Cisco Prime Lan Management Solution 4.2 Part Number
Managing Devices and Credentials
Using LMS, you can add devices to DCR (Device Credential and Repository) and manage their credentials.
In LMS 4.2, Unified Device Manager (UDM) provides centralized device management using a centralized policy configuration. You have to configure a single policy to manage the devices. UDM identifies the managed devices after verifying the configured policy and the license count.
This section includes:
•Managing Devices in DCR
• Understanding Unified Device Manager
•Understanding Device States
• Working With Alias Devices
• DCR Server Error
•Managing Auto Update Servers
• Configuring Device Selector
Managing Devices in DCR
To manage the devices in DCR (Device Credential and Repository) and their credentials select Inventory > Device Administration > Add / Import / Manage Devices.
Device Management performs the following functions:
•Adding Devices
•Deleting Devices
•Editing Device Credentials
•Editing Device Identity
•Importing Devices and Credentials
•Exporting Devices and Credentials
•Excluding Devices
•Viewing Devices List
•Understanding Device States
•Managing Device States
•Configuring Device Management Policy
•Adding Managed Devices
•Verifying Device Credentials
•Verifying Device Credentials
You can use:
•Device Selector to search and select the devices to perform device management tasks. See Configuring Device Selector for more information.
•Refresh button to refresh and view the updated device information in local mode.
Note The Device Management UI is not visible in a DCR Slave machine.
Note For more details on Device Management, refer Device Management Functions in Administration of CiscoWorks LAN Management Solution.
Adding Devices
You can use the Adding Devices to add devices, device properties or attributes, and device credentials to the Device and Credential Admin.
You should have the required privileges to add devices to DCR which is determined by the login.
To add devices to the device list:
Step 1 Go to the CiscoWorks home page and select Inventory > Device Administration > Add / Import / Manage Devices.
The Device Management page appears.
The Device Management user interface helps you to perform operations on Standard devices, Cluster Managed devices and Auto Update devices. Operations on Auto Update Servers can be performed only at the Auto Update Server Management user interface.
The Device Summary window displays the devices and groups in DCR Administration.
Step 2 Click Add.
The Device Properties page appears. The Device Information dialog box provides four device types:
•Standard Type
•Auto Update Type
•Cluster Managed Type
•CNS Managed Type
You can add more than one device at a time. However, you cannot add devices of different management types.
Note If an IPv6 device is added, a pop-up message which says " For IPv6 devices, only limited support will be provided. Do you want to continue?" is displayed.
Standard Type
To add devices and credentials using Standard type:
Step 1 Select Standard from the Select A Management Type drop-down list box.
Step 2 Enter the Device IP Address, the host name, domain name, the device name, and the device type in the corresponding fields.
Note The valid Device Name characters are A-Z, a-z, 0-9, _, -, :, . and the valid Host Name characters are A-Z, a-z, 0-9, ., -, _.
Click Select and choose the Domain Name and the DeviceType from the list.
DCR uses a device record to represent a Cluster. A Cluster can be added in the Standard Management option by selecting the Device Type field as Cisco Cluster Management Suite.
DSBU Clusters added this way, can then be selected in Cluster Managed Type, for the field Cluster.
You can add a Cisco CNS Configuration Engine under the Standard Management type by selecting the Device Type field as Cisco CNS Configuration Engine. The Cisco CNS Configuration Engine added under the Standard type can be selected in the CNS Server field in the CNS Managed type.
After a Cisco CNS Configuration Engine or DSBU Cluster is successfully added, it will appear under
Network Management > Other Network Management Products > Cisco CNS Configuration Engine/Cisco Cluster Management Suite, in the Device Selector.
Step 3 Click Add to List .
The device is added to the Added Device List in the window.
To remove the device from the Device List, select the device and click Remove from List.
Step 4 Select either Policy configuration or a default credential set in the Select a Default Credential Set drop-down list box, if you want to use the default credentials to access the devices.
You can select a default credential set only when you have configured at least one default credential set. See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
If you have opted to use the default credentials, the primary credentials, secondary credentials,
Rx Boot Mode credentials, SNMP credentials, and HTTP credentials will be populated with the corresponding default values. You can click Finish to add the devices with default credentials or proceed further to make changes to the value of the credentials.
If you do not want to use the default credentials, select No Default in the Select a Default Credential Set drop-down list box.
Step 5 Click Next.
The Standard Credentials page appears.
Step 6 Enter the following credentials in the Standard Credentials page.
•Primary Credentials (Username, Password, Enable Password)
•Secondary Credentials (Username, Password, Enable Password)
•Rx Boot Mode Credentials (Username, Password)
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
Re-enter the value of the password in Verify field.
If you do not want to proceed, click Finish.
Step 7 Click Next.
The SNMP Credentials page appears.
Step 8 Enter the following credentials in the SNMP Credentials page:
•SNMPv2c/SNMPv1 Credentials (Read-Only Community String, Read-Write Community String)
•SNMPv3 Credentials (Mode, Username, Authentication Password, Authentication Algorithm, Privacy Password, Privacy Algorithm, Engine ID)
You must select the SNMPv3 check box to enter the SNMPv3 Credentials. By default, these fields are disabled. When the SNMPv3 check box is selected, the default SNMPv3 mode is AuthPriv.
Re-enter the value of Authentication Password and Privacy Password in the Verify fields.
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
If you do not want to proceed, click Finish.
Step 9 Click Next.
The HTTP Settings page appears.
Step 10 Enter the following credentials in the HTTP Settings dialog box.
•Primary HTTP Credentials (Username, Password)
Re-enter the value of the password in Verify field.
•Secondary HTTP Credentials (Username, Password)
Re-enter the value of the password in Verify field.
•Other Attributes (HTTP Port, HTTPS Port, Certificate Common Name, Current Mode)
Select the HTTP or HTTPS option for current connection mode.
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
If you do not want to proceed, click Finish.
Step 11 Click Next.
The User Defined Fields dialog box appears.
Step 12 Enter your choices for User Defined Fields.
By default, Device and Credential Admin provides the option to define four attribute fields for a device. These fields are used to store additional user-defined data for the device.
The attribute fields that appear here can be changed in the User Defined Fields page. Go to Admin > Network > Device Credential Settings > User Defined Fields to open the User Defined Fields page.
Step 13 Click Finish
A message appears that the devices are added successfully in DCR.
When all the devices are not added in DCR, the Device Status Summary appears. See Device Addition Status Report for more information.
Step 14 Click OK.
The Device Summary page appears with the updated device group information .
Auto Update Type
You can use this feature to add, edit, and delete devices managed using Auto Update Server.
The Auto Update Server managed device has its own attributes and credentials just like normal devices in DCR. In addition, it will have the following attributes:
•Device Identity: The string value that uniquely identifies the device in parent Auto Update Server.
•The DCR Device ID of the parent Auto Update Server record.
To add devices and credentials using Auto Update type:
Step 1 Select the Auto Update from the Select A Management Type drop-down list box.
Step 2 Enter the Device Type, Device Name, Auto Update Device ID, Host Name, Domain Name, and IP Address in the corresponding fields.
Note The valid Device Name characters are A-Z, a-z, 0-9, _, -, :, . and the valid Host Name characters are A-Z, a-z, 0-9, ., -, _.
To select Auto Update Server, Domain Name, and the Device Type click Select and select from the resulting popup windows. For Auto Update Server managed devices, Device Name and Device-Identity are enough for identity.
DCR uses a device record to represent an Auto Update Server. You can also add an Auto Update Server in the Auto Update Server Management page. Auto Update Server added in this way can then be selected for the Auto Update Server field in the Device Properties wizard.
Step 3 Click Add to List.
The device gets added to the Added Device List in the window.
To remove the device from the Device List, select the device and click Remove from List.
Step 4 Select either Policy configuration or a default credential set in the drop-down list box, if you want to use the default credentials to access the devices.
You can select a default credential set only when you have configured at least one default credential set. See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
If you have opted to use the default credentials, the primary credentials, secondary credentials,
Rx Boot Mode credentials, SNMP credentials, and HTTP credentials will be populated with the corresponding default values.
If you do not want to use the default credentials, select No Default in the Select a Default Credential Set drop-down list box.
You can click Finish to add the devices with default credentials or proceed further to make changes to the value of the credentials.
Step 5 Click Next.
The Standard Credentials page appears.
Step 6 Enter the following credentials in the Standard Credentials page.
•Primary Credentials (Username, Password, Enable Password)
•Secondary Credentials (Username, Password, Enable Password)
•Rx Boot Mode Credentials (Username, Password)
Re-enter the value of the password in Verify field.
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
If you do not want to proceed, click Finish.
Step 7 Click Next.
The SNMP Credentials page appears.
Step 8 Enter the following credentials in the SNMP Credentials page:
•SNMPv2c/SNMPv1 Credentials (Read-Only Community String, Read-Write Community String)
•SNMPv3 Credentials (Mode, Username, Authentication Password, Authentication Algorithm, Privacy Password, Privacy Algorithm, Engine ID)
You must select the SNMPv3 check box to enter the SNMPv3 Credentials. By default, these fields are disabled. When the SNMPv3 check box is selected, the default SNMPv3 mode is AuthPriv.
Re-enter the value of Authentication Password and Privacy Password in the Verify fields.
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
If you do not want to proceed, click Finish.
Step 9 Click Next.
The HTTP Settings page appears.
Step 10 Enter the following credentials in the HTTP Settings dialog box.
•Primary HTTP Credentials (Username, Password)
Re-enter the value of the password in Verify field.
•Secondary HTTP Credentials (Username, Password)
Re-enter the value of the password in Verify field.
•Other Attributes (HTTP Port, HTTPS Port, Certificate Common Name, Current Mode)
Select the HTTP or HTTPS option for current connection mode.
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
If you do not want to proceed, click Finish.
Step 11 Click Next.
The Auto Update Server Credential Template dialog box appears.
Step 12 Enter the Auto Update Server managed device credentials (Username, Password) in the corresponding fields.
Note These are the credentials to login to the Auto Update Server — not to access the managed device.
Re-enter the value of the password in Verify field.
Step 13 Click Next.
The User Defined Fields dialog box appears.
Step 14 Enter your choices for UDFs.
By default, Device and Credential Admin provides the option to define four attribute fields for a device. These fields are used to store additional user-defined data for the device.
The attribute fields that appear here can be changed in the User Defined Fields page. Go to Admin > Network > Device Credential Settings > User Defined Fields to open the User Defined Fields page.
Step 15 Click Finish.
A message appears that the devices are added successfully in DCR.
When all the devices are not added in DCR, the Device Status Summary appears. See Device Addition Status Report for more information.
Step 16 Click OK.
The Device Summary page appears with the updated device group information.
Cluster Managed Type
DCR supports Cisco Clusters and their member devices using a mix of standard and additional attributes and credentials.
To add devices and credentials using Cluster Managed type:
Step 1 Select Cluster Managed from the Select A Management Type drop-down list box.
Step 2 Enter Device Type, Device Name, Device IP Address, Device Host Name, Domain Name, Cluster, and Member Number in the corresponding fields. For member devices, member number and device name are enough for identity.
Note The valid Device Name characters are A-Z, a-z, 0-9, _, -, :, . and the valid Host Name characters are A-Z, a-z, 0-9, ., -, _.
The Member Number field is mandatory. The Member Number is the number of the Cluster member. This number represents the order in which the device is added into the cluster.
Also, Cluster needs to be added before a Cluster Managed device.
For example, if a device X belongs to cluster Y, first add the Cluster Y, and then add the Cluster Managed device X.
Step 3 Click Add to List.
The device is added to the Added Device List in the window.
To remove a device from the Device List select the device and click Remove from List.
Step 4 Select either Policy configuration or a default credential set in the Select a Default Credential Set drop-down list box, if you want to use the default credentials to access the devices.
You can select a default credential set only when you have configured at least one default credential set. See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
If you have opted to use the default credentials, the primary credentials, secondary credentials,
Rx Boot Mode credentials, SNMP credentials, and HTTP credentials will be populated with the corresponding default values.
If you do not want to use the default credentials, select No Default in the Select a Default Credential Set drop-down list box.
If you do not want to proceed further, click Finish.
Step 5 Click Next.
The User Defined Field dialog box appears.
Step 6 Enter your choices for User Defined Fields.
By default, Device and Credential Admin provides the option to define four attribute fields for a device. These fields are used to store additional user-defined data for the device.
The attribute fields that appear here can be changed in the User Defined Fields page. Go to Admin > Network > Device Credential Settings > User Defined Fields to open the User Defined Fields page.
Step 7 Click Finish.
A message appears that the devices are added successfully in DCR.
When all the devices are not added in DCR, the Device Status Summary appears. See Device Addition Status Report for more information.
Step 8 Click OK.
The Device Summary page appears with the updated device group information.
CNS Managed Type
To add devices and credentials using CNS Managed type:
Step 1 Select CNS Managed from the Select A Management Type drop-down list box.
Step 2 Enter the Device IP Address, the hostname, and the domain name.
The device name you want for the device in reports or graphical displays in the corresponding fields.
Step 3 You can also enter or select the domain name.
Note The valid Device Name characters are A-Z, a-z, 0-9, _, -, :, . and the valid Host Name characters are A-Z, a-z, 0-9, ., -, _.
Step 4 Click S elect and choose CNS Server and the device type from the list.
You can add a Cisco CNS Configuration Engine in the Standard Management option by selecting the Device Type field as Cisco CNS Configuration Engine.
If you add a Cisco CNS Configuration Engine in this way, you can select these engines in the CNS Managed option, for the CNS Server field.
CNS Server and Device Name are mandatory.
Step 5 Click Add to List.
The device is added to the Added Device List in the page.
To remove a device from the Device List select the device and click Remove from List.
Step 6 Select either Policy configuration or a default credential set in the Select a Default Credential Set drop-down list box, if you want to use the default credentials to access the devices.
You can select a default credential set only when you have configured at least one default credential set. See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
If you have opted to use the default credentials, the primary credentials, secondary credentials,
Rx Boot Mode credentials, SNMP credentials, and HTTP credentials will be populated with the corresponding default values. You can click Finish to add the devices with default credentials or proceed further to make changes to the value of the credentials.
If you do not want to use the default credentials, select No Default in the Select a Default Credential Set drop-down list box.
Step 7 Click Next.
The Standard Credentials page appears.
Step 8 Enter the following credentials in the Standard Credentials page.
•Primary Credentials (Username, Password, Enable Password)
•Secondary Credentials (Username, Password, Enable Password)
•Rx Boot Mode Credentials (Username, Password)
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
Re-enter the value of the password in Verify field.
If you do not want to proceed further, click Finish.
Step 9 Click Next.
The SNMP Credentials page appears.
Step 10 Enter the following credentials in the SNMP Credentials page:
•SNMPv2c/SNMPv1 Credentials (Read-Only Community String, Read-Write Community String)
•SNMPv3 Credentials (Mode, Username, Authentication Password, Authentication Algorithm, Privacy Password, Privacy Algorithm, Engine ID)
You must select the SNMPv3 check box to enter the SNMPv3 Credentials. By default, these fields are disabled. When the SNMPv3 check box is selected, the default SNMPv3 mode is AuthPriv.
Re-enter the value of Authentication Password and Privacy Password in the Verify fields.
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
If you do not want to proceed, click Finish.
Step 11 Click Next.
The HTTP Settings page appears.
Step 12 Enter the following credentials in the HTTP Settings dialog box.
•Primary HTTP Credentials (Username, Password)
Re-enter the value of the password in Verify field.
•Secondary HTTP Credentials (Username, Password)
Re-enter the value of the password in Verify field.
•Other Attributes (HTTP Port, HTTPS Port, Certificate Common Name, Current Mode)
Select the HTTP or HTTPS option for current connection mode.
If you have opted to use the default credentials, these credentials will be populated with the default values from DCR. You can edit them and enter your own values.
If you do not want to proceed, click Finish.
Step 13 Click Next.
Step 14 Enter your choices for User Defined Fields.
By default, Device provides the option to define four attribute fields for a device. These fields are used to store additional user-defined data for the device.
The attribute fields that appear here can be changed in the User Defined Fields page. Go to Admin > Network > Device Credential Settings > User Defined Fields to open the User Defined Fields page.
Step 15 Click Finish .
A message appears that the devices are added successfully in DCR.
When all the devices are not added in DCR, the Device Status Summary appears. See Device Addition Status Report for more information.
Step 16 Click OK .
The Device Summary page appears with the updated device group information.
Device Addition Status Report
There may be few devices that are not added in DCR. The Device Addition Status report appears when all the devices you have added in the user interface are not added in DCR.
The Device Addition Status report contains the following fields:
| |
---|---|
Number of devices added | Displays the number of devices added in DCR. |
Number of error devices | Displays the number of error devices. If there is an error encountered during the device addition into DCR, the devices are added into error devices list. For example, if you add the device with a DSBU Cluster Member number that already exists in DCR, the device will not be added in DCR but added into error devices list. You should add the devices after rectifying the errors. |
Number of duplicate devices | Displays the number of devices whose attribute are the same as the attributes of the devices in DCR. A device is considered as a duplicate if: •The Device Name of a device is the same as that of any other device. •The Host Name and Domain Name combination of a device is the same as that of another device. |
A link is provided for the number of devices displayed for all these fields.
The links for number of devices added, number of error devices, and number of duplicate devices displayed. The link launches the Add Device List Report with the device name and the status of device addition.
Deleting Devices
You can delete device information from DCR using this feature.
You can select the devices from the Device Selector and delete either all of them or only the devices that are not managed by applications. When a device is deleted, it also gets deleted from all the applications that use DCR.
You should have the required privileges to delete devices from DCR. Your login determines whether you can use this option.
To delete devices:
Step 1 Go to the CiscoWorks home page and select Inventory > Device Administration > Add / Import / Manage Devices.
The Device Management page appears.
Step 2 Select one or more devices from the Device Selector and click Delete.
The Delete Devices Confirmation dialog box opens with the following details:
•Number of devices selected for deleting.
•Number of devices that are managed by applications in the current DCR domain.
Step 3 Select any one of the following options in the Delete Devices Confirmation dialog box:
•Delete only the device(s) not managed by Applications
Select this option when you want to delete the devices that are not managed by one or more applications. This option is enabled only when you have chosen to delete one or more devices from the device selector that are managed by applications.
•Delete all the device(s) selected
Select this option when you want to delete all the selected devices from DCR including the devices managed by applications. However, the device information still remains in the application databases.
Step 4 Click Continue.
All information about the selected devices are deleted from DCR. There may be few devices that are deleted from DCR. See Editing Device Credentials for more information.
A message appears stating that the devices are deleted successfully.
The devices deleted are also removed from the device selector. If you have selected larger number of devices to delete, the system may take few minutes to refresh the group information in the device selector.
Editing Device Credentials
You can edit device information for a single device or for multiple devices using this feature. To edit device information:
Step 1 Go to the CiscoWorks home page and select Inventory > Device Administration > Add / Import / Manage Devices.
The Device Management page appears.
Step 2 Select one or more devices from the Device Selector and click Edit Credentials.
The Credentials Set Selection dialog box appears.
Step 3 Select a default credential name or Policy Configuration from the Select a Credential Set to Edit drop-down list box.
If you do not want to use the default credentials, select No Default in the Select a Default Credential Set drop-down list box.
Step 4 Select either one of the following options:
• Overwrite All Device Credentials —Overwrites the existing credentials of selected devices with the credentials of the default credential set.
• Apply Only Missing Device Credentials —Retains the existing credentials of selected devices. This option applies the credential values defined in the default credential set for only missing or empty credentials.
Step 5 Click Next.
The Standard Credentials dialog box appears with the credential values that you have defined before.
If you have selected the Select and Edit Credentials option and do not want to proceed, click Finish.
Step 6 Edit the following credentials depending upon your requirement:
•Primary Credentials (Username, Password, Enable Password)
•Secondary Credentials (Username, Password, Enable Password)
•Rx Boot Mode Credentials (Username, Password)
•Auto Update Server Managed Device Credentials (Username, Password)
If you edit the password values of any credentials, you should re-enter the password values in their corresponding Verify fields.
Any changes made here will apply to all devices selected in Step 2. This has one exception.
However, if in Step 2, you have selected devices belonging to different device types, the changes made will apply only to devices of the appropriate type. That is, if a standard-device credential is changed, only the standard devices selected in Step 2 are affected.
If you have completed editing, and do not want to proceed, click Finish.
Step 7 Click Next.
The SNMP Credentials page appears.
Step 8 Edit one or more of following credentials depending upon your requirement:
•SNMPv2c/SNMPv1 Credentials (Read-Only Community String, Read-Write Community String)
•SNMPv3 Credentials (Mode, Username, Authentication Password, Authentication Algorithm, Privacy Password, Privacy Algorithm, Engine ID)
You must select the SNMPv3 check box to enter or edit the SNMPv3 Credentials. By default, these fields are disabled. When the SNMPv3 check box is selected, the default SNMPv3 mode is AuthPriv.
Re-enter the value of Authentication Password and Privacy Password in the Verify fields.
If you have completed editing, and do not want to proceed, click Finish.
Step 9 Click Next if you want to edit HTTP Settings.
The HTTP Settings Page opens.
Step 10 Edit one or more credentials depending upon your requirement:
•Primary HTTP Credentials (Username, Password)
•Secondary HTTP Credentials (Username, Password)
•Other Attributes (HTTP Port, HTTPS Port, Certificate Common Name, Current Mode)
Note Select the HTTP or HTTPS option for current connection mode.
Re-enter the values in the Verify fields.
If you have completed editing, and do not want to proceed, click Finish.
Step 11 Click Next if you want to edit User Defined Fields.
The User Defined Fields window appears. You can edit these fields and click Finish after you complete editing.
Note You cannot edit Auto Update Servers here. Even if you select them in Step 2, they will not be affected. See Adding, Editing, and Deleting Auto Update Server for details on editing Auto Update Server information.
Management Type for a device is defined while you add the device to DCR. You cannot change the Management Type for the device through the edit flow. For example, you cannot change:
•Cisco Cluster Management Suite to any other Management Type and vice versa
•Cisco CNS Configuration Engine to any other Management Type and vice versa
Editing Device Identity
You can edit Device Identity information for a single device in DCR. The Device Name and the Host Name/Domain Name combination must be unique for each device in DCR. When you edit a device, it will be considered as a duplicate if any one of the following occur:
•The Device Name of a device is the same as the Device Name of any other device
•The Host Name/Domain Name combination of a device is the same as that of any other device
•Auto Update Device ID is the same as Auto Update Device ID of any other device (when the device is AUS managed)
•Cluster and Member Number are the same as that of any other device (when the device is Cluster managed)
To edit the Device Identity information:
Step 1 Go to the CiscoWorks home page and select Inventory > Device Administration > Add / Import / Manage Devices.
The Device Management page appears.
Step 2 Select one or more devices from the Device Selector to edit their identity information.
Step 3 Click Edit Identity.
The Device Properties dialog box appears with the list of selected devices, and attributes of the first device in the list.
Step 4 Select a device from the device list to edit its identity information.
The current attributes are automatically populated in the device information fields.
Step 5 Edit the device information, on the right pane.
You can edit the following information:
•Device Type
•Device Name
•Device Identity (Auto Update Device ID, Auto Update Server, CNS Server, Host Name, Domain Name and IP Address)
•Cluster Information (Cluster, Member Number)
You can edit only one device at a time.
Step 6 Select another device from the device list to edit the identity information.
Step 7 Click Apply after you have entered the settings for all the desired devices.
Importing Devices and Credentials
You can import device lists, device properties or attributes and device credentials to the DCR and populate DCR using this feature.
You can:
•Import Using Device and Credential Interface
or
•Import Devices Using CLI
Import Using Device and Credential Interface
To import device information using Device and Credential Admin Interface:
Step 1 Go to the CiscoWorks home page and select Inventory > Device Administration > Add / Import / Manage Devices.
The Device Management page appears.
Step 2 Click Bulk Import.
The Import Devices popup window appears.
The options to import device information into DCR are:
•Import From a File. See Importing From a File for information.
•Import From Local NMS. See Importing From Local NMS for information.
•Import From Remote NMS. See Importing From Remote NMS for information.
If you import device information from a file, ensure that:
•Each device must have at least two mandatory attributes including the Device Name.
The mandatory attributes are: Device Name, and Management IP Address or Host Name or Device Identity.
For DSBU member devices, DSBU member number and device name are enough for identity.
For AUS managed devices Device Name and Device-Identity are enough. For a CNS managed device, CNS Server is a mandatory attribute.
•If you do not know the sysObjectID of the device, specify it as UNKNOWN. If you specify the sysObjectID, the corresponding mdf_type will be automatically updated by DCR.
•Specify the correct dcr_device_type of the device. The possible values are:
–0—Standard Device
–1—DSBU Cluster
–3—AUS
–4—CNS Configuration Engine
•In case of proxy devices (devices that are managed by DSBU cluster or AUS or CNS), make sure that the manager (parent) and managed (child) devices are linked properly. For the proxy managed devices, specify the correct Parent ID attribute field. The following are the parent attributes:
–parent_dsbu_id for DSBU cluster members
–parent_aus_id for AUS managed devices
–parent_cns_id for CNS managed devices
•If the import file type is xml, make sure that it conforms with the dtd available at NMSROOT/objects/dcrimpexp/conf/device.dtd.
Importing From a File
To import from a file:
Step 1 Enter the file name.
Or
Browse the file system and select the file using the Browse tab.
Step 2 Select CSV or XML file formats, as required.
Only CSV2.0 and CSV3.0 file formats are supported.
Step 3 Select either Use data from Import source or Use data from DCR, to resolve conflicts during import.
•If you select Use data from Import source, the credentials from the import source will be used, and credentials for the device in DCR will be modified.
•If you select Use data from DCR, the device credentials in DCR will be used.
Step 4 Schedule the task. To do this:
a. Select the RunType from the drop-down list.
You can schedule importing the devices immediately or schedule the import for a later time. The scheduling can be periodic (daily, weekly, or monthly) or for a single instance (once).
b. Select the date from the date picker.
The date picker displays the date from the client system.
Step 5 Enter the Job information, if you have scheduled the task for a later time.
a. Enter a brief description about the import task in the Job Description field.
b. Enter a valid e-mail ID in the E-mail field to notify you about the status of import. You can enter multiple e-mail addresses separated by comma.
Step 6 Select either Policy configuration or a default credential set in the Select a Default Credential Set drop-down list box, if you want to use the default credentials to access the devices.
If you do not want to use the default credentials, select No Default in the Select a Default Credential Set drop-down list box.
You can select a default credential set only when you have configured at least one default credential set. See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
•If your import source does not have the required device credentials and if you have opted to use default credentials, the device information will be imported into DCR with the values of default credentials.
•If your import source has the required device credentials and if you have opted to use default credentials, the device information will be imported into DCR with the values specified in the import source.
For example, if the default credential set has Standard and SNMP credentials and if your import source has only the Standard credentials, the device will be populated in DCR with the Standard credentials entered in your import source and SNMP credentials configured in the default credential set.
See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
Step 7 Click Import.
A message appears that the import job has been scheduled successfully, if you have scheduled an import job.
Importing From Local NMS
To import from Local NMS:
Step 1 Select the Network Management System type from the NMS type drop-down list.
HPOV and Netview are supported.
See Installation and Data Migration Guide for Cisco Prime LAN Manager 4.2 for information on supported Network Management Systems.
Step 2 Enter the install location of the NMS type selected in the Install Location field or click the Browse button to select the install location.
The following table provides you the examples to enter the install location:
| | |
---|---|---|
HP OpenView Network Node Manager | Solaris and Soft Appliance | /opt/OV |
Windows | C:\Program Files\HP OpenView | |
Netview | Solaris and Soft Appliance | /usr/OV |
Windows | C:\usr\OV |
Step 3 Select either Use data from Import source or Use data from DCR, to resolve conflicts during import.
Step 4 Schedule the task.
To do this:
a. Select the RunType from the drop-down list.
You can schedule importing the devices immediately or schedule the import for a later time. The scheduling can be periodic (daily, weekly, or monthly) or for a single instance (once).
b. Select the date from the date picker.
The date picker displays the date from the client system.
Step 5 Enter the Job information, if you have scheduled the task for a later time.
a. Enter a brief description about the import task in the Job Description field.
b. Enter a valid e-mail ID in the E-mail field to notify you about the status of import. You can enter multiple e-mail addresses separated by comma.
Step 6 Select either Policy configuration or a default credential set in the Select a Default Credential Set drop-down list box, if you want to use the default credentials to access the devices.
If you do not want to use the default credentials, select No Default.
You can select a default credential set only when you have configured at least one default credential set. See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
•If your import source does not have the required device credentials and if you have opted to use default credentials, the device information will be imported into DCR with the values of default credentials.
•If your import source has the required device credentials and if you have opted to use default credentials, the device information will be imported into DCR with the values specified in the import source.
For example, if the default credential set has Standard and SNMP credentials and if your import source has only the Standard credentials, the device will be populated in DCR with the Standard credentials entered in your import source and SNMP credentials configured in the default credential set.
See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
Step 7 Click Import.
A message appears that the import job has been scheduled successfully, if you have scheduled an import job.
Importing From Remote NMS
Before you import from the remote NMS, ensure that:
•The server running third-party NMS (HPOV, NetView) application is reachable from the Cisco Works Server.
•The remote server running 3rd party NMS accepts rsh connections and has a local user who has permission to run executables, such as ovtopodump
within the 3rd party NMS. This user should have permissions to log into the NMS Server without a password. Also, the .rhosts file should be modified to enable login without password.
If you are importing from a remote NMS on host 2 to host 1 (LMS Server), you need to add the following entries in the .rhosts file of host2: host1.domain.com SYSTEM (on Windows); where SYSTEM is a built-in Local System account.
For example, if you are importing from a remote NMS on XYZ.cisco.com to ABC.cisco.com, you need to add ABC.cisco.com SYSTEM host1.domain.com casuser (on Solaris and Soft Appliance).
To import from a remote NMS:
Step 1 Select the Network Management System type from the NMS type drop-down list.
HPOV and Netview are supported.
See Installation and Data Migration Guide for Cisco Prime LAN Manager 4.2 for information on supported Network Management Systems.
If you select ACS, enter:
•ACS Server Name or IP Address in the Host Name field.
•ACS admin username in the User Name field.
•ACS admin user password in the Password field.
•Port number (default is 2002) in the Port field.
•HTTP or HTTPs protocol in the Protocol field.
Step 2 Select the Operating System type from the OS type drop-down list.
Note Windows is not supported for HPOV and NetView
Step 3 Enter the Host name, User name, and Install location in the corresponding fields.
Make sure that you give the install location of the selected NMS type.
For example, enter:
•/opt/OV — for HP Openview NNM (Network Node Manager)
•/usr/OV — for NetView
Step 4 Select either Use data from Import source or Use data from DCR, to resolve conflicts during import.
Step 5 Schedule the task. To do this:
a. Select the RunType from the drop-down list.
You can schedule importing the devices immediately or schedule the import for a later time. The scheduling can be periodic (daily, weekly, or monthly) or for a single instance (once).
b. Select the date from the date picker.
The date picker displays the date from the client system.
Step 6 Enter the Job information, if you have scheduled the task for a later time.
a. Enter a brief description about the import task in the Job Description field.
b. Enter a valid e-mail ID in the E-mail field to notify you about the status of import. You can enter multiple e-mail addresses separated by comma.
Step 7 Select either Policy configuration or a default credential set in the Select a Default Credential Set drop-down list box, if you want to use the default credentials to access the devices.
If you do not want to use the default credentials, select No Default.
You can select a default credential set only when you have configured at least one default credential set. See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
If your import source does not have the required device credentials and if you have opted to use default credentials, the device information will be imported into DCR with the values of default credentials.
•If your import source has the required device credentials and if you have opted to use default credentials, the device information will be imported into DCR with the values specified in the import source.
For example, if the default credential set has Standard and SNMP credentials and if your import source has only the Standard credentials, the device will be populated in DCR with the Standard credentials entered in your import source and SNMP credentials configured in the default credential set.
See Configuring Default Credentials in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information.
Step 8 Click Import.
A message appears that the import job has been scheduled successfully, if you have scheduled an import job.
Import Status Report
The Import Status Report appears at the end of each immediate import operation. The report contains information on:
•Newly Imported Devices
This field shows the number of devices that are newly imported during the bulk import operation.
•Devices Not Imported
This field shows the devices that are not imported.
The devices that have not been imported might fall under one of the following categories:
| |
---|---|
Excluded Devices | Devices that are excluded based on the Exclude device list uploaded by the user. These devices will not be imported into DCR. |
Duplicate Devices | Devices whose attribute are same as one of the devices in DCR. A device is considered duplicate if: •The Device Name of a device is the same as that of any other device. •The Host Name and Domain Name combination of a device is the same as that of another device. |
Conflicting Devices | Devices that are both in the import source and in DCR but differ in their attributes. •If you choose the Use Data from Import Source Conflict Resolution Option, the following message appears: The device in DCR will be updated with the attributes from the import source. •If you choose Use Data from Device and Credential Repository Conflict Resolution Option, the following message appears: The device in DCR will not be updated with attribute from the import source. |
Error Devices | If DCR encounters error during a device import, the device will be added to the Error Devices list. Click the Error Devices link in the Import Status Report to see the Error Device List Report. Error Device List Report provides the reason for the failure. Import the device after rectifying the errors. Management IP Address, Host Name, Device Identity, and Device Name are mandatory attributes while importing. For DSBU member devices, DSBU member number and device name are enough for identity. For AUS managed devices Device Name and Device-Identity are enough. |
Sample CSV Files and XML Files
You can use CSV 2.0 or CSV 3.0 file or XML formats for import.
You can also perform a DCR Export operation to generate sample CSV or XML files. See Exporting Devices and Credentials for more information.
You should not delete any line from the CSV file generated by DCR export utility including the lines starting with ; (semi colon). However, you can add comments in the CSV file as new lines beginning with ; character.
If you use manually created CSV files for DCR import, we recommend that the CSV files should be in the same format of the files generated by DCR Export utility.
This section provides the following:
•Sample CSV 2.0 File
•Sample CSV 3.0 File
•Sample CSV 3.0 File for Auto Update Server Managed Devices
•Sample CSV 3.0 File for Cluster Managed Devices
•Sample XML File (Standard)
•Sample XML File for Auto Update Server Managed Devices
•Sample XML File for Cluster Managed Devices
View Mapping CSV 2.0 to CSV 3.0 Fields to see the details on mapping.
Sample CSV 2.0 File
;
; This file is generated by the export utility
; If you edit this file, be sure you know what you are doing
;
Cisco Systems NM data import, source = export utility; Version = 2.0; Type = Csv
;
; Here are the columns of the table.
; Columns 1 and 2 are required.
; Columns 3 through 19 are optional.
; Col# = 1: Name (including domain or simply an IP)
; Col# = 2: RO community string
; Col# = 3: RW community string
; Col# = 4: Serial Number
; Col# = 5: User Field 1
; Col# = 6: User Field 2
; Col# = 7: User Field 3
; Col# = 8: User Field 4
; Col# = 9; Name = Telnet password
; Col# = 10; Name = Enable password
; Col# = 11; Name = Enable secret
; Col# = 12; Name = Tacacs user
; Col# = 13; Name = Tacacs password
; Col# = 14; Name = Tacacs enable user
; Col# = 15; Name = Tacacs enable password
; Col# = 16; Name = Local user
; Col# = 17; Name = Local password
; Col# = 18; Name = Rcp user
; Col# = 19; Name = Rcp password
;
; Here are the rows of data.
;
172.20.118.156,public,,FHH080600dg,,,,,,,,,,,,,,,
172.20.118.150,public
,,FHH0743W022,,,,,,,,,,,,,,,
Sample CSV 3.0 File
; This file is generated by DCR Export utility
Cisco Systems NM Data import, Source=DCR Export; Type=DCRCSV; Version=3.0
;
;Start of section 0 - Basic Credentials
;
;HEADER:management_ip_address,host_name,domain_name,device_identity,display_name,sysObject ID,dcr_device_type,mdf_type,snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,snmp_v3_user_id, snmp_v3_password,snmp_v3_engine_id,snmp_v3_auth_algorithm,snmp_v3_priv_password,snmp_v3_pr iv_algorithm,rxboot_mode_username,rxboot_mode_password,primary_username,primary_password,p rimary_enable_password,http_username,http_password,http_mode,http_port,https_port,cert_com mon_name,secondary_username,secondary_password,secondary_enable_password,secondary_http_us ername,secondary_http_password
;
10.77.203.55,,,,10.77.203.55,UNKNOWN,0,UNKNOWN,,,userap1,roZes1,,MD5,roZes11,AES128,,,,,,, ,,,,,,,,,
10.77.203.142,,,,10.77.203.142,UNKNOWN,0,UNKNOWN,,,userap2,roZes2,,SHA-1,roZes22,3DES,,,,, ,,,,,,,,,,,
10.77.209.74,,,,10.77.209.74,UNKNOWN,0,UNKNOWN,,,v3user,roZes123,,MD5,roZes123,DES,,,,,,,, ,,,,,,,,
10.77.203.210,,,,10.77.203.210,UNKNOWN,0,UNKNOWN,,,v3user4,ROzES123,,SHA-1,ROzES123,AES256 ,,,,,,,,,,,,,,,,
;End of CSV file
Note For a complete list of attributes and their description, use the lsattr command in dcrcli. See Listing the Attributes for usage details.
Sample CSV 3.0 File for Auto Update Server Managed Devices
; This file is generated by DCR Export utility
Cisco Systems NM Data import, Source=DCR Export; Type=DCRCSV; Version=3.0
;
Start of section 0 - Basic Credentials
;
;HEADER:management_ip_address,host_name,domain_name,device_identity,display_name,sysObject ID,dcr_device_type,mdf_type,snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,snmp_v3_user_id, snmp_v3_password,snmp_v3_engine_id,snmp_v3_auth_algorithm,snmp_v3_priv_password,snmp_v3_pr iv_algorithm,rxboot_mode_username,rxboot_mode_password,primary_username,primary_password,p rimary_enable_password,http_username,http_password,http_mode,http_port,https_port,cert_com mon_name,secondary_username,secondary_password,secondary_enable_password,secondary_http_us ername,secondary_http_password
;
10.77.203.55,,,,10.77.203.55,UNKNOWN,0,UNKNOWN,,,userap1,roZes1,,MD5,roZes11,AES128,,,,,,, ,,,,,,,,,
10.77.203.142,,,,10.77.203.142,UNKNOWN,0,UNKNOWN,,,userap2,roZes2,,SHA-1,roZes22,3DES,,,,, ,,,,,,,,,,,
10.77.209.74,,,,10.77.209.74,UNKNOWN,0,UNKNOWN,,,v3user,roZes123,,MD5,roZes123,DES,,,,,,,, ,,,,,,,,
10.77.203.210,,,,10.77.203.210,UNKNOWN,0,UNKNOWN,,,v3user4,ROzES123,,SHA-1,ROzES123,AES256 ,,,,,,,,,,,,,,,,
;
;Start of section 1 - AUS proxy
;
;HEADER:management_ip_address,host_name,domain_name,device_identity,display_name,aus_usern ame,aus_password,aus_url
;
1.1.1.1,ons_host1,cisco.com,AUS_ID,ONS1,admin,admin,
10.10.10.1,aus_server,cisco.com,,AUS_SERV1,admin,admin,autoupdate/AutoUpdateServlet
;
;Start of section 2 - AUS managed
;
;HEADER:management_ip_address,host_name,domain_name,device_identity,display_name,parent_au s_id
;
1.1.1.1,ons_host1,cisco.com,AUS_ID,ONS1,display_name=AUS_SERV1
;End of CSV file
Sample CSV 3.0 File for Cluster Managed Devices
; This file is generated by DCR Export utility
Cisco Systems NM Data import, Source=DCR Export; Type=DCRCSV; Version=3.0
;
;Start of section 0 - Basic Credentials
;
;HEADER:management_ip_address,host_name,domain_name,device_identity,display_name,sysObject ID,dcr_device_type,mdf_type,snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,snmp_v3_user_id, snmp_v3_password,snmp_v3_engine_id,snmp_v3_auth_algorithm,snmp_v3_priv_password,snmp_v3_pr iv_algorithm,rxboot_mode_username,rxboot_mode_password,primary_username,primary_password,p rimary_enable_password,http_username,http_password,http_mode,http_port,https_port,cert_com mon_name,secondary_username,secondary_password,secondary_enable_password,secondary_http_us ername,secondary_http_password
;
10.77.203.55,,,,10.77.203.55,UNKNOWN,0,UNKNOWN,,,userap1,roZes1,,MD5,roZes11,AES128,,,,,,, ,,,,,,,,,
10.77.203.142,,,,10.77.203.142,UNKNOWN,0,UNKNOWN,,,userap2,roZes2,,SHA-1,roZes22,3DES,,,,, ,,,,,,,,,,,
10.77.209.74,,,,10.77.209.74,UNKNOWN,0,UNKNOWN,,,v3user,roZes123,,MD5,roZes123,DES,,,,,,,, ,,,,,,,,
10.77.203.210,,,,10.77.203.210,UNKNOWN,0,UNKNOWN,,,v3user4,ROzES123,,SHA-1,ROzES123,AES256 ,,,,,,,,,,,,,,,,
;
;Start of section 3 - DSBU managed
;
;HEADER:management_ip_address,host_name,domain_name,device_identity,display_name,
dsbu_member_number,parent_dsbu_id
;
1.1.1.1,ons_dev_1,cisco.com,,ONS1,1,display_name=cluster
;End of CSV file
Mapping CSV 2.0 to CSV 3.0 Fields
The following table provides a mapping between the fields in CSV 2.0 and CSV 3.0:
| |
---|---|
Name (including domain or only an IP Address) | host_name and display_name |
RO community string | snmp_v2_ro_comm_string |
RW community string | snmp_v2_rw_comm_string |
Serial Number | Not used in CSV 3.0 |
User Field 1 | user_defined_field_0 |
User Field 2 | user_defined_field_1 |
User Field 3 | user_defined_field_2 |
User Field 4 | user_defined_field_3 |
Telnet password | primary_password or secondary_password |
Enable password | primary_enable_password or secondary_enable_password |
Enable secret | primary_enable_password or secondary_enable_password |
Tacacs user | primary_username |
Tacacs password | primary_password |
Tacacs enable user | Not used in CSV 3.0 |
Tacacs enable password | primary_enable_password |
Local user | primary_username or secondary_username |
Local password | primary_password or secondary_password |
Rcp user | Not used in CSV 3.0 |
Rcp password | Not used in CSV 3.0 |
The order of preference used to set these values in CSV 3.0:
•If Tacacs username, password, enable password are set, then these values will be set as primary_username, primary_password and primary_enable_password.
•If Local username and password are set, then the values will be set as primary_username or secondary_username and primary_password or secondary_password.
The local username and password are matched to secondary_username and secondary_password if primary_username and primary_password is already set with Tacacs credentials.
•If Telnet password, Enable password, and Enable secret are set, then the values will be set as primary_password or secondary_password, and primary_enable_password or secondary_enable_password (for both Enable password, and Enable secret).
The Telnet password, Enable password, and Enable Secret are set to secondary credentials, if the primary_password and primary_enable_password are already set with Tacacs or Local credentials.
Sample XML File (Standard)
<?xml version="1.0"?>
<DEVICES>
<DEVICE>
<SET Name="Basic Credentials">
<DEVATTRIB Name="management_ip_address">10.77.203.55</DEVATTRIB>
<DEVATTRIB Name="host_name">Switch6009</DEVATTRIB>
<DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB>
<DEVATTRIB Name="display_name">10.77.203.55</DEVATTRIB>
<DEVATTRIB Name="sysObjectID">UNKNOWN</DEVATTRIB>
<DEVATTRIB Name="dcr_device_type">0</DEVATTRIB>
<DEVATTRIB Name="mdf_type">268438100</DEVATTRIB>
<DEVATTRIB Name="snmp_v2_ro_comm_string">public</DEVATTRIB>
<DEVATTRIB Name="snmp_v2_rw_comm_string">private</DEVATTRIB>
<DEVATTRIB Name="primary_username">lab</DEVATTRIB>
<DEVATTRIB Name="primary_password">lab</DEVATTRIB>
<DEVATTRIB Name="primary_enable_password">lab</DEVATTRIB>
<DEVATTRIB Name="secondary_username">lab</DEVATTRIB>
<DEVATTRIB Name="secondary_password">lab</DEVATTRIB>
<DEVATTRIB Name="secondary_enable_password">lab</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_user_id">userap1</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_password">roZes1</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_auth_algorithm">MD5</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_priv_password">roZes11</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_priv_algorithm">AES128</DEVATTRIB>
</SET>
</DEVICE>
</DEVICES>
Note For a complete list of attributes and their description, use the lsattr command in dcrcli. See Listing the Attributes for usage details.
Sample XML File for Auto Update Server Managed Devices
<?xml version="1.0"?>
<DEVICES>
<DEVICE>
<SET Name="Basic Credentials">
<DEVATTRIB Name="management_ip_address">10.77.203.55</DEVATTRIB>
<DEVATTRIB Name="host_name">Switch6009</DEVATTRIB>
<DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB>
<DEVATTRIB Name="display_name">10.77.203.55</DEVATTRIB>
<DEVATTRIB Name="sysObjectID">UNKNOWN</DEVATTRIB>
<DEVATTRIB Name="dcr_device_type">0</DEVATTRIB>
<DEVATTRIB Name="mdf_type">268438100</DEVATTRIB>
<DEVATTRIB Name="snmp_v2_ro_comm_string">public</DEVATTRIB>
<DEVATTRIB Name="snmp_v2_rw_comm_string">private</DEVATTRIB>
<DEVATTRIB Name="primary_username">lab</DEVATTRIB>
<DEVATTRIB Name="primary_password">lab</DEVATTRIB>
<DEVATTRIB Name="primary_enable_password">lab</DEVATTRIB>
<DEVATTRIB Name="secondary_username">lab</DEVATTRIB>
<DEVATTRIB Name="secondary_password">lab</DEVATTRIB>
<DEVATTRIB Name="secondary_enable_password">lab</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_user_id">userap1</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_password">roZes1</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_auth_algorithm">MD5</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_priv_password">roZes11</DEVATTRIB>
<DEVATTRIB Name="snmp_v3_priv_algorithm">AES128</DEVATTRIB>
</SET>
<SET Name="AUS proxy">
<DEVATTRIB Name="aus_username">admin</DEVATTRIB>
<DEVATTRIB Name="aus_password">admin</DEVATTRIB>
</SET>
<SET Name="AUS managed">
<DEVATTRIB Name="device_identity">AUS_ID</DEVATTRIB>
<DEVATTRIB Name="parent_aus_id">display_name=AUS_SERV1</DEVATTRIB>
</SET>
</DEVICE>
<DEVICE>
<SET Name="Basic Credentials">
<DEVATTRIB Name="management_ip_address">10.10.10.1</DEVATTRIB>
<DEVATTRIB Name="host_name">aus_server</DEVATTRIB>
<DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB>
<DEVATTRIB Name="display_name">AUS_SERV1</DEVATTRIB>
<DEVATTRIB Name="sysObjectID">UNKNOWN</DEVATTRIB>
<DEVATTRIB Name="dcr_device_type">3</DEVATTRIB>
<DEVATTRIB Name="mdf_type">UNKNOWN</DEVATTRIB>
</SET>
<SET Name="AUS proxy">
<DEVATTRIB Name="aus_username">admin</DEVATTRIB>
<DEVATTRIB Name="aus_password">admin</DEVATTRIB>
<DEVATTRIB Name="aus_url">autoupdate/AutoUpdateServlet</DEVATTRIB>
</SET>
</DEVICE>
</DEVICES>
Sample XML File for Cluster Managed Devices
<?xml version="1.0"?>
<DEVICES>
<DEVICE>
<SET Name="Basic Credentials">
<DEVATTRIB Name="management_ip_address">1.1.1.1</DEVATTRIB>
<DEVATTRIB Name="host_name">ons_dev_1</DEVATTRIB>
<DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB>
<DEVATTRIB Name="display_name">ONS1</DEVATTRIB>
<DEVATTRIB Name="sysObjectID">1.3.6.1.4.1.9.1.406</DEVATTRIB>
<DEVATTRIB Name="dcr_device_type">0</DEVATTRIB>
<DEVATTRIB Name="mdf_type">273612892</DEVATTRIB>
</SET>
<SET Name="DSBU managed">
<DEVATTRIB Name="dsbu_member_number">1</DEVATTRIB>
<DEVATTRIB Name="parent_dsbu_id">display_name=cluster1</DEVATTRIB>
</SET>
</DEVICE>
<DEVICE>
<SET Name="Basic Credentials">
<DEVATTRIB Name="management_ip_address">10.10.10.1</DEVATTRIB>
<DEVATTRIB Name="host_name">host1</DEVATTRIB>
<DEVATTRIB Name="domain_name">cisco.com</DEVATTRIB>
<DEVATTRIB Name="display_name">cluster1</DEVATTRIB>
<DEVATTRIB Name="sysObjectID">Unknown</DEVATTRIB>
<DEVATTRIB Name="dcr_device_type">1</DEVATTRIB>
<DEVATTRIB Name="mdf_type">278283831</DEVATTRIB>
</SET>
</DEVICE>
</DEVICES>
Exporting Devices and Credentials
This feature helps you in exporting a list of device and their credentials into a file. The device list can be obtained from the Device Selector, or from a CSV file.
You can view the list of attributes that can be exported and edit the Export Format file to specify the credentials you need to export. See Listing the Attributes for viewing the list of attributes.
You can:
•Export Device Credentials Using UI
or
•Export Devices Using CLI
The device information is exported to files in CSV (only CSV 3.0) and XML formats only. See Sample CSV Files and XML Files for sample CSV and XML files generated by the export utility.
Specifying Device Credentials for Export
The device attributes that are exported are specified in the Export Format files Export_Format_CSV.xml and Export_Format_XML.xml located at the NMSROOT\objects\dcrimpexp\conf directory.
By default, all the device attributes are exported. See Device Attributes for a list of device attributes.
You can:
•Edit the Export Format files to include UDF names in the export device attributes list.
•Enable or disable the option of exporting device credentials to the export format file. See Device Credentials for a list of device credentials that are exported if you enable this option.
Edit the Export format files only when you:
•Add the UDF information in the export device attributes list.
•Change or delete the UDF names when you rename or delete the UDFs respectively in the Device and Credentials Administration user interface.
See Configuring User Defined Fields in Administration Guide for Cisco Prime LAN Management Solution 4.2 for more information on configuring UDFs.
Sample Export Format File with Device Attributes Only
<?xml version="1.0" ?>
<EXPORT_FORMAT>
<GROUP Name="Basic Credentials">
management_ip_address,host_name,domain_name,device_identity,display_name,sysObjectID,dcr_d evice_type,mdf_type,http_mode,http_port,https_port,cert_common_name
</GROUP>
<GROUP Name="AUS proxy"> management_ip_address,host_name,domain_name,device_identity,display_name,aus_username,aus_ password,aus_url,aus_port</GROUP>
<GROUP Name="AUS managed"> management_ip_address,host_name,domain_name,device_identity,display_name,parent_aus_id </GROUP>
<GROUP Name="DSBU managed"> management_ip_address,host_name,domain_name,device_identity,display_name,dsbu_member_numbe r,parent_dsbu_id</GROUP>
<GROUP Name="CNS managed"> management_ip_address,host_name,domain_name,device_identity,display_name,parent_cns_id,cns _config_id,cns_event_id,cns_image_id</GROUP>
</EXPORT_FORMAT>
Sample Export Format File with Device Attributes and Device Credentials
<?xml version="1.0" ?>
<EXPORT_FORMAT>
<GROUP Name="Basic Credentials">
management_ip_address,host_name,domain_name,device_identity,display_name,sysObjectID,dcr_d evice_type,mdf_type,snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,snmp_v3_user_id,snmp_v3_ password,snmp_v3_engine_id,snmp_v3_auth_algorithm,snmp_v3_priv_password,snmp_v3_priv_algor ithm,rxboot_mode_username,rxboot_mode_password,primary_username,primary_password,primary_e nable_password,http_username,http_password,http_mode,http_port,https_port,cert_common_name ,secondary_username,secondary_password,secondary_enable_password,secondary_http_username,s econdary_http_password
</GROUP>
<GROUP Name="AUS proxy"> management_ip_address,host_name,domain_name,device_identity,display_name,aus_username,aus_ password,aus_url,aus_port</GROUP>
<GROUP Name="AUS managed"> management_ip_address,host_name,domain_name,device_identity,display_name,parent_aus_id </GROUP>
<GROUP Name="DSBU managed"> management_ip_address,host_name,domain_name,device_identity,display_name,dsbu_member_numbe r,parent_dsbu_id</GROUP>
<GROUP Name="CNS managed"> management_ip_address,host_name,domain_name,device_identity,display_name,parent_cns_id,cns _config_id,cns_event_id,cns_image_id</GROUP>
</EXPORT_FORMAT>
Adding User Defined Field Names to Export Format Files
You should add the UDF names in the Export Format file to export the additional information about devices stored in their user-defined fields.
Suppose if you want to export the device information stored in the user_defined_field_0, user_defined_field_1, user_defined_field_2 and user_defined_field_3 fields, you should edit the Export Format file and change the Basic Credentials group as follows:
<GROUP Name="Basic Credentials"> management_ip_address,host_name,domain_name,device_identity,display_name,sysObjectID,dcr_d evice_type,mdf_type,
snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,snmp_v3_user_id,snmp_v3_ password,snmp_v3_engine_id,snmp_v3_auth_algorithm,snmp_v3_user_id_authpriv,snmp_v3_passwor d_authpriv,snmp_v3_auth_algorithm_authpriv,snmp_v3_priv_password,snmp_v3_priv_algorithm,rx boot_mode_username,rxboot_mode_password,primary_username,primary_password,primary_enable_p assword,http_username,http_password,http_mode,http_port,https_port,cert_common_name,user_d efined_field_0,user_defined_field_1,user_defined_field_2,user_defined_field_3 </GROUP>
If you rename the user_defined_field_3 to udf3 in the user interface, you should change the Basic Credentials section in the Export Format file as follows:
<GROUP Name="Basic Credentials"> management_ip_address,host_name,domain_name,device_identity,display_name,sysObjectID,dcr_d evice_type,mdf_type,
snmp_v2_ro_comm_string,snmp_v2_rw_comm_string,snmp_v3_user_id,snmp_v3_ password,snmp_v3_engine_id,snmp_v3_auth_algorithm,snmp_v3_priv_password,snmp_v3_priv_algor ithm,rxboot_mode_username,rxboot_mode_password,primary_username,primary_password,primary_e nable_password,http_username,http_password,http_mode,http_port,https_port,cert_common_name ,user_defined_field_0,user_defined_field_1,user_defined_field_2,udf3</GROUP>
Export Device Credentials Using UI
To export device credentials:
Step 1 Select Inventory > Device Administration > Add / Import / Manage Devices.
The Device Management page appears.
Step 2 Click Export.
The Device Export dialog box appears.
You can use either of the following device selection methods:
•Select from Device Selector
Select this option if you want to export devices from DCR to the file that you specify in the Output File Information field. You can select the required devices from the Device Selector of the Device Export dialog box.
•Get Device List from File
Select this option if you want to export devices from a CSV file that is already present in the server, to the file you specify in the Output File Information field.
You can use this option when the CSV file contains only partial device credentials, and you want to get the full list of credentials. The input CSV file checks for data in DCR, and exports the data to the output file.
•Get Device List from Group
Select this option if you want to export all devices from the selected groups, to the file you specify in the Output File Information field.
This device selection method is useful when you want to run a scheduled export job. All new devices added to the selected groups are also automatically exported during the future scheduled jobs.
If you choose to select from the Device Selector:
a. Select the devices to be exported from the Device Selector.
b. Enter the location for the output file in the Output File Information panel field or click Browse to select the location.
c. Select either CSV or XML as your output file format.
If you choose to get the device list from a file:
a. From the Input File Selection Panel, click Browse to browse the file system and select the input file [in CSV format] to get the device list.
b. Enter the location for the output file in the Output File Information panel field or click Browse to select the location.
c. Select either CSV or XML as your output file format.
d. From the Device Selector, select the devices for which you need to export credentials.
If you choose to get the device list from groups:
a. Select the groups whose devices to be exported from the Group Selector.
b. Enter the location for the output file in the Output File Information panel field or click Browse to select the location.
c. Select either CSV or XML as your output file format.
d. From the Device Selector, select the devices for which you need to export credentials.
Step 3 Select Export Device Credentials if you want to export the device credentials along with the device attributes.
The device credentials including the passwords are exported to the output file in clear text format if you select this option.
A confirmation message appears.
Step 4 Click OK to continue.
Step 5 Select Send Device Export Report as an E-mail to send the Exported Devices report as an attachment.
If the report exceeds the maximum attachment size limit configured in System Preferences page, you may not receive the attachment. You will receive the e-mail notification that provides a hyperlink to the System Preferences page.
You should select the Enable Attachment option and enter a larger size in the Maximum Attachment Size field in the System Preferences page to receive the e-mail attachments. Go to Admin > System > System Preferences. See Modifying System Preferences in Administration Guide for Cisco Prime LAN Manager Solution 4.2for details on configuring maximum and minimum size of attachments.
Step 6 Schedule the task.
To do this:
a. Select the Run Type from the drop-down list.
You can schedule export immediately or schedule the export for a later time. The scheduling can be periodic (daily, weekly, or monthly) or only for a single instance.
b. Select the date from the date picker.
The date picker displays the date from the client system.
Step 7 Enter a description about the job in the Job Description field.
Step 8 Enter an e-mail address or multiple e-mail addresses separated by comma in the E-mail field.
E-mail notifications and the report attachments are sent to the e-mail addresses entered in this field. selected.
Step 9 Click Export.
If you schedule an immediate device export, the job starts immediately.
You must populate DCR with devices before you export credentials from DCR using Get Device List from File option.
Note We recommend that you use this option to export up to a maximum of 1000 devices.
Excluding Devices
This feature allows you to specify a file that contains the list of devices that should not be added to DCR using Add or Import operations.
During the Add or Import operations, DCR ensures that the device being added or imported is not listed in the Exclude Device List.
You can also remove the list of devices that are excluded earlier using the Exclude operation.
The file containing the list of excluded devices should be in CSV format. See A Sample CSV Exclude File for a sample CSV file used for Exclude operation.
You can exclude devices by specifying any one or more of the following fields in the CSV file:
• management_ip_address
• host_name and domain_name
• device_identity
If you are using a CSV file generated by the DCR Export utility to exclude devices from Add or Import operations, make sure to remove the sections related to AUS Managed, Cluster Managed and CNS Managed devices from the CSV file.
To exclude devices from Add or Import operations:
Step 1 Go to the CiscoWorks home page and select Inventory > Device Administration > Add / Import / Manage Devices.
The Device Management page appears.
Step 2 Click Exclude.
The Upload Exclude Devices File dialog box appears.
Step 3 Enter the file name or click Browse to browse the file system and select the file.
The file that needs to be uploaded must be in CSV format.
Step 4 Click Apply to upload the file.
The system displays a message that the devices are excluded successfully.
A Sample CSV Exclude File
; This file is generated by DCR Export utility
Cisco Systems NM Data import, Source=DCR Export; Type=DCRCSV; Version=3.0
;
;Start of section 0 - Basic Credentials
;
;HEADER:management_ip_address,host_name,domain_name,device_identity
;
,Dev1Hostname,,
10.1.0.60,,,
,,,AUSID1
,Dev2Hostname,cisco.com,
;
;End of CSV file
Viewing Devices List
You can view the devices in the Device List Report using this feature.
To view devices in the Device List Report:
Step 1 Go to the CiscoWorks home page and select Inventory > Device Administration > Add / Import / Manage Devices.
The Device Management page appears.
Step 2 Select the devices you want from the Device Summary list and click View.
The Device List Report dialog box appears.
Step 3 Select the device.
Step 4 Click View.
The Device List Report appears with the following details:
| |
---|---|
Device Name | Device name, as you want it to be represented in graphical displays and other reports. |
Device Type | Category, Series, and Model information of devices in DCR. For example, Device Type displays Cisco 3000 Router, Cisco Catalyst 8150 CSR Switch and so on. |
IP Address | Management IP Address used to access the devices. |
Domain Name | Domain name of the device. |
Host Name | Hostname of the device. |
AUS Device ID | Device ID of the devices managed by Auto Update Server. |
:
Understanding Unified Device Manager
In LMS 3.2, each application managed devices and there were multiple device sets. In LMS 4.2, Unified Device Manager (UDM) provides centralized device management using a centralized policy configuration. You have to configure a single policy to manage the devices. UDM identifies managed devices after verifying the configured policy and the license count.
Note There is no policy and license check for non-Cisco devices.
The workflow for UDM is:
1. Add or import devices to DCR
Go to Inventory > Device Administration > Add / Import / Manage Devices.
2. Discover devices
Go to Inventory > Device Administration > Discovery > Launch / Summary.
3. Configure the Device Management Policy.
Go to Inventory > Device Administration > Device Allocation Policy.
4. UDM checks the license count and the configured device management policy. If the device matches the license count and device management policy, it will be in managed state.
Important Notes Related to UDM
This section contains:
•Non-Cisco Device Support
•License Limit
•Backup and Recovery
•Device Management in Master-Slave Setup
Device Management in Master-Slave Setup
In LMS 4.0, the Master will behave like an LMS 4.2 server in Standalone mode. It will synchronize the device credentials across all servers.
When a server is converted into Slave:
•All DCR devices in the Slave will be deleted and synchronized with the Master.
•Device Management auto allocation policy will be disabled.
Non-Cisco Device Support
Non-Cisco Devices are not considered for license check in UDM. If these devices match the device management policy, they will be in managed state.
License Limit
The license limit for LMS is the maximum resource count that LMS can manage.
For example:
•For a 300 device license, the maximum number of devices that you can manage will be 300.
•For a 5000 device license, the maximum number of devices that you can manage will be 5000.
Backup and Recovery
During backup restore from a lower version, all the devices that were managed by the application might not satisfy the new policy configured by the user.
After the process of restore and startup of DCR, all the DCR devices will be verified with the LMS 4.2 configured policy and license count. If the devices match the configured policy and license count they will be called as managed devices else they will be called as suspended devices in UDM. All the suspended devices will not be part of any collector process. You must upgrade your license if you wish to manage the devices that are in suspended state due to the mismatch in the license count.
Cisco Nexus 7000 Device Support
When you add the Nexus devices (Cisco Nexus 7000 10-Slot Switch (1.3.6.1.4.1.9.12.3.1.3.612) and Cisco Nexus 7000 18-Slot Switch - N7K-C7018 (1.3.6.1.4.1.9.12.3.1.3.777)) to DCR, you must provide the Netadmin SNMP RO credential. When you provide other SNMP RO credentials, user tracking will not collect end host data.
Dynamic User Tracking is not supported for the Nexus devices as they do not have MAC notification feature. Trap configuration is also not supported.
The Nexus device should have NXOS 5.1(1), 5.1(3) or later. NXOS 5.1(2) is not supported.
To map community with context, configure the device as follows:
snmp-server context <context-name> vrf <vrf-name>
snmp-server mib community-map <snmp community> context <context-name>
Understanding Device States
The different device states in LMS 4.2 are:
•Managed State
•Suspended State
•Unmanaged State
•Managed Devices not matching the Policy
•Alias Device
Managed State
Devices that match the license count and the configured policy will be in this state. These devices will appear in the appropriate system defined and user defined groups, if the data necessary to resolve group membership is available. You can initiate various tasks and jobs using devices in this state.
You can perform LMS functionalities like Inventory Collection, and Configuration Management on only on managed devices.
You can move managed devices to suspended or unmanaged state.
Suspended State
If you have some devices under maintenance, they cannot be managed during that period. You can select these devices from the managed device list and suspend them. After the maintenance period, you can move these devices back to the managed state.
Suspended devices do not appear in the managed device list device selector. Syslogs from these devices do not cause any automated actions to happen. However, syslogs from devices in this state are collected and reported, and all the history data will be maintained in the system.These devices will be considered for license count in LMS. Traps are not collected from these devices. Collection and other management activities will not happen. You can move suspended devices to unmanaged or managed state.
Unmanaged State
Devices which fail to match the configured policy and license count will be in this state. You can also select some devices from the managed list and make them unmanaged devices.
These devices will be available in UDM and DCR. The corresponding events will be sent to the management components like collectors which will remove the history information from their date base. You can move the unmanaged device to only the managed state.
Managed Devices not matching the Policy
Managed devices that fail to match the current configured policy will be in this state. After a fresh installation, the number of Managed Devices not matching the Policy will be zero. Devices will move to this state only after you configure a device management policy, and if there are some managed devices that do not match the policy.
Alias Device
When you add a new device to LMS, this device may already exist in LMS, but with:
•Another hostname or IP Address.
•Same IP Address or host name, but, different device name.
These devices are known as alias devices. See, Working With Alias Devices for more information.
Configuring Device Management Policy
To configure the device management policy for UDM:
Step 1 Go to Inventory > Device Administration > Device Allocation Policy. The Device Management Policy page appears with the following fields:
| |
---|---|
Enable Auto Mode | Select this check box to automatically manage devices from DCR according to the device management policy, which you will configure here. This option is enabled by default. If you do not select this check box: •Devices will not be automatically managed in LMS, inspite of adding the devices using Inventory > Device Administration > Add / Import / Manage Devices > Add, and discovering them using Inventory > Device Administration > Discovery > Launch / Summary. •You have to manually add the devices as managed device using Inventory > Device Administration > Add as Managed Devices. |
Manage All Devices | Select this option to automatically manage all devices from DCR. This allocation method is dynamic in nature. When you add devices to DCR after applying the settings, they are also added to UDM at runtime. If you delete a device from DCR, the device will also change to unmanaged state. You can use this option only if the Enable Auto Mode check box is checked. The number of devices added into UDM will depend on the license limit. |
Manage By Groups | Select this option to automatically manage devices from DCR using device groups. The devices that are part of the selected groups are added to UDM. Note Read Important Notes for Manage By Groups Optionbefore you use this option. This allocation method is dynamic in nature.When you add new devices to groups after applying the settings, they are also added to UDM at runtime. You can use this option only if you select the Enable Auto Mode check box. The number of devices added UDM will depend on the license limit. Note When you configure the UDM policy, you must not select private and subnet groups in the Device Policy Management group selector. |
Group Selector | Lists the groups available for auto allocation. Select one or more groups so that devices belonging to those groups are automatically added to UDM. You can use this option only if you select the Enable Auto Mode check box. |
Step 2 Click Apply to apply the device management policy. The Auto Allocation Settings Summary page appears with the following details:
•Number of new devices that match the policy
•Number of new devices that match the current license limit
•Current License limit
Step 3 Click OK to launch the Device Addition Status pop-up which displays:
•Number of devices added
•Number of error devices
Step 4 Click OK.
Click Devices Not Matching the Policy button to launch the Managed devices list not matching with the policy page. This page has the list of devices which do not match the current policy. This button will be enabled only if you select the Manage By Groups option.
Important Notes for Manage By Groups Option
For user-defined groups, the UDM policy configuration will work only if you create these groups using the following group attributes:
•Host Name
•ManagementIPAddress
•Category
•DeviceIdentity
•DisplayName
•DomainName
•MDFId
•Model
•Series
•SystemObjectID
•User_defined_field_0
•User_defined_field_1
•User_defined_field_2
•User_defined_field_3
If you create a user-defined group with other attributes like IPAddress, subnet, and chassis.Modulename, the UDM policy will not work and the corresponding devices will not be moved to managed State in UDM.
Managing Device States
This section contains:
•Managed Device List
•Unmanaged Device List
•Suspended Device List
•Managed Devices List Not Matching With The Policy List
•Device State Change Report
To manage device states in LMS 4.0:
Select Inventory > Device Administration > Manage Device State.
The Device State Management page appears with the following details:
| |
---|---|
Device State | Displays the state of the device. The different device states in LMS 4.2 are: •Managed State Devices that match the license count and the configured policy. •Suspended State If you have some devices under maintenance, they cannot be managed during that period. You can select these devices from the managed device list and suspend them. •Unmanaged State Devices that fail to match the configured policy and license count. •Managed Devices not matching the Policy Managed devices that fail to match the current configured policy. •Alias Devices When you add a new device to LMS, this device may already exist in LMS, but with another hostname or IP Address. This device will be an Alias device. For more information see Understanding Device States, |
Device Count | Displays the total number of devices in the respective state. Click on the number to launch the respective device list page. When you click the number of managed devices, it goes to the Managed Device List page, see Managed Device List. When you click the number of unmanaged devices, it goes to the Unmanaged Device List page, see Unmanaged Device List. When you click the number of Managed Devices not Matching the Policy, it goes to the Managed devices list not matching with the policy page, see Managed Devices List Not Matching With The Policy List. When you click the number of suspended devices, it goes to the Suspended Device List page, see Suspended Device List. When you click the number of alias devices, it goes to the Alias Devices page, see Working With Alias Devices. |
Managed Device List
You can view the list of managed devices. You can select a managed device, and unmanage or suspend it. Click the number of managed devices to launch the Managed Device List page. Click Cancel to return to the Device State Management page.
Select a managed device from the device selector and click Unmanage or Suspend to change the device state.
The Device State Change Report pop-up appears. If there is an error in change of device state it will appear in the report. For more information, see Device State Change Report.
Unmanaged Device List
You can view the list of unmanaged devices and their details like IP Address, host name, and location. You can select an unmanaged device, and manage it. Click Cancel to return to the Device State Management page.
Select an unmanaged device and:
•Click Manage to change the state of the device to managed state.
•Click Add to Unmanaged List to change the state of more managed devices to unmanaged state. The Managed Device List page appears with the list of all managed devices.
The Device State Change Report pop-up appears. If there is an error in change of device state it will appear in the report. For more information, see Device State Change Report.
Suspended Device List
You can view the list of suspended devices and their details like IP Address, host name, and location. You can select a suspended device, and manage it. Click Cancel to return to the Device State Management page.
Select a suspended device and:
•Click Unmanage to change the state of the device to unmanaged state.
•Click Manage to change the state of the device to managed state.
•Click Add to Suspended List to change the state of more managed devices to suspended state. The Managed Device List page appears with the list of all managed devices.
The Device State Change Report pop-up appears. If there is an error in change of device state it will appear in the report. For more information, see Device State Change Report.
Managed Devices List Not Matching With The Policy List
You can view the list of Managed Devices not Matching the Policy and their details like IP Address, host name, and location. You can select a device, and manage it. Click Cancel to return to the Device State Management page.
Select a device and click Unmanage or Suspend to change the device state.
The Device State Change Report pop-up appears. If there is an error in change of device state it will appear in the report. For more information, see Device State Change Report.
Device State Change Report
The Device State Change Report pop-up appears when you change the state of a device. If there is an error in the change of device state it will appear in the report.
This report shows the following details:
•Total devices—The total number of devices that were configured to change their state.
•Number of devices that changed state —The total number of devices that have changed their state.
•Error devices—The total number of devices that have not changed their state.
Adding Managed Devices
If you do not configure the Device Policy Management using Inventory > Device Administration > Device Allocation Policy, you can manually add managed devices.
You can select a device from the device selector, which shows only the unmanaged devices, and add it as a managed device. To do this select Inventory > Device Administration > Add as Managed Devices.
If you neither configure the Device Policy Management nor manually add managed devices, devices will not be automatically managed in LMS, inspite of adding the devices in DCR, using Inventory > Device Administration > Add / Import / Manage Devices > Add, and discovering them using Inventory > Device Administration > Discovery > Launch / Summary.
Working With Alias Devices
When you add a new device to LMS, this device may already exist in LMS, but with another hostname or IP Address. This device will be an Alias device.
This section contains:
•Resolving an Alias Device
•Verifying Device Credentials
The following are the prerequisites for detecting an alias device:
•The alias device is detected when you perform the first inventory collection for a device.
•A device is detected as an alias device only after a successful inventory collection. If a device is detected as an alias device, you can resolve it using Inventory > Device Administration > Device Aliases.
•For all devices which are aliased devices, the LMS reruns the alias detection algorithm again. This detection is performed whenever the inventory is collected successfully.
For example, this can happen after you correct the IP Address of the device.
•If the inventory collection is partially successful or failed, an alias device may be listed as a Managed Device or as a Unmanaged Device, based on whether the device was reachable or not.
•After resolving alias devices, the devices will be managed state.
You can resolve the alias by selecting one of the devices using Inventory > Device Administration > Device Aliases (see Resolving an Alias Device). After you resolve the alias, all the rejected devices are deleted from the LMS database.
LMS detects an alias device using the alias detection algorithm. It:
1. Gets the device IP Address, sysObjectID and the MAC address corresponding to the IP Address of the new device.
2. Refers to LMS database for devices with the same sysObjectID.
3. Refers to LMS database for devices, which returned in step 2 with IPAddresses and MAC addresses that match the addresses of the new device.
4. Compares the port count for the devices that match the criteria described in Step 2 and 3.
5. Identifies the new device as an alias device if the device is returned in Step 4. Otherwise it does not identify the new device as an alias device.
Resolving an Alias Device
To resolve an Alias device:
Note View Permission Report (Reports > System > Users > Permission) to check if you have the required privileges to perform this task.
Step 1 Select Inventory > Device Administration > Device Aliases.
Or
Select Inventory > Device Administration > Manage Device State and click on the Device Count column entry for the Alias Device State.
The Alias Devices dialog box appears. This dialog box contains two panes,
•Managed Devices—Lists the Managed devices that have aliases to the devices.
•Alias Devices—Lists the devices that are aliased to the Managed devices.
Step 2 Select a device from the Normal Devices pane to view the list of aliased devices.
Step 3 Click Show Alias Devices.
The devices that are aliased to the Managed devices appear in the Alias Devices pane. The devices that are in the Managed device state are also listed along with the other alias devices.
Step 4 Select a device you want to resolve from the Alias Devices pane.
You can go to Inventory > Device Administration > Add / Import / Manage Devices and delete an alias device.
Step 5 Click Select.
The selected device is moved to the Managed device state.
After resolving the alias state devices:
•The resolved devices will remain in the Managed state.
•The unresolved devices will be in the unamanaged state and all their history information will be lost.
You can view the state of the device using Inventory > Device Administration > Manage Device State.
Verifying Device Credentials
To verify device credentials, select Inventory > Job Browsers > Device Credentials Verification.
The Device Credential Verification Jobs browser dialog box appears with a detailed list of all scheduled CDA jobs.
The columns in the job browser display the following information:
| |
---|---|
Job ID | Unique number assigned to job when it is created. For periodic jobs such as Daily, and Weekly, the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001. Click on the hyperlink to view the Job details. |
Status | Status of the job: •Successful—When the job is successful. •Failed—When the job has failed. •Stopped—When the job has been stopped. •Running—When the job is in progress. •Missed Start—When the job is not initiated to run. •Scheduled—When the job is scheduled to run at a later point of time. •Stop Init—When the job is stopped, it goes to Stop Init State before going to Stopped state. |
Description | Description of the job, entered at the time of job creation. |
Owner | Username of the job creator. |
Scheduled at | Date and time at which the job was scheduled. |
Completed at | Date and time at which the job was completed. |
Schedule Type | Type of job schedule—Immediate, Once, Daily, Weekly, Monthly, 6-Hourly, 12-Hourly. You can specify when you want to run the Device Credential job. To do this, select one of these options from the drop down menu: •Immediate—Runs the report immediately. •Once—Runs the report once at the specified date and time. •Daily—Runs daily at the specified time. •Weekly—Runs weekly on the day of the week and at the specified time. •Monthly—Runs monthly on the day of the month and at the specified time. •6-Hourly—Runs once in 6 hours. •12-Hourly—Runs once in 12 hours. For periodic jobs, the subsequent instances of periodic jobs will run only after the earlier instance of the job is complete. For example: If you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed. If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, then the next job will start only at 10:00 a.m. on November 3. |
You can do one of the following:
•Click Report to generate a report for Device Credential Verification.
•Click Create to create a new device credential verification job.
You can also select a job and do one of the following:
•Click Edit to edit a job. You can edit only scheduled jobs.
•Click Retry to retry a job
When you retry a failed job, the job will be retried only on the failed devices, even if it was successful on other devices.
•Click Stop to stop a job.
•Click Delete to delete a job.
For further details see Creating Device Credentials Verification Jobs.
Creating Device Credentials Verification Jobs
Note View Permission Report (Reports > System > Users > Permission) to check if you have the required privileges to perform this task.
To select the credentials that need to be verified while adding devices:
Step 1 Select Inventory > Job Browsers > Device Credentials Verification.
Or
Select Admin > Network > Device Credential Settings > Verification Settings.
The Device Credentials Job Creation dialog box appears.
Step 2 Click Create to create a new device credential verification job.
Step 3 Select either:
•Device Selector, if you want to schedule report generation for static group of devices.
Or
•Group Selector, if you want to schedule report generation for dynamic group of devices.
Step 4 Enter the information required to create a job:
| |
---|---|
Device Credentials Options | Select the credentials that need to be checked. You can check the following device credentials: •SNMP Read Community String •SNMP Write Community String •SNMPv3—SNMP version 3 username and password •Telnet—Telnet username and password. •Telnet Enable Mode User Name and Password. •SSH—SSH username and password. •SSH Enable Mode User Name and Password To view all these credentials select All. |
| |
Run Type | Specifies the type of schedule for the job: •Immediate—Runs the report immediately. •6 - hourly—Runs the report every 6 hours, starting from the specified time. •12 - hourly—Runs the report every 12 hours, starting from the specified time. •Once—Runs the report once at the specified date and time. •Daily—Runs daily at the specified time. •Weekly—Runs weekly on the day of the week and at the specified time. •Monthly—Runs monthly on the day of the month and at the specified time. For periodic jobs, the subsequent instances of jobs will run only after the earlier instance of the job is complete. For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2, only if the earlier instance of the November 1 job has completed. If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, then the next job will start only at 10:00 a.m. on November 3. If you select Immediate, the Date field option will be disabled. |
Date | 1. Enter the start date in the dd Mmm yyyy format, for example, 02 Jul 2010, or click on the Calendar icon and select the date. 2. Enter the start time by selecting the hours and minutes from the drop-down list. The Date field is enabled only if you have selected an option other than Immediate in the Run Type field. |
| |
Job Description | Enter a description for the report that you are scheduling. This is a mandatory field. Accepts alphanumeric values and special characters. This field is restricted to 256 characters. |
| Enter e-mail addresses to which the job sends messages when the job has run. You can enter multiple e-mail addresses separated by commas. Configure the SMTP server to send e-mails in the View/Edit System Preferences dialog box (Admin > System > System Preferences). Configure the Cisco Prime E-mail ID in the View / Edit System Preferences dialog box (Admin > System > System Preferences). When the job starts or completes, an e-mail is sent with the Cisco Prime E-mail ID as the sender's address, |
Attachment | Select this option if you want to send attachments in the job notification mail. Either select: •CSV if you want the attachment in CSV format. Or •PDF if you want the attachment in PDF format. This is the default format. The CSV and PDF radio options will be enabled only if the Attachment check box is selected. If the Attachment option is disabled, you can change the settings. |
Step 5 Click OK.
DCR Server Error
The communication error may be due to the following reasons:
• The DNS resolution does not match with server assigned IP Address.
Workaround: DNS resolvable IP Address should be same as server IP Address.
• DHCP is enabled in the server.
Workaround: DHCP should be disabled in the server.
• The server's original IP Address may have changed.
Workaround: Restart Cisco Prime Daemon Manager.
• CTM registry corruption has occurred due to rebooting the server without stopping the Cisco Prime Daemon Manager.
Workaround: Delete the ctmregistry and ctmregistry.backup file in NMSROOT/MDC/tomcat/webapps/cwhp/WEB-INF/LIB and then restart the Cisco Prime Daemon Manager.
• DCR Server and related process might be down.
Workaround: Check the processes to make sure DCR Server is running, and restart it if not.
• The hostname change is not done by the hostnamechange.pl in LMS.
Workaround: Hostname change should be done using NMSROOT/bin/hostnamechange.pl in LMS.
• LMS self signed certificate would have been expired.
Workaround: Regenerate the certificate and restart the daemon manager.
Managing Auto Update Servers
Auto Update Servers have the following credentials:
•Auto Update Server URL
•Username
•Password
Note The Auto Update Server Management UI is not visible in a DCR Slave machine.
Auto Update Server management feature helps you to add, edit, or delete Auto Update Server. See Adding, Editing, and Deleting Auto Update Server for more information.
Adding, Editing, and Deleting Auto Update Server
To add, edit, or delete Auto Update Server:
Step 1 Go to Inventory > Device Administration > Auto Update Server Management.
The Auto Update Server Management page appears.
Step 2 You can do the following:
•Add
–Click Add to add Auto Update Server. The Auto Update Server dialog box appears.
–Enter the Device Name, Domain Name, IP Address, Host, Port, URN, User name, and password in the corresponding fields. Re-enter the password in the Verify field.
DCR uses a device record to represent a Auto Update Server.
An Auto Update Server added in the Auto Update Server Management UI can be selected for the Auto Update Server field when you add devices using the Auto Update management type.
–Click OK.
• Edit
–Select the device you want to edit from the list and click Edit. The Auto Update Server dialog box appears.
–Edit Device Name, Domain Name, IP Address, Port, URN, User name, and Password fields.
–Click OK.
• Delete
–Select the device you want to delete from the list.
–Click Delete.
The Device Deletion Confirmation dialog box opens.
–Click OK to confirm the deletion of AUS Update Servers.
Configuring Device Selector
The improved Device Selector allows you to search the devices in DCR. It helps to locate the devices and perform the various device management tasks quickly. With this improved Device Selector, you need not remember the device type or application group hierarchy to locate the devices.
The devices are categorized under the Device Type based groups, User Defined groups, Subnet Based groups, Application Specific groups or under All Groups.
You can define the settings of the Device Selector pane to customize the display of devices and the order of display. You can customize the top level groups, sub-groups and the list of devices displayed under each group using the Group Customization option.
The Group Ordering option allows you to specify the order of display in which the groups are seen in the Device Selector pane. See Device Selector Settings in the Administration User Guide for LMS 4.0 for more information.
The Device Selector Settings are specific to each user. You can search for devices using a Simple search or an Advanced search. See Searching Devices for more information.
Tool tips are also provided for devices that contain long names so that you do not have to scroll horizontally to see the complete device name.
This section contains the following information:
•Using Device Selector
•Selecting Devices for Device Management Tasks
•Searching Devices
Using Device Selector
The Device Selector is used to select devices to perform various device management tasks. This lists all devices in a group. The Device Name of the devices entered when you have added the devices in DCR is displayed as the device name in the Device Selector pane.
The Device Selector contains the following components:
| |
---|---|
Search Input | Enter your search expression in this text field. You can enter a single device name or multiple device names in this field. You can enter the following as search inputs for searching multiple devices: •Comma separated list of full device names •Device names with wildcard characters ? and * to search for multiple devices matching the text string entered in this input field. The wildcard character ? matches single character in a device name and the wildcard character * matches multiple character in a device name. •Combination of comma separated list of device names, and device names with wildcard characters. See Performing Simple Search for more information. |
Search | Use this icon to perform a Simple search of devices, after you have entered your search input. See Performing Simple Search for more information. |
Advanced Search | Use this icon to perform an Advanced search of devices. See Performing Advanced Search for more information. |
All | This tab lists all the top-level device groups and the device names under each group in a hierarchical format (tree view). The top-level device groups include: •All Devices •Device Type Groups •User Defined Groups See Understanding Device Groups in Administration User Guide for LMS 4.0 for more information on types of device groups. |
Search Results | This tab displays all your Simple or Advanced search results and you can select all devices, clear all devices, or select a few devices from the list. The Simple search results are based on the device name of the devices added to DCR. The Advanced search results are based on the grouping attributes of the application's grouping services server. |
Selection | This tab lists all the devices that you have selected in the All or Search Results tab or through a combination of both. You can also use this tab to deselect the devices you have already selected. You can perform more than one search and can accumulate your selection of devices. |
The Device Selector displays the number of devices selected by you at the bottom. When you click the link provided, it launches the Selection Tab.
Tool tips are also provided for devices that contain long names so that you do not have to scroll horizontally to see the complete device name.
Selecting Devices for Device Management Tasks
You can select devices to perform various device management tasks such as editing device credentials and viewing device credentials, using any of these methods:
•Selecting Devices From All Tab
•Selecting Devices From Search Results
•Combination of Selection From All Tab and Search Results
Selecting Devices From All Tab
The All tab lists the top-level device groups and the device names under each group in a hierarchical format (tree view).
You can select the devices from the tree view. The Selection tab shows the flat list of selected devices from the All tab.
You should expand the nodes of the top-level device groups and sub groups to see the list of devices within a group and select the devices you want. We recommend that you do not expand and leave the multiple group nodes open at a time. This may affect the performance of the device selector.
Selecting Devices From Search Results
You can perform a Simple Search or an Advanced Search, and the search results are displayed under the Search Results tab. You can select the devices you want from the Search Results tab. The Selection tab and the All tab, display the devices you have selected from the Search Results tab.
Note You can perform more than one search and can accumulate your selection of devices.
Combination of Selection From All Tab and Search Results
You can select the devices from the All tab and add more devices to the Selection list from the Simple or Advanced search results in the Search Results tab.
The Selection tab displays the accumulated list from both All and Search Results tabs.
You can enter another search criteria and select more devices. The selected devices are accumulated in the Selection tab.
Searching Devices
With the improved Device Selector, you can search the devices by performing a Simple search or an Advanced search. In both cases, you do not need to remember the name of the devices and the groups in which the devices are grouped.
Note The search string is not case sensitive in LMS.
This section contains the following:
•Performing Simple Search
•Performing Advanced Search
Performing Simple Search
You can enter your search criteria in the Search Input field and search for the devices using the Search icon. The search results are based on the device name of the devices added in DCR.
Note the following points when you perform a Simple search.
• You can enter a comma separated list of device names to search for multiple devices.
• You can use the wildcard characters * and ? to search for multiple devices that match the text string entered in this input field. Multiple wild card characters are allowed in a search string.
•You can use the combination of comma separated list of device names and wildcard characters in the device names to search for multiple devices.
• If you are not using the wild card characters, make sure that you enter the full device name.
For example, when you enter device2? , *.cisco1 , *device10* as search input, the system displays:
•Device names starting with device2 and with only one character after device2
•Device names ending with . cisco1
•Device names containing the text string device10
Note When IPv6 device is to be searched and the IPv6 address is given in a compressed format in the search , it will fetch and display the IPv6 address managed in the LMS. For e.g. if 2059::C671* is searched for, the result fetched will be 2059::C671:FEFF:FE8F:7FC1 and 2059::C671:FEFF:FEA0:6B41.
Performing Advanced Search
Use the Advanced Search icon to open the Advanced Search popup window and specify a set of rules for performing an Advanced search. The advanced search is based on the grouping attributes of the grouping server.
You can create a rule in the Advanced Search dialog box by either:
•Using Expressions
or
•Using Rule Text Fields
You can verify whether the rule you have entered is correct using the Check Syntax button, and reset the rule you have created using the Clear button.
Using Expressions
You can use expressions to form a rule in the Advanced Search Dialog box. Each rule expression contains:
• Device Type — Object type used for forming a group. All expressions start with the string Device
• Variables — Device attributes used to form a device group. The list of variables for advanced search are Category, DeviceIdentity, DisplayName, DomainName, HostName, ManagementIpAddress, MDFId, Model, Series, SystemObjectID, and the user-defined data, if any.
The device attributes listed in Variables list box are specific to LMS only. The list of device attributes are different across LMS applications. The Advanced Search window in the Device Selector of Cisco Prime applications displays the respective device attributes as variables.
• Operators — Various operators to be used with the rule. The list of operators includes equals, contains, startswith, and endswith. The list of operators changes dynamically with the value of the variable selected.
For the ManagementIpAddress variable, you can select the range operator other than the standard list of operators. The range operator enables you to search for devices of the specified range of IP Addresses. See Using IP Address Range to Form a Search Rule for more information.
• Value — Value of the variable. The value field changes dynamically with the value of the variable and operator selected, and this may be a text field or a list box.
After you define the rule settings, click Add Expression to add the rule expression.
You can also enter multiple rule expressions using the logical operators. The logical operators include OR, EXCLUDE and AND.
Using IP Address Range to Form a Search Rule
The range operator enables you to search the devices of the specified range of IP Addresses. You can select the range operator only for the ManagementIpAddress and IP.Address variables.
You should enter the range of IP Addresses in the Value field, to create a search rule based on IP Address ranges.
When you enter the IP Address range in the text field, you should:
•Specify the range with permissible values for one or more octets in the IP Address.
The minimum limit in the range is 0 and the maximum limit is 255.
•Use the hyphen character (-) as a separator between the numbers within a range.
•Specify the range of IP Addresses within the [ and ] characters to create a group rule.
For example, you can enter 10.10.10.[0-255] or 10.10.[0-255].[0-255] in the Value field.
You should not:
•Enter numbers lesser than 0 and greater than 255 in the IP Address range.
•Enter any other characters other than the range separator (-).
•Enter the value of highest limit in the range as less than the value of smallest limit number. For example, you should not enter 10.10.10.[8-4].
Example for forming a Search Rule Using Expressions
For example, if you want to search all the devices in the network whose device name contains TestDevice
or their IP Addresses within the range 10.10.210.207
to 10.10.212.247
, you must perform the following:
Step 1 Click the Advanced Search icon in the Device Selector pane.
The Define Advanced Search Rule dialog box appears.
Step 2 Create a search rule expression. To do so:
a. Select Variable as DisplayName
b. Select Operator as equals
c. Enter the Value as TestDevice
Step 3 Click Add Rule Expression.
The rule is added into the Rule Text.
Step 4 Create another rule expression. To do this:
a. Select OR
as the logical operator
b. Select Variable as ManagementIPAddress/IP.Address
c. Select Operator as range
d. Enter the Value as 10.10.[210-212].[207-247]
Step 5 Click Add Rule Expression.
The rule is appended into the Rule Text.
Step 6 Click Search to display the devices that satisfies the specified rule in the Device Selection dialog box.
Using Rule Text Fields
You can use Rule Text Fields to directly enter a rule without building any expressions. Ensure the rule you create follows the syntax Object type.Variable Operator Value.
You can also enter multiple rule expressions using the logical operators.
For example, if you want to search all the devices in the network whose device name contains TestDevice
or their SysObjectIDs start with 1.3.12.1.4
, you must construct a rule as follows:
Device.DisplayName contains "TestDevice" OR Device.SystemObjectID startswith "1.3.12.1.4"
Note We recommend that you use expressions to construct a complex rule instead of creating them using the Rule Text field. Use the Rule Text field to make any minor edits to the constructed rule.
Additional Notes
Read the following notes before you perform a advanced search:
• You cannot use wild card characters in the Value field. Instead you can use the operator as startswith or contains.
• You can use Check Syntax button, when you add or modify a rule manually.
• You must delete the complete rule expression including the logical operator, when you delete a portion of your rule.
• The search string is case-insensitive.
Cisco Prime Lan Management Solution 4.2 Part Number
Source: https://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/user/guide/inventory/inventory/mng_device.html
0 Response to "Cisco Prime Lan Management Solution 4.2 Part Number"
Post a Comment