LIMITED ORDERABILITY RELEASE - Cisco€¦ · LIMITED ORDERABILITY RELEASE Contents v Cisco Evolved...

L IM ITED ORDERABIL ITY RELEASE

Cisco Evolved Programmable Network Manager 1.1 User and Administrator GuideMay 2015

Cisco Systems, Inc.www.cisco.com

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

Text Part Number:

http://www.cisco.comhttp://www.cisco.com/go/offices


THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco Evolved Programmable Network Manager 1.1 User and Administrator Guide© 2015 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

Ci


C O N T E N T S

P A R T 1 Get Started with Cisco EPN Manager

C H A P T E R 1 Get Started With Cisco EPN Manager 1-1

Setup Tasks That Should Be Completed Before Using Cisco EPN Manager 1-1

Log In and Out 1-2

Change Your Password 1-2

Use the Main Window Controls 1-3

Set Up and Use the Dashboards 1-6

Set Up the Performance Dashboard 1-8

Add a New Dashlet To An Existing Dashboard 1-9

Create a Generic Dashlet to Monitor Performance Information 1-12

Add a New Dashboard to the Cisco EPN Manager GUI 1-13

Find Out Why Data Is Missing from a Dashboard 1-13

Adjust Your GUI Idle Timeout and Other Settings 1-13

Work In a Different Virtual Domain 1-14

Extend Cisco EPN Manager Functions 1-14

Check the Documentation for More Information 1-15

P A R T 2 Manage the Inventory

C H A P T E R 2 Add and Organize Devices 2-1

How Often Is Inventory Collected? 2-1

Configure Devices So They Can Be Modeled and Monitored 2-2

Apply Device Credentials Consistently Using Credential Profiles 2-4Create a New Credential Profile 2-5Apply a New or Changed Profile to Existing Devices 2-5Delete a Credential Profile 2-6

Add Devices to Cisco EPN Manager 2-6Add Devices Using Discovery 2-7

Run Quick Discovery 2-7Run Discovery with Customized Discovery Settings 2-8

iiisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Import Devices Using a CSV File 2-10Add Devices Manually (New Device Type or Series) 2-11Example: Adding an Cisco NCS 2000 or 4000 Series Device 2-12Example: Adding a Network Element as an ENE Using Proxy Settings 2-12

Validate Added Devices and Troubleshoot Problems 2-13

Export Device Information to a CSV File 2-14

Create Device Groups for Easier Management and Configuration 2-15How Groups Work 2-15Create Device Type Groups 2-17Create Location Groups 2-17Create Port Groups 2-18Make Copies of Groups 2-18Hide and Delete Groups 2-19Find Devices With Inventory Collection Problems 2-19

Delete Devices 2-20

C H A P T E R 3 View Device Details 3-1

Find Devices 3-1

Get A Quick Look at a Device: Device 360 View 3-2

Get Comprehensive Device Information: Device Details Page 3-4

View Device Ports 3-5

View Device Interfaces 3-8

View Device Modules 3-12

View Environment Information (Power Supplies, Fans) 3-12

View Device Neighbors 3-12

C H A P T E R 4 Manage Device Configuration Files 4-1

Set Up Device Configuration File Management 4-1Make Sure Devices Are Configured Correctly 4-2Control How Archiving is Triggered 4-2Set Up Event-Triggered Archiving 4-2Specify Items to Be Excluded When Configuration Files Are Checked for Changes 4-3Control the Timeouts for Configuration Archive Operations 4-3Control How Often the Archive Summary Is Updated 4-3Control How Many Files Can Be Archived In Parallel 4-4Control Whether Configuration File Content Is Masked During Exports 4-4Control When Device Configuration Files are Purged from the Database 4-4

How Do I Find Out the Last Time Files Were Archived? 4-4

ivCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Back Up Device Configuration Files to the Archive 4-5

View the Device Configuration Files That Are Saved in the Archive 4-6

View a Specific Device’s Raw Archived Configuration Files 4-7

Label Important Configuration Files With Tags 4-8

Find Out-of-Sync Devices and Synchronize Them 4-8

Compare Device Configuration Files 4-9

Deploy an External Configuration File to a Device 4-10

Overwrite a Startup Configuration with a Running Configuration 4-10

Roll Back a Device’s Configuration To an Archived Version 4-11

Export a Configuration File to a Local File System 4-12

Check the Network Audit for Configuration Archive Operations 4-12

C H A P T E R 5 Manage Device Software Images 5-1

Set Up Software Image Management 5-1Make Sure Devices Are Configured Correctly 5-2Verify Cisco EPN Manager Server Settings 5-2Control Whether Images Are Saved to the Repository During Inventory Collection 5-2Adjust Criteria for Cisco.com Import Recommendations 5-2Adjust Image Transfer and Distribution Preferences 5-3Change Cisco.com Credentials for Image Imports 5-4

Create an Image Baseline 5-4

How Do I Found Out Which Images Are Used by Network Devices? 5-5

How Do I Know My Device Has the Latest Image? 5-5

View the Images That Are Saved in the Repository 5-6

Find Out Which Devices Are Using an Image 5-6

View Recommended and Available Software Images from Cisco.com 5-7

Add (Import) Software Images to the Repository 5-8

Change the Device Requirements for Upgrading a Software Image 5-10

Verify That Devices Meet Image Requirements (Upgrade Analysis) 5-11

Distribute a New Software Image to Devices 5-11

Activate a New Software Image on Devices 5-14

Activate, Deactivate, and Delete Cisco IOS XR Images from Devices 5-15

Commit Cisco IOS XR Images Across Device Reloads 5-15

Roll Back Cisco IOS XR Images 5-16

Check the Network Audit for Software Image Operations 5-17

Delete Software Image Files from the Repository 5-18

vCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

P A R T 3 Visualize the Network

C H A P T E R 6 Visualize the Network Topology 6-1

Network Topology Overview 6-1

View Detailed Tables of Alarms, Links, and Circuits/VCs 6-3

Determine What is Displayed in the Topology Map 6-5Display Network Elements in the Topology Map 6-5View the Contents of a Sub-Group in the Topology Map 6-6Manually Add Links to the Topology Map 6-6Change Which Link and Device Types are Shown in the Topology Map 6-7Show/Hide Alarms, Links, and Labels in the Topology Map 6-7Isolate Specific Sections of a Large Topology Map 6-8

Get More Information About Devices 6-8

Get More Information About Links 6-9

View Fault Information for Devices and Links 6-9

Change the Topology Map Layout 6-10

Save the Topology Map Layout 6-10

Add a Background Image to the Network Topology 6-10

Visualize and Trace Circuits/VCs 6-11

Save the Topology Map as an Image File 6-12

P A R T 4 Monitor the Network

C H A P T E R 7 Monitor Device and Network Health and Performance 7-1

How Device Health and Performance Is Monitored: Monitoring Policies 7-1

Adjust the Device Health Monitoring Policy 7-4

Set Up Interface Monitoring 7-4

Use the Dashboards To Check Network and Device Health 7-7

Check What Cisco EPN Manager Is Monitoring 7-7

Check a Monitoring Policy’s Device, Polling, Threshold, and Alarm Settings 7-8

Check the Status of Past Data Collections 7-8

Monitor New Information By Creating a New Monitoring Policy 7-9Create a New Monitoring Policy Using Policy Types 7-9Create a New Monitoring Policy Based On An Existing Policy 7-10

Create a Monitoring Policy for Unsupported Parameters and Third-Party Devices 7-10

Change the Device Set a Policy is Monitoring 7-11

Change the Polling Interval for a Monitoring Policy 7-12

viCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Change Thresholds and Alarm Behavior for a Monitoring Policy 7-12

Run Performance Tests 7-13

Generate Performance Reports 7-13

C H A P T E R 8 Monitor Alarms and Events 8-1

What Are Alarms and Events? 8-1

How are Alarms and Events Created and Updated? 8-2

Which Events Are Supported? 8-5

Set Alarm and Event Management Preferences 8-5

Interpret Event and Alarm Badges and Colors 8-8

View and Filter Alarms 8-9

Get More Information About An Alarm 8-10

Acknowledge and Clear Alarms 8-12

Add Notes To an Alarm 8-13

View Events (Including Generic Events) and Syslogs 8-13

Get Support from Cisco 8-14

Respond to Problems Within Cisco EPN Manager 8-15

C H A P T E R 9 Customize Alarm and Event Information 9-1

Configure E-Mail Notifications for Alarms and Events 9-1

Manage How Alarms Are Triggered (Alarm Thresholds) 9-2

Change Event Severity Levels 9-3

Change the Behavior of Expedited Events 9-3

Disable and Enable Generic Trap and Syslog Handling 9-4

C H A P T E R 10 Monitor Cisco ASR 9000 Network Virtualization (nV) Satellites and Cluster Services 10-1

Monitor Cisco ASR 9000 nV Satellites 10-1Prerequisites for Cisco ASR 9000 nV Satellites 10-3Satellite Considerations in Cisco EPN Manager 10-3View Cisco ASR 9000 Host-Satellite Topology in the Topology Map 10-3Identify the Satellites Connected to a Cisco ASR 9000 Host 10-4Identify the Hosts Connected to a Satellite 10-6Monitor Cisco ASR 9000 nV Satellites for Faults 10-7Satellites and the Network Devices Inventory 10-10

Monitor a Cisco ASR 9000 nV Edge Cluster 10-10Prerequisites for nV Edge 10-10View a nV Edge Cluster in the Topology Map 10-11

viiCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Identify the Primary and Backup Devices in a Cluster 10-11Monitor and Troubleshoot a Cisco ASR 9000 nV Edge Cluster Service 10-12

C H A P T E R 11 Manage Reports 11-1

Reports Overview 11-1

Reports Available in Cisco EPN Manager 11-1Carrier Ethernet (CE) Performance Reports 11-2Optical Performance Reports 11-7Performance Reports 11-11Device Reports 11-12Compliance Reports 11-13

Create, Schedule, and Run a New Report 11-14

Customize Report Results 11-15

Report Output Examples: Web GUI Output and CSV File Output 11-15

P A R T 5 Configure Devices

C H A P T E R 12 Configure Devices 12-1

Ways to Configure Devices Using Cisco EPN Manager 12-1

Identify the CLI Commands Used In a Configuration Template 12-2

Check the Status and Results of a Deployed Configuration Template 12-2

Change Basic Device Properties 12-2

Configure Ethernet Interfaces 12-4

Configure Loopback Interfaces 12-4

Configure Tunnel Interfaces 12-5

Configure SwitchPort Interfaces 12-6

Configure Virtual Template Interfaces 12-6

Configure VLAN Interfaces 12-7

Configure a Static Routing Protocol 12-8

Configure an RIP Routing Protocol 12-9

Configure an OSPF Routing Protocol 12-9

Configure an EIGRP Protocol 12-10

Configure ACLs 12-10

Configure EOAM Fault Management and Performance Monitoring on CE Devices 12-10Configure CFM on CE Devices 12-10

CFM Overview 12-11Configure CFM Maintenance Domains and Maintenance Associations (Services) 12-12

viiiCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Perform Connectivity and Performance Checks Using Templates 12-14

Configure QoS on CE Devices 12-20Create a QoS Classification Profile 12-21Create a QoS Action Profile 12-22Check Which QoS Profiles are Configured on a Device 12-26Apply QoS Action Profiles to Multiple Interfaces 12-26

Launch Cisco Transport Controller to Manage Cisco ONS and NCS Devices 12-27

C H A P T E R 13 Create Templates To Automate Device Configuration Changes 13-1

Why Create New Configuration Templates? 13-1

Ways to Create Configuration Templates Using Cisco EPN Manager 13-2

Create a New CLI Configuration Template Using a Blank Template 13-2

Create a New CLI Configuration Template Using An Existing Template 13-3

Entering Variables in a Template 13-4

Import and Export a CLI Configuration Template 13-8

Example: Create a New CLI Configuration Template for Updating Passwords 13-9

Create a New Composite Template 13-10

Apply Templates to Groups of Devices 13-10

Create a Shortcut to Your Templates Using Tags 13-11

Run (Deploy) a Configuration Command on Devices 13-11

P A R T 6 Manage Circuits

C H A P T E R 14 Overview of Circuit/VC Discovery and Provisioning 14-1

Supported Carrier Ethernet VCs 14-1Core Technology for Multipoint EVCs 14-2

E-Line 14-2E-LAN 14-3E-Tree 14-3E-Access 14-3

Supported Network Structure for Provisioning EVCs 14-4

Supported Optical Circuits 14-5Dense Wavelength Division Multiplexing (DWDM) Optical Channel (OCH) Circuit 14-5

Optical Channel Network Connection (OCHNC) 14-5Optical Channel Client Connection (OCHCC) 14-5Optical Channel (OCH) Trail 14-6

Optical Transport Network (OTN) Circuit 14-6

ixCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Optical Channel Data Unit User-to-Network Interface (ODU UNI) 14-6Optical Channel Data Unit (ODU) Tunnel 14-7

Circuit/VC Discovery Overview 14-7

C H A P T E R 15 Provision Circuits/VCs 15-1

Provision EVCs in a Carrier Ethernet Network 15-1Summary of Cisco EPN Manager Carrier Ethernet Provisioning Support 15-1Prerequisites for EVC Provisioning 15-2Create and Provision a New Carrier Ethernet EVC 15-3Create and Provision an EVP-LAN EVC with Multiple UNIs 15-4

Service Details Reference 15-6New UNI Details Reference 15-6UNI Service Details Reference 15-7Service OAM 15-9

Add UNIs (Sites) to an E-LAN or E-Tree EVC 15-10Edit a UNI/Site of an E-LAN/E-Tree EVC 15-11Delete a UNI/Site of an E-LAN/E-Tree EVC 15-11Configure a Device and Interface To Be a UNI 15-12Configure a Device and Interface To Be an ENNI 15-13Create QoS Profiles 15-14

Provision Circuits in an Optical/DWDM Network 15-15Summary of Cisco EPN Manager Optical/DWDM Network Provisioning Support 15-15Prerequisites for Provisioning Optical Circuits 15-16Provision an OCH Circuit 15-16Provision an OTN Circuit 15-17

Circuit Section Reference for OCH Circuit Types 15-19Circuit Section Reference for OTN Circuit Types 15-21Bandwidth and Service Type Value Mapping for ODU UNI Circuits 15-23

Create Circuit/VC Profiles 15-24

Create Customers 15-24

C H A P T E R 16 View and Manage Discovered/Provisioned Circuits/VCs 16-1

View a List of Circuits/VCs 16-1List of Circuits in the Network Topology Window 16-1Expanded Table of Circuits/VCs 16-2

View Circuits/VCs In Which a Specific Device Participates 16-3

Identify and Manage Discovered Circuits/VCs 16-3

View Circuit/VC Details 16-4

xCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Circuit/VC 360 View 16-4Actions You Can Perform from the Circuit/VC 360 View 16-5

Circuit/VC Details Window 16-6Actions You Can Perform from the Circuit/VC Details Page 16-6

Provisioning States for Circuits/VCs 16-7

View a Circuit/VC in the Topology Map 16-7

Display Routes Associated With an Optical Circuit 16-10

Modify a Circuit/VC 16-11

Restore a Circuit (Optical) 16-11

Delete a Circuit/VC 16-12

C H A P T E R 17 Monitor and Troubleshoot Circuits/VCs 17-1

Check Circuits/VCs for Faults 17-1

Identify Which Circuits/VCs are Affected by a Specific Fault 17-2

Use EOAM Templates to Troubleshoot EVCs 17-3

Run a Performance Test on a Circuit/VC 17-4Performance Test for EVCs 17-4Performance Test for Optical Circuits 17-6

View Performance Metrics and Reports for Circuits/VCs 17-6

Trace and Visualize the Full Route of a Circuit (Optical) 17-7Actions You Can Perform from the Multilayer Trace View 17-10

P A R T 6 Administer the Cisco EPN Manager System

C H A P T E R 18 Set Up the Cisco EPN Manager Server 18-1

Server Setup Tasks 18-1

User Management Setup Tasks 18-2

Fault Management Setup Tasks 18-2

Change the Default Home Page for the Web GUI 18-3

Adjust the Admin Dashboard 18-3

C H A P T E R 19 Licenses and Software Updates 19-1

View and Manage Licenses 19-1View Cisco EPN Manager Licenses 19-1Add and Delete Licenses 19-2Move a License to Another Server 19-3

Update the Cisco EPN Manager Software 19-3

xiCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Types of Cisco EPN Manager Software Updates 19-3Check the Current Product Software Version 19-3Enable or Disable Notifications About Available Software Updates 19-4View the Installed Software Updates 19-4Download and Install a Software Update from Cisco.com 19-5

C H A P T E R 20 Backup and Restore 20-1

Backup and Restore Overview and Parameters 20-1What Information is Backed Up? 20-2

Set Up a Remote NFS Backup Repository 20-3

Create or Change the Local Backup Repository 20-4

Perform a Manual Backup 20-4Perform an Application Backup 20-4Perform an Appliance Backup 20-5

Adjust Backup Settings 20-5

Delete a Local Backup Repository 20-6

Restore Cisco EPN Manager Data 20-6Restore an Application Backup 20-6Restore an Appliance Backup 20-7

C H A P T E R 21 Server Health and Configuration 21-1

Set Up Secure Connectivity with HTTPS 21-1Secure Connectivity Concepts 21-1Set Up HTTPS Access to the Server 21-2

Generate and Apply Self-Signed Certificate in Cisco EPN Manager 21-3Generate and Apply a CA-Signed Certificate in Cisco EPN Manager 21-3View Existing Certificates 21-5Delete CA Certificates 21-5

Establish an SSH Session With the Cisco EPN Manager Server 21-5

Set Up NTP on the Server 21-6

Set Up the Cisco EPN Manager Proxy Servers 21-6

Set Up the SMTP E-Mail Server 21-7

Set Up FTP/TFTP on the Server 21-7

Create a Login Banner (Login Disclaimer) 21-8

Control SNMP Traps That Indicate System Problems 21-8

Get Server and VM Configuration and Health Information 21-10

Check the API Service Health 21-11

xiiCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Stop and Restart Cisco EPN Manager 21-11

Adjust Server SNMP Settings for Communication with Devices 21-11

Manage Administrative Passwords 21-12

Improve the Cisco EPN Manager Server’s Performance 21-14

Respond to Cisco EPN Manager Internal SNMP Traps 21-16

Set Up Defaults for Cisco Support Requests 21-17

C H A P T E R 22 Data Collection and Background Tasks 22-1

Check Data Purging Settings 22-1

Adjust When Server Data Is Collected 22-4

C H A P T E R 23 User Permissions and Device Access 23-1

Cisco EPN Manager User Interfaces and Transitioning Between Them 23-1

Types of Users in Cisco EPN Manager 23-3

Enable and Disable root Access for the CLI and Web GUI 23-4

Control the Actions Users Can Perform 23-5

Add Users and Manage User Accounts 23-8Create Web GUI Users with Administrator Privileges 23-8Add and Delete User Accounts 23-9Disable (Lock) a User Account 23-9Change a User’s Password 23-10

View User and User Group Audits and Active User Sessions 23-10

Configure Global User Permissions (Jobs, Timeouts, Password Policies) 23-11

Control User Access to Devices Using Virtual Domains 23-12What Are Virtual Domains? 23-12How Virtual Domains Affect Cisco EPN Manager Features 23-13Create and Edit Virtual Domains 23-14Assign and Unassign Virtual Domains from a User Account 23-15Adjust and Delete Virtual Domains 23-15

Configure AAA 23-16Add the RADIUS, TACACS+, or SSO Server 23-16Configure AAA Mode 23-17

C H A P T E R 24 Fault Management Administration Tasks 24-1

Event Receiving, Forwarding, and Notifications 24-1Configure Default Settings for E-Mail Notifications 24-2Forward Alarms and Events in SNMP Trap Format 24-2

xiiiCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Configure SNMP Trap Notifications and Notification Receivers 24-2

Configure Global Default Behavior for Alarms and Events 24-3

Troubleshoot Fault Processing Errors 24-4

Get Help from the Cisco Support Community and Technical Assistance Center (TAC) 24-5Configure Technical Support Request Settings 24-5Open a Cisco Support Case 24-6Join the Cisco Support Community 24-6

C H A P T E R 25 Audits and Logs 25-1

Audit Configuration Archive and Software Management Changes (Network Audit) 25-1

Audit Changes Made By Users (Change Audit) 25-1

Audit Actions Executed from the GUI (System Audit) 25-3

System Logs 25-3View and Manage General System Logs 25-4Enable SNMP Traces and Adjust SNMP Log Settings (Levels, Size) 25-5

C H A P T E R 26 High Availability 26-1

How High Availability Works 26-1

Register the Secondary Server on the Primary Server 26-3

Configure an SSO Server in High Availability Environment 26-4

Launch the Health Monitor 26-5

Trigger Failover 26-5Failover Scenarios 26-6

Network is Down 26-6Process Restart Fails 26-7Primary Server Restarts During Synchronization 26-7Secondary Server Restarts During Synchronization 26-7Both HA Servers Are Down 26-7

Trigger Failback 26-8

Respond to a Split Brain Scenario 26-8

Check High Availability States, Transitions, and Events 26-9

High Availability CLI Command Reference 26-11

Reset the Authentication Key 26-12

Using HA Error Logging 26-12

Reset the Server IP Address or Host Name 26-12

P A R T 7 Appendixes

xivCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

A P P E N D I X A Best Practices: Harden Your Cisco EPN Manager Security A-1

Cisco EPN Manager Security Hardening Overview A-1

Harden the Cisco EPN Manager Web Server A-2Use HTTPS for Secure Connectivity A-2Set Up Certificated-Based Authentication for Clients A-2Enable OCSP Settings on the Server A-3

Harden the Cisco EPN Manager Server A-4Disable Insecure Ports and Services A-4Use SNMPv3 to Harden Communication Between Cisco EPN Manager and Devices A-5Set Up User Authentication A-6Disable Accounts Not Needed for Day-to-Day Operations A-7Harden NTP A-7

Harden Your Cisco EPN Manager Storage A-8

A P P E N D I X B Icon Reference B-1

Device Type Icons B-1

Optical Circuit Overlay Icons B-3

Link Characteristics B-5

Severity Icons and Colors B-6

Network Topology Toolbar Buttons B-7

Multilayer Trace Icons B-8

A P P E N D I X C Monitoring Policies Reference C-1

Reference—Basic Monitoring Policies C-1

Reference—Carrier Ethernet Monitoring Policies C-2

Reference—Optical Monitoring Policies C-4

A P P E N D I X D User Groups Reference D-1

Admin Menu String Task D-2

Administrative Operations D-2

Alerts and Events D-3

Background Ajax Call (License Check) D-3

Configure Menu String Task D-4

Feedback and Support Tasks D-4

Groups Management D-4

Help Menu String Task D-4

Home Menu String Task D-4

xvCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Contents

Job Management D-5

Monitor Menu String Task D-5

Network Configuration D-5

Network Discovery D-6

Network Monitoring D-7

Network Provisioning Tasks D-7

Northbound Interface (NBI) Tasks D-8

Reports D-8

Reports Menu String Task D-9

Search Widget String Task D-9

Software Image Management D-9

Software Updates UBF Upload D-9

User Administration D-10

xviCisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


P A R T 1

Get Started with Cisco EPN Manager

• Get Started With Cisco EPN Manager


Cisco Evolved Programmable N

C H A P T E R 1

Get Started With Cisco EPN Manager

Note If you are an administrator and need to set up Cisco EPN Manager for its initial use, see Server Setup Tasks.

• Setup Tasks That Should Be Completed Before Using Cisco EPN Manager

• Log In and Out

• Change Your Password

• Set Up and Use the Dashboards

• Add a New Dashlet To An Existing Dashboard

• Create a Generic Dashlet to Monitor Performance Information

• Add a New Dashboard to the Cisco EPN Manager GUI

• Find Out Why Data Is Missing from a Dashboard

• Adjust Your GUI Idle Timeout and Other Settings

• Work In a Different Virtual Domain

• Extend Cisco EPN Manager Functions

• Check the Documentation for More Information

Setup Tasks That Should Be Completed Before Using Cisco EPN Manager

Before you can use the Cisco EPN Manager features, these tasks should be completed by an administrator:

Tasks to completed before using Cisco EPN Manager For information, see:

Set up and configure the Cisco EPN Manager server Set Up the Cisco EPN Manager Server

Add devices to Cisco EPN Manager and create device groups to simplify device and network management

Add and Organize Devices

1-1etwork Manager 1.1 User and Administrator Guide


Chapter 1 Get Started With Cisco EPN Manager Log In and Out

Log In and OutTo log into the Cisco EPN Manager GUI, enter the following in your web browser address field, where cepnm-server-ip is the IP address of the Cisco EPN Manager server:

https://cepnm-server-ip

Depending on your network configuration, the first time your browser connects to the Cisco EPN Manager web server, you may have to update your client browser to trust the server’s security certificate. This ensures the security of the connection between your client and the Cisco EPN Manager web server.

To log out, click at the top right of the Cisco EPN Manager window and choose Log Out.

For information on Cisco EPN Manager users and the actions they can perform, see:

• Cisco EPN Manager User Interfaces and Transitioning Between Them—Describes all classes of users supported by Cisco EPN Manager, including the CLI root and admin users, and the web root and admin users.

• View Cisco EPN Manager User Groups and Members—Describes the user group mechanism which allows you to control the functions that everyday web GUI users can perform. What you can see and do in the user interface is controlled by your user account privileges. That topic also describes the virtual domain mechanism, which manages Role-Based Access Control (RBAC) for devices.

Change Your PasswordYou can change your password at any time by clicking at the top right of the Cisco EPN Manager window and choosing Change Password. Click the information icon to review the password policy.

Enable monitoring for interfaces and technologies used by the network (such as Carrier Ethernet and Optical)

Monitor Device and Network Health and Performance

Customize alarm and event behavior for your deployment (for example, alarm and event refresh rates and e-mail and trap receivers).

Which Events Are Supported?

Tasks to completed before using Cisco EPN Manager For information, see:

1-2Cisco Evolved Programmable Network Manager 1.1 User and Administrator Guide


Chapter 1 Get Started With Cisco EPN Manager Use the Main Window Controls

Use the Main Window ControlsThe following figure shows controls on the left side of the Cisco EPN Manager title bar.

When you click on the left side the title bar, the sidebar menu expands and collapses.

Toggle Navigation—Opens the main Cisco EPN Manager navigation menu on the left (also called the left sidebar menu)

Note Use this toggle to open the left sidebar menu (see the following illustration).

Home—Returns you to the home page (normally the Overview Dashboard)




The left side of the title bar shows your user name and the virtual domain you are working in. A virtual domains are logical groupings of devices. Virtual domains are used to control who has access to devices and areas of the network. To switch between virtual domains that are assigned to you, see Work In a Different Virtual Domain.

When you click at the right of the title bar, the window settings menu opens.

Finally, the Alarm Summary gives you a visual indicator of how many alarms are in your network. The color indicates the highest severity alarm.

\

Cisco EPN Manager settings—Log out, change password, view your Cisco.com account profile, adjust your GUI preferences, check a Cisco.com support case, launch online help

Alarm Summary—Provides a visual count of alarms in the categories you specify. Clicking this area opens the Alarm Summary pop-up window.




When you click the Alarm Summary button (circled in the following figure), Cisco EPN Manager opens the Alarm Summary pop-up window. You can customize the data that is displayed in both the button and the pop-up window. In this example, the button displays a count for Switches and Hubs and System alarms, and the Alarm Summary pop-up to show all of the alarm categories listed in the following illustration.



Chapter 1 Get Started With Cisco EPN Manager Set Up and Use the Dashboards

Set Up and Use the Dashboards

Note For information on the Admin Dashboard, see Set Up the Cisco EPN Manager Server.

When you connect to the Cisco EPN Manager web GUI, Cisco EPN Manager displays the Network Summary Dashboard. Administrators can adjust Cisco EPN Manager so that it defaults to the network topology display (Maps > Network Topology) or the Overview dashboard (Dashboards > Overview). The default home page is a system-wide setting; it cannot be customized per user. To change the landing page from its default, see Adjust the Admin Dashboard.

What Are Dashboards and Dashlets?

When you log into Cisco EPN Manager, it displays the Network Summary dashboard. Dashboards display at-a-glance information about the most important data in your network—status and alerts, monitoring data, and reporting information. A quick scan of a dashboard lets you know if anything needs attention.

Dashlets are the sub-areas that provide metrics using graphs, pie charts, and text. Cisco EPN Manager provides a variety of dashlets that can provide you with information about device and interface health, performance statistics, and alarms and events. You can also create a generic dashlet if none of the system-supplied dashlets meet your needs.

Both dashboards and dashlets can be customized.

Set Up Your Dashboards

The first time you log into Cisco EPN Manager, you will need to set up your dashboards. The following table provides a brief overview of the dashboards.

For some of the dashboards, you will be prompted to select the network elements you want to monitor. For example, when you first open the Performance Dashboard, Cisco EPN Manager prompts you to select a device and interface. (For more information on customizing your dashboards, see Set Up the Performance Dashboard and Add a New Dashlet To An Existing Dashboard).

If you want to view:Use this dashboard: Examples of what the dashboard provides

Data that represents the network as a whole

Overview Dashboard

Summary information about recent alarms and network devices (reachability trends, device types, software types, and interface statistics). Can include a minimized view of the network topology (map).

Data for a set of devices and interfaces

Network Summary Dashboard

Alarm types with their counts, most common events and alarms.

Devices with the highest utilization and memory usage, environmental temperatures; availability.

Interfaces with the highest utilization.

Data for a specific device or interface

Performance Dashboard

A single device’s alarms, events, temperature, reachability history, memory and CPU utilization, Quality of Service (QoS) information.



Chapter 1 Get Started With Cisco EPN Manager Set Up and Use the Dashboards

The data you can view is controlled by the virtual domain you are using. Virtual domains are logical groupings of devices and are used to control who has access to specific sites and devices. The domain you are working in is displayed at the top right of the Cisco EPN Manager window next to your user name. To switch between virtual domains that are assigned to you, see Work In a Different Virtual Domain.

The following figure illustrates the different parts of dashboards and the controls you can use to customize them.

1 Dashboard filter—Filters all data in the dashboard (according to time, in this example)

2 Metric dashlet—Provides metrics for active alarms, available devices, and so forth

3 Dashboard settings menu, which provides the following controls:

• Dashboards—Add, rename, delete, filter, export, set refresh rate for dashboard

• Dashlets—Add, rename, delete, and filter

4 Standard dashlets—Provides at-a-glance data about health and performance; you can adjust which dashlets appear on a dashboard



Chapter 1 Get Started With Cisco EPN Manager Set Up the Performance Dashboard

At the top right of each dashlet is a set of dashlet tools. These tools become active when you use the dashlet. Use these tools to edit, get help, refresh, maximize, minimize, and close the dashlet. The dashlet type determines which tools are displayed.

Some dashboards provide toggles that let you manipulate the information, as shown in the following illustration.

Set Up the Performance DashboardUse the Performance dashboard to get deep-dive information on a specific device or interface—alarms, events, temperature, reachability history, memory and CPU utilization, Quality of Service (QoS), and so forth.

You must set up the performance dashboard the first time you use it. For example, when you click Dashboard > Performance, choose an interface by clicking the Interface drop-down list. You will see a pop-up Interface window similar to the following. When you click the right arrow, you can choose a specific interface. From there you can select a specific time frame and add more dashlets to the dashboard. See Add a New Dashlet To An Existing Dashboard.

1 Chart and table toggle—Toggles between a chart display and tabular display

2 Chart fill options—Adds fill patterns to charts

3 Export and print



Chapter 1 Get Started With Cisco EPN Manager Add a New Dashlet To An Existing Dashboard

Add a New Dashlet To An Existing DashboardCisco EPN Manager provides a set of system -defined dashlets to provide the most commonly-sought data. By default, a subset of dashlets are already included in the dashboards to help you get started. This topic explains how to add a new dashlet. You can also edit and remove dashlets using the dashlet tools at the top right of any dashlet.

Performance Dashboards also support generic dashlets. If none of the system-defined performance dashlets provide the data you need, you can create a customized dashlet using the generic dashlet template. See Create a Generic Dashlet to Monitor Performance Information.

Step 1 Review Table 1-1 and:

a. Decide which dashlets you want to add.

b. For dashlets that require data provided using a specified monitoring policy, make sure the policy is enabled. See Check What Cisco EPN Manager Is Monitoring.

Step 2 Choose Dashboards, then select the dashboard to which you want to add a dashlet.

Step 3 Click Settings at the top right of the dashboard, then choose Add Dashlets. The dashlets list that is displayed depend on which dashboard you are using; for example, the Interface In and Out dashlet can only be added to the Performance dashboard. A complete list of dashboards is provided in Table 1-1..Hover over the dashlet name to see how the dashlet looks and what information it provides.




Step 4 Click Add to add the selected dashlet to the dashboard.

Table 1-1 lists the dashlets you can add to the Overview, Network Summary, and Performance Dashboards, along with the data sources for each dashlet. If you want to add a dashlet that uses a monitoring policy, you must make sure the policy is enabled. To verify that the required monitoring policy is enabled, see Check What Cisco EPN Manager Is Monitoring.

Table 1-1 Dashlet Types

Dashboard Dashlets Data Sources/Monitoring Policies

Overview Dashboard

General Recent Alarms SNMP Polling - Device Health?

Device Unavailability SNMP Polling - Device Health?

Device Availability Summary Inventory, SNMP polling, Device Health monitoring policy

Device Uptime Inventory

Network Device Summary Inventory

Interface Statistics SNMP polling, Interface Health monitoring policy

Interface Statistics Summary Inventory

Network Topology Inventory

Software Summary Inventory




Network Summary Dashboard

Utilization Top N CPU Utilization SNMP polling, Device Health monitoring policy

Top N CPU Utilization Trend SNMP polling, Device Health monitoring policy

Top N Memory Utilization1 SNMP polling, Device Health monitoring policy

Top N Memory Utilization Trend1 SNMP polling, Device Health monitoring policy

Top N Environmental Temperature SNMP polling, Device Health monitoring policy

Alarms Alarm Summary Device traps, device syslogs, SNMP polling

Top N Alarm Types Device traps, device syslogs, SNMP polling

Events Top N Event Types Device traps, device syslogs, SNMP polling

Syslog Summary Device syslogs, SNMP polling, Interface Health monitoring policy

Devices Device Reachability Status Device Health monitoring policy

Interfaces Device Count (metric) Device Health monitoring policy

Unreachable Devices (metric) Device Health monitoring policy

Manageability Status (metric) Device Health monitoring policy

Interface Availability Summary Interface Health monitoring policy

Interface Utilization Summary Interface Health monitoring policy

Interface Utilization - Transmitted (Tx)

Interface Health monitoring policy

Interface Utilization - Received (Rx)

Interface Health monitoring policy

Performance Devices Device Availability Trend SNMP polling, Device Health monitoring policy

Device CPU Utilization Trend SNMP polling, Device Health monitoring policy

Device Health Information Device traps, device syslogs, SNMP polling, Device Health monitoring policy

Device Memory Utilization Trend SNMP polling, Device Health monitoring policy

Device Port Summary Inventory

Generic Dashlet (Depends on the data you want to display)

Interfaces Top N Interfaces by Netflow Netflow traffic

QoS Class Map Statistics SNMP polling, Quality of Service monitoring policy, Interface Health monitoring policy

Top QoS Class Map Statistics Trend SNMP polling, Quality of Service monitoring policy, Interface Health monitoring policy

Interface Details SNMP polling, Interface Health monitoring policy

Interface In and Out Errors SNMP polling, Interface Health monitoring policy

Interface In and Out Discards SNMP polling, Interface Health monitoring policy

Interface Tx and Rx Utilization SNMP polling, Interface Health monitoring policy

1. If a device has multiple memory pools, this dashlet will display an entry for each memory pool. However the Device will display the average utilization for all of the device’s memory pools. See Get A Quick Look at a Device: Device 360 View.

Table 1-1 Dashlet Types (continued)

Dashboard Dashlets Data Sources/Monitoring Policies



Chapter 1 Get Started With Cisco EPN Manager Create a Generic Dashlet to Monitor Performance Information

Create a Generic Dashlet to Monitor Performance InformationIf none of the system-defined performance dashlets display the information you need, you can create a generic dashlet. To add a generic dashlet, follow these steps:

1. Find out if the performance data you need can be collected using any of the system-defined monitoring policies.

– If an existing monitoring policy can collect the data, you may need to enable the collection.

– If none of the existing policies can collect the data, you need to create a new monitoring policy that polls the network for the data you need.

See Monitor New Information By Creating a New Monitoring Policy for information on how to perform those tasks.

2. Create a generic performance dashlet and add the collected information to it.

Follow this procedure to add a generic dashlet to the Performance dashboard:

Step 1 Identify the monitoring policy (also called a monitoring template) that will collect the data you need. See Monitor New Information By Creating a New Monitoring Policy.

Step 2 Choose Dashboards > Performance, then click the Device tab.

Step 3 Click Settings at the top right of the dashboard, then choose Add Dashlets.

Step 4 Expand the Device Dashlets list.

Step 5 Locate Generic Dashlet, then click Add. Cisco EPN Manager adds a blank generic dashlet to the Performance dashboard.

Step 6 Configure the dashlet. At a minimum:

• Enter a meaningful title in the Dashlet Title field.

• Click Override Dashboard Time Filter if you do not want to use time filters that are applied to all of the dashlets in the dashboard.



Chapter 1 Get Started With Cisco EPN Manager Add a New Dashboard to the Cisco EPN Manager GUI

• For Type, select table or graph. (Regardless of your choice, Cisco EPN Manager will display a toggle at the bottom of the dashlet that allows you to change the format.)

• Policy Name—Select the monitoring policy that will collect the data for this dashlet. (See Step 1).

Step 7 Click Save.

Add a New Dashboard to the Cisco EPN Manager GUIUse this procedure to create a new dashboard. Launch this operation from a dashboard that is similar to the one you want to create. In other words, you cannot create a new Performance dashboard if you launch this operation from a Network Summary dashboard.

Step 1 At the top right of the Cisco EPN Manager window, click Settings, then Add New Dashboard.

Step 2 Enter a name for the new dashboard, then click Apply.

Step 3 Choose the new dashboard and add dashlets as described in Add a New Dashlet To An Existing Dashboard.

Find Out Why Data Is Missing from a DashboardIf data is missing from a dashboard, try the following:

• Check whether monitoring is enabled for the data you seek. Hover your mouse over the dashlet’s information icon (the question mark) and identify the policy being used (for example, Device Health, Interface Health, Quality of Service). Then go to Monitor > Monitoring Policies > My Policies and check the polling settings for that policy. You should also check if the device is included in the device list for the policy.

• Check whether the data is filtered. If Edited is displayed next tot he dashlet name, click the Dashlet Options and adjust the settings.

• Check whether there is a problem with the device. See Get A Quick Look at a Device: Device 360 View.

Adjust Your GUI Idle Timeout and Other SettingsYou can customize the GUI display settings that control the idle logout, the size of lists displayed in the web GUI, the alarms you want to display in the fault tables, and so forth. For the settings that apply to fault management, see Which Events Are Supported?.

Step 1 Click at the top right of the Cisco EPN Manager window, then choose My Preferences.

Step 2 Under List Pages, choose how many items you want to list per page. (Remember that numbers can impact performance.)



Chapter 1 Get Started With Cisco EPN Manager Work In a Different Virtual Domain

Step 3 Under User Idle Timeout, adjust the point at which Cisco EPN Manager should log you out due to inactivity. By default, your setting is the same as the global setting, which is controlled by the system administrator. You can override the global setting in your preferences but, for security purposes, you cannot exceed it. For example, if the global setting is 15 minutes, you can configure your User Idle Timeout to be 15 minutes or less.

Step 4 Click Save.

For information on setting your preferences for fault and alarm functions, refer to Which Events Are Supported?.

Work In a Different Virtual Domain Virtual domains are logical groupings of devices and are used to control your access to specific sites and devices. Virtual domains can be based on physical sites, device types, user communities, or any other designation the administer chooses. All devices belong to ROOT-DOMAIN, which is the parent domain for all new virtual domains. For more information about virtual domains, see Control User Access to Devices Using Virtual Domains.

If you are allowed access to more than one virtual domain, you can switch to a different domain as follows.

Step 1 Click at the top right of the Cisco EPN Manager window.

Step 2 Choose DOMAIN:current-domain. The row changes to a drop-down list.

Step 3 Choose a different domain from the drop-down list, and Cisco EPN Manager immediately changes your working domain.

Extend Cisco EPN Manager FunctionsAdvanced users can extend Cisco EPN Manager using the following tools:

• Cisco Evolved Programmable Network Manager MTOSI API to integrate Cisco EPN Manager with your operations support system (OSS). For more information, see the Cisco Evolved Programmable Network Manager MTOSI API Guide for OSS Integration.

• Cisco Evolved Programmable Network Manager REST API to manage additional administrative operations.

• Click at the top right of the Cisco EPN Manager, then choose EPN REST API.


http://www.cisco.com/c /en/us/td/docs/net_mgmt/epn_manager/MTOSI_OSS/CiscoEvolvedProgrammableNetworkManager_1_1_MTOSI_OSS_IntegrationGuide.pdfhttp://www.cisco.com/c/dam/en/us/td/docs/net_mgmt/epn_manager/MTOSI_OSS/CiscoEvolvedProgrammableNetworkManager_1_1_MTOSI_OSS_IntegrationGuide.pdfhttp://www.cisco.com/c/dam/en/us/td/docs/net_mgmt/epn_manager/MTOSI_OSS/CiscoEvolvedProgrammableNetworkManager_1_1_MTOSI_OSS_IntegrationGuide.pdfhttp://www.cisco.com/c/dam/en/us/td/docs/net_mgmt/epn_manager/MTOSI_OSS/CiscoEvolvedProgrammableNetworkManager_1_1_MTOSI_OSS_IntegrationGuide.pdf


Chapter 1 Get Started With Cisco EPN Manager Check the Documentation for More Information

Check the Documentation for More InformationRefer to the Cisco Evolved Programmable Network Manager 1.1 Documentation Overview for information about and links to all of the documentation that is provided with Cisco EPN Manager.

Note We sometimes update the documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.


http://www.cisco.com/c/en/us/td/docs/net_mgmt/epn_manager/1_1/documentation/guide/Cisco_Evolved_Programmable_Network_Manager_1_1_Documentation_Overview.html


Chapter 1 Get Started With Cisco EPN Manager Check the Documentation for More Information



P A R T 2

Manage the Inventory

• Add and Organize Devices

• View Device Details

• Manage Device Configuration Files

• Manage Device Software Images


Cisco Evolved Programmable N

C H A P T E R 2

Add and Organize Devices

• How Often Is Inventory Collected?

• Configure Devices So They Can Be Modeled and Monitored

• Apply Device Credentials Consistently Using Credential Profiles

• Add Devices to Cisco EPN Manager

• Validate Added Devices and Troubleshoot Problems

• Export Device Information to a CSV File

• Create Device Groups for Easier Management and Configuration

• Find Devices With Inventory Collection ProblemsDelete Devices

How Often Is Inventory Collected?After devices are added and discovered, Cisco EPN Manager performs inventory collection in the following manner.

• On a daily basis (by default). Users with Administrator privileges can check when inventory is collected by choosing Administration > Settings > Background Tasks and clicking the Switch Inventory hyperlink.

• In response to configuration change events from devices (event-based inventory updates). When Cisco EPN Manager receives an incoming change event, it waits 10 minutes before starting collection in case there are more incoming events. This prevents multiple collection processes from running at the same time.

Note If you want Cisco EPN Manager to respond more quickly to configuration change events, choose Administration > Settings > System Settings > Inventory and change the Hold Off Timer setting. By default the Hold Off Timer is set to 10 minutes.

After a device is added, Cisco EPN Manager performs these tasks on a regular basis:

• SNMP device reachability checks with the device, using the settings specified in the system (Administration > Settings > System Settings > SNMP Settings).

• Basic monitoring for device CPU and memory utilization and operational status, using the monitoring policy settings specified in the system (Monitoring > Monitoring Policies > Automonitoring). These tasks can be checked by users with Administrator privileges by choosing Administration > Settings > Background Tasks.

2-1etwork Manager 1.1 User and Administrator Guide


Chapter 2 Add and Organize Devices Configure Devices So They Can Be Modeled and Monitored

Configure Devices So They Can Be Modeled and Monitored• Required Settings for Cisco IOS, Cisco IOS XE

• Required Settings for Cisco IOS XR Devices

• Required Settings for Syslogs

• Required Configuration for IPv6 Devices

Required Settings for Cisco IOS, Cisco IOS XE

snmp-server community public-cmty ROsnmp-server community private-cmty RWsnmp-server ifindex persist

Do not change the device's default packet size (which 1500 bytes). SNMP requests are sent in bulk by default. A small packet size could result in truncated responses.

This setting disables domain lookups (which can cause Telnet command delays):

no ip domain-lookup

Required Settings for Cisco IOS XR Devices

domain ipv4 host server_name server_IPtelnet ipv4 server max-servers no-limit (see Cisco NCS 4000 Device Example)snmp-server community community_name SystemOwnersnmp-server community community_name ROsnmp-server entityindex persist

snmp-server ifindex persist

vty-pool default 0 99

xml agent tty

netconf agent tty

Do not change the device's default packet size (which 1500 MB). SNMP requests are sent in bulk by default. A small packet size could result in truncated responses.

In addition to the required settings, you must follow these guidelines:

• Install the Cisco IOS XR Manageability Package (MGBL) on top of the Cisco IOS XR version. You can get information on this package from the release notes for your Cisco IOS XR version.

• Use the device login user that is a member of group root-system and cisco-support.

• User should use the admin user unique Telnet login user@admin (and also be a member of groups root-system and cisco-support).

• The devices must have one of the following SNMP community privileges: SDROwner, SystemOwner or the default (which means no specific level was specified). You may configure this as needed, using the following guidelines.

snmp-server community [clear | encrypted] community-string [view view-name] [RO | RW] [SDROwner | SystemOwner] [access-list-name]



Chapter 2 Add and Organize Devices Configure Devices So They Can Be Modeled and Monitored

The snmp-server command takes the following arguments.

Cisco NCS 4000 Device Requirements

These are requirements for Cisco NCS 4000 devices:

• Make sure the MPLS package is installed.

• Enable performance management on all ODU controllers:

controller oduX R/S/I/Pper-mon enable

• Enable performance management for TCM:

tcm id {1-6}perf-mon enable

• Make sure that ODU subcontrollers are configured on the Cisco NCS 4000 device, if you plan to create an open-ended ODU UNI circuit. For more information about the open ended ODU UNIs and how to configure ODU subcontrollers on Cisco NCS 4000 devices, see Open Ended ODU UNI.

If you plan to launch Cisco Transport Connection from the Cisco NCS 4000 device, you must also configure the HTTP/HTTPS server using the http server or http server ssl command.

Cisco NCS 4000 Device Recommendations

If you notice any performance issues because multiple Cisco NCS 4000 devices are simultaneously sending information, increase the number of Telnet sessions per second:

cinetd rate-limit 100

Argument Description

[clear | encrypted] community-string Specifies the community-string command format and how it should be displayed in the show running command output:

• clear — community-string is clear text and should be encrypted when displayed by show running

• encrypted — community-string is encrypted text and should be displayed as such by show running

[view view-name] Specifies the previously-defined view view-name which defines the objects available to the community

[SDROwner | SystemOwner] Controls what Cisco EPN Manager users can see in web GUI:

• SDROwner—Limits access to the Service Domain Router (SDR) owner. In other words, user will be able to view SDR owner modules and ports and SDR child modules. But the user will not be able to see the contents under SDR child modules and utility cards, such as fans, power supplies, and so forth.

• SystemOwner—Does not limit access. Users will be able to see the entire physical inventory (including utility cards) in the web GUI.

[access-list-name] List that contains IP addresses that are allowed to use community-string to access the SNMP agent.



Chapter 2 Add and Organize Devices Apply Device Credentials Consistently Using Credential Profiles

Cisco NCS 4000 Device Example

You can also configure Telnet using the VRF option, with no timeout:

telnet vrf default ipv4 server max-servers 1-100>vty-pool default 0 99 line-template defaultline defaultexec-timeout 0 0

Required Settings for Syslogs

Required Configuration for IPv6 Devices

If you want to access a device that uses IPv6 addresses, configure the IPv6 address and static route on the Cisco EPN Manager server (virtual machine) by performing these steps:

1. Remove the ipv6 address autoconfig from the interface.

2. Configure the IPv6 address on the Cisco EPN Manager server.

3. Add a static route to the Cisco EPN Manager server.

Apply Device Credentials Consistently Using Credential ProfilesCredential profiles are collections of device credentials for SNMP, Telnet/SSH, HTTP, and TL1. When you add devices, you can specify the credential profile the devices should use. This lets you apply credential settings consistently across devices.

Device OS Required Setting for Syslogs

Cisco IOSCisco IOS XECisco IOS XR

logging server_IPlogging onlogging trap informational

Required if the device has a management IP address (interface_name is the active management IP address):

logging source-interface interface_name

Cisco IOSCisco IOS XE

logging buffered 64000 informationallogging event link-status default

Cisco IOS XR logging facility local 7logging events level informationallogging buffered

Note The range indicates the minimum of 307200 and maximum of 125000000 log messages that can be stored on the device

logging events link-status software-interfaces

If the device was added using its virtual IP address (for example, a Cisco NCS 4000 device), configure it as follows:

ipv4 virtual address use-as-src-addr



Chapter 2 Add and Organize Devices Apply Device Credentials Consistently Using Credential Profiles

If you need to make a credential change, such as changing a device password, you can edit the profile so that the settings are updated across all devices that use that profile.

To view the existing profiles, choose Inventory > Device Management > Credential Profile.

Create a New Credential ProfileUse this procedure to create a new credential profile.

Step 1 Select Inventory > Device Management > Credential Profiles.

Step 2 If an existing credential profile has most of the settings you need, select it and click Copy. Otherwise, click Add.

Step 3 Enter a profile name and description. If you will have many credential profiles, make the name and description as informative as possible because that information will be displayed on the Credential Profiles page.

Step 4 Enter the credentials for the profile. When a device is added or updating using this profile, the content you specify here is applied to the device.

Note The SNMP read community string is required.

Step 5 Click Save Changes.

You can now use this profile when adding devices as described in Add Devices to Cisco EPN Manager.

Apply a New or Changed Profile to Existing DevicesUse this procedure to perform a bulk edit of devices and change the credential profile the devices are associated with. This operation overwrites any existing association between a device and a credential profile. You can also use this operation to synchronize device configurations with the new settings.

Note Make sure the profile’s credential settings are correct before following this procedure and selecting Update and Sync. That operation will synchronize the devices with the new profile.

Step 1 Configure the credential profile using one of these methods:

• Create a new credential profile by choosing Inventory > Device Management > Credential Profiles, and clicking Add.

• Edit an existing profile by choosing Inventory > Device Management > Credential Profiles, selecting the profile, and clicking Edit.

Step 2 When you are satisfied with the profile, choose Inventory > Device Management > Network Devices.

Step 3 Filter and select all of the devices you want to change (bulk edit).

Step 4 Click Edit, and select the new credential profile from the Credential Profile drop-down list.



Chapter 2 Add and Organize Devices Add Devices to Cisco EPN Manager

Step 5 Save your changes:

• Update saves your changes to the Cisco EPN Manager inventory without changing them on the physical device

• Update and Sync writes the changes to the physical device and saves them in the Cisco EPN Manager inventory.

Delete a Credential ProfileThis procedure deletes a credential profile from Cisco EPN Manager. If the profile is currently associated with any devices, you must disassociate them from the profile.

Step 1 Check whether any devices are using the profile.

a. Go to Inventory > Device Management > Credential Profiles.

b. Select the credential profile to be deleted.

c. Click Edit, and check if any devices are listed on the Device List page. If any devices are listed, make note of them

Step 2 If required, disassociate devices from the profile.

a. Go to Inventory > Device Management > Network Devices.

b. Filter and select all of the devices you want to change (bulk edit).

c. Click Edit, and choose --Select-- from the Credential Profile drop-down list.

d. Disassociate the devices by clicking OK in the warning dialog box.

Step 3 Delete the credential profile by choosing Inventory > Device Management > Credential Profiles, selecting the profile, and clicking Delete.

Add Devices to Cisco EPN ManagerCisco EPN Manager uses device, location, and port groups to organize elements in the network. When you view devices in a table or on a map (network topology), the devices are organized in terms of the groups they belong to. When a device is added to Cisco EPN Manager, it is assigned to a group named Unassigned Group. You can then move the device into the desired groups as described in Create Device Groups for Easier Management and Configuration.

Supported Methods for Adding Devices See:

Add multiple devices by discovering the neighbors of a seed device using:

Add Devices Using Discovery.

• Ping sweep and SNMP polling (Quick Discovery) • Run Quick Discovery

• Customized protocol, credential, and filter settings (useful when you will be repeating the discovery job)

• Run Discovery with Customized Discovery Settings




These topics provide examples of how to add a Carrier Ethernet and an Optical device to Cisco EPN Manager:

• Example: Adding an Cisco NCS 2000 or 4000 Series Device

• Example: Adding a Network Element as an ENE Using Proxy Settings

Add Devices Using DiscoveryYou can discover your devices using:

• Ping sweep from a seed device (Quick Discovery). The device name, SNMP community, seed IP address and subnet mask are required.

• Configuring discovery settings—This method is recommended if you want to specify settings and rerun discovery in the future using the same settings. See Run Discovery with Customized Discovery Settings.

When Cisco EPN Manager performs discovery, it uses ICMP ping to determine if the device is reachable, then verifies the SNMP credentials. Depending on your settings, it then verifies the Telnet or SSH credentials and starts collecting the inventory data. Finally it adds the device to Cisco EPN Manager.

Note When Cisco EPN Manager verifies a device’s SNMP read-write credentials, the device log is updated to indicate that a configuration change by Cisco EPN Manager (identified by its IP address).

Run Quick Discovery

Use this method when you want to perform a ping sweep using a single seed device. Only the device name, SNMP community, seed IP address and subnet mask are required. If you plan to use the configuration management features, you must provide the protocol, user name, password, and enable password.

Before You Begin

See Configure Devices So They Can Be Modeled and Monitored to make sure your devices are configured correctly.

Step 1 Choose Inventory > Device Management > Discovery, then click the Quick Discovery link at the top right of the window.

Step 2 At a minimum, enter the name, SNMP community, seed IP address, and subnet mask.

Step 3 Click Run Now to run the job immediately, or Save to save your settings and schedule the discovery to run later.

Add multiple devices using the settings specified in a CSV file Import Devices Using a CSV File.

Add a single device (for example, for a new device type) Add Devices Manually (New Device Type or Series)

Supported Methods for Adding Devices See:




Run Discovery with Customized Discovery Settings

Use this method if you want to customize the discovery settings and rerun discovery at a later time. Cisco EPN Manager discovers devices with IPv4 addresses.

Before You Begin


Step 1 Choose Inventory > Device Management > Discovery, then click the Discovery Settings link at the top right of the window.

Step 2 In the Discovery Settings pop-up, click New, as shown in the following figure.

Step 3 Enter the settings; see Table 2-1.

Step 4 Click Run Now to run the job immediately, or Save to save your settings and schedule the discovery to run later.

To check the status, see Validate Added Devices and Troubleshoot Problems

Table 2-1 Discovery Settings

Field Description

Protocol Settings

Ping Sweep Module Pings a range of IP addresses and adds any devices that respond to the ping. Specify a seed device IP address and subnet mask to specify a range of IP addresses.

Layer 2 Protocols

Cisco Discovery Protocol Gathers the current and neighboring devices from CDP-enabled device. To include neighboring routers, check the Cross Router Boundary check box.

Link Layer Discovery Protocol

Similar to CDP, but allows the discovery of non-Cisco devices.




Advanced Protocols

Routing Table Discovers subnets by analyzing the seed device’s routing table. Can discover a device for every subnet on its list of known networks.

Address Resolution Protocol

Uses ARP protocol to find neighbors.

Border Gateway Protocol Uses BGP protocol to find neighbors.

Open Shortest Path First Uses OSPF protocol to find neighbors.

Filters

IP Filter Includes or excludes devices based on IP address. For example:

209.165.2.89209.165.2.*209.165.[16-32].89[209-211].*.55.[16-32]

Advanced Filters

System Location Filter Includes or excludes devices based on System Location.

System Object ID Filter Includes or excludes devices based on sysObjectID string set on the device.

DNS Filter Includes or excludes devices based on domain name string set on the device.

Credential Settings

Credential Set Applies existing credential profiles to devices (for example, a range of IP addresses). For more information see, Apply Device Credentials Consistently Using Credential Profiles.

SNMPv2 Credential (Required) Specifies SNMPv2 credentials. Click the plus sign to add additional rows of credentials— mapped to a specific IP address or using wildcard (for example, *.*.*.*, 10.1.1.*).

SNMPv3 Credential Specifies SNMPv3 credentials, algorithms, timeouts, and so forth. Click the question mark next to the drop-down list for information about these nodes.

Telnet Credential Specifies Telnet user name, password, and enable password. Without these credentials the device will be discovered but cannot be fully managed.

SSH Credential

Note Recommended.

Specifies SSH username, password, and enable password (use SSHv2 with a 1024 bit key for full discovery).

TL1 Credential Specifies TL1 user name, password, and proxy IP for communication between devices and OSSs.

Table 2-1 Discovery Settings (continued)

Field Description




Import Devices Using a CSV FileUse a CSV file to add devices if you have an existing management system from which you want to import devices, or you want to specify different values in a spreadsheet.

• Create the CSV File

• Import the CSV File

Create the CSV File

Download the sample CSV file template by choosing Inventory > Device Management > Network Devices, then clicking Bulk Import. The following table lists the fields and supported values, where applicable. At a minimum you must provide:

• Device IP address

• SNMP version, read-only community strings, write community strings, retry and timeout values, and any additional protocol-specific values

Preferred Management IP (how Cisco EPN Manager attempts to find the preferred management address for devices)

Use Loopback IP Uses the IP address from the loopback interface. If not found, uses the OSPF algorithm to select the preferred management IP address.

Use SysName Uses the IP address from a DNS lookup of the system name.

Use DNS Reverse Lookup Uses the IP address from a reverse DNS lookup (reverse DNS followed by forward DNS lookup) of the system name.

Table 2-1 Discovery Settings (continued)

Field Description

Table 2-2 Supported Values for CSV File (Creating VNEs)

CSV Entry Supported Values Notes

ip_address ip_address Required

licenceLevel license_level Not required

snmp_version 1, 2c, 3 Required if using SNMPv1, SNMPv2, or SNMPv3snmp_community snmp_cmty

snmp_write_community snmp_write_cmty

snmp_retries 0-10 (seconds)

snmp_timeout 1-300 (seconds)

protocol telnet or ssh2 Required for full collection

cli_username cli_username

cli_password cli_password

cli_enable_password cli_enable_password

cli_timeout cli_timeout




Import the CSV File

Before You Begin


Step 1 Choose Inventory > Device Management > Network Devices, then click Bulk Import.

Step 2 In the Bulk Import dialog:

a. Make sure Device is chosen from the Operation drop-down list.

b. Click Browse, navigate to the CSV file, and click Import.

Step 3 Check the status of the import by choosing Administration > Jobs.

Step 4 Click the arrow to expand the job details and view the details and history for the import job.

To check the status, see Validate Added Devices and Troubleshoot Problems.

Add Devices Manually (New Device Type or Series)Use this procedure to add a new device type and test your settings before applying them to a group of devices.

Before You Begin


Step 1 Choose Inventory > Device Management > Network Devices and click Add Device.

Step 2 Complete the required fields.

snmpv3_user_name snmpv3_username Required if using SNMPv3

snmpv3_auth_type MD5 or SHA

snmpv3_auth_password snmpv3_auth_password

snmpv3_privacy_type DES or AES128

snmpv3_privacy_password snmpv3_privacy_password

http_server https://server-ip

http_port 0-65535

http_config_username config_username

http_config_password config_password

http_monitor_username monitor_username

http_monitor_password monitor_password

Table 2-2 Supported Values for CSV File (Creating VNEs) (continued)

CSV Entry Supported Values Notes




Step 3 (Optional) Click Verify Credentials to verify the device credentials before adding the device.

Step 4 Click Add to add the device with the settings you specified.

Example: Adding an Cisco NCS 2000 or 4000 Series DeviceCisco NCS 2000 series devices are TL1-based devices, and Cisco EPN Manager uses the TL1 protocol to communicate with these devices.Cisco NCS 4000 series devices, on the other hand, are Cisco IOS-XR devices, and Cisco EPN Manager uses the SNMP and Telnet/SSH protocol to communicate with these devices.

Before You Begin


Step 1 From the left sidebar, choose Inventory > Device Management > Network Devices and, then click Add Device.


• Cisco NCS 2000 series and Cisco ONS 15454—Enter TL1 parameters

• Cisco NCS 4000 series—Enter SNMP and Telnet/SSH parameters

Step 3 (Optional) Click Verify Credentials to connect to the device using the specified credentials.


Example: Adding a Network Element as an ENE Using Proxy SettingsMessages sent to a particular network element must pass through other NEs in the network. To pass messages, one or more nodes can be a Gateway Network Element (GNE) and connect other NEs in your network. A node becomes a GNE when you establish a TL1 session and enter a command that must be sent to another node. The node that receives the TL1 message from another node for processing is an End-point Network Element (ENE). Messages from an ENE are transmitted through a GNE to other NEs in the network.

Before You Begin


Step 1 From the left side bar, choose Inventory > Device Management > Network Devices and, then click Add Device.

Step 2 Under the General Parameters, enter the IP address or the DNS name of the ENE that you want to add.


Step 4 Under the TL1 Parameters, enter the proxy IP address for the node that you are using as a GNE.



Chapter 2 Add and Organize Devices Validate Added Devices and Troubleshoot Problems

Step 5 (Optional) Click Verify Credentials to connect to the device using the specified credentials.


Validate Added Devices and Troubleshoot ProblemsTo monitor the discovery process, follow these steps:

Step 1 To check the discovery process, choose Inventory > Device Management > Discovery.

Step 2 Expand the job instance to view its details. Click each of these tabs to view:

• Reachable—Devices that were reached using ping. Devices may be reachable but not modeled, such as when the credentials are wrong. Check the information in this tab for any failures, including the

• Filtered—Devices that were filtered out according to the customized discovery settings.

• Unreachable—Devices that did not respond to ping, with the failure reason.

Step 3 To verify that devices were successfully added to Cisco EPN Manager, choose Inventory > Device Management > Network Devices

• Verify that the devices you have added appear in the list. Click a device name to view the device configurations and that the software images that Cisco EPN Manager collected from the devices.

• View details about the information that was collected from the device by hovering your mouse cursor over the Inventory Collection Status field and clicking the icon that appears.

• Check the Device Reachability Status column.

Reachability Color Name Description

Green Reachable Cisco EPN Manager can reach the device using SNMP.

Yellow Ping reachable

The device is reachable using Ping, but not via SNMP. Verify that you specified the correct SNMP parameters for read access when the device was added to Cisco EPN Manager.

Red Unreachable Cisco EPN Manager is unable to reach the device using Ping. Verify that the device is operational and connected to the network.



Chapter 2 Add and Organize Devices Export Device Information to a CSV File

• Check the Admin Status column.

If you need to edit the device information, see Change Basic Device Properties.

Export Device Information to a CSV FileWhen you export the device list, all device information is exported except for the credential profiles.

Caution Handle the CSV file with care because it lists all device credentials. You may want to ensure that only users with special privileges can perform a device export.

Step 1 Choose Inventory > Device Management > Network Devices.

Step 2 Select the devices that you want to export, then click Export Device.

Step 3 Enter an encryption password that will be used to open the exported CSV file.

Step 4 Confirm the encryption Password and click Export to export the device information.

To open the CSV file, double-click the zip file and enter the encryption password.

Admin Status Description

Managed Cisco EPN Manager is managing the device.

Unmanaged Cisco EPN Manager is not managing the device. Common reasons:

• Device credentials are incorrect (the device is likely in the Unreachable state).

• You have exceeded the number of devices allowed by your license. See View Cisco EPN Manager Licenses.

• The device is enabled for switch path tracing only.

• The device type is Unknown (Device Type column) because it is not supported. Check if support for that device type has been added to Cisco EPN Manager by choosing Administration > Software Update, then clicking Check for Updates.



Chapter 2 Add and Organize Devices Create Device Groups for Easier Management and Configuration

Create Device Groups for Easier Management and Configuration• How Groups Work

• Create Device Type Groups

• Create Location Groups

• Create Port Groups

• Make Copies of Groups

• Hide and Delete Groups

Organizing your devices into logical groupings simplifies device management, monitoring, and configuration. Because you can apply operations to groups, grouping saves time and ensures that configuration settings are applied consistently across your network. In smaller deployments where all devices can be configured with the same settings, you may only need to create one general device group. The grouping mechanism also supports subgroups. You will see these groups in many of the Cisco EPN Manager GUI windows.

When a device is added to Cisco EPN Manager, it is assigned to a location group named Unassigned Group. If you are managing a large number of devices, be sure to move devices into other groups so that the Unassigned Group membership does not become too large.

How Groups WorkGroups are logical containers for devices. These groups do not perform any role-based access control; RBAC is implemented using virtual domains. This example shows the relationship between groups and virtual domains:

• A group named SanJoseDevices contains 100 devices.

• User Joe Smith is managing devices that appear in the Acme virtual domain, which he has access to (in other words, the Acme domain is assigned to Joe Smith’s user account).

• The Acme virtual domain contains a total of 400 devices, including 20 devices that are members of the SanJoseDevices group.

When Joe Smith views the SanJoseDevices group, he sees 20 devices. He cannot see the other 80 members of the SanJoseDevices group. For more information about virtual domains, see Control User Access to Devices Using Virtual Domains.

Note Remember the following when creating groups:

• Groups have a direct impact on what users can view in topology maps. Content is displayed in network topology map by choosing a single group.

• In general, a device should only belong to one group. Having a device in multiple groups may affect what you can see in the network topology window. For more information, see View the Contents of a Sub-Group in the Topology Map.

• For dynamic groups (where NEs are added based on rules), while there is no limit to the number of rules that you can specify, the performance for updates may be negatively impacted as you add more rules.



Chapter 2 Add and Organize Devices Create Device Groups for Easier Management and Configuration

Cisco EPN Manager supports the following types of groups.

Groups can be dynamic, where Cisco EPN Manager automatically adds new devices to them; manual, where only the user adds devices to a group; or mixed, where devices can be added automatically and manually.

A device should appear in one location group only, though a higher level parent group will also contain that device. For example, a device that belongs to a san-jose location group might also indirectly belong to the parent california group.

Device Accessibility in Parent-Child Device and Location Groups

The device inheritance in parent-child user defined and location groups are as follows:

• User Defined Group—When you create a child group under a parent device group, the devices accessible to the child group depend on the device group that you create:

– If the parent and child group are both dynamic device groups, the child group can access the devices available in the parent group only.

– If the parent group is a static device group and the child group is a dynamic group, the child group is not limited to the devices available in the parent group.

– In dynamic and mixed device groups the child group “inherits” its devices from the parent device group.

• Location Group—The parent group is a superset of all the child groups and inherits the ch

LIMITED ORDERABILITY RELEASE - Cisco€¦ · LIMITED ORDERABILITY RELEASE Contents v Cisco Evolved...

Documents

Transcript of LIMITED ORDERABILITY RELEASE - Cisco€¦ · LIMITED ORDERABILITY RELEASE Contents v Cisco Evolved...