ExtremeWare Enterprise Manager™ Installation and User Guide Version 2.0 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.
©1999 Extreme Networks, Inc. All rights reserved. Extreme Networks and BlackDiamond are registered trademarks of Extreme Networks, Inc. in certain jurisdictions.
Contents PREFACE Introduction xvii Terminology xviii Conventions xviii Related Publications xviii 1 EXTREMEWARE ENTERPRISE MANAGER OVERVIEW Introduction 1-1 Summary of Features 1-2 ExtremeView Configuration and Status Monitoring Enterprise-wide VLAN Management 1-3 Support for Summit Virtual Chassis Stacks 1-3 Policy-based Quality of Service 1-4 Simple Inventory Management 1-4 Real-Time Statistics 1-5 The MAC/IP Address Finder 1-5 Security Management 1-5 ExtremeWare Enterprise Manager Components 1-6 Extre
2 INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER Installation Overview 2-1 Installing on a Windows NT System 2-2 Installing the Enterprise Manager Server 2-2 Updating an Evaluation Version to a Licensed Version 2-5 Uninstalling the Enterprise Manager Server 2-6 Installing on a SPARC Solaris System 2-6 Installing the Enterprise Manager Server 2-7 Updating an Evaluation Version to a Licensed Version 2-12 Uninstalling the Enterprise Manager Server 2-13 Installing the Enterprise Manager Client 2-14 Downloadi
Starting the Enterprise Manager Client for the First Time Changing the Admin Password 4-4 Adding or Modifying User Accounts 4-6 Deleting Users 4-7 Changing Your Own User Password 4-8 RADIUS Administration 4-9 5 USING THE INVENTORY 4-3 MANAGER Overview of the Enterprise Manager Device Inventory 5-1 Device Groups 5-2 Port Groups 5-2 Gathering Device Status Information 5-2 Displaying the Network Device Inventory 5-3 Viewing Device Status Information 5-5 Discovering Network Devices 5-8 Adding Devices, Dev
Copy/Paste from an Interactive Telnet Session 6-14 Macro Recording and Playback from an Interactive Telnet Session 6-15 Using Telnet with Cisco Devices 6-15 7 USING THE VLAN MANAGER Overview of Virtual LANs 7-1 Displaying VLANs 7-2 Adding a VLAN 7-6 Deleting a VLAN 7-9 Modifying a VLAN 7-10 Adding and Deleting Protocol Filters 8 USING THE 7-12 POLICY SYSTEM Overview of The Policy System 8-1 Policy Types 8-2 Basic Policy Definition 8-5 Policy Objects 8-7 Policy Implementation Types 8-8 Policy Scop
Custom Policy Definition Tab 8-32 The Status Tab 8-34 The Scope Tab 8-35 The Overlaps Tab 8-37 The Precedence Tab 8-38 The QoS Results Tab 8-41 Viewing and Modifying Network QoS Treatments 8-42 Adding or Modifying Local Users 8-44 Adding or Modifying User Groups 8-47 Adding or Modifying End Stations 8-48 adding or Modifying End Station Groups 8-50 Displaying Managed Device Status 8-52 Cisco Device Policy Setup 8-53 Configuring QoS Policies 8-55 System Status 8-56 Current State 8-56 Importing Data from NT Do
10 REAL TIME STATISTICS Overview 10-1 Displaying Multiport Statistics 10-3 Displaying Statistics For a Single Port Changing the Display Mode 10-9 Setting Graph Preferences 10-11 11 USING THE 10-7 IP/MAC ADDRESS FINDER Overview of the IP/MAC Finder Applet Tasks List Summary Window 11-2 Creating a Search Task 11-4 Detailed Task View 11-5 A 11-1 HP OPENVIEW INTEGRATION Integration Overview A-1 Integrating with HP OpenView under Windows NT A-2 Installing the HP OpenView Integration Components A-2 Unin
C DATABASE UTILITIES Overview C-1 The Validation Utility C-2 Using the DBVALID Command-line Utility C-2 Database Connection Parameters C-3 The Backup Utility C-3 The DBBACKUP Command-line Utility C-3 Database Connection Parameters C-4 Installing a Backup Database C-5 D EXTREMEWARE ENTERPRISE MANAGER PROPERTIES FILES The extreme.properties File D-1 The ciscoipports.
x
Figures 1-1 2-1 2-2 3-1 3-2 3-3 3-4 3-5 3-6 4-1 4-2 4-3 4-4 4-5 5-1 5-2 5-3 5-4 5-5 5-6 5-7 5-8 5-9 5-10 ExtremeWare Enterprise Manager software architecture 1-7 ExtremeWare Enterprise Manager Start-up page 2-15 Security warning prior to downloading the signed client applet 2-16 ExtremeWare Enterprise Manager Start-up page 3-6 ExtremeWare Enterprise Manager Login page 3-7 The About ExtremeWare Enterprise Manager page 3-9 VLAN Manager applet running in a browser window 3-10 Inventory Manager applet 3-12 Po
5-11 5-12 5-13 5-14 5-15 5-16 5-17 5-18 6-1 6-2 6-3 6-4 6-5 6-6 6-7 6-8 6-9 6-10 6-11 6-12 6-13 7-1 7-2 7-3 7-4 7-5 7-6 7-7 7-8 7-9 7-10 xii Add Port Group window in the Inventory Manager 5-17 Devices tab of the Modify Devices, Device Groups, and Port Groups window. 5-19 Device Groups tab of the Modify Devices, Device Groups, and Port Groups window. 5-20 Port Groups tab of the Modify Devices, Device Groups, and Port Groups window. 5-21 Devices tab of the Delete Devices and Device Groups window.
7-11 8-1 8-2 8-3 8-4 8-5 8-6 8-7 8-8 8-9 8-10 8-11 8-12 8-13 8-14 8-15 8-16 8-17 8-18 8-19 8-20 8-21 8-22 8-23 8-24 8-25 8-26 8-27 8-28 8-29 Protocol Panel dialog box, Add Protocol page 7-14 Application Server Policy 8-2 Client/Server Policy 8-3 Source Port Policy 8-4 VLAN Policy 8-4 Basic Policy Definition 8-6 The Policy System main view 8-13 Using the policy object selector to specify policy components 8-16 Pop-up selection box for Policy type 8-20 Create: Network QoS Policy page for a VLAN policy 8-21 N
8-30 8-31 9-1 9-2 9-3 9-4 9-5 9-6 9-7 9-8 9-9 9-10 10-1 10-2 10-3 10-4 10-5 10-6 10-7 10-8 10-9 11-1 11-2 11-3 11-4 11-5 A-1 A-2 A-3 xiv The Import Data view 8-58 The Event Log 8-59 Virtual Chassis Stack Manager display of known Virtual Chassis stacks 9-4 Details of an individual Virtual Chassis Stack 9-6 Detail view of a Virtual Chassis component of a VC stack 9-7 Orphan Virtual Chassis Connections 9-8 Orphan switches Virtual Chassis connections 9-9 Creating a VC stack 9-10 Delete Virtual Chassis Stack 9
Tables 1 5-1 6-1 6-2 8-1 C-1 C-2 C-3 C-4 Text Conventions xviii Inventory Manager Device Status Indicators 5-6 ExtremeView Switch Status Indicators 6-4 ExtremeView Macro Variables 6-12 Default QoS Treatments 8-43 dbvalid Command Switches C-2 Database Connection Parameters for dbvalid Utility C-3 dbbackup Command Switches C-4 Database Connection Parameters for dbbackup Utility C-4 xv
xvi
Preface This Preface provides an overview of the ExtremeWare Enterprise Manager™ Installation and User Guide, describes guide conventions, and lists other useful publications. INTRODUCTION This guide provides the required information to install and use the ExtremeWare Enterprise Manager software.
PREFACE TERMINOLOGY When features, functionality, or operation is specific to a particular model of the Summit family, the model name is used (for example, Summit1 or Summit4). Explanations of features and operations that are the same among all members of the Summit family simply refer to the product as the Summit. CONVENTIONS Table 1 lists conventions that are used throughout this guide.
RELATED PUBLICATIONS Other manuals that you will find useful are: • ExtremeWare 4.0 Software User Guide • ExtremeWare 4.0 Quick Reference Guide • ExtremeWare Command Reference • ExtremeWare 5.
PREFACE XX EXTREMEWARE ENTERPRISE MANAGER INSTALLATION AND USER GUIDE
1 ExtremeWare Enterprise Manager Overview This chapter describes: • Features of the ExtremeWare Enterprise Manager™ • ExtremeWare Enterprise Manager components • Hardware and software requirements INTRODUCTION Today’s corporate networks commonly encompass hundreds or thousands of systems, including individual end user systems, servers, network devices such as printers, and internetworking systems.
EXTREMEWARE ENTERPRISE MANAGER OVERVIEW The ExtremeWare Enterprise Manager leverages the three-tier client/server architecture framework represented by Java applets, and can be accessed using any Java-enabled browser. The Enterprise Manager application and database support two of the most popular operating environments in the marketplace, Microsoft Windows NT and Sun Microsystems’ Solaris. Integration with HP OpenView provides additional flexibility.
SUMMARY OF FEATURES The ExtremeView applet displays detailed information about the status of Extreme switches (Summit and Black Diamond switches) in a number of categories. Any Enterprise Manager user can view status information about these network devices known to the Enterprise Manager.
EXTREMEWARE ENTERPRISE MANAGER OVERVIEW POLICY-BASED QUALITY OF SERVICE Policy-based management is used to protect and guarantee delivery of mission-critical traffic. A network policy is a set of high-level rules for controlling the priority of, and amount of bandwidth available to, various types of network traffic. Leveraging ExtremeWare 5.
SUMMARY OF FEATURES REAL-TIME STATISTICS The Real-Time Statistics feature of ExtremeWare Enterprise Manager provides a graphical presentation of utilization and error statistics for Extreme switches in real time. The data is taken from Management Information Base (MIB) objects in the etherHistory table of the Remote Monitoring (RMON) MIB. You can choose from a variety of styles of charts and graphs as well as a tabular display.
EXTREMEWARE ENTERPRISE MANAGER OVERVIEW You can use the Enterprise Manager and its Remote Authentication Dial In User Service (RADIUS) server to configure access permissions for Extreme switches. Two levels of access to Extreme switches can be enabled: • User—users who can view device status information and statistics, but cannot modify any parameters. • Administrator—users who can modify device parameters as well as view status information and statistics.
EXTREMEWARE ENTERPRISE MANAGER COMPONENTS Figure 1-1: ExtremeWare Enterprise Manager software architecture EXTREME NETWORKS SWITCH MANAGEMENT ExtremeWare Enterprise Manager uses SNMP to monitor and manage the Extreme switches in the network. To avoid the overhead of frequent device polling, the ExtremeWare Enterprise Manager uses a mechanism called SmartTraps to identify changes in device status and configuration.
EXTREMEWARE ENTERPRISE MANAGER OVERVIEW takes place, the ExtremeWare software in the switch uses the SmartTraps rules to determine if the Enterprise Manager should be notified. These changes can be changes in device status, such as fan failure or overheating, or configuration changes made on the switch through the ExtremeWare CLI or ExtremeWare Vista.
HARDWARE AND SOFTWARE REQUIREMENTS SERVER REQUIREMENTS The ExtremeWare Enterprise Manager Server can run under Microsoft Windows NT or Sun Microsystems’ Solaris Operating Environment, SPARC Platform Edition. For installation under Windows NT, the requirements are: • Microsoft Windows NT 4.
EXTREMEWARE ENTERPRISE MANAGER OVERVIEW Required patches for Solaris 7: Patch Number 106984-04 107078-03 Description libthread patch OpenWindows 3.6.1 Xsun patch ExtremeWare Enterprise Manager also provides software to enable you to launch the Enterprise Manager client from within HP OpenView, either from the Tools menu or from a pop up menu from the Network Node Manager map. HP OPENVIEW REQUIREMENTS The requirements for integration with HP OpenView are the following: • HP OpenView release 5.
2 Installing the ExtremeWare Enterprise Manager This chapter describes how to do the following: • Install the ExtremeWare Enterprise Manager Server under either Windows NT or the Solaris Operating Environment • Install the browser-based client software INSTALLATION OVERVIEW The ExtremeWare Enterprise Manager software includes a set of Java applications, a Web Server, and database software.
INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER Note: See the ExtremeWare Enterprise Manager Release Notes for the most current information on installation requirements. The ExtremeWare Enterprise Manager server installation process installs two components: • The ExtremeWare Enterprise Manager Database Engine • The ExtremeWare Enterprise Manager Web Server INSTALLING ON A WINDOWS NT SYSTEM The following sections assume that Microsoft Windows NT is already running.
INSTALLING ON A WINDOWS NT SYSTEM The ExtremeWare Enterprise Manager Welcome screen appears. 4 Follow the on-screen instructions to progress through the Welcome screen. 5 If you are running a previous version of ExtremeWare Enterprise Manager, you are notified that the EEM 1.x services will be stopped in order to install EEM 2.0. If this is acceptable, click Yes. 6 Click Yes to accept the license agreement. 7 Enter your company information. 8 Enter your license key.
INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER — The HTTP Port for communication with clients (default 80). — The Admin Port used by the Enterprise Manager web server (default 9095). — An Internal port used by the Enterprise Manger web server (default 9096). Accept any or all of the default port numbers, or enter different port numbers. You can use any port number (a number between 1024 and 9999 is recommended) except: — The port number you just entered for the database TCP port.
INSTALLING ON A WINDOWS NT SYSTEM If you answer Yes, an MS-DOS window will appear briefly while the database contents are dumped from the old 1.x database and loaded into the 2.0 database. 18 If HP OpenView is installed on the system where you are installing the ExtremeWare Enterprise Manager server, the installation software asks if you want to integrate with HP OpenView. Integration allows access to the ExtremeWare Enterprise Manager and ExtremeWare Vista from the HP OpenView user interface.
INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER is the 11-character license key found on the License Agreement shipped with the ExtremeWare Enterprise Manager software. Type the key exactly as it is shown on the License Agreement. If the license update is successful, the message “License Installed” is displayed. If the update is not successful, the message “Invalid argument key : ” is displayed. is the license key you entered with the instlic command.
INSTALLING ON A SPARC SOLARIS SYSTEM For the most current information on required patches, see the ExtremeWare Enterprise Manager Release Note that accompanies your ExtremeWare Enterprise Manager software. Patches for Solaris 2.6: Patch Number 105181-11 105210-17 105490-05 105568-13 105633-18 105669-04 Description Recommended kernel update Required libc patch Required linker patch Threads bug fix - prevents hanging Xserver font fixes Recommended - CDE 1.
INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER 1 Insert the CDROM into the CDROM drive. 2 If you are running CDE, the contents of the CDROM are displayed in the File Manager. Go to the solaris directory. To run from an Xterm window: cd /cdrom/eem2_0/solaris 3 Run the installation script: ./install.
INSTALLING /opt/eem20: No such directory. ON A SPARC SOLARIS SYSTEM Do you wish to create it? (y/n)[y] Assuming you want to create the directory, accept Y as the default. If you answer N, the script will assume the directory already exists. 7 The installation script now copies and installs the ExtremeWare Enterprise Manager files: Installing ExtremeWare Enterprise Manager files... After copying a number of files, the following message appears: File copy complete. Configuring Installation.
INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER For purchased products, this is found on the license agreement sheet included with the product. ’Evaluation’ will grant a 30 day evaluation license. Please enter the license key: [Evaluation] If you have purchased the product and received a license key from Extreme Networks, enter it here. If you are installing an evaluation copy, accept the default, Evaluation.
INSTALLING ON A SPARC SOLARIS SYSTEM — Any port number already in use by another process. 12 Finally, you are asked to confirm the configuration parameters: *** Configuration Please review the following items.
INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER If you are upgrading from an earlier version of ExtremeWare Enterprise Manager, you will also see the following: *** Database Upgrade Upgrading Database... Upgrading from EEM 1.1 Generating sql files... Dumping data from tables in old database ... Loading data into tables in new database ... Database Upgrade Complete. The final messages are: The ExtremeWare Enterprise Manager software installation is complete.
INSTALLING ON A SPARC SOLARIS SYSTEM For example, if you installed in the default directory, enter: /opt/eem20/instlic is the 11-character license key found on the License Agreement shipped with the ExtremeWare Enterprise Manager software. Type the key exactly as it is shown on the License Agreement. If the license update is successful, the message “License Installed” is displayed in the xterm or command window.
INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER INSTALLING THE ENTERPRISE MANAGER CLIENT In order to run the ExtremeWare Enterprise Manager client, Web browser software must be installed. • Under Windows 95 or Windows NT, install Microsoft Internet Explorer 5.0 with the Microsoft 5.x JVM. To download Internet Explorer 5.0, go to http://www.microsoft.com/ie/ The Enterprise Manager client will also run with Internet Explorer 4.0 with the Microsoft 5.x JVM. Versions of Internet Explorer earlier than 4.72.
INSTALLING THE ENTERPRISE MANAGER CLIENT that you assigned to the ExtremeWare Enterprise Manager Web Server during installation. Note: If you used the default web server port, 80, you do not need to include the port number. The Enterprise Manager Start-up page appears, as shown in Figure 2-1. Figure 2-1: ExtremeWare Enterprise Manager Start-up page 2 From the Enterprise Manager Start-up page click Launch Installed ExtremeWare Enterprise Manager.
INSTALLING THE EXTREMEWARE ENTERPRISE MANAGER Figure 2-2: Security Warning prior to downloading the signed client applet 3 To continue with the download, click Yes. To get more information about the applet, the security certificate or the permissions that are being granted, select any of the links on the page, or click the More Info button. 4 When the download is complete, the ExtremeWare Enterprise Manager Login page appears.
3 Starting the ExtremeWare Enterprise Manager This chapter describes: • Starting the ExtremeWare Enterprise Manager Server. • Launching an Enterprise Manager Client. • Navigating the Enterprise Manager pages. When you log in for the first time after installing the ExtremeWare Enterprise Manager server software, there are only two user accounts enabled—an Administrator account “admin,” and a user account “user” with Monitor access privileges. Neither account has a password.
STARTING THE EXTREMEWARE ENTERPRISE MANAGER STARTING OR RESTARTING THE ENTERPRISE MANAGER SERVER If you have not installed the components as a service, you must start them manually after you boot the server system. You can do this from the Windows NT Start menu.
RUNNING THE ENTERPRISE MANAGER UNDER WINDOWS 4 Repeat the same actions for the EEM Database Engine. If the components are running as regular applications, follow these steps to shut them down: 1 Double-click on the ExtremeWare Enterprise Manager 2.0 Server button on the Windows Taskbar to bring up the ExtremeWare Enterprise Manager 2.0 Server MS-DOS window. 2 Type [Ctrl]+C at the DOS command prompt to shut down the Enterprise Manager Web Server.
STARTING THE EXTREMEWARE ENTERPRISE MANAGER RUNNING THE ENTERPRISE MANAGER UNDER SOLARIS The following instructions assume that you are using a command or Xterm window running the C shell. STARTING OR RESTARTING THE ENTERPRISE MANAGER SERVER To run the Enterprise Manager Server: 1 Set the current directory: cd is the directory (path) where you installed the Enterprise Manager components. If you installed in the default directory, the path is /opt/eem20.
LAUNCHING LAUNCHING CLIENT THE THE EXTREMEWARE ENTERPRISE MANAGER CLIENT EXTREMEWARE ENTERPRISE MANAGER The Enterprise Manager client user interface is a Java-based application that runs within a Java-enabled browser such as Microsoft Internet Explorer 4.72 or later under Windows 95 or Windows NT, or Netscape Communicator (Navigator) version 4.0.7 or later under Solaris or HP-UX. To run the ExtremeWare Enterprise Manager client interface: 1 Launch your Web browser.
STARTING THE EXTREMEWARE ENTERPRISE MANAGER Figure 3-1: ExtremeWare Enterprise Manager Start-up page 3 You are presented with several ways to run the ExtremeWare Enterprise Manager client: For Windows NT or Windows 95 running Internet Explorer: — Click Launch ExtremeWare Enterprise Manager to launch the Enterprise Manager using the JVM in the browser. — Click Launch Installed ExtremeWare Enterprise Manager Client to run the client applet locally.
LAUNCHING THE EXTREMEWARE ENTERPRISE MANAGER CLIENT — Click Launch ExtremeWare Enterprise Manager with the Java Plug-In to launch the Enterprise Manager using Sun’s Java plug-in. If the most current version of the plug-in is not available, you will be prompted to download it, and will be led through the brief installation process. The ExtremeWare Enterprise Manager Login page appears, as shown in Figure 3-2.
STARTING THE EXTREMEWARE ENTERPRISE MANAGER To log into ExtremeWare Enterprise Manager: 1 Type your user name in the User field if you already have an ExtremeWare Enterprise Manager user account. — If you are the network administrator logging in to the Enterprise Manager server for the first time since it has been installed, log in as “admin.” You will be able to change the admin password (strongly recommended) and to create additional user accounts.
NAVIGATING THE ENTERPRISE MANAGER FUNCTIONS Navigation Toolbar Main applet frame Figure 3-3: The About ExtremeWare Enterprise Manager page • The Navigation Toolbar, on the left, displays a set of buttons you can use to access various Enterprise Manager modules. — About returns you to the display shown in Figure 3-3. — Inventory runs the Inventory Manager. — VLAN runs the VLAN Manager. — VC runs the Virtual Chassis Stack Manager.
STARTING THE EXTREMEWARE ENTERPRISE MANAGER — EView runs the ExtremeView applet. — Policy runs the Policy System applet. — RT Stats runs the Real Time statistics applet. — Find IP/MAC runs the MAC/IP Address Finder applet. — Logoff ends your session and returns you to the Login display. • The main applet frame is used to display the active Enterprise Manager applet. For example, in Figure 3-4, the VLAN Manager is displayed in the main applet frame.
NAVIGATING THE ENTERPRISE MANAGER FUNCTIONS Enterprise Manager applets use a two-panel display within the main applet frame. The two panels are: • The Component Tree. • A component status/detail information panel. In addition, some applets provide an applet-specific set of buttons at the top of the main applet frame. These provide access to specific applet functions, such as adding, deleting, or configuring components managed by the applet. THE COMPONENT TREE The left side panel shows the Component Tree.
STARTING THE EXTREMEWARE ENTERPRISE MANAGER Column heading separators Figure 3-5: Inventory Manager applet ➧ Click on a component in the Component Tree to display information about that component. In Figure 3-5, the selected component is the Default device group. The component status/detail panel displays summary status information about each device in this device group. A red circle with the white “S” next to a device indicates that the device is not reachable through SNMP.
NAVIGATING THE ENTERPRISE MANAGER FUNCTIONS MOVING THE COMPONENT TREE BOUNDARY You can move the boundary between the Component Tree panel and the main applet panel by following these steps: 1 Place the cursor over the line separating the panels. 2 Click and hold the left mouse button to “grab” the panel separator. 3 Drag the separator until the panels are the desired widths. RESIZING AND SORTING COLUMNS In a wide columnar display such as shown in Figure 3-5, you can resize the widths of each column.
STARTING THE EXTREMEWARE ENTERPRISE MANAGER Figure 3-6: Pop-up dialog box for adding a VLAN in the VLAN Manager A dialog box can contain the following types of fields: • Text fields, such as the VLAN Name field in Figure 3-6. Enter text or numbers by clicking in the field and then typing. To clear a value from a text field, highlight the value with the cursor and press the Del or Backspace key on the keyboard. You can also highlight the value and just type a new value over the old one.
4 Administering the ExtremeWare Enterprise Manager This chapter describes how to use the Administration applet for the following: • Adding ExtremeWare Enterprise Manager users. • Setting and modifying user permissions for both the Enterprise Manager and ExtremeWare. • Changing a user’s password. • Deleting users. • Configuring the RADIUS server for user authentication.
ADMINISTERING THE EXTREMEWARE ENTERPRISE MANAGER • Administrator—users who can create, modify and delete user accounts as well as perform all the functions of a user with Manager access. The Enterprise Manager provides two default users, “admin” with Administrator access, and “user” with Monitor access. The two default users do not initially have passwords. All other user names must be added and enabled by an Administrator user.
STARTING THE ENTERPRISE MANAGER CLIENT STARTING THE ENTERPRISE MANAGER CLIENT FIRST TIME FOR THE FIRST TIME FOR THE The two default users, admin and user, do not initially have passwords. It is strongly recommended that you log in the first time with the user name admin, and immediately change the admin user password. You can then add other users with Manager, Monitor, or Administrator access. To run the ExtremeWare Enterprise Manager client interface for the first time: 1 Launch your Web browser.
ADMINISTERING THE EXTREMEWARE ENTERPRISE MANAGER Figure 4-1: User Administration window CHANGING THE ADMIN PASSWORD To change the Admin password: 1 Click the tab at the top of the page to display the User Administration page, if necessary. 2 Select the user admin in the User list. 3 Click Modify. The Edit User window appears, as shown in Figure 4-2.
STARTING THE ENTERPRISE MANAGER CLIENT FOR THE FIRST TIME Figure 4-2: Edit User window 4 Type a new password in the Password field. 5 Type the password again in the Verify Password field. 6 Click OK. The new admin password is stored in the Enterprise Manager database. You cannot change the ExtremeWare Enterprise Manager access level for this user. You can, however, change the ExtremeWare account access. The default for the ExtremeWare Enterprise Manager user “Admin” is Administrator.
ADMINISTERING THE ADDING EXTREMEWARE ENTERPRISE MANAGER OR MODIFYING USER ACCOUNTS To add users to the Enterprise Manager database, or to modify ExtremeWare Enterprise Manager user account access, follow these steps: 1 Login to the ExtremeWare Enterprise Manager as a user with Administrator access. 2 In the About ExtremeWare Enterprise Manager window, click Admin in the Navigation Toolbar. The User Administration window appears.
DELETING USERS 8 Select the appropriate EEM Account Access level: — Administrator access allows the user to add, edit and delete user accounts, as well as view status information and statistics and modify device parameters. — Manager access allows the user to view status information and statistics and modify device parameters. — Monitor access allows the user to view status information and statistics.
ADMINISTERING THE EXTREMEWARE ENTERPRISE MANAGER 4 Click Yes. This removes all information about this user account from the Enterprise Manager database. Note: To remove all access privileges for a user without removing the user account from the Enterprise Manager database, use the Modify User function and change the Account Access to Disabled.
RADIUS ADMINISTRATION The window shows your user name, and your EEM and RADIUS Account Access levels as well as your password, but you cannot change them. 2 Type your new password in the Password field. 3 Type the password again in the Verify Password field. 4 Click Apply. Your new password is stored in the Enterprise Manager database. Note: The change does not take effect until the next time you log in.
ADMINISTERING THE EXTREMEWARE ENTERPRISE MANAGER Figure 4-5: Radius Administration page 2 To change the RADIUS server’s shared secret, simply type a new string in the Radius Secret field. This string is basically a shared key by which the RADIUS server and its clients recognize each other, and which they use for secure transmission of user passwords.
RADIUS ADMINISTRATION administered through the Enterprise Manager. Thus, even if a user accesses the switch directly through Telnet or a browser, the RADIUS server will provide the authentication service. Disabling the RADIUS server means that it will not be available for authenticating users. In this case, each Extreme switch must maintain its own list of users and access permissions, and users will need to remember a (possibly different) login and password for every switch.
ADMINISTERING 4-12 THE EXTREMEWARE ENTERPRISE MANAGER EXTREMEWARE ENTERPRISE MANAGER INSTALLATION AND USER GUIDE
5 Using the Inventory Manager This chapter describes how to use the ExtremeWare Enterprise Manager Inventory Manager applet for: • Viewing the ExtremeWare Enterprise Manager device inventory. • Discovering network devices. • Adding network devices to the ExtremeWare Enterprise Manager database. • Modifying device contact parameters. • Deleting a device from the ExtremeWare Enterprise Manager database. • Updating device information in the database.
USING THE INVENTORY MANAGER Manager database, you can assign it to a specific device group, and configure it using the VLAN Manager, Virtual Chassis Stack Manager, ExtremeView, or the Policy System. Any Enterprise Manager user can view status information about the network devices currently known to Enterprise Manager. Users with Administrator or Manager access can run Discovery, and add devices to or delete devices from the list of managed devices in the database.
DISPLAYING THE NETWORK DEVICE INVENTORY • Extreme switches send SmartTraps to the Enterprise Manager whenever a change occurs in a switch status variable that the Enterprise Manager has registered interest in. These include changes to operating variables as well as configuration changes made through other management entities such as the switch command line interface or ExtremeWare Vista.
USING THE INVENTORY MANAGER Figure 5-1: The Inventory Manager applet, main page Note: You must add network devices to the database using Discovery or the Add Devices function in order to make them “known” to the ExtremeWare Enterprise Manager. Until this is done, no devices are displayed in the Inventory Manager. The Device Groups currently defined in the Enterprise Manager are displayed in the Component Tree in the left panel.
VIEWING DEVICE STATUS INFORMATION A red circle with the white “S” next to a device indicates that the device is not reachable through SNMP. The buttons at the top of the page provide the following functions: • Discover lets you find network devices by IP address or range of addresses. • Add lets you add individual devices, device groups, and port groups to the database. • Delete removes a device, device group, or port group from the database.
USING THE INVENTORY MANAGER Figure 5-2: Inventory Manager device group summary status • The status “lights” show the status of the device as detected by the ExtremeWare Enterprise Manager: Table 5-1: Inventory Manager Device Status Indicators 5-6 Status Light Device Status Green Device is up and OK Yellow Device is responding, but reports an error condition such as a fan or power supply failure, or excessive temperature Red Device is not responding to Enterprise Manager status queries.
VIEWING DEVICE STATUS INFORMATION • The name and type of the device are detected by the ExtremeWare Enterprise Manager. • The IP address and read/write community strings are also detected by the Enterprise Manager discovery, or are those entered into the ExtremeWare Enterprise Manager database manually if the switch was added using the Add command. Select a switch in the Component Tree on the left to display detailed configuration and status information, as shown in Figure 5-3.
USING THE INVENTORY MANAGER Figure 5-4: Inventory Manager information for a Cisco device DISCOVERING NETWORK DEVICES ExtremeWare Enterprise Manager 2.0 provides an automatic Discovery function that lets you discover network devices by IP address. To discover network devices, do the following: 1 Click the Discovery button at the top of the Inventory Manager main window. The Discover Devices window, as shown in Figure 5-5, is displayed.
DISCOVERING NETWORK DEVICES Figure 5-5: Inventory Manager Device Discovery set up window 2 Click the appropriate boxes to select the types of devices you want to include in the discovery. You can discover Extreme, Cisco, and Xedia devices. 3 Specify the device address range you want to discover. You may specify the range in one of two ways: — As an IP Address with Wildcards (such as 10.203.10.* or 10.203.?.??).
USING THE INVENTORY MANAGER Examples: IP Address Specification Addesses Generated 10.203.0.* polls 10.203.0.0 through 10.203.0.255 10.203.?.?? polls 10.203.0.0 through 10.203.9.99 0.203.0.1? or 10.203.0.10-19 both specify the same range: 10.203.0.10 through 10.203.0.19 10.203.0-2.10-30 polls 10.203.0.10 through 10.203.0.30 10.203.1.10 through 10.203.1.30 10.203.2.10 through 10.203.2.30 — As an IP address Range (such as 10.203.10.20 to 10.203.10.45).
DISCOVERING NETWORK DEVICES 8 You can remove an address range from the Device Discovery Criteria list at any time before you initiate the discovery by selecting the range and clicking the Remove button. You can remove all address ranges using the Reset button at the bottom of the page. 9 Click the Discover button at the bottom of the window to initiate the discovery.
USING THE INVENTORY MANAGER Note: These devices are NOT automatically entered into the Enterprise Manager database. You must explicitly select and add devices to the database. 10 To add devices to the ExtremeWare Enterprise Manager database, select individual devices or a range of devices in the Results list, and click the Add button at the bottom of the window. Note: If you select multiple devices, make sure the devices you select are similarly configured.
ADDING DEVICES, DEVICE GROUPS AND PORT GROUPS Figure 5-8: Message window showing Add device progress Warning: If you close the Discovery Results window without adding devices, the results for any devices not already in the ExtremeWare Enterprise Manager database are lost. You will need to perform a discovery again to regenerate information on those devices. After the Add has finished, the Discovery Results window is re-displayed.
USING THE INVENTORY MANAGER Figure 5-9: Add Device window in the Inventory Manager 2 Enter the device IP address, community strings, device login and password into the appropriate fields. These are the parameters that the Enterprise Manager uses to access the switch. You may also enter a DNS-resolvable host name in place of the Switch IP address. 3 Select the device group to which this device should belong. It can belong to only one device group. Default is the default group for managed devices.
ADDING DEVICES, DEVICE GROUPS AND PORT GROUPS SmartTraps rules that tell the switch what status and configuration changes are of interest to the Enterprise Manager. CREATING A DEVICE GROUP Device groups are sets of managed network devices that have something in common, and that can be managed as a group.
USING THE INVENTORY MANAGER Figure 5-10: Add Device Group window in the Inventory Manager 2 Type a name for the device group into the Device Group Name field, and a description (optional) into the Device Group Description field. 3 To add a device to the selected device group, select the device in the Available Devices list and click Add ->. To add all devices in the Available Devices list, click Add All ->.
ADDING DEVICES, DEVICE GROUPS CREATING A AND PORT GROUPS PORT GROUP A port group is a set of ports that have something in common, and can be manipulated as a unit. A port group may contain ports from many different switches. Unlike device groups, there is no default port group, and ports do not need to be members of a group. However, they can belong to only one port group at a time.
USING THE INVENTORY MANAGER 2 Type a name for the port group into the Port Group Name field, and a description (optional) into the Description field. 3 Select a device from the Devices list. This displays a list of ports on the switch that are available to be included in the port group. 4 Select one or more ports from the Available Ports list. Click the Add -> button in the middle of the screen to add these ports to the Selected Ports list.
MODIFYING DEVICES, DEVICE GROUPS AND PORT GROUPS Figure 5-12: Devices tab of the Modify Devices, Device Groups, and Port Groups window. 2 Select the device for which you want to change contact information. 3 Enter the changed information in the appropriate fields. The Device Login and Device Password are the login and password needed in order to Telnet to the device or to use ExtremeWare Vista 4 Click Reset to change the fields back to their original values.
USING THE INVENTORY MANAGER Figure 5-13: Device Groups tab of the Modify Devices, Device Groups, and Port Groups window. 2 Select the device group you want to modify. The Included Devices list displays the devices that are currently members of this group. The Available Devices list displays the other devices known to the Enterprise Manager, and their current device group membership. 3 To change the name or description of the group, type the new text into the Device Group Name and Description fields.
MODIFYING DEVICES, DEVICE GROUPS AND PORT GROUPS Moving a device from one device group to another requires two steps. First, remove it from its current device group (returning it to the Default group). Then select the new device group, and move the device from the Default device group to the new group.
USING THE INVENTORY MANAGER 5 Select one or more ports from the Available Ports list. Click the Add -> button in the middle of the screen to add these ports to the Selected Ports list. Click the Add All -> button to add all ports in the Available Ports list to the Selected Ports list. 6 Repeat steps 3 through 5 until you have included all the ports that should be members of this port group. 7 To replace the modified port group in the database, click the Modify button at the bottom of the window.
DELETING DEVICES, DEVICE GROUPS, AND PORT GROUPS FROM THE DATABASE Figure 5-15: Devices tab of the Delete Devices and Device Groups window. 2 To select a device from a specific device group, select the device group from the pull-down list in the Filter by Device Group field. Select All to view the list of all devices from all device groups. 3 Select one or more devices in the Devices list, and click Delete. 4 Click OK to confirm that you want to delete the device information from the database.
USING THE INVENTORY DELETING A MANAGER DEVICE GROUP To delete a device group from the Enterprise Manager database, follow these steps: 1 Click the Delete button at the top of the Inventory Manager main page. Select the appropriate tab to display the Delete Device Groups window (see Figure 5-16). Figure 5-16: Device Groups tab of the Delete Devices, Device Groups, and Port Groups window. 2 Select one or more device groups in the Device Groups list, and click Delete.
UPDATING DEVICE INFORMATION Figure 5-17: Port Groups tab of the Delete Devices, Device Groups, and Port Groups window. 2 Select one or more port groups in the Port Groups list, and click Delete. 3 Click OK to confirm that you want to delete the port group information from the database. UPDATING DEVICE INFORMATION Occasionally, you may want to update the configuration and status information for one or more devices in the ExtremeWare Enterprise Manager database.
USING THE INVENTORY MANAGER 1 Click Sync at the top of the Inventory Manager page. The Synchronize Devices dialog, as shown in Figure 5-18, is displayed, listing the devices in the Enterprise Manager database. Figure 5-18: Synchronize Devices dialog 2 Select one or more devices in the Device list. 3 Click Sync to initiate the synchronization process. The Inventory Manager uses SNMP to retrieve configuration and status information from each selected switch, and updates the database with that information.
6 Using ExtremeView This chapter describes how to use ExtremeView for: • Viewing Extreme switch status • Viewing and setting Extreme device configuration information using the ExtremeWare Vista graphical user interface • Viewing Extreme device statistics • Configuring Extreme devices using Telnet and the ExtremeWare Command Line Interface (CLI) • Configuring Cisco devices using interactiveTelnet OVERVIEW OF THE EXTREMEVIEW APPLICATION The ExtremeView applet displays information about the status of Ext
USING EXTREMEVIEW Note: You must have a user account on the Extreme switch in order to run ExtremeWare Vista on the switch. A user account on a switch is separate from your Enterprise Manager user account. Figure 6-1: The ExtremeView applet, main page • Status displays status information for the Extreme switches known to the ExtremeWare Enterprise Manager.
VIEWING SWITCH STATUS INFORMATION • Telnet starts a macro application that allows the scripting and playback of CLI commands to a selection of Extreme switches. The applet performs a Telnet to the switch, logs into the switch, and performs the scripted commands. You can also use this applet to run an interactive Telnet session to an individual switch.
USING EXTREMEVIEW Table 6-1: ExtremeView Switch Status Indicators Status Light /Switch Status Green Switch is up and OK Yellow Switch is responding, but reports an error condition such as a fan or power supply failure, or excessive temperature Red Switch is not responding to Enterprise Manager status queries.
VIEWING SWITCH CONFIGURATION INFORMATION This view shows an active graphical display of the switch front panel, as well as a table of status information. You can view the status of individual ports, as shown in Figure 6-4, in two ways: • By selecting the port with the cursor in the switch diagram. • By displaying the list of ports in the Component Tree, and selecting the port.
USING EXTREMEVIEW Figure 6-5: The ExtremeView applet, Configuration summary The sub-components under Configuration in the Component Tree are the categories of configuration information that are available through this applet. These correspond to pages from the ExtremeWare Vista application running on the switch. Select one of these categories to display a list of switches, and select a switch to view the configuration settings for that switch in the category you’ve chosen.
VIEWING SWITCH CONFIGURATION INFORMATION Figure 6-6: The ExtremeView applet, Configuration details When you have made the necessary configuration changes, click Submit to send these to the switch for implementation.
USING EXTREMEVIEW VIEWING SWITCH STATISTICS Select Statistics in the Component Tree to display summary statistics for the Extreme switches known to the Enterprise Manager (see Figure 6-7). Figure 6-7: The ExtremeView applet, Statistics summary The sub-components under Statistics in the Component Tree are the categories of statistical information that are available through this applet. These correspond to pages of information from the ExtremeWare Vista application running on the switch.
USING TELNET WITH EXTREME SWITCHES Figure 6-8: The ExtremeView applet, Statistics details USING TELNET WITH EXTREME SWITCHES The Telnet applet allows the scripting and playback of groups of CLI commands (macros) to a selection of Extreme switches. You can also use this applet to run an interactive telnet session on an individual switch, including third-party switches.
USING EXTREMEVIEW Figure 6-9: The ExtremeView applet, Telnet interface The Telnet Connections lists indicates which switches have open Telnet connections, and the status of any macros that have run or are being run on the switch. Switches with open Telnet connections are also shown in bold in the list of switches under the Telnet component in the Component Tree.
USING TELNET WITH EXTREME SWITCHES RUNNING EXTREMEWARE COMMAND MACROS The lower half of the Telnet page contains the macro Record/Play buffer. You can enter a series of ExtremeWare commands into this buffer, which will form a script that can be played to the set of switches you select in the Telnet Connections list.
USING EXTREMEVIEW There are four variables you can use in an ExtremeWare CLI command that will be expanded when the target switch is contacted. These are: Table 6-2: ExtremeView Macro Variables Variable Definition The name of the switch The current date of the EEM server
USING TELNET WITH EXTREME SWITCHES 5 To close an open connection, select the switch and click the Closed button. To view the results of the macro execution on a particular switch, select the switch in the Telnet switch list in the Component Tree. This will display a telnet session display for the switch. Because it displays an active telnet session, you can use this page to view the progress of the macro as the various ExtremeWare commands are executed.
USING EXTREMEVIEW the white portion of the window. As output grows, the older lines scroll up into the grey portion of the screen. This makes it easy to tell whether you are viewing the most recent Telnet output. The Telnet session window will display the commands and results from macros that are run on the switch. You can also type in commands individually. You cannot use the macro variables (, ,
USING TELNET WITH CISCO DEVICES • To copy from an interactive session, highlight the lines you want to copy, click the right mouse button and select Copy from the pop-up menu. • To paste into another window, display the window, place the cursor where you want the lines inserted, click the right mouse button and select Paste from the pop-up menu.
USING EXTREMEVIEW Figure 6-13: An open Telnet session for Cisco device in ExtremeView You can enter and execute commands using Cisco’s Command Line Interface. The commands and any resulting output will be displayed in the session window just as if you were running a Telnet session on any other client. The Telnet session window is a two-tone window—the bottom of the window is white, the top is grey. The last 25 lines of Telnet commands and responses always appear in the white portion of the window.
7 Using the VLAN Manager This chapter describes how to use the VLAN Manager for: • Viewing enterprise-wide, tagged and untagged VLAN information for Extreme (Summit and BlackDiamond) switches managed by the ExtremeWare Enterprise Manager • Adding new tagged or untagged VLANs to Extreme devices, adding ports to those VLANs, and modifying IP addresses • Deleting VLANs • Modifying VLANs • Adding and deleting protocol filters OVERVIEW OF VIRTUAL LANS A Virtual LAN is a group of location- and topology-inde
USING THE VLAN MANAGER The VLAN Manager is an enterprise-wide application that manages all aspects of VLANs on Extreme devices. If you run the Enterprise Manager with Administrator or Manager access, you can: • Create and delete VLANs • Add or remove ports from existing VLANs • Modify a VLAN’s IP address • Enable/disable IP Forwarding • Create and modify the protocol filters used to filter VLAN traffic Extreme switches support a maximum of 256 VLANs.
DISPLAYING VLANS Figure 7-1: VLAN Manager applet, topology shown by VLAN The VLANs currently known to the Enterprise Manager database are displayed in the Component Tree on the left. The panel on the right shows summary information about the configuration of the switches and ports that are members of a selected VLAN. Note: You must add switches to the ExtremeWare Enterprise Manager database through Discovery or by using the Add function in the Inventory Manager.
USING THE VLAN MANAGER • Select By VLAN to display VLANs in the component tree, and showing under the VLAN each switch that has ports that are members of the VLAN (see Figure 7-1). • Select By Switch to display every switch in the component tree, and showing under the switch each VLAN that “owns” ports on the switch, as shown in Figure 7-2. Figure 7-2: VLAN topology shown by switch You can display details about the component ports of a VLAN by selecting the VLAN or switch in the tree on the left.
DISPLAYING VLANS Figure 7-3: VLAN member ports on a selected switch Figure 7-3 presents details about which ports in a VLAN belong to the selected switch.
USING THE VLAN MANAGER Figure 7-4: Switch member ports for a selected VLAN Figure 7-4 presents details about which ports on a given switch are found in the selected VLAN. ADDING A VLAN Users with Administrator or Manager access can create VLANs on the Extreme switches managed by the ExtremeWare Enterprise Manager. If you have Monitor access only, you can not use this function. To add a new VLAN, do the following: 1 Click the Add button in the VLAN Manager panel.
ADDING A VLAN Figure 7-5: Add VLAN dialog, Properties and Ports page 2 Enter a descriptive name for the VLAN. The name must begin with a letter followed by up to 31 characters. See the Summit Switch Installation and User Guide for details on VLAN naming. 3 Select an entry from the pull-down Protocol Filter list. This selection determines what protocol (if any) is used to determine membership in this VLAN. If you do not want to specify a protocol, select ANY.
USING THE VLAN MANAGER 7 Click Tagged to add the port as a tagged port. Click Untagged to add the port as an untagged port. Note: If this is an untagged VLAN, you are not able to add a tagged port. When you add an untagged port to a VLAN, it is automatically removed from any other VLAN which uses the same protocol as the new VLAN, and where the port is an untagged member.
DELETING A VLAN 2 Select a switch from the table of switches. 3 Enter an IP address and IP mask. Click the Enable IP Forwarding check box if you want to enable IP forwarding for this VLAN on the switch. 4 Click Apply to have the changes take effect. DELETING A VLAN Users with Administrator or Manager access can delete VLANs from the Extreme switches managed by the ExtremeWare Enterprise Manager. If you have Monitor access, you will not be able to use this function.
USING THE VLAN MANAGER MODIFYING A VLAN Users with Administrator or Manager access can modify the properties of a VLAN, and add and remove ports from the VLAN. If you have Monitor access, you will not be able to use this function. To modify a VLAN, follow these steps: 1 Click the Modify button in the VLAN Manager panel. The Modify VLAN dialog, Properties & Ports page is displayed, as shown in Figure 7-8.
MODIFYING A VLAN 5 To remove a port from the VLAN, select the port in the Ports in VLAN list, and click Remove. 6 To add a port to the VLAN, first select the switch from the Available Switches list. This displays a list of ports on the switch that are available to be included in the VLAN. Note: The Available Ports list does not include ports in SummitLink mode, or ports configured as slave load sharing ports. 7 Select a port from the Available Ports list. 8 Click Tagged to add the port as a tagged port.
USING THE VLAN MANAGER Figure 7-9: The Modify VLAN dialog, IP Forwarding page 11 Select a switch from the table of switches. 12 Change the IP address and IP mask as appropriate. Click the Enable IP forwarding check box to enable or disable IP forwarding for this VLAN on the switch. 13 Click Apply to have the changes take effect. ADDING AND DELETING PROTOCOL FILTERS Users with Administrator or Manager access can view, add, and delete protocol filter definitions.
ADDING AND DELETING PROTOCOL FILTERS . Figure 7-10: Protocol Panel dialog box, View/Delete page This page shows all the protocol filters configured within the ExtremeWare Enterprise Manager. Any filters that are in use by a VLAN are indicated with an asterisk (*) in the In Use column. 2 To delete a protocol filter, select a filter in the list, and click Delete.
USING THE VLAN MANAGER To add a protocol filter, follow these steps: 1 Click the Add tab at the top of the Protocol Panel dialog box to display the Add Protocol page, as shown in Figure 7-11. . Figure 7-11: Protocol Panel dialog box, Add Protocol page 2 Enter a descriptive name for the Protocol. The name must begin with a letter followed by up to 31 characters. See the Summit Switch Installation and User Guide for details on naming. 3 Select a protocol type from the pull-down list in the type column.
8 Using the Policy System This chapter describes how to use the ExtremeWare Enterprise Manager Policy System for: • Creating, modifying, and deleting network Quality of Service (QoS) policies • Defining and modifying QoS treatments • Defining users and user groups as policy objects • Defining end stations and end station groups as policy objects • Configuring network devices with the defined network policies • Importing users, user groups, and end stations from Windows NT Domain Controller or Solaris NIS
USING THE POLICY SYSTEM devices. It also detects overlaps and conflicts in policies, with precedence rules for resolving conflicting QoS rules. Note: The ExtremeWare Enterprise Manager Policy System is based on the ExtremeWare 5.0’s Policy-Based QoS. For details on the capabilities and implementation of QoS in Extreme Switches, see the chapter on Quality of Service in the ExtremeWare Software User Guide V 4.0, and the Release Note for ExtremeWare 5.0.
OVERVIEW OF THE POLICY SYSTEM • Client/Server Policy maps a QoS treatment to traffic going between a server and specific clients. You specify the both sets of endpoints (clients and server) between which the traffic will travel. The server endpoint can include an application (translated to an L4 port) or it can be a host (indicated by the application choice “ANY,” translated to an IP address only). The Policy System determines the switches that should be affected by this policy.
USING THE POLICY SYSTEM Figure 8-3: Source Port Policy You can specify multiple source ports in a single policy, and you can specify them by providing a host name or even a user name (or group of names) and leave it to the Policy System to determine the source port to which those names map. For more details, see the section “Source Port Policy Definition Tab” on page 8-30. • VLAN Policy maps a QoS treatment to traffic from one or more VLANs.
OVERVIEW OF THE POLICY SYSTEM Both VLAN QoS and Source Port QoS depend on 802.1Q tagging to carry the QoS parameters across VLAN boundaries or switch boundaries. In order to allow these QoS types to be effectrive end-to-end, you should make sure your switch-to-switch links use tagged ports. • Custom Policy lets you specify the components for an IP-based policy, without any predefinition of relevant policy components.
USING THE POLICY SYSTEM Figure 8-5: Basic Policy Definition The ExtremeWare Enterprise Manager Policy System converts the high-level policy definition you supply into a set of low-level QoS rules that it will implement on the devices within the policy’s scope. To do this, the Policy system takes the following steps: 1 Converts the endpoint components, application components, and traffic direction components into traffic patterns. 2 Converts the policy treatment into QoS profiles.
OVERVIEW OF THE POLICY SYSTEM POLICY OBJECTS The ExtremeWare Enterprise Manager Policy System lets you work with high-level components, or policy objects, when defining a QoS policy. The components used within the Enterprise Manager Policy System are the following: • Devices (by name) and Device Groups: These are entered into the Enterprise Manager database via the Inventory Manager (Discovery or Add Devices), and are mapped to IP addresses in the Enterprise Manager database.
USING THE POLICY SYSTEM POLICY IMPLEMENTATION TYPES ExtremeWare 5.0, and thus ExtremeWare Enterprise Manager, supports three policy implementation types. The implementation type of a policy is primarily determined by the type of endpoints to which the policy will apply. The implementation types are: • IP QoS: This uses IP addresses, or IP addresses plus Layer 4 ports, to define the sources and destinations of the traffic.
THIRD-PARTY DEVICE SUPPORT If Auto Configuration is turned off you must explicitly perform the configuration process using the Configuration function in the Policy System Client. THIRD-PARTY DEVICE SUPPORT In addition to supporting Extreme Networks switches, ExtremeWare Enterprise Manager provides support for some third-party devices. As of ExtremeWare Enterprise Manager 2.0, these include: • Cisco devices running IOS 11.2 or later • Xedia devices running the Xedia 2.
USING THE POLICY SYSTEM CISCO PORT MAPPINGS When ExtremeWare Enterprise Manager pushes a policy to a Cisco device, the device automatically maps well-known TCP and UDP port numbers to names (for example, TCP port 80 to the name “HTTP”). When Enterprise Manager reads the rules from a Cisco device, it must re-map the name back to a port number. ExtremeWare Enterprise Manager uses a properties file to associate the well-known port names and port numbers. The file, ciscoipports.
THIRD-PARTY DEVICE SUPPORT XEDIA DEVICE SUPPORT ExtremeWare Enterprise Manager can support certain Xedia devices running Xedia software version 2.1. Later software versions may work but have not been tested. ExtremeWare Enterprise Manager 2.0 has been tested with the following model running the Xedia 2.1 software: • Xedia Access Point See the ExtremeWare Enterprise Manager Release Notes that accompanied your software for the most current list of supported models.
USING THE POLICY SYSTEM Precedence Profile • QP3 • QP2 Lowest QP1 For Extreme switches, there is a set of rules to determine the precedence. See the ExtremeWare Software User Guide, V 4.0, Chapter 8, “Quality of Service (QoS)” for details. Root class bandwidth-allocation parameter. Under the Xedia 2.1 R3 software, for an ethernet interface, the root CBQ class is created by default with a value that is the same as the interface speed—the nominal bandwidth of the interface.
USING THE POLICY SYSTEM USING THE POLICY SYSTEM To invoke the Policy System, click the Policy button in the Navigation Toolbar. The Policy System main window is displayed (see Figure 8-6). The Component Tree on the left shows the elements of the Policy System. The main applet frame shows the definition and function of each of these elements.
USING THE POLICY SYSTEM • End Stations lets you define specific hosts or groups of hosts by name as policy objects for use in policy definitions. They dynamically translate into IP addresses/ports when QoS rules are computed for configuration onto network devices. • Managed Devices shows you all devices currently being managed by ExtremeWare Enterprise Manager. You can also set policy for Cisco devices using this function.
CREATING CREATING A A NEW NETWORK POLICY NEW NETWORK POLICY There are two ways to create a network policy: • Using the Create Policy Wizard, which is invoked by clicking the Create Policy button at the top of the Policy System page. The Create Policy Wizard guides you step by step through the policy creation process. This is recommended if you are new to using the Policy System. • Selecting Policy from the New menu.
USING THE POLICY SYSTEM — Source Port Policy lets you specify the components of a policy for traffic originating from specific ingress ports. — VLAN Policy lets you specify the components of a policy for traffic originating from one or more VLANs. — Custom Policy lets you specify the components for any other type of policy, without any predetermination of relevant policy components. Note: In these steps, Client/Server has been selected as the policy type. The process is similar for other policy types.
CREATING A NEW NETWORK POLICY b Select individual users, user groups, end stations, end station groups, or devices and add or remove them from the Selected items list. You can display either the Local End Stations list or the End Station Groups list by selecting from the pull-down list in the Show Type field. When you have finished, click OK. You can also type in new policy object names or delete names in the Servers list itself.
USING THE POLICY SYSTEM b To select specific Device Groups to which this policy should apply, click the Specified Device Groups button. — To include a device group, select the device group in the Excluded Device Groups list and click the right-arrow button. The device group will move to the Included Device Groups list. — To remove device groups from the policy scope, select the Device Group in the Included Device Groups list and click the left-arrow button.
CREATING A NEW NETWORK POLICY — The QoS Type of the policy (IP QoS, Source Port QoS, or VLAN QoS). — The time at which the policy was created. The precedence based on QoS type overrides all other precedence factors. IP QoS is the highest priority, Source Port QoS is second, and VLAN QoS is the lowest. Thus, Custom and Client-Server policies will have higher precedence than Source Port policies, which will in turn be higher than a VLAN policy.
USING THE POLICY SYSTEM CREATING A POLICY FROM THE NEW MENU If you are experienced in network policy creation, using the Network QoS Policy view page is a quicker method for creating new policies. To create a policy using the New menu, follow these steps: 1 Click the New button at the top of the Policy System page, then select Policy from the drop-down menu. A pop-up box appears to let you select the type of policy you want to create (see Figure 8-8).
VIEWING AND MODIFYING NETWORK POLICIES Policy object selector Figure 8-9: Create: Network QoS Policy page for a VLAN policy This view lets you specify all the components of a network policy by using the various tabs to specify the elements of a policy, as described in the next section.
USING THE POLICY SYSTEM Figure 8-10: Network QoS Policy view for a VLAN policy, Definition tab The main applet frame has two sections: • The top section lists all the network policies currently defined in the policy system, with type and status information. — Type displays an icon showing the type of policy (Application Server, Client/server, Source Port, VLAN, or Custom). — Enabled indicates whether the policy is enabled. A green check ( ) indicates that the policy is enabled.
VIEWING AND MODIFYING NETWORK POLICIES A small switch with a green light indicates that the current QoS rules have been configured onto the appropriate network devices. A small switch with a half-green light indicates that the current QoS rules have been partially configured onto the appropriate network devices. A small switch with a white light indicates that the current QoS rules have not been configured onto the appropriate network devices. A small switch with a red light A blue question mark unknown.
USING THE POLICY SYSTEM Select individual VLANs and add or remove them from the Selected items list. When you are finished, click OK. — Type in new VLAN names or delete the names of VLANs in the VLAN list itself. The names you type must be valid names of VLAN known to the ExtremeWare Enterprise Manager. The name must be in the form: VLAN[] It must be preceded by the word VLAN and enclosed in square brackets.
VIEWING AND MODIFYING NETWORK POLICIES For an Application Server policy (Figure 8-11) the Definition tab shows a list of the servers and the application to which this policy applies, and the Treatment that is used by this policy.
USING THE POLICY SYSTEM — You can type in new End Station or End Station Group names or delete names in the Servers list itself. The names you type must be valid names already known to the Extremeware Enterprise Manager. The names in the Servers list are separated by semi-colons, following the convention used by Microsoft Outlook. • To change the application, click the Application selector button at the right of the Application field. This displays a list of applications known to the Policy system.
VIEWING AND MODIFYING NETWORK POLICIES CLIENT/SERVER POLICY DEFINITION TAB A Client/Server policy maps a QoS treatment to traffic going between a server and specific clients. You specify the both sets of endpoints (clients and server) between which the traffic will travel. The server endpoint can also include an application (translated to a Layer 4 port) or it can be a host (indicated by the application choice “ANY,” translated to an IP address only).
USING THE POLICY SYSTEM For a Client/Server policy, the Definition tab shows a list of the servers, clients, and the application to which this policy applies, and the Treatment used by this policy (see Figure 8-13). Figure 8-13: Network QoS Policy view for a Client/Server policy, Definition tab • To change the list of servers to which the policy applies: — Click the policy object selector button at the right of the Servers field.
VIEWING AND MODIFYING NETWORK POLICIES appears. You can display lists of other policy objects by selecting from the drop-down list in the Show Type field. When you have finished, click OK. — You can also type in new policy object names or delete names in the Servers field itself. The names you type must be valid names of policy objects already known to the Extremeware Enterprise Manager. The names in the Servers field are separated by semi-colons, following the convention used by Microsoft Outlook.
USING THE POLICY SYSTEM • Clicking Reset at any time prior to clicking Save will restore the policy definition to those currently in effect for the selected policy. • Click the Save button to save the changes as the new policy definition. SOURCE PORT POLICY DEFINITION TAB A Source Port policy maps a QoS treatment to traffic from a specific port on an Extreme switch. You specify the ports from which the traffic will originate.
VIEWING AND MODIFYING NETWORK POLICIES — Click the policy object selector button at the right of the Source Ports field, then select the type of policy object for which you want to specify the source port pop-up menu. Source Ports are specified (implicitly) for users or end stations, and explicitly using port sets. Select source port specifications and add or remove them from the Selected items list.
USING THE POLICY SYSTEM CUSTOM POLICY DEFINITION TAB A Custom policy lets you define all the parameters of the policy without any predefintion. A custom policy is always implemented as IP QoS. For a Custom policy the Definition tab, as shown in Figure 8-15, shows the endpoints, applications and direction that defines the traffic pattern to which this policy applies, and the treatment that is used by this policy.
VIEWING AND MODIFYING NETWORK POLICIES Select individual endpoints and add or remove them from the Selected items list. You can display lists of other types of policy objects by selecting from the pull-down list in the Show Type field. When you have finished, click OK. — You can enter new policy object names, or delete names in the Endpoint field itself. The names must be valid names of policy objects already known to the Extremeware Enterprise Manager.
USING THE POLICY SYSTEM THE STATUS TAB Figure 8-16 shows the Status tab. This tab displays the selected policy’s readiness and configuration status. Figure 8-16: Network QoS Policy view for a VLAN policy, Status tab The Status tab displays the following fields: • The Policy type. • Whether the policy is enabled. • Whether the policy data is complete (whether the Policy system has sufficient information about the end stations or user policy objects, to compute valid QoS rules for this policy).
VIEWING AND MODIFYING NETWORK POLICIES This screen is a status only display; no modifications can be made to these fields. The Save and Reset buttons are disabled. Note: If the Policy Configured field shows the message “Error: Too many rules” this means you need to reduce the number of endpoints that your policy specifies. THE SCOPE TAB Figure 8-17 shows the Scope tab for the selected policy. The Scope tab shows the range of network devices to which the policy can be applied.
USING THE POLICY SYSTEM When All Managed Devices is selected, this policy automatically applies to any newly-added devices and any new device groups created after the policy has been defined. • If Specific Device Groups is selected, the display shows which groups are included and which are excluded. — To include an excluded policy, select the policy in the Excluded Device Groups list and click the right-arrow button. The policy moves to the Included Device Groups list.
VIEWING AND MODIFYING NETWORK POLICIES THE OVERLAPS TAB Figure 8-18 shows the Overlaps tab for the selected policy. Figure 8-18: Network QoS Policy view for a VLAN policy, Overlaps tab The Overlaps tab displays a list of policies that overlap or conflict with the selected policy. The Policy Overlaps list shows the following information: • Overlapping Policy—the name of the overlapping policy. • Relative Precedence—the precedence of this policy relative to the other policies in the list.
USING THE POLICY SYSTEM which it was created). Precedence type and the rules that determine the precedence between policies in discussed in the next section. You cannot change the information shown under this tab—the Save and Reset buttons are disabled. To change the precedence of a policy, click the Precedence tab and make changes there. If you think the overlap may be the result of an incorrect policy specification, you can return to the appropriate tab and make the necessary changes.
VIEWING AND MODIFYING NETWORK POLICIES Figure 8-19: Network QoS Policy view for a VLAN policy, Precedence tab The Precedence tab displays the following information: • The precedence lists show how overlapping policies relate to the selected policy. — Higher Priority Policies are those which have higher priority (take precedence) over the currently selected policy. Traffic to which these policies apply will be forwarded before traffic of lower priority.
USING THE POLICY SYSTEM policies in the precedence lists that aren’t relevant, you can remove them. You can also add and remove other network QoS policies from a precedence relationship with the selected policy. Click OK to return to the Precedence tab. Figure 8-20: Edit: Select Policies pop-up window • Clicking Reset at any time prior to clicking Save will restore the precedence settings to those currently in effect relative to the selected policy.
VIEWING AND MODIFYING NETWORK POLICIES THE QOS RESULTS TAB Figure 8-21 shows the QoS Results tab. This shows the QoS rules that have been computed from the selected policy. Figure 8-21: Network QoS Policy view for a VLAN policy, QoS Results tab The QoS rules are the rules that the current definition of the policy expects to generate. Note that these may not correspond exactly to the computed QoS rules because the computed rules take into account the intersection of multiple policies.
USING THE POLICY SYSTEM VIEWING AND MODIFYING NETWORK QOS TREATMENTS To view the current QoS treatments defined within the Policy System, click the plus sign next to Network Policy to display the policy subcomponents, then click Treatment. This displays the Network QoS Treatment view (see Figure 8-22). The main applet frame has two sections: • The top section lists all the treatments currently defined in the policy system. — Name is the name of the treatment provided when the treatment was created.
VIEWING AND MODIFYING NETWORK QOS TREATMENTS Figure 8-22: Network QoS Treatment view There are five treatments: four quality treatments (corresponding to QP1-QP4) and Deny/Disable (corresponding to Blackhole IP traffic or disabling source ports). The default definitions for QoS treatments are shown in Table 8-1.
USING THE POLICY SYSTEM QoS treatments cannot be added or deleted. You can change the names and descriptions of all five treatments, and you can change the priority and bandwidths of the four quality treatments. Treatments can be scoped, so that you can have different treatment parameters for each device group. • To change the scope for the treatments, click All Device Groups or Selected Device Groups.
ADDING OR MODIFYING LOCAL USERS Figure 8-23: The Network User View 2 To add a new user, type the user name in the Name field, and an optional description in the Description field. 3 If DLCS is running in your network devices, you can click Lookup, and the Enterprise Manager will use DLCS to try to find any end stations where this user is logged in. It will enter them for you in the Network Stations field.
USING THE POLICY SYSTEM A check in the Allow Automatic DLCS Updates box means that the policy system will get network station information for the user from the switch’s DLCS feature. This will be done automatically every time the QoS policies are re-configured. If auto-configuration is turned on, changes to DLCS mappings in the switch (due to a user logging in or logging out) will trigger a re-configuration. The default for Allow Automatic DLCS Updates is on (box is checked).
ADDING ADDING OR OR MODIFYING USER GROUPS MODIFYING USER GROUPS 1 To create a new User Group, click New at the top of the Policy System page, then select User Group from the pull-down list. To modify an existing User Group, select User Groups under the Users entry in the Component Tree. Either method will display the Local Group – Users page as shown in Figure 8-24.
USING THE POLICY SYSTEM 4 You can also add members by typing a user name in the Add field at the bottom of the screen. Type the name and click Add to add it to the members list. 5 To remove members from the User Group, select one or more names in the Members list and click the Remove members button (just below the selector button to the right of the Members list) to remove them from the list. 6 Click Save to save the additions or changes.
ADDING OR MODIFYING END STATIONS Figure 8-25: The End Station view. 2 To add a new end station, type the host name in the Name field, and an optional description in the Description field. 3 If DLCS is running in your network devices, you can click Lookup, and the Enterprise Manager will use DLCS to try to find the IP Address, switch device, and port associated with the host name you entered. It will enter them for you into the appropriate fields.
USING THE POLICY SYSTEM A check in the Allow Automatic DLCS Updates box means that the policy system will get IP address and switch/port information for the end station from the switch’s DLCS feature. This will be done automatically every time the QoS policies are re-configured. If auto-configuration is turned on, then changes to DLCS mappings in the switch (due to a an end station booting up) will trigger a re-configuration. The default for Allow Automatic DLCS Updates is on (box is checked).
ADDING OR MODIFYING END STATION GROUPS Figure 8-26: The End Station Group view. 2 To add a new End Station Group, type the group name into the Name field, and a description (optional) into the Description field. 3 Click the selector box to the right of the Members field to display a list of the end stations known to the Enterprise Manager. Select end station names from this list and use the Add -> button to add them to the selected list. Use Remove -> to remove names from this list.
USING THE POLICY SYSTEM DISPLAYING MANAGED DEVICE STATUS Select Managed Devices in the Component Tree to display a list of all the managed devices known to the Enterprise Manager. Selecting a device in the Devices list displays the name, description and IP address of the device (see Figure 8-27). You cannot change the device information displayed on this page—use the Modify Devices function in the Inventory Manager to modify device configuration information.
DISPLAYING MANAGED DEVICE STATUS CISCO DEVICE POLICY SETUP You can set up policy for a Cisco device running Cisco IOS 11.2 or later. 1 Select a Cisco Device in the Devices list, then click the Cisco Policy Setup button. This button will not be available unless a Cisco device is selected. This displays the Cisco Device Policy Setup window as shown in Figure 8-28.
USING THE POLICY SYSTEM — Access Start List: ExtremeWare Enterprise Manager uses six consecutive access lists to specify traffic on a Cisco device. You can specify the starting access list, and Enterprise Manager will use that list plus the following five. For example, if you specify 100, then Enterprise Manager will use access lists 100 through 105. You can specify a starting access list between 100 and 194. The default, if no access list is yet configured on the device, is -1.
CONFIGURING QOS POLICIES CONFIGURING QOS POLICIES If Automatic Configuration is turned on every change you make within the ExtremeWare Enterprise Manager will trigger an immediate re-computation and reconfiguration of the QoS policies on your network. Configuration changes on a device managed by ExtremeWare Enterprise Manager, or a user login or end station reboot when DLCS is enabled, also trigger a recomputation and reconfiguration of QoS policies. If auto-configuration is turned off process.
USING THE POLICY SYSTEM SYSTEM STATUS The System Status block indicates the status of the policy configuration process. • Data Complete indicates whether the policy system has sufficient information about a host (end station) or user policy object, to compute valid QoS rules. For example, you might not have entered an IP address for a host. A green check indicates that the data is complete.
IMPORTING DATA FROM NT DOMAINS OR SOLARIS NIS • Computing QoS Rules indicates that computation is under way. While this is occurring, the Policy System State icon in the upper right corner of the Policy System page will indicate Busy. • Ready to Configure Devices indicates that a set of QoS rules has been computed incorporating all current policy definition changes. The rules are now ready to be configured on the appropriate devices.
USING THE POLICY SYSTEM Figure 8-30: The Import Data view • Select the types of data you want to import in the Data Types box, then click Update to start the import. If you want to stop the process before it is finished, click Stop. Import will update existing data if it has changed, as well as add new users and end stations.
DISPLAYING THE EVENT LOG Figure 8-31: The Event Log The Clear All button clears the Event Log display only—the event data remains in the log file.
USING 8-60 THE POLICY SYSTEM EXTREMEWARE ENTERPRISE MANAGER INSTALLATION AND USER GUIDE
9 Managing Virtual Chassis Stacks This chapter describes how to use the Virtual Chassis Stack Manager for: • Displaying a Virtual Chassis stack. • Updating the Virtual Chassis stack topology. • Creating a Virtual Chassis stack. • Editing a Virtual Chassis stack. • Deleting a Virtual Chassis stack. OVERVIEW OF VIRTUAL CHASSIS STACKS The Summit Virtual Chassis is a high performance, low cost external backplane that connects up to eight stacked or distributed Summit switches into one cohesive system.
MANAGING VIRTUAL CHASSIS STACKS ExtremeWare Enterprise Manager manages Virtual Chassis stacks as aggregated entities. The Enterprise Manager uses an SNMP identification process to recognize virtual stacks and their components, based on the known Extreme switches. This information is stored in the Enterprise Manager database. The Enterprise Manager can automatically identify single stacks and single parallel stacks.
DISPLAYING THE VIRTUAL CHASSIS STACK TOPOLOGY Each Summit device uses the Extreme Discovery Protocol (EDP) to identify all neighboring Summits connected via a Summit Virtual Chassis. The Virtual Chassis Stack Manager uses SNMP to collect this information about VC connections from each managed Summit switch in the ExtremeWare Enterprise Manager database. Using this information, the VC stack Manager constructs a collection of VC stacks and leftover Summits (orphan Summits) and VCs (orphan VCs).
MANAGING VIRTUAL CHASSIS STACKS Figure 9-1: Virtual Chassis Stack Manager display of known Virtual Chassis stacks As with the other ExtremeWare Enterprise Manager applets, the Component Tree is displayed in the left-hand panel. Detailed information about a selected component is displayed in the right-hand panel. In Figure 9-1, the top-level component, VC Stacks, is selected. The detail shows the stack configurations known to the Enterprise Manager database.
DISPLAYING THE VIRTUAL CHASSIS STACK TOPOLOGY • Orphan Summits are any Summit switches that do not appear to be components of any VC stack. They do not appear to have any port connections to a Virtual Chassis. A Summit switch can be classified as an orphan because: — The Enterprise Manager cannot determine the stack to which it belongs. — It was added using the Inventory Manager after the most recent identification was completed. — It does not have any VC connections.
MANAGING VIRTUAL CHASSIS STACKS Figure 9-2: Details of an individual Virtual Chassis Stack The following functions are available from this page: • Click on a Virtual Chassis or a switch to highlight the connections from that VC or switch. • Click on a connection to highlight the individual connection. • Double-click on a switch to invoke ExtremeWare Vista for the switch. This launches a Web browser window and displays the ExtremeWare Vista Login page.
DISPLAYING THE VIRTUAL CHASSIS STACK TOPOLOGY Figure 9-3: Detail view of a Virtual Chassis component of a VC stack DISPLAYING ORPHAN VCS Orphan VCs are any Virtual Chassis that do not appear to be members of a VC stack, as detected by ExtremeWare Enterprise Manager. • To display a list of the VCs, select Orphan VCs in the Component Tree, as shown in Figure 9-4. A Virtual Chassis may appear to be an orphan if: • It was removed from a VC Stack using the Enterprise Manager.
MANAGING VIRTUAL CHASSIS STACKS Figure 9-4: Orphan Virtual Chassis Connections The display shows any ports that have connections to switches, for each Virtual Chassis in the Orphan VC list. Selecting an individual Virtual Chassis in the Orphan VC list displays a detail diagram similar to that shown in Figure 9-3. DISPLAYING ORPHAN SUMMIT SWITCHES The ExtremeWare Enterprise Manager considers a switch to be an orphan if it could not be identified as belonging to a Virtual Chassis stack.
DISPLAYING THE VIRTUAL CHASSIS STACK TOPOLOGY Figure 9-5: Orphan switches Virtual Chassis connections A Summit may be considered an orphan if: • It is a member of multiple stacks. • It has been added to the switch inventory since the last stack identification was done. • It does not have any VC connections. The display shows the switch name, the IP address of the switch, and the port numbers of any active and inactive SummitLink ports.
MANAGING VIRTUAL CHASSIS STACKS CREATING A VIRTUAL CHASSIS STACK You must have Administrator or Manager access to create a Virtual Chassis stack. Creating a Virtual Chassis stack creates a stack representation in the ExtremeWare Enterprise Manager database. It does not change the physical stack configuration or the actual member switch configurations. To create a new Virtual Chassis stack, click the Create button at the top left of the Virtual Chassis Stack Manager window.
DELETING A VIRTUAL CHASSIS STACK 4 To remove a Virtual Chassis from the VC stack, select the Virtual Chassis and click the left arrow button. The selected switch is moved to the Orphan VCs list. 5 To remove a Summit switch from the VC stack, select the switch and click the left arrow button. The selected switch is moved to the Orphan Summits list.
MANAGING VIRTUAL CHASSIS STACKS To delete a Virtual Chassis stack, select the stack from the VC Stacks list, and click the Delete button. If you confirm that you want the stack deleted, the representation of this stack is deleted in the ExtremeWare Enterprise Manager database. It has no effect on the actual devices in your network. The Virtual Chassis and switches in the Virtual Chassis stack become Orphans, and now appear in their respective Orphan lists.
CONFIGURING VIRTUAL CHASSIS STACK PORTS To edit a Virtual Chassis Stack, follow these steps: 1 Select a Virtual Chassis Stack from the pull down list in the VC Stack field. The dialog box displays all the Summit Virtual Chassis and Summit Switches that are either included in the selected stack, or are considered orphans (not included in any VC stack). 2 To add a Summit Virtual Chassis to the stack, select the Virtual Chassis in the Orphan VCs list.
MANAGING VIRTUAL CHASSIS STACKS You can also configure the ports on switches in the Orphan Summit list. This is done in the same way as for switches in a VC stack. You may need to do this prior to adding an Orphan switch to a Virtual Chassis stack. To configure ports, follow these steps: 1 Select a VC stack or Orphan Summits in the Component Tree. 2 Click Config at the top of the Virtual Chassis Stack Manager page. The Configure Ports in VC Stack dialog Box appears, as shown in Figure 9-9.
IDENTIFYING THE VIRTUAL CHASSIS STACK TOPOLOGY — The SummitLink Mode box indicates whether the port is configured for connection to a Virtual Chassis. A check indicates the port is in SummitLink mode. No check indicates the port is in Ethernet mode. — The Load Sharing field indicates whether the port is configured for load sharing. None indicates the port is not configured for load sharing. 2 port or 4 port indicates the port is configured as one of the ports used for load sharing.
MANAGING VIRTUAL CHASSIS STACKS Figure 9-10: Identify Virtual Stack To use a SNMP identification process to identify Virtual Chassis Stacks, click Yes. ExtremeWare Enterprise Manager runs the SNMP identification process, and redisplays the Component Tree to show the Virtual Stack configuration topology as identified during the discovery process. Note: 9-16 Rediscovering the Virtual Chassis stack causes any manual changes you have made to your Virtual Chassis stack configurations to be lost.
10 Real Time Statistics This chapter describes how to use the Real Time Statistics applet for: • Viewing percentage utilization or total errors data for multiple ports in an Extreme Networks switch, a switch slot, or a port group. • Viewing historical utilization, total errors, or individual errors data for a specific port on an Extreme Networks switch.
REAL TIME STATISTICS You can also view historical statistics for a single port. If you choose to view a single port, the display shows the value of the selected variable(s) over time, based on the number of datapoints the MIB maintains in the etherHistory table. You can choose from a variety of styles of charts and graphs as well as a tabular display. You can view the following types of data: • Percent Utilization for each port in the set (device, port group, or single port).
DISPLAYING MULTIPORT STATISTICS Table 10-2: Definition of RMON etherHistory error variables for port error displays etherHistoryOversizePkts The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets) but were otherwise well formed.
REAL TIME STATISTICS Figure 10-1: Real Time Statistics main page A device with a red circle “S” next to it indicates that the device dis not responding to SNMP requrests. A port group with a red circle “S” indicates that the port group is empty. For an individual port, you can display individual errors in addition to utilization and total errors. ➧ Select a network device to display data for some or all ports on the device. ➧ Select a port group to display data for all ports in the port group.
DISPLAYING MULTIPORT STATISTICS Figure 10-2: Bar chart showing device port statistics If you place the cursor near a bar in the chart, a pop-up window shows the port number and device, actual data value, and the time stamp on the data sample. You can use the mouse to change the depth and rotation of a 3-dimensional chart: • Hold down the [Shift] key, press the left mouse button, and drag the cursor left or right to rotate the graph.
REAL TIME STATISTICS There are cases where you may not see data for every port you expect in a multi-port display: • You have selected the “top N” feature (top 15 by default), so only the “N” ports with the highest utilization or the highest total number of errors are displayed. • RMON is disable for some ports on the switch. If the switch as a whole can be reached and is reporting data, then individual ports that do not report data will be ignored. No error message is presented in this case.
DISPLAYING STATISTICS FOR A SINGLE PORT There are several reasons why the Enterprise Manager may not be able to display any device data: • The Enterprise Manager cannot communicate with the device (indicated by an “S” in a red circle next to the device name). • The device does not have RMON enabled, or RMON was just recently enabled and no data samples exist yet.
REAL TIME STATISTICS Figure 10-4: Utilization data over time for an individual port on a device. The number of data points displayed, and the sampling interval are user-configurable parameters, within the limitations of the device configuration. The defaults are: • A 30-second sampling interval • 50 data points displayed However, in Figure 10-4, only 25 data points are displayed, because that is the maximum number of values the BlackDiamond switch stores as historical data.
CHANGING THE DISPLAY MODE Figure 10-5: Individual errors in a single-port chart CHANGING THE DISPLAY MODE The icons at the top of the page let you select the format of the statistical display, and control several other aspects of the display. Select this to determine whether the display for a device or port group will include all ports, or only the top N ports (where N is initially fifteen).
REAL TIME STATISTICS Select this to display the data as a line graph. This chart type is especially useful when displaying individual errors for a single port. Select this to display the data as a pie chart. This chart type is available only when you are displaying statistics for multiple ports on a device, device slot, or in a port group. The maximum number of slices in the pie is a user-configurable setting. It is initially set to display 10 slices. Select this to display the data as a bar chart.
SETTING GRAPH PREFERENCES Determines whether the graph data is updated automatically at every sampling interval. Click on the icon to toggle between continuous updates, indicated by the bar with the red dot (representing a traveling data packet), and the open palm, indicating that updates have been suspended. Select this to bring up the graph preferences pop-up window. You can change a variety of settings, such as graph and data colors, the sampling interval, or the number of ports in a top N display.
REAL TIME STATISTICS • To change to a 2D graph view, click the Set 3D Graph View box to remove the check mark. • View Depth controls the depth of a bar. The default is 10, maximum is 1000. • View Elevation controls the elevation (rise) from the front of the bar to the back, in degrees. The default is 10°, range is ±45°. • View Rotation controls the angle of rotation of the bar, in degrees. The default is 12°, range is ±45°.
SETTING GRAPH PREFERENCES Data Colors (Figure 10-8) lets you set the colors used for the various data sets in your graph. Figure 10-8: Setting data color preferences • To change a color, click on a button with the color bar icon. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying HSB or RGB values. • Data Color 1 is the color used for Utilization and Total Error graphs.
REAL TIME STATISTICS • Historical Data Display Count specifies the number of historical data points to display in a graph for an individual port. The default is 50, the maximum value you can set is 100. However, the actual maximum number of data points you can get is determined by the SNMP agent running in the device from which you are getting data. • Historical Data Sampling Interval is the sampling interval to use when displaying historical data. Select a choice from the pull-down list.
11 Using the IP/MAC Address Finder This chapter describes how to use the IP/MAC Address Finder applet for: • Creating search requests for locating MAC or IP addresses on the network. OVERVIEW OF THE IP/MAC FINDER APPLET The IP/MAC Address Finder applet lets you search for network addresses (MAC or IP addresses) and identify the switch and port on which the address resides. The Search Tool lets you configure and start a search task, view the status of the task, and view the task results.
USING THE IP/MAC ADDRESS FINDER Figure 11-1: IP/MAC Address Finder main page TASKS LIST SUMMARY WINDOW As search tasks are initiated, they are placed in the Find Address Tasks List in the Component Tree. Selecting the Find Address Tasks folder in the Component Tree displays a summary of the status of the tasks in the Task List (see Figure 11-2).
TASKS LIST SUMMARY WINDOW Figure 11-2: Tasks List summary The Tasks List shows you basic information about the tasks you set up. • ID is automatically assigned by ExtremeWare Enterprise Manager. • Name is the name you gave the task when you created it. Giving a task a unique name is important to distinguish it from other tasks in the Tasks List. • Type is the type of search this will perform. In ExtremeWare Enterprise Manager release 2.
USING THE IP/MAC ADDRESS FINDER • Select a task and click Delete to delete an individual task. This deletes the task specification as well as the task results. Once a task has completed, it cannot be rerun unless it is the most recent task completed. • Select a Pending task and click Cancel to cancel the task before it has completed.
DETAILED TASK VIEW 1 Enter the task name in the Task Name field. This name helps you identify the task in the Find Address Tasks List. 2 Define the search targets: select either IP or MAC to determine the format of the address to search for, and enter the address into the fields provided. Click the Add Address button to add the address to Addresses to Find list. Click the Remove Address button to remove an address from the list. 3 Define the search domain.
USING THE IP/MAC ADDRESS FINDER Figure 11-4: Search in progress While the task is in progress, the window shows the status as Pending. When the search is complete, the Detailed Task View shows the results for the search (Figure 11-5).
DETAILED TASK VIEW Figure 11-5: Address search results in the Detailed Task View The Detailed Task View shows the following information about your search. • Name is the name you gave the task when you created it. Giving a task a unique name is important to distinguish it from other tasks in the Tasks List. • Status shows the status of the request. Possible values are Pending, and Done. • Date Submitted shows the date and time the task was submitted.
USING THE IP/MAC ADDRESS FINDER The Search Results list shows the results of the search. For every address successfully located, this list shows: • Both the MAC address and the corresponding IP address. • The switch and port to which the address is connected • The User (name) currently logged in at that address.
A HP OpenView Integration This appendix describes: • Integrating the ExtremeWare™ Enterprise Manager and ExtremeWare Vista components for HP OpenView. • Launching the Enterprise Manager client and ExtremeWare Vista from HP OpenView. INTEGRATION OVERVIEW The HP OpenView integration process makes it possible to launch the ExtremeWare Enterprise Manager client from within HP OpenView.
HP OPENVIEW INTEGRATION INTEGRATING WITH HP OPENVIEW UNDER WINDOWS NT In order to launch ExtremeWare Enterprise Manager and ExtremeWare Vista from HP OpenView under Windows NT, you must add commands to the appropriate HP OpenView menus with links to the Extreme Networks software. In addition, the Extreme Networks MIBs need to be included in the set of MIBs available to HP OpenView. The integration process provided with ExtremeWare Enterprise Manager adds the needed components.
INTEGRATING WITH HP OPENVIEW UNDER WINDOWS NT — Click Extreme Networks supported MIBs to install Extreme Network’s Management Information Base (MIB) definitions. This is necessary for HP Openview to recognize and manage Extreme Networks Summit devices. 7 If you are installing the ExtremeWare Enterprise Manager, the Get ExtremeWare Enterprise Manager Location Dialog Box is displayed.
HP OPENVIEW INTEGRATION UNINSTALLING THE INTEGRATION COMPONENTS To uninstall the HP OpenView integration, follow these steps: 1 From the Start menu, highlight Settings, pull right, and click on the Control Panel. This displays the Control Panel folder. 2 Shut down the Enterprise Manager components if they are still running. See “Shutting Down the Enterprise Manager Server Components” in Chapter 3. 3 From the Control Panel folder, double-click Add/Remove Programs.
INTEGRATING WITH HP OPENVIEW UNDER SOLARIS 4 The script begins with an identifying message, and asks you to view and accept the Extreme Networks licensing terms: ****************************************************************** Welcome to the Extreme Networks HP OpenView Integration Script This program will integrate ExtremeWare MIBs and links into your HP OpenView installation.
HP OPENVIEW INTEGRATION Please enter the location of your OpenView installation. Install Directory [/opt/OV]: Press [Enter] to accept the default, or enter the path and directory where the HP OpenView software is located. The integration process verifies that you have the required version of the HP OpenView software installed in that location.
INTEGRATING WITH HP OPENVIEW UNDER SOLARIS Updating /etc/opt/OV/share/conf/oid_to_type... (This may take a few moments) Removing any previous ExtremeNetworks entries in /etc/opt/OV/share/conf/oid_to_type Appending new entries to /etc/opt/OV/share/conf/oid_to_type Done Updating /etc/opt/OV/share/conf/oid_to_sym...
HP OPENVIEW INTEGRATION /etc/opt/OV/share/fields/C/BlackDiamond: Verified Enumeration field "SNMPAgent" Verified enumeration value "Extreme Networks BlackDiamond" (134) /etc/opt/OV/share/fields/C/ip_fields: Verified String field "IP Address" /etc/opt/OV/share/fields/C/ip_fields: Verified String field "IPX Address" • • • When this process has finished, the script runs a process to update the HP OpenView topology database to include the Extreme Networks configuration information.
LAUNCHING THE CLIENT FROM HP OPENVIEW script done on Fri 22 Oct 1999 11:23:28 AM PDT Note: ExtremeWare Vista is only available when you have selected an Extreme device on the Network Node Manager map. You must add the Extreme Networks configuration information to the topology database so the Network Node Manager can recognize Extreme switches. Until you do this, you will not be able to access ExtremeWare Vista from Network Node Manager.
HP OPENVIEW INTEGRATION Figure A-1: The Tools menu in HP OpenView Network Node Manager To launch either ExtremeWare Enterprise Manager or ExtremeWare Vista, follow these steps: 1 Click Tools to drop down the Tools menu. 2 Click Extreme Networks to display the ExtremeWare menu. 3 Click ExtremeWare Enterprise Manager or ExtremeWare Vista to launch the appropriate application. If you have selected a Summit device on the Node Manager Map you will be able to launch ExtremeWare Vista on that device.
LAUNCHING THE CLIENT FROM HP OPENVIEW ExtremeWare Enterprise Manager icon Figure A-2: ExtremeWare Enterprise Manager icon on the HP OpenView toolbar LAUNCHING EXTREMEWARE VISTA FROM THE HP OPENVIEW MAP You can launch ExtremeWare Vista for an individual Extreme device directly from the Network Node Manager map using the pop-up menu associated with the device icon.
HP OPENVIEW INTEGRATION Figure A-3: Pop-up menu for a selected Summit device To Launch ExtremeWare Vista, follow these steps: 1 Select a Summit device on the Network Node Manager Map. 2 Click with the right mouse button to display the pop-up menu. 3 Click ExtremeWare Vista in the menu. This will launch a browser window and run the ExtremeWare Vista application for the Summit switch you have selected.
B Dynamic Link Context System (DLCS) This appendix describes: • How the ExtremeWare Enterprise Manager policy system uses The Dynamic Link Context System (DLCS) to map logical endstations (users, hosts) to physical attributes. • How to enable DLCS on Extreme switches running ExtremeWare 5.0 or later. • Limitations with DLCS as implemented in ExtremeWare 5.0.
DYNAMIC LINK CONTEXT SYSTEM (DLCS) ExtremeWare Enterprise Manager uses DLCS information to create a policy object for a user or end station that is mapped to the appropriate physical attributes (IP address and switch, port). USING DLCS IN THE POLICY SYSTEM For DLCS to operate within the ExtremeWare Enterprise Manager Policy System, two conditions must be met: • DLCS must be enabled on the switch. • In the Policy System client, the user or end station must be set to allow automatic DLCS updates.
DLCS LIMITATIONS the ExtremeView Configuration features. However, you can use the ExtremeView Telnet feature to access the switch and enable DLCS. To enable DLCS on a switch, do the following: 1 Click the ExtremeView icon in the ExtremeWare Enterprise Manager Navigation Toolbar 2 Select Telnet in the component tree, then select the switch you want to configure. 3 Use the enable dlcs command to enable DLCS snooping of packets on the switch. 4 Enable the ports on which you want to snoop.
DYNAMIC LINK CONTEXT SYSTEM (DLCS) • DLCS information is dynamic. Therefore if the switch is rebooted the DLCS information is lost. However, this information is still stored in the Enterprise Manager database. To delete the information from the policy system, you must explicitly delete the configuration parameters using the Enterprise Manager Policy System client.
C Database Utilities This chapter describes: • The DBVALID command-line database validation utility. • The DBBACKUP command-line database backup utility OVERVIEW Sybase database validation and backup utilities are shipped with the ExtremeWare Enterprise Manager software. The Validation utility validates all indexes and keys on some or all of the tables in the database. The Validation utility scans the entire table and looks up each record in every index and key defined on the table.
DATABASE UTILITIES THE VALIDATION UTILITY The Validation utility validates all indexes and keys on some or all of the tables in the database. Access the Validation utility from the MSDOS or Solaris command line using the dbvalid command. This convention also allows incorporation into batch or command files.
THE BACKUP UTILITY DATABASE CONNECTION PARAMETERS These are the parameters for the -c command-line switch. If the connection parameters are not specified, connection parameters from the SQLCONNECT environment variable are used, if set. Table C-2: Database Connection Parameters for dbvalid Utility uid= The user name used to login to the database. Default is dba. The user ID must have DBA authority. pwd= The password used to login to the database. Default is sql.
DATABASE UTILITIES This example assumes a database user ID of dba, with password sql. These are the defaults used when the database server is installed through the ExtremeWare Enterprise Manager installation process. If you have changed your database user ID and password, substitute your actual user ID and password in the command. is the directory where the Enterprise manager software is installed. Substitute the actual directory name in the command.
THE BACKUP UTILITY The connection parameters are separated by semi-colons, and the entire set must be quoted. For example, under Windows NT the following backs up the ExtremeWare Enterprise Manager database basecamp.db, connecting as user ID dba with password sql: \database\dbbackup -c “uid=dba;pwd=sql;dbf=\basecamp.db” c:\tmp INSTALLING A BACKUP DATABASE The backup database is named basecamp.
DATABASE UTILITIES C-6 EXTREMEWARE ENTERPRISE MANAGER INSTALLATION AND USER GUIDE
D ExtremeWare Enterprise Manager Properties Files This chapter describes several properties files used by ExtremeWare Enterprise Manager: • extreme.properties — ExtremeWare Enterprise Manager configuration parameters. • ciscoipports.properties — Cisco’s mapping of names to well-known ports. These files are both found in the extreme subdirectory of the installation directory (by default eem2_0\extreme). THE extreme.
EXTREMEWARE ENTERPRISE MANAGER PROPERTIES FILES Snmp.TimeoutPeriod=2 # Number of retries before timing out. # Default=1, Minimum=0, Maximum=5 Snmp.NumberOfRetries=1 # Enables ExtremeView to save switch user names and passwords in the database # automatically. # Default = true, Disable with false SaveSwitchPassword=true # Timeout period in milliseconds after EEM terminates after which the user is # required to relogin # Default = 60000 milliseconds (10 Min), Disable with -1 Session.
THE ciscoipports.
EXTREMEWARE ENTERPRISE MANAGER PROPERTIES FILES D-4 EXTREMEWARE ENTERPRISE MANAGER INSTALLATION AND USER GUIDE
E Troubleshooting This appendix describes: • Resolving problems you may encounter using the ExtremeWare Enterprise Manager Server. • Resolving problems you may encounter using the ExtremeWare Enterprise Manager client application. EXTREMEWARE ENTERPRISE MANAGER SERVER ISSUES INSTALLATION Problem: The Windows NT installation wizard automatically imported the database from the most recent previous version of ExtremeWare Enterprise Manager, when I wanted to import from an older version (e.g. 1.
TROUBLESHOOTING SNMP Problem: Cannot talk to a specific switch. Verify that the switch is running ExtremeWare software version 2.0 or greater. Ping the switch’s IP-address to verify availability of a route. Use the ping command from a MS-DOS or Solaris command shell. Verify that the read and write community strings used in the ExtremeWare Enterprise Manager match those configured on the switch. Problem: ExtremeWare CLI or ExtremeWare Vista changes are not reflected in ExtremeWare Enterprise Manager.
EXTREMEWARE ENTERPRISE MANAGER SERVER ISSUES Problem: Need to change polling interval, SNMP request time-out, or number of SNMP request retries. To change the default values for the SNMP polling interval, the SNMP request time-out, or the number of SNMP request retries, edit the file extreme.properties, found in the directory. The defaults and value restrictions are as indicated in the file, as shown. The full properties file is listed in Appendix D.
TROUBLESHOOTING Problem: An untagged port has disappeared from its VLAN. Check to see if the port has been added as an untagged port to a different VLAN. In ExtremeWare Enterprise Manager, adding an untagged port to a VLAN automatically removes the port from its previous VLAN if the port was an untagged port, and the new and old VLANs used the same protocol. This is different behavior from the ExtremeWare CLI, where you have to first delete the port from the old VLAN before you can add it to the new VLAN.
EXTREMEWARE ENTERPRISE MANAGER CLIENT VLAN MANAGER Problem: Multiple VLANs have the same name. A VLAN is defined by the name, its tag value, and its protocol filter definition. ExtremeWare Enterprise Manager allows multiple VLANs of the same name if one of the other defining characteristics of one VLAN is different from the other. Problem: Multiple protocols have the same name.
TROUBLESHOOTING POLICY SYSTEM CLIENT Problem: Cannot Import users from NT Domain Controller The ExtremeWare Enterprise Manager Server must be running with permissions that enable it to get user information from a Domain Controller. To verify and change permissions for the Web Server, do the following: 1 From the Start menu, highlight Settings, pull right, and click on the Control Panel. This displays the Control Panel folder. 2 Double-click on Services to display the Services Properties window.
Index Numerics 802.
RT Stats 3-10 Sync (Inventory Manager) 5-5, 5-25 Up (Policy) 8-14 VC 3-9, 9-3 VLAN 3-9 C changing password for Administrator 4-4 user 4-8 Cisco device requirements 1-8 Cisco device support in Policy System 8-9 client installation 2-14 launching from HP OpenView A-9 starting 3-5 starting for first time 4-3 client browser requirements 1-10 Client/Server policy 8-3 Client/Server policy definition tab 8-27 columns sorting 3-13 Command Line Interface 1-3 community string in Discovery 5-10 Component Tree 3-11 mo
ExtremeView 1-2 Telnet 1-3 ExtremeWare Vista launching from HP OpenView A-11 F Find IP/MAC button 3-10 H heartbeat check 1-8 HP OpenView launching client from A-9 launching ExtremeWare Vista from A-11 HP OpenView integration 2-5 (Solaris) A-4 uninstalling A-9 (Windows NT) A-2 uninstalling A-4 requirements 1-10 HTTP port 2-4 logging in 3-8 Login page 3-8, 4-3 Logoff button 3-10 M Managed Devices (Policy System) 8-14 Manager access level 1-5, 4-1 menu New (Policy System) 8-14, 8-15 Modify button in Invent
Policy System 1-4, 8-1 adding end station groups 8-50 adding end stations 8-48 adding users 8-44 adding user groups 8-47 Auto Configure 8-14 Cisco devices 8-9 Configuration 8-14 Create Policy button 8-14 Delete button 8-14 End Stations 8-14 Event Log 8-14 Import 8-14, 8-57 Managed Devices 8-14 modifying end station groups 8-50 modifying end stations 8-48 modifying user groups 8-47 modifying users 8-44 Network Policy 8-13 New button/menu 8-14 Up button 8-14 Users 8-13 using 8-13 Xedia devices 8-11 Policy Typ
stopping the server under Solaris 3-4 under Windows NT 3-2 Subnet as policy object 8-7 subnet mask in Discovery 5-10 Summit switch configuring ports in VC Stack Manager 9-2 deleting 5-23 displaying orphan Summits 9-8 modifying contact information 5-18 updating status 5-25 switch polling 5-3 Sync button 5-3, 5-5, 5-25 T tagged ports 7-8 Telnet 1-3 terminology, About This Guide xviii Third-Party Device Requirements 1-8 third-party devices support in Policy System 8-9 Treatment as policy object 8-7 modfying 8
starting the server 3-2 stopping the server 3-2 uninstalling HP OpenView integration A-4 uninstalling the server 2-6 X Xedia device requirements 1-8 Xedia device support in Policy System 8-11 vi - Index
