Figure 13-97. Routing Instances -> Instances The table at the top of this screen displays configured instances. Add or Edit a selected instance with those buttons to the right. Click Apply to accept your edits for the table, Cancel to abandon them. Select a row and click Delete to remove it. Click Export to save a description of these items in a file.
Next Hop To Destination The next hop can be an IP address, hostname or an interface. Choose the corresponding radio button depending on which you want to configure. - Destination—Enter a valid IP address or hostname into the text field - IPHost Destination—Enter a valid IP address or hostname into the text field - Interface Destination—Select an interface and number from the pick lists. A (read only) label at the bottom indicates the current configured value.
Figure 13-98. Routing Instances -> VRF Instances - VRF Settings NOTE: This service requires a license. The tabs on this screen have the following fields in common: - Name—An identifier for the routing instance. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. - Active—Check to make this active in the configuration.
- Description—A text description of the VPN or VPLS routing instance. Any descriptive text you include appears in the output of the show route instance detail command and has no effect on operation. The following tabs appear below these fields: • • • • • • VRF Settings Interfaces BGP OSPF (and OSPF3) RIP Routing Options VRF Settings - Route Distinguisher—An identifier attached to a route that indicates to which VPN or VPLS routing instance it belongs.
VRF Import Policies Specify how routes are imported into the local PE router's VRF table (routing-instancename.inet.0) from the remote PE router. You can configure multiple import policies on the PE router. VRF Export Policies Specify how routes are exported from the local PE router's VRF table (routing-instancename.inet.0) to the remote PE router. You can configure multiple export policies on the PE router.
Figure 13-100. Routing Instances -> VRF Instances - BGP This screen has the following fields: - Name—This identifies this BGP Group within this routing instance. The name can contain letters, numbers, and hyphens (-) and can be up to 255 characters long. - Type—Specify the type of BGP peer group, Internal or External.
- Multihop—Configure an EBGP multihop session. External confederation peering is a special case that allows unconnected third-party next hops. You do not need to configure multihop sessions explicitly in this particular case; multihop behavior is implied. If you have confederation external BGP peer-to-loopback addresses, you still need the multihop configuration.
metric—Primary metric on all routes sent to peers. Range: 0 through 4,294,967,295 (232 -1) Default: No metric is sent. minimum-igp—Set the metric to the minimum metric value calculated in the IGP to get to the BGP next hop. If a newly calculated metric is greater than the minimum metric value, the metric value remains unchanged. If a newly calculated metric is lower, the metric value is lowered to that value. offset—(Optional) Increases or decreases the metric by this value.
- SPF Delay—Configure the shortest path first (SPF) delay. The field lets you specify the number of milliseconds between the detection of a topology change and when the SPF algorithm runs. Range: 50 through 1000 milliseconds Default: 200 milliseconds - Domain ID—Specify a domain ID for a route. The domain ID identifies the OSPFv2 domain from which the route originated.
Area If you select the Area option, the remainder of the screen has these fields (rather than those in Export Policies or Interface): Figure 13-102. Routing Instances -> VRF Instances - OSPF and OSPF3 (Area) - Area ID—Specify the area identifier for this router to use when participating in OSPF routing. All routers in an area must use the same area identifier to establish adjacencies. Specify multiple area statements to configure the router as an area border router.
- Summaries—Configure whether area border routers advertise summary routes into an NSSA. When enabled, this floods summary LSAs into the NSSA. - No-Summaries—Configure whether area border routers advertise summary routes into an NSSA. When checked, this prevents area border routers from advertising summaries into an NSSA. If default-metric is configured for an NSSA, a Type 3 LSA is injected into the area by default. - Default Lsa—Enabled for Area Type NSSA only. - Type-7—Enabled for Area Type NSSA only.
RIP This screen configures the RIP portion of the VRF. Figure 13-104. Routing Instances -> VRF Instances - RIP Rip Groups Configure a set of RIP neighbors that share an export policy and metric. The export policy and metric govern what routes to advertise to neighbors in a given group. This screen has the following fields: - Name—Name of a group, up to 16 characters long. - Preference—Preference of external routes learned by RIP as compared to those learned from other routing protocols.
Figure 13-105. Routing Instances -> VRF Instances - Routing Options It has the following fields: - Router ID—BGP and OSPF (Open Shortest Path First) uses the router identifier to identify the router from which a packet originated. The router identifier usually is the IP address of the local router. If you do not configure a router identifier, the VRF uses the IP address of the first interface to come online. This is usually the loopback interface.
- Multipath - VPN Unequal Cost—Apply protocol-independent load balancing to VPN routes that are equal until their interior gateway protocol (IGP) metrics with regard to route selection. If you do not configure the vpn-unequal-cost statement, protocol-independent load balancing is applied to VPN routes that are equal until their router identifiers with regard to route selection. - Graceful Restart—Configure graceful restart.
Policies Associate a routing policy when configuring an aggregate or generated route's destination prefix in the routes part of the aggregate or generate statement. This provides the equivalent of an import routing policy filter for the destination prefix. That is, each potential contributor to an aggregate route, along with any aggregate options, passes through the policy filter.
- Tag—Associate an OSPF tag with a static, aggregate, or generated route. The Bidirectional Forwarding Detection (BFD) protocol is a simple hello mechanism that detects failures in a network. BFD works with a wide variety of network environments and topologies. The failure detection timers for BFD have shorter time limits than the failure detection mechanisms of OSPF, providing faster detection. These timers are also adaptive and can be adjusted to be more or less aggressive.
The following are columns from the upper portion of the table. You can configure these when you click Add or select an item and click Edit in the upper panel. Click Delete to remove a selected item. Click Export to save a description of the listed communities as a file. - Name—The SNMP community name. - Authorization—The community authentication level (read only/read-write). Select from a pick list. In the lower table, use the Add or Remove buttons to manage rows.
Figure 13-108. SNMP: Traps Use the Add, Edit or Remove buttons to manage rows in this table. Click Export to save a description of the listed trap groups as a file. Only the Name and Trap Categories appear in the list of trap groups. The following are the configurable items: Trap-Group Properties - Name—The trap group name. - Destination-Port—The number of the destination port. - SNMP Version—Select from the supported versions in the pick list (options include v1, v2, and all).
Targets These are the IP addresses to receive traps. Enter the IP address of the target in the field above the table, then click Add to enter a target IP in the list. Select a listed target and click Delete to remove it. Trap Categories Check the categories of traps you want to receive (Authentication, Chassis, Configuration, Link, Remote-Operations, Rmon-Alarm, Routing, Startup, Vrrp-Events, and Sonet Alarms). - Receive all traps—Check all categories.
This screen has the following fields: Host Name—Hostname for this router. Domain Name—Domain name for this router. The following two tables let you enter an IP address or domain in the field under the table. Click Add to add this list to the table. Select an item and click Delete to remove a listed item. Click Apply to accept the list. Here are the listed items: DNS Servers—An ordered list of DNS servers. Search Domains—An ordered list of search domains.
• • • • • • Disable ICMP redirects Save core context Mirror flash on disk Compress configuration files (JUNOS 6.4 and below only) Don't compress configuration files (JUNOS 7.0 and above only) Max Configuration files to store on flash [0 - 49] (JUNOS 7.0 and above only) Root Authentication - Plain Text Password / Confirm Password—Root authentication password. The Configure button at the bottom of this screen sends the selected configuration to the device.
- Time Servers—The time server IP address(es). Click Add to create a new row in this table. Write directly to that row to add the IP address of an NTP time server. Use the Remove button to delete a selected row. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. System -> Location This screen manages the device’s location. Figure 13-111.
Floor—Floor number. Rack—Rack number. System -> Loopback This screen manages loopback settings. Figure 13-112. Loopback Here are the fields on this panel: - Unit —Unit number is always 0. (read only) - Traps—Check to enable traps. - Passive Monitor—Check to enable. - Description—A text description. Family Use Add (adds the address entered below the table) and Delete to manage rows in the inet and iso tabs. These are the loopback inet and iso IP addresses.
Figure 13-113. System Services Each section has a checkbox. Check those if the configuration in that section applies. This screen configures Finger, FTP, SSH, Telnet, XNM Clear Text and XNM SSL, and has the following fields: - Connections—The maximum connections allowed on the finger service. Range: 1-250 - Rate—The maximum connections allowed per minute on the finger service. Range: 1-250 - Protocol Version—Select from the pick list - Authentication Certificate—Name of local X.509 certificate to use.
Figure 13-114. System Log File This has the following items to configure: Default File Archive Settings: - File Size—The size of the Log file. - Number of Files—The number of files logged (1-1000); one for each chosen period. - World Readable—Check to allow any user to read the log file.
Console Logging Settings: These logging settings let you define what messages are logged by setting the priority for each facility. See Priority Levels on page 564 for a list of those. The facilities that generate messages or the levels are the following: - Any—All facilities. - Authorization—Authorization system. - Configuration Change—Configuration change log. - Configuration Conflict—Configuration conflict log. - Daemon—Various system processes. - Firewall Filtering—Firewall filtering system.
Figure 13-115. System -> Syslog Files Use the Add, Edit, and Delete buttons to manage rows of Syslog files in this table. Click Export to save a description of the listed items. When you Add or Edit a selected row, the editor panel at the bottom of the screen appears. Click Apply to accept your edits, or Cancel to abandon them. This screen has the following fields: Log File Name—The name of log file.
Explicit—Include priority and facility in messages. Logging Settings Configure the Facilities and Priorities to log on the console. See Console Logging Settings: on page 564 for a description. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. System -> Syslog Hosts Configure one or more hosts to send syslog messages.
Figure 13-116. System -> Syslog Hosts Use the Add, Edit, and Delete buttons to manage rows of Syslog files in this table. When you Add or Edit a selected row, the editor panel at the bottom of the screen appears. Click Export to save a description of the listed items. Click Apply to accept your edits, or Cancel to abandon them. This screen has the following fields: - Host Name—The hostname or IP address to which to log messages. - Explicit—Include priority and facility in messages.
Logging Settings Configure the Facilities and Priorities to log on the console. See Console Logging Settings: on page 564 for a description. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. System -> Syslog Users This screen configures syslog settings for system users. Figure 13-117. System -> Syslog Users Use the Add, Edit, and Delete buttons to manage rows of Syslog files in this table.
Logging Settings Configure the Facilities and Priorities to log on the console. See Console Logging Settings: on page 564 for a description. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. System Authentication -> Authentication Order This screen manages the order in which authentication occurs. Figure 13-118.
Figure 13-119. Radius Authentication Click Export to save a description of the listed items. Use the Add or Remove buttons to manage rows in this table. Enter text directly in the row, once you add it. The following are its columns: - IP Address—The IP address of the authentication server for this router to use. - Server Type—Select Radius or TACACs+ - Port—The authentication port. - Retry—The number of times to retry authentication (disabled for TACACs+).
Figure 13-120. System Authentication: Users (Telnet & SSH) Click Export to save a description of the listed items. Click Add or Edit a selected row to open the editor in the bottom panel. The editor has the following fields: - Name—A short name for the user. - Full Name—A text description of the user. - User ID—A unique identifier for the user. The Auto-assign checkbox automates creating this from the previous fields. - Class—User Permission level.
Figure 13-121. Authentication Class Click Export to save a description of the listed items. With the buttons on the upper screen, you can Add, Edit and Delete classes with the following characteristics: Login-Class Properties - Name—User Name. - Idle Timeout—Check to enable this property, then set the maximum idle time (in minutes) before logout occurs.
Allowed or Denied Commands These fields let you enter regular expressions for commands and configurations to allow or deny. Permissions Select from the operation categories available, moving the desired permissions to the Selected Privileges on the right side of the table. Click Apply to accept your edits, and Cancel to abandon them. The Configure button at the bottom of this screen sends your login(s) to the device. The Refresh button queries to update information displayed.
Figure 13-122. Integrated Bridging -> Bridge Domain Use the Add, Edit, and Delete buttons to manage rows of Bridge domains in this table. Click Export to save a description of the listed items. When you Add or Edit a selected row, the editor panel at the bottom of the screen appears. Click Apply to accept your edits, or Cancel to abandon them. This screen has the following fields: - Domain Name—A unique name for the domain you are configuring. When you edit an existing domain, this is read-only.
Click Apply to accept your edits, and Cancel to abandon them. The Configure button at the bottom of this screen sends your login(s) to the device. The Refresh button queries to update information displayed. PIC Configure -> Chassis Hardware This screen appears when you open a selected PIC in Equipment Manager. Figure 13-123. PIC Chassis Hardware It has the following fields: Chassis Hardware Options - No Concatenate—Do not concatenate channels. - PIC buffer—Run in large delay buffer mode.
ATM l2 Circuit Mode Options The following enable ATM Layer 2 circuit transport mode. Check or select where appropriate. Cell and trunk options are mutually exclusive. - Cell—ATM Layer 2 circuit cell mode - Trunk—Set ATM Layer 2 circuit trunk mode. The following trunk selections from the pick list to the right of this checkbox are optional: Network-to-Network–ATM Layer 2 circuit network-to-network interface trunk mode User-to-Network–ATM Layer 2 circuit user-to-network interface trunk mode.
cisco-hdlc-ccc—Cisco-compatible HDLC framing for a cross-connect. cisco-hdlc-tcc—Cisco-compatible HDLC framing for a translational cross-connect. ethernet-ccc—Ethernet cross-connect. ethernet-over-atm—Ethernet over ATM encapsulation. ethernet-tcc—Ethernet translational cross-connect. ethernet-vpls—Ethernet Virtual Private LAN Service (VPLS). extended-frame-relay-ccc—Any Frame Relay DLCI for cross-connect. extended-frame-relay-tcc— Any Frame Relay DLCI for translational cross-connect.
Options The following sections describe tabs that appear based on port type you are configuring. Available tabs appear not grayed out. • • • • • • • • • • • • KeepAlives Hold Time Ethernet Fast Ethernet GE (Gigabit Ethernet) Sonet PPP ATM E1 DS0 T1 Serial KeepAlives This screen configures sending or demanding keepalive messages. Figure 13-125. Interface Configuration—KeepAlives - Default Keepalive settings—Remove any keepalive configuration from the interface and use system defaults.
Hold Time This screen configures the hold time for link up and link down. Figure 13-126. Interface Configuration—Hold Times The checkbox (Over-ride default hold times) enables the following fields: - Up Time—Link up hold time (0 - 65,534 milliseconds) - Down Time—Link down hold time (0 - 65,534 milliseconds) Ethernet This screen configures ethernet parameters. Figure 13-127. Interface—Ethernet - Link Mode—Link operational mode (Full Duplex or Half Duplex).
Fast Ethernet This screen configures fast ethernet parameters. Figure 13-128. Interface—Fast Ethernet The Enable checkbox lets you use the following fields: - Flow Control—Enable/Disable flow control. - Loopback—Enable/Disable loopback. - Ingress Rate Limit—Ingress rate at the port (1 - 100 megabits per second). - AE Interface—Select which aggregate interface with a pick list (not available for all devices).
- AE Interface Mode—Select which aggregate interface mode with a pick list (Primary / Backup— not available for all devices). Aggregate This screen configures aggregate ethernet interface options. Figure 13-130. Interface—Aggregate The Enable checkbox lets you use the following fields: - Flow Control—Enable/Disable flow control. - Loopback—Enable/Disable loopback. - Link Protection—Elect to Enable / Disable link protection. - Link Speed—Select from the pick list.
- LACP Periodic—By default, the actor and partner send LACP packets every second. You can configure the interval at which the interfaces send LACP packets in this field. - Minimum Links—Enter the minimum number of links. On aggregated Ethernet interfaces, you can configure the minimum number of links that must be up for the bundle as a whole to be labeled up. By default, only one link must be up for the bundle to be labeled up. Sonet This screen configures Sonet options. Figure 13-131.
- RFC 2615—RFC 2615 compliance - Z0 Increment—Increment Z0 in SDH mode Auto Protection Switching Options - Advertise Interval—Advertise interval (milliseconds) - Hold Time—Hold time (milliseconds) - Revert Time—Circuit revert time (seconds) - Neighbor Address—IP Address of Neighbor - Paired Group—Name of paired APS group - Authentication Key—Authentication key - Circuit Group—Working or Protected circuit group name, based on state. - Circuit State—Request/Force circuit state.
Figure 13-132. Interface—PPP The Enable checkbox lets you use the following fields: - Access Profile—Profile containing client list and access parameters. - Local Name—Name sent in CHAP-Challenge and CHAP-Response. - Passive—Handle incoming CHAP requests only. ATM This screen is where you configure ATM parameters.
Figure 13-133. Interface—ATM The Enable checkbox lets you use the following fields: - PIC Type—Type of ATM PIC (ATM II or ATM I). - Cell Bundle Size—L2 circuit cell bundle size (1 - 176 cells). - ILMIL—Enable Interim Local Management Interface. - Pop MPLS Labels—Pop all MPLS labels off incoming packets. - PLP to CLP—Enable ATM2 PLP to CLP copy.
Linear RED Profiles Click Add to create a new profile, or Edit to alter an existing, selected one. Delete removes a selected, listed profile. The editor for this panel has the following fields: - Linear RED Profile Name—ATM2 CoS virtual circuit drop profiles. - High PLP Threshold—Enter the threshold. This is the fill level percentage when linear RED is applied for high PLP (1-100).
Enter a VPI below the table in this panel, and click Add to list a VPI. You can also select a VPI, and edit it in the field below the list. Click Apply to accept your edits. Select a VPI and click Delete to remove it from the list. E1 This screen lets you configure E1 options. Figure 13-134. Interface - E1 The Enable checkbox lets you use the following fields: - BERT Algorithm—Set BERT algorithm. - BERT Error Rate—Bit error rate to use in BERT test (10^-n) (0 - 7).
DS0 This screen lets you configure DS0 options. Figure 13-135. Interface—DS0 - BERT Algorithm—Set BERT algorithm. - BERT Error Rate—Bit error rate to use in BERT test (10^-n) (0 - 7). - BERT Period—Length of BERT test (1 - 240 seconds). - Frame Checksum—Frame checksum; 16 or 32-bit mode. - Byte Encoding—Byte encoding; 7 or 8 bits per byte. - Idle Cycle Flag—Value to transmit in idle cycles; 0x7E or 0xFF. - Invert Data—Invert data. - Loopback Mode—Loopback mode; Default or Payload.
Figure 13-136. Interfaces—T1 This tab has the following fields: - BERT-error-rate (rate)—Bit error rate (10^-n for n > 0, and zero for n = 0) (0-7) - Remote-Loopback-Respond—Respond to loop requests from remote end. - BERT-period (seconds)—Length of BERT test (1-240 seconds) - Invert Data—Check to invert data. - BERT-algorithm—Use the pick list to set the BERT algorithm.
pseudo-2e28–Pattern is 2^28 - 1 pseudo-2e29–Pattern is 2^29 - 1 pseudo-2e3–Pattern is 2^3 - 1 pseudo-2e31–Pattern is 2^31 - 1 pseudo-2e32–Pattern is 2^32 - 1 pseudo-2e4–Pattern is 2^4 - 1 pseudo-2e5–Pattern is 2^5 - 1 pseudo-2e6–Pattern is 2^6 - 1 pseudo-2e7–Pattern is 2^7 - 1 pseudo-2e9-o153–Pattern is 2^9 - 1 (per O.153 standard) repeating-1-in-4–1 bit in 4 is set repeating-1-in-8–1 bit in 8 is set repeating-3-in-24–3 bits in 24 are set - Buildout—Line buildout.
16–16-bit mode 32–32-bit mode - Framing—Options include: esf–Extended super frame sf–Super frame - Idle Cycle Flag—Value to transmit in idle cycles. flags–Transmit 0x7E in idle cycles ones–Transmit 0xFF (all ones) in idle cycles Serial This screen lets you configure serial options. Figure 13-137. Interfaces—Serial This screen has the following fields: - Enable—Check to enable - Clock Rate—Select from the pick list. - Line Encoding—Select from the pick list. - Loopback Mode—Select from the pick list.
Polarity Options - Control Polarity—Select from the pick list. - DCD Polarity—Select from the pick list. - DTR Polarity—Select from the pick list. - RTS Polarity—Select from the pick list. - CTS Polarity—Select from the pick list. - DSR Polarity—Select from the pick list. - Indication Polarity—Select from the pick list. - TM Polarity—Select from the pick list. ATM Port -> VPI This screen appears when you edit an ATM physical port and select the VPI options under configure.
Figure 13-138. Editing ATM I You can only configure two parameters for ATM I: the Virtual Path Index and the Maximum VCS. F4 OAM Cell and Virtual Path Liveness Options Maximum VCS is not supported For ATM II. Instead you can configure F4 OAM cell options: Period, Down Count and Up Count.
Figure 13-139. Editing ATM II VPI Click Add or Edit a selected row to open the editor in the bottom panel. Click Apply to accept your edits, or Cancel to abandon them. The editor has the following fields: - Virtual path index—Define a virtual path index (0 - 255). - Maximum VCS—Maximum number of virtual circuits on this VPI. - ATM Card Type—Displays the current card type and mode (atm1 or atm2). F4 OAM Cell and Virtual Path Liveness Options Cell period—F4 OAM cell period (1 - 900 seconds).
cbr—Constant bandwidth utilization. rtvbr—ATM2 real-time variable bandwidth utilization. vbr—Variable bandwidth utilization. - Constant Bandwidth—(For shaping type cbr only) Constant bandwidth utilization (33,000 542,526,792). Burst size—For shaping type vbr and rtvbr, (1 - 4,000). Peak rate—For shaping type vbr and rtvbr, (33,000 - 542,526,792). Sustained rate—For shaping type vbr and rtvbr (33,000 - 542,526,792). Click Apply to accept the edits you make on this screen, and Cancel to abandon them.
For Ethernet port types: Figure 13-140.
For SONET and E1 port types: Figure 13-141. Sonet and E1 Port Unit Sonet and E1 Port Unit For ATM port types: Figure 13-142. ATM Port Unit And for lt Port types: Figure 13-143. Lt Port Unit Click Export to save a description of the listed interfaces. Click Add, Edit or Delete to manage the listed Units. The following describes the fields in these General screens: - Unit—Logical unit number - Physical Encapsulation—Physical link-layer encapsulation.
atm-pvc—ATM permanent virtual circuits. ethernet-over-atm—Ethernet over ATM encapsulation. ethernet-ccc—Ethernet cross-connect. ethernet-tcc—Ethernet translational cross-connect. ethernet-vpls—Ethernet Virtual Private LAN Service (VPLS). extended-vlan-ccc—Nonstandard TPID tagging for a cross-connect. extended-vlan-tcc—802.1Q tagging for a translational cross-connect. extended-vlan-vpls—Extended VLAN Virtual Private LAN Service (VPLS). vlan-ccc—802.1Q tagging for a cross-connect.
atm-tcc-vc-mux—ATM VC for translational cross-connect. atm-vc-mux—ATM VC multiplexing. ether-over-atm-llc—Ethernet over ATM (LLC/SNAP) encapsulation. ether-vpls-over-atm-llc—Ethernet VPLS over ATM (bridging) encapsulation. dix—Ethernet DIXv2 (RFC 894). vlan-ccc—802.1Q tagging for a cross-connect. vlan-vpls—VLAN Virtual Private LAN Service (VPLS). frame-relay—Frame Relay DLCI. frame-relay-ccc—Frame Relay DLCI for CCC. frame-relay-tcc—Frame Relay DLCI for translational cross-connect.
Figure 13-144. Unit inet Configuration Use Add, Edit, Delete or Export to manage the listed parameters. Click Export to save a description of these items in a file. When you add or edit, an editor opens with the following fields. Enable—Enable/Disable Family option on logical interface The next two fields appear at the bottom of the Addresses table, and let you Add, Delete, or Apply the Source/Destination interface pairs to the table.
Source Address—Interface address prefix. Destination Address—Interface address destination. Input / Output Service—Select from the pick list. Filter Group—Group of which this interface is a member. Input Filter—Filter applied to received packets. Output Filter—Filter applied to transmitted packets. ARP Policer—Policer applied to arp packets. (see Input Policer—Policer applied to received packets. Output Policer—Policer applied to transmitted packets. MTU—Maximum transmit packet size (256 - 9192).
Enable—Enable/Disable Family option on logical interface. The next two fields appear at the bottom of the Addresses table, and let you Add, Delete, or Apply the Source/Destination interface pairs to the table. Source Address—Interface address prefix. Destination Address—Interface address destination. Filter Group—Group of which this interface is a member. Input Filter—Filter applied to received packets. Output Filter—Filter applied to transmitted packets. Input Policer—Policer applied to received packets.
Enable—Enable/Disable Family option on logical interface. Filter Group—Group where this interface is a member. Input Filter—Filter applied to received packets. Output Filter—Filter applied to transmitted packets. Input Policer—Policer applied to received packets. Output Policer—Policer applied to transmitted packets. MTU—Maximum transmit packet size (256 - 9192). Mlppp - Multilink PPP protocol parameters This screen configures Multilink PPP parameters. Figure 13-148.
Figure 13-150. Unit Multilink Frame Relay UNI NNI protocol Enable—Enable/Disable Family option on logical interface. Bundle—Logical interface name this link joins. Ccc - Circuit Cross-Connect This screen configures circuit cross-connect parameters. Figure 13-151. Ccc - Circuit cross-connect Enable—Enable/Disable Family option on logical interface. - Filter Group—Group where this interface is a member. - Input Filter—Filter applied to received packets.
Figure 13-152. Tcc - Translational Cross-Connect - Enable—Enable/Disable Family option on logical interface. - Input Filter—Filter applied to received packets. - Output Filter—Filter applied to transmitted packets. - No Asynch Notification—Do not send asynchronous notification on link failure. Vpls - Virtual Private LAN Service This screen configures VPLS parameters. Figure 13-153. Vpls - Virtual Private LAN Service Enable—Enable/Disable Family option on logical interface.
Tunnel Configuration / GRE Unit Tunnel By encapsulating arbitrary packets inside a transport protocol, tunneling provides a private, secure path through an otherwise public network. Tunnels connect discontinuous subnetworks and enable encryption interfaces, virtual private networks (VPNs), and Multiprotocol Label Switching (MPLS). Figure 13-154. Tunnel Configuration and GRE Unit Tunnel Configure the following fields in this screen: - Source Address—The IP address of the tunnel source.
Figure 13-155. Shaping It has the following fields: - Enable—Check to enable shaping. - Shaping Type—Select from a pick list. Either set VPI Shaping to None to allow Constant Bandwidth (CBR) or set VBR Shaping at the Unit level only. Alternatively, you can use the Shaping Type of CBR at both the VPI and Unit levels provided you set a CBR value at the Unit level that meets or exceeds the Constant bandwidth value set at the VPI level.
Figure 13-156. Unit Services Configuration You can configure the following: Input Parameters - Input Service-Set (1,2,3)—Select from the pick list. - Filter—Select from the pick list for the selected input service. - Post-Service-Set—Select from the pick list. Output Parameters - Output Service-Set (1,2,3)—Select from the pick list. - Filter—Select from the pick list to filter the selected service.
Figure 13-157. Unit Service Options Service Options These are the service options to be applied on an interface: - Inactivity Timeout—For adaptive services interfaces, configures the inactivity timeout period for established flows. default: 30 secs 1-200000. - Open Timeout—Configure timeout period for TCP session establishment. default: 30 secs 1216000. Multi-Service Options For monitoring services interfaces only, configure multiservice-specific interface properties.
- Priority—Specifies the system logging priority level. Select from the pick list. - LogPrefix—Sets the system logging prefix value. Enter a string. The Configure button at the bottom of this screen sends the selected configuration to the device. The Refresh button queries to update information displayed. Channelized PICs -> Channel Groups This screen (or one like it) appears for channelized QPP and channelized PIC selections (PIC level). Figure 13-158.
The following flow diagram details the CHOC-12 and potential components of each channel type. Figure 13-159. Channel Components The DDI Service for the Channels Service should appear for any discovered SONETPIC managed object. It supports Add, Edit or Delete actions against any channel in the hierarchy. Figure 13-160. Channelized OC-12 Layout The icons on the tree represent the types of channels. The icons with double arrows indicate subchannels are permitted.
Figure 13-161. Channel Properties - Type—Available Sub-Channel Types that belong to the Channel - Name—Auto-assigned name, based upon Sub-Channel Type, Parent Channel ID and Partition - Description—User-assigned description of the Sub-Channel - Parent Channel—Channel to which the Sub-Channel belongs to. - Partition—Which portion of the Channel which is assigned to the Sub-Channel See Add Channels on page 613 and Set All Channels on page 614 for information about managing channels.
Figure 13-162. DS0 Channel Properties It contains the following fields: - Type—Available Sub-Channel Types that belong to the Channel - Name—Auto-assigned name based upon Sub-Channel Type, Parent Channel ID and Partition. - Description—User-assigned description of the Sub-Channel. - Parent Channel—Channel to which the Sub-Channel belongs. - Partition—Which portion of the Channel is assigned to the Sub-Channel.
Figure 13-163. Add PIC Channels When you select Add Channel from the menu, the sub-menu presents types of channels you can add. Set All Channels If you want to set the Sub-Channels to the same Channel-Type for a given Channel then select Set All Channels. Figure 13-164. Set All Channels Manage channels with the Add, Edit, and Delete, or with the right click menu.
Show Screens Show screens are read-only equivalents to the JUNOS show command. They appear, depending on your selection in the Show node of the Equipment Editor tree, and depending on your selected View item (see the pick list roughly in mid-screen). Figure 13-165. Show Screens You can Export this information to a file, if you click that button. Select the equipment subcomponents in the upper screen and view the information related to the View pick list in the lower screen.
- OSPF Statistics—show ospf statistics - RSVP Statistics—show rsvp statistics - Route Summary—show route summary - ARP Table—show arp - MPLS LSP Statistics—show mpls lsp - MPLS Paths Statistics—show mpls path - OSPF Neighbors—show ospf neighbors - OSPF Log—show ospf log - All Routes—show route all - Fowarding Table Summary—show route forwarding-table Interface Show Commands Interface Status—show interfaces statistics MPLS Information—show mpls interface LDP Information—show ldp interface ISIS Information—s
Active Users—show system users Hardware Show Commands Chassis Inventory—show chassis hardware extensive FRU information—show chassis hardware frus Forwarding Engine Board Status—show chassis feb System Control Board Status—show chassis scb System Switch Board Status—show chassis ssb Switch Interface Board Status—show chassis sibs Switching and Forwarding Module Status—show chassis sfm Routing Engine Status—show chassis routing-engine Status—show chassis fpc pic-status Packet Forwarding Engine Status—show p
- IPSec Statistics—show services ipsec-vpn ipsec statistics - IPSec Associations—show services ipsec-vpn ipsec security-associations - Certificates Information—show ipsec certificates Firewall Log - show firewall log Configuration File Show Commands The following are screens that show a portion of the current configuration file on the router: • • • • • • • • • • • • • Applications Services Groups System Chassis Interfaces SNMP Routing Options Protocols Policy Options Class of Service Firewall Routing Inst
Channelized Interface Configure -> Partitions You can add, edit and delete partitions for channelized interfaces from the port configuration screen. Figure 13-166. Channelized Interface Configure -> Partitions A warning appears if a clear channel exists for the selected interface. Adding a partition deletes the clear channel. Click Add (or select an existing partition listed at the top of the screen, and click Edit), and configure the partition in the fields and selector at the bottom of the screen.
The Configure button at the bottom of these screens executes the desired configuration on the selected equipment.Click the Refresh button to re-query for these items. Configure -> Clear Channel You can convert channelized interfaces into clear channel (no partitions) by configuring clear channel options. Figure 13-167. Channelized Interface Configure -> Clear Channel (no partition) If partitions exist for the selected interface, the application warns that setting up the clear channel deletes them.
J-series Restore If you have the File Management option installed, this panel configures restoration on (non-ESeries) J-series devices. Figure 13-1. Restore Type NOTE: If you select “snapshot” as part of a file management action, you must have external media, like a USB drive, plugged into the device, or an error appears. This panel has two sets of radio buttons that let you configure the type of restoration you want to do.
See Adjusting Time-outs on page 625 for changes you can make to device response time-out problems. J-series Deploy This vendor panel appears when you deploy to a J-series (M/T/J) device. Figure 13-2. J-series Deploy This screen has the following fields: - File Path—Pre-populated with /var/tmp/ (where most J-series devices suggest you place the package for upgrade). You can specify a different path to place the package for upgrade. Best practice is to use /var/tmp/.
Adjusting Time-outs If you receive time-out errors, you can change a few properties to increase the File Server and Deploy time outs. First, you can increase the FTP timeout for the Management Interface in the Resource editor for a device. To change Netrestore timing, change juniper.
14 Ports Introducing Ports Manager Access Port Manager from the navigation window, or from the Inventory sub-menu. This screen provides a handy display of available ports on your equipment. If you do a little more discovery, as described in Learned MAC Address on page 629, you can also display learned MAC addresses on those ports. Figure 14-1. Ports Use the pick lists at the top of this screen to filter ports on discovered equipment that appear in the screen below.
The In Use column indicates whether a link is tied to the port. NOTE: If functional permissions do not allow Port editing, then the Save button for Ports is disabled. This solution applies to port components only when they are opened from Resource Manager, Topology or the Port Manager. The details for selected ports appear at the bottom of the screen. See Detail Panels on page 628.
SubComponents This panel displays a tree of the port and any of its subcomponents. The following panels are available, but do not appear by default. Click the + at the top right of the details panels to add them. Learned MAC Address Port Manager lets you discover any learned MAC addresses on discovered ports. Do this either manually (click the button at the bottom of the detail panel), or by configuring and executing a Learned MAC Address Discovery schedule. See Scheduling Learned MAC Discovery, below.
CLI-Based Discovery For some supported devices, reading the SNMP MIB is not as reliable as command-line interface (CLI) interaction, so this application uses the latter. Scheduling Learned MAC Discovery If you create a new schedule and select Learned MAC Discovery, you must simply name this schedule and then select the devices where you plan to discover learned MAC addresses. Figure 14-3. Scheduling Learned MAC Discovery Click Add or Add Group to select devices individually or by equipment group.
15 Resource Roles Introducing Resource Roles The Resource Roles Managers provides functionality and screens that let you manage resource roles in your network—another kind of grouping. Groups are not the same as roles. Both are ways of addressing collections of resources you have discovered. The optional Group Operations capabilities let you act on groups of resources. Resource roles also let you group pieces of equipment together.
Figure 15-1. Resource Role Manager The following are the Action or right-click menu controls on the Resource Role Manager: - New—Creates a new resource role. Select the type of role in the screen that appears after you click New to select either a Resource or Configuration File role. - Open—Opens the selected resource role for modification with the editor described in Creating or Modifying Resource Roles. - Delete—Deletes an resource role. Select the role to remove and click Delete.
• • General Tab Reference Tree General Tab The General tab sets the most general information about the resource role. Figure 15-2. Role Editor The following are the fields on the Resource Role Editor: - Name—A unique name for the role. - Role Type—An optional description of the role type. - Description—An optional description of the role. Click the Save icon (or File -> Save) to save the new role. Reference Tree This tab displays any references to this role in tree format. Figure 15-3.
Resource Roles
16 Groups Introducing Groups Groups manager provides functionality and screens that let you manage groups of resources in your network. Group Operations let you select groups of resources, then use the optional Group Operations Manager to manage those resources. Certain dynamic groups are seeded by installing this software. For example All Devices is a dynamic group containing all resources. Similarly, discovery automatically produces vendor groups for all discovered resources.
Figure 16-2. Groups Manager Filter the groups that appear by checking Filter, and selecting their Name (characters or wildcards) and click the Go button to populate the list of available groups. CAUTION: Unless you create a filter and save it as described in Chapter 28, Filters, any filters you create here are not preserved.
- Export—Exports an XML file of the listed groups to a directory you select. Exported files can serve as backups or as seed files, and can be imported by clients running on other servers. - Help—Opens the online help screen for this manager When you select a group in the upper panel, the lower panel displays a tree, with the group’s membership as sub-nodes.
Dynamic Groups If you selected a dynamic group, then you can click on the Filter node of the tree to see the filter criteria. Figure 16-4. Group Editor - Dynamic Group Filter Click the radio button for Match Any of the following (“OR”), or Match All of the following (“AND”), then click the Add button at the bottom of the screen, and select an item to match, an operator, and the match criteria.
Figure 16-5. Group Editor – Legacy Dynamic Groups Check the criteria you want, and fill in the fields next to the checkbox with specifics, or with wildcard characters.
Groups
17 Links Links Overview The Link Manager lets you create and edit both logical and physical links. Select Inventory -> Links from the File -> Open NetManagermenu or the Navigation Window to display the Link Manager. Figure 17-1. Links The following are the controls on the Link Manager’s action (or right-click) menu: - New—Opens the Link Editor, through which you can define a new link.
- Map—Opens the Topology Viewer, displaying the selected link. See Creating or Modifying Topology Views on page 662 for more information. - Extended Map—Displays the actual endpoints of a link as applicable. For example, if a link exists between a port on device A and a port on device B, the regular Map command displays only device A and B nodes and a link between them. This command displays the two ports and the link between them along with the associated parent entities.
• Link Discovery Status NOTE: This software will discover ethernet links between devices that have CDP, EDP, or LLDP enabled. These protocols are often enabled by default in network devices. When you discover links between devices and entire network, an out-of-domain indicator appears if the end point of a link is not yet discovered. If you discover that missing end point, the topology does not change unless you perform link discovery again.
Figure 17-3. Link Discovery Wizard —Options NOTE: Ethernet Link Discovery requires at least two devices to be specified for links to be created. Link Types Click the check boxes to select any type of link to discover (or check Select All Link Types). Notice that the Supported column displays whether the link type listed is supported by what you have selected.
Link Discovery Status If you click Next, a progress screen opens. Figure 17-4. Link Discovery—Status This displays the status as discovery progresses. Click the Link Topology button at the bottom of the screen to see a logical topology view of what has been discovered (see Chapter 21, Topology Views for specifics). SNMP-Based Discovery For many of the two link endpoints, the application interrogates the Bridge-MIB for values in following tables. .iso.org.dod.internet.mgmt.mib-2.dot1dBridge.dot1dBase.
If two devices have the same port level IP address when the link is being created, the application uses the first address found to create the link. If the first one found is the on the wrong MO, port level link creation will default to using the top level MO of the device selected for link discovery rather than the incorrect MO. In this case the endpoint appears as the top level MO rather than the port.
- Name—Enter a unique name for the new link. - Link Type—For existing, discovered links, displays the type of link. For new links, lets you select the type from a pick list. - End Point 1—Click the search magnifying glass, or command button to display a list of Equipment. Select the appropriate device and click OK. See Chapter 13, Resources for more information about managing Equipment. - End Point 2—Click the search magnifying glass, or command button to display a list of Equipment.
Links
18 Locations Locations Overview You can specify equipment locations within the Locations screen. Note that locations can have “Parent” Locations, they can be subsets of another location. For example, if network objects are on the third floor of a facility, you can designate both the building and the specific floor as locations; the building would be the parent of the floor. To access the Locations screen, select Inventory -> Locations from the File -> Open -> NetManagermenu or the Navigation Window.
The following are the Action menu and right-click menu controls on the Locations screen (not all appear, necessarily): - New—Opens the Location Editor, through which you can define a new location. See Location Editor on page 651 for more information. If you have selected an existing location when you click this, the application prompts you to elect whether the new location is a sub-location from the selected one. - Open—Opens a Location Editor for the selected location.
Location Editor When you click New or Edit in the Locations screen the Location Editor appears. Enter or modify information about the Location; you can specify name, parent location, address, and details, among other things. Figure 18-2. Location Editor - General If you click New with an existing location selected, the application prompts you to see whether this is a sub-location of the selected item.
- Parent Location—The “parent” of this location (the location to which this location is subordinate). Click the Command button (...) to open a Browser through which you can select a Parent Location. Click the Eraser icon to clear the Parent Location field. CAUTION: 15 is the maximum number of levels supported. - Location Type—Type of location, as selected from the drop-down menu. Available types are: Customer, Provider, State, Area Hub, Regional Hub, National Hub, and Other.
19 Vendors Vendors Overview You can create and modify contact information for vendors who supply equipment through the Vendors screen. To access the Vendors screen, select this from the File -> Open -> Inventory menu or the Navigation Window. Figure 19-1. Vendors screen The Vendors screen provides predefined filters to let you restrict the display, and also incorporates a search feature.
Click column titles to sort on that column (repeated clicking toggles ascending/descending sort). Right click a listed item to view the context menu providing controls for the Vendors screen. It has the following menu items: - New—Creates a new vendor. See Creating Vendors on page 654 for more information. - Open—Edit an existing Vendor. See Creating Vendors on page 654 for more information. - Delete—Deletes the selected vendor.
Figure 19-2. Vendors screen—Information Panel - The following are the fields on this panel: - Vendor Name—The name of the vendor. This entry must be unique. - Enterprise #—The unique number assigned this vendor. Best practice is not to change this. - Vendor Icon—The icon associated with the vendor, selected from the drop-down list. Contacts Panel This panel displays contacts associated with a vendor. See Chapter 20, Contacts for more information on contacts. Figure 19-3.
Custom Fields This panel is empty unless you have configured Custom Fields previously. See Inventory Config on page 174 for instructions about how to configure custom fields.
20 Contacts Contacts Overview The Contacts screen lets you organize and manage your contacts. To access the Contacts screen, select it from the File -> Open -> Inventory menu, click its icon in the Navigation pane. Click Go when the Contacts screen dialog initially opens to display all defined contacts. You can filter the display by configuring a search term, operator and match term, then clicking Go. For more information about Filters, see Filter Wildcards on page 738.
When you select a contact, the Details panels at the bottom of this screen display specifics about the contact. See Creating or Modifying a Contact on page 659 for details of what can appear here. You can edit information in individual panels by clicking Edit. Click Apply after editing to save this information to the database. To work with listed contacts or create new ones in this inventory, right click a listed item. The following context menu items appear: - New—Creates a new contact.
Creating or Modifying a Contact When you create or modify a contact the Contact Editor appears Figure 20-2. Contact Editor Close or save this screen with the icons on the toolbar, or items in the File menu. this screen has the following nodes: • • • • General Reference Tree Change Tracking Custom Fields The following sections describe these screens in more detail. General The following are the fields in this screen: - Contact ID—A unique identifier for this contact.
Reference Tree This panel displays icons reflecting relationships with a selected contact, as described in Reference Tree on page 221. Change Tracking This field is blank unless you have set it up in Change Tracking on page 180 (selecting a Vendor in Inventory Config on page 174. If you have done so, a log of changes to the selected inventory type and attributes appear in this screen. Custom Fields This panel is empty unless you have configured Custom Fields previously.
21 Topology Views Overview Topologies can model equipment locations, both logically and geographically, and can display their hierarchical relationships. The Chassis Viewer provides a representation of the device and any internal components. The Topology viewers let you view and monitor network devices, and respond to network alarms.
- Open—Open an existing topology view to edit. - Delete—Delete an existing, selected topology view. - Copy—Copy an existing topology view as the basis for a new view. - Print—Print a list of views. To alter the list, use the filter at the top of this screen. The printout appears as an Acrobat file, from which you can send the list to a printer, or save it as a file. You must have the free Acrobat reader installed for this to work correctly. - Help—Create a new topology view.
The view that appears on the left is often a detail of a larger layout. To move your point of view through the larger layout, click and drag the Overview rectangle in the top of the right panel. NOTE: In addition to panning the view, you can click and drag the mini-icons in the Overview rectangle. The larger icons in the topology view move to reflect their movements in Overview. The Legend in the lower right corner displays the line conventions for various links between the icons. Figure 21-3.
The topology view panel includes the following Action menu items: - Add Content—This opens a pair of component chooser screens. First, you must select the type of component you want to add. For example: Contact, Customer, Equipment Subcomponents (which lets you add both), Link, Location, Printer, Service, and Vendor. Notice that if you add a Contact connected with a subcomponent, a dotted line connects them when they appear together in the view. You can also map supported Adaptive Services.
Context Menus If you right-click an icon, or the background, context menus appear. Refer to Action Button / RightClick Menu on page 213 for information about more available menu items. Their exact content depends on the selection, but can include the following items: - Set Layout Root—If your Properties have a selected layout that requires a root (like Hierarchical), then this item makes the selected object the root of that layout. - Remove—Deletes the selected icon from the view.
- Resync—Query the selected device to update its attributes. - Group Op— Initiate a group operation on the selected equipment. This opens the Group Operations screen. - Discover—Open the Resource Discovery Wizard. In addition to the zoom menu items mentioned previously, the following items appear if you click a non-icon area on the view: - Refresh—Update the display. - Reorder—Update the display, calculating the new order based on any changes you have made to the configuration in Properties.
- View Name—A text field where you can enter, or alter an identifier for this view. If you change the name, you can select File -> Save, and the view name is altered in the Topology Views screen. You can also File -> Save As... a copy of the view once you have changed the name (but only after you change the name). - Created By—A read-only reminder of the username who created the view. - Created Date—The view’s creation date (read-only). - Background—Use this pick list to select a background for the view.
Figure 21-5. Topology Highlight Filtering - Layout—The pick list to the right of this label lets you select from several layout possibilities. You can further configure these layouts by selecting one, then clicking the Settings button. When you select Settings, you can Apply your settings, or Reorder (recalculated the layout using available data) the display with the buttons at the bottom of this screen. Close abandons your edits. See on page 669 for details of the available Settings.
Figure 21-7. Link Bundle Angle Amplitude NOTE: Each link keeps its own graphic attributes (color, line style, and so on). After configuring link bundles, you can click buttons to Apply your settings, or Reorder (recalculated the layout using available data) the display. Close abandons your edits. Layout After configuring layout settings, you can Apply your settings, or Reorder (recalculated the layout using available data) the display. Close abandons your edits.
Figure 21-8. Topology View–Spring Layout The Spring Settings for spring layout include the following: - Propagate–When selected, changes to any individual entity cause the positions of connected entities to be recalculated. - Specify layout size–In pixels. You must check this before specifying the number. - Horizontal / vertical alignment–Enter the number of pixels between objects (applied if Automatic horizontal spacing is unchecked).
Tree Tree layout displays objects as a hierarchy, beginning with the root node. The tree can be oriented vertically or horizontally. Figure 21-9. Topology View–Tree Layout Tree layout and the balloon tree layout require a root node. To select a root, tight click on a node, and select the first option: Set Layout Root. A tree represent a hierarchy of objects. It takes into account all links between the managed objects which define the tree structure.
- Layout method–Check whether you want the layout to include the following methods: Compact (put objects as close together as possible), Fixed Spacing (a specified distance from each other) and/or Use objects’ sizes (considers the size of the object, not just a point, to determine its placement with respect to the other objects). When you elect Fixed Spacing you can specify Horizontal / Vertical fixed spacing—the distance between objects—in pixels. Align Select this option to align objects along an axis.
- Normal axis action–Select whether you want the axis to Center, Top/Left, Bottom Right or None with the radio buttons. Hierarchical This layout represents a hierarchy of objects, taking all links into account. Figure 21-11. Topology View–Hierarchical Layout The links’ orientation determines the hierarchical relationship between components. This layout tries to find a root component (a component without any incoming link).
Table Select this for a table layout, arranging objects on a grid. Figure 21-12. Topology View–Table Layout It offers the following Table Settings: - Propagation–Check to propagate. When selected, changes to any individual entity automates recalculation of the positions of connected entities. - Layout Order–Select whether you want objects laid out in List Order, Closest position or Closest position, selected first (the selected object would be closest).
Figure 21-13. Topology View–Balloon Tree Layout You can specify several angle extents (extent for children of the root, extent for leaves (children without children) and general extent for all other nodes), as well as sharing these extents between children (regularly or according to the weight of every children's line of descent) Here are the available Balloon Tree Settings in this layout: - Propagation–Check to propagate.
Figure 21-14. Topology View–Tier Layout It has the following Tier Settings: - Propagation–Check to propagate. When selected, changes to any individual entity automates recalculation of the positions of connected entities. - Use object’s sizes–When checked, this arranged tiers based on the entire size of the selected objects, not just the points where they appear.
- Priority 1/2/3– To minimize the number of crossings, the view calculates how to display nodes according to their priority. Set priorities with the pick list (None, Intra—Links between adjacent nodes, Adjacent—Links between nodes of adjacent tiers, or Skip—Links between nodes in non adajacent tiers). Priority 1 is highest. - Weights–Set the number weighting the selected priorities (the previous item). Circular This lays out the relevant objects in a circle.
- Star display–When checked, this arranges the circled items so their connections can form a star pattern. - Progressive–When checked, this arranged the circle progressively. Eventually, the progressive option specifies that the algorithm can be run progressively to find a better solution. - Circles–The number of circles to make. The Circle Spacing determines the pixels between multiple circles.
- Arrow line thickness–The pixel thickness of connecting lines. - Draw arrows–When checked, objects moved away from their real position have an arrow drawn from their current center to their real position. Arrows are also updated correctly. - Non zoomable arrows–When true, any arrows drawn look the same regardless of the zoom factor. Label Optimizer This optimizes the placement of link annotations. It tries to find the best location of the annotation on the link.
Bus Bus Layout is designed for bus topologies as they occur in networking and telecommunications. The layout represents the bus as a polyline and considers the size of nodes so that no overlapping occurs. Several ordering, alignment and flow direction options are available. Figure 21-18. Topology View–Bus Layout The bus connecting the icons is the red line in the display. You can move that red line by clicking and dragging it. This layout has the following Bus Settings: - Propagation–Check to propagate.
Hierarchy This layout option configures how to display child objects in relation to their parents. It follows a three-step process to do this: 1 Layering - This display partitions nodes into levels, then builds a hierarchy by reversing and splitting edges until each edge is directed downwards and connects two nodes on neighbored layers. 2 Cross-minimization step - The view reorders nodes on each layer to reduce the number of edge-crossings.
Layout - Direction–Select whether you want the hierarchy Top to bottom, Bottom to top, Left to right or Right to left with the pick list. - Fit to Bounds–The items on this pick list configure how the hierarchy fits within the bounds of the screen displayed: Never, Always, or As Needed. Check Keep Ratio or Resize Nodes to activate these.
Service Topology You can display supported (Adaptive) services in topology views. Essentially the items visible in the Reference tree detail panel can appear in a topology view. You can either add these to Topology Views with the action -> Add Content menu from the topology manager, or select the service within the Services manager and use action -> Map to create a topology view that contains the selected service. Figure 21-20.
Printing Topology Views If you print a topology, a configuration dialog appears with four tabs. Figure 21-21. Print Dialog–Paper Tab Paper The Paper tab has the following fields: - Paper Format—Select from the pick list (A3, A4, A5, US Executive, US Letter, US Legal, and Custom). The current default is A4 (and measurements default to cm). - Paper width / height—A pair of read-only fields, unless you select Custom in the pick list above them.
View selection This screen previews the print job on the right, and lets you select what portion of the screen you want to print. Figure 21-22. Topology Print–View Selection You can configure the printed screen with the following fields: - start x / y —Number of pixels to move the printed area (horizontal / vertical). Minus numbers move to the left/down, positive numbers move to the right/up. - start y—The vertical pixel to start printing (from zero at the bottom). - width / height—Measured in pixels.
Pages You can select the way your view appears on paper (preview on the right) three different ways. Figure 21-23. Topology Print–Pages Select the way with the radio buttons. - Position / Size—Enter the start x/y, width / height in the appropriate fields and the preview rearranges the appearance (resolution, pages) to match. - Resolution (pixel/unit)—Select a resolution, and the preview will display how Position/size and pages change. - Pages—Select the number of pages to cover with your print job.
Preview If you want to preview multiple pages, you can see them by clicking on the page icons to the left of the preview panel. Figure 21-24. Topology Print–Preview Click Default to return all tabs to their defaults, Print to execute the print job you have configured, or Close to abandon the print job and close this window.
Alarms in Topology If you have Event Management installed, Topology views display the color of the highest severity alarm on a device in the color of its icon. To distinguish between alarms on equipment and subcomponents of that equipment, OpenManage Network Manager displays child alarms (alarms on subcomponents) in a small triangle to the left of the device’s icon in topology. Figure 21-25.
Resync Alarms If you have the Event Services option installed, you can monitor alarms within your topological display. When you open a topology window, you can see the current alarm state of the displayed objects. The application also resynchronizes the displayed objects from time to time, but doing so can slow application performance.
Topology Views
22 Group Operations Group Operations Overview The application’s (optional) Group operations let you act on groups of devices—even heterogeneous groups. You must make the groups before you can operate on them. See Groups Manager on page 635 for details about how to do this. You can make groups of interfaces too, not just entire devices. NOTE: This feature is an option that can be standard in some versions. You must also have drivers installed that support group operations before you can use them.
Group and Type The first screen in this Wizard lets you select a group and type of operation. Figure 22-1. Select a Group and Operation Type The exact contents of this panel depend on the applications and device drivers you have installed. It has the following information: - Name—The unique identifier for the group operation you are creating. - Description—A text description of the group operation. - Group—The (previously created) equipment group on which this operation acts. Use the command button (...
- Notes—A text field where you can enter notes about the group operation you are creating. - Last Run—(Read only) The time this operation last ran. - Created—(Read only) The time you created this operation. - Modified—(Read only) The time you last modified this operation. - Preview—Click this button so the application can test the group operation against the equipment in the selected group. The subsequent screen tells whether the devices support the action. Figure 22-2.
DNS Servers You can set the DNS Server attributes in this screen. Figure 22-3. Group Operations DNS Servers It has the following fields, checkboxes and tables (defined when not self-evident): - Enable—A checkbox you must select before any fields are writable below it. - Domain Suffix—DNS domain suffix. Enter devices in this screen in fields above the lists of devices, then click the Add New Item icon to insert the text you type into these lists.
Gateway Selecting this in the previous screen means you must type the (default) Gateway IP Address for the selected group in the subsequent screen. Network Services Selecting this in the previous screen means you can click to disable desired network services in the subsequent screen. Available network services are: • • • HTTP Telnet SSH Checks in the checkbox(es) for these enable them on the group of devices selected in the previous screen. They are enabled by default.
System Information Selecting this in the previous screen means you can type several system fields in the subsequent screen. Figure 22-4. Group Operations: System Information This screen has the following: Location Settings - Set—This checkbox enables setting a location during group operations. - Location—Select from the available locations in the system with this pick list. - Set Option—If a device driver is available, and the device supports it, you can enable setting the location on the device.
- Set Option—If a device driver is available, and the device supports it, you can enable setting the contact on the device. - User-Defined—Lets you type a custom contact in the field. Description Settings - Set—This checkbox enables setting a description during group operations. - Description—Type a description to set. - Set Option—If a device driver is available, and the device supports it, you can enable setting the description on the device.
Batch Operations Global operations essentially do the same thing to the entire group. Batch operations do group-, device- or instance-specific actions. Screens that appear in batch operations depend on the devices in the group, and what they support. You can select the device from the pick list that appears in this subsequent screen. Figure 22-6.
Group Operations Manager Once you have created a group operation, you can view and alter portions of it in the Group Operations Manager. Figure 22-8. Group Operations Manager When you select an existing group operation, you can Open, Delete, or Execute it with the buttons on the right of this manager. If you Open it, the Group Operations Editor appears. When you select New, the Group Operations Wizard on page 691 appears.
Group Operations Editor This editor has several panels that let you manage existing groups. Figure 22-9. Group Operations: Editor, General. The panels are: • • • General Settings Audit History General The General panel re-iterates the screen you saw first in Group and Type on page 692. You can alter the description and notes, but the other fields are read-only. Settings This panel depends on the operation selected. In our example, we made a batch operation setting the IP address on the selected devices.
Audit History This panel displays the history of group operations in some detail. Figure 22-10. Group Operations: Audit History Notice that the top panel lists group operations runs, while the middle panel displays the details of the selected run, and the lowest panel shows the contents of a selected node in the middle panel. The bar between the lowest and middle panels displays the details concerning a specific message: its start and end time, and the user requesting the operation.
Scheduling Group Operations You can schedule group operations from the File -> Open -> System Services -> Schedules menu item. If you create a new entry and select Group Operations you open a Group Operation screen where you select which group operation to schedule. Use the Schedule Info tab to enter the specifics of how it is to be scheduled. Figure 22-11. Scheduling a New Group Operation After you have created a scheduled item you can edit it by clicking Open in the Schedules screen.
23 Reports Reports Overview In the reporting portion of this application, you can run reports that come configured for the application. Inventory Reports This screen manages the specific reports that use pre-configured templates that come with this application. Figure 23-1. Inventory Report Manager In the Action (or right-click) menu of Inventory Reports Manager, you can configure reports to run (click Open a selected report to configure it), and execute them (click Execute).
the available list. Click Copy to open the report editor (as in Configuring A Report) with CopyOf prepended to the selected report’s name. You must change this name—and any other parameters you like—before you can save the copy. If you select Print from the Action menu, an Acrobat report listing all available reports, their templates and description appears. If you select Help, the online help for this screen appears.
Report Template - Template—A read-only reminder of the template selected for this report. Equipment Groups Use the Add button to select equipment groups this report is to cover. User Groups Click Add to select user groups for this report. Filters Here, you can add specific conditions to specify what is reported. Figure 23-3. Reports Info -> Filters For example, you could request all equipment where the Name field contains the word “oware”.
Available detail codes depend on the data type filtered. The ANDed or ORed sum of the filter components’ codes appears at the top level node. The codes for these attributes are the following: Code Meaning Comment H or V Hidden / Visible ROO or WRO Read Only / Read-Write Operand ROA or WRA Read Only / Read-Write Attribute ROV or RWV Grays out the operand and attribute Read Only / Read-Write checkboxes since those Value are not functional if you make this readonly.
Historical When you run reports, they generate notes in this Historical tab. Figure 23-4. Reports Info -> Historical The table listing individual reports as rows displays the Run Date, Report Rows (rows in the report), and Creator (the login of the user who ran the report). You can also select a report and use the following buttons: - View—See the report in read-only mode. - Execute—Re-run the selected report. See Executing Reports on page 708. - Export—Export the report in an electronic format.
Figure 23-5. Reports Info -> Audit This screen catalogs the action of running the selected report. In this you can see what made a report succeed, or fail. Executing Reports When you configure a report, you can Execute it. If you have created a filter for a particular report, then you can alter the filtering that produces the report. Figure 23-6. Filter Screen The appearance of this screen depends on what is configured in Filters on page 705.
Figure 23-7. Report Execution Progress. If the filter you created for this report contains only Read-only values, then no interruption to alter the filter occurs. Report execution starts right away. Report execution produces a preview. of the report itself Figure 23-8. Report Execution You can schedule, and re-run, execution (see Scheduling Reports on page 710). Note the Save button at the bottom of the frame; it saves the report for later viewing.
Scheduling Reports You can use this application’s Schedules screen to automate report execution. Click New on the Schedules screen, and select Inventory Report. The Schedule Info tab is where you configure the standard scheduling information (see Schedule Info on page 750). Figure 23-9. Scheduling Inventory Reports– Report Parameters This screen has the following fields: - Description—Enter a unique identifier for this scheduled item. - Select Reports...
Figure 23-10. Database Aging Policy–Inventory Reports On this screen you can configure the following: Retention Options - Keep Historical Reports—Fill in a number, then select from the pick list whether this number is Instances, Days, Weeks, Months, or Years. Report Selection - All Reports—Select this to apply this policy to all reports. Click Add to select individual reports, rather than all available reports. You can select one or more reports, and they appear listed below Report Definition Name.
Reports
24 Audit Trails Introducing Audit Trails You can see the same messages described in Audit / Results on page 184 in the Audit Trails screen. Open this screen from File -> Open -> System Services -> Audit Trails, or from the node on the navigation window. Figure 24-1. Audit Trails Manager The manager has a standard filter at its top that lets you limit the trails listed. By default, they appear listed by creation date. See Filter Editor on page 736 for instructions about creating and customizing filters.
When you select a listed audit trail at the top of this screen, its messages appear in the Audit Trail Details screen at the bottom of this manager. Dates and times for individual, selected messages appear in the middle of this lower screen area, which is like Audit / Results on page 184. The messages (Type, Time and Message) appear in the lowest portion of the screen. Checking the checkboxes next to the various icons further filters what messages appear.
By Job Status This screen outlines the status message information for the selected component(s). Figure 24-3. Audit Trail Editor - By Job Status This is a standard audit screen. Messages appear at the top. The date and time of the selected message appear in the middle, and any details about that message appear in the lowest panel. Data This screen lets you view and edit the selected trail’s data. Figure 24-4.
Audit Control Settings This screen appears after you select action -> Configure in the audit trail manager. Figure 24-5. Audit Control Settings This screen lets you check to enabled audited items. The Owner column describes the application or module that contains the audited action. The Action column describes the action to be enabled / disabled in more detail. The Security Level column informs you about the security level of the audited action.
25DB Aging Database Aging Overview The database aging policy option automates your database management tasks for records that may otherwise overwhelm it. You can create, edit, delete and execute these policies in the DAP Manager, accessible in File -> Open -> System Services -> DB Aging, or from the Navigation Window. Figure 25-1. DB Aging screen This screen displays a list of existing policies, by Name, Type, Description, and whether they are Enabled (true/false).
You can also export (or import) an XML representation of the listed policies. Use File -> Export or File -> Import. NOTE: Saved, recurring reports are one example of data to archive with the policies described below. Database Aging Policy Editor Click the New button, and the next screen lets you select a type policy based on the records archived. Available selections include Alarms, Audit Trail Logs, Configuration File Records, Job Status Records, Log Records, Inventory Change Records, and Syslog.
- Secondary Archive Location—A disk location for archiving if the primary location fails. CAUTION: You must enter disk locations on the application server, otherwise archiving fails. If the Primary path fails when writing the archive then if a secondary path exists the application uses the secondary path. If writing to the secondary path is successful, then the DAP job cleans up the database issuing a warning.
- Days to Retain (Retention)— How long to retain the records of the selected status (in 24-hour periods). - Archive—Whether to archive the alarms. Click the Add button to add the sub-policy to the list. You can also select and Modify a sub-policy with that button. Select and Delete unwanted sub-policies. Audit Trail Logs In addition to the General Info screen, this one appears in policies for Audit Trail Logs. Figure 25-4.
Figure 25-5. Configuration File Records DAP Parameters Besides the General Info screen, this DAP editor lets you select the following for Configuration File Record aging: - Applied to—Select from All Devices, Group or Single Device from the pick list. - ... (ellipsis)—This command button lets you select devices or groups. - Retain—Select a number, and whether to retain Days or Versions per file. - Archive—Check here to activate archiving for this item.
Discovery Definition Data Records This screen manages retention of data retrieved and retained from service discovery. It only appears if you have the service discovery option installed. Figure 25-7. Discovery Definition Data Records Successful service discovery deletes most retrieved data as it creates service instances in the OpenManage Network Manager database.
Figure 25-9. Inventory Change and Tracking DAP Parameter These screens are similar. Inventory Records This screen manages retention of inventory records. It has an abbreviated version of the General Info screen. Figure 25-10. Inventory Records Add a period to retain reports to the list of Report Definition Name by selecting a reporting period with the pick list, then clicking Add. Click Remove to delete a selected report on the list.
Figure 25-11. Job DAP Parameters Select from the following parameters and click Add to create a policy. You can create multiple policies to handle records with different statuses. - Status—Select from the options available in the pick list: Failed, All, Unknown, Successful, and Cancelled. - Days to Retain—How long to retain the records of the selected status (in 24-hour periods). - Archive—Checking this enables archiving. Otherwise, records are discarded after the Days to Retain deadline.
Figure 25-12. Log DAP Parameters Select from the following parameters and click Add to create a policy. You can create multiple policies to handle records with different categories. - Category—Select from the options available in the pick list. NOTE: This list may change, depending on the installed applications. - Days to Retain— How long to retain the records of the selected status (in 24-hour periods). - Archive—Checking this enables archiving.
Order Summaries This screen manages the retention of the order summary portion of the Consumables Calculated Life summary reports. This is separate from the retention of reports in the History tab in Inventory Reports. Figure 25-14. Order Summaries This screen has the following fields: - Name—A unique identifier for this policy - Description—A text description - Record Threshold—The number of records to archive. Numbers greater than this are discarded.
26 Commands Commands Manager Correlated notifications can trigger external scripts. These script commands can even have parameters that come from values in the Notification’s attributes, or other assigned constants. To see available script commands, you must open the script Commands screen. Figure 26-1. Commands screen Access this Commands screen from the Navigation pane. The manager lists available script commands.
- Print—Print the listed commands to an Acrobat® file. (You must have Acrobat reader installed for this to work properly.) Change the filter and click Go to change this printed report’s appearance. - Import / Export—Export an XML representation of the commands listed (not the commands themselves). - Help—Open the context-sensitive help for this screen.
Command Information - Command Name—A unique text identifier. - Description—A text description. - Execute Manually—Enable manual execution. When you enable manual execution, and select such commands in the Commands manager, it enables the Execute menu item. Command Details - Select Command—The script to run with this command. You can enter the file name and path manually, or select it with the command button (...), which opens a file chooser.
Commands
27 Data Policies Data Policies Manager This screen lets you manage data policies. These policies let you scan equipment for compliance with them, and emit notifications (see Chapter 34, Events, Rules and Actions) that describe them when you save or poll equipment. Figure 27-1. Data Policies The policies appear listed at the top of this screen. You can filter the items displayed when you check the Use Filter checkbox. The details panel at the bottom of this screen display details of the selected policy.
- Help—Open the context-sensitive help for this screen. Data Policy Editor - General This screen creates or alters data policies. Figure 27-2. Data Policy Editor This screen has the following fields: - Name—A text identifier for the policy. - Description—A text description for the policy. - Entity Type—Select from the entities available in the pick list. These can include Correlation, Interface, Link, Printer, Printer - Input Trays, Printer - Output Trays, Printer - Toner, Process, and Vendor.
Policy Editor - Attribute Name—Select from the pick list. Options vary, depending on the Entity Type selected at the top panel of this screen. - Threshold Type—Select from High Threshold, or Low Threshold, and enter the High / Low Value and High / Low Reset Value. Reset values reset the data notification for the selected parameter. If equipment exceeds the Low Threshold at 10, and something makes that parameter 40 when the Low Reset value is only 30, then the application clears the Low Threshold event.
Data Policies
28 Filters Filters Manager Managers typically use filters to reduce the number of records shown.You can configure the filters that appear by default in the application’s managers with the Filters screen, and through the key icon at the top of many managers. Access Filters screen through the navigation window or through Settings -> Configuration -> Filter Config. Figure 28-1. Filters screen The filter at the top of this manager manages which filters appear in this screen.
To create a new filter or modify an existing one in Filter Manager, you can click Action -> New or Action -> Open (to edit a selected existing filter), or you can click on the Filter command button (a funnel icon that appears in various locations, depending the screen). You can create or edit filters with the following editors. • • Filter Editor—For newer screens. Basic Filter Editor—For basic screens. See also Filter Wildcards on page 738 for supported features within filters.
Before you begin creating a new filter, you must click [Select an Inventory Type], and use the pick list to configure the manager screens where this filter can appear. After you have selected the Inventory Type, you can add criteria for the filter that are specific to that type. To add criteria, first click Add Group in the upper panel. The Filter Attributes radio buttons (Match Any of the Following or Match All of the Following) determine the next part of the filter’s operation.
Code Meaning Comment EH or IH Valid only when you select a range of values. This determines Exclude / Include High whether you include or exclude the endpoint of the range CS or NC Case Sensitive / Not Case Sensitive ML or NM Multi-line Support / No Filter on multiple-line Multi-Line Support values (or not). Does not appear for numeric values.
Filter Wildcard Examples In Basic Filters, if you want to match white, which and whole, then enter the filter string wh*. In new filters, use contains and wh. If you want to match fee, fie, and foe, then enter the filter string f?e. You can also combine filter wildcards. The string P?n* would match Pine, or Pinetop, for example.
The following items are potential fields for the filter to match: - Contact—Click on the command button to select a contact. - Firmware ver— The firmware version (text). - Hardware ver— The hardware version (text). - Location—Click on the command button to select a location. - Model— The equipment’s model designation (text). - Name—Enter a name or portion of a name. - Role—From the drop-down list, select an equipment role. - Software ver— The software version (text).
Figure 28-5. Filter Advanced Settings This sub-panel the has the following fields: - Filter Title—The title that appears with the filter. - Filter Name—A unique identifier for the filter. - Title Msg Cat:—The message categories that are defined in messages properties file rcmsgsusenglish. For Example: RC_GENERAL, RC_EQUIPMENT, RC_QUERYNAMES. - Title Msg Num—A read-only field displaying the message number. The message numbers that are defined in messages properties file rcmsgsusenglish.
Quick Searches Once you define a filter you can use a Quick Search defined there. For example, to create a Quick Search using Equipment Name, create a Filter called Search by Name and check the Name checkbox under the filter criteria. Do not enter a value in the text field. When you return to the Manager, you can see the Name field under the Filter drop-down list. Figure 28-6. Filter Name Field Enter criteria for the Quick Search and click on Go.
29 Heartbeat Policies Introducing Heartbeats Heartbeats are ICMP, SNMP, or HTTP pings to devices. These ensure the device is “alive and well” to respond to network events. (Ping operations pass to the operating system and use its default settings, including TTL.) Heartbeat Policies To manage equipment heartbeats more elaborate than ICMP ping, you must create items in the Heartbeat Policy Manager. Open this with the Navigation Window, or File -> Open -> System Services -> Heartbeat Policies Figure 29-1.
Heartbeat Policy Editor This editor lets you configure heartbeats. Figure 29-2. Heartbeat Policy Editor This screen has the following fields: Heartbeat Policy Editor - Name—A unique identifier for the heartbeat policy. - Description—A text description for the heartbeat policy. - Heartbeat interval—Select from 1 - 60 minutes with the pick list. - Enable—Check to enable this heartbeat policy. - Protocol—Select the protocol to use when checking device’s status with the radio buttons.
- Failed Device percent—(optional) The percentage of devices that must fail before the application issues a heartbeat failed notification. Heartbeat Equipment List Click Add to select equipment for this heartbeat policy. Select listed equipment and click Delete to remove them. NOTE: Equipment deleted from OpenManage Network Manager is also deleted from Heartbeat policies. Click Save to preserve this policy.
Heartbeat Policies
30 Schedules Introducing Scheduling You can schedule a variety of actions with this application. The following sections describe how to do this. NOTE: Use Group Ops to schedule operations on more than one device at the same time instead of scheduling multiple individual operations at the same time. Using Schedules Use the Schedules screen to set the start and stop time, as well as any recurrence pattern for processes that support this feature.
that occurs, the application works on the jobs sequentially, creating a queue of unfinished work that it continues to process. Processing this backlog during something like a network slowdown may cause resource issues within the application server itself. New Schedules When you click New, the application prompts you for the type of schedule to create (available types depend on your installation). Depending on the type you select, the next screen changes.
Figure 30-2. Resynchronization Scheduler Type the Name of the schedule, then click Add to select devices for this resynchronization. The Schedule Info tab is where you set the schedule times. See Schedule Info on page 750 for details. Firmware Download If you select this scheduling firmware download, and have a supplier who supports automated downloads of firmware, you can configure that download with this screen. Figure 30-3.
- Firmware Supplier—The vendors known to support this feature (currently: none support scheduled downloads). FTP Credentials - Host Address / Port—The address and port for FTP connection. The default port is 21. - Logon / Password—The FTP logon / password combination. - Firmware File Name / Path—The name of the firmware file and path. Monitor firmware updates for the following device types Select (or multi-select with Ctrl+Click) devices for which you want firmware updates.
Figure 30-4. Schedule Info Screen The following are the fields on the Schedule Info dialog: - Starting On—This section defines the date and time when the schedule becomes active. Select values for Month, Day, Year, Hour, and Minute from the appropriate drop-down lists. - Stopping On—This section defines when the schedule stops being active. Select one of the following options: By Date and Time—Select this option, then select the Month, Day, Year, Hour, and Minute from the appropriate drop-down lists.
server startup). If you select Every, specify an interval. The following are interval options: Minute/s, Weekend Day/s, Hour/s, Week/s, Day/s, Month/s, Weekday/s, Year/s CAUTION: The scheduler calculates the execution interval based on the last execution time. So, if you executed a 24-hour recurring schedule item manually at 2:32 pm, it continues to run at that time each day, even if it was originally scheduled to run at 3 pm daily.
31 Views Introducing Views To further tailor displays to your preferences, you can create and manage views. These specify columns that appear in managers, inventories and other displays. With the Views screen, you can arrange the screen appearance in managers, specifying visible columns and their order, for some inventory and manager screens. Figure 31-1.
As with most managers, the top of this screen lets you filter the list of views, limiting it to those most useful for you. See Filtering and Searching on page 158 for more about arranging these filters. Click Action -> New to create a new view, or Open to edit a selected view. Click Action -> Delete to remove a selected, listed view, or Action -> Help to open online help for this screen. As always, the Action button menu is a duplicate of the right-click menu.
Click Save to preserve the view in the database. When you open the manager for the inventory type selected for the first time, the default view appears. After the first time you open a manager, the last view selected persists. This is connected to the login user. All Admin users, for example, would see each others’ changes. NOTE: Creating several admin users would preserving selected views. In some managers, altering the default view means all users will see that alteration.
Views
32 Active Performance Monitor This chapter describes Active Performance Monitor. This application’s capabilities include configuring Monitors that receive device performance information, Dashboard View Managers that display that information, and Retention Policies that describe how to archive that information. The following sections describe those capabilities in detail.
See Monitors on page 770 for a more the beginning of a more general description of how to create and configure monitors. NOTE: OpenManage Network Manager Active Performance Monitoring supports monitoring SNMP devices and subcomponents that support the IETF Entity MIB Definition (RFC 2037, 2737 and/or 4133) without requiring a specific OpenManage Network Manager Device Driver for that device type. Retention The basis of all reporting and dashboard presentations is retained data from established monitors.
- Thresholds—A collected value or a derived metric supports defined value ranges. Charts reflect these defined ranges when plotting data. The application may generate threshold alarms when the current value(s) falls in a different range than previous value(s). You can configure an average over n values or n consecutive values for range assessment. You can retain range results to support trending. For example, how often an interface has been overused.
3 In the General screen, enter a name (here “TestMonitor”), check Enabled, enter a polling interval (here 1 minute, the default). For this example, check Retain polled data and accept the remaining defaults for checkboxes and the retention policy. You can accept the default SNMP Attributes, or alter them to include fewer or more attributes (click Add or Remove next to the attributes). For the sake of this example, we accept the default list of attributes to monitor.
5 In the Thresholds screen, examine existing thresholds by clicking on the listed threshold in the upper panel, then clicking Edit. For example BW Util (utilized bandwidth) has thresholds at 90% (High, Critical), 80% (Medium, Warning), and 0% (Low, Cleared). When the data crosses thresholds, the monitor reacts. Available attributes depend on the type of monitor you are creating.
on the monitored attributes. Consult online help for more information about the other screens and their capabilities. 6 Click Save and the monitor is now active. Notice that the Availability icon appears at the top of this screen in the monitor’s row to indicate a responding monitor. When you select the monitor, that same icon appears for each interface you selected in the detail panels in the lower part of the screen.
Create a Dashboard View 1 To see the data monitored, you must create a Dashboard View for your new monitor. Click Active Monitoring -> Dashboard Views to open the view manager. NOTE: You can also select a device or alarm in Resources, Topology, or Alarm managers and click action -> Show Performance and see the Automatic Performance View.
Install a Monitor in the View 1 Click action -> Add Component then click Action -> properties inside the view’s cell. The Dashboard View Component Properties screen appears. 2 Enter a name for this component (TestDashboardComponent, here), and select a monitor and display type (here, we select the monitor configured in Create an SNMP Monitor, and a line chart. Notice also that for this example we leave Threshold Display as none (displaying thresholds as a part of the graph is also possible).
5 Finally, click OK to display the monitored data within the dashboard view you have configured. NOTE: You may have to wait until monitoring intervals are relevant. If you monitor every minute, you will have to wait at least that long to get data.
6 Notice that our simple example does not exploit all possibilities for these views. For example, you can have several components within a single view. In the example below, the same monitor appears in all four panels, displaying the monitoring for different attributes in different graph types Click action -> Save View to save any view you have configured.
Figure 32-1. Monitor Reports.
You can modify these reports, but by default, they include the monitored attributes and/or devices. The reports appear for the day, week, and last 30 days, at least. These intervals too are modifiable. Consult the online help for more information about customizing reports.
CAUTION: If you receive the following message: Device fault: Return packet too big. in the Monitor Status Summary, then you have selected too many SNMP attributes to poll in a single request. Please modify your monitor to request smaller numbers of attributes Standard Monitoring Functionality You can now create dashboards, reports and all the other standard monitoring functions. See Monitors on page 770, Dashboard View Manager on page 781.
Monitors This screen manages monitor configurations for Active Performance Monitor. Figure 32-2. Monitors Configured monitors appear at the top of the screen. The topmost line includes a filter to limit this list. Click Go to refresh the list or enforce the filter. Monitors appear with an icon (green, red or yellow) indicating the monitor is Available, Not Available, or has received only Partial Results.
- Refresh Monitor—Manually refreshes the device membership of the target groups configured for the selected monitor(s). See Scheduling Refresh Monitor Targets on page 799 for a description of how to automate this manual task. - Restore Defaults—This opens a list of seeded monitors. Select the monitor(s) you want to revert to their original, seeded state, and click OK. Each monitor listed appears listed with a Loaded or Not Loaded status and, if applicable, the time and date that the monitor was loaded.
Figure 32-3. Monitor Editor—General (Key Metric) This editor has the following tabs: • • • • • • • • General Thresholds Calculated Metrics Inventory Mappings Reference Tree Custom Attributes—These depend on what users configure. See Custom Fields on page 178 for instructions about configuring these. Change Tracking— This is the standard change tracking panel. See Change Tracking on page 180 for instructions about configuring these. Audit—The Audit trail for transactions connected to the selected monitor.
- Description—An optional text description. - Enabled—Check this to enable the monitor. - Polling Interval—The frequency of monitor execution in Hours, Minutes, or Seconds. Ten seconds is the smallest supported interval. - Retention Policy—Enter some text and select a retention policy from the search icon (magnifying glass) pick list, or create one with the command button (...). See Retention Policies on page 787 for more about creating and maintaining such policies.
Check Collect raw sysUpTime at the bottom of this screen to monitor that attribute. Several monitors come seeded with the application. These include Core and Optional add-on monitors. See Core and Default Monitors on page 789 for a more about additional available monitors and how to configure them. Thresholds This tab configures thresholds for the selected monitor. Here you can define value ranges reflecting these thresholds for each monitored attribute, and give each range a name, color and severity.
As data accumulates, and is rolled up, these booleans begin to appear as percentages—reflecting the percentage of monitor executions producing results in the specified range. Note that this is not a count or percent related to number of times the range changed. If, for example, you had bad vs. good ranges, and based range determination on more than one data sample, the following would occur. If the range is originally bad then it stays bad until we receive enough data to change to good.
- Check based on ___ value(s) — This configures the number of consecutive values that are combined for a range check. Typically the larger the number here, the less “flutter” in reporting threshold crossings. - Calculation Type — Select whether the range calculation done is based on Average or Consecutive values. - Emit Notification— Check this to create an event when the threshold is crossed.
Click Save to preserve this monitor. Once you save it, it should appear in the screen Monitors on page 770. Calculated Metrics This screen configures monitor metrics. Each metric defines an additional data value provided by the monitor Figure 32-5. Monitor Editor—Metrics If necessary, you can define expressions to calculate additional attribute data for dashboard views or reports so it appears in a more useful form.
Select an attribute there, and the associated Configured Calculations appear listed in that portion of the screen. Click Add to create a new metric, or Edit to modify an existing one you have selected. Click Delete to remove a selected metric. The metric editor includes the following fields: - Name—An identifier for this metric. - Type—Select a result type from the pick list. Available options include Count and Gauge. Gauge values are averaged on rollup, and Count values are totalled.
Function Symbol Inverse Hyperbolic Tangent atanh() Natural Logarithm ln() Logarithm base 10 log() Absolute Value / Magnitude abs() Random number [0; 1] rand() Square Root sqrt() Sum sum() The Entity Status Summary detail panel in the Monitor Manager displays calculation errors, if they occur. NOTE: Expressions are not validated in this screen. Such validation occurs when the expression is evaluated for collected data. Click Apply to accept your edits, or Cancel to abandon them.
Click Add to create a new mapping. Metrics are common in the Resources manager, monitors and reports. These include CPU util %, Memory util %, RTT (ms) (Round Trip Time in milliseconds), Disk full %, and BW util % (Bandwidth utilization percent). NOTE: You can configure these monitors to appear in Resource manager columns. Select the Metric you want to appear and the Attribute you want mapped to it with the pick lists. The available Attributes depends on which attributes are monitored.
Dashboard View Manager This screen lets you manage dashboard views. Figure 32-8. Dashboard View Manager Click the following Action menu items to create and modify views: - New—This menu item creates a new dashboard view. See Creating or Updating a Dashboard on page 782. - Open—Edit an existing, selected dashboard view. See Dashboard Viewer on page 783. - Delete—Remove a listed view. - Copy—Create a copy of an existing view to re-name and re-configure. - Print—Print the list of views.
Creating or Updating a Dashboard After you click New, a blank dashboard view appears. Figure 32-9. View Editor In this screen, configure the Row and Columns for monitor display. Enter numbers or use the spinners to select a number of rows and columns for the view you want to create. Click action -> Add Component to add elements to the rows and columns of display. The action -> Save View menu item lets you preserve your configuration.
Dashboard Viewer Dashboard Viewers display the results of monitoring in graphical form. Figure 32-11. Dashboard The three icons at the top right of this screen, from left to right, let you Fit / Unfit the dashboard (view it in its natural size, not confined to the current screen), Unlock / Lock Components (which Hides / Shows Title Bars) on components, and Refresh the view.
- Add Component—This adds a panel to the lower right corner of the existing dashboards. Use this panel’s action -> Properties menu item to configure it. - Properties—This opens a panel where you can Name (or re-name) the dashboard you are configuring, and select its layout Rows and Columns. Click OK to accept what you have configured. - Save View—This saves the dashboard as you have configured it. - Save As...—This saves the dashboard as you have configured it, but lets you re-name it.
Configure The configure screen determines the component’s monitor and appearance. Figure 32-12. Dashboard Component Action -> Configure It lets you select the following for the selected component: - Component Title—Enter an identifier for the component that appears as its onscreen title. - Show Title / Y-Axis Label—Check these boxes to display the title and/or Y-axis labels in the graph.
- Threshold Display—Select the threshold from the pick list. Available options include None, Interval and Value. - Attribute—Select the attribute to monitor from the pick list if you selected a Dial Chart or Top Talkers. These include Available, Severity, and any calculations you configure as described in Calculated Metrics on page 777. Since Line Chart and Bar Chart permit multiple attribute monitoring, use the arrows to move attributes from the Available to Assigned panels to select those attributes.
Data Source This panel configures the data source for monitoring. It has the following fields: - Data Source—Select the source from the pick list. Options include Current, Hourly, Daily, Monthly and Yearly. - Time Period—Use the fields and pick lists following this label to elect the time periods. If you select a Current data source, you can only elect Within last enumerated Minutes, hours, days, and so on. Other than Current data sources also permit Between time selections.
- Delete—Remove a selected policy. - Help—Click this to open online help for this screen. Creating or Updating a Retention Policy This editor appears when you create a new policy or edit an existing one. Figure 32-15. Retention Policy Editor This screen contains the following fields: Retention Policy Details - Name—A text identifier for the policy. - Description—An optional description of the policy. The following fields describe the retention period and rollups that occur with data.
Figure 32-16. Active Performance Monitor Data Core and Default Monitors The following are the types of monitor you can configure. Some Default Monitors come with this application (see Default Monitors on page 796). The exact list of seeded, default monitors depends on the package you install. You can configure Core monitors with the monitor editor too, as described in Creating or Updating a Monitor on page 771. When you click New, you must first select one of the following types to configure a monitor.
Figure 32-17. Command Monitor - Command Settings / Editor ICMP This monitor performs an ICMP ping for each target in addition to the common fields described above. Figure 32-18. ICMP Attributes In this screen, you can configure the following: - Packet Size (Bytes)—The send buffer size. Range: 64 to 64000. Default: 64 - Packet Count—The number of echo requests to send in the ICMP ping sent the monitored device. Range 1 to 9. Default: 3. - ‘Timeout (secs)—The interval to wait for a reply.
Configure a Key Metric monitor if you want to have long-term monitoring, and Dashboard View Manager capabilities. For shorter-terms, you can also configure Key Metric monitoring in the following ways: • • Key Metrics in Resources Editor Key Metrics for Multiple Devices You must keep these screens open for monitoring to occur. The following sections describe these capabilities.
performance in real time. Graphing begins when you click this button. Leave the graph open to watch its progress (you can perform other tasks on other application screens while this one is open too). If you click multiple attributes, the graph may appear with multiple indexes (on the left). Composite attributes graph multiple lines, one for each of their components. Click Settings to return to the settings screen.
Click the device in the upper portion of the screen to display its key metrics in the bottom portion of the screen. Click the Selected checkbox to begin monitoring the Key Metrics for the selected device. You can alter the monitoring interval globally in the upper Default Collection Interval. Click Edit in the lower portion of the screen to alter the interval for individual metrics with the Collection Interval fields at the bottom of the Key Metrics panel.
MIB Browser When you click Browse, MIB browser appears when you do so. Select the MIB (top left), and the MIB variable (bottom left), and confirm the variable is the correct performance indicator (right panel) before adding this variable to a monitor with the Select button at the bottom of this browser. Not all values are necessarily available (or sensible) to monitor. Figure 32-22.
Add / Edit SNMP Attributes Click Delete to remove a selected, already listed SNMP attribute. Click Add or Browse to create new variables to monitor. When you click Add, an editor panel with SNMP attribute parameters appears. Figure 32-23. SNMP Add Editor This panel displays the following fields where you can edit SNMP parameters: - OID—The Object identifier for the attribute.
can enter a VRF name below the listed monitored entities, and click Add to have it appear with the equipment. Click Modify VRF to revise the name of a selected VRF. Click Remove to delete either a device or a VRF. Figure 32-25. DNS Lookup Default Monitors Other, seeded monitors are available to add to the core set of monitors. Most packages include the monitors described in the following section.
Figure 32-26. Default Interface Monitor The initial screen displays the SNMP attributes collected from the devices’ ifxTable. The default group of interfaces comes from the All Routers and Switches group. The Thresholds and Calculated Metrics screens display the specifics of how these collected attributes are monitored. This is an SNMP monitor. See SNMP Attributes (Interfaces or Scalars) on page 793 for a discussion of SNMP monitoring capabilities.
ICMP Monitor The default ICMP Monitor reports on ping response times for all devices. Figure 32-27. Default ICMP Monitor The default sends three 64 byte packets every second to the All Devices group. See ICMP on page 790 for more about this kind of monitor.
WMI Monitor This is the default key metrics monitor for WMI devices Figure 32-28. Default WMI Monitor By default, this monitor reports on the CPU, Memory Utilization, Logical Disk % Free Space, and Total Physical Memory for all Computer Systems. The Thresholds and Calculated Metrics screens display the specifics of how these collected attributes are monitored.
Active Performance Monitor
33 Alarms Alarms Overview The Alarm screen lets you manage alarms and notifications (alarms are typically a subset of notifications or events). It displays information about, and lets you acknowledge, received alarms or events. This screen also provide tools that help operators diagnose and correct alarms. Select File > Open -> Event Services -> Alarms from the menu or the Navigation Pane to display Alarms.
Figure 33-1. Alarms A specialized layout displays alarms internal to the OpenManage Network Manager system. See Self Management / EMS Alarms on page 810. The following sections discuss these Alarm-related topics: • • • • • Alarm Severity and Count Alarm Manager Alarm Table Columns Alarm Details Archiving Alarms See also Alarm Table Columns on page 807 for a description of the columns visible in this display of alarms.
• • Move Columns—Click the column header of the column you want to move and drag it to its new location. Resize Columns—Click the column header of the column you want to resize and drag to resize the column. The column margin is located between the column headers. Typically, best practice is to click the column margin to the right of the column you want to resize. Alarms displayed here refresh every 30 seconds, unless you modify or override the default interval as specified in redcell.properties.
The default severity definitions are: - Critical—A service-halting condition occurs, requiring immediate corrective action. The equipment is completely out of service and you must restore its capability. - Major—A service-affecting condition has developed and corrective action is required. There is a severe degradation in the equipment’s capability and you must restore its full capability.
See also Alarm Table Columns on page 807 for a description of the columns visible in this display of alarms. The Action or right-click menu displays the following items (some installations conceal some of these): - Open -> Entity—This opens an editor where you can configure the device from which this alarm came. See Editing Resources on page 217. - Open -> Alarm—Opens a screen describing all the details of the selected alarm. See Alarm Details on page 809.
in the provided spaces, then click Send. Clicking Cancel ends this operation without sending e-mail. Refer to the Administration Section for instructions about setting up e-mail from this software. - Clear Alarm—Select this option to clear the alarm. Clearing the alarm removes the alarm from the default alarm view and marks it as a candidate for DAP. Essentially it is an indication to the system that the alarm has been resolved/addressed.
The data that appears is based on the monitors that are monitoring that device and where Retain Data is checked. If you have several monitors and you are retaining data on those monitors, the screen reflects those data points. If you select two devices in Resources manager and click action -> Show performance, OpenManage Network Manager displays both of the devices’ common attributes in the form. (You cannot display interface data because the devices do not have interfaces in common.
- Ack By—Records the user who acknowledged the alarm. - Ack Time—The time the alarm was acknowledged. - Acknowledged—True or False. - Alarm State—The state (open / closed) of the alarm. - Assigned by—The user who assigned the alarm to the Assigned User. - Assigned User—The user who has been assigned this alarm (right click or click Action to do this). - Count—The number of similar alarms. - Date Assigned—The date and time that the alarm was assigned.
Alarm Details The Alarms screen provides a display of a selected Alarm’s details at the bottom of the default layout. Display the Alarm Detail window from the Alarm screen by selecting the Alarm for which you want detailed information. Figure 33-6. Alarm Details This includes the General, Notification Details, and Reference Tree panels: See Alarm Table Columns on page 807 for a description of the fields in the general panel.
The Advisory Text panel lets you enter any advisory text needed to accompany the selected alarm. NOTE: To export alarms to a file, create an alarm report, then save it in the appropriate format. Causes and Impacts for Links and Service Alarms In addition to the typical Reference Tree nodes that appear for all alarms, sub-components appear with Reference Tree nodes displaying Causes and Impacts for links, and for services when you have OpenManage Network Manager’s service applications installed.
Testing Receipt of Alarms If you want to test whether your system receives traps, you can test it with a trap generating application like Mimic or TrapGen. If you plan to test with artificially generated traps, first use the Discovery Wizard (see Discovery on page 187) to discover the device you want to initiate these traps (otherwise traps appear as “unknown”). TrapGen is free from www.ncomtech.com.
Alarms
34 Events, Rules and Actions Overview of Events, Rules and Actions The following screens let you configure this application to react, according to rules, to internal events, and implement configured actions. For example, you can configure the application to act when a backup occurs (and, say, send an e-mail). You can also configure reactions to certain failures.
• • If you configure correlation, then when a correlated incoming alarm’s key bindings match the initial alarm, that same count increment occurs. If they do not match, the system generates a new alarm If you configure correlation, and the Message Template or Severity do not match for otherwise matching alarms, then the EMS closes the existing alarm and opens a new alarm. Performance, Syslog and Traps By default, this application generates alarms and event notifications for every event definition.
Event Processing Rules This manager lets you configure rules for event processing. Figure 34-1. Event Processing Rules This screen lets you filter a list of processing rules based on Description, Enabled, Event Name, Owner, Rule Name, Rule Type, Valid. Some of these (and icon) are columns in the table of rules. CAUTION: Unless you create a filter and save it as described in Chapter 28, Filters, filters you make here are not preserved. As in a typical manager, the filter is at the top of the screen.
- Enable—Enables the selected rule(s). - Copy—This copies the selected rule and opens the editor. You must rename it to begin with something other than “CopyOf [Original Name]” (its default name) before you can save the rule. NOTE: If you want to change the behavior of a system rule, copy it, then disable it. Then configure the copy do the desired behavior. - Disable—Disables the selected rule(s). - Delete—Deletes the selected action. Select the action to remove and click Delete.
Figure 34-2. Automation Event Processing Rule Editor This editor has the following fields and selection options: Rule Properties - Name—A text identifier for the rule. - Enabled—Check to enable this rule’s action. - Alarm Only—Check to enable this rule’s action only when the system first generates an alarm without suppressing it. Subsequent alarms do not trigger the rule. - Description—A text description of the rule.
Options Check the Alarm Only checkbox to process an event with this rule only if an alarm is generated, not suppressed. See Correlation Event Processing Rule Editor on page 819 for options that appear when you select a correlation event. These can include Reject Event, Set Severity, Suppress Alarm, Device Access, Frequency and State Flutter. Click Add to select an action created in Actions Manager on page 835.
- Event Definition—You can optionally select an event with the command button (...), or delete it with the red “X” button. Selecting an event is not necessary, but if you do select one, the available filter criteria below are limited to those appropriate to the event selected. If you select no event, then only generic filter criteria appear in the next section of the screen. NOTE: If you want to filter on event varbind data, then select the event. The varbind attributes appear in the lowest panel.
• • • Device Access Frequency State Flutter If you are editing an existing rule, clicking Open selects the correct type automatically. On these panels, the Audit tab displays a history of the rule’s use. See Audit on page 228 for more information. A suppressed event does not trigger duplicate lines in the Alarm manager, but does appear in Event History. A rejected event does not appear even in Event History. The upper portion of the next screen is like Automation Event Processing Rule Editor’s.
Figure 34-5. Device Access Options The Options panel has the following fields: - Access Type—Select the type of access (User Login, User Logout, Login Failure, Config Change). - UserName Variable—Enter the UserName variable label. - UserName RegEx—Enter a regular expression to extract the user name from the event’s Username Variable. - Suppress Correlated—Check this if you want to suppress the alarm for an event triggering this rule.
- Threshold Count—The number of events that must occur during the period selected in the previous field before the rule is active. - Action—Select Reject or Suppress. - Publish Events—Check to publish clearing or suppressed events even if the rule was not successful. When you publish an event, subscribers are notified.
the trigger event. Otherwise it is suppressed/rejected as specified in the rule options. The correlation events are optional. These indicate the start and end of the active filter along with total counts processed, rejected and suppressed by the filter. Syslog Event Processing Rule Editor This type of event configures Syslog escalation. To enhance performance, these rules pre-screen syslog messages rather than turning them all into application notifications / events.
The top two panels are like those in the Automation Event Processing Rule Editor screen. Event Filter Criteria on page 818 describes how you can select the correlated event(s). NOTE: This application tries to match syslog messages that are essentially redundant except for their time stamp. If you escalate such messages to alarms, then this matching process will alter the time stamp to the time the message was received by the application, not when it was generated.
Event Definitions This application lets you define how the system treats messages (events) coming into the system. Administrators can define event behavior deciding whether it is suppressed, rejected or generates an Alarm. The Event Definitions screen manages these responses for your system. Figure 34-9. Event Definitions This screen displays a filtered list of actions. As in a typical manager, the filter is at the top of the screen.
- Set Severity—The severity of the event (alarm). You can alter the default with the pick list. Any change in severity occurs with the next occurrence of the alarm. No change occurs with what has already been received. - Load MIB—You can load a MIB, if you have one available as a file. - Unload MIB—You can unload the MIB for the selected event if you have another to load that better describes the event.
Event Definition Editor This screen lets you edit the selected event’s definition. Figure 34-10. Event Definition Editor - General This has the following panels: • • General Correlation Event or Alarm correlation means locating existing alarms relevant to a new alarm and making the appropriate updates. If an event is suppressed, then the application performs no alarm correlation. Alarms only correlate if they are for the same entity.
General This tab has the following fields - Event Name—A read-only reminder of which event this is. - Notification OID—The object identifier for the event. - MIB Name—The name of the MIB in which this event’s information appears. - Severity—If the new alarm is a clearing severity, then any existing alarm to which it correlates is closed. Otherwise, if the new alarm severity does not match the existing severity then the existing alarm is closed and a new alarm opened for the new severity.
Not service effecting—4 Re-import the altered event definition file to update your event definitions. MIB Text This is a read-only text field for a description of the event. Advisory Text Editable Text to be sent with this event. Message Template This is a template for messages that accompany this event. If a message template exists for an existing, correlated alarm and the generated text does not match the original alarm, then the EMS closes the existing alarm, and generates a new one.
Correlation This panel configures the events correlated with the definition you are configuring. Figure 34-11. Event Definition Editor - Correlation This screen lets you configure the following: - Correlated Events—The list of events correlated with this one. Click Add to select events from those available, or Remove to delete a selected event. - Key Bindings—This lists the varbinds correlated with this event.
- Suppression Duration—The Minutes, Hours or Days for suppression. The minimum is 5 minutes, and the default is 1 hour. NOTE: Suppression duration information also appears in Audit Trails in the job status for Alarm Suppression Scheduled Start actions. - Suppression Targets—Click Add to select the devices or device subcomponents on which you want to suppress. Click Remove to delete selected items from the list, or Remove All to clear the entire list.
Event History The Event History manager, accessible from the navigation pane or File -> Open -> Event Services menu, lets you see a comprehensive (or filtered) list of events within this application. Figure 34-12. Event History The top of this screen displays a list of events. By default, it displays all events, but you can use filters to limit the list that appears.
- Open -> Equipment—This opens an editor where you can configure the device (where the Entity may be a subcomponent) from which this alarm came. See Editing Resources on page 217. - Open -> Event Definition—This opens an editor where you can configure the device from which this alarm came. See Event Definitions on page 825. - Open -> Processing Rules—This opens rule manager filtered to display only the rules associated with the selected Event.
Reference Tree This panel displays any connections between this event and correlated rules and/or actions in tree form. Click the turner to the left of any node to display the tree. below that node. Double-click or right-click a node and select Open and you can edit that component as described in Chapter 13, Resources. Description This panel contains a description of the selected event. Editing Event History Entity This screen displays the information about a selected event when you click Open.
Actions Manager Open Actions Manager by clicking it in the navigation window. Figure 34-14. Actions Manager This screen displays a filtered list of actions. As in a typical manager, the filter is at the top of the screen, in this case in conjunction with Name, Action ID, Description and System Action (True/ False radio buttons) criteria. System actions are unalterable actions available throughout this software’s system. In this screen, you can configure actions that will respond to events.
Action Details The lowest portion of this layout contains a detail panel with a reference tree for the selected action that displays any related events and event processing rules. Action Editor When you click New or Open in Action Manager, you open the Action Editor. Here, you can configure the kind of action you want to respond to internal actions within this EMS. Figure 34-15. Action Actions are, in effect, global group operations for the devices in question.
Execute Command—Specify the command executable with the command button (...). It opens a selection screen. Forward Northbound as SNMP v2—Specify the destination address, port and SNMP community string, and check if you want the notification sent as proxy. See Trap Forwarding Process on page 846 for details. NOTE: To enable trap forwarding, first specify 162 as the port. You must also edit /opt/dorado/ owareapps/redcell/lib/redcell.properties.
Click Save once you have configured the action as you would like, or click Close (in the toolbar) to abandon your edits. The Audit tab displays a history of the action related to this link. See Audit on page 228 for more information. Email Options You can use substitution variables to create an Email with exactly the information you want. The Basic substitution variables (see Basic Variables on page 841) remain are preferred because they require no additional database access.
{RedCell.Config.EquipmentManager_Custom2} {RedCell.Config.EquipmentManager_LastBackup} {RedCell.Config.EquipmentManager_LastConfigChange} and {RedCell.Config.EquipmentManager_HealthStatus} NOTE: If the entity does not contain/return these values, then the message [No data for ] appears in the email instead. These examples are some of the attributes that are available for the chassis. This example Email Action instance sends email containing those variables. Figure 34-17.
• • • • Managed Equipment Variables Entity Type: Port Entity Type: Interface, Logical interface User-Created Attributes CAUTION: To successfully retrieve Custom attributes, you must first enable them in the Inventory Config manager screen. See Email Options on page 838 for other, more limited variables that are slightly more efficient in performance, if not as detailed as those described in the following section.
Basic Variables Attribute Description Email Action Variable Name The event / alarm name {Name} Message Description from the event {Message} Entity Name The entity (interface, card...) name {EntityName} Equipment Manager Name The name of the equipment, parent or chassis.
Attribute Description Email Action Variable Custom 7 {RedCell.Config.EquipmentManager_Cust om7} Custom 8 {RedCell.Config.EquipmentManager_Cust om8} Custom 9 {RedCell.Config.EquipmentManager_Cust om9} Custom 10 {RedCell.Config.EquipmentManager_Cust om10} Custom 11 {RedCell.Config.EquipmentManager_Cust om11} Custom 12 {RedCell.Config.EquipmentManager_Cust om12} Custom 13 {RedCell.Config.EquipmentManager_Cust om13} Description Description of the equipment {RedCell.Config.
Attribute Description Email Action Variable Serial Number Unique identifier for the equipment {RedCell.Config.EquipmentManager_Seria lNumber} Software Version Version of the equipment’s {RedCell.Config.EquipmentManager_Soft software wareVersion} System Object Id SNMP based system object {RedCell.Config.
Entity Type: Port 844 Attribute Description Custom 1 Note that although you can {RedCell.Config.Port_Custom1} re-name any Custom attribute, you must use the variable’s original name. For example here, that is {RedCell.Config.Equipment Manager_Custom1} Email Action Variable Custom 2 {RedCell.Config.Port_Custom2} Custom 3 {RedCell.Config.Port_Custom3} Custom 4 {RedCell.Config.Port_Custom4} Encapsulation Encapsulation Hardware Version Version of the port’s hardware {RedCell.Config.
Entity Type: Interface, Logical interface Attribute Description OpenManage Network Manager Email Action variable Custom 1 Note that although you can {RedCell.Config.Interface_Custom1} re-name any Custom attribute, you must use the variable’s original name. For example here, that is {RedCell.Config.Equipme ntManager_Custom1} Custom 2 {RedCell.Config.Interface_Custom2} Custom 3 {RedCell.Config.Interface_Custom3} Custom 4 {RedCell.Config.Interface_Custom4} Encapsulation Encapsulation {RedCell.
Figure 34-18. User-Created Attribute Once you have created the attribute and recorded its number, you can create an e-mail referring to it with the following: {[Label]:[number]} For example: {UserDefined:1282301548078} NOTE: You can select the created attribute, and copy the label and number with Ctrl+C. You must delete extraneous text when you paste it, but copying and pasting simplifies creating such notifications.
calculated thusly: if the value of generic-trap field is `enterpriseSpecific', then the value used is the concatenation of the enterprise field from the Trap-PDU with two additional subidentifiers, `0', and the value of the specific-trap field; otherwise, the value of the corresponding trap defined in [6] is used. (For example, if the value of the generic-trap field is `coldStart', then the coldStart trap [6] is used.) Then, one new binding is appended onto the variable-bindings field: snmpTrapEnterprise.
agent." -- 1.3.6.1.6.3.18.1.3 -- ::= { snmpCommunityMIBObjects 3 } snmpTrapCommunity OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "The value of the community string field of an SNMPv1 message containing a Trap PDU which is forwarded by a a proxy forwarder application using an SNMP version other than SNMPv1.
35 File Servers File Server Manager You can configure a pool of available FTP/TFTP Servers which provides an available FTP/TFTP Server to the component if requested. The FTP/TFTP Server transfers a configuration file, software image, or patch from the application to a device or from a device to the application. The application transfers files to this server (or a temporary directory for the internal TFTP server) and then from there to a Network Device and vice versa.
You can create a new entry in this table, or edit an existing, selected entry with the New and Open buttons, respectively. You can also display the Internal File Server Setup screen by clicking the Open button when you have selected the internal file server, which exists in disabled state by default. You can Delete or Test a selected entry with those buttons. Finally, you can select a server, and Enable or Disable it with those buttons. NOTE: When testing, status messages typically come in pairs.
This form has the following fields: - Name—A unique identifier for this configuration. - Description—A text description of this file server - Enabled—When you check this, NetConfig uses a non-weighted round robin of enabled FTP servers to select the server used. FTP Server With the radio buttons, select FTP, or Secure FTP, and check whether you want TFTP Support.
• If no external file servers exist that have a Net Mask, then the application automatically uses a round-robin retrieved server. • If the application finds no external file servers in the same network, then it falls back to round robin. - Port/ TFTP Port—The port to use for FTP or TFTP when communicating with this server. Authentication - Login—The login for this server. - Password / Confirm Password—The password for this server. - Click Save to keep your edits, or Cancel to abandon them.
In File Server Setup you can see the status of the selected server’s FTP and TFTP operation. You can also change the selected server from Internal to External File Servers (or vice-versa). The internal file server starts when you enable it. Files in transit reside in a temporary file server storage location: oware\temp\intsvr\. CAUTION: Use the internal file server only for limited production or pre-production testing, not for a production environment.
File Servers
36 Backing Up / Restoring Backup / Restore Elements Overview The backup / restore and deploy capabilities of this application let you conveniently manage both device configurations and firmware deployments. Before you can use these capabilities, however, you must configure an FTP or TFTP server to retrieve or deploy the files. Chapter 35, File Servers describes this setup.
redcell.netrestore.file.server.prefix.type=IP_ADDRESS This property lets you select either IP Address or Hostname (SysName). To change to using Hostname, change IP_ADDRESS to HOSTNAME on all application servers (and clients). You must restart the application servers after doing this. NOTE: Some messages may refer to NetConfig or NetRestore rather than File Management. These are the same. CAUTION: When using Hostname as the prefix, all hostnames in the system must be unique.
Figure 36-1.
- Current Config—Clicking this button retrieves a config file from the selected device and displays it in a panel in front of Resource Manager. Figure 36-2. Current Config This panel provides cut/paste/search capabilities with the menus accessible at its top. Select the network elements from the list, and then click on the menu item for the specific operation. Resource Editor The application also adds the File Management panels to the Resource Editor (when device driver support exists for it).
File Management Panel This panel displays a summary of File Management actions on the selected equipment Figure 36-3. Resource Editor: Action Summary This contains the following columns: - Icon—A green check indicates a successful action. A red stop sign indicates an error in the action. - Function Type—Backup, Restore - Date—The date the action occurred. - FileName—The file connected to the action. - Version—The version of the action. - Result—Success or Failure.
File Management -> Current Config This panel displays the current device configuration file. Figure 36-4. Resource Editor: Current Configuration If no backed up configuration exists, clicking the Refresh button at the bottom of this screen performs a backup and displays the configuration file result (named CurrentConfig). The file name and backup date / time for the displayed configuration appear at the top of the screen.
File Management -> Configurations This screen queries for configuration files. Figure 36-5. Resource Editor: Configurations The backed up files appear in a list at the top of this screen. The following buttons appear to the right of this upper screen: Current Device Configurations - View—Read the selected configuration file. - Edit—Edit the selected configuration file. - Import—Import a configuration file. See Restore Action Type on page 863 for more about import capabilities and configuration.
- Compare—Compare two selected configuration files. Ctrl+click to select files, then click the button. A screen with the two configuration files side-by-side appears, with the differences highlighted. - Add to Label—This button assigns the selected equipment’s backups to a label that you select from a subsequent dialog. Notice that selected labels appear listed in the lower portion of this screen, along with columns that describe the File Name, Version, and Date of the backed up configuration file.
Restore Action Type When you import a configuration file, you can select the file itself, and the type of restoration. When the equipment’s driver supports it, you can choose a Restore Action Type from a list box, after you select the Configuration File Type (for example: Partial, Complete) from the pick list. Figure 36-6. Import Configuration File The driver provides the restore action types. Some example action types: merge, override, replace, and patch.
The upper part of this screen displays nodes for each job done. When you select a job, the next lower screen lets you display a tree of nodes describing individual steps. If you select a node, the bar below this screen displays details like its start and end times, and the classification of message (for example: admin). The lowest panel displays even more details for any selected message. The messages displayed there depend on which checkboxes you select at the bottom of the screen.
redcell.netrestore.filetype=binary. Select one or two pieces of equipment in Resource Manager, and click the Compare button. You can also compare from the Configuration Node in Resource Editor. Figure 36-8. Click Compare after Selecting To compare two device’s files, select them in the subsequent screen, then click the Compare button.
Figure 36-9. Compare Configurations for Two Devices The Go buttons below the tables of configurations queries the database, and refreshes the list. You can also check Show Last Revision Only or alter Max Rows to limit that query. You can select files on two devices, or different versions of files on a single device. You can also compare configuration files for a single device. Click Open once you select the device in the Resource Manager, and open the Configurations node in the display. Figure 36-10.
Select the two listed files you want to compare, and click the Compare button. The resulting dialog shows the two files side-by-side. Figure 36-11. File Comparison Differences between the two files are highlighted (the Legend in the lower left corner of this panel describes the significance of the colors). Backup To use the backup function, follow these steps: 1 Launch the Resources manager. 2 Using a filter, retrieve the list of network elements; they appear in the Resource manager table.
5 Select the Configuration File to back up The Vendor Configuration portion of this screen varies, depending on the type of equipment you are backing up. Hover your cursor over the offered alternatives for more information. For example, a Netscreen device lets you check Save Config to Last Good (label). 6 You can also select a label to update (Update Label when complete) to add this configuration backup.
Contact ID—Select a contact from the pick list. These are the contacts in the application’s Contact Manager. e-mail Address—A pick list to select an e-mail address if the contact has more than one. Only e-mail if changes—Check this to send e-mail only if the application detects a difference between the current backup and the selected label. To produce e-mails that do not count a shift in a config file line’s position as a change, modify the following property in \owareapps\netrestore\lib\nr.
e-mail Frequency—These radio buttons become active if you are scheduling a backup as part of a group operation (see Chapter 22, Group Operations). If you select Per Device Report, then each device backed up sends a single e-mail. If you select Single Report, then all devices’ e-mails are concatenated into a single e-mail. NOTE: Sending e-mail is also available as part of backup set through the group operations option.
12 If you select Backup, the status of the backup actions appears on a subsequent screen. These messages display the job’s status. NOTE: If the backup sends e-mail, that act appears as a message in this status screen. Global Backup Global backup is what notifications and actions call. If, for example, the optional Change Manager detects a compliant network element, then notifications and actions can automate backup that compliant configuration.
3 Select the desired network elements in the table and then click on the Restore… button. The restoration form appears. The table in the center of the screen shows a list of historical backups. You can use the buttons to its right to View, Compare, or Export files. The comparison lets you compare two versions of a backup file. See Comparing Files on page 864 for further discussion about this feature.
Global Restoration Global restoration is what notifications and actions call. If, for example, the optional Change Manager detects an out-of-compliance network element, then notifications and actions can automate restoring a compliant configuration. The defaults that appear in the equipment’s restoration screen are the kind of restoration that occurs in such a case.
Backing Up / Restoring
Dell Restore If you have the File Management option installed, this panel lets you configure the restoration destination. Figure 36-1. Dell Restore Vendor Panel Select Running Configuration, Startup Configuration, or Backup Configuration using the pick list. Some models also let you check Reboot Device so the equipment reboots after restoration.
37 Deploying Deploy Elements Overview The Deploy capabilities of this application let you conveniently manage both device configurations and firmware deployments. Before you can use these capabilities, however, you may want to configure an FTP or TFTP server to retrieve or deploy the files. Chapter 35, File Servers describes this setup. The internal FTP/TFTP server is enabled by default.
3 Select the desired network elements in the table and then click on the Deploy… menu item in the Action or right-click menu. This launches the deployment form. The appearance of this screen may be different for some devices. 4 The table shown under Available Software displays all the software entries available for the network element(s) selected.
7 To begin the deployment process, either click on the Deploy Now button to start the deploy process, or click on the Schedule Deploy… button to launch the scheduler form (see Scheduling Downloads on page 888). Clicking the Cancel button aborts this operation. Reboot Some devices require a reboot after you deploy firmware. For example, Dell Powerconnect devices have (2) OS image banks – one active and one inactive. During the deployment process, the inactive bank receives the image.
Deploying Globally Here are the steps for globally deploying software to equipment groups. 1 Import the new OS to OS Images Manager (see OS Images on page 882). For example, specify Dell Computer Corporation as the Vendor. 2 880 Add devices to a Group from the Group Manager/Editor or create a Dynamic Group. Global Deployment then uses this Group. (See the Equipment Group Manager section of the User Guide for more about groups). This example has two Dell devices.
3 Launch the Group Operation Wizard, and specify File Management Operations -> Global > Deploy. NOTE: You can click the Preview button to see an operation’s consequences before you execute or schedule it. 4 After you click Next, choose the OS to deploy to the selected group. This screen contains all imported OS Images. You must select one before you can proceed.
You can also Require Secure FTP Transfer with a checkbox. This uses the FTP setup you have already configured in File Servers on page 849. This screen also reminds you that you may need to resync to retrieve any new information the deployment exposes. 5 After clicking Next, you may also see a vendor panel with more information about the deployment. When you select a device with the pick list at the top, this screen allows you to further configure deployment.
Figure 37-1. OS Images Manager Existing operating system images appear listed in the OS Images panel at the top of this screen. Downloaded operating systems appear with a disk icon; those created manually with OS Editor do not have that icon.
OS Images Details The two details panels display details for selected images. The first displays the files that comprise an individual, deployable image (their count, size and total size). The second panel displays models supported by the selected image. OS Editor The OS Editor opens when you click New or Open.
Figure 37-3. Show Readme To close this panel navigate away from this tab. Download The download screen opens to let you pick from available firmware to download to the configured devices.
Figure 37-4. File Management Download This screen has the following fields and buttons: - Firmware Supplier—Select from the pick list. Subsequent portions of the screen reflect the selected vendor. You can only configure one vendor’s download (or scheduled download) at a time. Some Dell devices require an update to boot code before you can upgrade other firmware. This application automates updating that boot code when you download and deploy the firmware upgrade.
FTP Credentials This section lists the IP address, Port, Logon, and Password of the equipment vendor’s FTP server. It also shows the Firmware File Name and Path to the configuration file that provides information about available firmware updates. These values are read-only (except Logon, Port and Password) and are seeded with supporting device drivers’ installation. Available Firmware Options This panel lists firmware options. Options for discovered devices appear as nodes under the tree.
FTP Download Limitations with Two NICs If you install OpenManage Network Manager on a dual-home server or later add a second NIC to the server, the NIC you select during installation provides access to the only network OpenManage Network Manager sees. The other NIC and its network is not be accessible to OpenManage Network Manager. This is particularly important if you are attempting to use the Firmware Download Manager in OS Images and the other NIC is your only access to the internet.
- Auto Download—Check to enable. This automatically downloads the firmware. - Generate Trap—Check to enable a trap generated when an updated download is available. You can configure the application’s reaction to this trap by correlating it with an action. See the online help about Actions for more information. - Firmware Supplier—A read-only field listing the equipment vendor who supplies firmware updates.
Deploying
38 Configuration Labels Introducing Configuration Labels Labels let you describe actions, and dynamically collect backed up configuration files for File Management. If you wanted to do a group operation like a global restoration (in case of a catastrophic system failure), the easiest way would be to restore all configuration files in the Current label. You can manually execute (or schedule) group operations to restore a limited number of devices based on labels too.
- New—Opens the Label Editor, through which you can define a new label. See Creating or Modifying a Label on page 893 for more information about the Label Editor. - Open—Opens the selected Label for modification. See Creating or Modifying a Label on page 893 for more information. - Delete—Deletes the selected label. Select the label to remove and click Delete. The application prompts you for confirmation.
Creating or Modifying a Label This editor lets you create a new label, or modify parts of an existing one. Figure 38-2. Label Editor (General) This editor has the following tabs and fields: General This tab has the following fields: - Name—A unique identifier for this label. - Description—A text description of this label that appears in the Configuration labels list.
Audit This screen displays the jobs that involve this label. Figure 38-3. Label Editor (Audit) Jobs involving the label appear at the top of the screen. Select one to see the individual messages in the middle of the screen. Message details appear at the bottom of the screen. Click Save to preserve your label definition, or Close (on the tool bar) to abandon it. Label Group Operations You can update labels for groups of equipment with a File Management Group Operations.
Click Next, and the Label Synch Settings screen appears. Figure 38-5. Label Synch Settings In this screen, you can configure the following: - Select label to update—This presents a pick list of available labels to synchronize. Notice that no System labels are available in this list. You can also use the command button (...) to open the Configuration Labels, where you can make a new label. - Select synch operation—Either select a label to provide the source for updating, or a date.
Configuration Labels
A Database Sizing Introducing Database Sizing This appendix suggests sizing solutions, but any final sizing decisions must realistically be guided by business managers working with DBAs to weigh data storage requirements versus costs. NOTE: A typical recommendation is to size your database 20% larger than the expected data. You can store roughly 0.5 million traps per 1G of disk space. Performance typically does not suffer if you oversize. Twenty gigabytes of storage is typical.
[Installation root\/oware3rd/mysql/ibdata/ibdata1:2048M;c:/dorado/ oware3rd/mysql/ibdata/ibdata2:2048M:autoextend:max:2048M The autoextend property can only be found in the last data file specified. YOu must specify the size to which the first file grew when adding the second data file. See MySQL's documentation on the addition or removal of innoDB data files to determine the syntax. It is located at dev.mysql.com/ doc/refman/4.1/en/adding-and-removing.
B SNMP MIBs SNMP MIB Locations Locations of this application’s MIB Files, are as follows: Ocp Location File Name Description redcell.ocp owareapps/Redcell/mibs DoradoSoftware-MIB Base MIB for all other MIBs. Contains the enterprise MIB registration. eventmgmt.ocp owareapps/assure/mibs AssureAlarms-MIB Contains SNMP Notifications encompassing Oware, OpenManage Network Manager and Event Management ocp functionality. netrestore.
Glossary Glossary ACCESS CONTROL — Refers to mechanisms and policies that restrict access to computer resources. An access control list (ACL), for example, specifies what operations different users can perform on specific files and directories. ALARM — A signal alerting the user to an error or fault. Alarms are produced by events. Alarms produce a message within the Alarm Window.
ETHERNET TRUNK PORT — An Ethernet trunk port is a port that terminates a pointto-point Ethernet trunk. Since Ethernet trunk is a point-to-point connection, each Ethernet trunk contains two Ethernet trunk ports. ETHERNET SERVICE — An Ethernet service represents a virtual layer broadcast domain that transports or transmits Ethernet traffic entering from any one endpoint to all other endpoints. Often, this is a VLAN service across multiple devices.
meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network. OSPF — Open Shortest Path First routing protocol. KEY — In cryptography, a key is a variable POLICY — A rule made up of conditions and actions and associated with a profile. Policy objects contain business rules for performing configuration changes in the network for controlling Quality of Service and Access to network resources.
PRIVATE KEY — In cryptography, a private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages. In traditional secret key cryptography, a key would be shared by the communicators so that each could encrypt and decrypt messages. The risk in this system is that if either party loses the key or it is stolen, the system is broken. A more recent alternative is to use a combination of public and private keys.
ming for keeping your messages confidential ought to be contained in a program layer between an application (such as your Web browser or HTTP) and the Internet's TCP/IP layers. The “sockets” part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. TRAP (SNMP TRAP) — A notification from a network element or device of its status, such as a server startup.
Index A About Box, 147 Accelerators / Shortcuts, 171 Access Control, 901 Access Profile, 327 ACL Bindings, 300 ACLI, 693 Acrobat Reader, 49 Action Button, 213 Action Details, 836 Action Editor, 836 Action Properties, 836 Actions Manager, 835 Active Performance Monitor, 759 Additional Database, 771 Aggregation, 790 Attributes and Equipment, 786 Calculated Metrics, 777 Configure, 785 Create a Dashboard View, 763 Creating or Updating a Dashboard, 782 Creating or Updating a Monitor, 771 Creating or Updating a R
Advisory Text, 829 Aging Inventory Report Retention, 710 Alarm, 901 Advisory Text, 810 MIB Text, 809 Reference Tree, 809 Alarm DAP Parameters, 719 Alarm Default, 803 Alarm Details, 809 Alarm Manager, 804 Alarm Severities Cleared, 804 Critical, 804 Indeterminate, 804 Information, 804 Major, 804 Minor, 804 Warning, 804 Alarm Severity and Count, 803 Entity Type, 808 Event detail window, 809 Impacts, 810 Logging, 810 Notification Instance, 808 Overview, 801 Severity, 808 Alarms DAP Parameters, 719 Alarms
Broadcast Control, 248 child alarms, 688 Command button, 169 Browser View, 161 Circular, 677 B-Series Fabric -> Hardware Activation, 402 Fabric -> System, 401 Policy -> Status Settings, 405 Show -> Domains, 410 Show -> Switch Status, 411 Show -> System, 409 SNMP -> Settings, 404 SNMP -> Syslog Daemon, 403 Zone -> Manage Zone, 406 Zone -> Manage Zone Sets, 407 Class of Service - IP Port Priority, 269 Command Line Installation, 57 B-Series Driver, 401 Bus, 680 Class of Service - IP Precedence/DSCP, 2
Creating and Modifying Resources, 217 Creating or Modifying Resource Roles, 632 Creating or Updating a Dashboard, 782 Creating or Updating a Monitor, 771 Creating or Updating a Retention Policy, 788 Ctrl+C, 56 Custom Fields, 178 Custom v.
DHCP IP Interface Parameters, 301 DHCP Relay, 310 Domain naming, 309 Double VLAN Settings, 390 Dynamic Address Table, 252 File System, 396 Flow Control, 332 GARP Settings, 253 GVRP Global Parameters, 354 Host name mapping, 308 IGMP Settings, 290 IP Address, 232 IP Based ACL, 297 IP based ACL, 297 IPv6 Default Gateway, 320 IPv6 Interface, 318 IPv6 ISATAP Tunnel, 322 iSCSI -> Target, 353 LACP Parameters, 304 LACP Settings, 304 LAG Settings, 385 Leave Timeout, 291 LLDP global settings, 312 LLDP Med Local Media
System Settings, 230 TACACS+ Settings, 241 Time Synchronization, 371 Time synchronization, 371 UDP Relay, 311 User Authentication, 233 VLAN Protocol Group, 386 VLAN Protocol Port, 388 Dell Default Screens, 370 Dell Device Driver, 229 Dell M6220, 6224, 6248, 62xxP, 62xxF, and M8024 Screens, 394 Dell PowerConnect Device Driver, 229 Dell Screens, 370 Deployment, 901 Description, 834 Detail Panels, 157, 165, 210, 826 Discovery delays, 187 EMS Alarms, 810 Discovery panel, 227 Encryption, 901 Discovery
Event Management Properties, 127 Event Name, 808 Event Processing Rule Details, 816 Event Processing Rules, 815 Event Template, 902 Scripts, 727 Event Threshold, 902 Event/Alarm correlation, 827 Events Rejected, 820 Suppressed, 820 Example Group Operation, 702 Executing Reports, 708 Exporting, 902 Extended Map, 642 F Figures About Box, 147 About Process Monitor, 144 Action Menu, 213 Actions Manager, 835 Active Performance Monitor Command Monitor Command Settings / Editor, 790 Dashboard, 783 Dashboard Compo
Correlation Rule Type Selector, 819 Custom Attributes, 223 DAP Configuration File Records DAP Parameters, 721 Data Collection, 721 Inventory Change and Tracking DAP Parameter, 723 Inventory Records, 723 DAP Audit Trail Logs, 720 DAP for Event Services Alarm Logs, 719 DAP General Info, 718 DAP Order Summaries, 726 Data Policies, 731 Data Policy Editor, 732 Data Policy Editor Membership, 733 Database Aging Policy (DAP) Manager, 717 Dell Access Profile, 327 Address Aging, 250 Advanced Settings, 372 ARP In
QOS COS Mappings, 271 COS Mappings Mapping Table, 271 DSCP Mapping, 275 Global Settings, 277 Queue Settings, 277 QOS -> CoS Interface, 274 QoS Port Settings, 266 RADIUS Defaults, 238 RADIUS Servers, 237 Radius Settings, 236 Rapid Spanning Tree, 255 Remote Logs, 294 Reset Device, 370 Restore Vendor Panel, 875 RMON -> Statistics, 343 RMON Alarm Configuration, 341 RMON Events Control, 340 RMON History Control, 339 Routing RIP, 358 Static Routes, 360 Routing OSPF Global Settings, 361 Routing OSPF Interface, 365
Discovery Audit Requests Module Authentication, 203 Discovery Definition Data Records, 722 Discovery Profile Editor Discovery Tab, 206 Discovery Profile Editor General Tab, 205 Discovery Profile Editor Options Tab, 207 Discovery Profiles, 204 Drag and Drop Cursor, 153 Editable Column Titles, 755 Editing Event History Entity, 834 E-mail the Alarm, 805 Equipment Roles, 226 Event Definition Editor Correlation, 830 Event Definition Editor General, 827 Event Definitions, 825 Event Filter Criteria, 818 Event
Application, 423 Firewall Rule Term Actions, 426 Firewall Rule Term Match Criteria, 425 Flow, 420 IDS Rule Action Editor, 437 IP Sec IKE Proposal, 430 IP Sec Proposal, 431 IP Security Policies (IKE Edit), 432 IP Security Policies (IP Sec Edit), 433 NAT Pool Properties, 427 NAT Rules, 428 PIC, 419 Service Sets, 439 Stateful Firewall Configuration Wizard, 424 Adaptive Services Applications, 421 Adaptive Services Rule Sets, 438 Add PIC Channels, 614 Advanced Firewall Filter Match Conditions, 470 Aggregated Dev
Switching, 528 L2 Circuit > Neighbors, 527 LSP Next Hop, 536 Lt Port Unit, 597 Operations DHCP / Bootp Relay, 465-466 PIC Chassis Hardware, 575 Point-to-Multipoint (P2MP) LSPs, 536 Policy > Firewall Filters, 469 Policy Options > Firewall Filter Interfaces, 475 Policy Options > Policy Communities, 477 Policy Options > Policy Statements, 482 Policy Options > Prefix Lists, 476 Policy Statement Route Filter, 484 Policy Statements Community, 483 Protocols > Setup LDP, 491 MPLS (Auto Policing), 498 MPLS (Ban
Interface, 516 OSPF Stub/NSSA, 515 RSVP Interfaces, 524 Routing Protocols > Setup ISIS, 489 OSPF, 488 Set All JSeriesChannels, 61 4 Shaping, 607 Show Screens, 615 SNMP Community, 554 SNMP Traps, 556 Sonet and E1 Port Unit, 597 System > General, 557 System > Location, 560 System > Syslog Files, 565 System > Syslog Hosts, 567 System > Syslog Users, 568 System Log File, 563 System Management SNMP Loopback, 561 System Services, 562 Tcc - Translational cross-connect, 605 Tunnel Configuration and GRE Unit Tunnel
Password Expiration Age, 107 Password Expiration Warning, 107 Password History, 106 Ports, 627 Preview Detail Panel, 221 Print Dialog – Paper Tab, 684 Printed Alarms (pdf), 806 Privacy Warning, 103 Quick Group, 158 Registry Edits, 119 Registry Panel, 118 Report Execution, 709 Report Execution Progress, 709 Reports - Filter Screen, 708 Reports Info -> Audit, 708 Reports Info -> Filters, 705 Reports Info -> General, 704 Reports Info -> Historical, 707 Resource Editor Authentication Panel, 225 Discovery P
e-mail Frequency, 870 External Servers, 850 File Comparison, 864 File Server Manager, 849 File Server Setup, 852 FTP Credentials, 887, 889 FTP File Server Net Mask, 851 FTP Server, 851 FTP Service, 849 Monitor Firmware, 889 Network Services Scheduler, 873 OS Editor, 884 OS Editor Readme tab, 884 OS Manager, 882 Resource Screen Buttons, 856 Resources Screen, 858 Restore, 871 Restore Action Type, 863 Schedule Backup, 870 Schedule Options, 888 Send e-mail about backups, 869 TFTP, 849 File Management -> Active
H Inventory Config, 174 Hardware recommendations, 27 Inventory Records, 723 Hardware, System Requirements, 27, 46 Inventory Report Manager, 703 IP Address, 232 Heartbeat Policies, 743 IP Based ACL, 297 Heartbeat Policy Editor, 744 IP SLA Monitor Example, 759 Help, 164, 185 IPv6 Default Gateway, 320 Helpset Limitations, 185 IPv6 Interface, 318 Hiding and Displaying the Navigation Window, 165 IPv6 ISATAP Tunnel, 322 Hierarchical, 673 Hierarchy, 681 Host Name Mapping, 308 How to Get Help,
Class of Service > Fragmentation Map, 456 Class of Service > Interfaces, 453 Classifier Properties, 451 Classifiers, 451 Classifiers Tab, 455 Code Point, 444 Code Point Properties, 444 Confederation Autonomous System Number, 532 Configlet Files, 414 Configuration File Show Commands, 618 Configure > Clear Channel, 620 Configure > Redundancy, 462 Configuring Interfaces, 576 Configuring Redundancy, 462 Configuring Routing Engines, 463 Console Logging Settings , 564 COS Classifiers, 451 Code Point, 444 Configur
Hardware preconfiguration, 413 Hardware Show Commands, 617 Hold Times, 579 IDS Rules, 436 IKE Policy, 432 Import, 509 Import Tab - Import policy, 526 Inbound / Outbound Parameters, 435 Inet, 599 Inet - IPv4, 599 inet6 - IPv6 protocol, 601 Input Parameters, 608 Interface, 512, 549 Interface and Unit Show Commands, 617 Interface Options, 578 Interface Show Commands, 616 Interfaces, 543 Interfaces Tab, 539 Intrusion Detection Services (IDS), 436 IP Sec Policy, 433 IP Security Rules, 434 IP Security IP Sec
Policy Options > Prefix Lists, 476 PPP, 583 Pre-Configuring the Hardware, 413 Prefix Lists, 476 Preserving Configlet Files for Debugging, 414 Pre-shared Key, 432 Priority Levels, 564 Proposals, 433 Protocols > BGP Peer Groups, 506 Protocols > ISIS, 516 Protocols > ISIS Interfaces, 516 Protocols > LDP Interfaces, 519 Protocols > LDP, or MPLS, 519-520 Protocols > MPLS, 520 Protocols > MPLS Interfaces, 520 Protocols > OSPF Area, 510 Protocols > OSPF Areas, 510 Protocols > RIP Groups, 525 Protocols > RSVP Inter
System > Syslog User, 568 System > Syslog Users, 568 System Authentication Order, 569 Radius, 569 Users, 570 System Authentication – Radius and TACACs+, 569 System Authentication > Class, 571 System Authentication > Login User, 570 System Authentication > Order, 569 System Authentication > Radius / TACACs, 569 System Authentication > Radius and TACACs+, 569 System Authentication > Users, 570 System Authentication– Class, 571 System Authentication –Users, 570 System Authentication, Class, 571 System Log
Impacts, 810 Linux / Windows Browser trouble, 148 LLDP Connections, 331 LLDP Global, 312 LLDP Med Local Media Policy, 315 Lockout Period, 102 Login Attempts, 101 Maximum Logins per UserId, 104 Privacy Warning, 102 Session Inactivity Timeout, 104 Max Items, 163 Max Items Displayed Properties Increasing Max Items Displayed, 122 MDI View, 161 logs.
Moving Items Between Lists, 172 Multicast - IGMP Settings, 290 Multicast - Multicast Settings, 286 Multicast -> IGMP Settings, 290, 292 Multicast -> Multicast Forwarding, 289 Northbound, 837 P Note, 171 Pages, 686 Notification History, 832 Paper, 684 Password, 50, 146 O OAM, 903 Object Group Manager, 97 Object Groups, 222 Multicast -> Multicast Settings, 286 OID, 903 Multicast Forward All, 393 Online help, 185 Multiple Criteria Filters, 159 Online Help for Web Client, 148 Multiple Hosts,
Port and Trunk Settings, 245 Properties Best Practices, 142 Quick Group, 157 Port Assignments, 35 Properties Loading, 58 Quick Search, 742 Port Based Authentication, 243, 373 Properties loading, 58 Quick Searches, 742 Port Manager, 627 Protocol, 387 Port Mirroring, 356 Port Security, 375 Ports Functional permissions, 628 Properties, overriding, 126 R Protocols, 44 Protocols > PIM Interfaces, 522 Public Key, 904 Ports Used, 35 Ports used, 35 Ports,In Use, 628 RADIUS Servers, 237 Prepend and
Reject Event, 820 Resources Groups, 631 Rejected event, 820 Resources Role Manager, 631 Relocating columns, 153 Results, 184 Report Info -> Audit, 707 Resync Alarms, 689 Reporting Overview, 703 Resynchronization, 748 Reports From Monitors, 766 Retention Policies, 787 Reports Info -> Filters, 705 Reverse dns lookup, 124 Reports Info -> General, 704 RIP, 357, 904 Reports Info -> Historical, 707 RIP Interface Editor, 359 Reports Info -> User Groups, 705 RMON -> Events Control, 340 Rese
Secure WBEM authentication, 89 Secure web access, 148 Secure Web Client Connection, 148 Security, 67 Select Authentication, 235 Select Content, 155 Select items from menus, 169 Select Layout, 155 SNMP - Traps, 278 Sort columns, 173 SNMP -> Access Control Groups, 282 Sorting Columns in Managers, 173 SNMP -> Communities, 279 Spanning Tree - Bridge Settings, 254 SNMP -> Notification Recipients (SNMP v3), 285 Spanning Tree - Port Settings, 258 SNMP -> SNMP Global Parameters, 280 Spanning Tree -> Bridg
Stack Management -> Stack Configuration, 345 Stack Management -> Stack Port Counters, 348 Stack Management -> Stack Port Summary, 347 Stack Management -> Stack Summary, 346 Stack Management -> Supported Switches, 350 System Labels, 892 Topology View Manager, 661 System requirements, 27 Topology View Properties, 666 System Settings, 230 Topology Views, 662 Trap (SNMP Trap), 905 T Table, 674 TACACS+ Settings, 241 Telnet Sessions, 216 Starting Application Server, 50 Testing Alarms and Events, 811
User Group Manager, 77 User Groups Associating with authentication objects, 91 Manager, 77 User Manager Column sorts, 69 Filtering the display, 69 General Panel, 72 User name restrictions, 71 User, Default, 80 User, new, 71 User-Created Attributes, 845 User-Defined Attribute, 179 User-defined v.
934 Dell OpenManage Network Manager User Guide
