ExtremeWare™ EPICenter™ Software Installation and User Guide Version 3.1 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: August, 2001 Part number: 100081-00 Rev.
©2001 Extreme Networks, Inc. All rights reserved. Extreme Networks and BlackDiamond are registered trademarks of Extreme Networks, Inc. in the United States and certain other jurisdictions.
Contents Preface Introduction Terminology xxiii xxiii Conventions xxiv Related Publications 1 xxv EPICenter Overview Introduction 1-1 Summary of Features Simple Inventory Management The Alarm System The Configuration Manager Interactive Telnet Applet The Grouping Manager The IP/MAC Address Finder ExtremeView Configuration and Status Monitoring Real-Time Statistics Topology Views Enterprise-wide VLAN Management The ESRP Manager Dynamic Reports Scalable Mode 1-2 1-3 1-3 1-4 1-4 1-4 1-5 1-5 1-5 1-5
Security Management EPICenter Stand-alone Utilities 2 iv 1-7 1-8 EPICenter Components Extreme Networks Switch Management 1-8 1-10 Extreme Networks Device Support 1-10 Third-Party Device Support 1-10 EPICenter Client Requirements 1-11 Installing the EPICenter Software Installation Overview 2-1 Server Requirements Windows NT or Windows 2000 Solaris 2-2 2-2 2-3 Client Requirements 2-3 EPICenter Software Licensing Obtaining an Evaluation License Obtaining a Permanent License Upgrading an Evalu
3 4 Starting ExtremeWare EPICenter Running the EPICenter Software under Windows Starting the EPICenter Server Shutting Down the EPICenter Server Components Restarting the EPICenter Server Components as Services 3-1 3-2 3-2 3-3 Running the EPICenter Software under Solaris Starting or Restarting the EPICenter Server Shutting Down the EPICenter Server Components 3-3 3-4 3-4 Launching the ExtremeWare EPICenter Client 3-4 Navigating the EPICenter Applications The Navigation Toolbar Main Applet Frame The
5 vi Deleting Devices and Device Groups from the Database Deleting a Device Deleting a Device Group 4-21 4-21 4-23 Updating Device Information 4-24 Finding Devices 4-25 The EPICenter Alarm System Overview of the EPICenter Alarm System 5-1 The Alarm Log Browser Acknowledging an Alarm Deleting Alarms Viewing Alarm Details Filtering the Alarm Display 5-2 5-5 5-5 5-5 5-6 Defining Alarms Creating New Alarm Definitions Modifying Alarm Definitions Deleting Alarm Definitions 5-8 5-10 5-20 5-20 Alarm C
6 7 8 Configuration Manager Overview of the Configuration Manager 6-1 Uploading Configurations from Devices 6-5 Archiving Configuration Settings 6-7 Downloading Configuration Information to a Device 6-8 Downloading an Incremental Configuration to Devices Creating an Incremental Configuration File 6-10 6-12 Upgrading Device Software Images 6-12 Specifying the Current Software Versions 6-15 Configuring the TFTP Server 6-16 Finding Devices 6-18 Using the Interactive Telnet Application Over
9 10 11 viii Adding Relationships to a Resource Removing Relationships from a Resource 8-16 8-19 Adding and Removing Attributes 8-19 Searching for a Resource Setting up a Resource Search Searching from the Main Toolbar Searching from the Add Resources or Add Relationship Window 8-23 8-23 8-26 8-27 Importing Resources Importing from an LDAP Directory Importing from a File Importing from an NT Domain Controller or NIS Server 8-28 8-30 8-32 8-36 Using the IP/MAC Address Finder Overview of the IP/MA
12 13 14 Setting Graph Preferences 11-11 Taking Graph Snapshots 11-14 Network Topology Views Overview of EPICenter Topology Views 12-1 Displaying a Network Topology View Map Elements Map Element Description Panel 12-2 12-4 12-8 Manipulating Map Views Creating a New View or a New Map Adding Elements to the Map Editing the Map Map Viewing Functions 12-9 12-9 12-11 12-15 12-19 Device Information Views Device Alarms Device Browse Device Statistics Device Telnet Device View 12-26 12-26 12-26 12-27
15 16 x Administering EPICenter Overview of User Administration Controlling EPICenter Access The EPICenter RADIUS Server Setting EPICenter Server Properties 15-1 15-2 15-3 15-3 Starting the EPICenter Client for the First Time Changing the Admin Password 15-3 15-5 Adding or Modifying User Accounts 15-6 Deleting Users 15-7 Changing Your Own User Password 15-8 RADIUS Administration 15-10 Server Properties Administration Devices Properties Scalability Properties SNMP Properties Topology Propertie
Dynamic Reports A 16-9 Viewing Predefined EPICenter Reports Report Filtering Server State Summary Report Device Inventory Report Device Status Report VLAN Summary Report Interface Report Resource to Attribute Mapping Report User to Host Mapping Report Alarm Log Report Event Log Report Configuration Management Log Report 16-10 16-10 16-12 16-13 16-14 16-15 16-15 16-16 16-17 16-17 16-19 16-20 Printing EPICenter Reports 16-20 Creating New Reports Creating or Modifying a Report Adding a User-Defined Repo
B C D E xii EPICenter Utilities The DevCLI Utility Using the DevCLI Commands DevCLI Examples B-1 B-2 B-3 Inventory Export Scripts Using the Inventory Export Scripts Inventory Export Examples B-4 B-4 B-6 The SNMPCLI Utility Using the SNMPCLI Utility SNMPCLI Examples B-7 B-7 B-8 Port Configuration Utility B-9 EPICenter Database Views Device Report View C-1 Interface Report View C-4 Database Event Log View C-5 Database Alarm Log View C-7 Event Types for Alarms SNMP Trap Events D-1 RMON R
The Backup Utility The DBBACKUP Command-line Utility Database Connection Parameters Installing a Backup Database E-4 E-4 E-5 E-6 Index ExtremeWare EPICenter Software Installation and User Guide xiii
Figures 1-1 3-1 3-2 3-3 3-4 3-5 3-6 3-7 3-8 3-9 4-1 4-2 4-3 4-4 4-5 4-6 4-7 4-8 4-9 4-10 4-11 4-12 4-13 ExtremeWare EPICenter software architecture 1-9 EPICenter start-up page 3-5 ExtremeWare EPICenter login page 3-7 Java Plug-inSecurity Warning 3-8 The Network Summary Report page 3-9 The About EPICenter page 3-11 The EPICenter Home page 3-12 VLAN Manager applet running in a browser window 3-15 Inventory Manager applet 3-17 Pop-up dialog box for adding a VLAN in the VLAN Manager 3-19 The Inventory Manager
4-14 4-15 4-16 4-17 5-1 5-2 5-3 5-4 5-5 5-6 5-7 5-8 5-9 5-10 5-11 5-12 5-13 5-14 5-15 5-16 5-17 6-1 6-2 6-3 6-4 6-5 6-6 6-7 6-8 6-9 6-10 7-1 7-2 7-3 7-4 xvi Devices tab of the Delete Devices and Device Groups window 4-22 Device Groups tab of the Delete Devices and Device Groups window 4-23 Synchronize Devices dialog 4-24 Find Devices dialog 4-26 The Alarm Log Browser page 5-3 Detailed view of an Alarm Log entry 5-6 Alarm Log filter definition pop-up window 5-7 Alarm System: Alarm Definition page 5-9 The Ne
7-5 7-6 7-7 8-1 8-2 8-3 8-4 8-5 8-6 8-7 8-8 8-9 9-1 9-2 9-3 9-4 9-5 10-1 10-2 10-3 10-4 10-5 10-6 10-7 10-8 10-9 10-10 11-1 11-2 11-3 11-4 11-5 11-6 11-7 11-8 11-9 11-10 A newly-opened Telnet session 7-9 An open Telnet session showing the pop-up edit menu 7-10 Find Devices dialog 7-12 Resource Details view 8-5 Adding a new resource 8-9 Adding Resources to a Group 8-13 Adding Relationships to a Resource 8-17 Resource attribute display 8-21 Adding attributes to a resource 8-22 Searching for a resource 8-24 I
12-1 12-2 12-3 12-4 12-5 12-6 12-7 12-8 12-9 12-10 12-11 12-12 12-13 13-1 13-2 13-3 13-4 13-5 13-6 13-7 13-8 13-9 13-10 13-11 14-1 14-2 15-1 15-2 15-3 15-4 15-5 15-6 16-1 16-2 16-3 xviii The Topology View 12-3 Example of device nodes, including an unknown device type 12-4 Example of a submap node 12-5 Example of an L2 cloud node 12-5 Example of hyper node icons representing a device and an L2 cloud 12-6 Example of a decorative node 12-6 Example of a gigabit link showing endpoint connectivity and Up status
16-4 16-5 16-6 16-7 16-8 B-1 Device Ports filter specification Attribute specification for Resource to Attribute Mapping report Alarm Log filter specification Event Log filter specification Configuration Management Log filter specification ExtremeWare EPICenter Port Configuration Utility ExtremeWare EPICenter Software Installation and User Guide 16-16 16-16 16-18 16-19 16-20 B-10 xix
Tables 1 2 4-1 5-1 5-2 7-1 10-1 11-1 11-2 B-1 B-2 B-3 C-1 C-2 C-3 C-4 D-1 D-2 E-1 E-2 E-3 E-4 Notice Icons xxiv Text Conventions xxiv Inventory Manager Device Status Indicators 4-6 EPICenter Alarm Variables 5-12 Command Restrictions in EPICenter Tcl Safe Interpreter 5-40 ExtremeView Macro Variables 7-5 ExtremeView Device Status Indicators 10-4 Definition of RMON Utilization Variable Used in Port Utilization Displays 11-2 Definition of RMON etherHistory Error Variables for Port Error Displays 11-2 DevCli c
Preface This Preface provides an overview of this guide, describes guide conventions, and lists other useful publications. Introduction This guide provides the required information to use the ExtremeWare EPICenter software.
Preface operations that are the same across all Extreme switch product families simply refer to the product as the “Extreme device” or “Extreme switch.” Explanations about features that are the same for all devices managed by EPICenter (both Extreme devices and others) are simply refer to “devices.” Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1: Notice Icons Icon Notice Type Alerts you to... Note Important features or instructions.
Related Publications Table 2: Text Conventions (continued) Convention Description [Key] names Key names appear in text in one of two ways. They may be ■ ■ referred to by their labels, such as “the Return key” or “the Escape key.” written with brackets, such as [Return] or [Esc]. If you must press two or more keys simultaneously, the key names are linked with a plus sign (+). For example: Press [Ctrl]+[Alt]+[Del]. Words in bold type Bold text indicates a button or field name.
Preface The technical support pages provide the latest information on Extreme Networks software products, including the latest Release Notes, information on known problems, downloadable updates or patches as appropriate, and other useful information and resources. Customers without contracts can still access manuals and patches at http://www.extremenetworks.com/support/documentation.
1 EPICenter Overview This chapter describes: • Features of the ExtremeWare EPICenter™ SE software. • EPICenter software components. • Hardware and software requirements. Introduction Today's corporate networks commonly encompass hundreds or thousands of systems, including individual end user systems, servers, network devices such as printers, and internetworking systems.
EPICenter Overview popular operating environments in the marketplace, Microsoft Windows NT and Sun Microsystems’ Solaris. Integration with HP OpenView and other third-party network management software products provides additional flexibility. Summary of Features In large corporate networks, network managers need to manage systems “end to end.
Summary of Features system further maximize network monitoring capability while maintaining network usage efficiency. You can organize your network resources into groups (including groups made up of selected ports from multiple switches) that you can manage as a single entity. You can set VLAN configurations across the network without having to log into switches individually. You can search for individual IP addresses and identify their connections into the network.
EPICenter Overview alarm occurs you can specify actions such as sending e-mail, forwarding a trap, running a program, running a script, or sounding an audible alert. The Configuration Manager The EPICenter Configuration Manager applet provides a mechanism and a graphical interface for uploading and downloading configuration files to and from managed devices. It can also download ExtremeWare software images and BootROM images to Extreme Networks devices.
Summary of Features The IP/MAC Address Finder The IP/MAC Address Finder applet lets you search for specific network addresses (MAC or IP addresses) and identify the Extreme Networks switch and port on which the address resides. You can also use the IP/MAC Finder applet to find all addresses on a specific port or set of ports. You can export the results of your search to a file.
EPICenter Overview hierarchical system of campuses, buildings, floors, closets, or whatever logical groupings you want. The Topology applet can automatically add device nodes to your map as devices are added to EPICenter software’s device inventory. The EPICenter software will also add links that exist between the devices, and organize them into submaps as appropriate.
Summary of Features can also be accessed from the EPICenter Navigation toolbar. A Summary Report is also displayed on the main EPICenter “home” page that provides basic information on the status of EPICenter devices and alarms. From this report you can access other more detailed reports. The EPICenter reports are HTML pages that do not require Java capability, and thus can be accessed from browsers that do not have the ability to run the full EPICenter user interface.
EPICenter Overview • Monitor—users who can view status information only. • Manager—users who can modify device parameters as well as view status information. • Administrator—users who can create, modify and delete EPICenter user accounts as well as perform all the functions of a user with Manager access. The EPICenter Admin applet enables configuration of EPICenter as a Remote Authentication Dial In User Service (RADIUS) server.
EPICenter Components • A Relational Database Management System (RDBMS), Sybase Adaptive Server Anywhere, which is used as both a persistent data store and a data cache. • The EPICenter client applications, which are Java applets that are downloaded from the server to a client machine on request and executed in a Java-enabled web browser. The Java Plug-in version 1.3.1 is required. Figure 1-1 illustrates the architecture of the EPICenter software.
EPICenter Overview Extreme Networks Switch Management The EPICenter software uses SNMP to monitor and manage the devices in the network. To avoid the overhead of frequent device polling, the EPICenter software uses a mechanism called SmartTraps to identify changes in Extreme device status and configuration.
EPICenter Client Requirements enabled. The Real-Time Statistics module can display statistics for any device with RMON enabled, the IP/MAC Finder applet supports all devices running MIB-2 and the Bridge MIB, with the exception of user mapping, which is specific to Extreme devices. In the Telnet applet, you can use the Telnet feature with any device that supports a Telnet interface.
2 Installing the EPICenter Software This chapter describes: • Hardware and software requirements for the EPICenter server and client • Procedure for obtaining an evaluation or permanent license key for the software • Install the EPICenter Server software under either Windows NT or Windows 2000 • Set up Internet Explorer for use with the EPICenter client on a Windows system • Install the EPICenter server software under the Solaris Operating Environment • Set up Netscape Navigator for use with the EPICenter
Installing the EPICenter Software The ExtremeWare EPICenter server installation process installs two components: • The EPICenter Database Engine • The EPICenter Web Server Under Windows NT/2000 you can run these as services, or just as an application. Running them as services is recommended. Server Requirements The ExtremeWare EPICenter Server can run under Microsoft Windows NT 4.0, Microsoft Windows 2000, or Sun Microsystems’ Solaris Operating Environment, SPARC Platform Edition.
Client Requirements Solaris For installation under Solaris, the requirements are: • Solaris Operating Environment 2.6, Solaris 7, or Solaris 8 with required patches already installed. • 128 MB RAM (256 MB recommended, especially if you plan to run an EPICenter client on the same system).
Installing the EPICenter Software • On a Solaris system, install Netscape Navigator 4.7 or later, with the 1.3.1 Java plug-in. See the ExtremeWare EPICenter Release Note and Quick Start Guide shipped with the software for the latest information about configuration requirements. EPICenter Software Licensing In order to log in to the EPICenter server from an EPICenter client, the product must be configured with a valid license.
EPICenter Software Licensing You license key will be sent to you by return e-mail. Obtaining a Permanent License To obtain a permanent license key, use your browser to connect to the license page at http://www.extremenetworks.com/go/epickey.htm. Select the option to obtain a permanent license key. Fill in the requested information, and enter your activation key. The activation key is a 14-character key that starts with “AC” and is found on the License Agreement included with your software package.
Installing the EPICenter Software To add a license key for an optional EPICenter product module, use the instlic utility. In Windows, run the instlic command using the Run command from the Windows Start menu, or from an MS-DOS command window. From Solaris, run the command from a command shell. The instlic utility is found in the EPICenter install directory, by default epc3_1 in Windows, or /opt/epc3_1 on a Solaris system.
Installing on a Windows NT or Windows 2000 System For information on installing and running Windows NT or WIndows 2000, refer to the documentation supplied with your Microsoft Windows software. To install the EPICenter software components under Windows NT you must have Windows NT administrator privileges on that system. If you have the previous software release installed, the installation script will also migrate your database information to the new EPICenter software version.
Installing the EPICenter Software activation key to obtain a permanent license key from the Extreme Networks web site at http://www.extremenetworks.com/go/epickey.htm See Chapter 1 of this manual or the ExtremeWare EPICenter SE Release Note and Quick Start Guide for details on obtaining an evaluation or permanent license key. If you have purchased the EPICenter software and an additional module such as the Policy Manager, you can use the key you received for the optional module here.
Installing on a Windows NT or Windows 2000 System 13 If there are any ExtremeWare EPICenter or ExtremeWare Enterprise Manager servers running as services, a notice appears advising you that the services are being shut down. < The installation software then copies the EPICenter program files from the CD to your system. 14 When the files have been copied, the Install as a Service dialog box asks if you want to install the ExtremeWare EPICenter database and web server components as Windows NT services.
Installing the EPICenter Software restart your system at this time, you must either restart the server or start the services manually before you can log in to the EPICenter server from a client. — Click Finish to complete the installation process. Adding or Updating the License Key To update an evaluation license of the ExtremeWare EPICenter to a permanent license, or to install a license key after the original installation is complete, use the instlic utility provided.
Installing on a Solaris System check the ExtremeWare EPICenter SE Release Note and Quick Start Guide for any additional issues. Required Patches Both the Solaris 2.6 and Solaris 7 operating environments require patches for the EPICenter software to function properly. Make certain these patches have been installed before you install the EPICenter server software.
Installing the EPICenter Software You can install the EPICenter components without being logged in as root, as long as you do not use port numbers less than 1024 (for example, port 80 for the EPICenter web server, which is the default). When you install the EPICenter Server, it initializes the database. If you attempt to re-install the server once you have installed it, the installation process reinitializes the database, and your existing data and configurations will be lost.
Installing on a Solaris System 4 When you press [Enter], the text of the license is displayed. You can use the space bar to page through it. When you reach the end, you are asked: Do you agree to the above conditions? (Y/N): 5 Enter Y if you agree and want to proceed. Enter N to terminate the installation process. This question does not have a default, you must enter Y or N.
Installing the EPICenter Software installation. If there is no previous install, or you would like to start from scratch, select new installation. Would you like to upgrade from a previous install? (Y/N) [N]: Answer Y to upgrade. If you answer Yes, the install script asks for the location of the previous version of ExtremeWare Enterprise Manager. Old install directory [/opt/epc_30]: Accept the default or enter the actual location (full path name). 9 Next, you are asked for a license key.
Installing on a Solaris System needs the name of this machine and an unused port to listen on. Please enter the port for the database: [2638] Accept the default (2638) for the TCP port that the EPICenter Web Server will use to communicate with the database, or enter a different port number. You can use any port number (a number between 1024 and 9999 is recommended) except a port number already in use by another process. 11 You are now asked for three ports that the EPICenter Web Server will use.
Installing the EPICenter Software 13 If you accept the parameters by entering Y, the installation script will finish with the following messages: Installing License... License installed. Done. Updating ./extreme/WEB-INF/web.xml Updating ./tomcat/conf/server.xml If you are upgrading from an earlier version of ExtremeWare Enterprise Manager, you will also see the following: *** Database Upgrade Upgrading Database... Upgrading from Generating sql files... Dumping data from tables in old database ...
Installing the EPICenter Client INSTALL COMPLETE is the name of the system you’ve just installed on, and is the HTTP port you entered (or 80 if you accepted the default). Adding or Updating a License Key To update an ExtremeWare EPICenter evaluation license to a permanent license, or to install a license key after the original software installation is complete, use the instlic utility provided.
Installing the EPICenter Software • Under Windows NT, or Windows 2000, install Microsoft Internet Explorer 5.0 with the Java Plug-in version 1.3.1, or Internet Explorer 5.5 with Service Pack 1 and the Java Plug-in. To download the latest version of Internet Explorer, go to http://www.microsoft.com/ie/ • Under Solaris, install Netscape Navigator version 4.7x and the Java 1.3.1 plug-in. Navigator is included in Netscape Communicator, can be downloaded from Netscape Communications.
Uninstalling the EPICenter Server c Stop the EPICenter 3.1 Server. d Stop the EPICenter 3.1 Database Engine. If they are running as applications: a Select Run... from the Start menu, or start an MS-DOS command window. b Enter the command \stopserv.exe is the directory (path) where you installed the EPICenter components. If you installed in the default directory, the path is c:\EPC3_1\ 2 Display the Control Panel folder if you have not already done so.
Installing the EPICenter Software 3 Remove all files from the installation directory tree. For example, if you installed using the default directory path, enter: rm -rf epc3_1 This removes all the EPICenter components, including the database, from the system. 4 The EPICenter installation created a script, EPICenter, in the /etc/init.d directory, and links to /etc/init.d in the /etc/rc2.d and etc/rc3.d directories. You should remove these as well: cd /etc/init.d rm EPICenter cd /etc/rc2.
3 Starting ExtremeWare EPICenter This chapter describes: • Starting the ExtremeWare EPICenter Server. • Launching an EPICenter Client. • Navigating the EPICenter pages. When you log in for the first time after installing the EPICenter server software, there are only two user accounts enabled—an Administrator account “admin,” and a user account “user” with Monitor access privileges. Neither account has a password.
Starting ExtremeWare EPICenter Starting the EPICenter Server If you have not installed the EPICenter server components as a service, you must start the server manually after you boot your server system. You can do this from the Windows NT Start menu. The EPICenter Server consists of two components: • The EPICenter Database Engine • The EPICenter Web Server Both components must be running in order to run the EPICenter client applets.
Running the EPICenter Software under Solaris 4 Repeat the same actions for the EPICenter 3.1 Database Engine. If the EPICenter server components are running as applications, follow these steps to shut them down: 1 Select Run... from the Start menu, or start an MS-DOS command window. 2 Enter the command \stopserv.exe is the directory (path) where you installed the EPICenter components. If you installed in the default directory, the directory is epc3_1.
Starting ExtremeWare EPICenter Starting or Restarting the EPICenter Server To run the EPICenter Server: 1 Set the current directory: cd is the directory (path) where you installed the EPICenter components. If you installed in the default directory, the path is /opt/epc3_1. 2 Invoke runserv to start the two EPICenter components in the required order.
Launching the ExtremeWare EPICenter Client To run the EPICenter client interface: 1 Launch your web browser. 2 Enter the following URL: http://:/ In the URL, replace with the name of the system where the EPICenter server is running. Replace with the TCP port number that you assigned to the EPICenter Web Server during installation. If you used the default web server port, 80, you do not need to include the port number. The EPICenter Start-up page appears.
Starting ExtremeWare EPICenter From the Start-up page you can run the EPICenter client interface, view the online documentation, or log into the EPICenter reports module. • To launch the EPICenter client interface, click the Launch EPICenter link. This requires that the Java Plug-in version 1.3.1 be installed in your browser. If the required version of the plug-in is not installed, you will be prompted to download it, and will be led through the brief installation process.
Launching the ExtremeWare EPICenter Client Figure 3-2: ExtremeWare EPICenter login page There are two default user accounts—the Administrator account “admin,” and the user account “user.” Initially, those accounts have no password. “User” has Monitor access privileges. Chapter 15, “Administering EPICenter” describes how an EPICenter Administrator can create additional EPICenter user accounts.
Starting ExtremeWare EPICenter You will be able to change the admin password (strongly recommended) and to create additional user accounts. — If you are a new user without your own account on the EPICenter server, type “user” as the User Name. You will be able to view information in the various modules, but will not be able to change any configurations. 2 Type your password in the Password field. Both default names (“user” and “admin”) initially have no password, so you can leave the field blank.
Launching the ExtremeWare EPICenter Client — Grant this session will allow the installation of the applets for this browser session only. You will have to grant permission for every applet every time you run the client. — Deny will prevent the EPICenter applets from being loaded. You will still be able to view the Network Summary Reports, but will not be able to access any EPICenter applets. — Grant always indicates that you always want to load the EPICenter applets.
Starting ExtremeWare EPICenter This page displays a simple HTML report with some basic statistics on the status of your network. Click on the values in the right-hand column to display a detail report about a specific status item. From this summary report you can view the following reports: • Summary status of all the devices known to the EPICenter server. • Summary status of the devices known to the EPICenter server that are not responding.
Navigating the EPICenter Applications Figure 3-5: The About EPICenter page From this page you can do the following: • Access the online ExtremeWare EPICenter Software User Guide. • Send e-mail to Extreme Networks’ technical support organization. • Return to the Network Summary Report page.
Starting ExtremeWare EPICenter Navigation Toolbar Main applet frame Figure 3-6: The EPICenter Home page The Navigation Toolbar The Navigation Toolbar, on the left, displays a set of buttons you can use to access various EPICenter modules. The buttons that appear in this Toolbar may be a subset of those listed here, depending on whether you have licensed additional modules, such as the EPICenter Policy Manager, or are running in scalability mode, which disables certain modules.
Navigating the EPICenter Applications • Inventory runs the Inventory Manager, where you can discover devices on your network, and set up device groups and port groups so you can manage network elements in sets rather than individually. • Alarm runs the Alarm Manager, where you can view and browse alarms that have occurred on your network devices, as well as define alarms and the actions that should occur when an alarm happens.
Starting ExtremeWare EPICenter Note that you must have Administrator or Manager access in order to use most of the functions of these applets. Users with Monitor access will be able to view status, statistics etc., but will not be able to set up or change EPICenter or device configurations. In addition to the applets described above, the Navigation Toolbar may include icons for other optional applications that have been integrated into the EPICenter server.
Navigating the EPICenter Applications Applet function buttons Component Tree Component status/detail Figure 3-7: VLAN Manager applet running in a browser window EPICenter applets use a two-panel display within the main applet frame. The two panels are: • The Component Tree. • A component status/detail information panel. In addition, some applets provide an applet-specific set of buttons at the top of the main applet frame.
Starting ExtremeWare EPICenter The Component Tree The left side panel shows the Component Tree. The Component Tree is a nested tree that displays the components known to the EPICenter database that are relevant to the active module. The Component Tree displays different sets of components depending on which EPICenter module you are viewing. For example, in the Inventory Manager, the Component Tree shows all the Extreme and third-party devices known to the EPICenter.
Navigating the EPICenter Applications Column heading separators Figure 3-8: Inventory Manager applet ◆ Click on a component in the Component Tree to display information about that component. In Figure 3-8, the selected component is the Default device group. The component status/detail panel displays summary status information about each device in this device group. A red circle with the white “S” next to a device indicates that the device is not reachable through SNMP.
Starting ExtremeWare EPICenter Moving the Component Tree Boundary You can move the boundary between the Component Tree panel and the main applet panel by following these steps: 1 Place the cursor over the line separating the panels. 2 Click and hold the left mouse button to “grab” the panel separator. 3 Drag the separator until the panels are the desired widths. Resizing and Sorting Columns In a wide columnar display such as shown in Figure 3-8, you can resize the widths of each column.
Navigating the EPICenter Applications Figure 3-9: Pop-up dialog box for adding a VLAN in the VLAN Manager A dialog box can contain the following types of fields: • Page tabs, such as the Properties & Port and IP Forwarding tabs in Figure 3-9. These are used when there are multiple pages of settings for a specific function. Clicking a tab displays its page. • Text fields, such as the VLAN Name field in Figure 3-9. Enter text or numbers by clicking in the field and then typing.
Starting ExtremeWare EPICenter To have the settings you’ve entered take effect, many dialog boxes provide an Apply button. This saves the settings on the page you are viewing, but the dialog box remains open so you can make additional changes or change the settings on one of the other pages. For example, you can specify a new VLAN on the Properties & Ports page as shown in Figure 3-9, click Apply to commit those settings, then display the IP Forwarding settings and make changes on that page.
Running the EPICenter Server in Scalable Mode • VLAN Manager • ESRP Manager • Policy Manager (an optional, separately-licensed module) To set EPICenter into Scalable Mode, you must log into the client, set the Scalable Mode property to enable scalability (it is disabled by default), and then stop and restart the EPICenter server. The steps to do this are as follows: 1 Launch the ExtremeWare EPICenter client, following the instructions in the section “Launching the ExtremeWare EPICenter Client” on page 3-4.
4 Using the Inventory Manager This chapter describes how to use the ExtremeWare EPICenter Inventory Manager applet for: • Viewing the EPICenter device inventory • Discovering network devices • Adding network devices to the EPICenter database • Modifying device contact parameters • Deleting a device from the EPICenter database • Updating device information in the database • Finding specific network devices in the database Overview of the EPICenter Device Inventory The Inventory Manager applet keeps a data
Using the Inventory Manager can assign it to a specific device group, and configure it using the Inventory Manager, VLAN Manager, Configuration Manager, Interactive Telnet, ExtremeView, or the optional Policy Manager. You can receive alarms about faults on the device, and you can view a hierarchical topology layout of the devices known to the Inventory Manager. Any EPICenter user can view status information about the network devices currently known to EPICenter.
Displaying the Network Device Inventory switch using SNMP. EPICenter also adds itself on the switch as a trap receiver. The switch uses the SmartTraps rules to determine what traps to send to EPICenter. When EPICenter receives a trap from a switch, it then polls the switch for detailed status information.
Using the Inventory Manager Figure 4-1: The Inventory Manager applet, main page You must add network devices to the database using Discovery or the Add Devices function in order to make them “known” to the EPICenter. Until this is done, no devices are displayed in the Inventory Manager. The Device Groups currently defined in the EPICenter database are displayed in the Component Tree in the left panel.
Viewing Device Status Information Click on the plus sign to the left of a Device Group name to display the list of switches that are members of that group. A red circle with a white “S” next to a device indicates that the device is not reachable through SNMP.
Using the Inventory Manager Figure 4-2: Inventory Manager device group summary status • The status “lights” show the status of each device as detected by EPICenter. Table 4-1: Inventory Manager Device Status Indicators Status Light Green Yellow Red 4-6 Device Status Device is up and OK Device is responding, but reports an error condition such as a fan or power supply failure, or excessive temperature Device is not responding to EPICenter status queries.
Viewing Device Status Information • The name and type of the device are detected by EPICenter. • The IP address and read/write community strings are also detected by the EPICenter discovery, or are those entered into the EPICenter database manually if the switch was added using the Add command. Select a switch in the Component Tree on the left to display detailed configuration and status information, as shown in Figure 4-3.
Using the Inventory Manager Figure 4-4: Inventory Manager information for a 3Com device You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains the Modify, Delete, and Sync commands. These perform the same functions as the buttons at the top of the page, but with the appropriate device or device group displayed.
Discovering Network Devices 1 Click the Discovery button at the top of the Inventory Manager main window. The Discover Devices window, shown in Figure 4-5, is displayed. Figure 4-5: Inventory Manager Device Discovery set up window 2 Click the appropriate boxes to select the types of devices you want to include in the discovery. You can discover Extreme devices only, or all devices with MIB-2 compatible agents. 3 Specify the device address range you want to discover.
Using the Inventory Manager Examples: IP Address Specification Addresses Generated 10.203.0.* polls 10.203.0.0 through 10.203.0.255 10.203.?.?? polls 10.203.0.0 through 10.203.9.99 0.203.0.1? or 10.203.0.10-19 both specify the same range: 10.203.0.10 through 10.203.0.19 10.203.0-2.10-30 polls 10.203.0.10 through 10.203.0.30 10.203.1.10 through 10.203.1.30 10.203.2.10 through 10.203.2.30 — As an IP address Range (such as 10.203.10.20 to 10.203.10.
Discovering Network Devices 8 If necessary, you can remove an address range from the Device Discovery Criteria list at any time before you initiate the discovery by selecting the range and clicking the Remove button. You can remove all address ranges using the Reset button at the bottom of the page. 9 Click the Discover button at the bottom of the window to initiate the discovery.
Using the Inventory Manager — Click View Details to re-display the discovery details. When the discovery has completed, the set of discovered devices is listed in the top panel of the Discovery Results window. These devices are NOT automatically entered into the EPICenter database. You must explicitly select and add devices to the database.
Discovering Network Devices 12 Click OK to proceed with the Add process. A message window (shown in Figure 4-8) pops up to show you the progress of the Add command. Figure 4-8: Message window showing Add Device progress Devices are listed followed by a small purple rotating clock icon is in progress.
Using the Inventory Manager • The up and down arrow buttons let you move up and down the device tree, displaying the server messages associated with each device. • If you check the Errors Only box, the up and down arrow buttons will expand only devices that had errors. • The Collapse All button collapses all the device nodes, hiding all the server messages.
Adding Devices and Device Groups Adding a Device 1 Click the Add button at the top of the Inventory Manager main window. Select the appropriate tab to display the Add Device window, as shown in Figure 4-10. Figure 4-10: Add Device window in the Inventory Manager 2 Enter the device IP address, community strings, device login and password into the appropriate fields. These are the parameters that EPICenter uses to access the switch.
Using the Inventory Manager When you click Add, the Inventory Manager adds the devices to the database. It makes a set of SNMP requests to retrieve data that is needed from the devices by EPICenter applets. If the device is an Extreme switch, it also creates a set of SmartTraps rules that tell the switch what status and configuration changes are of interest to EPICenter.
Adding Devices and Device Groups Figure 4-11: Add Device Group window in the Inventory Manager 2 Type a name for the device group into the Device Group Name field, and a description (optional) into the Device Group Description field. 3 To add a device to the selected device group, select the device in the Available Devices list and click Add ->. To add all devices in the Available Devices list, click Add All ->.
Using the Inventory Manager Modifying Devices and Device Groups You can use the Modify function to modify the access parameters for an individual device, or to add and delete members of a device group. Users with Administrator or Manager access can modify device contact information and device groups. If you have Monitor access only, you cannot use this function.
Modifying Devices and Device Groups 2 Select the device for which you want to change contact information. 3 Enter the changed information in the appropriate fields. The Device Login and Device Contact Password are the login and password needed in order to Telnet to the device or to use ExtremeWare Vista. The Device Poll Interval lets you specify how frequently the EPICenter server should poll the for detailed device information, such as software version, bootrom version, and so on.
Using the Inventory Manager To add or remove devices in a device group, do the following: 1 Click the Modify button at the top of the Inventory Manager main page. Select the appropriate tab to display the Modify Device Group window, as shown in Figure 4-13. Figure 4-13: Device Groups tab of the Modify Devices and Device Groups window 2 Select the device group you want to modify. The Included Devices list displays the devices that are currently members of this group.
Deleting Devices and Device Groups from the Database Because devices not otherwise assigned are members of the Default device group, you cannot remove devices from the Defeat device group. Devices are removed from the Default device group only when they are added to another device group. 6 Repeat steps 4 and 5 until you have included all the devices that should be members of this device group.
Using the Inventory Manager Figure 4-14: Devices tab of the Delete Devices and Device Groups window 2 To select a device from a specific device group, select the device group from the pull-down list in the Filter by Device Group field. Select All to view the list of all devices from all device groups. 3 Select one or more devices in the Devices list, and click Delete. 4 Click OK to confirm that you want to delete the device information from the database.
Deleting Devices and Device Groups from the Database Deleting a Device Group You can begin the delete function using the Delete button on the toolbar, or by selecting a device in the Component Tree, right-clicking to display the pop-up menu, and selecting Delete Device Group. To delete a device group from the EPICenter database, follow these steps: 1 Click the Delete button at the top of the Inventory Manager main page.
Using the Inventory Manager Updating Device Information Occasionally, you may want to update the configuration and status information for one or more devices in the EPICenter database. The Sync operation is a manual update you can use if you believe that the device configuration is not correctly represented in EPICenter applets. It updates all information for a selected set of devices, except for the contact information. If you have Administrator or Manager access to EPICenter, you can perform a Sync.
Finding Devices 2 To select a device from a specific device group, select the device group from the pull-down list in the Filter by Device Group field. Select All to view the list of all devices from all device groups. 3 Select one or more devices in the Device list. 4 Click Reset at any time prior to initiating the Sync to deselect all device selections and start over. 5 Click Sync to initiate the synchronization process.
Using the Inventory Manager Figure 4-17: Find Devices dialog 2 Enter your search criteria: You can search for devices by name or by IP address. You can limit the search to a specific device group, or to a specific type of Extreme device. Search criteria can include: — A device name. Click the Device Name button, and enter a complete or partial name in the Search: field. — An IP address. Click the IP Address button and enter a complete or partial IP address in the Search: field.
Finding Devices 3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed in the center panel. Information includes the device group in which the device can be found, its name, IP address, and the type of device. 4 Double-click on a device in the results table to highlight the device in the Component Tree, and to display the associated status information for that device (see “Viewing Device Status Information” on page 4-5).
5 The EPICenter Alarm System This chapter describes how to use the ExtremeWare EPICenter Alarm System applet for: • Viewing the alarms that have occurred • Defining new alarms and modifying current alarm definitions • Configuring RMON and CPU utilization trap conditions on devices • Configuring EPICenter as a trap receiver Overview of the EPICenter Alarm System The EPICenter Alarm System provides fault detection and alarm handling for the network devices monitored by EPICenter.
The EPICenter Alarm System selected traps from other MIBs. When an alarm occurs you can specify actions such as sending e-mail, running a program, running a script, or sounding an audible alert. Extreme Networks devices are configured automatically by EPICenter to send traps to the EPICenter server. To receive traps from non-Extreme devices, you must manually configured the devices send traps to the EPICenter server. Not all trap events are supported in older versions of the ExtremeWare software.
The Alarm Log Browser Predefined filters Alarm System module tabs New alarm indicator Current filter definition Alarm summary Acknowledged alarms Figure 5-1: The Alarm Log Browser page The Alarm Log Browser page displays a summary of the alarms that have occurred, optionally filtered based on criteria you can specify. An alarm can be generated due to an SNMP or RMON trap, or based on the results of a poll.
The EPICenter Alarm System • Invalid login (Extreme proprietary trap) • Redundant Power Supply alarm condition (Extreme proprietary trap) • ESRP state change (Extreme proprietary trap) • SNMP unreachable (EPICenter event) • Configuration upload failure for an upload attempted from the EPICenter system (EPICenter event) • Overheat (EPICenter event) • Fan failure (EPICenter event) • Device reboot (EPICenter event) Therefore, you may see alarm log entries the first time you run the Alarm System, even if you h
The Alarm Log Browser Acknowledging an Alarm To acknowledge an alarm: 1 Select the alarm or alarms you want to acknowledge. 2 Click the Acknowledge (Ack) button at the top of the page. This sets the state of the selected alarms to “acknowledged,” and places a green check in the Acked field of the selected alarm log entries. When you acknowledge the most recent alarm, the state of the Alarm button in the EPICenter Navigation Toolbar also returns to black.
The EPICenter Alarm System Figure 5-2: Detailed view of an Alarm Log entry This displays detailed information for the selected alarm. From this window you can view details for other alarms: • Enter or select an Alarm ID in the Go to alarm field. • Click the Next button to view the next alarm down in the list (the next earlier alarm based on the default sorting order). • Click the Previous button to view the next alarm higher in the list (the next later alarm based on the default sorting order).
The Alarm Log Browser the top of the alarm summary display. The predefined filters are based on time: last one hour, last two hours, yesterday, and so on. If you invoke the Alarm Browser from the Topology applet (using the pop-up menu for a specific node) the default filter is set to filter on the Source IP of the node you selected. To specify your own filter, click the Filter button at the top of the page. The Define Alarm Log Filter pop-up window is displayed, as shown in Figure 5-3.
The EPICenter Alarm System 4 Enter the value (or values) against which the parameter should be tested. If you have chosen the Between operator (available for Log ID, Source IP, and Port IfIndex) you will be asked to enter two values. Some parameters (those that take text string values) provide a “Contains” operator, that lets you match against a portion of text that should be contained in the parameter value. 5 Click the Add/Modify Filter button to add this specification to the filter definition.
Defining Alarms • Device reboot (EPICenter event) By default these alarms are all enabled, and will generate an alarm log entry upon occurrence. No other actions are specified in the predefined alarms. You can define additional alarms based on a fairly large number of events. To view the current alarm definitions, to create new definitions, or to modify existing definitions, click the Alarm Definition tab at the top of the page. The Alarm System: Alarm Definition page is displayed, as shown in Figure 5-4.
The EPICenter Alarm System Alarm Actions: Initially the predefined alarms have no actions defined for them. An alarm action is a specified function that the alarm system can execute when an alarm occurs, in addition to logging the occurrence of the alarm. Alarm actions can include sending e-mail, sounding an audible alert, running a program or executing a script. For the predefined alarms, an alarm event will create an entry in the Alarm Log, but no other actions will occur.
Defining Alarms Use the tabs at the top of the window to move between the three pages. When you are finished with your alarm definition, click OK, and the alarm will be entered into the Alarm Definition List. The Basic Alarm Parameters On the Basic page, you define the event-related parameters of the alarm: its name, severity, the event that will trigger it, and so on.
The EPICenter Alarm System For certain other events, you must do the configuration on the switch using an SNMP configuration tool such as SNMPc. See “Configuring Other SNMP Trap Events” on page 5-38 for more information. The event type is concatenated with the event name to define the variable eventTypeName. • Event Name: The specific event (trap) that should trigger this alarm. Select the event from the pull-down list provided.
Defining Alarms Table 5-1: EPICenter Alarm Variables Variable Name Description alarmRepeatPeriod The time frame within which the repeated events must occur for the alarm to be generated alarmSourceDeviceName The name of the device on which the event(s) occurred (taken from the EPICenter database) alarmSourceIP The IP address of the device on which the event(s) occurred alarmSourceIfIndex The interface on the device on which the event(s) occurred alarmGMTTime The time at which the alarm occurred,
The EPICenter Alarm System Figure 5-6: The New Alarm Definition window, Scope definition In this window you define the scope of the alarm—the set of devices that can trigger the alarm. You can define the scope as a set of individual devices, one or more device groups, as a set of individual ports, or as one or more port groups.
Defining Alarms ports. You could also define a port group for the specific ports of interest, the scope the alarm as Port Group and select the appropriate group. • Select Group: If you select Device or Port as the Source Type, you must select a Device Group to indicate what set of devices (and ports) you want to see in the Source List. • Source list (Device/DeviceGroup/Port Group): The list of components of the specified type. The field label changes based on the Source Type.
The EPICenter Alarm System Figure 5-7: The New Alarm Definition window, Action definition In this window you define the actions for the alarm—the functions that should be performed when the alarm occurs. You can have the alarm perform any or all of the actions defined here. The fields and buttons in this window are defined as follows: • Sound Alert: Click the check box to have the alarm system play an audible alert on the client computer when the alarm occurs.
Defining Alarms • Forward Trap to: Click this checkbox to forward the trap event that caused this alarm. Specify the forwarding instructions in the fields to the right of the check box as follows: — Host: Enter the host name or host IP address of the system to which the trap should be forwarded. — Port: Enter the port on which the specified host receives traps. — Community String: Enter the community string for the specified host.
The EPICenter Alarm System Figure 5-8: Setting up E-mail for EPICenter alarm actions 2 Enter your outgoing mail server name (or IP address) into the SMTP Host: field. 3 Enter into the Sent By: field the e-mail address that should be used as the sender of the e-mail 4 If your mail server authenticates the user before sending out e-mail, check the My server requires authentication check box, and enter the user name and password of an account that the SMTP server will accept.
Defining Alarms d Click the Add button to add port 10 to the Selection list. 3 Click the Action tab, and do the following: a Click the Email to: check box to turn on the check. b Type 4083236789@paging.com in the text field next to the checkbox. 4 Click OK to finish the alarm definition. Example 2: Define an alarm that will page “Joe” at “4083236789@paging.com” if any port on device “switch8” goes down. 1 Bring up the New Alarm Definition dialog.
The EPICenter Alarm System If you have not yet created the RMON rule, type in a name for the rule (for example, “WAN Link 15%”). You will need to use this name for the rule when you create it. See “RMON Rule Configuration Example” on page 5-34 for an example of how to create the RMON rule. 2 Click the Scope tab, and enter the port information as you did in Example 1: a Select “Port” in the Source Type field. b Select “switch8” from the Device list. c Select “10” from the ifIndex list.
Alarm Categories After you verify that you want to delete the alarm, the definition is removed from the Alarm Definition List and from ExtremeWare EPICenter’s database. You must remove alarm definitions one at a time. Alarm Categories Alarm categories are arbitrary collections of alarms that you can define as appropriate to your needs, and then assign to specific alarm definitions. For example, you might use categories to designate alarms from individual buildings, floors, or workgroups.
The EPICenter Alarm System Deleting a category also deletes all the alarm definitions that are assigned to that category. If you do not want to delete those alarm definitions, you must first modify the alarm definitions to use a different alarm category before you delete the category. A warning message appears to let confirm that you want to delete the category and the alarm definitions that are assigned to it. Click OK to delete the category and the alarms from the EPICenter database.
Event Configuration Configuration page is displayed. Figure 5-9 shows the Alarm System Configuration page as it appears when displaying RMON rules. Figure 5-9: The event Configuration window showing RMON rules The Configurations tree shows the existing RMON event definitions as nodes in the tree, with the devices to which they are applied shown as subnodes. The main panel shows the definition for the selected rule on each target device. CPU Utilization rules are shown under a separate node.
The EPICenter Alarm System RMON Rule Display For RMON rules, the display shows the following for each device targeted by that rule: • Device: The name of the device • Variable: The MIB variable being monitored • Sample Type: Absolute or Delta • Sample Interval: The time between samples, in seconds. • Rising Threshold: A threshold value that will trigger an event when the value of the variable increments past this value.
Event Configuration Figure 5-10: The event Configuration window showing CPU Configuration rules For each device targeted by that rule, the CPU Utilization rule display shows the following: • Device: The name of the device • Variable: The MIB variable being monitored (always extremeCpuUtilRisingThreshold.0) • Rising Threshold: A threshold value that will trigger an event when the CPU Utilization value (a percentage) increments past this value.
The EPICenter Alarm System For a detailed definition of these parameters, see “CPU Utilization Rule Configuration” on page 5-31. Creating an Event Rule To create a new event rule, click the Add button at the top of the page. The New Configuration Rule window is displayed, as shown in Figure 5-11. Figure 5-11: New Configuration window There are two parts to an event rule; the rule configuration itself, and the association of the rule to its target devices.
Event Configuration For CPU Utilization rules, each target device for a CPU utilization rule appears as a separate component under the CPU Utilization “folder” in the Configurations tree. RMON Rule Configuration If you select RMON Event as the Configuration Type, the remaining fields and buttons in this window are defined as follows: • Name: The name for this rule. • MIB Variable: The MIB variable that the rule will monitor. Type in the complete OID, or click the Look Up...
The EPICenter Alarm System You can also type the beginning of a variable name into the MIB Variable field, then type a space, and the Alarm System will attempt to match your typing to the variable list and auto-complete your entry. MIB variables that apply to the entire device will have the suffix “.0” appended to them to create the complete OID. MIB variables that apply per port will be combined with the port ifIndex to generate the OID.
Event Configuration — Delta to calculate the difference between the current sample value and the previous sample value of the variable, and use the difference in the comparison • Sample Interval (seconds): The interval, in seconds, over which the data is sampled and compared to the rising and falling thresholds. • Startup Alarm: The condition that should be met to cause the initial occurrence of this event.
The EPICenter Alarm System Sampled variable value Initial sample value B Rising threshold Falling threshold E C A D Time (sample intervals) = alarm event generated XM_022 Figure 5-13: RMON Alarm event generation Because the initial sample value of the variable is greater than the value of the Rising threshold, an RMON rising threshold trap is generated. A second trap occurs at the next sample interval (point A) because the sample variable value is now less than the Falling Threshold.
Event Configuration For a more detailed discussion of Remote Network Monitoring alarm behavior, refer to a book such as SNMP, SNMPv2, SNMPv3, and RMON 1 and 2, Third Edition, by William Stallings (Addison-Wesley, 1999). CPU Utilization Rule Configuration CPU Utilization is only supported on switches running ExtremeWare 6.2 or later.
The EPICenter Alarm System • Startup Alarm: The Startup condition is predefined to be Rising. • Sample Interval: The sample interval for a CPU Utilization alarm is also predefined, and is set to 3 seconds. • Sample Type: The sample value (a percentage) is always an absolute value.
Event Configuration below the Falling threshold. At point B the value again passes the Rising Threshold, but no alarm is generated because the value has not yet become less than the Falling threshold. Another Rising threshold alarm cannot occur until after a Falling threshold event has occurred, which happens at point Y. The next Rising threshold event happens at point C.
The EPICenter Alarm System The fields and buttons in this window are defined as follows: • Source Type: The source of the RMON rule targets (Devices, Device Groups, Ports, or Port Groups). Select the type you want from the pull-down list. The choices you have are determined by the variable you selected for the rule. For example, if the variable you have selected to monitor is applied per port, you will be able to select by Port or Port Group.
Event Configuration d Type “1500” in the Rising Threshold field. Note that for this variable the value must be in hundredths of a percent. e Type a smaller value, for example “1450” in the Falling Threshold field. f Leave the Sample Type as “Absolute” and the Sample Interval at the default value (15). g Select Rising for the Startup Alarm field.
The EPICenter Alarm System Figure 5-16: Modify Configuration window The window shows the same information as the Configuration page of the New Configuration window, but with the information for the current target filled in. See “RMON Rule Configuration” on page 5-27 for a definition of the fields on this page. Note that if you change the name of this rule, the new rule will be added as a “folder” in the Configurations tree, and this specific rule target will be moved under the new rule.
Event Configuration Resynchronizing the RMON Rules To resynchronize EPICenter’s database with the RMON rules in place on a switch, do the following: 1 Click the Sync button at the top of the window. The Synchronize RMON Rules window is displayed, as shown in Figure 5-17. Figure 5-17: The Synchronize RMON Rules window You can resynchronize individual devices or all devices in a device group. 2 To select a device group, select Device Group from the pull-down list in the Source Type field.
The EPICenter Alarm System 6 The Synchronize function displays a dialog box with status or error information. Click OK to continue. 7 Click Close to exit the Synchronize RMON Rules window. Configuring Other SNMP Trap Events There are a number of SNMP events that require configuration on the switch before they can be used in EPICenter alarm definitions. If the configuration is not done on the switch, no trap events are generated, and therefore no EPICenter alarms for those events will occur.
Writing Tcl Scripts for Alarm Actions For example, if the IP address of the EPICenter server is 10.0.4.1, you would calculate the decimal equivalent by doing the following: a Convert each quad of the IP address to its hex equivalent: Decimal 10 0 4 1 Hex a 00 04 01 b Convert the hex value a000401 into a decimal value, in this case 167773185 c Put the three components together to form the community string: ST.167773185.
The EPICenter Alarm System variables, access alarm instance data, access event log data, and access other EPICenter server-side data. In order to protect the EPICenter server from malicious or erroneous alarm action scripts, the alarm script execution environment uses the “safe interpreter” ability of the Tcl system. The safe interpreter is a slave of the main EPICenter server-side Tcl interpreter (master interpreter).
Writing Tcl Scripts for Alarm Actions Table 5-2: Command Restrictions in EPICenter Tcl Safe Interpreter source ✔ ✔ Only from standard $tcl_library and user/alarm directory, and subdirectories fconfigure ✔ ✔ All channels are non-blocking by default, cannot set channel to blocking; cannot set channel buffer size open ✔ ✔ Can only open file in user/alarm and its subdirectories; file is opened in nonblocking mode using the default buffer size; number of open file is restricted vwait ✔ encoding ✔
The EPICenter Alarm System extr::sendMail ✔ Sends e-mail through the EPICenter server. Syntax: extr::sendMail toList from subject body ?smtpHost? ?login? ?password? toList A list of recipient’s email addresses from The email address of the sender subject body The subject of the email The text of the email smtpHost (Optional) The host ip address of the SMTP host. If not specified, use the default as defined in the alarm system.
6 Configuration Manager This chapter describes how to use the EPICenter Configuration Manager applet for: • Uploading configuration settings from one or more devices to EPICenter, on demand or at a predefined (scheduled) time. • Downloading configuration settings from EPICenter to a device. • Downloading an incremental configuration to a device. • Downloading a new ExtremeWare image to one or more devices. • Downloading a BootROM image to one or more devices.
Configuration Manager occur at regular times—once a day or once a week. The Configuration Manager supports Extreme Networks and Cisco devices. To start the Configuration Manager applet, click the Config button in the EPICenter Navigation Toolbar. The Configuration Manager applet appears (see Figure 6-1). When the applet initially appears, it shows the status of the Device Group(s) defined in EPICenter.
Overview of the Configuration Manager • Status: the status of the most recent configuration activity. A green check indicates that the activity was successful. A red X means that the activity (upload or download) did not complete successfully. • Name: the device name. • Current S/w: The version of the ExtremeWare software that is currently running in the device. • Current BootROM: The version of the bootROM currently running in the device.
Configuration Manager Figure 6-2: Configuration and Software status for an individual device The device status window displays the following information: • The success status, timestamp, and file name and location for configuration uploads and downloads. If archiving is scheduled, it also displays the time of the next scheduled archive. • The success status, timestamp, and versions for software downloads, as well as version information for both the primary and secondary software stores.
Uploading Configurations from Devices Uploading Configurations from Devices To upload the configuration information from one or more devices, click the Upload button at the top of the window. The Upload config from devices window appears, as shown in Figure 6-3. Figure 6-3: The Upload Config window To upload device configurations to EPICenter, do the following: 1 Select a Device Group in the Device Groups field. The devices that belong to this group are displayed in the Available Devices list.
Configuration Manager The devices you select will be moved to the Devices for Upload list. To remove devices from the Devices to Upload list, select the devices and click the <-Remove button. This moves the selected devices back to the Available Devices list. Click <-Remove All to move all the devices in the Devices for Upload list back to the Available Devices list.
Archiving Configuration Settings Archiving Configuration Settings You can schedule the uploading (archiving) of configuration information so that it is done automatically, either once a day or once a week. A device, a set of devices, or one or more device groups can be scheduled for archive individually and independently of other device upload schedules. To schedule device configuration archive uploads, click the Archive button at the top of the window.
Configuration Manager 1 Select a Device Group in the Device Groups field. The devices that belong to this group are displayed in the Available Devices list. 2 From the Available Devices list, select the devices for which you want to schedule the upload of configuration information, then click the Add-> button. If you want to create the same schedule for all the devices in the Device Group, click the Add All-> button. The devices you select will be moved to the Devices for Scheduling list.
Downloading Configuration Information to a Device The Download Config to a device window appears, as shown in Figure 6-5. Figure 6-5: Download configuration window To download a configuration to a device, do the following: 1 Select the device from the device list presented. You can only download to one device at a time. If configuration information has been uploaded from the device, the file where it was saved is listed in the Last Uploaded Config column.
Configuration Manager The EPICenter software does not save the configuration on the device after the reboot. You can use the Telnet applet to open a telnet session on the affected devices and execute a save configuration command. Downloading an Incremental Configuration to Devices You can create or designate a set of configuration information to be used as a baseline configuration for devices running ExtremeWare 6.0 or later.
Downloading an Incremental Configuration to Devices Figure 6-6: Download incremental configuration window From this window, do the following: 1 Select a Device Group in the Device Groups field. The devices that belong to this group are displayed in the Available Devices list. 2 From the Available Devices list, select the devices for which you want to download the baseline configuration, then click the Add-> button.
Configuration Manager The Configuration Manager will display an error if you attempt an incremental download on a switch running a version of ExtremeWare prior to 6.0. Creating an Incremental Configuration File The purpose of a incremental configuration is to provide a set of known, standard configuration settings you can download to a device to restore it or initialize it to a known software state.
Upgrading Device Software Images If a BootROM upgrade does not complete successfully, it could prevent the switch from booting. To download a new ExtremeWare software or BootROM image to an Extreme device, click the Upgrade button at the top of the window. The Upgrade Image on Devices window appears, as shown in Figure 6-7.
Configuration Manager The entries in the Current Image, New Image, and Image Status columns let you determine which switches have outdated software images. — The Current Image shows the image currently running in the device. — The New Image information comes from the information you provide in the Versions window for devices of this type (see “Specifying the Current Software Versions” on page 6-15). If you have not specified a software version in the Versions window, this will be blank.
Specifying the Current Software Versions You can check the Extreme Networks web site for the availability of newer software releases. b Select the download target in the Download Image To field: Current, Primary, or Secondary. 5 For a BootROM upgrade, select the BootROM image you want to download from the drop-down menu in the Available BootROMs field.
Configuration Manager Figure 6-8: Configure New Image window Enter the version information into the appropriate field. The version information is the version, release, and build number (in parentheses) associated with a specific ExtremeWare software release. For example, for a Summit device this could be a version such as 4.1.19 (2) or 5.0.4 (3). For the “i” chipset devices, it should be 6.1.5 (20) or later.
Configuring the TFTP Server Figure 6-9: Configure TFTP Server window By default, the embedded TFTP server is enabled. • Click the Disable EPICenter TFTP Server button to disable the server. You can then provide a path in the Set TFTP Root field to the location of a different TFTP server. • Click the Enable EPICenter TFTP Server button to enable the server.
Configuration Manager Finding Devices You can search for a device in the EPICenter database by name, by IP address, or by type of device. This may be useful if you have a large number of devices in your inventory. To search for a device, follow these steps: 1 Click Find at the top of the Inventory Manager page. The Find Devices dialog, shown in Figure 6-10, is displayed. Figure 6-10: Find Devices dialog 2 Enter your search criteria: You can search for devices by name or by IP address.
Finding Devices ? is a wildcard for a single digit (0-9) — A device group. Select the device group from the drop-down menu in the device group field. If you do not specify a name or IP address in the Search field, all devices in the device group you select will be found. — A device type. Select the device type from the drop-down menu in the type field. If you do not specify a name or IP address in the Search field, all devices of the type you select will be found.
7 Using the Interactive Telnet Application This chapter describes how to use the Interactive Telnet application for: • Configuring Extreme devices using Telnet and the ExtremeWare Command Line Interface (CLI) • Configuring third-party devices using interactive Telnet Overview of the Interactive Telnet Applet Users with Administrator or Manager access can view and modify configuration information for Extreme switches (Summit, Alpine, and Black Diamond switches) and third-party devices managed by EPICenter
Using the Interactive Telnet Application Using Telnet with Extreme Switches The Telnet applet allows the scripting and playback of groups of CLI commands (macros) to a selection of Extreme switches. You can also use this applet to run an interactive Telnet session on an individual switch, including third-party switches. Select Telnet from the Navigation Toolbar to display the Telnet module.
Using Telnet with Extreme Switches The Telnet Connections list displays the switches in the device group, and shows the status of any macros that have run or are being run on the switch. If macros are not supported on an individual switch (true of third party switches and a few Extreme switches) the Macro Status will be “Macros not supported.” If a switch is not supported by the EPICenter interactive Telnet feature, it will not appear in the Telnet Connections list, or in the Component Tree in this applet.
Using the Interactive Telnet Application Figure 7-2: The Telnet record and play buffer To create a macro for playback to a set of Extreme switches, follow these steps: 1 In the Telnet Connections list, select the set of switches where you want your command macro to run. The switches need not have a Telnet session already open—the macro play function will open a connection and log into the switch. 2 Enter a series of ExtremeWare commands into the macro buffer.
Using Telnet with Extreme Switches Click the right mouse button anywhere in the macro buffer to display a pop-up edit menu which provides copy and paste functions. You can copy text from within the macro buffer using the copy function from the pop-up menu. From an external document, cut or copy text into the clipboard, then use the paste function from the pop-up edit menu. You cannot use the browser cut and paste functions for this purpose.
Using the Interactive Telnet Application 4 Click Play to initiate playback of the macro on the selected switches. This opens a connection to the switch, logs in using the switch login and password as specified in the Inventory Manager, and runs the macro. If the macro is a repeating macro, it will repeat sequentially on all selected switches until you click Stop. You can execute just a portion of a macro by highlighting just the portion of the macro that you want to execute.
Using Telnet with Extreme Switches the switch, and you can view the progress of the macro as the various ExtremeWare commands are executed. Saving a Macro in the EPICenter Database To save a macro you’ve defined, click the Save button. This displays the Macro Save pop-up window (see Figure 7-3). Figure 7-3: Saving a macro to the database Enter a name for the macro, an optional description, and click OK. All current contents of the macro buffer will be saved in the database under the name you specify.
Using the Interactive Telnet Application The contents of the saved macro will replace any previous contents in the macro buffer. You can delete a saved macro by clicking the Delete button. A pop-up window similar to the Load Macro window appears. Select one or more macros to delete, then click Delete. You will be asked to confirm the deletion.
Using Telnet with Extreme Switches Devices with open Telnet sessions Figure 7-5: A newly-opened Telnet session The Telnet session window is a two-tone window—the bottom of the window is white, the top is grey. The last 25 lines of Telnet commands and responses always appear in the white portion of the window. As output grows, the older lines scroll up into the grey portion of the screen. This makes it easy to tell whether you are viewing the most recent Telnet output.
Using the Interactive Telnet Application Copy/Paste from an Interactive Telnet Session A copy and paste function is available within an interactive Telnet session. Copy and paste let you copy from one interactive Telnet session into another interactive session or into the macro buffer. You can also paste commands from an external document into an interactive Telnet session. The copy and paste commands reside on a pop-up menu that you can display using the right mouse button (see Figure 7-6).
Using Interactive Telnet with Third-Party Devices You cannot use the browser cut and paste functions for this purpose. Macro Recording and Playback from an Interactive Telnet Session The record function creates a macro by echoing commands that you type in an interactive Telnet session, into the Macro Record/Play Buffer. The record function is controlled by commands from a pop-up menu displayed by using the right mouse button (see Figure 7-6).
Using the Interactive Telnet Application the screen. This makes it easy to tell whether you are viewing the most recent Telnet output. The copy and paste feature, macros, and the macro variables (, ,
Finding Devices You can search for devices by name or by IP address. You can limit the search to a specific domain, or to a specific type of Extreme device. Search criteria can include: — A device name. Click the Device Name button, and enter a complete or partial name in the Search: field. — An IP address. Click the IP Address button and enter a complete or partial IP address in the Search: field. You can use the wild card characters * or ? in your search criteria.
8 The Grouping Manager This chapter describes how to use the Grouping Manager to do the following: • Create new groups. • Create new user or host resources. • Add resources or groups to a parent group. • Define relationships between resources. • Add attributes to a resource or a group. • Searching for resources. • Import users and hosts from Windows NT Domain Controller, NIS, an LDAP directory, or a file.
The Grouping Manager Grouping Manager, through the EPICenter discovery capability and the Inventory and VLAN applets. User and Host resources are defined within the Grouping module, either by importing the information from an external source (such as an LDAP directory, NT Domain Controller, NIS server, or a file) or by creating the resources within the grouping module.
• The Hosts and Users groups (either the predefined groups or subordinate groups) may be used by the optional Policy Manager. This is also true of all user-defined groups. No other EPICenter applets currently support groups of these types. In a group that contains resources of different types, the Policy Manager will ignore those resources that are not relevant to the purpose for which the group has been selected.
The Grouping Manager Some predefined resources, such as devices and imported resources, may also have predefined attributes. For example, device resources have their IP address as an attribute. Imported resources may bring with them sets of attributes determined by the content and configuration of the import source.
Groups Children Device Resources Tab to display Children or Relationships Tab to display Attributes Figure 8-1: Resource Details view The Component Tree on the left shows the currently-defined resources. Initially, this shows only the root-level group named “Groups.” Click on the plus sign to the left of a resource to display the children of that resource. Children can be individual resources (devices, hosts, users, or ports) or groups.
The Grouping Manager indicates a host resource. indicates a user resource. indicates a VLAN resource. Devices, slots, and ports are indicated by icons that vary based on the specific device model and port type. The icons are the same as are used in the Component Tree of the Inventory module and other EPICenter modules. Although slots appear in the Component Tree, they are not true resources, and cannot be children of groups within the Grouping Manager. VLANs may appear as children in the Component Tree.
— EPICenter indicates that the resource was defined by the EPICenter software: either by the Grouping Manager in the case of the predefined groups, or by another EPICenter applet in the case of device group, device, port, or VLAN resources. You cannot modify these resources or their children (if they are groups) through the Grouping Applet. — Manual indicates that this is a user-defined resource, created within the grouping applet using the New button.
The Grouping Manager • For all types, you can view a list of the Attributes associated with the resource. The exception is the top level (root) node, “Groups,” which has no attributes. Resource Filtering The field at the top of the Component Tree provides a drop-down menu from which you can select a filter to apply to the Component Tree display. This filter controls the types of resources that are displayed as subcomponents of the groups in the tree.
Creating a New Resource Creating a New Resource You can create new groups and add new User and Host resources through the New Resource function. You can also associate attributes with the resource during this process. This function creates a new resource. To add an existing resource to an existing group, see “Adding a Resource as a Child of a Group” on page 8-12. You cannot add resources of any type to the Device Groups or Import Sources groups, or any subgroups within those groups.
The Grouping Manager 3 Enter identifying information in the fields at the top of the dialog: — Resource Name: a name for the resource. The name can include any characters except a colon. — Resource Type: select a type (Group, User, or Host) from the drop-down menu. If you are creating this resource as a member of the Hosts group, the type defaults to Host. If you are creating it as a member of the Users group, the type defaults to User. Otherwise, the type is set to Group by default.
Creating a New Resource d To add this attribute to the list of attributes associated with this resource, click the Add Attribute to Resource button . e To remove an attribute from the list of attributes, select the attribute in the list and click the Remove Attribute from Resource button . 5 When you have finished entering attributes, click the OK button to save your new resource definition. To close this dialog without saving the resource definition, click the Cancel button.
The Grouping Manager Adding a Resource as a Child of a Group A group’s children are individual resources or subordinate groups that will be manipulated or managed together. A resource is placed into a group as it is created— either the root-level group, or the group that was selected when it was created. However, because a resource can be a member of multiple groups, you may wish to add an existing resource to an additional group, or move it to a different group.
Adding a Resource as a Child of a Group Figure 8-3: Adding Resources to a Group This window has two parts: — A display of the resources in the EPICenter database that are available to be added to the group. — A list of the resources you’ve selected to add. 4 Select a resource from one of the lists in the Select Resources to be Added panel at the left hand side of the dialog window. You can make your selection from either side of the panel.
The Grouping Manager Devices shows only Device resources within the groups. Hosts shows only Host resources within the groups. Ports shows only Device and Port resources within the groups. Users shows only User resources within the groups. VLANs shows only VLAN resources within the groups. — The resource list in the right half of the panel displays the resources available within the group you have selected in the Component Tree.
Adding a Resource as a Child of a Group Click the Remove All button to clear the Resource Results list. 8 Click OK to add the resources in the Resource Results list to the list of children for this resource, or Cancel to cancel the Add function. 9 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window.
The Grouping Manager Note that you can also remove resources by locating them using the Find function, and removing them using the search results list. See “Searching for a Resource”on page 8-23 for more information on the Find function. Removing a resource from all groups of which it is a member is the equivalent of destroying the resource. Adding Relationships to a Resource Individual resources cannot have children. However, certain types of resources (Hosts, Users, or Ports) can have relationships.
Adding a Resource as a Child of a Group Figure 8-4: Adding Relationships to a Resource This window has two parts: — A display of the resources in the EPICenter database that are eligible to be used in a relationship. — A list of the relationships you’ve selected to add to the resource. 4 Select a resource from one of the lists in the Select Resources to be Added panel at the left hand side of the dialog window. You can make your selection from either side of the panel.
The Grouping Manager Hosts shows only Host resources. Ports shows only Device and Port resources. Users shows only User resources. VLANs shows only VLAN resources. (However, VLAN resources cannot be used in relationships, so nothing is displayed if you select this filter.) — The resource list in the right half of the panel displays the resources available within the group you have selected in the Component Tree.
Adding and Removing Attributes Removing Relationships from a Resource To remove a relationship between two resources (Hosts, Users, or Ports) do the following: 1 In the Component Tree, select one of the resources that is involved in the relationship, so that the resource is displayed in the Resource Details window. 2 Select the Relationship tab to display the relationships for the resource. 3 Select the relationship you want to remove. 4 Click the Remove button at the bottom of the window.
The Grouping Manager • IP/Subnet: an IP address and subnet mask. This attribute may be used by the Policy Manager to map a User or Host resource to an IP address. • DLCS ID: this attribute specifies a DLCS ID (user ID or host ID) that can be detected by DLCS in the switch. DLCS ID attributes are most commonly created when a resource is imported from an external source such as an NT Domain Controller or NIS that contains user and host information.
Adding and Removing Attributes Figure 8-5: Resource attribute display To add an attribute to the displayed resource, do the following: 1 Make sure the Attributes page is displayed. If it is not, the Add Attributes button will not be present. 2 Click the Add Attribute to Resource button . The Add Attributes pop-up dialog appears, as shown in Figure 8-6.
The Grouping Manager Figure 8-6: Adding attributes to a resource 3 Enter the name of the attribute in the Attribute Name field. 4 Select an attribute type from the drop-down list in the Attribute Type field: Generic: any user-defined attribute other than an IP Address or DLCS ID. IP/Subnet: an IP address and subnet mask. DLCS ID: a User ID or Host ID as it will be detected by DLCS in the switch. 5 Enter a value for the attribute: For a Generic attribute, enter a string.
Searching for a Resource 3 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window. Click the Cancel button at the bottom of the window to cancel the changes you’ve made to this group. Searching for a Resource If you have a large number of resources defined in your EPICenter database, it may be cumbersome to find a specific resource in the Component Tree.
The Grouping Manager Figure 8-7: Searching for a resource The top half of the window is used to specify your search criteria. The Component Tree is used to define a scope for the search. The bottom half of the window contains the results of the search. You can limit the number of results you want to receive in the case of a search that could yield a large number of matches. 2 Enter your search criteria using the fields in the top part of the window.
Searching for a Resource — The asterisk character * used by itself. — A blank field. — For Resource Name, Resource Description, and Resource Source, enter a string to specify the value you want to match. You can specify a partial match using the wildcard characters * and ?. — An * indicates a wildcard match of unspecified length. Specifying a Resource Name as “A*n” will find all Resources whose names start with “A” and end with “n.” This would include Ann, Alan, Allen, Allison, and so on.
The Grouping Manager 4 Specify a Scope for the search from the Component Tree at the left side of Search Criteria area. The scope will limit the search to the group you select, and its subordinate groups. By default the scope is set to the root-level group “Groups,” which means all groups will be searched. 5 To reset all the criteria to their defaults () and to clear the Attribute Criteria list, click the Reset button at the bottom of the window.
Searching for a Resource Setting up a search is the same regardless of where you initiate the Find function. This is describe in the section “Setting up a Resource Search” on page 8-23. To remove resources you’ve identified with the Search function, do the following: 1 Select and highlight the resource or resources you want to remove. You can double-click on the resource and its location is highlighted in the Component Tree.
The Grouping Manager To add resources you’ve identified with the Search function to the Resource Results list of the Add Resources or Add Relationship windows, do the following: 1 Select and highlight the resource or resources you want to add. 2 Click the Add button to add those resources to the Resource Results list. The selected resources are added to the list, and the Search window is closed. To close the Search window without adding any resources, click the Cancel button.
Importing Resources • Resources that have been removed from the source will be deleted from the EPICenter database. • Changes is group memberships and changes in relationships will be enacted. To import resources from an external source, do the following: 1 Click the Import button in the toolbar at the top of the main Grouping Manager window. The Import Resources window is displayed (see Figure 8-8). Figure 8-8: Importing resources 2 Select the type of source from which you want to import information.
The Grouping Manager 3 Click Import to begin the import process. The import button will not be enabled until you enter a source name. Progress during the import will be displayed in a pop-up window, as shown in Figure 8-9. Figure 8-9: Monitoring the progress of an Import function 4 When the process has completed, click OK. If you are importing from a large source, the import process can take several minutes.
Importing Resources • How to map that data to groups, resources, and attributes in the EPICenter Grouping module. The specification file must be named LDAPConfig.txt, and must reside in the EPICenter user/import directory. You can use the LDAPConfig.txt file provided in the EPICenter user/import directory as a template. You should only need to modify three lines in this file: host: the name of the host where the directory resides. user: the username, if required, to allow access to the directory.
The Grouping Manager resourceName: the attribute that should be used as the displayed name of the resource within the EPICenter Grouping Manager. This is required. filterList: defines the search criteria. Because of the limits on the amount of data that a search will return in one operation, you may need to split your search into multiple operations, as is done in the example file. This is required.
Importing Resources The first line simply defines the version of the import syntax: #SYNTAX VERSION:1.0 Enter this exactly as specified. The second line defines the mapping of the data in the file to EPICenter resources: Resource_UniqueName Resource_Type Resource_Name [ attribute ...] • The first three items are required, — Resource_UniqueName specifies that the first field maps to the unique ID.
The Grouping Manager • uniqueID will be used as the resource’s unique name. It can be the same or different from the resource name. For a device, the uniqueID must be the device IP address. For a port it is the IP address of the device followed by the port number. • resource_type can be user, host, group, device, or port. • resource_name is the name that will be displayed as the name of the resource. • attribute defines the value of the attribute that corresponds to this position in the list.
Importing Resources : : : : • resource_type can be user, host, group, device, or port. A group that exists in the EPICenter database (and is not defined in the import file) can be specified as a child of an imported group, but the reverse is not supported.
The Grouping Manager group:ugr1 group:ugr1 user:heidi user:mary group:ugr2 group:ugr2 user:pam user:eric group:hgr1 group:hgr1 group:hgr1 host:win2k host:host1 host:host2 group:dgr1 group:dgr1 host:host3 host:host4 ## Host to User Relation user:wendy host:win2k user:heidi host:host1 user:mary host:host2 host:host3 user:pam host:host4 user:eric Importing from an NT Domain Controller or NIS Server Importing from an NT Domain Controller or NIS server is straightforward.
Importing Resources The import process creates a file, import.txt, in the user/import subdirectory.
9 Using the IP/MAC Address Finder This chapter describes how to use the IP/MAC Address Finder applet for: • Creating search requests for locating specific MAC or IP addresses on the network, and determining the devices and ports where they are located. • Creating search requests to identify MAC and IP addresses on specific devices and ports.
Using the IP/MAC Address Finder Figure 9-1: IP/MAC Address Finder main page Tasks List Summary Window As search tasks are initiated, they are placed in the Find Address Tasks List in the Component Tree. Selecting the Find Address Tasks folder in the Component Tree displays a summary of the status of the tasks in the Task List (see Figure 9-2).
Tasks List Summary Window Figure 9-2: Tasks List summary The Tasks List shows you basic information about the tasks you set up • ID is automatically assigned by the EPICenter server • Name is the name you gave the task when you created it. Giving a task a unique name is important to distinguish it from other tasks in the Tasks List • Type is the type of search this will perform. In EPICenter release 3.
Using the IP/MAC Address Finder From the Tasks List you can perform the following functions: • Select a Pending task and click Cancel to cancel the task before it has completed • Select a task and click Delete to delete an individual task. This deletes the task specification as well as the task results.
Creating a Search Task Figure 9-3: Find Addresses window To create a search task: 1 Enter the task name in the Task Name field. This name helps you identify the task in the Find Address Tasks List. Names of the form Task1, Task2 and so on are provided by default. 2 Define the search targets: in the Enter an Address group box, select either IP or MAC to determine the format of the address to search for, and enter the address into the fields provided.
Using the IP/MAC Address Finder Note that All is added to the search list in addition to any individually-specified addresses. The All specification does overlap with the other target addresses. However, this allows the user to remove the All specification without losing the other addresses in the search list. — Click the WildCard button to search for a MAC address defined only by the first three hexadecimal tuples.
Detailed Task View The IP/MAC Finder applet will not identify a device’s own IP address when you search for IP addresses on that device. In other words, the applet will not find IP address 10.2.3.4 on the switch whose address is 10.2.3.4. It can only find addresses that are in the agent’s IP Address Translation table, and a device’s own address is not included in the table. The applet will find the address on the other switches that have connectivity to the switch with the target IP address, however.
Using the IP/MAC Address Finder While the task is in progress, the window shows the status as Pending. When the search is complete, the Detailed Task View shows the results for the search (Figure 9-5). Figure 9-5: Address search results in the Detailed Task view The Detailed Task View shows the following information about your search. • Name is the name you gave the task when you created it.
Detailed Task View • The Search Domains where the search took place. The Search Domains lists shows the name and type (Device or Group) of the components of the domain specification The Search Results list shows the results of the search. For every address successfully located, this list shows: • Both the MAC address and the corresponding IP address. • The switch and port to which the address is connected. • The User (name) currently logged in at that address.
Using the IP/MAC Address Finder — By default the exported file will be given a name created from the current date, time, and task name. For example, the results for task “Task 2” run on April 25, 2001 at 3:52 pm will be saved in a file named 2001_4_25_1552_Task 2.txt. You can change the file name by replacing the name in the File Name field. 3 Click the Apply button to save the results. Click Reset to clear all the fields. Click Close to close the dialog without saving the file.
10 Using ExtremeView This chapter describes how to use ExtremeView for: • Viewing Extreme and third-party device status. • Viewing and setting Extreme device configuration information using the ExtremeWare Vista graphical user interface. • Viewing Extreme device statistics using the ExtremeWare Vista graphical user interface.
Using ExtremeView Figure 10-1: The ExtremeView applet, main page Use the nodes in the Component Tree as follows: • Status displays status information for the devices known to EPICenter. You can view summary status for all network devices or for the devices within a device group. You can view status and configuration information for individual devices, slots, and ports through a front panel view accompanied by a table of configuration and status information.
Viewing Device Status Information organized by ExtremeWare Vista configuration categories. Individual third-party devices cannot be accessed through this feature. • Statistics displays monitoring results for Extreme Networks switches, also based on ExtremeWare Vista statistics monitoring categories. You can view summary statistics that include active and inactive port counters for all Extreme Networks devices known to EPICenter, or statistics for individual Extreme Networks switches.
Using ExtremeView Select a Device Group name to show summary status for the devices in the group. • The status “lights” show the status of the device as detected by EPICenter. Table 10-1: ExtremeView Device Status Indicators Status Light Device Status Green Device is up and OK Yellow Device is responding, but reports an error condition such as a fan or power supply failure, or excessive temperature Red Device is not responding to EPICenter status queries.
Viewing Device Status Information Figure 10-3: The ExtremeView applet, switch status This view shows an active graphical display of the switch front panel, as well as a panel of status information. You can view the status of individual modules (slots), ports, and power supplies (where shown), as shown in Figure 10-4, in two ways: • Select the slot, port, or power supply by clicking the cursor on the item in the switch image.
Using ExtremeView Selected port Figure 10-4: The ExtremeView applet, port status The right-hand panel displays status information about the selected port There are a few Extreme devices, such as the Summit24e2T, Summit24e2X, and Summit Px1 switches, on which the ports are not selectable through ExtremeView. In these cases, the ifIndex entries for the device are displayed in the Device Information panel on the right.
Viewing Device Status Information the Device Information panel on the right. Figure 10-5 shows a third-party device with an unknown configuration. Figure 10-5: A third-party device with unknown configuration The port type is ethernet-csmacd(6) by default. However, some devices may support other port types. For example, some 3Com devices support a layer 3 module which is of type other(1).
Using ExtremeView Viewing Switch Configuration Information Select Configuration in the Component Tree to display a configuration summary for the Extreme switches known to the EPICenter software (see Figure 10-6). Figure 10-6: The ExtremeView applet, Configuration summary The sub-components under Configuration in the Component Tree are the categories of configuration information that are available through this applet. These correspond to pages from the ExtremeWare Vista application running on the switch.
Viewing Switch Configuration Information Figure 10-7: The ExtremeView applet, Configuration details Enter your changes directly into the editable fields in the configuration display. When you have made the necessary configuration changes, click Submit to send these to the switch for implementation.
Using ExtremeView Viewing Switch Statistics Select Statistics in the Component Tree to display summary statistics for the Extreme switches known to the EPICenter (see Figure 10-8). Figure 10-8: The ExtremeView applet, Statistics summary The sub-components under Statistics in the Component Tree are the categories of statistical information that are available through this applet. These correspond to pages of information from the ExtremeWare Vista application running on the switch.
Finding Devices This displays the selected set of statistics for the selected switch. For some types of statistics, you may be able to view the data in different ways through the use of view options or filters, such as the options shown in Figure 10-9. Figure 10-9: The ExtremeView applet, Statistics details Finding Devices You can search for a device in the EPICenter database by name, by IP address, or by type of device. This may be useful if you have a large number of devices in your inventory.
Using ExtremeView 1 Click Find at the top of the Inventory Manager page. The Find Devices dialog, shown in Figure 10-10, is displayed. Figure 10-10: Find Devices dialog 2 Enter your search criteria: You can search for devices by name or by IP address. You can limit the search to a specific domain, or to a specific type of Extreme device. Search criteria can include: — A device name. Click the Device Name button, and enter a complete or partial name in the Search: field. — An IP address.
Finding Devices 3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed in the center panel. Information includes the domain in which the device can be found, its name, IP address, and the type of device. 4 Double-click on a device in the results table to highlight the device in the Component Tree, and to display the associated front panel view and status information for that device (see “Viewing Device Status Information” on page 10-3).
11 Real-Time Statistics This chapter describes how to use the Real-Time Statistics applet for: • Viewing percentage utilization or total errors data for multiple ports in an Extreme Networks switch, a switch slot, or a port group. • Viewing historical utilization, total errors, or individual errors data for a specific port on an Extreme Networks switch.
Real-Time Statistics You can also view historical statistics for a single port. If you choose to view a single port, the display shows the value of the selected variable(s) over time, based on the number of datapoints the MIB maintains in the etherHistory table. You can choose from a variety of styles of charts and graphs as well as a tabular display. You can view the following types of data: • Percent Utilization for each port in the set (device, port group, or single port).
Displaying Multi-port Statistics Table 11-2: Definition of RMON etherHistory Error Variables for Port Error Displays etherHistoryFragments The total number of packets received during this sampling interval that were less than 64 octets in length (excluding framing bits but including FCS octets) had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Real-Time Statistics Figure 11-1: Real-Time Statistics main page For an individual port, you can display individual errors in addition to utilization and total errors. ◆ Select a network device to display data for some or all ports on the device. ◆ Select a port group to display data for all ports in the port group. You will first see a message saying “Please wait, loading data.” If the EPICenter server is successful in accessing the data, utilization data is displayed as shown in Figure 11-2.
Displaying Multi-port Statistics Figure 11-2: Bar chart showing port statistics for a group of ports If you place the cursor near a bar in the chart, a pop-up window shows the port number and device, actual data value, and the time stamp on the data sample. You can use the mouse to change the depth and rotation of a 3-dimensional chart: • Hold down the [Shift] key, press the left mouse button, and drag the cursor left or right to rotate the graph.
Real-Time Statistics There are cases where you may not see data for every port you expect in a multi-port display: • You have selected the “top N” feature (top 15 by default), so only the “N” ports with the highest utilization or the highest total number of errors are displayed. • RMON is disabled for some ports on the switch. If the switch as a whole can be reached and is reporting data, then individual ports that do not report data will be ignored. No error message appears in this case.
Displaying Statistics For a Single Port There are several reasons why the EPICenter server may not be able to display any device data: • The EPICenter server cannot communicate with the device (indicated by an “S” in a red circle next to the device name). • The device does not have RMON enabled, or RMON was just recently enabled and no data samples exist yet. Displaying Statistics For a Single Port In addition to displaying data for a set of ports, you can display historical data for an individual port.
Real-Time Statistics Figure 11-4: Utilization data over time for an individual port on a device The number of data points displayed, and the sampling interval are user-configurable parameters, within the limitations of the device configuration. The defaults are: • A 30-second sampling interval • 50 data points displayed However, in Figure 11-4, only 25 data points are displayed, because that is the maximum number of values the BlackDiamond switch stores as historical data.
Changing the Display Mode Figure 11-5: Individual errors in a single-port chart Changing the Display Mode The icons at the top of the page let you select the format of the statistical display, and control several other aspects of the display. Select this to determine whether the display for a device or port group will include all ports, or only the top N ports (where N is initially fifteen).
Real-Time Statistics Select this to display the data as a line graph. This chart type is especially useful when displaying individual errors for a single port. Select this to display the data as a pie chart. This chart type is available only when you are displaying statistics for multiple ports on a device, device slot, or in a port group. The maximum number of slices in the pie is a user-configurable setting. It is initially set to display 10 slices. Select this to display the data as a bar chart.
Setting Graph Preferences Determines whether the graph data is updated automatically at every sampling interval. Click on the icon to toggle between continuous updates, indicated by the bar with the red dot (representing a traveling data packet), and the open palm, indicating that updates have been suspended. Select this to take a “snapshot” of the graph or table view of the current real-time statistics data. Select this to bring up the graph preferences pop-up window.
Real-Time Statistics Graph View (Figure 11-6) lets you change from 3D to 2D displays, and change the values for the 3D depth, elevation and rotation. Figure 11-6: Setting 3D graph preferences • To change to a 2D graph view, click the Set 3D Graph View box to remove the check mark. • View Depth controls the depth of a bar. The default is 10, maximum is 1000. • View Elevation controls the elevation (rise) from the front of the bar to the back, in degrees. The default is 10°, range is ±45°.
Setting Graph Preferences Graph Colors (Figure 11-7) lets you set the colors for the graph background and text (data and axis labels). Figure 11-7: Setting graph color preferences • To change a color, click on a button with the color bar icon. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying HSB or RGB values. • Set Graph Background Color sets the color of the background surrounding the graph.
Real-Time Statistics • Data Color 1 is the color used for Utilization and Total Error graphs. • Data colors 1 through 6 are used for the different errors in a individual errors chart. • Data colors in order starting from 1 are used in a pie chart, for as many slices as you’ve specified. (If you specify more than 12 slices, the colors will repeat, with slice 13 using the same color as slice 1). Graph Data (Figure 11-9) lets you set several miscellaneous graph parameters.
Taking Graph Snapshots Figure 11-10: Snapshot of Real-Time Statistics graph display To take a snapshot, click the camera icon located in the toolbar at the top of the RT Statistics applet window. The snapshot image will be displayed in a new browser window in the same form (graph or table) as it was in the RT Statistics applet. Graph images reflect the current display size and graph type (pie, bar, etc.).
Real-Time Statistics When a graph image is displayed in the browser window, you can click a link below the initial display to change the way the data is displayed: • display table reformats the data as a table • display graph/table displays both the graph and table formats on the same HTML page • display graph image displays the data as a graph, in the style in which it was displayed when the snapshot was taken.
12 Network Topology Views This chapter describes how to use the EPICenter Topology View applet for: • Viewing EPICenter Topology maps • Creating new topology views • Adding, moving and deleting map elements (nodes and links) • Modifying the layout of a topology map • Displaying the alarm browser, telnet window, real-time statistics, a front panel view, or ExtremeWare Vista for a specific node on the map Overview of EPICenter Topology Views EPICenter’s Topology applet allows you to view your network (EPICe
Network Topology Views In addition, from a managed device node on the map, you can invoke other EPICenter functions such as the alarm browser, Telnet, real-time statistics, a front panel view, or ExtremeWare Vista for the selected device. Maps are initially created in a default layout based on information in EPICenter’s device inventory about the devices and their connectivity. You can customize the layouts into hierarchical views using drag and drop or cut and paste.
Displaying a Network Topology View Link Information panel Device node Hyper node L2 cloud node Decorative node Submap node View name Text node Figure 12-1: The Topology View A View is a unique, named hierarchy of maps, consisting of a root map and optional submaps, depending on the topology of the network. The current View name is displayed in the pull down field at the left of the icon bar. A Map is a collection nodes and links. The left-hand panel displays the Map Hierarchy Tree.
Network Topology Views The right-hand panel is the Map Element Description panel, that displays information about the currently selected map element (node or link) if one (and only one) is selected. Otherwise, the panel is empty. When you do a Discovery or add a device in the Inventory applet, the newly added devices are placed into the default topology view, (named “Default”).
Displaying a Network Topology View • A small icon representing the specific device or device product line, if the device is of a known type, or an “unknown” device icon (a circle with a question mark) as shown in Figure 12-2 • The device’s IP address • The device status, indicated by the color of the icon border — A green border indicates that the device is UP — A red border indicates that the device is DOWN Each managed device known to EPICenter can only appear once in each topological view.
Network Topology Views You cannot add L2 cloud nodes; they are placed automatically by EPICenter as required by device connectivity. You can remove them, but they may be replaced automatically by EPICenter if still needed. Hyper Nodes: A hyper node represents a link termination when the actual terminating node (device or cloud) is present on another map.
Displaying a Network Topology View A decorative node shows the following information: • The name or description of the node, which can be edited • A decorative node icon, as shown in Figure 12-6 Text Nodes: A text map node is a single-line text field that can be placed anywhere in a network map. It can be used to create a title for the map, additional annotations for other map elements, comments, and so on. Links: A link represents connectivity between nodes in the map.
Network Topology Views Manipulating Map Elements Map elements (nodes and links) can be resized, cut and pasted, and deleted, either using commands from the topology view menus, from the pop-menu enabled with a right-cursor click on the map background, using specific keyboard short cuts, or (under Windows NT or Windows 2000) through the regular Windows mouse and cursor actions and keyboard shortcuts.
Manipulating Map Views • The device represented by the endpoint node • The device port or slot and port to which the link connects, if known • The utilization percentage, if RMON is enabled on the device and if RMON statistics are enabled for this map. The default is that RMON statistics are not enabled for a map. This is updated regularly, typically every 30 seconds • The total errors, if RMON is enabled on the device and if RMON statistics are enabled for this map.
Network Topology Views Topology applet lets you create additional views that organize your network elements in any way you wish. Creating a New View You can create a new view (and its Root Map) by doing one of the following: • Select New View from the New menu • Click the “Create new view” icon on the icon bar: A pop-up window appears where you can enter the name of the view. When you click OK, a new, blank root map is displayed. The new view name appears in the View field at the left of the icon bar.
Manipulating Map Views Figure 12-8: Adding a new map To give the submap a different name, select the submap node, and change the name in the name field in the right-hand panel (the Information panel). The change will take effect when you click away from the submap node. You can also change the name of any map (including the Root Map) by clicking slowly twice on the name in the Map Tree Hierarchy. This puts you into an edit mode where you can change the name.
Network Topology Views Adding a Device Node You can add device nodes to your map by doing one of the following: • Select New Device Map Node from the New menu • Click with the right mouse button on the map background to display the pop-up menu, then select New Device Map Node • Click the “Create new device map” node icon on the icon bar: A pop-up window appears with a list of all devices currently known to ExtremeWare EPICenter, that are not already used somewhere in this view.
Manipulating Map Views Figure 12-9: Adding a decorative node to the map You can change the node name by selecting the node, and editing the contents of the name field in the right-hand panel (the Information panel). The change will take effect when you click away from the submap node.
Network Topology Views • Click the “Create new map link” icon on the icon bar A link is added to your map, as shown in Figure 12-10. Figure 12-10: Adding a link to your map To attach the link between two map nodes, follow these steps: 1 Select one of the red triangles, then wait until a move cursor appears 2 Drag and drop one end of the link onto one of the node you want to connect 3 Do the same with the other end of the link After the link is connected, you can specify endpoint for the link.
Manipulating Map Views Figure 12-11: Specifying ports for a new link connection Discovering Links Between Devices EPICenter will eventually rediscover links between devices if they are real existing links, even if you have deleted the links from your map. However, if you want to have EPICenter discover new links immediately, instead of waiting for the next polling cycle, you can use the Discover Links command.
Network Topology Views Renaming a Topology View You can change the name of a view (including the Default view) by doing one of the following: • Select Rename View from the Edit menu • Click once on the view name in the view name field Either of these actions puts you into an edit mode where you can directly change or replace the contents of the field.
Manipulating Map Views You will be asked to confirm that you want to delete the map. A submap must be empty before you can delete it. You cannot use the Delete Map command to delete the Root Map. To delete the Root map you must delete the entire View with the Delete View command. Cutting Map Nodes You can cut selected device, decorative, or text nodes from the map in order to paste them in another location. • You can cut a submap node as long as it is empty • You cannot cut a hyper node.
Network Topology Views • Click the “Paste nodes into map” icon on the icon bar • Enter [Alt]+V from the keyboard These commands will only be available if there are cut nodes currently on the clipboard. If nodes are pasted partially or completely on top of one another, you can use the Layout Map command (see page 12-19) to rearrange them. Cutting and pasting multiple nodes will not preserve manually-created links between the nodes.
Manipulating Map Views 1 Select the links you want to delete. You can select multiple links by using Shift-click (hold down the shift key and click the cursor on the link you want to select). 2 Select Delete Map Links from the Edit menu to delete the link or links. You will be asked to confirm that you want to delete these links.
Network Topology Views • Click with the right mouse button on the map background to display the pop-up menu, then select Layout Map • Enter [Alt]+L from the keyboard You can use the Expand Map and Compress Map commands to increase the space between nodes in the map. You can also move map nodes by selecting them and dragging them to the location where you want them placed. Expanding the Map The Expand Map function increases the length of the links between map nodes without changing the size of the nodes.
Manipulating Map Views Deflating the Map Nodes The Deflate Nodes function decreases the size of some or all of the nodes on the current map, without changing the spacing between the nodes. By default (if you do not select any specific nodes) the command will deflate all nodes on the current map. If you select one or more nodes, the command will deflate just the nodes you’ve selected.
Network Topology Views • Select Unzoom Map from the Map menu • Enter [Alt]+R from the keyboard Undoing Your Map Edits You can undo your last ten map layout and sizing actions one by one using the Undo Map Edit function. Each Undo Map Edit action undoes your previous editing action. To undo the most recent edit, do one of the following: • Select Undo Map Edit from the Map menu • Enter [Alt]+U from the keyboard This command does not undo delete, cut or paste of map elements.
Manipulating Map Views You are presented with a list of all the nodes in the current view (see Figure 12-12). The list includes the name of the node, the IP address, the node type, and the map where it can be found. Figure 12-12: Finding a node in the current view ◆ To find a node, select the node and click the Find button. This will display the appropriate submap, if necessary, and highlight the node you have selected.
Network Topology Views To display the Map Properties window, do one of the following: • Select Map Properties... from the Map menu • Click with the right mouse button on the map background to display the pop-up menu, then select Map Properties... The Topology Map Properties window will appear, as shown in Figure 12-12.
Manipulating Map Views RGB values. The current color is displayed in the small box to the right of the color bar icon. • To set the color used to label nodes, click the color bar icon labeled Node Text Color. This displays a color selection window where you can select a color by using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon.
Network Topology Views Device Information Views You can view a variety of information about the devices represented by the nodes on the map. By selecting a function from the Tools menu, or from the Device pop-up menu, you can invoke displays of information kept by ExtremeWare EPICenter for the selected device. All these views can be run either by selecting the command from the Topology Tools menu, or by right-clicking on a Device map node to bring up the Device node pop-up menu.
Device Information Views Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. Device Statistics The Device Statistics function runs the ExtremeWare EPICenter Real-Time Statistics applet, and displays port statistics for the selected device. To view the Device Statistics display for a selected node, select the node and do one of the following: • Select Device Statistics...
Network Topology Views • Select Device View... from the Tools menu • Click with the right mouse button on the Device map node, then select Device View... from the pop-up menu that appears This starts the ExtremeView applet in a new browser window and displays the front-panel image and information for the device associated with the selected Device map node. See Chapter 10, “Using ExtremeView” for details on using this feature.
13 Using the VLAN Manager This chapter describes how to use the VLAN Manager for: • Viewing enterprise-wide, tagged and untagged VLAN information for Extreme (Summit and BlackDiamond) switches managed by the EPICenter software • Adding new tagged or untagged VLANs to Extreme devices, adding ports to those VLANs, and modifying IP addresses • Deleting VLANs • Modifying VLANs • Adding and deleting protocol filters Overview of Virtual LANs A Virtual LAN is a group of location- and topology-independent devices
Using the VLAN Manager If you run the EPICenter client with Administrator or Manager access, you can: • Create and delete VLANs • Add or remove ports from existing VLANs • Modify a VLAN’s IP address • Enable/disable IP Forwarding • Create and modify the protocol filters used to filter VLAN traffic Extreme Networks switches support a maximum of 3000 VLANs. VLANs on Extreme Networks switches can be created according to the following criteria: • Physical port • 802.
Displaying a VLAN Figure 13-1: VLAN Manager applet, showing devices organized by VLAN The VLANs currently known to the EPICenter database are displayed in the Component Tree on the left. The panel on the right shows summary information about each VLAN. Note that in the example shown in Figure 13-1, there are two VLANs with the same name, but differing in the protocol filters applied. You must add switches to the EPICenter database through Discovery or by using the Add function in the Inventory Manager.
Using the VLAN Manager The VLAN Manager can display information either by VLAN (showing all the switches with ports that are members of a specific VLAN) or by switch (showing the VLANs that have members on a specific switch). • Select the By VLAN button to display VLANs at the first level of the Component Tree. Listed under each VLAN is every switch that has the VLAN defined on it (see Figure 13-1).
Displaying a VLAN You can display details about the component ports of a VLAN by selecting the VLAN or switch in the tree on the left. The panel on the right displays detailed information about the selected component, as shown in Figure 13-3 and Figure 13-4. Figure 13-3 presents details about the ports in a VLAN on the selected switch.
Using the VLAN Manager Figure 13-4 presents details about the ports on a given switch that are found in the selected VLAN. Figure 13-4: Switch member ports for a selected VLAN Adding a VLAN Users with Administrator or Manager access can create VLANs on the Extreme Networks switches managed by the EPICenter software. If you have Monitor access only, you can not use this function.
Adding a VLAN 1 Click the Add button in the VLAN Manager panel. The Add VLAN dialog box, Properties & Ports page is displayed, as shown in Figure 13-5. Figure 13-5: Add VLAN dialog, Properties and Ports page 2 Enter a descriptive name for the VLAN. The name must begin with a letter followed by up to 31 characters. See the ExtremeWare Software User Guide for details on VLAN naming. 3 Select an entry from the pull-down Protocol Filter list.
Using the VLAN Manager 6 Select one or more ports from the Available Ports list. 7 Click Tagged to add the port as a tagged port. Click Untagged to add the port as an untagged port. If this is an untagged VLAN, you are not able to add a tagged port. When you add an untagged port to a VLAN, it is automatically removed from any other VLAN which uses the same protocol as the new VLAN, and where the port is an untagged member.
Deleting a VLAN Figure 13-6: Add VLAN dialog, IP Forwarding page 2 Select a switch from the table of switches. 3 Enter an IP address and IP mask. Click the Enable IP Forwarding check box if you want to enable IP forwarding for this VLAN on the switch. 4 Click Apply to implement the changes. 5 Click Close to exit the window. Deleting a VLAN Users with Administrator or Manager access can delete VLANs from Extreme Networks switches managed by the EPICenter software.
Using the VLAN Manager Figure 13-7: The Delete VLAN page 2 Select the VLAN you want to delete. 3 Click Delete. The VLAN is deleted from all the switches on which it exists. 4 Click Close to exit the window. Modifying a VLAN Users with Administrator or Manager access can modify the properties of a VLAN, and add and remove ports from the VLAN. If you have only Monitor access, you can not use this function. To modify a VLAN, follow these steps: 1 Click the Modify button in the VLAN Manager panel.
Modifying a VLAN Figure 13-8: The Modify VLAN dialog, Properties and Ports page 2 Select a VLAN from the drop-down list in the VLAN Name field. The current values for the VLAN are displayed. The Ports in VLAN list does not display SummitLink ports, because you cannot modify them. 3 To change the Protocol Filter selection, select a different entry from the pull-down Protocol Filter list. 4 To change the VLAN tag, type a new value into the Tag field.
Using the VLAN Manager 8 Click Tagged to add the port as a tagged port. Click Untagged to add the port as an untagged port. If this is an untagged VLAN, you cannot add a port as a tagged port. If a port is added as an untagged port, it is automatically removed from any other VLAN which uses the same protocol as the new VLAN, and where the port is an untagged member.
Adding and Deleting Protocol Filters 12 Change the IP address and IP mask as appropriate. Click the Enable IP forwarding check box to enable or disable IP forwarding for this VLAN on the switch. 13 Click Apply to implement the changes. 14 Click Close to exit the window. Adding and Deleting Protocol Filters Users with Administrator or Manager access can view, add, and delete protocol filter definitions. If you have Monitor access, you can view filter definitions, but not add or delete them.
Using the VLAN Manager If a filter is in use by a VLAN, you cannot delete it. 3 Click Close to exit the window. To add a protocol filter, follow these steps: 1 Click the Add tab at the top of the Protocol Panel dialog box to display the Add Protocol page, as shown in Figure 13-11. . Figure 13-11: Protocol Panel dialog box, Add Protocol page 2 Enter a descriptive name for the Protocol. The name must begin with a letter followed by up to 31 characters.
14 The ESRP Manager This chapter describes how to use the ExtremeWare EPICenter ESRP Manager applet for: • Viewing the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs Overview of the ESRP Manager The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users.
The ESRP Manager Figure 14-1: ESRP Manager showing summary ESRP-enabled VLAN status This display shows a summary of the ESRP configuration for each ESRP-enabled VLAN. The information displayed is as follows: • Name: The name of the ESRP-enabled VLAN • Master Switch: The name, if known, or MAC address of the switch currently designated as the Master switch. If this switch is being managed by EPICenter (is included in EPICenter’s Inventory database) the name will appear.
Viewing ESRP Detail Information • Group: The ESRP group to which this ESRP-enabled VLAN belongs, in a broadcast domain that contains multiple instances of ESRP (multiple ESRP groups). The names of the ESRP-enabled VLANs participating in the same group must be identical. • Election Algorithm: The ESRP election algorithm in use for this VLAN. The election algorithm determines the order of precedence of the election factors used to determine the ESRP Master.
The ESRP Manager Figure 14-2: ESRP detail for an individual ESRP-enabled VLAN ESRP trap events will also be recorded in the EPICenter Event Log, which you can view using the EPICenter Event Log Report (see Chapter 16, “Dynamic Reports”). ESRP state change traps will be recorded in the EPICenter Alarm Log (see Chapter 5, “The EPICenter Alarm System”). ESRP Traps are not implemented in ExtremeWare versions 4.x or 5.x.
Viewing ESRP Detail Information The Detailed ESRP Information view displays the following information: • Switch Name: The name of the switch, if known. (If the switch is not being managed by EPICenter, this field will contain “N/A”) • MAC: The MAC address of this switch • State: The current state of the switch—Master or Slave • Priority: A user-defined value, between 0 and 254, which can be used by the ESRP election algorithm in determining which switch is the Master switch.
15 Administering EPICenter This chapter describes how to use the Administration applet for the following: • Changing your own user password, for users without Administration access • Adding and deleting EPICenter users • Setting and modifying user permissions for both the EPICenter and ExtremeWare software • Configuring the EPICenter server as a RADIUS client or a RADIUS server for user authentication • Modifying EPICenter server properties to change settings such as polling rates, time-outs, port assignme
Administering EPICenter Finally, the Administration applet provides an interface that allows an EPICenter administrator to modify a number of properties that affect the performance and configuration of the EPICenter server. These properties are stored in the EPICenter database along with other EPICenter data. Controlling EPICenter Access The EPICenter server provides three levels of access to EPICenter functions: • Monitor—users who can view status information and statistics.
Starting the EPICenter Client for the First Time These permissions enable access to Extreme Networks switches through Telnet or ExtremeWare Vista. The use of the RADIUS server avoids the need to maintain user names, passwords, and access permissions in each switch, and instead centralizes the configuration in one location in the EPICenter server. The EPICenter RADIUS Server The EPICenter software incorporates a basic RADIUS server for user authentication.
Administering EPICenter If you used the default web server port, 80, you do not need to include the port number. The EPICenter Start-up page appears. 3 Launch the EPICenter client. The EPICenter Login page appears. 4 Type the user name admin in the User field. 5 Leave the Password field empty. 6 Click Login. The About EPICenter window appears. 7 Click Admin to access the Administration functions of the EPICenter server. The User Administration page appears, as shown in Figure 15-1.
Starting the EPICenter Client for the First Time Changing the Admin Password To change the Admin password: 1 Click the tab at the top of the page to display the User Administration page, if necessary. 2 Select the user admin in the User list. 3 Click Modify. The Edit User window appears, as shown in Figure 15-2. Figure 15-2: Edit User window 4 Type a new password in the Password field. 5 Type the password again in the Verify Password field. 6 Click OK.
Administering EPICenter “Adding or Modifying User Accounts” for details on the ExtremeWare account access levels. Adding or Modifying User Accounts To add users to the EPICenter database, or to modify ExtremeWare EPICenter user account access, follow these steps: 1 Login to the ExtremeWare EPICenter as a user with Administrator access. 2 Click Admin in the Navigation Toolbar. 3 Click the User Administration tab at the top of the page to display the User Administration page, if necessary.
Adding or Modifying User Accounts 6 Type a new password into the Password field. 7 Type the password again into the Verify Password field. 8 Select the appropriate EPICenter Account Access level: — Administrator access allows the user to add, edit and delete user accounts, as well as view status information and statistics and modify device parameters. — Manager access allows the user to view status information and statistics and modify device parameters.
Administering EPICenter A confirmation window appears. 5 Click Yes. This removes all information about this user account from the EPICenter database. To remove all access privileges for a user without removing the user account from the EPICenter database, use the Modify User function and change the Account Access to Disabled. Changing Your Own User Password If you are a user with Manager or Monitor access, you can change your own password at any time after you have logged in to the ExtremeWare EPICenter.
Changing Your Own User Password Figure 15-4: Change Password window The window shows your user name, and your EPICenter and RADIUS Account Access levels, but you cannot change them. 2 Type your new password in the Password field. 3 Type the password again in the Verify Password field. 4 Click Apply. Your new password is stored in the EPICenter database. The change does not take effect until the next time you log in.
Administering EPICenter RADIUS Administration If you have Administrator access, you can enable or disable the RADIUS server, and change its port or the RADIUS secret. To configure EPICenter as a RADIUS server, follow these steps: 1 Click the RADIUS Administration tab at the top of the page. The RADIUS Administration page appears, as shown in Figure 15-5. Figure 15-5: Radius Administration page 2 Click the Enable EPICenter as a RADIUS Server button in the Radius Configuration panel at the top of the page.
RADIUS Administration 3 Enter the RADIUS server’s shared secret in the Radius Secret field. This string is basically a shared key by which the RADIUS server and its clients recognize each other, and which they use for secure transmission of user passwords. If you change the secret in the RADIUS server, you must also change it in any of the RADIUS clients (Extreme switches) that use the RADIUS server for user authentication. 4 The default port used for the RADIUS server is 1645.
Administering EPICenter Server Properties Administration If you have Administrator access, you can modify the values of a number of properties that affect the function and performance of the EPICenter server. 1 Click the Server Properties tab at the top of the page. The Server Properties Configuration page appears, as shown in Figure 15-6. Figure 15-6: Server Properties Configuration page, initial properties list 2 Select a set of properties from the drop-down menu field at the top of the central panel.
Server Properties Administration — SNMP — Topology — Other The Server Properties Configuration page displays the properties in that set. 3 Type a new value into the field for the property you want to change, or click a check-box to turn on or off an option. The specific properties and their meanings are discussed in the following sections. 4 Click the Apply button to cause your changes to take effect.
Administering EPICenter • Poll Devices Using Telnet (checkbox): This enables or disables regular CLI/Telnet polling of ExtremeWare 4.1 devices. It disables ESRP polling as well as EDP polling. The default is enabled. • Save Switch Password for Vista Login (checkbox): Enables ExtremeView to save the switch password in the EPICenter database when you log into a switch using ExtremeWare Vista.
Server Properties Administration 3600 seconds (one hour). You can disable all SNMP polling by setting this property to zero. Note that this Poll Interval is different from the Device Polling Interval you can set through the Inventory Manager. The Device Polling Interval controls the frequency of polling for detailed device information such as software version, bootrom version, and so on.
Administering EPICenter • DNS Lookup Timeout Period: The time-out period, in milliseconds, when performing DNS lookup operations for hosts found through DLCS or when importing (in the Grouping applet) from an NT Domain Controller. The default is 1000 milliseconds (one second). • Session Timeout Period: The non-activity time-out period, in milliseconds, after which the user is required to re-login to the EPICenter server. The default is 600,000 milliseconds (ten minutes).
16 Dynamic Reports This chapter describes how to use the ExtremeWare EPICenter Reports capability for: • Viewing predefined Network Summary Reports from the Home EPICenter page • Viewing predefined EPICenter status reports from the Dynamic Reports • Creating new reports by writing Tcl scripts Overview of EPICenter Reports The EPICenter software provides several sets of HTML-based reports that provide information about the devices managed by the EPICenter server.
Dynamic Reports The EPICenter dynamic reports are HTML pages that do not require Java capability, and thus can be accessed from browsers that do not have the ability to run the full EPICenter user interface. This means reports can be loaded quickly, even over a dial-up connection, and it also provides the ability to print the reports. Network Summary Report The Network Summary Report provides an at-a-glance summary of the status of the devices the EPICenter server is monitoring.
Network Summary Report If there are statistics that indicate problems (such as devices not responding, or alarms generated within the last twenty-four hours) the cell containing that statistic is displayed in yellow. To view a detail report for a particular summary statistic, click the number in the right hand column of the summary display.
Dynamic Reports The only statistic in the Network Summary Report that does not provide its own detail report is the Devices Up statistic. This report illustrates a number of features that are common to all the Summary Detail reports. In these reports, you can do the following: • Click a column heading to sort on the contents of that column. For example, to sort by IP address, click on the Device IP Address link at the top of the first column.
Network Summary Report Click the IP address to display a table with detailed configuration and status information. This is the same information you can view in the Inventory applet.
Dynamic Reports Critical Alarms Defined This report provides a summary of alarms defined as having a severity level of Critical or Major. It shows the following information for each alarm: • Alarm Name: Name of the alarm • Category: Alarm category of which this alarm is a member • Enabled: Whether the alarm is currently enabled or disabled • Severity: Severity level of the alarm (Critical or Major) See Chapter 5 for more information on alarm definitions, categories, and other alarm topics.
Network Summary Report • Category: Category that the alarm is classified under • Source IP: IP address of the device that generated the alarm • Time (GMT): Time the alarm occurred (Greenwich Mean Time) • Event #: Event ID of the alarm (assigned by the EPICenter server when the alarm is received) • Severity: Severity level of the alarm You can view the complete Alarm Log report, showing all EPICenter alarms, from the Reports module. See “Alarm Log Report” on page 16-17.
Dynamic Reports • Alarm Name: Name of the alarm • Category: Category that the alarm is classified under • Source IP: IP address of the device that generated the alarm • Time (GMT): Time the alarm occurred (Greenwich Mean Time) • Event #: Event ID of the alarm (assigned by the EPICenter server when the alarm is received) • Severity: Severity level of the alarm You can view the complete Alarm Log report, showing all EPICenter alarms, from the Reports module. See “Alarm Log Report” on page 16-17.
Dynamic Reports VLANs Report Summary information on all VLANs being managed by the EPICenter server. This report is the same as the VLAN Summary Report you can access from the Reports module. See “VLAN Summary Report” on page 16-15 for a description of this report. Dynamic Reports A number of predefined reports present information from the EPICenter software database.
Dynamic Reports • By logging in directly from the EPICenter Start-up page To log in directly from the EPICenter software Start-up page, follow these steps: 1 Launch your Web browser. 2 Enter the following URL: http://:/ In the URL, replace with the name of the system where the ExtremeWare EPICenter server is running. Replace with the TCP port number that you assigned to the ExtremeWare EPICenter Web Server during installation.
Viewing Predefined EPICenter Reports conditional statement based on the values of relevant variables in the ExtremeWare EPICenter database. The following reports provide filtering: • Interface Report • Alarm Log • Event Log • Config Mgmt Log These reports provide a set of fields at the bottom of the report similar to the ones shown in Figure 16-3. Figure 16-3: Report filter specification To create a filter, follow these steps: 1 In the first field, select the variable to use in the filter.
Dynamic Reports If the variable values are strings, then the comparisons are taken to indicate alphabetic order, where greater than indicates later in later in the alphabet (for example, the letter B is greater than A). 3 In the third field, select the value you want to compare the variable against. If the variable takes a string as its value, enter a string. If the variable is numeric, enter an integer.
Viewing Predefined EPICenter Reports • Radius Port: Port currently used by the RADIUS server • Telnet Port: Port currently used for Telnet • Database Port: Port currently used for EPICenter database communication The Web Server, Trap Receiver, Radius and Telnet ports can be changed through the Administration applet, if you have administrator-level access to EPICenter. See Chapter 15, “Administering EPICenter,” for more information.
Dynamic Reports • Serial Number: Device serial number Click the heading of a column to sort on the contents of that column. Device Status Report To view a Device Status Report, click the Device Status link in the left-hand panel. This displays the device status and failure log for all devices known to EPICenter. The initial display presents a summary at the Device Group level.
Viewing Predefined EPICenter Reports If the number of alarms for a device is greater than zero, you can click the number to view a summary of the alarm information for that device. VLAN Summary Report To view a VLAN Summary Report, click the VLAN Summary link in the left-hand panel. This displays a report of the VLANs known to ExtremeWare EPICenter. The information reported includes: • VLAN Name: Name of the VLAN • Tag: 802.
Dynamic Reports The list of ports is sorted initially by IP address. Click the heading of a column to sort the report based on the contents of that column. For example, to sort by operational status, click on the OperStatus heading. You can filter the ports that are displayed by constructing a conditional filter using the fields at the bottom of the page. This lets you construct a two-clause filter statement in the form shown in Figure 16-4.
Viewing Predefined EPICenter Reports The pull-down list shows a set of system-defined attributes used by the Policy Manager, along with any attributes you’ve added to resources through the Grouping Manager. The system-defined attributes (IP, UDP Any, TCP Any, TCP Permit-Established Any, IP Any, and L4 Port) have static definitions and are used internally by the EPICenter Policy Manager.
Dynamic Reports • Source: IP address of the device that generated the alarm • Category: Category that the alarm is classified under • Ack’d (acknowledged): Whether the alarm has been acknowledged (true or false) • Event #: Event ID of the alarm (assigned by the EPICenter server when the alarm is received) • Message: Message associated with the alarm The alarm information is displayed in groups of 25 alarm events per page.
Viewing Predefined EPICenter Reports Event Log Report To view an Event Log Report, click the Event Log link in the left-hand panel. This displays a report of all the entries in the EPICenter Event Log.
Dynamic Reports Configuration Management Log Report To view a Configuration Management Log Report, click the Config Mgmt Log link in the left-hand panel. This creates a report of all the entries in the Configuration Management Log. The information displayed includes the following: • Time(GMT): Time (Greenwich Mean Time) when the activity occurred. • Device: IP Address of the device. • Activity: Activity that occurred, such as uploading a configuration file, updating a software image, and so on.
Creating New Reports and use the browser’s Print button, or the Print command from the File menu, to initiate the print. Creating New Reports The EPICenter software allows you to customize the existing EPICenter dynamic reports, and to define new reports. Because the reports use HTML and Tcl, you can incorporate the new or modified reports into the running EPICenter server without requiring a restart. In addition, the EPICenter software includes features that aid in debugging user changes.
Dynamic Reports • The tcl directory contains the following: — The Tcl methods available for creating new reports — The source code for the existing reports The information presented in the remainder of this chapter assumes you have a reasonably thorough understanding of both HTML and Tcl scripting. Creating or Modifying a Report You can modify an EPICenter report HTML file in any HTML editor, such as Microsoft FrontPage.
Creating New Reports
ShowDeviceSummaryList
