advertisement
EPICenter Reference Guide
Version 6.0
Extreme Networks, Inc.
3585 Monroe Street
Santa Clara, California 95051
(888) 257-3000
(408) 579-2800 http://www.extremenetworks.com
Published: November 2006
Part number: 100248-00 Rev 01
Alpine, Alpine 3804, Alpine 3802, Altitude, BlackDiamond, BlackDiamond 6808, BlackDiamond 6816, EPICenter,
Ethernet Everywhere, Extreme Ethernet Everywhere, Extreme Networks, Extreme Turbodrive, Extreme Velocity,
ExtremeWare, ExtremeWorks, ExtremeXOS, GlobalPx Content Director, the Go Purple Extreme Solution Partners
Logo, Sentriant, ServiceWatch, Summit, Summit24, Summit48, Summit1i, Summit4, Summit5i, Summit7i, Summit
48i, SummitRPS, SummitGbX, Triumph, vMAN, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Summit logos, the Extreme Turbodrive logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.
© 2006 Extreme Networks, Inc. All Rights Reserved.
Specifications are subject to change without notice.
Merit is a registered trademark of Merit Network, Inc. Solaris and Java are trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Avaya is a trademark of Avaya, Inc.
This product includes software developed by the Apache Software Foundation (http://www.apache.org).
This product contains copyright material licensed from AdventNet, Inc. (http://www.adventnet.com). All rights to such copyright material rest with AdventNet.
Use of Open Source Libraries. The Software uses or links to the third party “open source” library(ies). Please read the “Notice” files included with the Software for identification of these libraries and applicable license agreements.
2 EPICenter Reference Guide
Contents
Preface......................................................................................................................................... 15
Part 1: EPICenter Basic Features
Chapter 1: EPICenter Overview....................................................................................................... 21
Chapter 2: Getting Started with EPICenter ....................................................................................... 25
Chapter 3: The Inventory Manager.................................................................................................. 45
EPICenter Reference Guide 3
4
Chapter 4: The EPICenter Alarm System........................................................................................ 101
EPICenter Reference Guide
Chapter 5: Configuration Manager................................................................................................ 141
Chapter 6: The Firmware Manager................................................................................................ 173
EPICenter Reference Guide 5
6
Chapter 7: The Interactive Telnet Feature ..................................................................................... 197
Chapter 8: The Grouping Manager ................................................................................................ 221
EPICenter Reference Guide
Chapter 9: Using the IP/MAC Address Finder................................................................................. 251
Chapter 10: Real-Time Statistics.................................................................................................. 261
Chapter 11: Network Topology Views ........................................................................................... 277
EPICenter Reference Guide 7
8
Chapter 12: Using the VLAN Manager........................................................................................... 323
EPICenter Reference Guide
Chapter 13: The ESRP Monitor ..................................................................................................... 343
Chapter 14: Administering EPICenter............................................................................................ 349
EPICenter Reference Guide 9
10
Chapter 15: EPICenter Reports ..................................................................................................... 373
EPICenter Reference Guide
Part 2: Advanced Upgrade Features
Chapter 16: EAPS Protocol Monitoring and Verification................................................................. 449
Chapter 17: Using the Policy Manager ......................................................................................... 481
Chapter 18: The ACL Viewer ........................................................................................................ 509
EPICenter Reference Guide 11
12
Part 3: Appendices
Appendix A: Event Types for Alarms ............................................................................................. 527
Appendix B: EPICenter Backup..................................................................................................... 537
Appendix C: The Spanning Tree Monitor ....................................................................................... 543
Appendix D: Voice over IP Manager ............................................................................................. 551
EPICenter Reference Guide
Index .......................................................................................................................................... 565
EPICenter Reference Guide 13
14 EPICenter Reference Guide
Preface
This preface provides an overview of this guide, describes guide conventions, and lists other useful publications.
Introduction
This guide provides the required information to use the EPICenter software. It is intended for use by network managers who are responsible for monitoring and managing Local Area Networks, and assumes a basic working knowledge of:
●
●
Local Area Networks (LANs)
Ethernet concepts
●
●
●
Ethernet switching and bridging concepts
Routing concepts
The Simple Network Management Protocol (SNMP)
NOTE
If the information in the Release Notes shipped with your software differs from the information in this guide, follow the Release Note.
Terminology
When features, functionality, or operation is specific to the Summit, Alpine, or BlackDiamond switch family, the family name is used. Explanations about features and operations that are the same across all
Extreme switch product families simply refer to the product as the “Extreme Networks device” or
“Extreme Networks switch.” Explanations about features that are the same for all devices managed by
EPICenter (both Extreme devices and others) are simply refered to “devices.”
EPICenter Reference Guide 15
16
Preface
Conventions
Table 1 and Table 2 list conventions that are used throughout this guide.
Table 1: Notice Icons
Icon Notice Type
Note
Alerts you to...
Important features or instructions.
Caution
Warning
Risk of unintended consequences or recoverable loss of data.
Risk of permanent loss of data.
Table 2: Text Conventions
Convention
Screen displays
Screen displays bold
The words “enter” and “type”
[Key] names
Words in bold type
Words in italic type
Description
This typeface represents information as it appears on the screen.
This typeface indicates how you would type a particular command.
When you see the word “enter” in this guide, you must type something, and then press the Return or Enter key. Do not press the Return or Enter key when an instruction simply says “type.”
Key names appear in text in one of two ways. They may be
• referred to by their labels, such as “the Return key” or “the Escape key.”
• written with brackets, such as [Return] or [Esc].
If you must press two or more keys simultaneously, the key names are linked with a plus sign (+). For example:
Press [Ctrl]+[Alt]+[Del].
Bold text indicates a button or field name.
Italics emphasize a point or denote new terms at the place where they are defined in the text.
Related Publications
The EPICenter documentation set includes the following:
● EPICenter Reference Guide (this guide)
●
●
EPICenter Concepts and Solutions Guide
EPICenter Installation and Upgrade Guide
●
●
EPICenter Release Notes
EPICenter License Agreement
EPICenter Reference Guide
Related Publications
Both the EPICenter Reference Guide and the EPICenter Concepts and Solutions Guide can be found online in
Adobe Acrobat PDF format in the docs subdirectory of the EPICenter installation directory. They are also available in a Microsoft Windows environment from the EPICenter Start menu.
You must have Adobe Acrobat Reader version 5.0 or later (available from http://www.adobe.com
free of charge) to view these manuals.
The EPICenter software also includes context-sensitive online Help, available from the Help menu in each EPICenter applet, as well as through Help buttons in most windows and dialogs throughout the software.
Other manuals that you will find useful are:
● ExtremeWare Software User Guide
●
●
●
ExtremeWare Command Reference Guide
ExtremeXOS Concepts Guide
ExtremeXOS Command Reference Guide
For documentation on Extreme Networks products, and for general information about Extreme
Networks, see the Extreme Networks home page:
● http://www.extremenetworks.com
Customers with a support contract can access the Technical Support pages at:
● http://www.extremenetworks.com/services/eSupport.asp
The technical support pages provide the latest information on Extreme Networks software products, including the latest Release Notes, information on known problems, downloadable updates or patches as appropriate, and other useful information and resources.
Customers without contracts can access manuals at:
● http://www.extremenetworks.com/services/documentation/
EPICenter Reference Guide 17
Preface
18 EPICenter Reference Guide
1
EPICenter Basic Features
1
EPICenter Overview
This chapter describes:
● The features of the EPICenter ™ software
Introduction
EPICenter is a powerful yet easy-to-use application suite that facilitates the management of a network of Summit ™ , BlackDiamond ™ , and Alpine ™ switches, as well as selected third-party switches.
EPICenter makes it easy to perform configuration and status monitoring, create virtual LANs (VLANs), and implement policy-based networking in enterprise LANs with Extreme Networks switches.
EPICenter offers a comprehensive set of network management tools that are easy to use from a client workstation running EPICenter client software, or from a workstation configured with a web browser and the Java plug-in.
EPICenter leverages the three-tier client/server architecture framework represented by Java applets. The
EPICenter application and database support three of the most popular operating environments in the marketplace, Microsoft Windows XP/2003 Server, Redhat Linux, and Sun Microsystems’ Solaris.
Summary of Features
The EPICenter software is a powerful, flexible, and easy-to-use application for centralizing the management of a network of Extreme switches and selected third-party devices, regardless of the network size. The EPICenter software provides the vital SNMP, HTML, and CLI-based tools you need for network-wide management of Extreme Networks Summit, Black Diamond, and Alpine switches.
● Operational Simplicity . Simplicity begins with a detailed real-time view of the entire network.
EPICenter’s topology view provides users with an overview of every element of the network and how they all connect at Layer 2 and Layer 3. Centralized configuration management and firmware management simplifies the configuration and maintenance of your network elements. These functions can be performed simultaneously on groups of devices anywhere on the network as well as on devices individually. EPICenter’s stacking capability enables management of a stack of devices as a single device and manages all ports on all devices using a single IP address.
●
●
Voice-Class Availability . EPICenter’s availability is greatly enhanced by granular health and status monitoring of the network. Ethernet Automatic Protection Switching (EAPS) protocol support within
EPICenter enhances a highly available Extreme Networks switching environment. The Policy
Manager lets you work with high-level policy components in defining network policies to protect and guarantee delivery of mission-critical traffic. The Real Time Statistics feature provides a graphical representation of utilization and error statistics for multiple ports on a device, device slot, or within a port group.
Comprehensive Security . EPICenter provides multiple features that control and monitor the security features on Extreme Networks’ products. The VLAN Manager enables the creation and management of VLANs easily throughout the network. The Policy Manager’s access-based security policies enforce user-based security. The IP/MAC Address Finder tool to locate any MAC address on your network.
EPICenter Reference Guide 21
22
EPICenter Overview
●
●
●
●
●
●
●
●
●
Installed or web-based clients . The EPICenter software gives you a choice of installing full-function client software, or connecting to the EPICenter server through a web-browser-based client running under Microsoft Internet Explorer or Mozilla Firefox.
Hierarchical displays . Most information, including that found in EPICenter topology maps, VLAN management, configuration management, and real-time statistics, is dynamically presented in an easy-to-navigate hierarchical tree.
Multi-platform capability . The EPICenter server supports Sun SPARC and Intel platforms, and the
Windows XP or 2003 Server, Linux and Solaris operating environments. Client applications on any of these platforms can connect to servers on either platform.
Support for multiple users with security . Users must log in to the EPICenter application, and can be granted different levels of access to the application features based on their assigned role. Three basic predefined roles are provided, and additional user roles can be created. Telnet and SSH access to Extreme switches can also be controlled based on the user identity. To protect the sensitive data from being intercepted or altered by unauthorized access, Secure Shell 2 (SSHv2) protocol and
HTTPS protocols are provided. These protocols encrypt traffic between the switch management port and the EPICenter.
Installed or web-based clients . The EPICenter software gives you a choice of installing full-function client software, or connecting to the EPICenter server through a web-browser-based client running under Microsoft Internet Explorer or Mozilla Firefox.
Monitor wireless Access Points (APs) and wireless clients.
Through EPICenter’s dynamic reports you can monitor the status of the Altitude 300 APs connected to your network and monitor wireless client activity connected through those APs. You can also detect rogue APs connected to the network, and add them to a “safe” list, or disable access to them if necessary.
Support for third-party devices . Any device running a MIB-2 compatible SNMP agent can be discovered by the EPICenter Inventory Manager and monitored at a basic level. These devices can appear on a topology map, with basic status and alarm handling based on MIB-2 functionality.
Based on EPICenter’s Third Party Integration Framework, selected appliances from Extreme
Networks partners can be integrated into EPICenter in a robust fashion that allows reporting, the use of Telnet macros, alarm management, and monitoring with graphical front and back panel views in the Inventory Manager.
Manage large numbers of devices.
The EPICenter Gold Upgrade enables the EPICenter server to manage up to 2000 devices with a single installation of the EPICenter software. For even larger networks, you can split the management task among several EPICenter servers in a distributed server mode that lets you monitor the status of those servers from a single client.
Policy-based management. The EPICenter Advanced Upgrade is an optional, separately licensed component of the EPICentersoftware that lets you work with high-level policy components (users, desktop systems, groups of users, devices, or applications) in defining network policies used to protect and guarantee delivery of mission-critical traffic. The policy system translates these into the specific information needed for QoS configuration of network devices. It also detects overlaps and conflicts in policies, with precedence rules for resolving conflicting QoS rules.
Extreme Networks switches and many other MIB-2 compatible devices can be monitored and controlled from a central interface, without exiting EPICenter to run a separate program or Telnet session. Features such as SmartTraps and the EPICenter alarm system further maximize network monitoring capability while maintaining network usage efficiency.
You can organize your network resources into non-exclusive groups (including groups made up of selected ports from multiple switches) that you can manage as a single entity. Device groupings can be based on a variety of factors, such as physical location, logical grouping, devices that support SSH2, and so on. Using device groups, you can search for individual IP addresses and identify their connections into the network. You can monitor the status of your network devices either visually, through the
EPICenter Reference Guide
Extreme Networks Device Support
Inventory Manager applet, or by setting alarms that notify you about conditions or events on your network devices. You can display a high-level overview of the status of your network devices as a hierarchical topology map.
Extreme Networks Device Support
Extreme Networks devices running the ExtremeWare software version 6.2 or later, or ExtremeXOS software, are supported by most features in the EPICenter system, including the VLAN Manager and the graphical display features of the Inventory Manager applet. Some features, such as ESRP, or the
Policy Manager, require more recent versions of the ExtremeWare software.
Devices running versions of ExtremeWare that have reached the end of their support life may continue work with many features of the EPICenter system. However, continued support in the future cannot be guaranteed.
NOTE
See the EPICenter Release Notes or the Extreme Networks web site for the most current information on device support in the EPICenter software.
Third-Party Device Support
Any device running a MIB-2 compatible SNMP agent can be discovered by the EPICenter Inventory manager, and saved in the Inventory database. All devices in the database can also appear on a topology map. The EPICenter alarm system can handle basic MIB-2 SNMP traps from any device in the inventory database, including RMON traps from devices with RMON enabled. The Real-Time Statistics module can display statistics for any device with RMON enabled.
EPICenter’s third-party integration framework allows selected devices to be integrated into EPICenter with a higher level of functionality. Devices integrated through this framework may include devicespecific front and rear panel views, additional SNMP trap support, support for Telnet macros, and the ability to launch external applications from within EPICenter, if appropriate.
EPICenter also provides support for Avaya Voice Network devices through an integration between
EPICenter and Avaya Integrated Management software that co-reside on the same system.
EPICenter Reference Guide 23
EPICenter Overview
24 EPICenter Reference Guide
2
Getting Started with EPICenter
This chapter covers the following topics:
●
The EPICenter Home Page on page 25
●
●
Navigating EPICenter Applications on page 29 .
The Main Feature Frame on page 31
●
●
●
Right-Click Pop-Up Menus on page 38
.
Printing from EPICenter on page 42
This manual assumes you have successfully installed or upgraded to the current EPICenter software version—version 6.0 or later. If you have not yet installed version 6.0, see the EPICenter Software
Installation and Upgrade Quick Start for instructions.
The EPICenter Home Page
The EPICenter Home page displays the Network Status Summary Report—a simple HTML report with some basic statistics on the status of your network. Click on the description of the problem where it is underlined in the left-hand side of the page to display a detail report about a specific status item.
The Network Summary Report can also be accessed from the Reports applet. See Chapter
15, “EPICenter Reports” for a more detailed discussion of this reports.
EPICenter Reference Guide 25
Getting Started with EPICenter
Figure 1: The Network Status Summary Report page
26
This summary shows the following statistics:
● The number of devices known to the EPICenter server that are not responding to EPICenter queries.
● The number of devices reported to be in marginal condition (such as a problem with the fan, temperature, or power).
●
●
●
●
●
The number of devices that are offline for planned service.
The number of critical alarms in the last 24 hours that have not been acknowledged.
The number of Syslog messages with a priority of Critical or worse that occurred in the last 24 hours.
The number of Invalid Login alarms that have occurred in the last 24 hours.
The number of Authentication Failure alarms that have occurred in the last 24 hours.
For any of these items where the number is non-zero, the description becomes a link to a sub-report that gives you more information about the situation—a list of devices or alarms or messages.
The Network Status Summary Report also provides version information about the EPICenter software running on your machine.
EPICenter Reference Guide
The EPICenter Home Page
For further discussion of the information shown on this page, see the section
in
on Reports.
The Distributed Server Summary
If you are running in a distributed server configuration, a Distributed Server summary appears below the Network Summary, as shown in Figure 2 .
Figure 2: Distributed Server Summary Report
Each row in the summary provides the status of one of the EPICenter server group members. It provides the following information about each server:
● The server name. Clicking on the server name initiates the Dynamic Reports module for that server.
You can then run any of the available HTML reports.
●
●
●
A link that can launch a client connection to the server. Clicking on the Client link launches a client that attempts to connect to that server.
The number of devices managed by the server that are up or down.
The number of critical alarms that have occurred on devices managed by the server.
EPICenter Reference Guide 27
Getting Started with EPICenter
●
●
The date and time of the last update of the server summary information for this server.
The status of the server (whether it is responding to the periodic poll).
This report is also discussed in the section
“The Distributed Server Summary” on page 383
in
The “About EPICenter” Page
From the bottom of the Summary Report panel you can navigate to the About EPICenter page.
The About EPICenter page, shown in Figure 3 , provides information about the version of EPICenter that you are running. This information may be needed if it becomes necessary for you to contact
Extreme Networks’ Technical Support.
Figure 3: The About EPICenter page
28
From this page you can do the following:
● Access the online EPICenter Reference Guide from the View Documentation link.
●
●
Send e-mail to Extreme Networks’ technical support organization.
Return to the Network Summary Report page.
EPICenter Reference Guide
Navigating EPICenter Applications
Navigating EPICenter Applications
The EPICenter client consists of two frames:
● The Navigation Toolbar, from which you can access the EPICenter applets.
● The Main Applet frame, where the currently active applet runs.
The Navigation Toolbar
The Navigation Toolbar, on the left, displays a set of buttons you can use to access various EPICenter features. The buttons that appear in this Toolbar are determined by the features that the EPICenter administrator has enabled or disabled for this installation of EPICenter, and by the features enabled by the role assigned to your user account. The Navigation Toolbar may include additional optional features, such as the EPICenter Policy Manager, if you have a license for those features.
Home returns you to the Network Summary Report display shown in Figure 4 . From this page, you can access the About EPICenter page.
Figure 4: The EPICenter Home page
EPICenter Reference Guide 29
30
Getting Started with EPICenter
The following list describes all the EPICenter features available; depending on the role assigned to your user account, and the features enabled or disabled by the EPICenter administrator, some of these features may not be available.
● Inventory : The Inventory Manager, where you can discover devices on your network, and set up device groups so you can manage network elements in sets (as groups of devices) rather than managing them individually.
●
●
Alarm : The Alarm Manager, where you can view and browse alarms that have occurred on your network devices, as well as define alarms and the actions that should occur when an alarm happens.
This button also indicates that a new alarm has been received by displaying its label in red text instead of black text.
Config : The Configuration Manager, where you can upload and download switch configuration files and baseline configuration files to your managed devices.
●
●
●
●
Firmware : The Firmware Manager, where you can obtain and manage the most current
ExtremeWare software and BootROM images for your switches and modules, and download those images to your devices.
Groups : The Grouping Manager, where you can set up groups of resources, including Port groups and groups of users or hosts, and can import resources from external source such as a NT Domain
Controller or LDAP directory.
Find IP/MAC : The IP/MAC Address Finder applet, where you can search for the ports associated with one or more MAC or IP addresses, or identify the IP or MAC addresses connected to a set of ports.
Telnet : An interactive Telnet application where you can create and run command-line macros on multiple devices in one operation. You can also establish Telnet sessions with individual switches, both Extreme Networks and third-party devices.
●
●
●
●
●
●
●
RT Stats : The Real Time statistics applet, that provides graphs of various device and port statistics.
Topology : The Topology feature, which provides a hierarchical, logical map-based view of your network topology, including the status of alarms propagated up through the hierarchy.
VLAN : The VLAN Manager, where you can set up and manage VLANs.
ESRP : The ESRP Monitor, which lets your view your ESRP-enabled switches and VLANs.
Admin : The Administration feature, where a user with Administrator access can administer
EPICenter user accounts and roles, configure RADIUS authentication, and configure many aspects of the EPICenter server, including the availability of EPICenter applets. Other users can change their own password using this applet.
Reports : The browser-based Dynamic Reports feature, where you can run a number of pre-defined
HTML-based reports from data in EPICenter’s inventory database. You can also define your own reports.
Logoff : The Logoff button ends your session and returns you to the Login window.
NOTE
You must be logged in as a user with an Administrator, Manager, or other role that provides read/write access to a feature in order to use most of the functions of that feature. Users with a Monitor role can view status and statistics in most features, but cannot set up or change EPICenter or device configurations.
EPICenter Reference Guide
The Main Feature Frame
In addition to the features described above, the Navigation Toolbar may include icons for other optional features that have been integrated into the EPICenter server. These features are typically licensed separately, enabled through special license keys. These include:
● The EAPS Monitor: An optional applet that allows you to monitor the implementation of the
Ethernet Automatic Protection Switching (EAPS) protocol on your network. You can also use this applet to validate the configuration of the EAPS protocol on the devices in your network. This applet is included in the EPICenter Advanced Upgrade license, which requires the installation of an
Advanced Upgrade license key.
●
●
Policy : The EPICenter Policy Manager, where you can define QoS policies and access list rules for implementation on Extreme Networks devices. This applet is included in the EPICenter Advanced
Upgrade license, which requires the installation of an Advanced Upgrade license key.
ServiceWatch : The EPICenter ServiceWatch software, which can be launched from within the
EPICenter client. ServiceWatch is not an EPICenter feature, but a separate product. You can enable the integration into the EPICenter Navigation Toolbar through the Server Properties pages in the
EPICenter Administration applet.
There are two additional applets that are not available by default, but that can be enabled through the
Server Properties pages in the EPICenter Administration applet:
● STP : The STP Monitor, which lets you view the status of devices and VLANs configured for STP.
The devices must be running ExtremeWare 6.2.2 or later in order to be monitored by EPICenter.
● Voice over IP: The IP Phones feature. You must have an Advanced license to be able to enable this feature. This is unrelated to the Voice over IP feature available with the Avaya AIM integration.
The Main Feature Frame
The main feature frame is used to display the active EPICenter feature. For example, in Figure 5 , the
Configuration Manager is displayed in the main applet frame.
EPICenter Reference Guide 31
Getting Started with EPICenter
Figure 5: Typical Main Feature Frame (Configuration Manager)
EPICenter Menus
Feature function buttons
32
Component Tree Component status/detail
Most EPICenter applets use a two-panel display within the main applet frame. In most of these, the two panels are:
●
●
The Component Tree.
A component status/detail information panel.
All EPICenter applets except Reports provide a set of menus across the top of the applet. These menus consist of several standard menus, and most applets provide one or more applet specific menus. See
“EPICenter Menus” on page 32 for details.
In addition, some applets provide an applet-specific set of buttons at the top of the main applet frame.
These provide access to specific applet functions, such as adding, deleting, or configuring components
managed by the applet. See “Feature Function Buttons” on page 37 for more details. Other applets
provide tabbed pages for different functions within the applet.
EPICenter Menus
EPICenter features (except Reports) provide a set of standard menus at the top of the main feature frame (see Figure 5 ). There are four standard menus that are present in all features except for the EAPS
Monitor—the EPICenter, Display, Tools, and Help menus. In addition, individual features may provide
EPICenter Reference Guide
The Main Feature Frame feature-specific menus. In most cases feature-specific menus provide access to the functions available through the feature function buttons.
describes the four standard EPICenter menus.
Table 3: EPICenter standard menus
Description Menu/Menu Item
EPICenter
Logoff
Logoff and Exit
Logs this user off EPICenter (same as the Logoff button on the Navigation Toolbar).
Logs this user off and exits the client (same as the Logoff button followed by clicking Quit in the client Login window).
Display
Properties Available when a component (device, device group, slot, or port) is selected in the
Component Tree. Opens the Properties Display (see
select individual devices or device groups (such as in the Alarm Manager) the
Properties item is not selectable.
Note: This menu is not present in the EAPS Monitor applet.
Tools
Find Device
Technical Support
Upload Device Info
Device ->
Alarms
Statistics
Sync
Telnet
Viewer
VLANs
Device Manager
Macros ->
Opens the Find Devices dialogue (see “Finding Devices” on page 84 ).
Enables you to collect information about the devices you are managing, or about
EPICenter itself, that can help Extreme Networks support personnel to diagnose and troubleshoot problematic behaviors.
Uploads troubleshooting information from the selected device, and optionally includes the most recent configuration file uploaded from the device. The data is packaged into a file in .zip format. If Extreme Networks’s Technical Assistance
Center (TAC) is helping you with a problem, they may request that you send them
Enables you to view other types of information about a device (from other EPICenter applets) without having to leave the current applet. Provides a submenu of applet
choices that run in a separate window, with the device preselected. See “The Device
for additional information.
If you are already in one of the applets, that choice is not available.
Opens an Alarm Browser window showing the alarm log for the selected device.
Opens a Real Time Statistics window for the selected device.
Performs a sync function on the selected device.
Opens a Telnet window and establishes a Telnet connection to the selected device.
Opens an Inventory Manager window and displays Device Details for the selected device.
Opens the VLAN applet and displays the VLANs on the selected device.
Opens the device-based element manager for the selected device; for Extreme devices, this runs ExtremeWare Vista. Other device management applications may be supported depending on the device and the EPICenter options you have installed.
Displays a list of Telnet macros available for the selected device group, device, or port. If no macros have been created for that context, or if there are no macros within the context that are available to users with your user role, the list contains
<none>. See
“Creating Macros for Context-Based Replay” on page 210 for more
information on Telnet macros.
EPICenter Reference Guide 33
34
Getting Started with EPICenter
Table 3: EPICenter standard menus
Description Menu/Menu Item
Help
Applet Help
EPICenter Help
About EPICenter
Displays Online Help pages for the current applet in a separate browser window.
(Note that many applets also provide Help buttons in individual pages and pop-up
windows). See “Help on Help” on page 42 for more information about the online
help system.
Shows the title page and Table of Contents for the full EPICenter Online Help in a separate window.
Opens a window showing the EPICenter version and build information. From this window you can display a screen of client information, useful for troubleshooting.
The Component Tree
The left side panel shows the Component Tree. The Component Tree is a nested tree that displays the components known to the EPICenter database that are relevant to the active feature. The Component
Tree may display different types of components depending on which EPICenter feature you are viewing. For example, in the Inventory Manager, the Component Tree shows all the Extreme and thirdparty devices known to the EPICenter. In the VLAN Manager, the Component Tree displays VLANs, as shown in Figure 5 . In the Topology view, the Component Tree shows the maps nested within a topology view.
The Component Tree often includes both folders and individual objects. If a component in the tree has a plus sign to its left, that means there are subcomponents nested below it. For example, if the component is a VLAN, then it typically has Extreme switches as subcomponents. A switch may have ports as subcomponents, or slots which in turn have ports.
●
●
Click on the plus sign to display the nested subcomponents.
The plus sign changes to a minus sign.
Click on the minus sign to hide the subcomponents.
The minus sign changes to a plus sign.
Most objects in the Component Tree are represented both by a text identifier and by a small icon that represents the type of object. Following are some examples of icons used in the Component Tree:
indicates a device group.
, , , and are examples of device icons.
indicates an untagged VLAN, and is a tagged VLAN.
, , , and are examples of folder icons.
indicates a general-purpose group in the Grouping applet.
indicates a host resource in the Grouping applet.
indicates a user resource in the Grouping applet.
Devices are identified in the tree by their device name (as defined in the SysName MIB variable) and IP address. A user with administrator access can change this to reverse the order of the IP address and device name, or to display the device name only. This is done through a server property set in the
Administration module. See
Chapter 14 for details on how to do this.
EPICenter Reference Guide
The Main Feature Frame
In addition to the device icons, several other symbols may annotate a device component:
●
●
●
●
A red circle with a white “S” displayed next to a device indicates that the device is not reachable through SNMP.
A small bell-shaped symbol indicates an alarm has been logged for the device, and has not yet been acknowledged. The color of the bell symbol indicates the severity level of the alarm. If multiple alarms are logged for the device, the color indicates the highest severity level among those alarms.
See
“The Alarm Log Browser Summary” on page 104
for the definitions of the alarm severity levels.
If the alarm icon has an “X” through it, this means alarm propagation has been disabled for this device; the alarm status of this device does not influence the aggregate alarm status displayed for the device group. See
“Alarm Propagation to the Device Group” on page 50
for more information on alarm propagation, including how to disable or enable it for a device.
An alarm icon shown for the device group indicates the highest severity unacknowledged alarm among those devices within the device group that have alarm propagation enabled.
If a device is offline, the text identifier for the node is gray.
Moving the Component Tree Boundary
You can move the boundary between the Component Tree panel and the main applet panel by following these steps:
1 Place the cursor over the line separating the panels.
2 Click and hold the left mouse button to “grab” the panel separator.
3 Drag the separator until the panels are the desired widths.
The Status/Detail Information Panel
The right side panel displays information about the component selected in the tree on the left. For example, Figure 6 shows the Inventory Manager applet, with basic information about the devices known to the EPICenter.
EPICenter Reference Guide 35
Getting Started with EPICenter
Figure 6: Inventory Manager applet
36
● Click on a component in the Component Tree to display information about that component.
In Figure 6 , the selected component is the Default device group. The component status/detail panel displays summary status information about each device in this device group.
The buttons and frame contents change depending on which applet you are viewing, and also on the permissions associated with your user account.
Resizing Columns
In a wide columnar display such as shown in Figure 6 , you can resize the widths of each column. To do this, follow these steps:
1 Place the cursor over the line separating the column you want to resize from the column to its right.
2 Click and hold the left mouse button to “grab” the column separator.
3 Drag the separator until the column is are the desired width.
Sorting Columns
You can sort the rows of a columnar display according to the contents of any individual column.
EPICenter Reference Guide
The Main Feature Frame
● To sort the rows, click on the column heading you want to use as the sort criteria. Click once to sort in ascending order; click a second time to reverse the sort order.
In most applets, the column that is currently being used as the sort criteria is indicated with a small triangle in the column heading cell. The direction of the triangle (facing up or facing down) indicates whether the sort is ascending or descending.
Feature Function Buttons
For most EPICenter features, stand-alone buttons at the top of the feature frame provide access to the functions provided by the current feature. In most cases, the functions provided by these buttons are the same as the functions found in the Feature menu. Most buttons invoke a pop-up dialog box for the function, such as the Add VLAN function shown in Figure 7 .
NOTE
If you have a Monitor role, some or all of the buttons in a given applet are not available to you. For example, in the
VLAN Manager, a user with the Monitor role can view information about the components in the Component Tree, but cannot Add, Delete, or Modify VLANs, or perform any port configurations.
Figure 7: Pop-up dialog box for adding a VLAN in the VLAN Manager
EPICenter Dialog Boxes
A dialog box can contain the following types of fields:
● Page tabs, such as the Properties & Port and IP Forwarding tabs in the Add VLAN dialogue shown in Figure 7 . These are used when there are multiple pages of settings for a specific function. Select a tab to display the page.
EPICenter Reference Guide 37
38
Getting Started with EPICenter
●
●
●
Text fields, such as the VLAN Name field in Figure 7 . Enter text or numbers by clicking in the field and then typing.
Drop-down menu fields, such as the Protocol Filter field in Figure 7 . Click in the field to drop down a menu of choices, then click on your selection to enter the value into the field.
List box fields, such as the Available Switches field in Figure 7 . Click to highlight a value in the field.
Click again to unselect a value.
If there are more entries in the list than can be displayed in the box, a scroll bar is provided at the right side of the field.
Some list boxes allow multiple selections. Use [Ctrl]-click to select multiple items. To select a group of contiguous items, click to select the first item in the group, then use [Shift]-click to select the last item in the group; all the items between your first and last selection are highlighted.
Most dialogue buttons provide a standard set of action buttons: Apply, Close, Reset, and Help.
Depending on the function of the dialogue box, other buttons may be provided in place of or in addition to some of these; for example, in a delete function, the Apply button may be replaced by a
Delete button. The common action buttons found in dialogues are:
●
●
Apply : Saves the settings on the page you are viewing, but the dialog box remains open so you can make additional changes or change the settings on one of the other pages. For example, you can specify a new VLAN on the Properties & Ports page as shown in Figure 7 , click Apply to commit those settings, then display the IP Forwarding settings and make changes on that page.
Close : Closes the dialog box, dismissing ant unapplied actions. Use to exit the dialog box when you are finished.
●
●
Reset : This typically restores the dialog box to the state it was in when it was opened, clearing any selections on the screen and resetting the data to the current information from the EPICenter database.
Help : Opens another browser window with online help about the function of the dialogue box.
●
●
●
Add , Delete, or other similar functions: Executes the function of the dialog, such as adding or deleting selected items. Like the Apply button, these usually perform the function but leave the dialog box open so you can perform additional operations.
OK : Closes the display in an informational or status display window. Does not take any action.
Refresh : Updates the displayed information in an informational or status display window.
Right-Click Pop-Up Menus
In many of the applets, you can select a device group, device, slot, or port in the Component Tree, then right-click to display a pop-up menu. The choices that appear on the menu depend on the applet, although there are several commands that always appear.
●
●
The Inventory Manager, Configuration Manager, Firmware Manager, Telnet, Real Time Statistics,
Topology, VLAN Manager, and Policy Manager (ACL Viewer) features provide right-click pop-up menus.
The Alarms Manager, Grouping Manager, MAC/IP Address Finder, ESRP Monitor, Admin feature, and Reports do not provide pop-up menus.
In some applets, the pop-up menus provide commands that perform the same functions as the applet function buttons at the top of the page, but with the appropriate device or device group pre-selected.
EPICenter Reference Guide
Right-Click Pop-Up Menus
When you select an individual device in the Component Tree, there are three commands that always appear in the pop-up menu:
Table 4: Right-Click Pop-Up Menu Basic Commands
Device
Macros
Properties
If EPICenter has been configured to launch an external application for the selected third-party device, a link to the launch point appears as a sub-menu item. If no external application is available, the sub-menu shows <none>. This command is available only from the right-click pop-up menu.
Same as the Device command from the Tools menu.
Provides a sub-menu of commands you can use to view the display from one of the other applets, in a separate window, for the selected device. This means, for example, that from the
Inventory Manager, you can view the Alarm Log for the selected device, without leaving the
Inventory Manager applet. The display appears in a separate window, and shows the same information as you would see if you ran the Alarms applet and then filtered for the device.
Same as the Technical Support command from the Tools menu.
Provides a command that allow the collection of information about the selected device to aid in troubleshooting problems in your network.
Same as the Macros command from the Tools menu.
Provides a sub-menu of user-defined Telnet macros that can be run on the selected component (device group, device, or port). If no macros are defined that you are allowed to run based on your role, the sub-menu shows <none>.
Same as the Properties command from the Display menu.
Displays in a separate window a summary of attributes for the selected device.
When you select a device group, the Macros and Properties commands are always present, but apply to the group of devices; the Device, External App, and Technical Support commands are not available.
Feature-specific commands may also be provided, depending on the EPICenter feature you are using.
When you select a slot, only the Properties command is available. When you select a port, the Macros and Properties commands are present.
The sections below define the standard commands that are present in the pop-up menu. Feature-specific commands are discussed in the appropriate chapter for the feature.
The External App Sub-Menu
This command provides a sub-menu that lets you launch device-specific applications that are external to
EPICenter. Links to external applications will be available only for specific devices that have been integrated into EPICenter in such a way as to provide this external linkage.
If the third-party device has a device-specific application, the menu will show Launch <device name>.
If no external application is available for the device, the link will show <none>.
This feature does not necessarily replace the Device Manager command found under the Device menu; the Device Manager command attempts to connect a browser to the selected device to run the device’s browser-based user interface, if one exists. However, for most third-party devices, the Device Manager command is not available.
The Device Sub-Menu
The Device command provides a sub-menu of commands that let you view the following information for the selected device:
EPICenter Reference Guide 39
40
Getting Started with EPICenter
Table 5: Commands in the Device Sub-Menu
Alarms
Statistics
Sync
Telnet
Viewer
VLANs
Device
Manager
The Alarms command opens the EPICenter Alarm Log Browser display (in a new window) to show the alarms for the selected device.
See
“The EPICenter Alarm System” on page 101
for details about the Alarm Log Browser.
The Statistics command runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device.
See
“Real-Time Statistics” on page 261
for details about the Real-Time Statistics feature.
The Sync command causes EPICenter to poll the switch and update all configuration and status information.
See
“Updating Device Information—The Sync Operation” on page 80 for details about this
command.
The Telnet command opens an EPICenter Telnet window that is connected to the selected device.
See
“Running a Telnet Session on an Individual Switch” on page 216
for details about this command.
The View command runs the EPICenter Inventory Manager feature and displays the device front-panel image and device information for the selected device.
See
“Viewing Device Status Information” on page 50
for details about this command.
The VLANs command runs the EPICenter VLAN Manager and displays the VLANs currently known to the EPICenter database.
See
“Using the VLAN Manager” on page 323 for details about this feature.
The Device Manager command runs the browser-based management interface provided by the selected device. In the case of Extreme switches running ExtremeWare, this runs the
ExtremeWare Vista switch management interface for the selected device.
Refer to the ExtremeWare Software User Guide for details about using ExtremeWare Vista on
Extreme devices.
For non-Extreme devices, this command is usually not available.
The Technical Support Sub-Menu
The Technical Support sub-menu provides commands to help with trouble shooting EPICenter and the devices it manages.
This menu currently contains one command: Upload Device Info. This command extracts the “show tech” output from Extreme Networks devices running ExtremeWare or ExtremeXOS, and packages it, along with the most recent uploaded configuration file, as a .zip file that can easily be emailed to
Extreme Networks’ technical support organization.
This command can be run only on a single device at one time (it cannot be selected when a device group is selected).
Select the Upload Device Info command to pop up the following dialog:
EPICenter Reference Guide
Figure 8: The Upload Device Info wizard
Right-Click Pop-Up Menus
●
●
●
To include the most recent uploaded configuration file, click to check the Include Last Uploaded
Configuration option.
To extract “show tech” detailed information, click to check the Include extended trouble shooting information option.
By default (when this option is not checked) EPICenter executes show tech commands as follows:
■
■
For devices running ExtremeWare 7.3 or later, the show tech-support brief command is executed.
For devices running ExtremeXOS, the show tech all command is executed.
■ For devices running versions of ExtremeWare prior to 7.3, the show tech-support command is executed, and the Include extended trouble shooting information option is not available.
When the Include extended trouble shooting information option is checked, EPICenter executes the following commands:
■
■
For devices running ExtremeWare 7.3 or later, the show tech-support all command is executed.
For devices running ExtremeXOS, the show tech all detail command is executed.
You can change the location where this file will be saved. By default, the file name will start with
“TACInfo” and will include the device IP address and timestamp: TACInfo_<IP
Address>_<Timestamp>.zip
Click Next to execute the command. A second screen displays a progress bar that indicates the progress of the command.
You can abort the command at any time by clicking the Cancel button.
When the command has finished, a final screen indicates the success or failure of the command execution.
The Macros Sub-Menu
The Macros command provides a sub-menu of the user-defined Telnet macros that are available to run on the selected device or on the devices in the selected device group, or on selected ports. If no macros are defined in the current context, the menu contains only the item <none>.
EPICenter Reference Guide 41
42
Getting Started with EPICenter
When user-defined Telnet macros are created, they are enabled for a set of user roles; if you are logged in as a user with a role that does not allow a particular macro, that macro does not appear in your
Macros sub-menu.
See
“Creating Macros for Context-Based Replay” on page 210
for information about user-defined Telnet macros.
The Properties Command
The Properties command displays the attributes for a device group or for an individual device.
● If the top-level Device Groups item is selected, the Properties command displays summary information on all the Device Groups defined in EPICenter.
●
●
If a Device Group is selected, the Properties command displays information about the selected
Device Group.
If an individual device is selected, the Properties command displays information about the selected device.
See
“The Properties Display” on page 85 in
for details on the information provided by this feature.
Printing from EPICenter
Printing is not supported in most of the EPICenter applets. The exception is the Topology applet, which provides a print function, and the HTML-based Reports described in
“EPICenter Reports” on page 373
.
You can print the HTML reports using the browser print button. However, you should click in the panel where the report is displayed to ensure that only that panel is printed. If you print without doing this, the Navigation Toolbar may not be refreshed, and you will need to refresh the client manually.
Help on Help
● The online help system displays context-sensitive Help presented in a separate browser window. The content of these pages are different depending on the area of the EPICenter client you are viewing when you click the Help button. Once inside the Help system you can move around to view different topics using a variety of navigation tools:
■
■
■
■
Next/previous page buttons and are found at the top left of the content window.
These move you forward and backward in the document.
Links to other topics or pages within the Help system contents are shown in blue, and the cursor changes to the standard pointing hand when the cursor moves over the link.
Related Topics links: these can be accessed from a Related Topics menu you can display using the
Related Topics button .
There is also a link at the bottom of the page that displays the Related Topics menu.
A Table of Contents and Index can be accessed through the Navigation panel at the left of the page.
EPICenter Reference Guide
Help on Help
●
●
■
If the Navigation panel is not displayed when the page first appears you can open it by clicking the Show Table of Contents button at the top left .
You can locate the section you are viewing within the Table of Contents by clicking the Show in
Contents button . This expands the Table of Contents in the navigation panel at the left of the page to display the headings that surround the page you are viewing.
You can print the page you are viewing by clicking the print button, found at the top right .
From the Help window, you can display the full EPICenter Reference Guide as an Acrobat PDF file by clicking the PDF button .
This requires a version of Adobe’s Acrobat Reader software, which is available free of charge from
Adobe Systems at http://www.adobe.com
.
EPICenter Reference Guide 43
Getting Started with EPICenter
44 EPICenter Reference Guide
3
The Inventory Manager
This chapter describes how to use the EPICenter Inventory Manager feature for:
● Viewing the EPICenter device inventory
●
●
Discovering network devices
Adding network devices to the EPICenter database
●
●
●
●
Modifying device contact parameters
Deleting a device from the EPICenter database
Creating and Modifying Device Groups
Updating device information in the database
●
●
●
Creating default access parameters for network devices
Finding specific network devices in the database
Displaying device and device group properties
Overview of the EPICenter Device Inventory
The Inventory Manager feature keeps a database of all the network devices managed by EPICenter.
EPICenter can discover any devices running MIB-2 compatible agents. It can manage Extreme Networks switches, and can provide information about third-party devices with compatible agents.
The EPICenter software also provides an automatic discovery function. This feature can discover
Extreme and MIB-2 compatible devices by specific IP address or within a range of IP addresses.
You can also add network devices to the EPICenter database manually, using the Inventory Manager
Add function. Once a network device is known to the EPICenter database, you can assign it to one or more device groups, and configure it using the Inventory Manager, VLAN Manager, Configuration
Manager, Firmware Manager, Interactive Telnet or Telnet macros, or through the optional Policy
Manager. You can receive alarms about faults on the device, and you can view a hierarchical topology layout of the devices known to the Inventory Manager.
Any EPICenter user with read-only access to this feature can view status information about the network devices currently known to EPICenter. Users with Administrator or Manager roles, or other roles with write access to this feature, can run Discovery, and add devices to or delete devices from the list of managed devices in the database. These users can also explicitly refresh the information in the database related to the devices that the EPICenter is managing.
Device Groups
Devices in the EPICenter are organized into one or more device groups. A device group is a set of network devices that have something in common, and that can be managed as a group. For example, devices might be grouped by physical location (Building 1, Building 2, first floor, second floor) or by functional grouping (engineering, marketing, finance) or by any other criteria that make sense within the managed network environment.
EPICenter Reference Guide 45
46
The Inventory Manager
An individual device can belong to multiple device groups. For example, a device could simultaneously be a member of Building 1, Marketing, and Edge Switches. Using device groups, you can monitor and maintain devices by group membership, instead of individually. All devices become members of a device group when they are added to the EPICenter database, either through Add Devices or as a part of the Discovery process. By default, devices are added to the device group “Default,” if you do not specify otherwise. A device may then be copied or moved to another device group, as appropriate.
Inventory Manager Functions
There are multiple ways to invoke the functions provided by the Inventory Manager:
● Using the menus at the top of the main applet frame—specifically the Inventory menu
●
●
Using the function buttons shown directly below the EPICenter menus
Using commands from a pop-up menu that appears when you right-click on a device or device group entry in the Component Tree
For simplicity, most of the instructions in this chapter only specify a one method of invoking a function
(usually the function button).
Inventory Manager Function Buttons
The buttons at the top of the main Inventory Manager applet provide the following functions:
Table 6: Inventory Manager Function Buttons
Finds network devices by IP address or range of addresses. See “Discovering Network
Adds individual devices and device groups to the database. See “Adding Devices and
Removes a device or device group from the database. See
Groups from the Database” on page 79 .
Changes the members of a device group, or update a device’s contact parameters in the database. See
“Modifying Devices and Device Groups” on page 73 .
Updates the EPICenter database with current device configuration and status information.
See
“Updating Device Information—The Sync Operation” on page 80
.
Creates default access parameters for network devices. See
.
These functions may also be accessed through the Inventory menu, and the Delete, Modify, and Sync functions may be accessed from the pop-up menu accessed by right-clicking a component in the
Component Tree.
The Inventory Menu
EPICenter provides a set of menus at the top of the main applet frame. Most of these are standard across all the EPICenter applets, and are described in
“EPICenter Menus” on page 32 . However, the
Inventory Manager provides an additional menu, Inventory, that contains commands unique to the
Inventory Manager. The Inventory menu contains the following items:
EPICenter Reference Guide
Inventory Manager Functions
Table 7: The Inventory Menu
Menu Item
Discover
Add
Delete
Modify
Sync
Device
FDB
Defaults
Take Offline/
Bring Online
Enable FDB Polling/
Disable FDB Polling
Description
Discover network devices by IP address. This performs the same function as the
Discover button. See “Discovering Network Devices” on page 61
.
Add devices or device groups to the EPICenter Inventory database. This performs
the same function as the Add button. See “Adding Devices and Device Groups” on page 68 .
Remove devices or device groups from the EPICenter Inventory database. This
performs the same function as the Delete button. See “Deleting Devices and Device
Groups from the Database” on page 79
.
Make changes to a device configuration or change the membership of a device group. This performs the same function as the Modify button. See
Devices and Device Groups” on page 73
.
Update configuration and status information.
Update configuration and status information for one of more devices, except for contact information. This performs the same function as the Sync button. See
“Updating Device Information—The Sync Operation” on page 80
Update the MAC address database for the device. This command is available only when a device is selected in the Component Tree. This performs the same function as the Sync>FDB command in the pop-up menu for a selected device.
Set defaults for login and SNMP access for devices added to the EPICenter
Inventory database. This performs the same function as the Default button. See
“Configuring Default Access Parameters” on page 82
Set a selected device to an offline state, or return a device to an online state. This command is available only when a device is selected in the Component Tree. These perform the same functions as the Take Offline and Bring Online commands in the pop-up menu for a selected device.
Enables or disables FDB Polling for the selected device. Only available if the device supports FDB polling. MAC Polling must be enabled through the MAC Polling Server
Properties in the Admin applet.
Pop-Up Menus
You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains commands relevant to the selected device or device group.
See
“Right-Click Pop-Up Menus” on page 38
for basic information about using pop-up menus.
The contents of a pop-up menu depends on the type of item you have selected in the Component Tree.
●
●
●
If you select the top-level Device Groups item, the pop-up menu provides the following commands:
Delete, Modify, Sync, and Properties.
If you select a specific device group, the pop-up menu provides the commands: Delete, Modify,
Sync, Macros, and Properties
If you select a device, all the commands shown in Table 8 are available.
Table 8: Pop-Up Menu Commands
Delete
Modify
Same as the Delete button or the Delete command from the Inventory menu. See
“Deleting Devices and Device Groups from the Database” on page 79
.
Same as the Modify button or the Modify command from the Inventory menu. See
“Modifying Devices and Device Groups” on page 73
.
EPICenter Reference Guide 47
48
The Inventory Manager
Table 8: Pop-Up Menu Commands (continued)
Sync >
Device
FDB
Take Offline/
Bring Online
Disable FDB Polling/
Enable FDB Polling
Disable Alarm
Propagation/
Enable Alarm
Propagation
External App
Device >
Technical Support
Macros >
Properties
Same as the Sync button or the Sync command from the Inventory menu.
Update the information in the EPICenter database for the selected device or devices. If selected from the pop-up menu for an individual device, syncs the information for that device. If selected when a device group is selected, opens the Synchronize device
window, allowing selection of one or more devices to synchronize. See “Updating Device
Information—The Sync Operation” on page 80 .
Updates the FDB information in EPICenter to match the FDB in a selected device. Not available when a Device Group component is selected.
Set a selected device to an offline state, or return a device to an online state. This command is available only when a device is selected in the Component Tree. These perform the same functions as the Take Offline and Bring Online commands in the
Inventory menu for a selected device.
Enables or disables FDB Polling for the selected device. Only available if the device supports FDB polling. MAC Polling must be enabled through the MAC Polling Server
Properties in the Admin applet.
Enables or disables Alarm Propagation for the selected device or device group. If disabled, this device will not be included when determining the alarm status at the device group level. See
“Alarm Propagation to the Device Group” on page 50 for details.
When a device has Alarm Propagation disabled, the alarm status for the device is still be displayed as appropriate, but the alarm icon appears with an “X” through it.
Launch a device-specific application for the selected device, if the device has been so configured in EPICenter. See
“The External App Sub-Menu” on page 39
for more information.
Same as the Device command from the Tools menu. Provides a submenu of commands:
Alarms, Statistics, Sync, Telnet, Viewer, VLANs, Device Manager. See “The Device Sub-
for a description of each command.
Same as the Technical Support command from the Tools menu.
See
“The Technical Support Sub-Menu” on page 40
for more information.
Same as the Macros command from the Tools menu. See “The Macros Sub-Menu” on page 41
for more information.
Same as the Properties command from the Display menu. See
“The Properties Display” on page 85 for details about what this command shows.
Displaying the Network Device Inventory
When you click the Inventory button in the Navigation Toolbar, the main Inventory Manager page appears as shown in Figure 9 .
EPICenter Reference Guide
Figure 9: The Inventory Manager feature, main page
Displaying the Network Device Inventory
NOTE
You must add network devices to the database using Discovery or the Add Devices function in order to make them
“known” to EPICenter. Until this is done, no devices are displayed in the Inventory Manager.
The Device Groups currently defined in the EPICenter database are displayed in the Component Tree in the left panel. The panel on the right shows the All Device Groups page, a list of the currently defined device groups with their descriptions. The first time you run EPICenter, there is only one device group,
Default . You cannot delete or change the name of the Default device group.
Click on the plus sign to the left of a Device Group name to display the list of switches that are members of that group.
● A red circle with a white “S” next to a device indicates that the device is not reachable through
SNMP. The device name is also shown in red to indicate that it is not operational.
●
●
A device name shown in grey indicates the device has been placed offline for maintenance.
EPICenter does not attempt to communicate with a device in the offline state, nor does it accept traps or syslog messages for the device.
If unacknowledged alarms exist for the device, the alarm status is indicated by a small colored alarm bell to the left of the device name. You can investigate these through the Alarm Manager applet.
EPICenter Reference Guide 49
50
The Inventory Manager
Alarm Propagation to the Device Group. If alarm propagation is enabled, the highest severity unacknowledged alarm status among the devices in the Device Group is indicated by a small alarm bell to the left of the Device Group name in the Component Tree. When a Device Group has been contracted so that its list of devices is hidden, the Device Group alarm icon indicates whether alarms have occurred on any of the devices within the group, and how serious those alarms are.
Alarm propagation can be enabled or disable per device, through the Right-Click Pop-Up menu.
● Disabling alarm propagation for a device means that device’s alarm status will not be factored into the alarm status for the Device Group. This lets you base alarm propagation at the device group level on a subset of critical devices while ignoring less critical devices.
Devices with alarm propagation disabled show an “X” through the alarm icon. However, the color of the alarm icon still indicates the correct alarm status for the alarm.
● You can also disable alarm propagation for the Device Group, which results in an “X” over the alarm icon. However, there is no higher level for alarm status propagation, so this has no real meaning.
The color of the alarm icon will still reflect the worst alarm status of those devices within the Device
Group that have alarm propagation enabled.
Viewing Device Status Information
When you select a device group in the Component Tree, the panel on the right displays a summary status of the devices in the selected device group (see Figure 10 ).
EPICenter Reference Guide
Figure 10: Inventory Manager device group summary status
Viewing Device Status Information
● The status “lights” show the status of each device as detected by EPICenter.
Table 9: Inventory Manager Device Status Indicators
Status Light
Green
Yellow
Gray
Red
Device Status
Device is up and OK.
Device is responding, but reports an error condition such as a fan or power supply failure, or excessive temperature.
Device is offline. EPICenter will not communicate with the device. You can create references to the device for alarms, policy, groups, device groups, RMON thresholds, and so on. The network state of the device, including port status, ESRP, configured VLANs, and STP is preserved when the device returns to online status.
Device is not responding to EPICenter status queries. This may mean that the device is down, that it is unreachable on the network, or that the SNMP parameters have changed and
EPICenter can no longer contact the switch.
The remaining columns show the following information:
(Type Icon)
Name
IP Address
Device icon indicating the type of device as detected by EPICenter.
The name of the device.
The IP address of the device.
EPICenter Reference Guide 51
The Inventory Manager
S/w Version
SNMP
Device Login
Use SSH
The firmware version running on the device.
The SNMP version (version 1 or version 3) used on the device.
The device login name.
The setting for SSH2. Enabled or Disabled.
FDB Polling The setting for FDB Polling. Enabled or Disabled.
Device Manager Protocol The protocol used to communicate with the device (HTTP or HTTPS).
If the switch was added using the Add command, the Inventory Manager shows the values entered into the EPICenter database manually.
Detailed Device Status
Select a device in the Component Tree on the left to display detailed configuration and status information, as shown in Figure 11 . This display shows additional information that EPICenter has gathered from the switch agent.
Figure 11: Device Detail Display, chassis view
52
This view shows an active graphical display of the switch front panel, as well as a panel of status information. For some devices, a back panel view may also be provided.
EPICenter Reference Guide
Viewing Device Status Information
For chassis devices, the graphical display and the status information are displayed side-by-side rather than in upper and lower panels.
If FDB Polling is enabled, a table at the bottom of the page (shown in Figure 12 ) displays the polling status of every port—whether the port is being actively polled as an edge port, or is inactive and not polled. It also shows the port name (display string) if one has been applied.
Figure 12: Device Detail Display, ports status
The Additional Info field. You can add additional information about the selected device by typing into the Additional Info field (see Figure 13 ). You can enter up to 255 characters of information into this free-form text field. The information is stored in the EPICenter database (not on the device itself).
As soon as you type into this field, the Save button (at the top left of the information display panel) is enabled. To store the information you’ve entered, click Save. If you leave this device display without saving, EPICenter prompts you to either save or cancel.
EPICenter Reference Guide 53
The Inventory Manager
Figure 13: Device Detail Display, including additional information
Additional device information
54
Detailed Slot, Port, or Power Supply Status
●
●
You can view the status of individual modules (slots), ports, and power supplies (where shown), as shown in Figure 14 , in two ways:
Select the slot, port, or power supply by clicking the cursor on the item in the switch image.
Display the list of slots or ports in the Component Tree, and select the element about which you want status information. In the Component Tree, the type and status of a port is indicated by its shape and color: red if the port is disabled, green if it is enabled and active, neutral (black/white/ gray) if it is enabled and ready, but inactive.
NOTE
The Component Tree does not display the empty slots in a device.
EPICenter Reference Guide
Figure 14: Device Detail Display, port status
Viewing Device Status Information
Selected port
Port name
Additional port information
The lower panel displays status information about the selected slot and port.
In the case of a wireless port, as shown in Figure 14 , the display includes Power over Ethernet (PoE) information. This is present only for devices that support this feature.
There are a few Extreme devices, such as the Summit24e2T, Summit24e2X, and Summit Px1 switches, on which the ports are not selectable. In these cases, the ifIndex entries for the device are displayed in the
Device Information panel.
The Additional Info field. For slots and ports, you can enter additional information into a free-form
Additional Info text field that is stored in the EPICenter database. This information is not stored in the device. You can enter up to 255 characters of information in this field.
As soon as you type in this field, the Save button (at the top left of the information display panel) is enabled. To store the information you’ve entered, click Save.
Adding a Port Name. When you select a port, you can add a port name (up to 15 characters). This name
IS stored on the device—it is the same as the display string you can enter through the CLI.
EPICenter Reference Guide 55
The Inventory Manager
If a port name has been added (either through EPICenter or via the CLI) it can appear along with the port number in several places within EPICenter, though it is not displayed by default.
To enable the display of the port name along with the port number, you must set the Port Tree UI
property through the Admin applet, Server Properties. See “Other Properties” on page 369 for more
information.
Stacking Device Support
Stacking devices running ExtremeWare 7.4 or later are displayed as a unit in the Inventory Manager.
The detail display is split into side-by-side display, as shown in Figure 15 . Individual stack members are shown in a manner similar to the way modules in a chassis device are displayed, and are referred to as slots in some of the information displays.
Figure 15: Device Details display for a stacking device
56
The graphical display for a stacking device is presented in three tabs: the front and back panel views are presented in separate displays. If FDB polling is enabled, the Edge Port FDB tab is also available.
For both the front and back panel displays, you can select the entire stack, an individual device in the stack, or an individual port.
For a stacking device, the information panel is also presented with multiple tabs.
EPICenter Reference Guide
Viewing Device Status Information
When the entire unit is selected, the tabs shown are as follows:
Device
Power & Fan
Stacking Port Link
This shows basic information about the stacking device. The information is similar to the information shown for other Extreme Networks devices, but for the entire stacking device.
This tab shows power supply and fan status for every slot (stack member) in the stack.
This tab shows information about all the stacking port links for all the slots (stack member in the stack. These are the links that provide interconnectivity among the stack members.
When a single slot is selected, the information panel includes two tabs:
Device
Stacking Port Link
This shows basic information about the selected stack member. The information is similar to the information shown for other Extreme Networks devices, but the display also includes some information about the stack as a unit.
This tab shows information about the stacking port links for this stack member. These are the links that provide interconnectivity to other members of the stack.
When and individual port is selected, the information display is similar to that for ports on other
Extreme Networks devices.
Edge Port FDB Status
In addition to the standard device details you can also view information about a device’s Forwarding
Database (FDB) if FDB polling is enabled within EPICenter. This information is shown under the Edge
Port FDB tab. In general this information mirrors the information presented in the output of an
ExtremeWare show fdb CLI command.
Operational FDB Entries
Select Operational to view the Operational FDB entries. You can also view the Operational FDB entries for a slot or a port on a device for which FDB polling is enabled by selecting the slot or port in the
Component Tree.
EPICenter Reference Guide 57
The Inventory Manager
Figure 16: Edge Port FDB display, Operational FDB entries
58
The top part of the display shows the following information for the entries in the FDB.
Port
MAC Address
IP Address(es)
Dynamic
Static
Permanent
Forwarding Type
Discovered
The port where the MAC address was discovered
The MAC address that defines the entry
IP addresses detected for the MAC address
Shows a green check if the entry is dynamic; shows a red X if it is not.
Shows a green check if there is a static entry for the MAC in the permanent FDB; shows a red X if there is not.
Shows a green check if the entry is permanent; shows a red X if it is not.
The forwarding type: MAC, IP, IPX, MAC/IP, MAC/IPX, or unknown
The date and time at which the MAC address was learned by EPICenter
Select an entry in the table to display further information about the FDB entry at the bottom of the window:
Port
MAC Address
Locked Down
The port on which the MAC address was learned
The MAC address that defines the entry
Whether the MAC is locked to this port due to a learning limit (Yes/No)
EPICenter Reference Guide
Secure
Blackhole Type
Mirrored
Questionable
Remapped
Translated
Viewing Device Status Information
Whether the MAC is locked to this port due to a permanent secure entry (Yes/No)
Blackhole type (None, Ingress, Egress, both)
Whether the MAC is mirrored (Yes/No)
Whether the MAC is questionable (Yes/No)
Whether the MAC has been remapped (Yes/No)
Whether the MAC has been translated (Yes/No)
Permanent FDB Entries
Select Permanent to view the Permanent FDB entries on the device.
Figure 17: Edge Port FDB display, Permanent FDB entries
The display shows the following information for the entries in the Permanent FDB.
MAC Address
Port List
Dynamic
Static
Permanent
Locked Down
The MAC address that defines the entry
Ports to which the permanent FDB entry applies
Shows a green check if the entry is dynamic; shows a red X if it is not.
Shows a green check if the entry is static; shows a red X if it is not.
Shows a green check if the entry is permanent; shows a red X if it is not.
Shows a green check if the entry is locked down; shows a red X if it is not.
EPICenter Reference Guide 59
60
The Inventory Manager
Mirrored
Secure
Blackhole Type
Discovered
Shows a green check if the entry is mirrored; shows a red X if it is not.
Shows a green check if the entry is secure; shows a red X if it is not.
Blackhole type (None, Ingress, Egress, Both)
The date and time at which the MAC address was learned
Disabling FDB Polling for a Port
For a device that has FDB Polling enabled, you can disable FDB polling for individual ports. You might want to do this for ports that are really trunk ports rather than edge ports. (EPICenter considers a port a trunk port only if it runs EDP or LLDP). To disable FDB Polling for individual ports,:
1 Select the Edge Port FDB tab and click the Operational radio button to display the Operational FDB.
2 Select one or more port rows for which you want to disable FDB polling. Selecting a row enables the
Disable FDB Polling button. The button appears at the bottom of the display (see Figure 16 ).
3 Click Disable FDB Polling.
To re-enable FDB polling on a port for which you have disabled polling, do the following:
1 In the Component Tree, expand the device node (and slot node if necessary) to display the list of port nodes, and select the node you want to re-enable.
2 Select the Edge Port FDB tab. This will display the (empty) Operational FDB display for the port.
3 Click the button at the bottom of the display that is now labeled Enable FDB Polling.
If the port already has FDB polling enabled, the button at the bottom of the page will instead be labeled
Disable FDB Polling.
Third-Party Device Status
If the device you select is a third-party device, and EPICenter does not have an image for the specific model, it displays a generic device image (a vendor-specific image if possible, but without modelspecific details). If there is no configuration file for the device, and it is being managed by the
EPICenter, the ifIndex entries for the entire device are displayed in a table in the Device Information panel. Figure 18 shows a third-party device with an unknown configuration.
EPICenter Reference Guide
Figure 18: A third-party device with unknown configuration
Discovering Network Devices
The port type is ethernet-csmacd(6) by default. However, some devices may support other port types.
For example, some 3Com devices support a layer 3 module which is of type other(1).
As Extreme Networks continues to develop additional device images, they will be made available on
Extreme Networks’ support web site under the Patches section at: www.extremenetworks.com/services/software/EPICenter.asp
You can also contact your Extreme Networks sales representative or reseller if you would like help from
Extreme’s Professional Services organization for creating images or configuration files for specific devices.
Discovering Network Devices
EPICenter provides an automatic Discovery function that lets you discover network devices by IP address.
EPICenter Reference Guide 61
The Inventory Manager
1 Click the Discover button at the top of the Inventory Manager main window to display the Discover
Devices window, as shown in Figure 19 .
Figure 19: Inventory Manager Discover Devices set up window
62
2 Enter your settings (Vendor Filters selection, IP address range, subnet mask, etc.) in the top portion of the window.
The fields and buttons in this window are defined as follows:
Extreme only
All MIB-2 devices
IP Address with Wild Cards
IP Address Range
IP Address/Net Mask(CIDR)
Select this button to discover Extreme devices only.
Select this button to discover all MIB-2 compatible devices.
Specify the device address range using wild cards, such as 10.203.10.* or
10.203.?.??
Valid wildcard characters are *, ?, and - (dash):
*
acts as a wildcard for the entire octet (0-255).
? is a wildcard for a single digit (0-9).
- lets you specify a range for any octet. You can use this in more than one octet. Note that you cannot combine the dash with another wildcard in the same octet.
You can also use the IP Address with Wild Cards field to specify a single IP address.
Specify the device address range, such as 10.203.10.20 to 10.203.10.45.
Specify the device address range, in Classless InterDomain Routing (CIDR) format. The value in the Subnet Mask field is the number of bits to be masked, starting from the high-order (left-hand) octet.
EPICenter Reference Guide
Discovering Network Devices
SNMP Read Community
Enable SNMP V3 Discovery
SNMP Timeout
Specify (or verify) the SNMP Read Community string so that EPICenter can retrieve information from any SNMP version 1 devices it discovers.
Select Enable SNMP V3 Discovery if devices on your network use SNMP version 3.
Specify the length of time to wait for an SNMP request to complete when attempting to contact the devices within the discovery range. Value can be between 100 and 300000 milliseconds, with 100 being the default. This setting affects only the current discovery criteria entry; you can set this value independently for each criteria setting in the Discovery Criteria list.
Note that there are certain IP addresses that are reserved. You should not include these addresses in your discovery.
●
●
Class A networks: 0 and 127 are reserved.
Class D networks: 224 - 239 are reserved for multicasting.
●
●
All addresses above 239 are reserved.
255 is reserved for broadcast datagrams for either the host or network portion of the IP address.
In addition, certain host addresses may be interpreted as broadcast addresses, depending on the subnetting of your network.
IP addresses are processed prior to starting the discovery, and IP addresses that contain 255’s in the host portion are eliminated. This is based on the IP address as well as the subnet mask.
The following examples show how the various wild-card specifications can be used to specify various IP address ranges:
IP Address Specification
10.203.0.*
Addresses Generated polls 10.203.0.0 through 10.203.0.255
10.203.?.??
polls 10.203.0.0 through 10.203.9.99
10.203.0.1? or 10.203.0.10-19 both specify the same range: 10.203.0.10 through 10.203.0.19
10.203.0-2.10-30 polls
10.203.0.10 through 10.203.0.30
10.203.1.10 through 10.203.1.30
10.203.2.10 through 10.203.2.30
3 Click the New button to add the range into the Device Discovery Criteria list.
4 Repeat steps 3 through 6 to specify any additional device addresses or ranges for the discovery.
5 When you have finished entering your discovery criteria, click the Discover button at the bottom of the window to initiate the discovery.
The buttons in the middle and at the bottom of the page have the following functions:
New
Remove
Reset
Close
Discover
Adds the current Device Discovery Options specified in the top part of the dialogue box to the
Device Criteria List
Removes a selected row from the Device Discovery Criteria List.
Clears the Device Discovery Criteria List.
Closes the Discover Devices Dialogue box.
Initiates the discovery based on the specifications in the Device Discovery Criteria List.
EPICenter Reference Guide 63
The Inventory Manager
NOTE
If a discovery request is too large, your browser may not have sufficient memory resources available to handle it. It is recommended that you break a large discovery task into multiple separate tasks.
Discovery Results
A Discovery Results window is displayed as soon as the discovery process begins, as shown in
Figure 20 . The panel at the bottom of the window shows the progress of the discovery and displays status messages for each device it finds as it works through the set of IP addresses you have specified.
Figure 20: Results of a discovery, with details visible
64
When the discovery has completed, the set of discovered devices is listed in the top panel of the
Discovery Results window.
NOTE
These devices are NOT automatically entered into the EPICenter database. You must explicitly select and add devices to the database.
To add devices to the EPICenter database:
1 Select individual devices or a range of devices in the Results list.
2 Click the Add button at the bottom of the device list to add these devices to the EPICenter Inventory database.
EPICenter Reference Guide
Discovering Network Devices
The buttons below the list of devices have the following functions:
Add
Close
Hide Details
View Details
Reset
Attempts to add selected devices to the EPICenter Inventory database.
Closes the Discovery Results window. If you close the Discovery Results window without adding devices, the results for devices not already in the EPICenter database are lost.
Hides the Discovery status details that are displayed during the Discovery process.
Re-displays the Discovery status details (appears only after Discovery details have been hidden)
Clears your selections from the discovered devices list.
NOTE
If you select multiple devices, make sure the devices you select have identical contact information. As part of the
Add process, you will be asked for a single password that applies to all the selected devices. If the password is specified incorrectly for any of these devices, the add will fail for those devices.
When you click Add, a window appears where you must set additional device options such as a write community string, the device group to which the devices should be added, a default device login, password, and if SSH is used (see Figure 21 ).
NOTE
Make sure the device passwords are correct for the selected devices. If you are adding multiple devices in one operation, make sure the passwords you specify are correct for each device. A device cannot be added if the password is not correct.
Figure 21: Setting default device options for discovered devices
3 Enter or make changes to any of the Basic fields. These options apply to the entire set of devices you are adding.
Device Login The default Device Login EPICenter should use to access the discovered switches.
Device Contact Password The default Device Contact Password EPICenter should use to access the discovered switches.
EPICenter Reference Guide 65
The Inventory Manager
SSH
Device Group
Select SSH Enabled in the Use SSH field if EPICenter should use SSH2 by default for secure Telnet sessions. SSH2 must be configured on the discovered devices in order for an SSH2 session to be established between EPICenter and a device.
The Device Group to which these device should belong. “Default” is the default group for managed devices.
Device Manager Protocol The protocol used to communicate with this device when using the device-based element manager (ExtremeWare Vista): HTTP or HTTPS. SSH must be enabled on the device.
Additional Info: Any information you want to be included, by default, for all the devices added to the
EPICenter inventory in this operation. Maximum of 255 characters.
4 Click the SNMP tab to configure SNMP settings (see Figure 22 ), and enter or make changes to any of these fields. These options apply to the entire set of devices you are adding.
Figure 22: Setting SNMP default device options for SNMP V3 discovered devices
66
The options that appear in this dialog depend on whether you have discovered devices that use
SNMP V3.
SNMP Write Community
String
Specify (or verify) the SNMP Write Community string so that EPICenter can retrieve information from any SNMP version 1 devices it discovers. The default (for Extreme
Networks devices) is private
The following options appear only if you have discovered SNMP v3 devices.
SNMP V3 User Name Specify the principal name used for SNMP V3 authentication and security. The default is initialmd5.
SNMP V3 Privacy Protocol Specify the SNMP V3 privacy protocol. Select either No Privacy or CBC DES
Privacy. The default is No Privacy.
SNMP V3 Privacy Password If the devices use CBC DES Privacy, enter the privacy password. The default is and empty password (no password).
SNMP V3 Authentication
Protocol
Specify the SNMP V3 authentication protocol. Select No Authentication, MD5
Authentication, or SHA Authentication. The default is MD5 Authentication.
SNMP V3 Authentication
Password
If the devices use SNMP V3 Authentication, enter the authentication password. The default password is initialmd5.
5 Click OK when you have made the necessary changes.
A message window (shown in Figure 23 ) appears to show you the progress of the Add command.
EPICenter Reference Guide
Figure 23: Message window showing Add Device progress
Discovering Network Devices
The symbols that may appear in this window are the following:
Purple rotating clock icon
Green check in the checkbox
Red X in the checkbox
Plus and minus signs
Up and down arrows
Errors only box
Collapse All button
The add function is in progress.
The device has been successfully added.
The device cannot be added; the device name is displayed in red.
Click the plus sign at the left of the device name to display server messages related to adding the device.
Click the minus sign at the left of the device to hide the server messages.
Move up and down the device tree, displaying the server messages associated with each device.
If checked, the up and down arrow buttons expand only devices that had errors.
Collapses all the device nodes, hiding all the server messages.
The indicators just below the tree area of the window show the number of devices currently in each state.
EPICenter Reference Guide 67
The Inventory Manager
To see the messages related to an Add function (either successful or unsuccessful), select a device in the list. The messages related to the device are displayed as lines under the device node, as shown in
Figure 24 .
Figure 24: Message window showing errors from the Add Device process
68
CAUTION
If you close the Discovery Results window without adding devices, the results for devices not already in the
EPICenter database are lost. You must perform a discovery again to regenerate information on those devices.
After the Add has finished, the Discovery Results window is re-displayed. You can select more devices, specify a different set of Inventory Device Options, and add those devices to the Inventory Manager.
Adding Devices and Device Groups
You must have Administrator or Manager access to add devices to the EPICenter database, and create
Device Groups. If you have Monitor access only, you may not use this function.
Adding a Device
1 Click the Add button at the top of the Inventory Manager main window.
2 Select the appropriate tab to display the Basic information in the Add Device window, as shown in
Figure 25 .
EPICenter Reference Guide
Figure 25: Add Device window in the Inventory Manager
Adding Devices and Device Groups
The fields under the Basic tab are as follows:
Device IP Address The Device IP Address that EPICenter uses to access the switch.
You may also enter a DNS-resolvable host name in place of the Switch IP address.
The Device Login that EPICenter should use to access the switch. Device Login
SSH
Device Contact Password
If EPICenter is going to use SSH2 for secure Telnet sessions, select SSH
Enabled. SSH2 must be configured on the device in order for an SSH2 session to be established between EPICenter and the device.
If SSH is not available (SSH enabling key not installed) this field is not selectable.
Device Manager Protocol The protocol used to communicate with this device when using the device-based element manager (ExtremeWare Vista): HTTP or HTTPS. SSH must be enabled on the device.
Device Poll Interval (minutes) The Device Poll Interval that controls how frequently EPICenter polls the device for detail status information. (Basic device status information is polled more frequently, and that interval is set as a server property in the Administration applet.)
The default setting for the device poll interval is 30 minutes for an Extreme modular chassis and 90 minutes for an Extreme stackable chassis.
The Device Contact Password that EPICenter should use to access the switch.
EPICenter Reference Guide 69
The Inventory Manager
Device Group
Additional Info
The Device Group to which this device should belong. Default is the default group for managed devices.
Any additional information you want to be included with this device. Maximum of 255 characters.
NOTE
To configure SSH2 on a device, the device must be running a version of the ExtremeWare software that supports
SSH2. For more information on configuring a device to use SSH2, see the ExtremeWare Software Users Guide.
3 To configure SNMP information for the device, click the SNMP tab, as shown in Figure 26 , and enter or change the information as necessary.
Figure 26: SNMP tab for Add Device window
70
The fields under this tab are as follows:
SNMP Version Select the SNMP version from the SNMP Version pull-down menu.
SNMP Read Community String If the device is using SNMP version 1, enter the SNMP Read Community string for the device. The default (for Extreme Networks devices) is public.
SNMP Write Community String If the device is using SNMP version 1, enter the SNMP Write Community string for the device. The default is private.
SNMP V3 User Name
SNMP V3 Privacy Protocol
If the device is using SNMP version 3, enter the principal name used for SNMP
V3 authentication and security. The default is initialmd5.
If the device is using SNMP version 3, select SNMP V3 Privacy Protocol. Select either No Privacy or CBC DES Privacy. The default is No Privacy.
EPICenter Reference Guide
Adding Devices and Device Groups
SNMP V3 Privacy Password
SNMP V3 Authentication
Protocol
SNMP V3 Authentication
Password
If the device is using SNMP version 3, select SNMP V3 Privacy Password. If the device is using CBC DES Privacy, enter the privacy password. The default is no password (an empty string).
The SNMP V3 authentication protocol. Select No Authentication, MD5
Authentication, or SHA Authentication. The default is MD5 Authentication.
If the device is using SNMP V3 Authentication, enter the authentication password. The default password is initialmd5.
4 To place the new device in the list of devices to be added to the EPICenter Inventory database, click the New button at the center of the page. The device specifications are added to the list.
To remove a device specification from the list, select the entry for the device and click the Remove button.
5 Click Add to initiate the Add process.
A message window appears showing the progress of the add request. The Inventory Manager makes a set of SNMP requests to retrieve data from the device that is needed by various EPICenter applets.
If the device is an Extreme switch, it also creates a set of SmartTraps rules that tell the switch what status and configuration changes are of interest to EPICenter.
If the device cannot be added, the window shows an error status. When the add request is complete, click OK to continue.
Creating a Device Group
Device groups are sets of managed network devices that have something in common, and that can be managed as a group. For example, devices might be grouped by physical location (Building 1, Building
2, first floor, second floor), or by management characteristics (devices that use a specific SNMP community string, for example).
All devices automatically become members of a device group when they are added to the EPICenter database, either through Add Devices or as a part of the Discovery process. A device may then be copied or moved to another device group as appropriate.
To create a new device group, follow these steps:
1 Click the Add button at the top of the Inventory Manager main window.
Select the appropriate tab to display the Device Groups window, as shown in Figure 27 .
EPICenter Reference Guide 71
The Inventory Manager
Figure 27: Add Device Group window in the Inventory Manager
72
The fields, lists, and buttons on the page are:
Device Group Name
Device Group Description
Available Devices List
Included Devices List
Type a name for the device group into the Device Group Name field.
Type a description (optional) into the Device Group Description field.
To move a device to the selected device group, select one or more devices in the
Available Devices list and click Move ->. The Move button removes the device from the original device group and adds it to the new device group.
To have the device belong to the original device group and the new device group, select one or more devices in the Available Devices list and click Copy ->.
The same device can be moved from several groups to the new group. Select each row for the device and click Move ->. The Device Group column in the
Included Devices list shows the Device Group from which the device originated.
To remove a device from the new device group, select one or more devices in the
Included Devices list, and click <- Remove. The device(s) will be moved from the selected device group and return to any device groups from which it was moved.
2 To add a one or more device to the selected device group, select the devices in the Available Devices list and click either Move -> or Copy ->.
3 To remove one or more devices from the new device group, select the devices in the Included
Devices list, and click <- Remove.
4 Repeat steps 2 and 3 until you have included all the devices that should be members of this device group.
EPICenter Reference Guide
Modifying Devices and Device Groups
5 To add the newly created device group to the database, click the Add button at the bottom of the window.
If you have added a device to more than one device group, the Available Devices list displays a separate entry for each device group to which the device belongs, as shown in Figure 28 .
Figure 28: Device belonging to multiple device groups in Add Device Groups window
Modifying Devices and Device Groups
You can use the Modify function to modify the access parameters for an individual device, or to add and delete members of a device group. You must have Administrator or Manager access to modify device contact information and device groups. If you have Monitor access only, you cannot use this function.
Modifying a Device
You can display the Modify Devices and Device Groups window in three ways:
● Select Modify from the Inventory menu
●
●
Click the Modify button on the Toolbar
Select a device in the Component Tree, right-click to display the pop-up menu, and select Modify.
The Modify Devices and Device Groups window appears, as shown in Figure 29 , with the Devices tab displayed. If you have a device selected in the Component Tree, it is preselected in the Modify Devices tab, with its settings displayed.
To modify the contact information for one or more managed devices in the database, do the following:
EPICenter Reference Guide 73
The Inventory Manager
1 Select the appropriate Device Group to display the devices you want to modify.
2 Select one or more devices whose contact information you want to modify. You can modify multiple devices in the same operation if they all use the same contact information.
Figure 29: Devices tab of the Modify Devices and Device Groups window
74
The fields on the Device tab, when the Basic sub-tab is showing, are as follows:
Filter by Device Group
Device IP Address
Device Login
SSH
Device Manager Protocol
To select a device from a specific device group, select the device group from the pull-down list in the Filter by Device Group field. Select All Devices to view the list of all devices from all device groups.
The IP address of the selected device.
The login needed to Telnet to the device or to use ExtremeWare Vista.
Selects whether EPICenter should use SSH2 for secure Telnet sessions. SSH2 must be configured on the device in order for an SSH2 session to be established between EPICenter and the device. If SSH is not available (SSH enabling key not installed) this field is not selectable.
Note: If you disable SSH on the device, you will no longer be able to change this setting in EPICenter. Be sure to disable SSH in EPICenter before you disable it on the device.
The protocol used to communicate with this device when using the device-based element manager (ExtremeWare Vista): HTTP or HTTPS. SSH must be enabled on the device.
EPICenter Reference Guide
Modifying Devices and Device Groups
Device Poll Interval
Device Contact Password
Offline
Additional Info
Specifies how frequently the EPICenter server should poll the for detailed device information, such as software version, BootROM version, and so on. This also includes EDP and ESRP information for non-”i” series devices. To avoid a potentially large amount of polling traffic, this detailed polling is only done every
30 minutes for core (chassis) devices and 90 minutes for edge devices. The default is 90 minutes for both the core and edge devices. You can change this detailed polling interval by entering a different value in this field.
The password needed to Telnet to the device or to use ExtremeWare Vista.
Sets the device to the offline state in the EPICenter database. The device state can either be offline or online.
Any additional information you want to be included with this device. Maximum of
255 characters.
NOTE
The Device Poll Interval set here is different from the global Poll Interval you can set in the Administration applet. The global poll interval controls the basic status polling needed to ensure SNMP reachability, and is typically done much more frequently than detailed device polling.
NOTE
To configure SSH2 on a device, the device must be running a version of the ExtremeWare software that supports
SSH2. For more information on configuring a device to use SSH2, see the ExtremeWare Software Users Guide.
3 Enter the changed information in the appropriate fields of the SNMP tab, as shown in Figure 30 .
Figure 30: SNMP subtab under the Devices tab of the Modify Devices and Device Groups window
EPICenter Reference Guide 75
The Inventory Manager
The fields under the SNMP tab are as follows:
SNMP Version The version of SNMP (version 1 or version 3) that EPICenter uses to access the device.
Can be modified if the device is using SNMP version 1. Default is public. SNMP Read Community String
SNMP Write Community String
SNMP V3 User Name
SNMP V3 Privacy Protocol
SNMP V3 Privacy Password
Can be modified if the device is using SNMP version 1. Default is private.
The principal name used for SNMP V3 authentication and security. The default (for Extreme Networks devices) is initialmd5.
Specifies the SNMP V3 privacy protocol. Select either No Privacy or CBC
DES Privacy. The default is No Privacy.
If the device is using CBC DES Privacy, enter the privacy password. The default is and empty password (no password).
SNMP V3 Authentication Protocol Specifies the SNMP V3 authentication protocol. Select No Authentication,
MD5 Authentication, or SHA Authentication. The default is MD5
Authentication.
SNMP V3 Authentication Password If the devices is using SNMP V3 Authentication, enter the authentication password. The default password is initialmd5.
4 To implement the settings changes, click Modify.
If you have modified the Device Contact Password (under the Basic tab) or either of the SNMP
Community strings, on Extreme Networks devices, EPICenter asks if you want to change those values on the switch as well as in the EPICenter database (see Figure 31 ). This dialog appears only if you have changed one of these three values, and lists only those that you have changed. If you change any other values, such as the SNMPv3 settings, EPICenter does not warn you and does not make changes on the device.
This dialog does not appear if you have changed only third-party devices.
Figure 31: Dialog to confirm a device contact password or community string change
76
● To change the values in the EPICenter database and on the device itself, click Device and
Database
To change the values only in the EPICenter database, click Database only. ●
If you have already changed these values on the device, you should select Database only, as
EPICenter will not be able to communicate with the device until after these settings have been changed in the database.
If you change the community string in the database for a device, and do not elect to change it on the device itself, EPICenter may no longer be able to communicate with the device.
For settings other than the device contact password and community strings, EPICenter does not make any changes on the device. In order to continue to communicate with the device, you must
EPICenter Reference Guide
Modifying Devices and Device Groups
Telnet to the device to make changes. If you change the device contact password in both the database and the device, EPICenter will still be able to contact the device via Telnet to open a Telnet session or run a Telnet macro on the device.
If you have modified both Extreme Networks and third-party devices, and you select the Device and
Database setting, the device configuration will occur only on the Extreme Networks devices.
5 The Modify Devices and Device Groups window stays open after you perform a Modify operation.
When you have finished all your changes, click Close. If you have made changes to any of the fields but not modified them, EPICenter will ask you to confirm that you want to exit without making the changes.
Modifying a Device Group
Devices are always a member of a device group; devices not explicitly assigned to another device group are members of the Default device group. This has two effects related to modifying device groups:
● When devices are removed from all other device groups, they are automatically added to the Default device group.
● Devices cannot be removed from the Default device group using the Remove button in the Modify dialog. To remove a device from the default device group, you must move it to another device group.
You can begin the modify function using the Modify button on the toolbar, or by selecting a device group in the Component Tree, right-clicking to display the pop-up menu, and selecting Modify Device
Group.
To add or remove devices in a device group, do the following:
1 Click the Modify button at the top of the Inventory Manager main page.
Select the appropriate tab to display the Modify Device Group window, as shown in Figure 32 .
EPICenter Reference Guide 77
The Inventory Manager
Figure 32: Device Groups tab of the Modify Devices and Device Groups window
78
The fields and lists on this page are:
Device Groups
Device Group Name
Select the Device Group from the drop-down menu.
To change the name of the group, type the new text into the Device Group Name field.
Device Group Description To change the description of the group, type the new text into the Device Group
Description field.
Available Devices List The Available Devices list displays the other devices known to EPICenter, and their current device group membership.
Included Devices List The Included Devices list displays the devices that are currently members of the
Device Group you have selected to modify.
2 Add and remove devices from the selected group using the buttons in the middle of the page:
Move ->
Copy ->
<- Remove
Moves the selected devices into the group being modified, and removes them from the old group. You can remove a device from multiple old groups at the same time by selecting multiple occurrences of the device before you click Move.
Copies the selected device into the device group, but also leaves it in the current device group.
Removes the selected devices from the modified device group. If the device group being modified is the only group to which the device belongs, the device is returned to the Default device group.
You cannot use the Modify Device Groups function to remove devices from the Default device group. Devices are removed from the Default device group only when they are moved to another device group or deleted from the EPICenter inventory.
EPICenter Reference Guide
Deleting Devices and Device Groups from the Database
3 To replace the modified device group in the database, click the Modify button at the bottom of the window.
Deleting Devices and Device Groups from the Database
You must have an Administrator or Manager role to delete devices and device groups from the
EPICenter database. If you have a Monitor role, you cannot access this function.
Deleting a Device
You can begin the delete function using the Delete button on the toolbar, or by selecting a device in the
Component Tree, right-clicking to display the pop-up menu, and selecting Delete Device.
To delete a device from the EPICenter database, follow these steps:
1 Click the Delete button, or select Delete from the Inventory menu at the top of the Inventory
Manager main page.
Select the appropriate tab to display the Delete Devices window (see Figure 33 ).
Figure 33: Devices tab of the Delete Devices and Device Groups window
2 To select a device from a specific device group, select the device group from the pull-down list in the
Filter by Device Group field. Select All Devices to view the list of all devices from all device groups.
3 Select one or more devices in the Devices list, and click Delete.
4 Click OK to confirm that you want to delete the device information from the database.
Deleting an online device removes the information about the device from the EPICenter database; the device can no longer be monitored and managed from the EPICenter application. If the device is an
Extreme switch, deleting it removes any SmartTraps rules, both from the database and the switch change table. It also removes all information about VLANs, QoS Policy, and Virtual Chassis connections associated with this switch from the EPICenter database.
EPICenter Reference Guide 79
The Inventory Manager
If the device is offline, the device is removed from the EPICenter inventory, but the Smart Trap entries on the device are not removed.
NOTE
Deleting a device from EPICenter has no effect on the configuration of the device itself, other than altering the trap receiver table.
Deleting a Device Group
You can begin the delete function using the Delete button on the toolbar, or by selecting a device in the
Component Tree, right-clicking to display the pop-up menu, and selecting Delete Device Group.
To delete a device group from the EPICenter database, follow these steps:
1 Click the Delete button, or select Delete from the Inventory menu at the top of the Inventory
Manager main page.
Select the appropriate tab to display the Delete Device Groups window (see Figure 34 ).
Figure 34: Device Groups tab of the Delete Devices and Device Groups window
80
2 Select one or more device groups in the Device Groups list, and click Delete.
3 Click OK to confirm that you want to delete the device group information from the database.
Devices in the deleted device group that are not members of another group are automatically returned to the Default device group.
Updating Device Information—The Sync Operation
Occasionally, you may want to update the configuration and status information for one or more devices in the EPICenter database. The Sync operation is a manual update you can use if you believe that the device configuration is not correctly represented in EPICenter applets.
EPICenter Reference Guide
Updating Device Information—The Sync Operation
NOTE
The Sync function does not remove obsolete links from a Topology map. You must use the Sync Links command within the Topology applet to detect links that no longer exist.
You must have read-write access (Administrator or Manager-level access) to perform a Sync. If you have Monitor access only, you can not use this function.
You can begin the synchronize function using the Sync button on the toolbar, or by selecting a device or device group in the Component Tree, right-clicking to display the pop-up menu, and selecting the Sync command.
To refresh the configuration and status information, follow these steps:
1 Click Sync at the top of the Inventory Manager page.
The Synchronize Devices dialog, shown in Figure 35 , is displayed, listing the devices in the
EPICenter database.
Figure 35: Synchronize Devices dialog
2 To select a device from a specific device group, select the device group from the pull-down list in the
Filter by Device Group field. Select All Devices to view the list of all devices from all device groups.
3 Select one or more devices in the Device list.
4 Click Reset at any time prior to initiating the Sync to deselect all device selections and start over.
5 Click Sync to initiate the synchronization process.
The Inventory Manager uses SNMP to retrieve configuration and status information from each selected switch, and updates the EPICenter database with that information.
The Sync function displays a message window that shows the status of the sync operation on the selected devices. When the sync has completed on all devices, click OK to continue.
NOTE
Offline devices display a warning and are not synchronized.
EPICenter Reference Guide 81
The Inventory Manager
Configuring Default Access Parameters
The Configure Defaults window allows you to configure a set of default access parameters for network devices you have not yet discovered. After you configure the default access parameters, the network devices you discover and add to the EPICenter database have these default parameters.
1 Click the Default button at the top of the Inventory Manager main window.
The Configure Defaults window, shown in Figure 36 , is displayed.
Figure 36: Configure Defaults window, Basic tab
82
The fields on the Basic tab are:
Device Login
Device Contact Password
Use SSH
Device Manager Protocol
Additional Info:
The device login required for Telnet or to use ExtremeWare Vista. The default is
admin.
The device password. The default is an empty password (no password).
Whether SSH2 should be used for secure Telnet sessions. Select SSH Enabled if
EPICenter should use SSH2s. SSH2 must be configured on the device in order for an SSH2 session to be established between EPICenter and the device. The default is SSH Disabled.
The protocol used to communicate with this device when using the device-based element manager (ExtremeWare Vista): HTTP or HTTPS. SSH must be enabled on the device. The default is HTTP.
Any information you want to be included, by default, for all devices added to the
EPICenter inventory. Maximum of 255 characters.
2 Click the SNMP tab to enter or make changes to any of the SNMP fields, as shown in Figure 37 .
These options apply to future network devices that you add to the EPICenter database.
EPICenter Reference Guide
Figure 37: Configure Defaults window, SNMP tab
Configuring Default Access Parameters
The fields on the SNMP tab are:
SNMP Read Community String The SNMP community string for devices using SNMP version 1. The default is
public.
SNMP Write Community String The SNMP community string for devices using SNMP version 1. The default is
private.
SNMP V3 User Name
SNMP V3 Privacy Protocol
The principal name used for SNMP V3 authentication and security. The default is
initialmd5.
Specifies the SNMP V3 privacy protocol. Select either No Privacy or CBC DES
Privacy. The default is No Privacy.
SNMP V3 Privacy Password
SNMP V3 Authentication
Protocol
SNMP V3 Authentication
Password
If the device is using CBC DES Privacy, enter the privacy password. The default is no password (an empty string).
Specifies the SNMP V3 authentication protocol. Select No Authentication, MD5
Authentication, or SHA Authentication. The default is MD5 Authentication.
If the devices is using SNMP V3 Authentication, enter the authentication password. The default password is initialmd5.
Reset clears the contents of the fields and reset them to their default values.
3 Click Save to save your changes to the EPICenter database.
A message window (shown in Figure 38 ) appears to show you the progress of the Save command.
Figure 38: Message window showing Save progress
EPICenter Reference Guide 83
The Inventory Manager
4 Click OK to return to the Configure Defaults window.
5 Click Close to exit the Configure Defaults window.
If you make changes to the access parameters and then Close the window without saving those changes, an Inventory dialog box appears that gives you an opportunity to save the changes, proceed without saving, or to cancel and return to the Configure Defaults window.
Finding Devices
You can search for a device in the EPICenter database by name, by IP address, or by type of device. This may be useful if you have a large number of devices in your inventory.
To search for a device:
1 From the Tools menu, click Find Device.
The Find Devices dialog, shown in Figure 39 , is displayed.
You can search for devices by name or by IP address. You can limit the search to a specific device group, or to a specific type of Extreme device.
Figure 39: Find Devices dialog
84
2 Specify your search criteria in the Find Devices dialog are as follows:
EPICenter Reference Guide
The Properties Display
Search:
By Device Name
By IP Address
In <Device Group>
Of <Device Type>
Enter a complete or partial device name or IP address into this field.
* acts as a wildcard for an entire octet (0-255), or for the rest of the string
?
is a wildcard for a single digit (0-9) or character
Select the appropriate radio button to indicate whether this is a name or IP address.
To find all devices in a device group or of a selected device type, leave this field blank and select the appropriate Device Group and Device Type
Select to indicate that the value in the Search: field is a complete or partial device name. You can use the wild card characters * or ? in the search criteria.
Select to indicate that the value in the Search: field is a complete or partial IP address. You can use the wild card characters * or ? in the search criteria.
Limits the search to the selected Device Group. Select the device group from the drop-down menu. If you do not specify a name or IP address in the Search field, all devices in the device group you select are found.
Limits the search to the selected Device Type. Select the device type from the dropdown menu in the Device Type field. If you do not specify a name or IP address in the Search field, all devices of the type you select are found.
3 Click Find to search for devices that meet the criteria you have specified.
Click New Search to clear all search criteria.
All devices found are listed in the center panel. Information includes the device group in which the device can be found, its name, IP address, and the type of device. There is one entry for each device or device group combination.
4 To view details about a device in the results table, you can either:
■ Double-click a device entry in the results table, or
■ Select a device entry and click Go to.
If you double-click a device result, the Find Devices window remains open; if you click Go to, the window closes.
The Properties Display
You can view the properties of a device group or a device in the EPICenter database. This section describes the information displayed in the various properties windows.
Most of the information in the various Properties displays is shown in columnar form. The columns can be resized by “grabbing” the separator between two column headings, and the display can be sorted by clicking on a column heading. The column heading shown in green indicates the column used to sort
the display. See “Resizing Columns” on page 36 and “Sorting Columns” on page 36 for more detailed
instructions.
All Device Groups Properties
The Device Groups Properties window shows summary information for all device groups (see
Figure 40 ). To display this window, select the top-level Device Groups item in the Component Tree, then select Properties from the Display menu, or from the right-click pop-up menu.
EPICenter Reference Guide 85
The Inventory Manager
Figure 40: Device Groups Properties for all Device Groups
86
The Device Groups Properties window for All Devices shows the following information:
No. of Device Groups
Device Group
Description
The number of device groups defined in EPICenter
The names of the device groups defined in EPICenter
An optional description for the device group
Device Group Properties
The Device Group Properties window shows information about a selected device group (see Figure 41 ).
To display this window, select a Device Group in the Component Tree, then select Properties from the
Display menu, or from the right-click pop-up menu.
EPICenter Reference Guide
Figure 41: Device Group Properties for a selected Device Group
The Properties Display
The Device Group Properties window has two tabs:
The Device Group Tab
The Device Group tab displays the following information:
Device Group
Description
The name of the device group
An optional description for the device group
No. of Devices The number of devices in the device group
For each device that is a member of the Device Group, the following information is displayed:
Device
IP Address
The name of the device
The IP address of the device
The Port Inventory Tab
The Port Inventory Tab displays the following information:
Device
IP Address
10/100 Active
The name of the device that is a member of this device group
The IP addresses of the device
The number of active 10/100 ports on the device
EPICenter Reference Guide 87
The Inventory Manager
10/100 Ready
10/100 Total
Gigabit Active
Gigabit Ready
Gigabit Total
10 Gig Active
10 Gig Ready
10 Gig Total
The number of 10/100 ports that are ready
The total number of 10/100 ports on the device
The number of active gigabit ports on the device
The number of gigabit ports that are ready
The total number of gigabit ports on the device
The number of active 10 gigabit ports on the device
The number of 10 gigabit ports that are ready
The total number of 10 gigabit ports on the device
Device Properties
The Device Properties window shows several tabs of information about the selected device (see
Figure 42 ). To display this window, select a Device Group in the Component Tree, then select Properties from the Display menu, or from the right-click pop-up menu.
Figure 42: Device Properties window
88
The Device Properties window displays a set of tabs at the top of the window, depending on the type and configuration of the device. The following tabs may appear:
●
●
●
●
Device
VLAN
STP
Edge Port FDB
EPICenter Reference Guide
The Properties Display
●
●
●
Network Clients
Syslog Messages
Wireless
Each tab displays the name of the device and a status “light” which shows the status of the device as detected by the EPICenter software.
The Device Tab
The Device tab displays a variety of configuration and status information about the device. At the top of the window it shows the basic identification information:
Device
IP Address
Type/Version
MAC Address
Boot Time
The name of the device and the status indicator “light”
The IP address of the device
The type of device, and the version of the software currently running on the device
The MAC address of the device
The date and time of the last device reboot
The main section of the window presents the values of attributes about the device. These vary depending on the type of device and the features it supports.
The VLAN Tab
The VLAN tab lists the VLANs configured on the device. This window shows the following information about the VLANs on the device:
VLAN
Tag
Protocol
IP Address
Subnet Mask
QoS Profile
ESRP
VLAN name
VLAN tag
Protocol filter for the VLAN
IP address of the VLAN
Subnet Mask for the VLAN
The QoS profile configured for this VLAN
Whether ESRP is configured for this device
The STP Tab
The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs.
STP
State
VLAN
Tag
Root
No. of Ports
The STP Domain name
The domain state (Enabled or Disabled)
The name of the VLAN participating in this domain
The 802.1Q tag of one of the wholly contained VLANs in the domain
Indicates whether this device is currently the STP root bridge for this domain (Yes or No).
The number of ports on this bridge participating in this VLAN in this domain. Will be N/A if the STP domain is disabled on this VLAN.
EPICenter Reference Guide 89
90
The Inventory Manager
NOTE
A device must be running ExtremeWare 6.2.2 or later in order for EPICenter to access STP information for the device. Devices running earlier versions of ExtremeWare may have STP configured, but EPICenter will not be able to provide information about the configuration.
Edge Port FDB Tab
The Edge Port FDB tab shows information about the Operational or Permanent Forwarding Database entries on the device. A device must be running ExtremeWare 6.2.2 or later in order for EPICenter to access FDB information.
Operational FDB Entries. Select Operational to view the Operational FDB entries. The top part of the display shows the following information for the entries in the FDB:
Port
MAC Address
IP Address(es)
Dynamic
Static
Permanent
Forwarding Type
Discovered
The port where the MAC address was discovered
The MAC address that defines the entry
IP addresses detected for the MAC address
Shows a green check if the entry is dynamic; shows a red X if it is not.
Shows a green check if there is a static entry for the MAC in the permanent FDB; shows a red X if there is not.
Shows a green check if the entry is permanent; shows a red X if it is not.
The forwarding type: MAC, IP, IPX, MAC/IP, MAC/IPX, or unknown
The date and time at which the MAC address was learned by EPICenter
Select an entry in the table to display further information about the FDB entry at the bottom of the window:
Port
MAC Address
Locked Down
Secure
Blackhole Type
Mirrored
Questionable
Remapped
Translated
The port on which the MAC address was learned
The MAC address that defines the entry
Whether the MAC is locked to this port due to a learning limit (Yes/No)
Whether the MAC is locked to this port due to a permanent secure entry (Yes/No)
Blackhole type (None, Ingress, Egress, both)
Whether the MAC is mirrored (Yes/No)
Whether the MAC is questionable (Yes/No)
Whether the MAC has been remapped (Yes/No)
Whether the MAC has been translated (Yes/No)
Permanent FDB Entries. Select Permanent to view the Permanent FDB entries on the device. The display shows the following information for the entries in the Permanent FDB.
MAC Address
Port List
Dynamic
Static
Permanent
Locked Down
The MAC address that defines the entry
Ports to which the permanent FDB entry applies
Shows a green check if the entry is dynamic; shows a red X if it is not.
Shows a green check if the entry is static; shows a red X if it is not.
Shows a green check if the entry is permanent; shows a red X if it is not.
Shows a green check if the entry is locked down; shows a red X if it is not.
EPICenter Reference Guide
Mirrored
Secure
Blackhole Type
Discovered
Shows a green check if the entry is mirrored; shows a red X if it is not.
Shows a green check if the entry is secure; shows a red X if it is not.
Blackhole type (None, Ingress, Egress, Both)
The date and time at which the MAC address was learned
The Properties Display
The Network Clients Tab
The Network Clients tab lists information about the users connected through the device.
Port
User Name
IP Address
Login Type
MAC Address
VLAN
The port on the device on which the user is logged in.
The login name of the user.
The IP address of the user’s host.
The login type, either network login or 802.1x.
The MAC address of the user’s host.
The VLAN to which the port belongs.
The Syslog Messages Tab
The Syslog Messages tab lists information about the last 500 Syslog Message received from the device.
Time
Severity
Facility
Message
The time that the message was received.
The severity level of the message. Severity levels include the following:
• 0—Emergency
• 1—Alert
• 2—Critical
• 3—Error
• 4—Warning
• 5—Notice
• 6—Information
• 7—Debug
The Syslog facility reporting the message.
The text of the message.
Syslog messages are stored along with traps in the event log.
The Wireless Tab
The Wireless tab displays information on the wireless interfaces on the device. The tab is further divided into three subtabs: Wireless Ports, Physical Wireless Interfaces, and Virtual Wireless
Interfaces .
Under the Wireless Ports tab, the following information is shown for each port:
Port
State
The port number. If this is a remote connect port (virtual port) the port number will be preceded by a “v” for example, v.1, v.2 and so on.
The state of the wireless port: Disabled, Enabled, Online, or Error
EPICenter Reference Guide 91
92
The Inventory Manager
Num. Interfaces
Location
BootROM Version
S/W Version
Description
Product Name
Serial Number
Country Code
Antenna Type
Antenna Location
The number of physical interfaces associated with this port
Physical location of the wireless port as configured by the administrator
The BootROM version running on the device connected to this port
The version of the software running on the device connected to this port
A description of the device connected to this port
The product name of the device connected to this port
The serial number of the device connected to this port
The Country Code associated with the device connected to this port, which determines country-dependent frequency and other regulatory settings on the wireless port, shared by all wireless ports on the switch
The type of antenna on the device connected to this port, e.g. Integrated or detachable
The physical location of the antenna (Indoor, Outdoor)
Under the Physical Wireless Interfaces tab, the following information is shown for each interface:
Interface
802.11 Mode
RF Channel
RF Profile
Wireless interface identifier. A remote connect interface is indicated by a “v” preceding the interface identifier, for example v.1.1.1, v.1.1.2, and so on.
Wireless LAN RF mode: 802.11a, 802.11b, or 802.11g/b
Radio frequency channel used by the interface
Radio frequency profile configured for or assigned to this interface. See the section on configuring RF properties in the Summit 300-48 Switch Software User Guide.
Under the Wireless Ports tab, the following information is shown for each port:
Interface
State
ESS
Security Profile
802.11 Auth
Network Auth
Encryption
MAC Address
Wireless interface identifier. A remote connect interface is indicated by a “v” preceding the interface identifier, for example v.1.1.1, v.1.1.2, and so on.
Interface state (Active or Inactive)
The ESS name (the name of the wireless network associated with the security profile)
Security profile configured for this interface; see the section on CLI commands for security on the switch in the Summit 300-48 Switch Software User Guide
802.11 authentication method for this wireless interface: all, open, or shared
Network authentication method: all methods, none, Net Login, Mac RADIUS, 802.11x, WPA or WPA/PSK
Encryption method: all encryption methods, N/A (none), WEP64, TKIP, AES, WEP128, or
Other
MAC address for the wireless port
Slot Properties
To view slot properties, do the following:
1 From the Component Tree, click on the plus sign of a modular device to display the slots for that particular device.
NOTE
The Component Tree does not display the empty slots in a device.
EPICenter Reference Guide
The Properties Display
2 Right-click on a slot and select Properties from the pop-up menu that appears. The Device Slot
Properties window appears. The information displayed in this window depends on whether the module requires additional software to be installed.
The Device Slot Properties window appears, as shown in Figure 43 .
Figure 43: Device Slot Properties window for modules that require additional software
The Device Slot Properties window displays up to four tabs:
●
(present only if the device supports wireless ports)
The Slot Tab
For modules that require a special version of ExtremeWare to be installed, the Slot tab displays all the following information. For modules that do not require a special version of ExtremeWare, a subset of this information is shown:
Slot Name
Configured Type
Inserted Type
Module State
Serial Number
The number, or letter, of the slot where the module is installed
The type of module that is configured for the slot
The type of module that is inserted into the slot
The operational state of the module
The serial number of the module
EPICenter Reference Guide 93
94
The Inventory Manager
The following information is shown for modules that require a special version of ExtremeWare:
Description A description of the module that is inserted into the slot
Primary Version
Secondary Version
The primary ExtremeWare software image running on the module
The secondary ExtremeWare software image running on the module
Current Version
BootROM Version
Module Processor State
The current ExtremeWare software image running on the module
The current BootROM image running on the module
The operational state of the General Processor and the Network Processor(s) in the module.
The Operational FDB Tab
The top part of the Operational FDB tab display shows the following information for the entries in the
FDB:
Port
MAC Address
IP Address(es)
Dynamic
Static
Permanent
Forwarding Type
Discovered
The port where the MAC address was discovered
The MAC address that defines the entry
IP addresses detected for the MAC address
Shows a green check if the entry is dynamic; shows a red X if it is not.
Shows a green check if there is a static entry for the MAC in the permanent FDB; shows a red X if there is not.
Shows a green check if the entry is permanent; shows a red X if it is not.
The forwarding type: MAC, IP, IPX, MAC/IP, MAC/IPX, or unknown
The date and time at which the MAC address was learned by EPICenter
Select an entry in the table to display further information about the FDB entry at the bottom of the window:
Port
MAC Address
Locked Down
Secure
Blackhole Type
Mirrored
Questionable
Remapped
Translated
The port on which the MAC address was learned
The MAC address that defines the entry
Whether the MAC is locked to this port due to a learning limit (Yes/No)
Whether the MAC is locked to this port due to a permanent secure entry (Yes/No)
Blackhole type (None, Ingress, Egress, both)
Whether the MAC is mirrored (Yes/No)
Whether the MAC is questionable (Yes/No)
Whether the MAC has been remapped (Yes/No)
Whether the MAC has been translated (Yes/No)
The Network Clients Tab
The Network Clients tab displays the following information:
Port
User Name
IP Address
Login Type
The port on the device on which the user is logged in.
The login name of the user.
The IP address of the user’s host.
The login type, either network login or 802.1x.
EPICenter Reference Guide
The Properties Display
MAC Address
VLAN
The MAC address of the user’s host.
The VLAN to which the port belongs.
The Wireless Tab
If this module supports wireless ports (either direct or remote connect ports) the Wireless tab displays information on the selected wireless port and interfaces. The tab is divided into three subtabs: Wireless
Ports , Physical Wireless Interfaces, and Virtual Wireless Interfaces.
Under the Wireless Ports tab, the following information is shown for each port:
Port
State
Num. Interfaces
Location
BootROM Version
S/W Version
Description
Product Name
Serial Number
Country Code
Antenna Type
Antenna Location
The port number. If this is a remote connect port (virtual port) the port number will be preceded by a “v” for example, v.1, v.2 and so on.
The state of the wireless port: Disabled, Enabled, Online, or Error
The number of physical interfaces associated with this port.
Physical location of the wireless port as configured by the administrator
The BootROM version running on the device connected to this port
The version of the software running on the device connected to this port
A description of the device connected to this port
The product name of the device connected to this port
The serial number of the device connected to this port
The Country Code associated with the device connected to this port, which determines country-dependent frequency and other regulatory settings on the wireless port, shared by all wireless ports on the switch
The type of antenna on the device connected to this port, e.g. Integrated or detachable
The physical location of the antenna (Indoor, Outdoor)
Under the Physical Wireless Interfaces tab, the following information is shown for the interfaces on the each port:
Interface
802.11 Mode
RF Channel
RF Profile
Wireless interface identifier. A remote connect (virtual) interface is indicated by a “v” preceding the interface identifier, for example v.1.1.1, v.1.1.2, and so on.
Wireless LAN RF mode: 802.11a, 802.11b, or 802.11g/b
Radio frequency channel used by the interface
Radio frequency profile configured for or assigned to this interface. See the section on configuring RF properties in the Summit 300-48 Switch Software User Guide.
Under the Virtual Wireless Interfaces tab, the following information is shown for the interfaces on the each port:
Interface
State
ESS
Security Profile
802.11 Auth
Network Auth
Wireless interface identifier. A remote connect (virtual) interface is indicated by a “v” preceding the interface identifier, for example v.1.1.1, v.1.1.2, and so on.
Interface state (Active or Inactive)
The ESS name (the name of the wireless network associated with the security profile)
Security profile configured for this interface; see the section on CLI commands for security on the switch in the Summit 300-48 Switch Software User Guide
802.11 authentication method for this wireless interface: all, open, or shared
Network authentication method: all methods, none, Net Login, Mac RADIUS, 802.11x, WPA or WPA/PSK
EPICenter Reference Guide 95
The Inventory Manager
Encryption
MAC Address
Encryption method: all encryption methods, N/A (none), WEP64, TKIP, AES, WEP128, or
Other
MAC address for the wireless port
Port Properties
To view port properties, do the following:
1 From the Component Tree, click on the plus sign of a device.
For a non-modular device, this displays the ports for that particular device.
For a modular device, this displays the slots for that particular device. Click on the plus sign of a slot to display the ports for that particular device.
2 Right-click on a port and select Properties from the pop-up menu that appears.
The Device Port Properties window appears, as shown in Figure 44 .
Figure 44: Device Port Properties window
96
The Device Port Properties window may have up to four tabs:
●
(present only if the device supports wireless ports)
EPICenter Reference Guide
The Properties Display
The Port Tab
The Port tab displays the following information:
Port Number
Media
Configured Type
Link State
Port Enabled
Actual Speed
Actual Duplex
Load Sharing
FDB Polling Status
The number of the port
The media for a redundant port (Primary or Redundant)
The type of port
The link status of the port (Uplink or Edge port)
Whether the port is enabled (yes) or not enabled (no)
The speed of the port
The duplex setting of the port (Half, Full, or None)
The load sharing state of the port (On or Off)
Whether the port is being polled: Actively Polled (Edge Port) or Not Polled (Inactive
Port)
The Operational FDB Tab
The top part of the Operational FDB tab display shows the following information for the entries in the
FDB:
Port
MAC Address
IP Address(es)
Dynamic
Static
Permanent
Forwarding Type
Discovered
The port where the MAC address was discovered
The MAC address that defines the entry
IP addresses detected for the MAC address
Shows a green check if the entry is dynamic; shows a red X if it is not.
Shows a green check if there is a static entry for the MAC in the permanent FDB; shows a red X if there is not.
Shows a green check if the entry is permanent; shows a red X if it is not.
The forwarding type: MAC, IP, IPX, MAC/IP, MAC/IPX, or unknown
The date and time at which the MAC address was learned by EPICenter
Select an entry in the table to display further information about the FDB entry at the bottom of the window:
Port
MAC Address
Locked Down
Secure
Blackhole Type
Mirrored
Questionable
Remapped
Translated
The port on which the MAC address was learned
The MAC address that defines the entry
Whether the MAC is locked to this port due to a learning limit (Yes/No)
Whether the MAC is locked to this port due to a permanent secure entry (Yes/No)
Blackhole type (None, Ingress, Egress, both)
Whether the MAC is mirrored (Yes/No)
Whether the MAC is questionable (Yes/No)
Whether the MAC has been remapped (Yes/No)
Whether the MAC has been translated (Yes/No)
EPICenter Reference Guide 97
98
The Inventory Manager
The Network Clients Tab
The Network Clients tab displays the following information:
Port
User Name
IP Address
Login Type
MAC Address
VLAN
The port on the device on which the user is logged in.
The login name of the user.
The IP address of the user’s host.
The login type, either network login or 802.1x.
The MAC address of the user’s host.
The VLAN to which the port belongs.
The Wireless Tab
If this device supports wireless ports (either direct or remote connect ports, the Wireless tab displays information on the selected wireless port and interfaces. The tab is divided into three subtabs: Wireless
Ports , Physical Wireless Interfaces, and Virtual Wireless Interfaces.
Under the Wireless Ports tab, the following information is shown for the selected port:
Port
State
Num. Interfaces
Location
BootROM Version
S/W Version
Description
Product Name
Serial Number
Country Code
Antenna Type
Antenna Location
The port number. If this is a remote connect port (virtual port) the port number will be preceded by a “v” for example, v.1, v.2 and so on.
The state of the wireless port: Disabled, Enabled, Online, or Error
The number of physical interfaces associated with this port.
Location of the port as configured by the administrator
The BootROM version running on the device connected to this port
The version of the software running on the device connected to this port
A description of the device connected to this port
The product name of the device connected to this port
The serial number of the device connected to this port
The Country Code associated with the device connected to this port, which determines country-dependent frequency and other regulatory settings on the wireless port, shared by all wireless ports on the switch
The type of antenna on the device connected to this port, e.g. Integrated or detachable
The physical location of the antenna (Indoor, Outdoor)
Under the Physical Wireless Interfaces tab, the following information is shown for the interfaces on the selected port:
Interface
802.11 Mode
RF Channel
RF Profile
Wireless interface identifier. A remote connect interface is indicated by a “v” preceding the interface identifier, for example v.1.1.1, v.1.1.2, and so on.
Wireless LAN RF mode: 802.11a, 802.11b, or 802.11b/g
Radio frequency channel used by the interface
Radio frequency profile configured for or assigned to this interface. See the section on configuring RF properties in the Summit 300-48 Switch Software User Guide.
EPICenter Reference Guide
The Properties Display
Under the Virtual Wireless Interfaces tab, the following information is shown for the interfaces on the selected port:
Interface
State
ESS
Security Profile
802.11 Auth
Network Auth
Encryption
MAC Address
Wireless interface identifier. A remote connect interface is indicated by a “v” preceding the interface identifier, for example v.1.1.1, v.1.1.2, and so on.
Interface state (enabled, disabled, error, or online)
The ESS name (the name of the wireless network associated with the security profile)
Security profile configured for this interface; see the section on CLI commands for security on the switch in the Summit 300-48 Switch Software User Guide
802.11 authentication method for this wireless interface: all, open, or shared
Network authentication method: all methods, none, Net Login, Mac RADIUS, 802.11x, WPA or WPA/PSK
Encryption method: all encryption methods, N/A (none), WEP64, TKIP, AES, WEP128, or
Other
MAC address for the wireless port
EPICenter Reference Guide 99
The Inventory Manager
100 EPICenter Reference Guide
4
The EPICenter Alarm System
This chapter describes how to use the EPICenter Alarm System applet for:
● Viewing the alarms that have occurred
●
●
Defining new alarms and modifying current alarm definitions
Configuring threshold-based alarms
Overview of the EPICenter Alarm System
The EPICenter Alarm System provides fault detection and alarm handling for the network devices monitored by EPICenter. This includes Extreme Networks devices and some third-party devices. The
Alarm System provides a set of predefined, enabled alarms that immediately report conditions such as authentication or login failures, device problems such as power supply or fan failures, reachability
problems, or device reboots (see “Predefined Alarms” on page 102 ).
The Alarm System also lets you define your own alarms that report errors under conditions you specify, such as repeated occurrences or exceeding threshold values. You can enable and disable individual alarms, and you can specify the actions to be taken when an alarm occurs, such as sending email, running a program, executing a Telnet macro, or sounding an audible alert.
Fault detection is based on Simple Network Management Protocol (SNMP) traps, syslog messages, and some limited polling. The Alarm System supports SNMP Management Information Base-2 (MIB-2), the
Extreme Networks private MIB, Remote Monitoring (RMON) traps, and selected traps from other MIBs.
For selected third-party devices that have been integrated into EPICenter through it’s device integration framework, EPICenter can support the full set of traps provided by the device. For other MIB-2 compatible devices, assuming they can be successfully added to EPICenter’s inventory database,
EPIcenter supports just the basic MIB-2 traps.
NOTE
EPICenter automatically configures Extreme Networks devices to send traps to the EPICenter server when those devices are added to the EPICenter Inventory database; this is not true for non-Extreme Networks devices —you must manually configure those devices to send traps to the EPICenter server.
To receive syslog messages from a device, the device must be configured to use EPICenter as a syslog receiver. This is true for both Extreme devices and non-Extreme devices.
See the EPICenter Concepts and Solutions Guide for instructions on configuring devices to use EPICenter as a trap receiver or a Syslog receiver.
Not all trap events are supported in older versions of the ExtremeWare software. Please refer to
Types for Alarms” for information on the switch software required for specific traps.
EPICenter Reference Guide 101
102
The EPICenter Alarm System
Alarm Manager Functions
The Alarm Manager feature does not provide any feature-specific menus. The four standard menus are available (EPICenter, Display, Tools and Help) but only the EPICenter and Help menus have commands available. Right-click pop-up menus are not available in this feature.
For information on the standard EPICenter menu functions, see
“EPICenter Menus” on page 32 .
Predefined Alarms
For convenience, the EPICenter Alarm System provides a number of predefined alarms. These alarms are enabled by default and are active as soon as the EPICenter server starts up. These include the following alarms:
● Authentication failure (SNMP MIB-2 trap): This alarm indicates that an attempt has been made to access the device using an invalid community string or SNMPv3 credentials.
●
●
●
Config Download Failed (EPICenter event, indicates failure in an download initiated by EPICenter):
This alarm indicates that a configuration download from EPICenter to the device has failed to complete.
Config Upload Failed (EPICenter event, indicates failure in an upload initiated by EPICenter): This alarm indicates that a configuration upload from the device to EPICenter has failed to complete.
Device reboot (EPICenter event): This alarm indicates the device has rebooted.
●
●
●
●
●
●
●
●
●
●
Device Warning from EPICenter (EPICenter event): This alarm indicates that EPICenter has detected a problem.
EAPS State Change-Error (EPICenter event): EPICenter has detected that an EAPS Master node status has changed from Complete to Failed.
EAPS State Change-Warning (EPICenter event): EPICenter has detected that an EAPS Master node status has changed from Failed to Complete.
ESRP State Changed (Extreme proprietary trap): This alarm indicates that an ESRP state change has occurred on the device.
Fan failure (EPICenter event): This alarm indicates a cooling fan in the device has failed. This alarm occurs only once, when the fan status transitions from OK to failed. For continuous notification of this problem (until resolved) use the Extreme proprietary trap for fan failure, rather than the
EPICenter trap.
Health Check Failed (Extreme proprietary trap): This alarm indicates that the health check has failed for the device.
Invalid login (Extreme proprietary trap): This alarm indicates that a login to the device has been attempted with an invalid user name or password.
Overheat (EPICenter event): This alarm indicates that EPICenter has detected an overheat condition in the device. This alarm occurs only once, when the temperature reaches the overheat threshold. For continuous notification of this problem (until resolved) use the Extreme proprietary trap for overheat, rather than the EPICenter trap.
Power Supply Failed (EPICenter event): This alarm indicates a power supply in the device has failed. This alarm occurs only once, when the power supply status transitions from OK to failed. For continuous notification of this problem (until resolved) use the Extreme proprietary SNMP trap for power supply failure, rather than the EPICenter trap.
Rogue Access Point Found (EPICenter event): This alarm indicates that an access point has been detected that is not in the Safe list.
EPICenter Reference Guide
The Alarm Log Browser
●
●
●
●
Redundant Power Supply (RPS) alarm condition (Extreme proprietary trap): This alarm indicates that an attached redundant power supply is transmitting an alarm.
SNMP unreachable (EPICenter event): This alarm indicates that EPICenter is unable to communicate with a device using SNMP.
Stack Member down (EPICenter event): EPICenter has detected that a stack member is down.
Stacking Link down (EPICenter event): EPICenter has detected that a stack link is down.
The Alarm Log Browser
Click the Alarm button in the Navigation Toolbar to run the Alarm System applet and view the Alarm
Log Browser. The Alarm Log Browser page appears, as shown in Figure 45 .
Figure 45: The Alarm Log Browser page
New alarm indicator
Predefined filters Alarm System module tabs
EPICenter standard menus
Alarm summary Current filter definition
Acknowledged alarms
Number of alarms displayed (per filter)
The Alarm button (icon) in the Navigation Toolbar acts as an alarm indicator—if it is displayed in red instead of black, it indicates that at least one new alarm has occurred.
EPICenter Reference Guide 103
104
The EPICenter Alarm System
The standard EPICenter menus appear at the top of the window. For information on these menus, see
“EPICenter Menus” on page 32 . Immediately below the menus are the Alarm system module tabs.
Below these tabs are a set of function buttons for the currently displayed module.
The Alarm Log Browser page displays a summary of the alarms that have occurred, optionally filtered based on criteria you can specify.
By default, if you have a device selected in another EPICenter applet when you run the Alarm Browser,
EPICenter filters the display for the selected device. The filter EPICenter created appears in the Current
Filter field; you can save it if you want to be able to reuse it later. Otherwise, the default filter displays the last 300 alarms.
An alarm can be generated due to an SNMP or RMON trap, a syslog message, or based on the results of a poll. By default, all the predefined alarms are enabled; therefore, you may see alarm log entries the first time you run the Alarm System, even if you have not defined any alarms of your own.
The Alarm Log Browser Summary
The Alarm Log Browser summary displays all the alarms that match the selected filter.
● The Current Filter field at the top of the display shows the current filter definition. There are four predefined filters:
7 days ago
Default
Last 24 hours
Yesterday
View alarms that occurred one week ago
View the most recent 300 entries
View alarms that occurred within the last 24 hours
View alarms that occurred yesterday (the 24 hours from starting at 12:01 am yesterday)
●
You can select one of these filters from the pull-down field just below the Current Filter label.
The Alarms indicator to the right of the Current Filter field shows the number of Alarm instances that matched the filter.
The summary displays the following information for each alarm instance:
ID
Name
Category
Severity
Source
Time
An integer number assigned by the EPICenter Alarm System based on the order in which the alarm occurred
A name for the alarm, provided when the alarm is defined
An optional user-defined classification that defaults to “Default”
The severity level associated with the alarm when it was defined, indicated by both name and color. The small bell symbols also appear in the Component Tree in other EPICenter applets, to indicate that an alarm has occurred on the device.
The Severity Levels and the related colors are as follows:
• Normal, green
• Warning, blue
• Minor, yellow
• Major, orange
• Critical, red
The IP address of the device that generated the trap or responded to a poll
The date and time at which the alarm was received
EPICenter Reference Guide
The Alarm Log Browser
Message
Acked
The message generated by the alarm
A green check is present in this column if the alarm has been acknowledged
The summary is initially sorted by ID in descending numerical order, so that the most recent alarm appears at the top of the list. You can sort the display by the contents of any column by clicking on the column heading. Click the heading a second time to reverse the sort order based on that column.
Saving the Default Filter
If you have a device selected in another applet when you run the Alarm Browser, EPICenter creates a default filter that filters for alarms on that device only. You can save this filter for future user by doing the following:
1 Click the Filter button at the top of the page.
This opens the Define Alarm Log Filter window with the predefined filter already displayed.
2 Slick the Save button to save the alarm definition.
See
“Defining an Alarm Log Display Filter” on page 109
for a description of the Define
Alarm Log filter window.
Acknowledging an Alarm
To acknowledge an alarm:
1 Select the alarm or alarms you want to acknowledge.
2 Click the Acknowledge (Ack) button at the top of the page.
This sets the state of the selected alarms to “acknowledged,” and places a green check in the Acked field of the selected alarm log entries.
When you acknowledge the most recent alarm, the state of the Alarm button in the EPICenter
Navigation Toolbar also returns to black.
You can “unacknowledge” alarms you have previously acknowledged, if needed:
1 Select the alarm or alarms.
2 Click the Unacknowledge (Unack) button at the top of the page.
The Ack or Unack operation may take a few seconds to update the database. When the update is complete, the rows are deselected.
Deleting Alarm Log Entries
To delete an alarm log entry:
1 Select the alarm entry or entries you want to delete.
2 Click the Delete button at the top of the page.
This removes the selected alarm log entries entirely from the EPICenter database.
EPICenter Reference Guide 105
106
The EPICenter Alarm System
Deleting Groups of Log Entries
Rather than deleting alarm log entries one by one, you can delete groups of related log entries in a single operation, based on specific filtering criteria that you set, such as all entries in a certain time frame, all entries for selected devices, and so on.
To delete a group of alarm entries, click the Del ... button at the top of the page. This opens a window where you can define the set of conditions that EPICenter should use to filter and identify alarm entries that should be deleted.
See
“Deleting Alarm Records with Specified Conditions” on page 112
for a description of this window, and for instructions about filtering for and deleting groups of log entries.
Viewing Alarm Details
To view the details of an individual alarm:
1 Select the alarm you want to view.
2 Click the Detail button at the top of the page, or double-click on the alarm entry in the log.
This opens the Alarm Log Detail View window, showing detailed information about the selected alarm. See
“The Alarm Log Detailed View” on page 107 for a description of this
window and the information it displays.
Creating an Alarm Display Filter
Alarm entries are displayed in the Alarm Log browser based on a set of filtering criteria. There are four predefined filters:
7 days ago
Default
Last 24 hours
Yesterday
View alarms that occurred one week ago
View the most recent 300 entries
View alarms that occurred within the last 24 hours
View alarms that occurred yesterday (the 24 hours from starting at 12:01 am yesterday)
In addition to these, you can create your own filters based on criteria such as Source IP, Severity, Alarm
Name, LogID, and a number of others. Your filter can combine multiple criteria.
To specify your own filter, click the Filter button at the top of the page.
This opens the Define Alarm Log Filter window. See
“Defining an Alarm Log Display Filter” on page 109
for a description of this window, and information about creating your own filters.
Deleting Saved Alarm Log Filters
You can delete any saved alarm log display filters except for the default filter. To delete a filter, do the following:
EPICenter Reference Guide
The Alarm Log Detailed View
1 Click the Del Filter button.
This opens the Delete Filters window.
2 Select the filter you want to delete, and click OK.
Pausing All Alarms
You can temporarily stop the processing of all enabled alarms using the Pause/Resume feature.
To stop processing enabled alarms, click the Pause button at the top of the page. EPICenter ignores all traps when the alarms are paused.
To resume processing traps, click Resume.
The Alarm Log Detailed View
To view the details of an individual alarm:
1 Select the alarm you want to view.
2 Click the Detail button at the top of the page, or double-click on the alarm entry in the log.
This opens the Alarm Log Detailed View window, as shown in Figure 46 .
The Alarm Log Detailed View displays detailed information about the selected alarm.
EPICenter Reference Guide 107
The EPICenter Alarm System
Figure 46: Detailed view of an Alarm Log entry
108
The fields in this view show the following information about the alarm:
Log ID
Alarm Name
Category
Severity
Repeat times
Repeat Period
Device Name
Alarm Source
Acked
Alarm Time
Alarm Message
Actions taken
Name of events
The ID number assigned to this event by EPICenter
The name of the alarm
The category to which this alarm belongs
The severity level of the alarm
The number of times the event occurred to trigger the alarm. If the alarm does require repeated events, this value is 1.
The time period within which the repeated events occurred, for alarms with a repetitive occurrence specification. Displays N/A if the alarm does not require repeated events.
The name of the device on which the alarm generating event(s) occurred
The IP address where the alarm event(s) originated
Whether this alarm has been acknowledged
The time of day at which the alarm occurred
The message associated with the alarm
The list of actions defined for this alarm, if any
The name of the event that triggered the alarm
EPICenter Reference Guide
Defining an Alarm Log Display Filter
Pattern matching
Alarm Events
The pattern matched by the event data, if a pattern is defined for this alarm
Details of the events that triggered the alarm. If the alarm required repeated events in order to trigger the alarm, all those events are shown. For each event the following is displayed:
• Event Time: The time of day that the event occurred
• Event Source: The IP address of the event source
• Data: The data included with the event
• Count: The event count, with 1 being the first (oldest) event occurrence
From the Alarm Log Detailed View window you can display details for other alarms without having to return to the Alarm Browser summary page.
● Enter or select an alarm Log ID in the Go to alarm field. Selecting the ID immediately displays that alarm entry.
●
●
●
Click the Next button to view the alarm entry in the row below the currently displayed entry in the
Alarm Browser summary list.
Click the Previous button to view the alarm entry in the row above the currently displayed entry in the list.
Click Close to close the display window.
Defining an Alarm Log Display Filter
You can filter the alarms to be displayed in the Alarm Log Browser summary list based on criteria such as Source IP, Severity, Alarm Name, LogID, and a number of others.
To specify your own filter, click the Filter button at the top of the Alarm Log Browser summary page.
The Define Alarm Log Filter window opens displaying either the last filter definition you created, or the
Default filter (View last 300 alarms).
EPICenter Reference Guide 109
The EPICenter Alarm System
Figure 47: Alarm Log filter definition window
110
To create your own filter, do the following:
1 Click the New button to clear the previous filter definition. This unchecks the View last 300 alarms checkbox, if it was checked, and enables the other fields in the window (except for the name field— you can provide a name for your filter when you name it).
2 Define a filter criteria by selecting or filling in the Field, Operator, and Value fields as follows:
Field
Operator
The parameter you want to use as a filter criterion. Select one from the pull-down menu. The choices are:
• Log ID: Filter on Log ID
• Alarm Name: Filter on Alarm name
• Category: Filter on category name
• Severity: Filter on severity level
• Source IP: Filter on alarm source IP address
• PortIfIndex: Filter on a port (for alarms that use Port as the source type)
• Time: Filter on the entry date and time stamp
• Acked: Filter on whether alarms have been acknowledged or not
A comparison operator used to test the parameter against the specified value. Select one from the pull-down menu. Only choices relevant to the selected parameter type are available—in some cases only one choice is allowed.
EPICenter Reference Guide
Defining an Alarm Log Display Filter
Value The value against which the parameter (specified in the Field field) should be tested. The type, format and range of the values you can specify depend on the parameter you selected in the Field field. Values may be entered as follows:
• Log ID: An integer. You can test equality relationships (equal, not equal, greater than, less than, greater than or equal, less than or equal) or for a range (Between). If you choose Between as the operator, you are asked to enter two values.
• Alarm Name: Text string. You can select an alarm name from the drop-down list in the Value field, or enter a text string. You can test for an exact match or non-match, or a substring (Contains).
The Contains operator lets you match against a substring (portion of text) that should be contained in the parameter value.
• Category: Text string. You can select a category from the drop-down list in the Value field, or enter a text string. You can test for an exact match or non-match, or a substring (Contains).
• Severity: An alarm severity level. You must select a severity level from the drop-down list in the
Value field. You can test for a match or non-match.
• Source IP: IP address. Can test for exact match or non-match, or for a range (Between). If you choose Between you are asked to enter two values. You cannot match on a subnet.
• PortIfIndex: An integer. Can test equality relationships (equal, not equal, greater than. less than, greater than or equal, less than or equal) or for a range (Between). If you choose Between you are asked to enter two values.
• Time: Select a time period from the drop down list. Choices include periods such as Last 1 Hour,
Yesterday, 2 Days Ago, etc. The filter matches all alarms within the time period.
• Acked: Can select Yes (matches all Acknowledged alarms) or No (matches all unacknowledged alarms).
3 Click the Add/Modify Condition button to add this specification to the filter definition.
You can create a filter that uses more than one condition, as long as each condition uses a different parameter. Multiple conditions are combined using a logical AND function—all conditions must be matched for an alarm entry to be included in the filter results.
You cannot filter using multiple specifications of the same parameter. For example, in order to find and view alarms for IP addresses 10.205.0.55 and 10.205.0.61, you must use the Between operator to test for all Source IP addresses between these two IP addresses. You cannot create a filter that includes separate condition specifications for Source IP = 10.205.0.55 and Source IP = 10.205.0.61.
4 To remove an individual condition specification, select it in the current filter list and click the
Remove Condition(s) button. You can select and remove multiple filter criteria.
5 When your filter definition is complete, you can save it as a named filter, or you can just apply it to the Alarm Log without saving it.
● To save it, click Save, and enter a name into the dialog box that appears.
● To apply the filter to the Alarm Log summary without saving it, click OK. This filters the display based on the criteria you defined. You do not need to save the filter before you do this.
If you do not save the filter definition before you apply it to the Alarm Log, you can re-open the
Define Alarm Log Filter window and save it later. The filter definition is retained in the Define
Alarm Log Filter window until you either create another filter definition, or exit the Alarm System applet.
To restore the default filter definition, click the View last 300 alarms check box and click OK.
EPICenter Reference Guide 111
The EPICenter Alarm System
Deleting Alarm Records with Specified Conditions
To delete a group of alarm entries, click the Del ... button at the top of the page.
The Delete alarm records with specified conditions window opens, as shown in Figure 48 .
Figure 48: Delete alarm records filter definition window
112
In this window you can define a filter—a set of conditions—that EPICenter can use to determine whether an alarm record should be deleted.
To create a delete condition filter, do the following:
1 If the “View last 300 alarms” check box is checked, the remaining fields are grayed-out. Uncheck the check box to enable the other fields.
2 Define a filter criteria by selecting or filling in the Field, Operator, and Value fields as follows:
EPICenter Reference Guide
Deleting Alarm Records with Specified Conditions
Field
Operator
Value
The parameter you want to use as a filter criterion. Select one from the pull-down menu. The choices are:
• Log ID: Filter on Log ID
• Alarm Name: Filter on Alarm name
• Category: Filter on category name
• Severity: Filter on severity level
• Source IP: Filter on alarm source IP address
• PortIfIndex: Filter on a port (for alarms that use Port as the source type)
• Time: Filter on the entry date and time stamp
• Acked: Filter on whether alarms have been acknowledged or not
A comparison operator used to test the parameter against the specified value. Select one from the pull-down menu. Only choices relevant to the selected parameter type are available—in some cases only one choice is allowed.
The value against which the parameter (specified in the Field field) should be tested. The type, format and range of the values you can specify depend on the parameter you selected in the
Field field. Values may be entered as follows:
• Log ID: An integer. You can test equality relationships (equal, not equal, greater than, less than, greater than or equal, less than or equal) or for a range (Between). If you choose
Between as the operator, you are asked to enter two values.
• Alarm Name: Text string. You can select an alarm name from the drop-down list in the Value field, or enter a text string. You can test for an exact match or non-match, or a substring
(Contains). The Contains operator lets you match against a substring (portion of text) that should be contained in the parameter value.
• Category: Text string. You can select a category from the drop-down list in the Value field, or enter a text string. You can test for an exact match or non-match, or a substring (Contains).
• Severity: An alarm severity level. You must select a severity level from the drop-down list in the Value field. You can test for a match or non-match.
• Source IP: IP address. Can test for exact match or non-match, or for a range (Between). If you choose Between you are asked to enter two values. You cannot match on a subnet.
• PortIfIndex: An integer. Can test equality relationships (equal, not equal, greater than. less than, greater than or equal, less than or equal) or for a range (Between). If you choose
Between you are asked to enter two values.
• Time: Select a time period from the drop down list. Choices include periods such as Last 1
Hour, Yesterday, 2 Days Ago, etc. The filter matches all alarms within the time period.
• Acked: Can select Yes (matches all Acknowledged alarms) or No (matches all unacknowledged alarms).
3 Click the Add/Modify Condition button to add this specification to the filter definition.
You can create a multi-criteria specification using more than one parameter as long as each parameter is different. You cannot filter using multiple specifications of the same parameter.
For example, in order to delete alarms for IP addresses 10.205.0.55 and 10.205.0.61, you must do this in two operations.
4 To remove an individual criteria, select it in the current filter list and click the Remove Condition(s) button. You can select and remove multiple filter criteria.
5 When your filter definition is complete, click Delete.
All alarm records that meet the conditions defined by the filter are deleted.
If you simply want to delete the last 300 alarms, leave the “View last 300 alarms” box checked, and click Delete.
EPICenter Reference Guide 113
The EPICenter Alarm System
Defining Alarms
For convenience, the EPICenter Alarm System provides a number of predefined alarms (see
). These alarms are all enabled by default, and become active immediately when the EPICenter server starts up. The predefined alarms generate alarm log entries, but no other actions are specified.
You can modify the predefined alarms or define your own custom alarms to report errors based on a number of event types under conditions you specify, such as repeated occurrences or exceeding threshold values. You can also specify the actions to be taken when an alarm occurs, such as sending email, running a program, executing a Telnet macro, or sounding an audible alert.
To view a current alarm definition, to create a new definition, or to modify an existing definition, click the Alarm Definition tab at the top of the page. The Alarm System: Alarm Definition page is displayed, as shown in Figure 49 .
Figure 49: Alarm System: Alarm Definition page
114 EPICenter Reference Guide
Defining Alarms
The Alarm Definition List shows all the current alarm definitions. This list shows the following information about each alarm:
Name
Category
Event
Severity
Enabled
The name of the alarm
The category to which the alarm belongs.
The event that triggers this alarm (see
“Defining the Basic Alarm Properties” on page 117 for
more details)
The severity level of the alarm (normal, warning, minor, major, critical)
Whether the alarm is enabled or disabled
To view the settings for an individual alarm, select the alarm.
The detailed definition of the selected alarm appears in the fields below the alarm list. In addition to the basic properties shown in the Alarm Definition list, these fields show additional properties such as whether pattern matching should be used on event data, or whether the event must occur more than once before the alarm is triggered. These basic properties are defined in detail in
.
Below the basic properties, two text fields show the alarm actions (if any) defined for the alarm, and scope of alarm.
Alarm Actions are functions that the alarm system executes when an alarm occurs, in addition to logging the occurrence of the alarm. By default the predefined alarms have no actions defined for them (other than logging). Alarm actions can include sending e-mail, sounding an audible alert, running a program or executing a Telnet macro. For the predefined alarms, an alarm event creates an entry in the Alarm
Log, but no other actions occur. You can define additional actions for any of these alarms. Alarm
Actions are discussed in more detail in “Defining Alarm Actions” on page 121
.
The Alarm Scope defines which devices can trigger an alarm. The predefined alarms are scoped by default for all devices and ports. Thus, a trap received from any port or any device triggers the corresponding alarm. You can modify the scope of any of these alarms. Alarm Scope is discussed in more detail in
“Defining the Alarm Scope” on page 119
.
Creating a New Alarm Definition
To create a new alarm, click the Add button at the top of the page.
This opens the New Alarm Definition window, where you can define a custom alarm. See
Alarm Definition Window” on page 116
for a description of the window, with instructions for creating an alarm definition.
Modifying an Alarm Definition
To modify an alarm, select the alarm in the Alarm Definition List, and click the Modify button at the top of the page.
This opens the Modify Alarm Definition window. This window is identical to the New Alarm
Definition window, except that the settings for the selected alarm are filled in. See “The Alarm
Definition Window” on page 116 for a description of the window, with instructions for
modifying an alarm definition.
EPICenter Reference Guide 115
The EPICenter Alarm System
Deleting an Alarm Definition
To delete an alarm definition, select the alarm in the Alarm Definition List, and click the Delete button at the top of the page.
After you verify that you want to delete the alarm, the definition is removed from the Alarm
Definition List and from EPICenter’s database.
You must remove alarm definitions one at a time.
The Alarm Definition Window
There are three parts to an alarm definition: the Basic properties definition, the Scope definition, and the
Action definition. Each is represented on its own tab in the New Alarm Definition window or the
Modify Alarm Definition Window.
The New Alarm Definition window, as shown in Figure 50 , initially displays the Basic tab of the threepage alarm definition, with most of the fields blank. If you are modifying an existing Alarm definition, the Modify Alarm Definition window is identical except that the settings for the selected alarm are shown in the appropriate fields.
Figure 50: The New Alarm Definition window, Basic definition tab
116
Use the tabs at the top of the window to move between the three pages. When you are finished with your alarm definition, click OK. A new alarm definition is added to the Alarm Definition List; the existing alarm definition is updated for an alarm that has been modified.
See the EPICenter Concepts and Solutions Guide for a more extensive discussion about EPICenter alarms, including examples of alarm definitions for common network events.
EPICenter Reference Guide
The Alarm Definition Window
Defining the Basic Alarm Properties
On the Basic page, you define the event-related parameters of the alarm: its name, severity, the event that triggers it, and so on. The fields in this window are defined as follows:
Name
Enabled
Category
Severity
Event Type
Event Name
Pattern Matching on
Event Data
Message
Variables...
Repetitive occurrence specification
(If event happens...)
The name of the alarm as it will appear in the alarm log and (optionally) elsewhere. This defines the variable alarmName.
Indicates whether the alarm is “turned on” or not. If you uncheck this box, the alarm remains defined but is not operational.
The category assigned to this alarm. Select the category using the pull-down menu at the end of the field (see
“Creating a New Alarm Category” on page 126
for more information).
This defines the variable alarmCategory.
The severity of the alarm. Select one of the five severity levels from the pull-down menu
(normal, warning, minor, major, critical). This defines the variable alarmSeverity. The severity level also determines the sound that is played as an audible alert.
The type of event (SNMP trap, RMON Trap Rising Alarm, RMON Trap Falling Alarm,
EPICenter, or Syslog message). This determines the list of events you can select in the
Event Name field. The event type is concatenated with the event name to define the variable eventTypeName.
The specific event (trap) that should trigger this alarm. Select the event from the pull-down list provided. The event name is concatenated with the event type to define the variable eventTypeName.
For RMON Rising or RMON Falling trap types, pull-down list includes the configured
RMON rule names. RMON events (rules) must be configured under the Threshold
See
Appendix A , “Event Types for Alarms” for a description of the
EPICenter and SNMP events from which you can choose.
You can specify that the alarm should be triggered only if the data provided with the event matches a specific pattern. If you leave this unchecked, the default is “Don’t Care.”
Pattern matching is done on the contents of the eventData variable.
The pattern matching syntax uses regular expressions.
• You can use “*” or “%” (asterisk or percent) to match any sequence of zero or more characters.
• “?” or “_” (question mark or underscore) can be used to match any one character.
• To match one of a set of characters, enclose the characters in brackets. For example,
[abcd] matches one of a, b, c, or d.
A message you specify that will be transmitted whenever the alarm occurs. By default, this field contains the variable eventTypeName. You can delete this variable, add other variables as provided in the variable pop-up list, and add your own text. For Syslog messages, use the eventData variable to display the Syslog message.
A pop-up list that provides a list of variables you can select to include in the Message
field. See Table 10 “EPICenter Alarm Variables” on page 118 for a definition of the Alarm
System variables you can use in the message field.
The required number of times an event must occur before an alarm is generated. You can specify both the number of times the event must occur, and the time frame within which these events must occur. This lets you filter out short-lived or non-repeatable events, and define an alarm that will take action only if the triggering event occurs repeatedly within a defined time frame.
EPICenter Reference Guide 117
118
The EPICenter Alarm System
Event Types
EPICenter alarms can be triggered by SNMP traps, RMON rising or falling traps, EPICenter events, or
Syslog messages.
An EPICenter event is generated by EPICenter based on the results of its periodic polling. In some cases, a condition that causes an EPICenter event may also generate an SNMP or other trap. Creating an alarm triggered by an EPICenter event guarantees that the condition is eventually detected by polling even if the corresponding trap is missed.
See
,
“Event Types for Alarms” for a description of the EPICenter and SNMP events
supported by the EPICenter Alarm System.
SNMP traps are notifications from a device of events that occur on a device. EPICenter must be configured as a trap receiver on the device in order to be notified of these events; this happens automatically on Extreme devices. Certain SNMP events may require additional configuration on the switch in order to enable specific trap conditions.
RMON Trap Rising and RMON Trap Falling events are triggered by RMON or CPU utilization traps.
RMON events, including Port utilization, temperature, or STP topology change events, and events based on CPU utilization, are defined through the
Threshold Configuration page of the EPICenter
Alarm System (see “Threshold Configuration” on page 127 ). RMON event rules can be configured only
on switches running ExtremeWare 6.1 or later. CPU Utilization rules can only be configured on switches running ExtremeWare 6.2 or later.
NOTE
RMON must be enabled on the switch in order for RMON trap events to be generated.
Syslog messages may also be used to trigger alarms. To receive Syslog messages, the Syslog receiver function of EPICenter must be enabled, and remote logging must be enabled with EPICenter configured as a Syslog receiver on the devices from which you want to receive Syslog messages. See the EPICenter
Concepts and Solutions Guide for information about configuring devices to use EPICenter as a Syslog server. Syslog messages received from devices not managed by EPICenter are ignored.
For certain other events, you must do the configuration on the switch using an SNMP configuration tool such as SNMPc. See the EPICenter Concepts and Solutions Guide for more information.
Table 10: EPICenter Alarm Variables
Variable Name alarmID alarmName alarmCategory alarmSeverity alarmRepeatTimes alarmRepeatPeriod alarmSourceDeviceName alarmSourceIP
Description
An integer number assigned by the EPICenter Alarm System based on the order in which the alarm occurred
The name of the alarm as defined in the Name field
The user-defined alarm category assigned to the alarm
The severity level assigned to the alarm
The number of times the event must occur before an alarm is generated
The time frame within which the repeated events must occur for the alarm to be generated
The name of the device on which the event(s) occurred (taken from the EPICenter database)
The IP address of the device on which the event(s) occurred
EPICenter Reference Guide
The Alarm Definition Window
Table 10: EPICenter Alarm Variables (continued)
Variable Name alarmSourceIfIndex alarmGMTTime alarmLocalTime alarmMessage alarmActions eventLogID eventTypeName eventGenericType eventSpecificType eventSpecificTypeStr eventEnterprise eventData trap
Description
The interface on the device on which the event(s) occurred
The time at which the alarm occurred, in Greenwich Mean Time
The time at which the alarm occurred, in local time
The message defined for the alarm (for use by an external program executed as an alarm action)
The list of actions defined for the alarm
The ID of the event in EPICenter’s event log
The type of event (SNMP Trap, RMON Rising Trap, RMON Falling Trap, or
EPICenter event) concatenated with the Event Name (the SNMP trap name,
RMON rule name, or EPICenter event name)
The SNMP Generic Type number of the trap
The SNMP Specific Type number for an enterprise-specific trap
The event description
The Enterprise portion of the Object ID (OID) of the event
The data associated with the trap, or the Syslog message content
Defining the Alarm Scope
To define a scope for the alarm, click the Scope tab. The Scope definition page is displayed, as shown in
Figure 51 .
Figure 51: The New Alarm Definition window, Scope definition
EPICenter Reference Guide 119
120
The EPICenter Alarm System
In this window you define the scope of the alarm—the set of devices that can trigger the alarm. You can define the scope as a set of individual devices, one or more device groups, as a set of individual ports, or as one or more port groups.
For events that originate from a device port (such as link down) the scope determines whether the alarm is generated based on an event from a single port, on events from any port on a device, or from any port on any device in a device group.
For example, to define an alarm that is fired for any port on device A, you can scope the alarm as
“Device,” select the appropriate device group, and select Device A. To define the alarm only to be fired on selected ports on Device A, you would scope the alarm as “Port,” select Device A, and select the individual ports. You could also define a port group for the specific ports of interest, the scope the alarm as Port Group and select the appropriate group.
To define the alarm scope, select a Source Type (and Device Group, if appropriate), select individual devices, ports, device groups, or port groups, and add them to the Selections list. The scope can contain a combination of source types.
The fields and buttons in this window are defined as follows:
Scope on all devices and ports
When this is checked, an event received from any device or device port will trigger the alarm.
In addition, as new devices are added to the EPICenter inventory database, those devices and ports will also be included in the device scope.
Uncheck the checkbox to enable scoping by specific devices, device groups, ports or port groups.
Source Type The source of the scoping definition (Device, Device Group, Port, or Port Group). Select the type you want from the pull-down list.
Select Device Group or Port Group to scope the alarm on all members of the selected group.
Group membership is evaluated every time a trap is received. Therefore, changes to the group membership (adding or removing devices or ports) have an immediate effect on alarm processing.
Select Group
Source list (Device/
Device Group/Port
Group) ifIndex
To scope the alarm on individual devices or ports, select Device or Port.
If you select Device or Port as the Source Type, you must select a Device Group to indicate the set of devices (and ports) you want to see in the Source List.
The list of components of the specified type. The field label changes based on the Source
Type. It is labeled Device when you select either Device or Port as the Source Type.
Selection
The list of ports available on the device selected in the Device source list. This list appears only if you have selected Port as the Source Type. Select a device from the Device source list, and the appropriate set of ports for the device appears.
The devices, ports, device groups, or port groups that are currently included in the scope.
The buttons in the middle of the page let you move selected devices, ports, or groups between the source list and the Selection list:
●
●
●
● Add-> —Adds the selected Device(s), Port(s), Device Groups or Port Groups to the Selection list, for inclusion in the scope of this alarm.
Add All-> —Adds all the components in the source list to the Selection list.
<-Remove —Removes the selected components from the Selection list.
<-Remove All —Removes all the components from the Selection list.
EPICenter Reference Guide
The Alarm Definition Window
Defining Alarm Actions
To define actions for the alarm, click the Actions tab. The Action definition page is displayed, as shown in Figure 52 .
Figure 52: The New Alarm Definition window, Action definition
In this window you define the actions for the alarm—the functions that should be performed when the alarm occurs. You can have the alarm perform any or all of the actions defined here.
NOTE
In order to use an e-mail action, you must first configure your e-mail settings. You will not be able to select an e-
mail action until this has been done. See “Setting Up E-mail for the Alarm System” on page 124 .
EPICenter Reference Guide 121
122
The EPICenter Alarm System
The fields and buttons in this window are defined as follows:
Sound Alert Click the check box to have the alarm system play an audible alert on the client computer when the alarm occurs. The alarm will sound on all EPICenter clients currently connected to the
EPICenter server. The sound that is played depends on the severity level of the alarm.
The alert sound files are kept on the EPICenter server in the \extreme subdirectory of the
EPICenter installation directory, and are named according to the severity level they represent
(normal.wav, warning.wav and so on).
Email to Click this check box to indicate that e-mail should be sent, then enter the e-mail address(es) of the recipients for the e-mail. E-mail addresses in a list can be separated by commas, semicolons, or spaces.
The email header provides the alarm number, alarm name, source IP address and ifIndex, severity, and the alarm message.
The body of the email provides the alarm time, alarm name, alarm category, severity, source IP address and ifIndex, alarm message, the event name that triggered the alarm, the result of the alarm action, and a URL link to the EPICenter server.
Note: If the e-mail check boxes are grayed out, you must first configure your e-mail settings.
Settings...
Short email to
Click this to display the Email Settings window, where you can configure your e-mail settings.
You will need to do this if the Email to and Short email to checkboxes are not accessible. See
“Setting Up E-mail for the Alarm System” on page 124 for details on setting up e-mail for use
with alarm actions.
Click this check box to indicate that a short e-mail (appropriate for text paging) should be sent.
Then enter the e-mail address(es) of the recipients for the e-mail. E-mail addresses in a list can be separated by commas, semicolons, or spaces.
Short email provides the alarm number in the subject header, and the alarm name, source IP address and ifIndex, severity, and alarm message in the body of the email.
Forward Trap to Click this check box to forward the trap event that caused this alarm. The forwarding instructions currently in force are shown to the right of the check box:
• Host: The host name or host IP address of the system to which the trap is forwarded.
• Port: The port on which the specified host receives traps.
Settings...
Run Macro
Macros...
• Community String: The community string for the specified host.
• Version: The version of SNMP to which traps will be converted. This can specify No conversion, Convert trap to SNMPv1 or Convert trap to SNMPv2c.
Note: To change any of these settings, click the Settings... button to the right of this field.
Click this to display the Trap Forwarding Settings window, where you can configure the trap
forwarding instructions. See “Configuring the Trap Forwarding Settings” on page 125
for details on configuring trap forwarding settings.
Click this checkbox to specify a Telnet macro that should run when this alarm occurs. Enter the macro name or click the Macros... button to select a macro from a list of saved macros.
Note: When a macro is executed as an alarm action, the macro results are not saved. In order to have the results saved, EPICenter debug must be enabled. Results are then saved in a file named alarmMacro.txt, saved in the <EPICenter_install_dir>/user.war/telnet directory. EPICenter debug can be enabled through the Reports feature, but will increase the
time required for processing alarms and alarm actions. See “EPICenter Server Reports” on page 439
for more information on enabling EPICenter debug mode.
Click this to display the Select Macro window, where you can select a Telnet macro from a list of saved macros.
EPICenter Reference Guide
Run program
Variables...
Details>>
The Alarm Definition Window
Click the check box to specify a program that should be run when this alarm occurs. Enter the command string for the program in the field provided. To include Alarm System variables as arguments in the command string, click the Variables... button and select the variables you want to include.
You can also include trap varbinds as arguments in the command string, if the SNMP event that triggers this alarm provides varbinds.
Note: If you are running EPICenter on a Windows XP or Windows 2003 system, see
Program as an Alarm Action under Windows” on page 123
Click this to display a list of the variables you can select for inclusion as arguments in the command string of the program you have specified in the Run program field.
See
Table 10 “EPICenter Alarm Variables” on page 118 for a definition of the Alarm System
variables you can use in the message field.
Click this to display a list of variable bindings (varbinds) associated with the event that defines this alarm. You can use these varbinds as arguments in a command string. See
Varbinds in a Command String” on page 123
for details on using trap varbinds in a command.
You can also use trap varbinds in Telnet Macros.
This button is not available if the event configured for this alarm is not an SNMP trap, or if the specific SNMP trap does not include variable bindings.
Running a Program as an Alarm Action under Windows
On a Windows 2003 or Windows XP system, if you are running the EPICenter server as a service, and if you want to run a program that does output to the desktop, you must specify that output to the desktop is allowed when you start the server service. Otherwise, the program will not run. See the
Alarm System section in Appendix A of the EPICenter Concepts and Solutions Guide for instructions on restarting the EPICenter server service with this option enabled. If you are running the EPICenter server as a regular program, this is not a problem.
If you want to specify a batch file that does output to the desktop, you must specify the “.bat” file within a DOS “cmd” command, as follows: cmd /c start <file.bat> where < file.bat
> is the batch file you want to run.
Using Trap Varbinds in a Command String
If the event that defines this alarm is an SNMP trap that includes varbinds, you can use the varbinds as arguments in a command string you run as an alarm action. EPICenter will substitute the value of the variables from the trap into the command string.
In the Basic tab of the Alarm Definition window, the Event Type must be set to SNMP Trap, and the selected trap event (Event Name) must be one that includes variables.
In the Actions tab, clicking Details>> shows the list of variables associated with the trap event, and their indexes.
You specify the variable by including the trap variable $trap followed by the varbind index: e.g.
$trap(0) etc. You do not need to include all the variables, and they can be in any order. You can insert the $trap variable by selecting from the list of system variables displayed when you click the Variables... button; however, you must still add the index, enclosed in parentheses.
The example in Figure 53 shows a command taking the extremeEapsPrimaryStatus and extremeEapsSecondaryStatus as arguments.
EPICenter Reference Guide 123
The EPICenter Alarm System
Figure 53: Using trap varbinds as arguments to a command as an alarm action
124
Because the variables may return values in a form that is not usable in a CLI command, two functions are provided to convert values to CLI-readable formats. These are:
●
●
$ToCliPort() — converts a port IfIndex to the slot:port format
$ToCliVlanName() — converts a VLANID to a VLAN name.
For example, for the trap extremeEdpNeighborAdded , the variable extremeEdpPortIfIndex is returned as the second varbind (index=1).
So upon an EDP Neighbor Added trap, to run a program “testprog” and pass it the port number, you could use the command cmd c:/testprog $ToCliPort($trap(1))
For example, if the trap returns an IfIndex of 1009, the $ToCliPort function will convert it to 1:9, so that the resulting run command is: cmd c:/testprog 1:9
Setting Up E-mail for the Alarm System
Before you can use the either of the e-mail actions, you must configure the e-mail capability. Until you do so, the Email To and Short email to fields and check boxes are not available. To configure the e-mail capability, do the following:
1 Click the top Settings... button (nest to the Email field) on the Action page.
This displays the Email Settings window, as shown in Figure 54 .
EPICenter Reference Guide
Figure 54: Setting up E-mail for EPICenter alarm actions
The Alarm Definition Window
2 Type the information required to configure the mail server in the fields provided, then click OK.
SMTP Host
Sent By
My server requires authentication
User Name
Password
The outgoing mail server name (or IP address).
The e-mail address that should be used as the sender of the e-mail.
Check this if your mail server authenticates the user before sending out e-mail and enter the user name and password of an account that the SMTP server will accept.
Usually this is the account you use to log into your network.
If you don’t know whether your server requires authentication, you can go ahead and enter the authentication information—it is ignored if it is not actually needed.
The user name for mail server authentication
The password for mail server authentication
NOTE
If you have e-mail configured as an alarm action and the mail server is not reachable and times out when an alarm occurs, the Alarm System will stall waiting for the action to complete. The Alarm System may also stall if a program configured as alarm action never completes.
Configuring the Trap Forwarding Settings
You can change the settings for trap forwarding as follows:
1 Click the lower Settings... button (next to the Forward Trap to field) on the Action page.
This displays the Trap Forwarding Settings window, as shown in Figure 55 . The window initially shows the global trap receiver settings configured in the Administration applet, as part of the Server
Properties configuration for SNMP (see “SNMP Properties” on page 366 for how to set these global
settings).
EPICenter Reference Guide 125
The EPICenter Alarm System
Figure 55: Trap Forwarding Settings window
126
2 Uncheck the Use Global Settings checkbox to enable the following fields. Type the information needed to configure the receiver for the forwarded traps, then click OK.
Host
Port
Community String
Version
Type the host name or host IP address of the system to which the trap will be forwarded.
Type the port on which the specified host receives traps.
Type he community string for the specified host.
Select the version of SNMP to which traps will be converted:
• No conversion: No conversion is done.
• Convert trap to SNMPv1: All traps are converted to SNMPv1.
• Convert trap to SNMPv2c: All traps are converted to SNMPv2.
The new settings are shown on the Action page of the New or Modified Alarm Definition window.
To return to the default (global) settings, just check the Use Global Settings checkbox.
Alarm Categories
Alarm categories are arbitrary collections of alarms that you can define as appropriate to your needs, and then assign to specific alarm definitions. For example, you might use categories to designate alarms from individual buildings, floors, or workgroups. An ISP might define categories for alarms from a specific customer’s equipment.
By default, all alarms are assigned to the category named Default. This category can be renamed, but it cannot be deleted.
Creating a New Alarm Category
To create a new alarm category, click the Add button at the top of the window.
A small pop-up window appears into which you can enter the name of the new category. Click OK to enter the new category into the Category List.
EPICenter Reference Guide
Threshold Configuration
Modifying an Alarm Category
To rename an alarm category, click the Modify button at the top of the window.
A small pop-up window appears and displays the current name of the category. Modify the name and click OK to enter the revised category into the Category List.
When an alarm category is renamed, all alarms assigned to that category are updated to use the new category name.
Deleting an Alarm Category
To delete an alarm category, select the category from the Category List, then click the Delete button at the top of the window.
CAUTION
Deleting a category also deletes all the alarm definitions that are assigned to that category. If you do not want to delete those alarm definitions, you must first modify the alarm definitions to use a different alarm category before you delete the category.
A warning message appears to let confirm that you want to delete the category and the alarm definitions that are assigned to it. Click OK to delete the category and the alarms from the EPICenter database.
The Default category cannot be deleted.
Threshold Configuration
Creating alarm definitions based on threshold events such as RMON utilization is a two-step process.
First you must define the rules that control trap (event) generation. Then, you use these rules to define alarms for Rising or Falling threshold conditions.
The Threshold Configuration page lets you define the conditions or rules that will cause certain trap events to occur, and specify the devices on which these rules should be configured. You can use this page to define thresholds for RMON utilization or CPU utilization. You can configure RMON threshold traps for a wide range of variables, but several (specifically port utilization, temperature, and STP topology change) have been partially predefined to make the rule definition process easier.
In these types of events, traps are generated based on comparing the value of the sample variable with a threshold value. The rules you set up specify the threshold values. Once these rules are in place, you can use them in your EPICenter alarm definitions for alarms that respond when a sample value crosses one of the thresholds you’ve defined. You must defined EPICenter alarms based on the threshold rules you create; the trap events generated by threshold conditions will be ignored by the Alarm System until you define alarms that take actions on those events. See
for more information on creating alarms (known as RMON Trap Rising Alarms and RMON Trap Falling Alarms) using threshold event rules.
EPICenter Reference Guide 127
The EPICenter Alarm System
NOTE
RMON must be enabled on the switch in order for RMON trap events to be generated.
NOTE
There are other SNMP traps supported by the EPICenter Alarm System, but not included in EPICenter’s threshold configuration function, that may require conditions to be set on the switch to define when a trap should occur. See
“Configuring Other SNMP Trap Events” in the EPICenter Concepts and Solutions Guide for additional information.
In addition to specifying the conditions under which trap events should be generated, you also use the
Threshold Configuration page to define the target devices on which the event rules should be configured.
To view the current threshold configuration rules, and to create new rules or modify existing rules, click the Threshold Configuration tab at the top of the page. The Alarm System Configuration page is displayed. Figure 56 shows the Alarm System Configuration page as it appears when displaying RMON rules for a device.
Figure 56: The Threshold Configuration window showing RMON rules
128 EPICenter Reference Guide
Threshold Configuration
The Configurations tree shows the existing RMON rule definitions as nodes in the tree, with the devices to which they are applied shown as subnodes. The main panel shows the definition for the selected rule on each target device.
CPU Utilization is a predefined node in the Configurations tree. Devices on which a CPU utilization rule is configured are shown as subnodes of the CPU Utilization node. There can be only one CPU utilization rule per device.
Click the small plus next to a rule node to display in the tree the devices associated with that rule.
To display the definition of a rule, click the rule node.
RMON Rule Display
For RMON rules, the display shows the following for each device targeted by that rule:
Device
Port
Variable
Sample Type
Sample Interval
Rising Threshold
Falling Threshold
Startup
Index
The name of the device
The port to which the rule applies
The MIB variable being monitored
Absolute or Delta
The time between samples, in seconds.
A threshold value that triggers an event when the value of the variable increments past this value.
A threshold value that triggers an event when the value of the variable decreases past this value.
The condition that causes the initial event (Rising, Falling, or RisingOrFalling).
The rule’s row index in the SNMP tables as obtained from the device’s SNMP agent.
For a detailed definition of these parameters, see
“Configuring an RMON Rule” on page 133
.
CPU Utilization Rule Display
To display the CPU Utilization rules, click the CPU Utilization node in the Configurations tree.
Figure 57 shows the Alarm System Configuration page as it appears when displaying CPU
Configuration rules for a selected device.
EPICenter Reference Guide 129
The EPICenter Alarm System
Figure 57: The Threshold Configuration window showing CPU Configuration rules
130
For each device targeted by that rule, the CPU Utilization rule display shows the following:
Device
Port
Variable
Sample Type
Sample Interval
Rising Threshold
Falling Threshold
Startup
Index
The name of the device
The port to which the rule applies
The MIB variable being monitored (always extremeCpuUtilRisingThreshold.0)
The method used to compare the variable to the threshold (shown as N/A, always compares the actual sample value).
The time between samples, in seconds.
The threshold value that triggers an event when the CPU Utilization value (a percentage) increments past this value.
Shown as zero, predefined to be 90% of the Rising Threshold value.
The condition that causes the initial occurrence of this event (shown as N/A, predefined to be Rising).
The rule’s row index as returned by the device’s SNMP agent.
For a detailed definition of these parameters, see
“Configuring CPU Utilization Rules” on page 134
.
Creating an Event Rule
To create a new event rule, click the Add button at the top of the page. This displays the New
Rule configuration page, where you can configure a new event rule.
See
“Configuring a New Rule or Modifying a Rule” on page 131
for details about the fields in this window.
EPICenter Reference Guide
Configuring a New Rule or Modifying a Rule
Modifying a Rule
Once a set of rules have been created, they must be modified individually. To modify a rule do the following:
1 Select the rule folder or the individual rule name in the Configurations tree to display the rule details in the main panel of the window.
2 Select the individual rule you want to modify.
3 Click the Modify button at the top of the page.
This opens the Modify Configuration window, showing the rule definition for the target you selected. The Modify Configuration window shows the same information as the New
Configuration window, but with the information for the current target filled in.
See
“Configuring a New Rule or Modifying a Rule” on page 131
for details about the fields in this window.
Deleting a Rule
To delete a rule, do the following:
1 Select the rule folder or the individual rule name in the Configurations tree to display the rule details in the main panel of the window.
2 Select the individual rule or rules you want to delete.
3 Click the Delete button at the top of the window.
4 A warning is displayed asking you to confirm that you want to delete these rules. Click Yes to delete the rule(s) or No to cancel the action.
Synchronizing with Device RMON Rules
To synchronize the EPICenter database with the RMON rules in place on a switch, click the
Sync button at the top of the window.
This opens the Synchronize RMON Rules window, where you can select devices for synchronization. See
“Synchronizing EPICenter with Device RMON Rules” on page 138 for a
description of the Synchronize RMON Rules window, with instructions on performing the sync operation.
Configuring a New Rule or Modifying a Rule
Creating a new rule and modifying an existing rule use the same window fields. The New
Configuration and Modify Configuration windows look identical except that Modify Configuration displays the current settings for an existing rule. The definitions below apply to both operations.
There are two parts to an event rule; the rule configuration itself, and the association of the rule to its target devices.
EPICenter Reference Guide 131
The EPICenter Alarm System
The New Configuration window opens with the Configuration page displayed, as shown in Figure 58 .
The Modify Configuration window also opens showing the Configuration page, with the configuration settings for the selected rule displayed.
Figure 58: New Configuration window for an RMON Rule
132
To create or modify a rule, do the following:
1 In the Configuration Type field, select the type of rule you want to create (RMON Event, CPU
Utilization, Port Utilization, Temperature, or Topology change) from the drop-down list.
NOTE
CPU Utilization is only supported on switches running ExtremeWare 6.2 or later. STP Topology change traps are only supported on switches running ExtremeWare 6.2.2 or later.
2 Type or select the configuration information in the appropriate fields. The information you can enter differs depending on the selection you made in the Configuration Type field.
See
“Configuring an RMON Rule” on page 133 for details about the information required for an
RMON rule. See “Configuring CPU Utilization Rules” on page 134 for how to configure CPU
Utilization Rules. See “Configuring Rules for the Predefined RMON Event Types” on page 136
for configuring other predefined RMON event types.
3 Specify the devices that should be configured to generate the event you have defined; see
“Configuring the Rule Target” on page 137 for details.
4 Click Apply to add the new rule to the Configurations tree.
For RMON rules, the rule name is included as a “folder” and each target device for the rule appears as a separate component under that rule. The rule name also appears in the Event Name list.
For CPU Utilization rules, each target device for a CPU utilization rule appears as a separate component under the CPU Utilization “folder” in the Configurations tree.
EPICenter Reference Guide
Configuring a New Rule or Modifying a Rule
Configuring an RMON Rule
If you select RMON Event as the Configuration Type, the fields and buttons in this window are defined as follows:
Name
MIB Variable
Look Up...
The name for this rule.
The MIB variable that the rule monitors. Type in the complete OID in its numeric form, or click the Look Up... button to bring up a list of variables that are available.
• Type the beginning of a variable name into the MIB Variable field, then type a space, and the Alarm System attempts to match your typing to the variable list and auto-complete your entry.
MIB variables that apply to the entire device have the suffix “.0” appended to them to create the complete OID. MIB variables that apply per port are combined with the port ifIndex to generate the OID.
If the MIB variable you want to monitor does not appear in the MIB Variable lookup list, you can still use the variable by typing its complete OID. Enter the OID in its numeric form, ending in .0 if it is a per device variable, or in the specific index if it is a per-port variable. If it is a table variable, you may need to enter each index and apply it to each target device one by one.
Click this to display a list of the MIB variables that may be used in an RMON rule. The list is organized by MIB group. Within the MIB variable list:
• Click on a variable group to display the individual variables within the group.
• Use the up and down arrow keys to scroll the list.
Note: The MIB variable list displays only the MIBs that were shipped with the EPICenter software, and indexed by ifIndex. It does not display table variables in tables indexed by an index other than (or in addition to) ifIndex.
Description The description of the MIB variable. This description should specify the units of measure for the variable, needed in order to correctly specify the Rising Threshold and Falling Threshold values.
Rising Threshold A threshold value that triggers an event when the value of the variable increments past this value. An event is generated when the sample value meets the following conditions:
• When the sample value becomes greater than or equal to the Rising Threshold for the first time after the alarm is enabled, if the Startup Alarm condition is set to Rising or
RisingOrFalling
• The first time the sample value becomes greater than or equal to the Rising Threshold, after having become less than or equal to the Falling Threshold
Falling Threshold A threshold value that triggers an event when the value of the variable decreases past this value. An event is generated when the sample value meets the following conditions:
• When the sample value becomes less than or equal to the Falling Threshold for the first time after the alarm is enabled, if the Startup Alarm condition is set to Falling or RisingOrFalling
Sample Type
• The first time the sample value becomes less than or equal to the Falling Threshold, after having become greater than or equal to the Rising Threshold
The method used to compare the variable to the threshold. Specify the type as follows:
• Absolute to use the actual sample value of the variable
• Delta to calculate the difference between the current sample value and the previous sample value of the variable, and use the difference in the comparison
EPICenter Reference Guide 133
134
The EPICenter Alarm System
Sample Interval
(seconds)
Startup Alarm
The interval, in seconds, over which the data is sampled and compared to the rising and falling thresholds.
The condition that should be met to cause the initial occurrence of this event. Select from the following:
• Rising: An event is generated the first time the sample value becomes greater than or equal to the Rising Threshold value. No events are generated related to the Falling threshold until after this has occurred.
• Falling: An event is generated the first time the sample value becomes less than or equal to the Falling Threshold value. No events are generated related to the Rising threshold until after this has occurred.
• RisingOrFalling: An event is generated the first time the sample value becomes either greater than or equal to the Rising Threshold value, or less than or equal to the Falling Threshold value.
It is important to understand that, except for the initial occurrence of the alarm, an RMON alarm event is generated only the when the sample value of the variable crosses one of the thresholds for the first time after having crossed the other threshold.
NOTE
To configure an alarm using an RMON threshold event, select RMON Rising or RMON Falling as the Event Type.
Configuring CPU Utilization Rules
NOTE
CPU Utilization is only supported on switches running ExtremeWare 6.2 or later.
If you select CPU Utilization as the Configuration Type, only the Rising Threshold field allows input, as shown in Figure 59 . The other fields and buttons in this window are predefined.
EPICenter Reference Guide
Configuring a New Rule or Modifying a Rule
Figure 59: New Configuration window for a CPU Utilization Rule
The fields displayed are defined as follows:
Rule Name
Rising Threshold
Description
For CPU Utilization, the name is predefined because there can only be one rule of this type on a device.
A threshold value, in percent, that triggers an event when the CPU utilization rises past this value. This value is also used to compute a falling threshold, which is defined as 80% of the rising threshold.
The description of the extremeCpuUtilRisingThreshold MIB variable.
For a CPU Utilization event, the other parameters, such as the MIB variable, threshold, etc., are predefined by the Extreme switch agent to be the following:
MIB Variable
Falling Threshold
Sample Interval
Sample Type
Startup Alarm
The MIB variable is predefined to be extremeCpuUtilRisingThreshold.0.
This is predefined as 80% of the rising threshold.
The sample interval for a CPU Utilization alarm is also predefined, and is set to 3 seconds.
The sample value (a percentage) is always an absolute value.
The Startup condition is predefined to be Rising.
NOTE
To define an alarm for a CPU Utilization threshold event, select SNMP Trap as the Event Type, then select CPU
Utilization Rising Threshold or CPU Utilization Falling Threshold as the Event Name.
If you define an alarm for a CPU Utilization Rising Threshold event, an alarm is generated each time the sample value meets the following conditions:
● The sample value becomes greater than or equal to the Rising Threshold for the first time (including the initial sample) after the alarm is enabled. (This is the startup condition.)
EPICenter Reference Guide 135
136
The EPICenter Alarm System
● The sample value becomes greater than or equal to the Rising Threshold, after having become less than
or equal to the Falling Threshold (80% of the Rising threshold).
If you define an alarm for CPU Utilization Falling Threshold events, an event is generated each time the sample value becomes less than or equal to 80% of the Rising Threshold, after having become greater than
or equal to the Rising Threshold.
It is important to understand that, except for the initial occurrence of a Rising Threshold alarm, a CPU
Utilization alarm is generated only the when the sample value of the variable crosses the target threshold for the first time after having crossed the other threshold.
The startup condition for a CPU Utilization event is always predefined to be Rising.
See the EPICenter Concepts and Solutions Guide for a more detailed explanation of Threshold-based alarms, including examples of CPU Utilization events.
Configuring Rules for the Predefined RMON Event Types
NOTE
When you modify a Port Utilization, Temperature or Topology Change rule, you can modify all the fields available for
The Port Utilization, Temperature, and Topology Change configuration types are actually RMON utilization rules with a predefined configuration interface. The New Configuration and Modify
Configuration windows are the same of the Configuration windows for a CPU Utilization event, (see
Figure 59 ), except that you must provide a name for the rule.
NOTE
STP Topology Change traps are only supported on switches running ExtremeWare 6.2.2 or later.
The fields in this window are defined as follows:
Rule Name The name for this rule. For these events, this is user-defined.
Rising Threshold A threshold value that triggers a trap event when the value of relevant variable rises past this value. The thresholds are specified based on the configuration type as follows:
• Port Utilization — A threshold value, in 100ths of a percent, that triggers an event when the port utilization rises past this value.
• Temperature — A threshold value, in degrees celsius, that triggers an Overheat event when the temperature rises past this value.
• Topology Change — An integer threshold value that triggers a topology change event when the total number of topology changes seen by this device since the management entity was last reset or initialized, rises past this value.
Description The description of the relevant MIB variable for the selected rule type.
The Falling Threshold is automatically defined as 90% of the rising threshold value.
EPICenter Reference Guide
Configuring a New Rule or Modifying a Rule
The other parameters that you can set when you configure an RMON event are predefined in the
Extreme switch agent for these three events. These are:
MIB Variable
Falling Threshold
Startup Alarm
Sample Interval
Sample Type
The MIB variable is predefined to be one of the following:
• For Port utilization: extremeRtStatsUtilization.0
• For Temperature: extremeCurrentTemperature.0
• For Topology Change: dot1dStpTopChanges.0
This is predefined as 90% of the rising threshold.
The Startup condition is predefined to be RisingOrFalling.
The sample interval is also predefined, and is set to 15 seconds.
The sample value is an absolute value.
NOTE
To define an alarm using one of these predefined threshold events, select RMON Trap Rising Alarm or RMON Trap
Falling Alarm as the Event Type in the Alarm Definition window.
Configuring the Rule Target
Click the Target tab to display the New Configuration Target page, as shown in Figure 60 .
This page lets you specify which devices should be configured to generate the event you have defined.
Figure 60: RMON target selection window
EPICenter Reference Guide 137
138
The EPICenter Alarm System
The fields and buttons in this window are defined as follows:
Source Type
Select Group
Device/Device Group/
Port Group
IfIndex
Selection
The source of the RMON rule targets (Device, Device Group, Port, or Port Group). Select the type you want from the pull-down list. The choices you have are determined by the variable you selected for the rule. For example, if the variable you have selected to monitor is applied per port, you will be able to select by Port or Port Group.
The device group whose members are displayed in the Device list. This choice is not available if you have selected Device Group or Port Group as the Source Type.
The list of components (devices or groups) of the specified type. The field label changes based on the Source Type. It is labeled Device when you select either Device or Ports (a second field is provided for port selection if needed).
If you leave your cursor over a device name for a moment, a pop-up displays the IP address of the device.
The list of ports available on the device selected in the Device Source list. This list appears only if you’ve selected Port as the Source Type. Select a device from the Device list, and the appropriate set of ports for the device appears.
The devices, ports, device groups, or port groups that are currently targets for the RMON rule.
The buttons in the middle of the page let you move selected devices, ports, or groups between the source list and the Selection list:
Add ->
Add All ->
<- Remove
<- Remove All
Adds the selected device(s), port(s), device Groups or Port Groups to the Selection list for inclusion in the scope of this alarm.
Adds all the components in the source list to the Selection list.
Removes the selected components from the Selection list.
Removes all the components from the Selection list.
Synchronizing EPICenter with Device RMON Rules
1 To synchronize EPICenter’s database with the RMON rules in place on a switch, click the
Sync button at the top of the window.
The Synchronize RMON Rules window opens, as shown in Figure 61 .
EPICenter Reference Guide
Figure 61: The Synchronize RMON Rules window
Synchronizing EPICenter with Device RMON Rules
You can synchronize individual devices or all devices in a device group.
1 To select a device group, select Device Group from the pull-down list in the Source Type field. A list of device groups is displayed.
To select individual devices, select Devices in the Source Type field. A list is displayed showing all the Extreme Networks devices managed by EPICenter.
2 To add a device or device group to the Selection list, select the device or device group and click
Add -> . To add all devices or device groups in the list, click Add All ->.
3 To remove a device or device group from Selection list, select the item and click <- Remove. To remove all devices or device groups, click <- Remove All.
4 Click Synchronize to initiate the synchronization process.
The Alarm Manager uses SNMP to retrieve configuration and status information from each selected switch, and updates the database with that information.
5 The Synchronize function displays a dialog box with status or error information. Click OK to continue.
6 Click Close to exit the Synchronize RMON Rules window.
EPICenter Reference Guide 139
The EPICenter Alarm System
140 EPICenter Reference Guide
5
Configuration Manager
This chapter describes how to use the EPICenter Configuration Manager feature for:
● Uploading and archiving configuration settings from one or more devices to EPICenter, on demand or at a predefined (scheduled) time.
●
●
Creating Baseline Configurations for one or more devices.
Downloading configuration settings from EPICenter to a device.
●
●
Downloading an incremental configuration to one or more devices.
Specifying and configuring the TFTP server to be used for uploading and downloading configuration settings and software images.
Overview of the Configuration Manager
The EPICenter Configuration Manager applet provides a graphical interface for uploading and downloading files to and from managed devices. It provides a framework for storing the configuration files to allow tracking of multiple versions, including baseline configuration files. Configuration file uploads can be performed on demand, or can be scheduled to occur at regular times—once a day or once a week. The Configuration Manager supports Extreme Networks devices only.
For devices running ExtremeXOS, both the current configuration file and any Policy files saved on the switch are uploaded, and saved in .zip format. The individual elements of the zip file (configuration file and policy files) can be inspected individually.
It is not possible to create baseline configurations for devices running ExtremeXOS.
The Configuration Manager also provides the ability to view the differences between configuration files, or between Policy files (for ExtremeXOS). If a baseline file exists for an ExtremeWare device, the
Configuration Manager will automatically check for differences whenever a scheduled archive upload is performed.
To start the Configuration Manager applet, click the Config button in the EPICenter Navigation Toolbar.
Configuration Manager Functions
There are multiple ways to invoke the functions provided by the Configuration Manager:
● Using the menus at the top of the main applet frame.
●
●
Using the function buttons shown directly below the EPICenter menus.
Using commands from a pop-up menu that appears when you right-click on a device or device group entry in the Component Tree.
For simplicity, most of the instructions in this chapter only specify a one method of invoking a function
(usually the function button).
EPICenter Reference Guide 141
142
Configuration Manager
Configuration Manager Function Buttons
The buttons at the top of the main Configuration Manager applet provide the following functions:
Table 11: Configuration Manager Function Buttons
Upload
Archive
Download
Increment
View
Diff
TFTP
Upload configuration from one or more devices. See “
“Uploading Configurations from
Devices” on page 149 ” for details on using this feature.
Create a schedule for archiving configuration information from one or more devices.
See
“Scheduling Device Archive Uploads” on page 152
for details on using this feature.
Download a saved configuration to a selected device. See “ “Downloading Configuration
Information to a Device” on page 157
” for details on using this feature.
Download an incremental configuration to one or more selected device. See
“
“Downloading an Incremental Configuration to Devices” on page 159 ” for details on
using this feature.
View the contents of the selected configuration file using the Configuration Viewer
View the differences between two configuration files using the Diff Viewer (requires configuration of a Diff viewer).
Configure the TFTP Server. See
“Configuring the TFTP Server” on page 170 .
These functions can also be accessed through the Configuration menu, and all except the Increment and
TFTP commands can be accessed from the pop-up menu accessed by right-clicking a component in the
Component Tree.
The Configuration Menu
EPICenter provides a set of menus at the top of the main applet frame. Most of these are standard across all the EPICenter applets, and are described in
“EPICenter Menus” on page 32 .
The Configuration Manager provides an additional menu, Configuration, that contains commands unique to the Configuration Manager. The Configuration menu contains the following items:
Table 12: The Configuration Menu
Upload
Archive
Download
Increment
View
Diff
Upload configuration from one or more devices. See “
“Uploading Configurations from
” for details on using this feature.
Create a schedule for archiving configuration information from one or more devices.
See
“Scheduling Device Archive Uploads” on page 152
for details on using this feature.
Download a saved configuration to a selected device. See “
Information to a Device” on page 157 ” for details on using this feature.
Download an incremental configuration to one or more selected device. See
“ “Downloading an Incremental Configuration to Devices” on page 159 ” for details on
using this feature.
View the contents of the selected configuration file using the Configuration Viewer.
See
“Viewing a Configuration File” on page 166
.
View the differences between two configuration files using the Diff Viewer (requires
configuration of a Diff viewer). “Comparing Two Configuration File—The Diff
.
EPICenter Reference Guide
Configuration Manager Functions
Table 12: The Configuration Menu
Baseline (valid only for devices running ExtremeWare)
Create Designate the selected saved configuration as the baseline configuration. If a device group is selected, designates the most recent uploaded configuration file for each device as the baseline configuration for that device. See
Configuration File” on page 161 .
Remove
Schedule
Remove the saved baseline configuration file, and reset the baseline time and baseline filename in the status display. If a device group is selected, removes the saved baseline files for all devices in the group, and resets the baseline status for those devices. See
“Removing a Baseline Configuration File” on page 162 .
Create a schedule for uploading configuration information that will be saved as the baseline configuration for the device, or for all devices in a device group. See
“Scheduling a Baseline Upload” on page 162
.
View
Diff
Restore
View the baseline configuration for the selected device using the Configuration Viewer.
See
“Viewing a Configuration File” on page 166
.
View the differences between the selected configuration file and the baseline configuration for the device using the Diff Viewer (requires configuration of a Diff viewer).
“Comparing Two Configuration File—The Diff Command” on page 167 .
Restores the baseline configuration to the selected device. See “Restoring a Baseline
Configuration to a Device” on page 164
.
Options
Setup Viewers
Setup Email
Notification
TFTP
Configure programs to be used as the Configuration Viewer and the Diff Viewer. There is a default Configuration Viewer built in; you must configure a Diff Viewer in order to use the Diff feature. See
“Configuring a Viewer” on page 169 .
Set up email notification to be used when differences are detected between a newly
archived configuration and the baseline configuration for a device. See “Configuring
Email Notification of Archive/Baseline Differences” on page 157 .
Configure the TFTP Server. See “Configuring the TFTP Server” on page 170 .
Pop-Up Menus
You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains commands relevant to the selected device or device group.
See
“Right-Click Pop-Up Menus” on page 38
for basic information about using pop-up menus.
The contents of a pop-up menu depends on the type of item you have selected in the Component Tree.
●
●
●
If you select the top-level Device Groups item, the pop-up menu provides all the commands shown in Table 13 except the Device and Macros commands.
If you select a specific device group, the pop-up menu provides all the commands except the Device command.
If you select a device, all the commands shown in Table 13 are available.
Table 13: Pop-Up Menu Commands
Upload
Archive
Download
Upload configuration from one or more devices. See “
“Uploading Configurations from
Devices” on page 149 ” for details on using this feature.
Create a schedule for archiving configuration information from one or more devices. See
“Configuring a Viewer” on page 169
for details on using this feature.
Download a saved configuration to a selected device. See “Downloading Configuration
Information to a Device” on page 157 for details on using this feature.
EPICenter Reference Guide 143
144
Configuration Manager
Table 13: Pop-Up Menu Commands
View
Diff
Baseline (valid only for devices running ExtremeWare)
Create Designate the selected saved configuration as the baseline configuration. If a device group is selected, designates the most recent uploaded configuration file for each device as the
baseline configuration for that device. See “Creating a Baseline Configuration File” on page 161 .
Remove
Schedule
Remove the saved baseline configuration file, and reset the baseline time and baseline filename in the status display. If a device group is selected, removes the saved baseline files for all devices in the group, and resets the baseline status for those devices. See
“Removing a Baseline Configuration File” on page 162
.
Create a schedule for uploading configuration information that will be saved as the
.
View
View the contents of the selected configuration file using the Configuration Viewer
View the differences between two configuration files using the Diff Viewer (requires configuration of a Diff viewer).
Diff
Restore
View the baseline configuration for the selected device using the Configuration Viewer. See
“Viewing a Configuration File” on page 166
.
View the differences between the selected configuration file and the baseline configuration for the device using the Diff Viewer (requires configuration of a Diff viewer).
Two Configuration File—The Diff Command” on page 167
.
Restores the baseline configuration to the selected device. See “Restoring a Baseline
Configuration to a Device” on page 164
.
Options
Setup Viewers
Setup Email
Notification
External App
Device >
Configure an alternate program to be used as the Configuration Viewer instead of the built-
in configuration Viewer. See “Configuring a Viewer” on page 169
.
Set up email notification for use when differences between a baseline configuration and a newly uploaded archive configuration are detected. See
“Configuring Email Notification of
Archive/Baseline Differences” on page 157
.
Launch an external application for the selected device, if the device has been so
configured in EPICenter. See “The External App Sub-Menu” on page 39 for more
information.
Same as the Device command from the Tools menu. Provides a submenu of commands:
Alarms, Statistics, Sync, Telnet, Viewer, VLANs, Device Manager. See
Menu” on page 39 for a description of each command.
Technical Support
Macros >
Properties
Same as the Technical Support command from the Tools menu.
See
“The Technical Support Sub-Menu” on page 40 for more information.
Same as the Macros command from the Tools menu. See
“The Macros Sub-Menu” on page 41 for more information.
Configuration File Locations
Configuration and baseline files are saved in different directories depending on how they were uploaded (manually, as a scheduled archive, or as a baseline). The default locations are as follows:
● Configuration files that are uploaded manually (not as a scheduled operation) are stored as text files
(for ExtremeWare) or as Zip archive files (for ExtremeXOS) in the <tftp_root>\configs directory, in a subdirectory hierarchy organized by year, month, and day. The file names by default are formed from the IP address of the device with a timestamp appended. The default form of the file name for a manually uploaded configuration file is:
EPICenter Reference Guide
Device Configuration Summary Status
●
●
<tftp_root>\configs\<year>\<month>\<day>\<device_address>_<time>.txt
for devices running ExtremeWare
<tftp_root>\configs\<year>\<month>\<day>\<device_address>_<time>.zip
for devices running ExtremeXOS.
Configuration files that are uploaded through a scheduled archive upload are stored in the
<tftp_root>\configs\archive directory, also in a subdirectory hierarchy organized by year, month, and day. The form of the file name for an archived configuration file is:
<tftp_root>\configs\archive\<year>\<month>\<day>\<device_address>_<time>.txt
for devices running ExtremeWare
<tftp_root>\configs\archive\<year>\<month>\<day>\<device_address>_<time>.zip for devices running ExtremeXOS.
Baseline configuration files for ExtremeWare are stored in the <tftp_root>\baselines subdirectory.
Since there can only be one baseline configuration per device, baseline configuration files are saved with filenames created just from the device IP address. The form of the file name for a baseline configuration file is:
<tftp_root>\baselines\<device_address>.txt
for devices running ExtremeWare.
NOTE
Baselining is not supported for devices running ExtremeXOS.
<tftp_root> is the location of the TFTP server.
By default, <tftp_root> is <EPICenter_install_dir>\user.war\tftp .
In the Windows operating environment, <EPICenter_install_dir> is c :\Program Files\Extreme
Networks\EPICenter 6.0
.
In a Linux or Solaris environment, <EPICenter_install_dir> is /opt/ExtremeNetworks/EPICenter6.0
.
Device Configuration Summary Status
When the Configuration Manager opens, it shows summary status for the selected device or device group. Click a device group name in the Component Tree to display the summary status for the devices in the group, as shown in Figure 62 .
EPICenter Reference Guide 145
Configuration Manager
Figure 62: Configuration Manager showing summary device status
146
This display shows a summary of the upload and download activity for each managed device, as follows:
Status
Name
Last Successful Upload
Next Upload
Last Successful Download
Baseline Time
Different
The status of the most recent configuration activity; Successful, Failed or None.
The device name and/or IP address.
The date and time of the last successful upload for the device
The date and time for the next Archival upload, if one is scheduled.
The last configuration download that has taken place through the EPICenter
Configuration Manager for this device.
The date and time that a baseline configuration upload occurred.
Indicates whether the last uploaded device configuration is the same as the baseline configuration. A green check indicates that configurations are the same. A red X
indicates that the current configuration is not the same as the baseline configuration.
You can display the upload and download status of the configuration information for an individual device by selecting the device in the Component Tree in the left-hand panel of the window. This displays a status window for the device similar to the one shown in Figure 63 .
EPICenter Reference Guide
Device Configuration Summary Status
Figure 63: Configuration and software status for an individual device (ExtremeWare)
The top section of the device status window displays the currently archived configuration files, with the following information about each file:
Directory
Filename
Upload Time
Baseline
The directory where the archived configuration file is stored
The filename of the archived configuration (.txt extension for ExtremeWare devices,
.
zip extension for ExtremeXOS devices).
The date and time at which the configuration was uploaded from the device.
Whether the configuration is the baseline configuration. A green check indicates that this file has been designated as the baseline configuration. A red X indicates that this is not the baseline configuration.
The bottom section of the device status window shows status information about the device. The first five lines show basic identification information for the device. The remaining lines show the following information about the device configuration files.
Baseline File
Baseline Time
Scheduled Baseline
Last Upload Status
Filename (with path) of the baseline configuration, if there is one.
The date and time at which the baseline configuration was uploaded from the device.
The date and time for the next scheduled baseline configuration upload, if one is scheduled.
Whether the last upload was successful or not, and if successful, whether it is different from the saved baseline configuration.
EPICenter Reference Guide 147
Configuration Manager
Last Upload Filename
Next Upload Time
Last Download Time
Last Download Status
Last Download Filename
Filename (with path) of the last successful archive upload for the device
The date and time for the next archival upload, if one is scheduled.
The date and time of the last time a configuration file was downloaded to the device.
The status of the download (successful, failure, or none).
Filename (with path) of the configuration file that was last downloaded to the device.
For a device running ExtremeXOS, the upload and download status display looks as shown in
Figure 64 . The information shown is the same as for an ExtremeWare device, except that the .zip file itself can be expanded to display its components parts—the configuration file (a text file in XML format) and the policy files.
Figure 64: Configuration and software status for an individual device (ExtremeXOS)
148
Any of the files within the zip file can be selected and then viewed with the View command (see
“Viewing a Configuration File” on page 166 ). If multiple configuration zip files have been uploaded
from a device running ExtremeXOS, you can select and view the differences between like elements from within the files (i.e. the configuration files or policy files). See
“Comparing Two Configuration File—The
for more information.
EPICenter Reference Guide
Uploading Configurations from Devices
Uploading Configurations from Devices
To upload the configuration information from one or more devices, click the Upload button at the top of the window, or select Upload from the Configuration menu or from the right-click pop-up menu.
For ExtremeXOS devices, this command uploads the configuration information and any policy files saved on the device, and saves them into a compressed archive file (zip file).
The Upload Configuration from Devices window appears, as shown in Figure 65 .
Figure 65: The Upload Configuration from Devices window
The fields in this window are as follows:
Device Group:
Available Devices:
Device group from which to select devices for upload. Determines the devices shown in the
Available Devices list. Select All Devices from the drop-down menu to include all devices in the Available Devices list.
The devices from which you can upload configuration information. Shows devices in the
Device Group selected in the Device Group field.
Devices for Upload: The devices you have selected from which to upload configuration files.
Upload File Options
Archive to Default
Location
Select this option to create files for each upload under the EPICenter configs directory, in a subdirectory hierarchy organized by year, month, and day. The form of the fully qualified file names for these files is:
<tftp_root>\configs\<year>\<month>\<day>\<IP_address>_<time>.txt
or
<tftp_root>\configs\<year>\<month>\<day>\<IP_address>_<time>.zip
where <tftp_root> is the location of your TFTP server. (By default, <tftp_root> is
<EPICenter_install_dir>\user.war\tftp .)
EPICenter Reference Guide 149
150
Configuration Manager
Baseline Check this option to designate the uploaded Configuration files as the baseline files for the selected devices. If this option is checked, the file is placed in a baseline subdirectory:
<tftp_root>\baseline\<IP_address>.txt
Archive to:
Configuration information saved at:
Select this to specify your own directory structure and file naming convention relative to the
TFTP root’s configs subdirectory. The structure will be of the form:
File Location:
<tftp_root>\configs\<File_Location>\<IP_address>_<FileName_Trailer>.txt
or
<tftp_root>\configs\<File_Location>\<IP_address>_<FileName_Trailer>.zip
where <File_Location> is the subdirectory you specify in the File Location field, and
<FileName_Trailer> is the string you specify in the FileName Trailer field.
Specify the <File_Location> path where the files should be stored, starting from the configs subdirectory. This field is available only when the Archive To option is selected.
• Do not include <tftp_root>\configs\ as part of the path; just include the remaining path.
FileName Trailer: Specify a string to be appended to the regular file name format to create a file name. This field is available only when the Archive To option is selected.
For example, if you specify a file name trailer of “week_8_backup” then the filename for the device, assuming the default file name format, would be
<IP Address>_<Timestamp>_week_8_backup.txt.
Shows the directory path where configuration information will be saved, and the current file name format, as specified using the Configure Upload File Name Format dialog. See
“Changing the Configuration Filename Format” on page 151 for details.
To upload device configurations to EPICenter, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 From the Available Devices list, select the devices from which you want to set an upload schedule, and click Add to add them to the Devices for Upload list. Click Add All to add all the devices in the Available Devices list.
3 Specify where the uploaded information should be stored.
To store the files in the EPICenter default configs directory, select Archive to Default Location. To specify your own location, select Archive to.
In either case, you can designate these configuration files as the baseline files for the selected devices by checking the Baseline checkbox.
NOTE
subdirectory will be found directly below your TFTP root directory.
4 You can change the location (relative to the TFTP root’s configs subdirectory) and file naming convention used to store your uploaded files. The location and naming structure will be of the form:
<tftp_root>\configs\<File_Location>\<File Name>_<FileName_Trailer>.txt
(or .zip
)
● To change the File Location, type the path you want EPICenter to create under the
<tftp_root>\configs\
●
●
To have EPICenter append a text trailer to the file names it creates, enter the trailer string in the
FileName Trailer field.
By default, EPICenter saves configuration files using file names created from the device name, IP address, and the time at which the upload was performed: < IP Address>_<Time>.txt
.
In addition to appending some trailer text, you can change the format of the file name. The IP
EPICenter Reference Guide
Archiving Configuration Settings
Address and Time elements are required, but you can change the order, and include other elements as well as adding text of your own. See
“Changing the Configuration Filename Format” on page 151
.
5 Click Apply to start the upload process.
Changing the Configuration Filename Format
To change the filename format:
1 Click the Configure Upload Filename Format button to open the Configure Upload Filename
Format window.
2 Create your filename format in the field provided as follows:
● Type a space to invoke a list of elements you can include. These include the system name
(SysName), IP address, Date, and Time. The default is <IPAddress>_<Time> , which you can specify as a unit by choosing DEFAULT from the list. You can select these in any order, but you must include both the IP address and the Time somewhere in your filename format. Each element you choose is separated from its neighboring elements by an underscore.
● You can include text of your own in the filename format; it will then appear in every file name
EPICenter creates (until you change the format).
3 Click Apply when you have finished.
When you change the filename format, it becomes the default format for any upload operations you perform within this Configuration Upload session—when you close the Configuration Upload window, the filename format reverts to the default.
You can change the default configuration filename format from within the Admin applet, Server
Properties, under the Other category. See “Server Properties Administration” on page 362 for more
information.
Archiving Configuration Settings
You can schedule the uploading (archiving) of configuration information so that it is done automatically, either once a day or once a week. You can set up a global archive schedule, as well as schedule archiving for individual devices. All new devices added to the EPICenter database use the global upload schedule, if one has been set up, until they are configured with an individual archiving schedule. By default, no global archiving is scheduled.
When a scheduled upload occurs for a device, if a baseline configuration has been designated for the device, EPICenter automatically compares the new archive configuration with the baseline configuration, and sends an email report if differences are found. This requires configuration of the
). These reports are saved in the
<tftp_root>\configs\reports
directory.
Since archiving files on a regular basis for a large number of devices could eventually use too much disk space., you can set limits on the number of archive files that are kept, or set a time limit for how long they are kept.
In addition, in the Admin applet you can specify whether the device configurations are always uploaded at the scheduled archive time, or are uploaded only when the device configuration has changed. The default is to perform a scheduled upload only when the configuration has changed. See
EPICenter Reference Guide 151
Configuration Manager
“Server Properties Administration” on page 362 for more information about how to set the uploading
configuration settings.
Scheduling Device Archive Uploads
A device, a set of devices, or one or more device groups can be scheduled for archive individually and independently of other device upload schedules. To schedule device configuration archive uploads, click the Archive button at the top of the window, or select Archive from the Configuration menu or from the right-click pop-up menu.
The Schedule Upload window appears, as shown in Figure 66 , with the Device Schedule tab displayed.
Figure 66: Schedule Upload window
152
The fields in the Device Schedule window are as follows:
Device Group The device group from which to select devices for upload. Determines the devices shown in the Available Devices list. Select All Devices from the drop-down menu to include all devices in the Inventory database in he Available Devices list.
Available Devices: The devices from which you can upload configuration information. Shows devices in the
Device Group selected in the Device Group field.
Devices for Scheduling: The devices you have selected from which to upload configuration files.
Set Schedule
• No Schedule
Specify the schedule you want:
Removes any schedule associated with the device(s) in the Devices for Scheduling list.
EPICenter Reference Guide
Archiving Configuration Settings
• Repeat Every Day The upload should be done every day at the specified time for the devices in the Devices for Scheduling list. When you select this option, you can specify the time of day (the hour and minutes) at which the upload should be done.
• Repeat Every Week The upload should be done every week at the specified day and time for the devices in the Devices for Scheduling list. When you select this option, you can specify the time of day (the hour and minutes), and the day of the week at which the upload should be done.
At:
Configuration information saved at:
Hours (0-23): Specify the hour at which the upload should be done.
Minutes (0-60): Specify the minute within the hour at which the upload should be done
Days of Week: For a weekly schedule, specify the day of the week on which to perform the upload.
Shows the directory path where archived configuration files are saved, and the current file name format.
By default, archived file information will be stored in the form:
<tftp_root>\configs\archive\<year>\<month>\<day>\<device_address>_<time>.txt
where <tftp_root> is the location of your TFTP server.
(By default, <tftp_root> is <EPICenter_install_dir>\user.war\tftp.)
You can change the filename format using the Configure Upload File Name Format dialog.
See
“Changing the Configuration Filename Format” on page 151
for details.
To schedule the upload of device configurations, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 From the Available Devices list, select the devices from which you want to set an upload schedule, and click Add to add them to the Devices for Upload list. Click Add All to add all the devices in the Available Devices list.
3 Specify the schedule you want.
4 Click Apply to have the upload schedule set for these devices.
Scheduling Global Archive Uploads
When you use the Inventory Manager to add devices to the EPICenter database, configurations on those devices are automatically saved according to the global schedule for configuration uploads, if one has been set. If you have a device or series of devices that require a configuration upload schedule that differs from the global schedule, see
“Scheduling Device Archive Uploads” on page 152 for information
on how to create an individual configuration schedule.
To set or modify the Global Upload schedule, select the Global Schedule tab in the Schedule Upload window (as shown in Figure 67 ).
EPICenter Reference Guide 153
Configuration Manager
Figure 67: Global Schedule Upload window
154
The fields in this window are as follows:
Current Global Schedule
Change Current Global
Schedule
• No Schedule
• Repeat Every Day
• Repeat Every Week
At:
Configuration information saved at:
Indicates the current schedule.
Specify the global schedule using one of the options below.
Removes any schedule associated with the device(s) that use the global schedule.
The upload should be done every day at the specified time for devices that use the global schedule. When you select this option, you can specify the time of day (the hour and minutes) at which the upload should be done on.
The upload should be done every week at the specified day and time for devices that use the global schedule. When you select this option, you can specify the time of day
(the hour and minutes), and the day of the week at which the upload should be done.
Hours (0-23): Specify the hour at which the upload should be done.
Minutes (0-60): Specify the minute within the hour at which the upload should be done
Days of Week: For a weekly schedule, specify the day of the week on which to perform the upload.
Shows the directory path where archived configuration files are saved.
Archived file information will be stored in the form:
<tftp_root>\configs\<year>\<month>\<day>\<device_address>_<time>.txt
where <tftp_root> is the location of your TFTP server.
By default, <tftp_root> is <EPICenter_install_dir>\user.war\tftp.
You can change the filename format using the Configure Upload File Name Format dialog.
See
“Changing the Configuration Filename Format” on page 151 for details.
EPICenter Reference Guide
Archiving Configuration Settings
Click Apply to set the global upload schedule for devices that do not have an individually set configuration schedule.
Setting Archive Limits
You can limit the number of archived configuration files EPICenter keeps for a device to prevent accumulated files from using too much disk space on the EPICenter server. You can set a limit either by specifying the number of files kept for each device, or by specifying how long to keep files.
NOTE
Archive limits apply only to files created automatically through a scheduled upload.
To set archive limits, select the Archive Limit tab in the Schedule Upload window (as shown in
Figure 68 ).
Figure 68: Archive Limits window
The archive limit settings you can select are:
No Limit An unlimited number of files can be saved for each device. This is the default.
Number of copies per device to keep
Specifies the number of files to keep for each device. When the limit is reached, the oldest files for the device are deleted.
Days to keep the configuration files Specifies that EPICenter should not keep configuration files that are older than the time limit. When a configuration file exceeds the age limit, it is deleted.
EPICenter Reference Guide 155
Configuration Manager
Click Apply to set the archive limit.
Archive/Baseline Differences Report
When EPICenter uploads a scheduled archive configuration, it automatically compares the new configuration with the baseline configuration for the device, if a baseline configuration exists. If
saved in the <tftp_root>\configs\reports directory, named with the date at which the report was created (for example, 2004_10_11.pdf
). Figure 69 shows an example of this report. The one report contains information about configuration changes detected for all devices included in the scheduled archive operation.
Figure 69: Configuration Change Report
156
For each device, the report shows the information about each configuration change it has detected:
Type
Configuration Change
Switch Log Event
The type of change that occurred (add, modify, or delete)
The changed lines in the configuration file
The switch log event entries (if any) that are related to the configuration change.
If either the baseline configuration or the archived configuration file for a device is too large, EPICenter does not attempt to analyze the differences.
EPICenter Reference Guide
Downloading Configuration Information to a Device
Configuring Email Notification of Archive/Baseline Differences
If differences are found between the newly archived configuration and the baseline configuration,
EPICenter can send a report via email. You must configure the email notification part of this feature before it can function properly.
To configure email notification, select Options, then Email Notification from the Config menu or from a right-click pop-up menu.
Figure 70: The Email Settings window
Fill in the fields as follows:
Email to
SMTP Host
Sent By
My server requires authentication
User Name
Password
The email address(es) of the recipient(s) of the email. E-mail addresses in a list can be separated by commas, semicolons, or spaces.
The outgoing mail server name (or IP address).
The e-mail address that should be used as the sender of the e-mail.
Check this if your mail server authenticates the user before sending out e-mail and enter the user name and password of an account that the SMTP server accepts.
Usually this is the account you use to log into your network.
If you don’t know whether your server requires authentication, you can go ahead and enter the authentication information—it is ignored if it is not actually needed.
The user name for mail server authentication.
The password for mail server authentication.
Downloading Configuration Information to a Device
Downloading a configuration does a complete configuration download, resetting the current switch configuration and replacing it entirely with the new downloaded configuration. The switch is rebooted automatically after the download has completed. On Extreme devices you can have the switch save the configuration after reboot as the Primary, Secondary or Current configuration. You can only download to one device at a time.
To download saved configuration information to a device, click the Download button at the top of the window.
The Download Configuration window appears, as shown in Figure 71 .
EPICenter Reference Guide 157
Configuration Manager
Figure 71: Download configuration window
158
The fields in this window are as follows:
Device Group:
Device
Last Uploaded Configuration
File Location:
Show Uploaded Configs
Device group from which to select the device for a configuration download.
Determines the devices shown in the Device list. Select All Devices from the dropdown menu to include all devices in the Available Devices list.
The devices for which you can download configuration information. Shows devices in the Device Group selected in the Device Group field.
If configuration information has been uploaded from the device, the file where it was saved.
The location and name of the file to download. When you select a device, the file displayed as the Last Uploaded Configuration appears here.
To select a different file, you can type a filename into this field, or click the Show
Uploaded Configs button and select the file to be downloaded.
Click to display a pop-up list of configuration files available for the selected device.
Select a configuration the file to be downloaded from the list and click OK, or Close to close the pop-up list.
EPICenter Reference Guide
Downloading an Incremental Configuration to Devices
Download configuration to:
Save configuration to:
Select the location on the device to which the configuration should be downloaded:
• Current: Downloads to the current partition (ExtremeWare devices only).
• Primary: Downloads to the Primary partition.
• Secondary: Downloads to the secondary partition.
For devices running ExtremeWare, check to automatically save the configuration file on the device after the device reboots.
Select the location on the device where the configuration should be saved:
• Current: Saves as the current configuration.
• Primary: Saves as the Primary configuration.
• Secondary: Saves as the secondary configuration.
To download a configuration to a device, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 Select the device from the device list presented. You can only download to one device at a time.
3 Select the file you want to download. The default is the Last Uploaded Configuration, if there is one.
You can also enter a file name or select from a list of files saved for this device.
4 For ExtremeWare devices, specify the target location for the configuration, and whether EPICenter should save the file on the device after reboot.
5 To start the download, click the Apply button.
Downloading an Incremental Configuration to Devices
The Incremental download feature lets you download only selected configuration settings to a device, instead of replacing the entire device configuration file.
An incremental configuration download executes only the commands specified in the incremental download file. It does not reset the switch configuration or replace any other configuration settings that may exist in the device. No reboot is necessary. The EPICenter incremental download does not save the configuration; you must do so.
Within EPICenter, you can create or designate a set of configuration information as a baseline configuration for devices running ExtremeWare 6.0 or later (see
“standard” configuration that you can use to ensure that devices are configured into a known state. For example, if you want to set a group of devices to the same basic configuration, you can first set individual IP addresses on each device, and then use the incremental configuration download feature to set all other configuration settings on all devices to a common state.
Incremental downloads are supported on Extreme Networks devices running ExtremeWare 6.0 or later.
To download an incremental configuration to a device, click the Increment button at the top of the window.
EPICenter Reference Guide 159
Configuration Manager
The Download Incremental Configuration to Devices window appears, as shown in Figure 72 .
Figure 72: Download Incremental Configuration window
160
The fields in this window are as follows:
Device Group:
Supported Devices
Download Incremental config to list
Available Incremental
Configs
Select a device group or All Devices from the drop-down menu.
Select the devices for which you want to download the baseline configuration, then click the Add-> button.
If you want to download the baseline configuration to all the devices in the device group, click the Add All-> button.
When you select devices from the Supported Devices list and click Add-> or Add All->, the devices are moved to the Download Incremental Config to list.
To remove devices from the Download Incremental config to list, select the devices and click the <-Remove button. This moves the selected devices back to the Supported
Devices list. Click <-Remove All to move all the devices in the Download Incremental
Config to list back to the Supported Devices list.
Select the baseline configuration you want to download from the pull-down list in the
Available Incremental Configs field.
From this window, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 From the Supported Devices list, select the devices for which you want to download the baseline configuration.
The buttons in the center of this window function as follows:
Add ->
Add All ->
<- Remove
<- Remove All
Adds the selected device(s) to the Devices for Upload list.
Adds all the devices in the Available Devices list to the Devices for Upload list.
Removes the selected device(s) from the Devices for Upload list.
Removes all the devices from the Devices for Upload list.
3 Select the configuration file you want to download from the pull-down list in the Available
Incremental Configs field.
4 Click Apply to start the baseline download to the selected device.
EPICenter Reference Guide
Creating a Baseline Configuration File
NOTE
The EPICenter software does not reboot the device or save the configuration on the device after the download. You can use the Telnet applet to open a Telnet session on the affected devices and execute a save configuration command.
NOTE
The Configuration Manager displays an error if you attempt an incremental download on a switch running a version of ExtremeWare prior to 6.0.
Creating a Baseline Configuration File
NOTE
Baseline configuration files are not supported for devices running ExtremeXOS.
The purpose of a baseline configuration is to provide a set of known, standard configuration settings you can download to a device to restore it or initialize it to a known software state.
There are several ways to create a baseline configuration:
● You can start with a configuration file you have previously uploaded, and designate it as a baseline using the Baseline > Create command from the Configuration menu or a right-click pop-up menu.
●
● a Select the device for which you want to create a baseline.
b Select the configuration file that should be designated as the baseline.
c Select Baseline, then Create from the Configuration menu or the right-click pop-up menu.
You are asked to confirm that this configuration file should be used as the baseline.
You can upload a configuration as a baseline. You do this by using the Upload command, and checking the Baseline checkbox under Upload File Options. See
“Uploading Configurations from
for more information.
You can schedule a baseline upload. See “Scheduling a Baseline Upload” on page 162 for details.
Baseline configuration files are stored in the <tftp_root>\baselines directory, where <tftp_root> is the location of your TFTP server. By default, <tftp_root> is
<EPICenter_install_dir>\user.war.war\tftp .
Baseline files are always named in the form <device_address>.txt
. So, the baseline file for the device with IP address 10.205.2.39 will be 10_205_2_39.txt
in the directory <tftp_root>\baselines .
<EPICenter_install_dir> is the EPICenter installation directory. Thus, if you installed the EPICenter server under Windows XP or Windows 2003 using the default installation path, the baseline configuration for device 10.205.2.39 would be saved in c:\Program Files\Extreme
Networks\EPICenter 6.0\user.war\tftp\baselines\10_205_2_39.txt
, unless you have reconfigured your TFTP root directory.
EPICenter Reference Guide 161
162
Configuration Manager
NOTE
If you have reconfigured your TFTP root directory (see
“Configuring the TFTP Server” on page 170
), the baselines subdirectory will be found directly below (as a child of) your TFTP server root directory.
Removing a Baseline Configuration File
You can remove baseline configuration files using the Baseline > Remove command from the
Configuration menu or a right-click pop-up menu.
●
●
If you have an individual device selected when you execute this command, EPICenter deletes the baseline file for the selected device, and resets the device status so the Baseline Time is set to None and the Baseline filename is cleared.
If you have a device group selected, EPICenter deletes any baseline files for all devices in the device group, and resets the baseline status of those devices.
Scheduling a Baseline Upload
You can schedule the upload of a baseline configuration for one or more devices. Unlike the Archive feature, this is a one-time event; you cannot schedule repeating baseline uploads. This feature allows you to schedule the upload up to a week ahead at a convenient time (when network activity is low, for example) without requiring administrator attendance.
NOTE
Baseline configuration files are not supported for devices running ExtremeXOS.
To schedule baseline configuration uploads, select Baseline, then Schedule from the Configuration menu or from the right-click pop-up menu. The Schedule Baseline window appears, as shown in
Figure 73 .
EPICenter Reference Guide
Figure 73: The Schedule Baseline window
Scheduling a Baseline Upload
The fields in the Schedule Baseline window are as follows:
Device Group
Available Devices:
Devices for Scheduling:
Set Schedule
• No Schedule
• Schedule Baseline
At:
Configuration information saved at:
The device group from which to select devices for upload. Determines the devices that appear in the Available Devices list. Select All Devices from the drop-down menu to include all devices in the Inventory database in the Available Devices list.
The devices from which you can upload a baseline configuration. Shows devices in the
Device Group selected in the Device Group field.
The devices you have selected from which to upload baseline configuration files.
Specify the schedule you want:
Removes any schedule associated with the device(s) in the Devices for Scheduling list.
The upload should be done at the specified day and time for the devices in the Devices for Scheduling list. When you select this option, you can specify the day and the time of day (the hour and minutes) at which the upload should be done.
Hours (0-23): Specify the hour at which the upload should be done.
Minutes (0-60): Specify the minute within the hour at which the upload should be done
Days of Week: For a weekly schedule, specify the day of the week on which to perform the upload.
Shows the directory path where the baseline configuration files are saved.
By default, baseline file information will be stored in the form:
<tftp_root>\baseline\<device_address>_<timestamp>.txt
where <tftp_root> is the location of your TFTP server.
By default, <tftp_root> is <EPICenter_install_dir>\user.war\tftp.
To schedule the upload of device configurations, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 From the Available Devices list, select the devices from which you want to set an upload schedule.
The buttons in the center of this window function as follows:
EPICenter Reference Guide 163
164
Configuration Manager
Add ->
Add All ->
<- Remove
<- Remove All
Adds the selected device(s) to the Devices for Upload list.
Adds all the devices in the Available Devices list to the Devices for Upload list.
Removes the selected device(s) from the Devices for Upload list.
Removes all the devices from the Devices for Upload list.
3 Specify the schedule you want.
4 Click Apply to have the upload schedule set for these devices.
Restoring a Baseline Configuration to a Device
This feature lets you download a baseline configuration to a device, completely replacing the current configuration in the device. This feature functions like the regular Configuration Download feature, except that you do not need to select the file to download—the baseline configuration is preselected.
Like a regular configuration download, EPICenter reboots the device after the download, and you can specify whether the configuration should be saved on the device after the reboot.
If you want to download a baseline configuration to replace only part of a device’s configuration, you
download feature.
NOTE
Baseline configuration files are not supported for devices running ExtremeXOS.
EPICenter Reference Guide
Figure 74: The Restore Baseline Configuration window
Restoring a Baseline Configuration to a Device
The fields in this window are as follows:
Device Group:
Device
Baseline Configuration
Download configuration to:
Save configuration to:
Device group from which to select the device for a configuration download.
Determines the devices shown in the Device list. Select All Devices from the dropdown menu to include all devices in the Available Devices list.
The devices to which you can download a baseline configuration. Shows devices in the Device Group selected in the Device Group field.
If a baseline configuration has been uploaded from the device, the file where it was saved.
Select the location on the device to which the configuration should be downloaded:
• Current: Downloads to the current partition.
• Primary: Downloads to the Primary partition.
• Secondary: Downloads to the secondary partition.
Check to automatically save the configuration file on the device after the device reboots.
Select the location on the device where the configuration should be saved:
• Current: Saves as the current configuration.
• Primary: Saves as the Primary configuration.
• Secondary: Saves as the secondary configuration.
EPICenter Reference Guide 165
166
Configuration Manager
To restore (download) a baseline configuration to a device, do the following:
1 Select a device group or All Devices from the drop-down menu in the Device Group field.
2 Select the device from the device list presented. You can only restore to one device at a time. You do not need to select a configuration file as the baseline file is used.
3 For ExtremeWare devices, specify the target location for the configuration, and whether EPICenter should save the file on the device after reboot.
4 To start the download, click the Apply button.
Viewing a Configuration File
The view feature allows you to look at the contents of a saved configuration or baseline file using either a built-in viewer, or a file viewer of your choice. See
“Configuring a Viewer” on page 169
for information on configuring a different file viewer.
To view a configuration file:
1 In the main Configuration Manager window, select the device with the configuration file you want to view.
2 Select the configuration file you want to view.
For ExtremeXOS devices, you must expand the contents of the.zip file and select the configuration file or a policy file from within the .zip file to view. You cannot use the View function by selecting the .zip file. See Figure 64 for an example of an expanded ExtremeXOS configuration .zip file.
3 Click the View button at the top of the window, or select View from the Config menu or from the right-click pop-up menu.
If you have not selected a configuration file, if you select more than one file, or if you select a .zip file
(for devices running ExtremeXOS), the View button and View commands are not available.
To view a baseline configuration file:
1 In the main Configuration Manager window, select the device whose baseline you want to view.
2 Select Baseline > View from the Config menu or from the right-click pop-up menu. If the device does not have a saved baseline configuration, the Baseline > View command is not available.
The View Configuration window appears with the baseline file you selected displayed.
Figure 75 shows an example of the default configuration viewer.
EPICenter Reference Guide
Comparing Two Configuration File—The Diff Command
Figure 75: The View Configuration window (EPICenter default viewer)
When you have finished, click Close to close the viewer window.
The Save button is always disabled; you cannot save a configuration file you are viewing using the
View feature.
Comparing Two Configuration File—The Diff Command
The Diff feature allows you to contents of two saved configuration files for a device, or a configuration file and the baseline file using a difference viewer of your choice (see
“Configuring a Viewer” on page 169
for information on configuring a difference viewer). You can only compare files on a single device.
To view differences between two configuration files for a device:
1 In the main Configuration Manager window, select the device for which you want to compare configuration files.
2 Select the two configuration files you want to compare (using Ctrl-click or Shift-click).
For ExtremeXOS devices, you must expand the contents of two .zip files; then you can select and compare the configuration files or policy files from within the two zip files. You cannot use the Diff function to compare the two .zip files themselves.
3 Click the Diff button at the top of the window, or select Diff from the Config menu or from the right-click pop-up menu.
If you have not selected two configuration or policy files, the Diff button and Diff commands are not available. See Figure 76 for an example of selecting files for a device running ExtremeXOS.
EPICenter Reference Guide 167
Configuration Manager
Figure 76: Comparing policy files for an ExtremeXOS device
168
To view differences between the baseline file and a configuration file for a device:
1 In the main Configuration Manager window, select the device for which you want to compare a baseline and a configuration file.
2 Select the one configuration file you want to compare to the baseline.
3 Select Baseline > Diff from the Configuration menu or from the right-click pop-up menu. If you have not selected a configuration file to compare, the Baseline > Diff command is not available.
EPICenter invokes the Difference viewer in a separate window, with the two files you selected displayed. Figure 75 shows an example of a differences comparison using WinMerge in Windows XP.
EPICenter Reference Guide
Figure 77: The Diff Results window (using WinMerge)
Configuring a Viewer
The functions within the Diff viewer depend on the viewer you elect to install. See the documentation for the product you have selected for information about using the Diff viewer.
Configuring a Viewer
The Configuration Manager View and Diff functions each require a viewer application; View uses a simple text editor to show the contents of a configuration file, while the Diff function uses a Diff viewer to compare and display the differences between two configuration files.
● The View function by default uses a built-in viewer, but you can configure EPICenter to use an alternate application. You can use a viewer such as NotePad or WordPad in Windows, or vi in Linux or Solaris.
● The Diff function requires an external Difference viewer. A difference viewer displays the two configuration files simultaneously and indicate the places where they differ. You cannot use the Diff function until you have configured a viewer. You can use any Difference viewer you have installed on your client system:
■
■
For Windows, WinMerge, an open source viewer, is assumed as the default.
For Linux or Solaris, sdiff (in /usr/bin/sdiff ) is assumed as the default.
To configure either of these viewers, select Options, then Setup Viewers from the Configuration menu or from a right-click pop-up menu. The Setup Viewers dialog box appears, as shown in Figure 78 .
EPICenter Reference Guide 169
170
Configuration Manager
Figure 78: The Setup Viewers window
●
●
To set up a Configuration Viewer: a Uncheck the Use Default Configuration Viewer checkbox b Type the path and filename of the viewer you want to use, or use the browse button (three dots) to select a viewer executable file.
To set up a Difference Viewer, type the path and filename of the Difference Viewer, or use the browse button (three dots) to select a viewer executable file.
Configuring the TFTP Server
If you already have a TFTP server installed on the system where the EPICenter server is running, you may choose to use that TFTP server instead of the one provided with EPICenter. The TFTP server configured through EPICenter is the one that is used for downloading and uploading from the devices.
NOTE
The Configuration Manager may cause multiple devices to contact the TFTP server at once to perform upload or download operations. Some third party TFTP servers have problems accepting multiple TFTP requests. If you are running a third party TFTP server and this happens, disable the TFTP server and use the EPICenter TFTP server.
The Configure TFTP Server function lets you enable or disable the embedded TFTP server, and specify an alternate path for the location of the server.
Click the TFTP button at the top of the window to display the Configure TFTP Server window, as shown in Figure 79 .
EPICenter Reference Guide
Figure 79: Configure TFTP Server window
Configuring the TFTP Server
By default, the embedded TFTP server is enabled.
●
●
Click the Disable EPICenter TFTP Server button to disable the server.
Click the Enable EPICenter TFTP Server button to enable the server.
The EPICenter TFTP server root is by default <EPICenter_install_dir>\user.war\tftp where <EPICenter_install_dir> is the directory where the EPICenter server is installed.
EPICenter creates six subdirectories ( baselines , bootrom , configs , images , slotImages , and slotBootRom ) as children of the directory you specify as the TFTP server root.
● To change the location of the TFTP server root, you must first disable the EPICenter TFTP server to enable the Set TFTP Root field. You can then change the TFTP root path.
NOTE
If you change the location of the TFTP root directory after you have saved any configuration image files in any of these directories, EPICenter will no longer be able to find those files. You must copy the files from the old TFTP root location into the new directories at the new location.
NOTE
If you plan to use this TFTP server with other software, such as the ExtremeWare CLI or for any other purpose, be aware of possible differences in the expected locations of the TFTP server and other components such as
ExtremeWare software images or configuration files. See the EPICenter Release Note for information on any known issues.
EPICenter Reference Guide 171
Configuration Manager
172 EPICenter Reference Guide
6
The Firmware Manager
This chapter describes how to use the EPICenter Firmware Manager feature for:
● Downloading a new ExtremeWare image to one or more devices.
●
●
Downloading a BootROM image to one or more devices.
Downloading a new Slot software image to one or more Extreme modules.
●
●
●
●
Downloading a BootROM image to one or more Extreme modules.
Specifying an ExtremeWare software image as the “recommended” image. The Firmware Manager compares the image currently running in a switch to determine if the switch is running the recommended or most current image.
Retrieving the latest ExtremeWare software images from Extreme.
Performing a multi-step upgrade to upgrade software and BootROM images on Extreme i-series devices.
Overview of the Firmware Manager
The EPICenter Firmware Manager feature provides a graphical interface for managing versions of
ExtremeWare and ExtremeXOS software images and BootROM images, and upgrading Extreme devices as appropriate. The Firmware Manager provides a framework for storing image and BootROM files, and allows tracking of multiple versions. It also provides an automated function that can check the
Extreme web site and indicate when newer versions of these files are available.
To start the Firmware Manager feature, click the Firmware button in the EPICenter Navigation Toolbar.
Firmware Manager Functions
There are multiple ways to invoke the functions provided by the Firmware Manager:
● Using the menus at the top of the main Firmware Manager frame
●
●
Using the function buttons shown directly below the EPICenter Firmware menus
Using commands from a pop-up menu that appears when you right-click on a device or device group entry in the Component Tree.
For simplicity, most of the instructions in this chapter only specify one method of invoking a function
(usually the function button).
EPICenter Reference Guide 173
174
The Firmware Manager
Firmware Manager Function Buttons
The buttons at the top of the main Firmware Manager window provide the following functions:
Table 14: Firmware Manager Function Buttons
Upgrade
Versions
Update
TFTP
Upgrade the ExtremeWare software or BootROM image on Extreme devices or to
Specify the current version of the ExtremeWare software for each type of Extreme
Networks device. See
“Specifying the Current Software Versions” on page 194 for
details on using this feature.
Displays a list of available software and allows you to connect directly to Extreme
Networks to download the most current ExtremeWare software images and
BootROM images to your local EPICenter server. See
Images” on page 179 for details on using this feature.
Configure the TFTP Server. See
“Configuring the TFTP Server” on page 170
.
These functions can also be accessed through the Firmware menu, and all except the Increment and
TFTP commands can be accessed from the pop-up menu accessed by right-clicking a component in the
Component Tree.
The Firmware Menu
EPICenter provides a set of menus at the top of the main Firmware Manager frame. Most of these are standard across all the EPICenter features, and are described in
“EPICenter Menus” on page 32 .
The Firmware Manager provides an additional menu, Firmware, that contains commands unique to the
Firmware Manager. The Firmware menu contains the following items:
Table 15: The Firmware Menu
Upgrade
Versions
Update
TFTP
Upgrade the ExtremeWare software or BootROM image on Extreme devices or to
for details on using this feature.
Specify the current version of the ExtremeWare software for each type of Extreme
Networks device. See “Specifying the Current Software Versions” on page 194 for
details on using this feature.
Displays a list of available software and allows you to connect directly to Extreme
Networks to download the most current ExtremeWare software images and
BootROM images to your local EPICenter server. See
for details on using this feature.
Configure the TFTP Server. See “Configuring the TFTP Server” on page 170 .
Pop-Up Menus
You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains commands relevant to the selected device or device group.
See
“Right-Click Pop-Up Menus” on page 38
for basic information about using pop-up menus.
The contents of a pop-up menu depends on the type of item you have selected in the Component Tree.
EPICenter Reference Guide
Firmware Manager Functions
●
●
●
If you select the top-level Device Groups item, the pop-up menu provides all the commands shown in Table 16 except the Device and Macros commands.
If you select a specific device group, the pop-up menu provides all the commands except the Device command.
If you select a device, all the commands shown in Table 16 are available.
If a device or Device Group is selected, the information for the selected item is displayed.
Table 16: Pop-Up Menu Commands
Upgrade
Versions
Update
Device >
Macros >
Properties
Upgrade the ExtremeWare software or BootROM image on Extreme devices or to Extreme
modules that include software. See “Upgrading the Software or BootROM on Your
for details on using this feature.
Specify the current version of the ExtremeWare software for each type of Extreme
Networks device. See “Specifying the Current Software Versions” on page 194 for details
on using this feature.
Displays a list of available software and allows you to connect directly to Extreme
Networks to download the most current ExtremeWare software images and BootROM
images to your local EPICenter server. See “Obtaining Updated Software Images” on page 179
for details on using this feature.
Same as the Device command from the Tools menu. Provides a submenu of commands:
Alarms, Statistics, Sync, Telnet, Viewer, VLANs, Web. See “The Device Sub-Menu” on page 39
for a description of each command.
Same as the Macros command from the Tools menu. See “The Macros Sub-Menu” on page 41
for more information.
Same as the Properties command from the Display menu. See
“The Properties Display” on page 85 for details about what this command shows.
Software and BootROM Image Locations
Downloading software or BootROM images from Extreme does not automatically upgrade the devices with the new images. Instead, they are stored on the EPICenter server, and are available for download to a device or module.
Depending on the type of software image, they are stored on the EPICenter server in one of the following directories:
●
●
●
●
Device images are saved in <tftp_root>\images
Device BootROM images are saved in <tftp_root>\bootrom
Slot images are saved in <tftp_root>\slotImages
Slot BootROM images are saved in < tftp_root>\slotBootRom
<tftp_root> is the location of the TFTP server. By default, < tftp_root> is
< EPICenter_install_dir>\user.war\tftp .
In the Windows operating environment, < EPICenter_install_dir > is c :\Program Files\Extreme
Networks\EPICenter 6.0
.
In the Solaris environment, < EPICenter_install_dir > is /opt/ExtremeNetworks/EPICenter6.0
.
EPICenter Reference Guide 175
The Firmware Manager
NOTE
Only software and BootROM images stored locally on the EPICenter server can be used to upgrade a device or module through the EPICenter Firmware Manager.
The Firmware Manager Main Window
To start the Firmware Manager, click the Firmware button in the EPICenter Navigation Toolbar. The
Firmware Manager main window appears (see Figure 80 ).
Figure 80: Firmware Manager showing summary status for a device group
176
● Select a Device Group to see Summary Status for the devices in the group. The table displays the following information:
Device
Type
The name and/or IP address of the device
The type of the device
EPICenter Reference Guide
Firmware Manager Functions
Software Versions
Obsolete
BootROM Versions
Obsolete
The version number of the software image on the device.
• If the software on the device matches the version you have designated as the standard version for this device type, the column also displays a green check.
• If the version does not match the standard version, the column displays a red X.
standard versions.
A red X indicates that this software version is considered “obsolete,” meaning it has been superseded by a newer General Availability release. If you have Automatic
Information Updates enabled, EPICenter checks the Extreme Networks web site once every 24 hours for the newest version information.
The version number of the BootROM software
A red X indicates that this BootROM version is considered “obsolete,” meaning it has been superseded by a newer General Availability release.
● Select a device in the tree to see status for the individual device (see Figure 81 ).
The main area of the window displays information about any modules installed in the device that include a version of ExtremeWare or ExtremeXOS. If a device does not contain any modules, or the modules do not require an OS, then this area will be empty.
Stacking Device Support
Stacking devices running ExtremeWare 7.4 or later are handled as if they are slots; selecting the stack master in the Component Tree displays the stack members as if they are modules.
EPICenter Reference Guide 177
The Firmware Manager
Figure 81: Firmware Manager showing summary status for a stacking device
178
In the bottom portion of the window, basic information about the device is shown: the device status, IP address, device type, and the current software and BootROM versions.
The device summary table displays the following information about slots in the device:
Slot
Type
Software Versions
Obsolete
BootROM Versions
Obsolete
The slot number of the module or stack member (ExtremeWare 7.4 or later)
The type of module or stack member (ExtremeWare 7.4 or later)
The version number of the software image on the module, and whether it is an SSHcapable release.
A red X indicates that this software version is considered “obsolete,” meaning it has been superseded by a newer General Availability release. If you have Automatic
Information Updates enabled, EPICenter checks the Extreme Networks web site once every 24 hours for the newest version information.
The version number of the BootROM software on the module
A red X indicates that this BootROM version is considered “obsolete,” meaning it has been superseded by a newer General Availability release.
EPICenter Reference Guide
Obtaining Updated Software Images
Obtaining Updated Software Images
In order to upgrade your devices, you must have the new software or BootROM image stored locally on the EPICenter server. If you have a support contract with Extreme, you can download software and
BootROM images from Extreme to your local EPICenter server.
The Display Software Images Update window displays a list of the available software on the Extreme server, and allows you to connect directly to Extreme Networks to download the most current
ExtremeWare software images and BootROM images to your local EPICenter server. After you download the new images, you can use the images to upgrade your managed devices and modules.
NOTE
Before you can download the software images, you must have a current support contract as well as a user name and password to obtain access to the Extreme Networks server.
NOTE
You cannot download SSH-capable versions of the software images using the Firmware Manager’s image update feature. You must obtain SSH-capable images outside of EPICenter, and place them in the images or slotImages subdirectories (see
“Software and BootROM Image Locations” on page 175 ). SSH-capable images are subject to
export restrictions, and require a special license. To request SSH code, contact Technical Support.
For ExtremeXOS, modular software packages also cannot be downloaded using the Firmware Manager’s image update feature. You must also obtain those images outside of EPICenter, and place them in the images or slotImages subdirectories
Downloading the software or BootROM images from Extreme Networks does not automatically upgrade the devices with the new images—it just stores them with the EPICenter server.
Obtaining New Software Images
To obtain a current software image, click the Update button at the top of the main Firmware Manager window, or select the Update command from the Firmware menu. This opens the Display Software
Images Updates window, as shown in Figure 82 .
You can also access the Display Software Images Updates window by clicking the Display Updates... button from the Upgrade Wizard window, or from the Select Software Image window as described in
the section, “Specifying the Current Software Versions” on page 194
.
NOTE
If you declined to enable Automatic Information Updates when you installed the EPICenter server, the list of images in this display may not reflect the most current versions available from Extreme Networks. You can enable information updates in the Admin applet, through the External Connections server properties.
EPICenter Reference Guide 179
The Firmware Manager
Figure 82: Display Software Images Update window
180
The columns in this window show the following information:
Change
Version
Type
Name
Status
Present
Whether this image has changed since the last time the software information was updated. A green check indicates there is a new version available. A red X indicates there have been no changes. When you display image updates for the first time, all images are marked as changed.
The version number of the software.
Whether the image is a version of ExtremeWare device or slot software or a version of device or slot BootROM software.
The name of the software build.
The release status of the software: whether the software is a General Availability software release or Obsolete (meaning it has been superseded by a newer General
Availability release). If you have Automatic Information Updates enabled, EPICenter checks the Extreme Networks web site once every 24 hours for the newest version information.
Whether this version of software is available on your local system.
• A red check indicates that the software has not been downloaded from Extreme
Networks.
• A green check indicates the software is available on the EPICenter server in on of the directories: <tftp_root>\images, <tftp_root>\bootrom,
<tftp_root>\SlotImages , or <tftp_root>\slotBootRom.
<tftp_root> is the location of your TFTP server; by default this is
<EPICenter_install_dir>\user.war\tftp
EPICenter Reference Guide
Obtaining Updated Software Images
Description
Supported Hardware
Provides a description of the software. Use the description information to determine the type of device or module the software is intended for.
When an image is selected, the column shows the hardware types (device or slot type) on which the image can be installed.
To download new images to the EPICenter server:
1 Select the device or slot images you want to update. You can select more than one image.
2 Click Download.
A Login window for the Extreme download web site appears, as shown in Figure 83 .
Figure 83: Login to Remote Server window
3 Type your Extreme Support user name in the User Name field and password in the Password field to access the Extreme server, and click OK.
NOTE
You must have a current support contract and an e-Support user name and password to obtain access to the
Extreme Networks server.
A message window appears showing the progress of the downloads you have requested to the
EPICenter server. Figure 84 shows an example of this window. Click OK when the downloads have completed.
Figure 84: Messages from Server window showing image update progress
EPICenter Reference Guide 181
182
The Firmware Manager
Acknowledging the Version Changes
Once you have downloaded the software versions of interest to you, you can accept and acknowledge the list of software image updates: this changes any green checks in the Change column to red X’s. A red X indicates that the version shown in the Software Image list has not changed since the last time you viewed and acknowledged the list. Thereafter, green checks will appear only when you update the software information list and changes in the list are detected—the changed images will be indicated with a green check.
Checking for Version Availability
To check for the availability of new software versions and update the list, click Update Software
Information . This queries the Extreme server and updates the list in the Software Image field. Any versions that have changed since you last acknowledged the update list now show a green check to indicate the change.
Upgrading the Software or BootROM on Your Switches
ExtremeWare software images contains the executable code that runs on the switch and on certain
Extreme modules that include software. An image comes pre-installed from the factory on every switch and on certain modules. You can upgrade this image by downloading a new version to the switch through the Firmware Manager. You can download the image into either the primary or secondary image, and specify whether the switch should be rebooted to immediately use the new image.
The BootROM software initializes certain important switch variables during the switch or module boot process.
CAUTION
If a BootROM upgrade does not complete successfully, it could prevent the switch from booting.
EPICenter provides an Upgrade Wizard to help you select and download a new ExtremeWare software image or BootROM image to a device or a module.
When you perform a software image upgrade, EPICenter automatically creates a backup of your existing switch configuration. Switch configuration files for ExtremeWare are saved as text files in the
<tftp_root>\configs directory and configuration files for ExtremeXOS (along with Policy files, if any) are stored as zip files in the same location. <tftp_root> is the location of the TFTP server, by default
<EPICenter_install_dir>\user.war\tftp . See
Chapter 5 “Configuration Manager”
for more information on where and how configuration files are stored, and how to restore them to a device if necessary.
If you specify an upgrade to an image that is several revisions newer than the image running on the switch, you may need to perform a multi-step upgrade; upgrade to an intermediate version before you can upgrade to the more recent version. For “i-series” switches, the Upgrade Wizard evaluates the switch and images you have specified, and will inform you if a multi-step upgrade is required. If a multi-step upgrade is needed, EPICenter will inform you of the bootROM and image upgrades you must perform to bring the switch to the version you have specified, and will proceed to perform the first of those steps.
EPICenter Reference Guide
Upgrading the Software or BootROM on Your Switches
EPICenter evaluates your image and switch selections after the Upgrade Wizard’s Hardware Selection step. Even if you know you need to perform a multi-step upgrade, you should proceed through the
Image Selection and Hardware Selection steps described in the following sections.
EPICenter also supports the Hitless upgrade feature on a BlackDiamond chassis under certain conditions.
Hitless upgrade allows an ExtremeWare software upgrade on a BlackDiamond 6800 series chassis, or an
ExtremeXOS upgrade on a BlackDiamond 10K without taking it out of service or losing traffic. The
Upgrade Wizard presents the Hitless upgrade as an option when you specify an upgrade on a
BlackDiamond that meets the following conditions:
●
●
A BlackDiamond running ExtremeWare 7.1.1 or later, with BootROM 8.1 or later and 2 MSMs installed.
A BlackDiamond 10K running ExtremeXOS 11.1 or later with 2 MSMs installed.
Upgrading a Stacking Device
For Extreme Networks devices that support stacking, the Upgrade Wizard allows you to upgrade the images for the stack master and for individual stack members, as needed. The stack master must be upgraded in a separate operation, using the appropriate device image for the stack master device type.
Stack members can be upgraded individually or in groups, using the slot image version of the current device image.
Upgrading Your Switches Using the Upgrade Wizard
The Upgrade Wizard helps manage the upgrade process for both software images and BootROM images, for either devices or modules. The Wizard will check to ensure that the requested software or
BootROM image is appropriate and compatible with the devices or modules selected for the upgrade.
To download a new ExtremeWare software or BootROM image to an Extreme device or module, click the Upgrade button at the top of the window. You can also select Upgrade from the Firmware menu or a right-click pop-up menu.
Image Selection
The Image Selection page of the Upgrade Wizard appears, as shown in Figure 85 .
EPICenter Reference Guide 183
The Firmware Manager
Figure 85: Upgrade Wizard, Image Selection page
184
The Software Image table shows you the images that are available on the EPICenter server to be used to upgrade your managed devices.
The fields in the Software Image table show the following:
Type
Name
Version
Status
Description
Whether the image is a version of ExtremeWare device or slot software or a version of device or slot BootROM software.
The name of the software build.
The version number of the software.
The release status of the software: whether the software is a General Availability software release.
Provides a description of the software. Use the description information to determine the type of device or module the software is intended for.
When you select an image in the Software Image table, the Supported Hardware column to the right displays the hardware models on which the selected image is supported.
● If the software image you need is not listed in the Software Images table, you can click Display
Updates...
to open the Display Software Images Updates window, where you can download a
software image or determine if newer versions of the images are available. See “Obtaining Updated
Software Images” on page 179 for more information.
To begin the upgrade process, do the following:
1 Select an image in the Software Images table. You can only upgrade using one image at a time.
2 Click Next>> to go to the next page of the Upgrade Wizard.
EPICenter Reference Guide
Upgrading the Software or BootROM on Your Switches
NOTE
For stacking devices running ExtremeWare 7.4 or later, stack members are treated as if they are modules, and therefore are updated using the appropriate Slot Image. To upgrade the stack master, select the Device Image for that switch type; to upgrade a stack member, select the Slot Image for that switch type.
Hardware Selection
Normally, the next page to appear is the Hardware Selection page of the Upgrade Wizard, as shown in
Figure 87 . This is the normal case for images and BootROM releases that have General Availability status, as EPICenter knows which devices are supported. You will then be able to select among the devices supported by the image.
If, however, EPICenter does not recognize the image, a Supported Hardware Selection page may appear, as shown in Figure 86 . This may occur if you have obtained a Beta or Controlled Ramp release image, or if the image has been newly released as a General Availability release, and EPICenter does not yet recognize the release.
If the image you selected is one that EPICenter recognizes as associated with a set of supported device types, the Supported Hardware page does not appear. The next page you see is the Hardware Selection page.
NOTE
If the Supported Hardware Selection page appears when you do not expect it, go back to the Image Selection page and verify that you have selected the image you intended. Refer to the latest EPICenter Release Note for information on images that may require special handling.
The Supported Hardware Selection page
If the Supported Hardware Selection page appears, it means that EPICenter does not recognize the image you have selected, and does not know what type of hardware is supported by that image. This can occur if you have obtained a Beta or Controlled Ramp release image, or if the image has been newly released as a General Availability release.
On the Supported Hardware page, EPICenter presents a list of all the hardware types it thinks may be appropriate, and you can either select a hardware type from the list, or you can simply click Next>> to move to the Hardware Selection page of the Upgrade Wizard.
CAUTION
EPICenter will not prevent you from proceeding with the upgrade, even if you select an image and a hardware type that are incompatible. If the Supported Hardware Selection page appears when you did not expect it, you should go back to the image selection page and verify that you have selected the correct image for the hardware you want to upgrade.
EPICenter Reference Guide 185
The Firmware Manager
Figure 86: Upgrade Wizard, Supported Hardware Selection page
186
●
●
If you select an item from the hardware list, EPICenter will assume the hardware type is supported by the image, and will display only devices of that type as being eligible for upgrade.
If you simply select Next>>, you will be able to select and upgrade any device shown in the
Component Tree.
NOTE
If you want to have EPICenter recognize a non-standard image, contact Extreme Networks Technical Support.
They can help you create or obtain a supplemental software image list file.
The Hardware Selection Page
This page lets you select the devices you want to upgrade with the image you selected on the first page of the Upgrade Wizard.
EPICenter Reference Guide
Figure 87: Upgrade Wizard, Hardware Selection page
Upgrading the Software or BootROM on Your Switches
The two fields at the top of the page show the name of the image you selected, and the type of the image (Device Image, Device BootROM, Slot Image, or Slot BootROM).
If you have selected a Device Image or Device BootROM, the Select devices to be upgraded list shows devices that can be upgraded to the image you selected. As long as EPICenter recognizes the image, only devices that are supported by that image are shown in this list. You can select a device group in the Component Tree to the left to display devices from specific device groups.
If you selected a Slot Image or Slot BootROM, then you must select a device in the Component Tree on the left in order to see a list of slots that can be upgraded.
The Select devices to be upgraded list shows the following information:
Category
Device
Device Type
Slot
Image
The device category, used to indicate devices that can be upgraded at the same time.
Categories are indicated by letter: A, B, C etc. Devices in the same category can be upgraded together; for example, multiple devices in category A can be selected for upgrade together, but devices in category B cannot be upgraded in the same operation as devices in category A.
The name and/or IP address of the device
The type of the device
The slot number of the module (shown if the image is a slot image).
The image currently running on the device or module
EPICenter Reference Guide 187
188
The Firmware Manager
BootROM
Standard Image
The version of the BootROM running on the device or module
The version you have specified as the standard version in the Versions list for devices or modules of this type. If you have not specified a software version in the Versions window, this is blank.
1 Select the Device Group in the Component Tree to display a list of devices you can upgrade. If you are upgrading a module, select a device in the Component Tree to display the modules on that device that you can upgrade.
NOTE
If the list is empty, it means there are no devices present in the Device Group that can be upgraded to the image you have selected. If this happens, click <<Back and make sure you have selected the correct image for the device you intended to upgrade.
2 Select the devices or modules you want to upgrade, then click the Add-> button.
If you want to upgrade the images on all the displayed devices or modules, click the Add All-> button.
The devices or modules you select are moved to the Upgrade image on the following devices list.
To remove devices from the Upgrade image on the following devices list, use the <-Remove or <-
Remove All buttons.
3 If a device you select is currently running a BootROM that may be incompatible with the Device
Image you have selected to upgrade to, a warning pops up.
Click Yes to proceed with the upgrade anyway, or No to cancel it.
NOTE
Some upgrades, such as the upgrade from ExtremeWare 6.1e or 7.1e to 7.3e for the Summit 200 24/48, require a special image and steps. If the upgrade is one that requires special operations, an error message is displayed stating that the upgrade will not be performed.
4 Click Next>> to go to the next page of the Upgrade Wizard.
If you want to select a different software or BootROM image, click <<Back to return to the Image
Selection page.
NOTE
If you specify an upgrade to an image that is several revisions newer than the image running on the switch, you may need to first upgrade to an intermediate version before you can go to the more recent version. If the device you are upgrading is an “i-series” switch, EPICenter evaluates the switch to determine if it can perform a multi-step upgrade. In this case, a message pop-up informs you that a multi-step upgrade is required, and the upgrade wizard displays a Multi-step Upgrade page instead of going directly to the Operation Selection page.
If a multi-step upgrade is indicated, see “Performing a Multi-Step Upgrade” on page 191 for a
discussion of the information provided in the multi-step upgrade page.
EPICenter Reference Guide
Upgrading the Software or BootROM on Your Switches
Operation Selection
If you are performing a device or slot image upgrade, the Operation Selection page of the Upgrade
Wizard appears. Figure 88 shows one version of this page. The options that you see on this page may differ depending on the details of the upgrade you have requested.
If you have requested a BootROM upgrade, this page is not displayed. Instead, the Upgrade Preview
page appears (see “Upgrade Preview” on page 190 ).
If a multi-step upgrade is required, this page appears after the Multi-Step Upgrade page.
Figure 88: Upgrade Wizard, Operation Selection page
On this page you specify where the image should be placed, and whether the device should be rebooted. In some cases you can specify a delay before the reboot occurs. The options you are presented depends on the type of upgrade you are performing. The options are:
Upgrade Options (Appears only if the selected device supports the Hitless upgrade feature)
Upgrade Select if you want to do a standard (not Hitless) upgrade
Hitless Upgrade
Destination
Select whether this should be a Standard or Conservative upgrade
Download to: Select whether the download should be to the Current, Non-Current, Primary or
Secondary image
Reboot Options
Do not Reboot after download
No reboot should be done on the device
EPICenter Reference Guide 189
The Firmware Manager
Reboot immediately after download
Reboot after
The device should be rebooted immediately after the download has completed
Download configuration after upgrade
Type a number between 1-72 to specify the reboot should be delayed for the specified number of hours. This option is not available for all upgrade types.
Download the saved configuration after the image download and reboot has completed. This option is not available for all upgrade types.
1 Select the destination and reboot options you want.
2 Click Next>> to go to the next page of the Upgrade Wizard.
If you want to select different hardware for the upgrade, click <<Back to return to the Hardware
Selection page.
Upgrade Preview
This page displays the choices you have made for the upgrade.
Figure 89: Upgrade Wizard, Upgrade Preview page
190 EPICenter Reference Guide
Upgrading the Software or BootROM on Your Switches
The top portion of the page shows the selected image (device or slot image) or BootROM, the destination and reboot options, and whether the configuration file should be downloaded after the image upgrade.
The Partition to use after reboot field shows the partition that will be used upon reboot—this will always be the same partition as the destination of the image. For ExtremeWare devices, this will be the partition you selected as the image destination. For ExtremeXOS devices, the image always goes to the non-current partition. (However, for a modular upgrade, you can specify the location).
The Upgrade on the following devices list shows the devices you have selected for upgrade.
You cannot make changes to these choices on this page, but you can use the <<Back button to return to the previous pages of the wizard to change your selections.
If the settings are correct, click Finish to proceed with the upgrade.
If the images do not require a multi-step upgrade, the upgrade proceeds without any additional prompts. A Messages From Server window shows the progress of the upgrade on the selected devices.
This is the original behavior. When finished, the devices reboot according to the setting of the Reboot
Options.
Performing a Multi-Step Upgrade
EPICenter allows you to perform a procedure called a multi-step upgrade. Using the multi-step upgrade
EPICenter automatically determines the appropriate upgrade path for both the device BootROM and image. The EPICenter client software compares the desired (destination) image and BootROM versions to the existing (source) image and BootROM versions loaded on the switch to determine what intermediate steps, if any, are required.
Only Extreme Networks “i-series” switches are evaluated for a multi-step upgrade. Extreme devices that are not part of the “i-series” can be upgrade only using a single step method.
NOTE
For more information on upgrading your Extreme switch, see the ExtremeWare Release Notes.
Upgrade Logic
The multi-step upgrade feature uses the following logic:
●
●
●
●
If the destination image version is greater than or equal to ExtremeWare version 6.1.9, first check the
BootROM version. The BootROM version must be at least Boot 7.6, if not, upgrade the BootROM to
Boot 7.6.
If the source software image version is less than ExtremeWare version 6.1.9 and the destination image is greater than ExtremeWare version 6.1.9, upgrade the software image version to
ExtremeWare version 6.1.9.
If the source software image version is less than ExtremeWare version 6.2.2 and the destination image version is greater than ExtremeWare version 6.2.2, upgrade the device to ExtremeWare version
6.2.2.
If the destination software version is greater than or equal to ExtremeWare version 7.0.0, first check the BootROM version. The BootROM version must be at least Boot 7.8, if not, upgrade to Boot 7.8.
EPICenter Reference Guide 191
192
The Firmware Manager
● The final step is to upgrade to the destination software image version. This fulfills the requirement to upgrade the software image version to ExtremeWare version 6.1.9, ExtremeWare version 7.0.0, or other version range.
Obtaining the Image and BootROM Versions
Before you perform a multi-step upgrade, make sure that you have all of the required image and
BootROM versions available on your EPICenter server. To get the image and BootROM versions, use the
Live Update feature, as described in
“Obtaining Updated Software Images” on page 179 .
The Multi-Step Upgrade Procedure
For “i-series” switches, EPICenter will automatically evaluate the selected images and devices to determine if multiple upgrade steps are required. Therefore, in the Image Selection page, you should select the image you want to have installed at the end of the entire multi-step process.
A multi-step upgrade involves upgrading the switch multiple times in order to get from the source software image version to the destination software image version. EPICenter performs the upgrade procedure for each iterative step along the way.
For each iterative upgrade to the device during a multi-step upgrade, the Upgrade Wizard performs the following tasks:
●
●
●
●
●
Backs up the current device configuration.
Performs the current upgrade (downloads the appropriate image).
Reboots the device.
If this was a software image upgrade, restores the device configuration and reboots the device again.
Synchronizes the device and the EPICenter database.
NOTE
When the device reboots, the EPICenter server waits until the device reboot is complete and the device has loaded its configuration file. If the device reboot time is longer than the EPICenter server time-out period, the
EPICenter server sync operation may time out. If this occurs, you should do another sync.
At the end of a successful iteration, you must restart the Upgrade Wizard to initiate the next upgrade step. Again at the Image Selection page you select the final image you want installed so that EPICenter can calculate the remaining upgrade steps needed.
If a multi-step upgrade is required, the EPICenter Upgrade Wizard displays a Multi-Step Upgrade page, similar to that shown in Figure 90 , after the Hardware Selection step.
EPICenter Reference Guide
Figure 90: The Multi-step Upgrade step
Upgrading the Software or BootROM on Your Switches
This page shows you the steps EPICenter has determined are necessary to upgrade the device(s) from the current image to the image you have selected for download. It also indicates the upgrade that the
Upgrade Wizard will perform during this iteration of the multi-step upgrade.
In the right-hand panel, the wizard provides more details about the set of steps that must be performed to accomplish the complete upgrade.
NOTE
EPICenter performs only one upgrade at a time; if multiple steps are needed, you must initiate the upgrade process again after each successful iteration, until the final image has been installed.
To proceed with the upgrade EPICenter has proposed for this step, click Next>>.
The Operation Selection page of the Upgrade Wizard will appear, with the appropriate options selected
(a device reboot, and a configuration download if this is a software image upgrade).
If you do not want to use the multi-step upgrade procedure and, instead, want to force EPICenter to perform a single-step upgrade from your current software image version to your desired software image version, click Skip Multi-Step Upgrade. Skipping the multi-step upgrade will upgrade directly to the specified version.
EPICenter Reference Guide 193
194
The Firmware Manager
CAUTION
If you select Skip Multi-Step Upgrade, be sure that you fully understand all upgrade procedures. Skipping the multistep upgrade procedure may cause an error on the device and can cause the upgrade to fail.
After you upgrade the device(s), you should check each device configuration to be sure that the new image has been properly loaded. You should also make any config
For more information on verifying the device, see the ExtremeWare Release Notes.
Specifying the Current Software Versions
The Versions window lets you specify the current version of the ExtremeWare software for each type of
Extreme Networks device.
This information is used by the EPICenter software to determine whether an individual device is running the version you have specified as the “standard version.” This is the version that appears in the
Standard Image column in the Hardware Selection page of the Upgrade Wizard. It is also used to determine whether the image on a device matches the standard version as indicated by a check or an X in the Software Versions and BootROM Versions column in the main Firmware Manager display.
Click the Versions button at the top of the Firmware Manager window to display the Configure
Standard version window, as shown in Figure 91 .
Figure 91: Configure Standard version window
EPICenter Reference Guide
Configuring the TFTP Server
To select a software version for a particular device type, type in the software version or click the
Configure Version...
button to display the Select Software Image window, as shown in Figure 92 .
Figure 92: Select Software Image window
Select the version that you want to be standard for the selected device type across your network and click OK.
If the software image you want is not shown in the Software Images list, you can click Display
Updates...
to open the Display Software Images Updates window, where you can download a software
image or determine if newer versions of the images are available. See “Obtaining Updated Software
Images” on page 179 for more information.
Configuring the TFTP Server
If you already have a TFTP server installed on the system where the EPICenter server is running, you may choose to use that TFTP server instead of the one provided with EPICenter. This server is used to download images to the selected devices.
See
“Configuring the TFTP Server” on page 170
for instructions on configuring the TFTP server.
EPICenter Reference Guide 195
The Firmware Manager
196 EPICenter Reference Guide
7
The Interactive Telnet Feature
This chapter describes how to use the Interactive Telnet feature for:
● Configuring Extreme devices using Telnet and the ExtremeWare Command Line Interface (CLI).
●
●
Configuring third-party devices using interactive Telnet.
Creating CLI Command Macros for use in configuring individual devices or groups of devices.
Overview of the Interactive Telnet Feature
Users with Administrator or Manager access can view and modify configuration information for
Extreme switches (Summit, Alpine, and Black Diamond switches) managed by EPICenter using Telnet and the ExtremeWare or ExtremeXOS Command Line Interface (CLI). You can also use the interactive
Telnet capability to view and modify configuration information for third-party devices being managed by EPICenter.
The Telnet feature provides two usage modes:
●
●
A Macro view with Macro Player and Macro Editor tabs, where you can set up context-based CLI command macros, define variables to be used in commands within your macro, and run them on multiple switches in a single operation. You can set a macro to run repeatedly, and can save them in the EPICenter database for future use. You can import and export macros in XML file format.
Macros you create in the macro editor can be executed from other areas in EPICenter, accessed through right-click pop-up menus or the EPICenter Tools menu. Macros are supported on most
Extreme Networks and Avaya devices. Telnet macros may also be supported on other third-party devices that have been integrated with EPICenter through the third-party device integration framework. Most other third-party devices that are not integrated through this mechanism will not support Telnet macros.
An individual session mode, where you can open a session on an individual device, and execute commands just as you would from a standard Telnet interface.
Using Telnet with Extreme Networks Switches
The Telnet feature allows the scripting and playback of groups of CLI commands (macros) to a selection of Extreme Networks switches. You can also use this feature to run an interactive Telnet session on an individual switch, including third-party switches.
If SSH is enabled on an Extreme Networks device, and the device has been configured in EPICenter
(through the Inventory Manager) to use SSH, then SSH2 will be used instead of regular Telnet.
Select Telnet from the Navigation Toolbar to display the Telnet feature.
● If a device was selected in the Component Tree in a previous applet, the interactive Telnet window appears for that device, usually ready to accept commands to the device. See
Session on an Individual Switch” on page 216 for more details on using interactive Telnet.
EPICenter Reference Guide 197
The Interactive Telnet Feature
● If no device is already selected, the Telnet Macro Player tab appears, as shown in Figure 93 .
Figure 93: The Telnet feature, Macro Player interface
198
The Telnet Connections list initially shows all switches in all of the device groups, and shows the status of any macros that have run or are being run on the switch. If macros are not supported on an individual switch (true of some third party switches and a few Extreme Networks switches) the Macro
Status is “Macros not supported.”
If a Telnet session is currently open on a switch, the switch name is highlighted in bold in the list of switches in the Component Tree.
NOTE
If a switch displayed in the Component Tree has an “S” in a red circle along with the name, that means that the switch is not responding to SNMP requests. However, the switch may still respond to HTTP or Telnet requests.
EPICenter Reference Guide
Using Telnet Macros
Using Telnet Macros
Using the EPICenter Telnet feature you can create and run Telnet macros on Extreme devices. The macro feature supports the use of both contest-sensitive predefined variables and user-defined variables in a macro. Saved macros can also be enabled to appear in the Tools menu or the right-click pop-up menus in many of the other EPICenter features, so they can be run on the device, device group or port selected within another feature without having to first go to the Telnet feature.
NOTE
CLI commands that repeatedly refresh their output cannot be used in a macro. They will fail with a time-out error.
Examples of such commands are the show lldp commands on ExtremeWare devices, or the show ports utilization or the show ports configuration commands (ExtremeWare and ExtremeXOS).
You can create Telnet macros in two ways:
●
●
Under the Macro Player tab, you can select devices in the Telnet Connections list, create a macro to be run on those devices, and then play the macro on those devices, having it repeat at a specified interval, if appropriate. You can also load and run saved macros. If you want to save a macro you created under this tab, you can select the Macro Editor tab— your macro will appear in the command buffer where you can save it.
Under the Macro Editor tab, you can create a macro independent of any specific devices, and save it along with an execution context (device, device group or port) and execution roles. You can also create user-defined variables under this tab, and use them in your macro. You cannot play a macro from this interface, but you can save the macro and load it into the Macro Player interface at a later time, or you can select the Macro Player tab—your macro will appear in the command buffer in the
Player interface, where you run it on a set of selected devices. Saved macros can also be run from other areas of EPICenter, accessed through the EPICenter Tools menu or through right-click pop-up menus available in a number of EPICenter applets.
Built-in Telnet Macros
EPICenter provides several Telnet macros that can be loaded into the Macro Player or Macro Editor.
These are:
Macro Name
Disable LLDP
Disable Port
Enable LLDP
Enable Port
Description
Disables LLDP on a user-specified port (runs the disable lldp port command). Can be run by an administrator from the right-click pop-up menu when a port is selected in the Component Tree.
Disables a user-specified port (runs the disable port command). Can be run by an administrator from the right-click pop-up menu when a port is selected in the
Component Tree.
Enables LLDP on a user-specified port (runs the enable lldp port command. Can be run by an administrator from the right-click pop-up menu when a port is selected in the
Component Tree.
Enables a user-specified port (runs the enable port command). Can be run by an administrator from the right-click pop-up menu when a port is selected in the
Component Tree.
EPICenter Reference Guide 199
200
The Interactive Telnet Feature
Macro Name
LLDP Device Details
LLDP Port Details
Description
Shows LLDP information for a device (runs the show lldp command). Can be run by an administrator from the right-click pop-up menu when a device is selected in the
Component Tree.
Note: This macro should not be run on devices running ExtremeWare, as it will fail with a time-out.
Shows LLDP information for a user-specified port (runs the show lldp port stats command. Can be run by an administrator from the right-click pop-up menu when a port is selected in the Component Tree.
Note: This macro should not be run on devices running ExtremeWare, as it will fail with a time-out.
See
“Creating Macros for Context-Based Replay” on page 210
for more information on macros that can be run from a right-click pop-up menu.
The Macro Player
The top portion of the Macro Player view show the Telnet Connections list. The lower half of the Macro
Player view contains the macro command buffer. You can enter a series of ExtremeWare CLI commands into the source area, which will form a script that can be played to the set of switches you select in the
Telnet Connections list.
Figure 94 shows the Telnet Player view with a short script entered into the Macro command buffer.
EPICenter Reference Guide
Figure 94: The Telnet Macro Play view with script
The Macro Player
To create a macro for playback to a set of Extreme switches, follow these steps:
1 In the Telnet Connections list, select the switch or set of switches where you want your command macro to run. The switches need not have a Telnet session already open—the macro play function will open a connection and log into the switch.
The columns in the Telnet Connections table provide the following information:
Name
Address
Macro Status
The name of the device.
The IP address of the device.
The status of the last macro executed on the device. The status can be one of:
• Pending: The macro is intended to run on this switch, but has not yet started. This macro is used only used when playing macros repeatedly.
• Playing: The macro is currently running
• Stopped: The macro was stopped before it completed.
• Complete: The macro has completed running.
• Macros Not Supported: Macros cannot be run on this device (may appear if you select a non-Extreme device or the Summit Px1 or Summit 24e2T/X devices).
• Failed: A failure occurred when the macro was run. This is frequently due to an inability to connect to the switch.
2 Enter a series of ExtremeWare CLI commands into the macro buffer.
EPICenter Reference Guide 201
202
The Interactive Telnet Feature
There are three ways to enter commands into the macro buffer:
■ Type commands directly into the buffer.
■ Cut or copy commands from another location, either elsewhere in the buffer or from an external document, and paste them into the buffer.
Click the right mouse button anywhere in the macro buffer to display a pop-up edit menu which provides copy and paste functions. You can copy text from within the macro buffer using the copy function from the pop-up menu. From an external document, cut or copy text into the clipboard, then use the paste function from the pop-up edit menu.
■ Load a saved macro (see
“Loading a Saved Macro” on page 207 ).
The source of the commands in the macro buffer is indicated by the Macro Source: field at the top of the macro buffer panel.
■ You can insert any of eight system variables, and any user-defined variables that were saved with a macro you have loaded.
NOTE
If you have not loaded a macro, no user-defined variables are available, as they are not shared between macros.
■ You can also set the macro to play back repeatedly at a specified interval (see
Repeat Interval” on page 204 ).
The Macro Player view provides the following functions:
Play
Stop
Repeat
New
Load
View
Vars
Plays the macro currently showing in the macro buffer on the devices selected in the Telnet
connections table. See “Playing a Macro”
below this table.
Stops playback of the macro currently executing.
Configures a repeat delay interval for the macro. See “Configuring a Repeat Interval” on page 204 .
Clears the macro buffer to allow a new macro to be created. If the buffer currently has contents that have not been saved, a warning is issued and confirmation of the clear action is required.
Loads a saved macro into the macro buffer. The name of the loaded macro appears in the Macro
Source field. See “Loading a Saved Macro” on page 207
Displays the Telnet log of results for the last macro run on the selected device. You can save the
results to a file on the local system, if desired. See “Viewing Macro Results” on page 204
Enables selection of system or user-defined variables for inclusion in the macro. See
Variables in a Macro” on page 203
Note: User-defined variables are not shared between saved macros, so user-defined variables only appear in the Vars list if you have loaded a macro that has variables defined.
Playing a Macro
Click Play to initiate playback of the macro on the selected switches. This opens a connection to each switch, logs in using the switch login and password as specified in the Inventory Manager, and runs the macro.
If the macro is a repeating macro, it repeats sequentially on all selected switches until you click Stop.
You can execute just a portion of a macro by highlighting just the portion of the macro that you want to execute. Only the selected portion will execute when you initiate the playback. This does not affect saving the macro—the entire macro is saved even if only a portion is highlighted.
EPICenter Reference Guide
The Macro Player
NOTE
Macro play will be automatically stopped if you exit the Telnet feature (by selecting another feature or logging out) while a macro is running.
Using Variables in a Macro
You can embed both system variables and user-defined variables, if available, in your macro. EPICenter provides eight system variables you can use, shown in Table 17 on page 211 . (There are actually nine variables in the table, but a trap varbind variable should not be used in a macro being executed from within the Macro Player).
If you load a macro that includes user-defined variables, you can also use those variables in the Macro
Player. When the macro runs, EPICenter prompts for the values of the user-defined variables.
NOTE
User-defined variables that you create during a Macro Editor session, or that are loaded with a saved macro, are available in the Macro Player until you exit EPICenter (logoff and quit). If you load a different macro, the userdefined variables saved with that macro will become available, and the variables defined in the previously-loaded macro disappear.
To place a variable in your macro:
1 Click to place the cursor in your macro at the point where you want the variable to appear.
2 Click the Vars button to display the System > or User-defined > menus.
3 Click to select the variable you want from one of the two sub-menus.
The variable is inserted into your macro.
These variables can be used only in macros, not in an interactive Telnet session.
The following is an example of a macro using system variables: upload config $deviceIP extreme/$deviceName.cfg
When the macro runs, EPICenter substitutes the actual IP address and name of the switch on which the macro is running, in place of the two system variables. If you execute this macro on a switch named
“Ajax” with IP address 10.205.4.36, after variable substitution the command will become: upload config 10.205.4.36 extreme/Ajax.cfg
An example of a command with user-defined variables might look like the following: create vlan $vlanname where
$vlanname
was previously defined in the Macro Editor. When this macro runs, EPICenter pops up a dialog box requesting input of a value for all user-defined variables in the macro. You define the prompt that appears for each variable when you create the variable in the Macro Editor. Figure 95 shows an example of the variable input request dialog.
EPICenter Reference Guide 203
The Interactive Telnet Feature
Figure 95: Request for input for a user-defined variable
NOTE
Because macros are intended for unattended, batch-type use, you should not use interactive commands in a macro.
They may cause the command to run in a loop.
Configuring a Repeat Interval
To set a macro so that it plays back repeatedly at a specified interval, do the following:
1 Click the Repeat button to display the Macro Repeat pop-up window.
Figure 96: The Telnet Macro Repeat interval configuration
204
2 Check the Repeating check-box.
3 Enter an interval (in seconds) in the Repeat Delay (sec) field.
4 Click OK.
Viewing Macro Results
There are two ways to view the results of a macro:
● The results are displayed in a Macro Results window as the macro executes.
● The View function lets you view the results of the last macro run on a selected device.
EPICenter Reference Guide
The Macro Player
The Macro Results Window
During the execution of a macro, the macro results are shown in a Message dialog similar to the dialogs used for other configuration actions. However, instead of showing the results in a tree structure, this dialog show the results in a tabular form, as shown in Figure 97 .
Figure 97: The Macro Results dialog
Output from selected device
If the macro was played on multiple devices, each device is shown in a separate row. The columns are:
Device
IP Address
(blank)
Messages
The name of the device on which the macro is executing
The IP address of the device
The progress of the macro. This displays the spinning clock icon while execution is in progress, and changes to successful (green check), failed (red X) or stopped (red stopsign) upon completion.
The output from the macro for each device. Each Messages cell is actually a scrolling display that displays the output from the macro as execution occurs. By default displays the last three lines of the macro output.
● To change the number of lines shown in the Messages column, use the Number of lines to display in table drop-down field at the top of the window. The Results display can show up to 10 lines in each Messages cell.
To see more complete results for an individual device, select the row in the table, and the output for that device appears in the area below the results table.
● To stop the execution of a macro on a device, select the row in the table and click Stop. When execution has been halted, a system message will appear, and a red stop-sign icon indicates that execution has been stopped.
EPICenter Reference Guide 205
206
The Interactive Telnet Feature
● To save the macro results for a device to your local system, select the device and click Save.
If you have selected a single device, clicking Save opens the standard File Save dialog for your system, where you can select a location and enter a file name for the saved results.
If you have selected multiple devices, a pop-up window appears giving you the choice of saving the macro results into a single file, or into separate files for each device. (See Figure 98 ).
Figure 98: Save File Options for macro results when multiple devices are selected
■
■
To save each file individually, select the first option and provide a path to the directory where they files should be saved, then click Save. Each file will be named with its IP address,
<ip_address>.txt
(for example,
10.205.1.19.txt
)
To save all the results into a single file, select the second option and provide the path and filename under which the results should be saved.
The macro output results in a file are preceded by a header line that identifies the device and the data and time that the macro was run:
Summit48i 10.205.1.19
Fri Sep 17 17:33:09 PDT 2004
If multiple results are saved in a single file, this header helps you identify the results from each device.
The View Window
To view the results of the last macro executed on a particular switch, select the switch in the Telnet
Connections list, and click the View button.
A View window opens and displays the Telnet log file output for the device.
EPICenter Reference Guide
Figure 99: The View window
The Macro Player
Click Save to save the output to a file on your local system, or Close to close the window.
A Telnet log file for each device is automatically saved, for the duration of the client session, on the
EPICenter server in the <EPICenter_install_dir>\user.war\telnet directory, under a subdirectory created for the current user session. The Telnet log file is named according to the IP address of the device, and contains the output from the last macro executed. However, unlike the files you save explicitly, these files are deleted when you end your EPICenter client session. If you want to preserve the output from a macro, you must save it to a file you specify.
Loading a Saved Macro
To load a saved macro, click the Load button. This displays the Load Macro pop-up window (see
Figure 101 ).
EPICenter Reference Guide 207
The Interactive Telnet Feature
Figure 100: Loading a saved macro
208
The Load macro window shows the macros that have been saved in the EPICenter database. The columns in the table show the following:
Name
Description
Modified By
Last Modified
Alarm Action
The name of the saved macro.
An optional description for the macro.
The EPICenter user who last modified the macro.
The date and time that the macro was last modified.
A check here indicates that the macro is used as an alarm action. (See
for details.)
Select a macro and click Load. The macro script appears in the macro buffer. The name of the loaded macro appears in the Macro Source field.
You can then modify the macro or play it on selected switches.
The Macro Editor
In the Macro Editor, you can create or import and save macros that can be run both from within the
Macro Player, and from outside the Telnet feature via the Macros menu, found under the EPICenter
Tools menu and on the right-click pop-up menus. As part of the macro creation you can specify a context for the macro (device, device group, or port) that determines when the macro appears on one of these menus.
EPICenter Reference Guide
Figure 101: The Telnet Macro Editor view
The Macro Editor
The Macro Editor view provides the following functions:
New
Save
Load
Delete
Import
Export
Help
Clears the macro buffer to allow a new macro to be created. If the buffer currently has contents that have not been saved, a warning is issued and confirmation of the clear action is required.
Saves the macro in the macro buffer with the name and description you have specified. See
“Saving a Macro” on page 214 .
Opens a dialog where you can select a saved macro to load into the macro buffer. The name of
the loaded macro appears in the Macro Source field. See “Loading a Macro for Editing” on page 214 .
Opens a dialog where you can select a saved macro to be deleted.
Opens a dialog where you can select a macro file to import.
Exports the current macro to a file.
Displays online Help for the Telnet applet.
EPICenter Reference Guide 209
The Interactive Telnet Feature
Creating Macros for Context-Based Replay
Telnet macros that are defined in the Telnet Macro Editor can be played from within other EPICenter features as well as from within the Macro Player view in the Telnet feature. These macros can be played from the Macros submenu, selected either from the Tools menu or through a right-click pop-up menu.
The context specified for the macro defines whether the macro can be executed for an individual port, an individual device, for a device group—the macro will be available on the Macros submenu only when the correct context is selected in the Component Tree.
Telnet macros available from other features in EPICenter can also be restricted by user role—macros may be available only to users with specific roles.
When you create a macro in the Macro Editor for context-based replay, you have the opportunity to create and insert user defined variables, specify an execution context, and specify an execution role.
User-Defined Variables
User-defined variables provide a way for you to create a “generic” set of commands, and then provide specific values for the parameters of the commands at run-time.
For example, in the “create vlan” command you can use a variable for the VLAN name: create vlan $vlanname
Then when you run the macro on a specific switch, you will be prompted to enter the VLAN name.
To create and use user-defined variables, click the User-Defined Variables tab in the lower part of the
Macro Editor view. From here you can create, modify, and delete variables, and select them for inclusion in your macro.
● To create a variable click New in the menu of commands at the right side of the User-Defined variable space. This opens the New Variable dialog box, as shown in Figure 102 .
Figure 102: The New Variable dialog
210
Fill in the fields as follows:
Name
Description
The name of the variable. It must start with a lower case letter, followed by lower or uppercase letters, and cannot contain spaces or underscores.
A description that will be used as the prompt when the macro is run. If you do not enter a description, the variable name will be used as the prompt.
A “$” is prefixed to the name you specify to create the actual variable name that will appear in the macro.
EPICenter Reference Guide
The Macro Editor
●
●
●
To use a variable in a macro, select the variable and click Insert in the menu of commands at the right. The selected variable is inserted at the insertion point in the script.
To modify the name or description (prompt) of a variable, click Modify in the menu of commands.
The Modify Variable dialog is almost identical to the New Variable dialog, except that the current name and Description are shown in the appropriate fields.
To delete a variable, select the variable and click Delete.
NOTE
User-defined variables are saved with the macro, and are valid only for the macro in which they were created. They are not shared across macros.
System Variables
System variables are predefined variables available for inclusion in a macro. They are expanded automatically based on the scope of where the macro is executed.
Table 17: System Variables for use in Telnet Macros
Variable
$deviceName
$deviceIP
$port
$serverName
$serverIP
$serverPort
$date
$time
$trap
Short Description
Device Name
Device IP Address
Port Index
Server Name
Server IP Address
Server Port
Server Date
Server Time
Trap varbind
Description
The name of the device on which the macro is running
The IP address of the device on which the macro is running
The port on which a port macro is running
The name of the EPICenter server
The IP address of the EPICenter server
The EPICenter server port
The current date from the EPICenter server
The current time from the EPICenter server
A trap varbind. Must be followed by the variable index in parentheses.
Should be used ONLY in macros that are to be executed as alarm actions. See
“Using Trap Varbinds in Telnet Macros” on page 212 .
You cannot modify or delete the system variables.
To use a system variable in a macro, click the System Variables tab in the lower part of the Macro
Editor view, then just select the variable and click Insert at the right of the System Variables space. The selected variable is inserted at the insertion point in the script.
The Execution Context
The execution context determines when a Telnet macro will be available in other EPICenter features, based on the element selected in the Component Tree. For example, a macro with Device Group context will appear in the Macros submenu of the EPICenter Tools menu, and in the right-click pop-up menu when a Device Group node is selected in the Component Tree. A macro with Device Group context will be executed on all devices in the Device Group.
EPICenter Reference Guide 211
212
The Interactive Telnet Feature
The execution contexts that are supported are:
Device
Device Group
Port
The macro executes on an individual device, and appears in the Macros submenu when a
Device Group is selected.
The macro executes on all devices in a device group, and appears in the Macros submenu when a device is selected.
The macro executes to a port, and appears in the Macros submenu when a port is selected.
To set the execution context, select the Execution Context tab. Then click in the checkbox for each context you want to enable.
By default, if you do not select any contexts, the macro will not be available in any contexts. EPICenter does not enforce context assignments, so a macro that has its context set incorrectly may fail if run in an incorrect context—for example, a macro containing commands that cannot be executed on a port basis may fail if the context is set for Ports.
The Execution Role
Execution roles provides a way of controlling which users can execute a macro. By default, macros are accessible to all users that have read/write access to the Telnet feature. The execution role can be used either to restrict execution of a macro, or to allow execution of a macro by users that normally would not have access to the Telnet feature, such as a user assigned to the Monitor role. The execution role allows an administrator to provide specific Telnet macros that can be executed by users who do not have full Telnet access to devices.
When you specify an execution role for a macro, then that macro will be available only to users assigned to that role.
To set the execution role, select the Execution Role tab. Then click in the checkbox for each role you want to enable. The Execution Role tab will show all roles currently defined within the EPICenter database.
You must select a role if you want the macro to be available outside the Telnet feature. If you do not select an execution role, the macro will only be available for execution from within the Telnet feature, and will not appear in the Macros submenu of the Tools menu or pop-up menus for any users.
Using Trap Varbinds in Telnet Macros
The Telnet Macro capability allows the insertion of trap varbinds as variables in a Telnet Macro. The macro can then be invoked as the action taken as the result of an alarm event. In addition, two functions are provided that will convert the port numbers and VLAN IDs returned in varbinds into formats that can be used in CLI commands within a macro.
You can use trap varbinds in a Telnet Macro you plan to run as an alarm action. When the macro runs,
EPIcenter will substitute the value of the trap variable into the CLI command string in your macro.
CAUTION
You should use trap varbinds ONLY in macros you run as alarm actions. If you run a macro with trap varbinds in other situations, the value of the variables will be undefined, and this may cause errors or incorrect results from the macro.
EPICenter Reference Guide
The Macro Editor
To add a trap variable to a macro, you:
1 Place the cursor in your macro where the variable should go
2 Select $trap from the system variable list,
3 Click Enter to insert the variable
4 Add the correct varbind index (in parentheses).
You can determine the correct index by looking at the Actions tab in the Alarm Definition for the alarm that will execute this macro -- the Details>> button will display the varbinds and indices associated with the trap event specified for the alarm. See
“Defining Alarm Actions” on page 121 .
When you have finished creating or editing your macro and saved it, you will be able to select it in to use as an action for the alarm associated with the trap.
Figure 103: Specifying trap varbinds in a Telnet macro
Because the variables may return values in a form that is not usable in a CLI command, two functions are provided to convert values to CLI-readable formats. These are:
●
●
$ToCliPort()
— converts a port IfIndex to the slot:port format
$ToCliVlanName()
— converts a VLANID to a VLAN name.
For example, for the trap extremeEdpNeighborAdded
, the variable extremeEdpPortIfIndex
is returned as the second varbind (index=1).
EPICenter Reference Guide 213
214
The Interactive Telnet Feature
So upon an EDP Neighbor Added trap, the following command will set the display string of the EDP port to “Test-EPICenter” conf port $ToCliPort($trap(1)) display-string “Test-EPICenter”
For example, if the trap returns an IfIndex of 1009, the
$ToCliPort
function will convert it to 1:9, so that the resulting CLI command is: conf port 1:9 display-string “Test-EPICenter”
Saving a Macro
To save a macro you have defined, type a name for the macro and an optional description, and click
Save .
All current contents of the macro buffer will be saved in the database under the name you specify, as well as any user defined variables, the execution context, and the execution role specifications.
Once a macro has been saved, based on the execution context and role, the macro appears in the Macros submenu of EPICenter Tools menu, and in right-click pop-up menus.
Loading a Macro for Editing
To load a saved macro for editing, click the Load button. This displays the Load Macro pop-up window.
See
“Loading a Saved Macro” on page 207 for more information.
Deleting a Macro
You can delete a saved macro by clicking the Delete button. A pop-up window similar to the Load
Macro window appears. Select one or more macros to delete, then click Delete.
You will be asked to confirm the deletion.
If the macro you want to delete is used as an Alarm action, a warning appears. If you proceed to delete the macro, it is removed from any alarm definitions that were using it.
Importing Macros
You can import macros that are defined in an XML file. To import macros, click the Import button.
EPICenter opens the file selection dialog as appropriate for your system, allowing you to specify a file to be imported. Macros that are imported successfully will appear in the Load Macro dialog. The last macro to be imported is also shown in the Macro Editor. You can include multiple macros in a single import file.
EPICenter checks the import file for formatting errors, invalid attributes, and for duplicate macro names. If there are errors in the file, EPICenter displays an error message and the file is not loaded.
If the file contains a macro with a name that duplicate a macro already in EPICenter’s database, you are asked whether you want to overwrite the existing macro.
EPICenter Reference Guide
The Macro Editor
The contents of the XML file must follow the format defined in
.
shows an example of a macro file.
Figure 104: A Sample Macro File
<?xml version="1.0" encoding="utf-8" ?>
<Macros>
<Macro name="macro1" description="This macro does 3 show commands">
<contents> show sw show $var1 show log
</contents>
<variable varname="var1" description="Please enter a show command type"/>
<role roleid="1"/>
<context type="devicegroup"/>
</Macro>
<Macro name="macro2" description="This macro does a Show Log">
<contents> show log
</contents>
<role roleid="2"/>
<context type="device"/>
</Macro>
<Macro name="macro3" description="This macro does a user-specified show command">
<contents> show $var3
</contents>
<variable varname="var3" description="3: Please enter a show command type"/>
<role roleid="3"/>
<context type="port"/>
</Macro>
</Macros>
The following table defines the elements you can use in the SML file to define a Telnet Macro:
Table 18: Macro Element Definitions
<Macros> </Macros>
<Macro ... > </Macro> name= description=
<contents> </contents>
<variable ... /> varname= description=
<role ... />
Statement that defines the Macro file
Statement that defines a macro
Name of the Macro
Description associated with the macro (appears in the Description field in the Macro Editor)
The contents of the macro (appears as the source in the Macro Editor or
Macro Player)
The definition of a user-defined variable. This is optional, and can be repeated multiple times.
The name of the user-defined variable. Do not include the leading $ with the name.
The description of the variable, which also appears as the prompt for the variable value when the macro is run
Specification of an execution role. This is optional, and can be repeated multiple times. See
“The Execution Role” on page 212
for information on execution roles.
EPICenter Reference Guide 215
216
The Interactive Telnet Feature
Table 18: Macro Element Definitions
roleid=
<context ... /> type=
The role ID: 1 = Monitor, 2 = Manager, 3 = Administrator. If an invalid ID is specified, it is ignored.
Note: only the three predefined user roles can be specified in the import file. If you need to specify roles other than the predefined ones, you must modify and re-save the macro after it has been imported.
Specification of an execution context. This is optional, and can be repeated up to three times. See
“The Execution Context” on page 211 for
information on execution context.
The context type: Can be “devicegroup”, “device”, or “port”
Exporting a Macro
You can export individual Telnet macros from the Telnet applet Macro Editor. The export feature exports the currently loaded macro to an XML file. The exported file is saved in the appropriate format to be imported into the Telnet Macro Editor using the Import macro function.
To export a macro:
1 Enter the macro (or load a saved macro) into the Macro Editor.
2 Click the Export button.
3 A Save File dialog appears, where you can specify the name of the file into which the macro should be saved.
4 Click Save to save the file.
Macros must be exported one at a time as separate files. If you want to save multiple macros, you must
Load and then Export each macro in turn.
Running a Telnet Session on an Individual Switch
You can open a Telnet session on an individual switch by selecting the switch from the Telnet switch list in the Component Tree. This opens a Telnet session to the selected switch, and then waits for command input, just as with any other Telnet session.
For Extreme Networks devices EPICenter will automatically log into the switch based on the device login name and contact password configured for the device in the Inventory Manager. (Your EPICenter user name must also have ExtremeWare access permission). For third-party devices, you will need to provide the login and password interactively.
Open Telnet sessions are indicated by displaying the switch name in bold in the Component Tree.
EPICenter allows only five Telnet sessions to be open concurrently, and they must all belong to the same
Device Group. If you select more than five switches, EPICenter will open five connections, then close the oldest (the first connection) in order to open a connection on the sixth switch, and so on. If you open a Telnet session on a device in a different device group, any open sessions in the original device group are disconnected.
Any open Telnet sessions are closed when you leave the Telnet feature to view a different EPICenter feature.
EPICenter Reference Guide
Figure 105: A newly opened Telnet session
Devices with open
Telnet sessions
Running a Telnet Session on an Individual Switch
The Telnet session window is a two-tone window—the bottom of the window is white, the top is gray.
The last 25 lines of Telnet commands and responses always appear in the white portion of the window.
As output grows, the older lines scroll up into the gray portion of the screen. This makes it easy to tell whether you are viewing the most recent Telnet output.
The Telnet session window will display the commands and results from macros that are run on the switch. You can also type in commands individually.
Copy/Paste from an Interactive Telnet Session
A copy and paste function is available within an interactive Telnet session. Copy and paste let you copy from one interactive Telnet session into another interactive session or into the macro buffer. You can also paste commands from an external document into an interactive Telnet session. The copy and paste commands reside on a pop-up menu that you can display using the right mouse button, as shown in
Figure 106 ).
EPICenter Reference Guide 217
The Interactive Telnet Feature
Figure 106: An open Telnet session showing the pop-up edit menu
218
●
●
To copy from an interactive session, highlight the lines you want to copy, click the right mouse button and select Copy from the pop-up menu.
To paste into an interactive Telnet session or into the macro buffer, place the cursor where you want the lines inserted, click the right mouse button and select Paste from the pop-up menu.
NOTE
You cannot use the browser cut and paste functions for this purpose.
Macro Recording and Playback from an Interactive Telnet
Session
The record function creates a macro by echoing commands that you type in an interactive Telnet session, into the Macro Record/Play Buffer. The record function is controlled by commands from a popup menu displayed by using the right mouse button, as shown in Figure 106 .
EPICenter Reference Guide
Using Interactive Telnet with Third-Party Devices
●
●
●
To start recording a macro, click the right mouse button and select Start Record from the pop-up menu.
Everything you type after this is copied into the macro Record/Play Buffer until you select Stop
Record from the pop-up menu.
To stop recording a macro, click the right mouse button and select Stop Record from the pop-up menu.
The commands that are part of the macro are automatically entered into the macro command buffer.
To play the macro on one or more switches, select the Device Groups component or the name of a device group in the Component tree, and play back the macro in the Macro Player view as discussed in the section
“The Macro Player” on page 200
.
Using Interactive Telnet with Third-Party Devices
You can open an interactive Telnet session on a third-party device and execute commands interactively.
Select the switch from the Telnet device list in the Component Tree. This opens a Telnet session to the selected switch, and waits for input as appropriate to the device’s Telnet interface.
For third-party devices integrated into EPICenter through the third-party device integration framework, auto-login may also be supported, depending on the integration configuration. For other third-party devices, however, EPICenter does not attempt to log you in to the device. You must log in as required for the device.
You can enter and execute commands using the device’s command line interface. The commands and any resulting output will be displayed in the session window just as if you were running a Telnet session on any other client.
To close the Telnet session, type the appropriate exit command on the command line. The session will be closed automatically when you exit the Telnet feature.
EPICenter Reference Guide 219
The Interactive Telnet Feature
220 EPICenter Reference Guide
8
The Grouping Manager
This chapter describes how to use the Grouping Manager to do the following:
● Create new groups
●
●
Create new user or host resources
Add resources or groups to a parent group
●
●
●
●
Define relationships between resources
Add attributes to a resource or a group
Search for resources
Import users and hosts from Windows Domain Controller, NIS, an LDAP directory, or a file
Overview of the Grouping Manager
The Grouping Manager allows you to collect network “resources” (devices, ports, users, hosts, and
VLANs) into groups that can be manipulated or managed as a single entity.
A group is a hierarchical collection of resources that have been grouped together for some common purpose. A group can contain individual resources as well as other (subordinate) groups. Groups
(except for Device Groups) are not exclusive—a resource can be a member (child) of more than one group.
Resources are individual elements in your network, such as a device, port, host (end station), user, or
VLAN. Device, port, and VLAN resources are defined externally to the Grouping Manager, through the
EPICenter discovery capability and the Inventory and VLAN applets. User and host resources are defined within the Grouping Manager, either by importing the information from an external source
(such as an LDAP directory, NT Domain Controller, NIS server, or a file) or by creating the resources within the Grouping Manager. A group can also be considered a resource when it is used as an entity in the same way as an individual resource would be used—such as in a Policy definition within the
EPICenter Policy Manager, an optional, separately licensed product.
With the exception of Device Groups and Port Groups, the group and resource definitions you create through the Grouping applet are primarily useful within the Policy Manager applet. For more
information on how groups are used within that function, see Chapter 18 “Using the Policy Manager”
.
You can define groups and add resources to them to create an organizational structure that facilitates managing your network. The EPICenter software provides several predefined groups:
●
●
●
●
●
●
Custom Applications
Device Groups
Hosts
Import Sources
Port Groups
Users
EPICenter Reference Guide 221
222
The Grouping Manager
You can define your own groups at the same hierarchical level as the predefined groups, or as subordinate groups (children) of an existing group. You can assign resources to your own user-defined groups and to the predefined groups, with the exception of Device Groups and Import Sources.
The Device group always has the child group named “Default”. It may or may not have additional members depending on whether devices have been added to the device groups in the Inventory
Manager. You cannot directly add members to Device Groups using the Grouping Manager. This must be done in the Inventory Manager.
Four of the predefined groups—Custom Applications, Hosts, Port Groups, and Users—initially have no members. Although the latter three groups are provided to help you organize your host, user, and port resources, they can contain children of any resource type. A Custom Applications group can only contain port resources. You can create new groups as members of these groups, or add resources of any type directly to them. The Custom Applications group cannot have hierarchical children.
●
●
●
Custom Applications may be used to group various L4 resources without requiring ports in the group to be contiguous or of uniform type. For instance, you can mix UDP and TCP ports in one group. You can also have sets of contiguous ports and single ports in the same group.
Port Groups may be used by the Real Time Statistics applet and the IP/MAC Address Finder applet.
However, these applets do not support hierarchical groups—if you have subordinate groups within a port group, the subordinate layers are all collapsed into a single layer. Resources of types other than ports are ignored by these applets.
Port Groups, along with all the other types of groups and resources, may also be used by the optional Policy Manager.
The Hosts and Users groups (either the predefined groups or subordinate groups) may be used by the optional Policy Manager. This is also true of all user-defined groups. No other EPICenter applets currently support groups of these types.
In a group that contains resources of different types, the Policy Manager ignores those resources that are not relevant to the purpose for which the group has been selected.
The other two predefined groups, the Device Groups and the Import Sources, are restricted in the way they can be used.
Device Groups. The Device Groups group contains the device groups and devices known to the
EPICenter inventory database. Device groups are created within the Inventory Manager applet, and devices are added or discovered, and are assigned to device groups, within that applet. All port resources are also defined in association with the devices known to the Inventory Manager.
●
●
●
You cannot add resources to or remove resources from the Device Groups group through the
Grouping Manager.
You can add resources that are children of Device Groups group—device groups, devices, and ports—as members (children) of other groups.
There is always a device group named “Default”.
Import Sources. The Import Sources group is used to contain resources imported from an external source, such as a file, NT Domain Controller, or LDAP directory. When you perform an import operation, the Grouping Manager creates a new group under the Import Sources group and puts all the imported resources under that group.
● You cannot add groups or individual resources as children of the Import Sources group except by using the Import function.
EPICenter Reference Guide
Grouping Manager Functions
●
●
You cannot remove any of the members (including sub-groups) of an imported group. The imported group can only be deleted in its entirety, using the Destroy function.
You can add resources that are children of an Import Sources group as members (children) of other groups.
Resource Attributes
Attributes are name and value pairs that you can use for a variety of purposes. You can associate attributes with both groups and individual resources, including resources that are members of the
Device Groups and Import Sources groups.
Some predefined resources, such as devices and imported resources, may also have predefined attributes. For example, device resources have their IP address as an attribute. Imported resources may bring with them sets of attributes determined by the content and configuration of the import source.
Certain attributes, such as IP/subnet address. L4 and Netlogin ID are used by the optional Policy
Manager applet to allow it to map between high-level named resources, such as Users, and the information required to generate a QoS policy (IP address and port information).
You can also define attributes of your own, and then use them as search criteria when you want to find sets of resources with common attributes.
Relationships between Resources
The Grouping Manager also supports “relationships” between User, Host, and Port resources. These relationships are used by the optional Policy Manager applet, and help the Policy Manager generate specific QoS rules that it derives from high-level policy specifications that are given in terms of named objects such as users or hosts. See
Chapter 18 “Using the Policy Manager” for more information on the
Policy Manager.
Grouping Manager Functions
There are multiple ways to invoke the functions provided by the Grouping Manager:
● Using the menus at the top of the main applet frame—specifically the Grouping menu
● Using the function buttons shown directly below the EPICenter menus
No right-click pop-up menus are available in the Grouping Manager.
For simplicity, most of the instructions in this chapter only specify a one method of invoking a function
(usually the function button).
Grouping Manager Function Buttons
The buttons at the top of the main Grouping Manager applet provide the following functions:
Table 19: Grouping Manager Function Buttons
New Creates a new Group, User, or Host resource. See “Creating a New Resource” on page 228
.
EPICenter Reference Guide 223
224
The Grouping Manager
Table 19: Grouping Manager Function Buttons
Deletes a user-defined resource. This completely eliminates the resource from the
EPICenter database, as well as removing it from all groups of which it was a member. This is not the same as removing a resource from an individual group. You cannot destroy system-defined resources or individual imported resources. You can only destroy imported
resources by destroying the entire Import Source group. See “Deleting Resources—The
Imports resources from an external source such as an NT Domain Controller, LDAP
database, or a specially formatted text file. See “Importing Resources” on page 242 .
Finds a resource based on a set of search criteria that can include a resource name, description, type, source, or attribute value. See
“Searching for a Resource” on page 238
.
These functions may also be accessed through the Grouping menu.
The Grouping Menu
EPICenter provides a set of menus at the top of the main applet frame. Most of these are standard across all the EPICenter applets, and are described in
“EPICenter Menus” on page 32 . However, the
Grouping Manager provides an additional menu, Grouping, that contains commands unique to the
Grouping Manager. The Grouping menu contains the following items:
Table 20: The Grouping Menu
New Resource
Delete Group/Resource
Import Group/Resource
Find Group/Resource
Creates a new Group, User, or Host resource. See
“Creating a New Resource” on page 228 .
Deletes a user-defined resource. This completely eliminates the resource from the
EPICenter database, as well as removing it from all groups of which it was a member. This is not the same as removing a resource from an individual group. You cannot destroy system-defined resources or individual imported resources. You can only destroy imported resources by destroying the entire Import Source group. See
“Deleting Resources—The Destroy Function” on page 229
.
Imports resources from an external source such as an NT Domain Controller, LDAP
database, or a specially formatted text file. See “Importing Resources” on page 242 .
Finds a resource based on a set of search criteria that can include a resource name, description, type, source, or attribute value. See
“Searching for a Resource” on page 238 .
Resource Detail Buttons
When you select a device group or a device in the Component Tree, buttons inside the resource detail panel are enabled as appropriate for the type of resource you selected.
The contents of the resource detail buttons depend on the type of item you have selected in the
Component Tree.
●
●
●
If you select the top-level Groups item, the Host, Ports, Users group item, or your own group item, then the resource detail panel enables the Add button.
If you select a specific resource within these groups, the resource detail panel buttons provide the commands: Add and Remove.
If you add a device, all the commands shown in Table 21 are available.
EPICenter Reference Guide
Displaying EPICenter Groups and Resources
Table 21: Detail Information Panel Buttons
Add
Remove
Save
Cancel
Adds a child resource to the group from a list of the resources that are currently defined in the EPICenter database. See
“Adding a Resource as a Child of a Group” on page 230 .
Removes a child resource from the group. This removes the parent-child relationship between the resource and the group. This does not remove the resource from the EPICenter database, unless it is a user-defined resource and this is the only instance of the resource.
(Removing all instances of a resource is the equivalent of destroying the resource.) See
“Removing A Child Resource from a Group” on page 232
.
Saves your child resource changes to the EPICenter database.
Cancels any unsaved changes (adds or removes) to the child resources of the group.
Displaying EPICenter Groups and Resources
When you click the Groups button in the Navigation toolbar, the main Grouping Manager window is displayed, showing Resource Details for the root-level group. Figure 107 shows the Grouping Manager window with a number of the groups expanded to show their children.
Figure 107: Resource Details view
Groups Children Device Resources
Tab to display Children or Relationships
Tab to display
Attributes
EPICenter Reference Guide 225
226
The Grouping Manager
The Component Tree on the left shows the currently defined resources. Initially, this shows only the root-level group named “Groups.” Click on the plus sign to the left of a resource to display the children of that resource.
Children can be individual resources (devices, hosts, users, or ports) or groups. The icons indicate the type of resource:
indicates a general-purpose group.
indicates a custom application.
indicates a device group.
indicates a host resource.
indicates a user resource.
indicates a VLAN resource.
Devices, slots, and ports are indicated by icons that vary based on the specific device model and port type. The icons are the same as are used in the Component Tree of the Inventory applet and other
EPICenter applets. Although slots appear in the Component Tree, they are not true resources, and cannot be children of groups within the Grouping Manager.
VLANs may appear as children in the Component Tree. However, unlike devices and Device Groups,
VLANs appear in this list only after they have been specifically added as children of a group. VLANs known to EPICenter but not used as children of a group do not appear in this list.
Resource Details
The Resource Details display in the main panel shows the following information for the group (or resource) that is selected in the Component Tree on the left:
●
●
●
●
Name —The name of the Resource.
For ports, the name of the port is the Device name followed by the port number. For example, S1 3 is the name of port 3 on the device named S1.
Description —A description of the resource (optional for user-defined resources).
■ For Device Groups, this is the description entered for the group in the Inventory Manager.
■
■
For devices, this is the device description ( sysDescr variable) if present in the agent.
For ports, this is the interface description ( ifDescr variable) if present in the agent.
■ For VLANs, this contains the protocol and tag information.
Type —The type of resource (Group, Device, Host, Port, User, VLAN).
Note that if you select a slot under a chassis device in the tree, the Resource Details window displays it as a “Slot” resource. However, a slot is not a true resource in that it cannot be added as a child of a group— its ports can be used as resources, but the slot as an entity cannot.
Source —The origin of the resource. The source determines what actions are allowed relative to the resource, this can be one of the following:
■
■
EPICenter indicates that the resource was defined by the EPICenter software: either by the
Grouping Manager in the case of the predefined groups, or by another EPICenter applet in the case of device group, device, port, or VLAN resources. You cannot modify these resources or their children (if they are groups) through the Grouping Applet.
Manual indicates that this is a user-defined resource, created within the grouping applet using the New button. These resources can be deleted from the Grouping Manager using the Destroy
EPICenter Reference Guide
Displaying EPICenter Groups and Resources
●
■ function. The exception is the three predefined groups, Hosts, Users, and Port Groups, which are considered Manual resources but cannot be destroyed. If the user-defined resource is a group, you can add and remove children as desired.
Imported resources are assigned a source name as part of the Import process. See “
Resources ,” on page 242 for more information.
User-defined (Manual) resources can be deleted using the Destroy function. System-defined
(EPICenter) and imported resources cannot be deleted, although they can be removed as children of
Removing A Child Resource from a
Group ,” on page 232 for more information on removing resources from groups.
Unique Name —A name that uniquely defines this resource within the Source scope. For userdefined resources (Source is Manual) this is always blank.
■
■
■
■
For pre-defined resources, the Unique Name is the same as the Resource Name.
For device resources, the Unique Name is the device IP address.
For port resources, the Unique Name is the IP address of the device followed by the port number.
For ports on a chassis device, the port number combines the slot number and the port number.
For resources imported from a file or LDAP directory, the Unique Name is specified in the input process, and may be different from the Resource Name.
Below these fields there are two tabbed pages whose contents depends on the type of resource being displayed.
●
●
●
For Groups, you can view a list of Children of the group. This lists the resources (individual resources or subordinate groups) associated with the selected group. For each child, the list includes the resource name, its type, and its source.
For User, Port, and Host resources, you can view a list of Relationships for the resource. This displays a list of other resources related to the selected resource.
For all types, you can view a list of the Attributes associated with the resource. The exception is the top level (root) node, “Groups,” which has no attributes.
Resource Filtering
The field at the top of the Component Tree provides a drop-down menu from which you can select a filter to apply to the Component Tree display. This filter controls the types of resources that are displayed as subcomponents of the groups in the tree. This feature is useful when you have a large number of resources of various types, and lets you limit the display to resources of a specific type in which you are interested.
Groups are always displayed. The following filter choices determine the types of individual resources that are displayed within the groups:
●
●
●
●
●
●
All allows resource children of all types to be displayed.
Devices shows only the Device resources within the groups.
Hosts shows only Host resources within the groups.
Ports shows only Device and Port resources within the groups.
Users shows only User resources within the groups.
VLANs shows only VLAN resources within the groups.
EPICenter Reference Guide 227
The Grouping Manager
Creating a New Resource
You can create new groups and add new User and Host resources through the New Resource function.
You can also associate attributes with the resource during this process.
Resource as a Child of a Group ,” on page 230 .
NOTE
You cannot add resources of any type to the Device Groups or Import Sources groups, or any subgroups within those groups.
To add a new resource, do the following:
1 In the Component Tree, select the Group to which you want the resource added. To add a new group at the highest level, select the root “Groups” node. The new resource is added as a child of the group you select.
If you plan to add User or Host resources, it is suggested that you add these initially to the User or
Host groups, or to another group you have created, rather than to the root-level group. Once you’ve created a resource, you can add it as a child of other groups. For example, a User resource “Fred” can be a member of both the group “Marketing” and the group “Chicago.”
2 Click the New button at the top of the Grouping Manager window.
The Add a New Resource to Group window, as shown in Figure 108 , is displayed.
Figure 108: Adding a new resource
228
3 Enter identifying information in the fields at the top of the dialog:
■ Resource Name —A name for the resource. The name can include any characters except a colon.
■ Resource Type —For all groups except Custom Applications, select a type (Group, User, or Host) from the drop-down menu. If you are creating this resource as a member of the Custom
Applications group, the type defaults to Application and may not be changed. If you are creating this resource as a member of the Hosts group, the type defaults to Host. If you are creating it as a member of the Users group, the type defaults to User. Otherwise, the type is set to Group by default. For groups other than Custom Applications, you can change the group type.
EPICenter Reference Guide
Deleting Resources—The Destroy Function
■ Resource Description —An optional description of the resource.
4 Define any attributes that you want to associate with this resource. Attributes are name-value pairs that can be used as search criteria, and are used by the EPICenter Policy Manager. For a more
detailed explanation of attributes, see “ Adding and Removing Attributes
,”
.
a Enter the name of the attribute in the Name field. b Select an attribute type from the drop-down list in the Type field:
■
■
Generic —Any attribute not specified as one of the other two types. The value is a string. You can use this attribute to classify your resources in any way you want, for search purposes.
IP/Subnet —This attribute specifies an IP address and subnet mask. For Host or User resources, this attribute may be used by the Policy Manager.
■
■
Netlogin ID —This attribute specifies a Netlogin ID (user ID or host ID) that can be detected by Netlogin in the switch. Netlogin ID attributes are most commonly created when a resource is imported from an external source such as an NT Domain Controller or NIS that contains user and host information.
For Host and User resources, this attribute may be used by the EPICenter Policy Manager. If
Netlogin is enabled on the switches in your network, attribute and relationship information
(mappings between users, hosts, and IP addresses) for host and user resources with Netlogin IDs, are maintained automatically.
L4 —This attribute is used only for Custom Applications. It is the only Type that is allowed for this kind of group.
c Enter a value for the attribute:
■ For a Generic attribute, enter a string.
■
■
For an IP/Subnet attribute, fill in the fields provided, and edit the subnet mask specification as appropriate.
For a Netlogin ID, enter a string. In order to be recognized correctly by the Netlogin in
Extreme switches, this should be the user name (login name) or host name as known within the network.
■ For L4, enter a valid UDP or TCP port or range of ports using the format
[UDP|TCP]/
[<portNum>|<minPortNum-maxPortNum>]
. The first section of the format requires you to specify UDP or TCP. The second part allows you to specify either a single valid port of the type chosen, or a range of ports separated by a dash. For example, the following are valid entries: UDP/234 and TCP/23-45.
d To add this attribute to the list of attributes associated with this resource, click the Add Attribute to Resource button .
e To remove an attribute from the list of attributes, select the attribute in the list and click the Remove Attribute from Resource button .
5 When you have finished entering attributes, click the OK button to save your new resource definition.
To close this dialog without saving the resource definition, click the Cancel button.
Deleting Resources—The Destroy Function
The Destroy button in the Grouping Manager toolbar lets you delete user-defined resources from the
EPICenter database. The destroy function removes the resource from the database entirely, removing it from all groups where it exists as a child.
EPICenter Reference Guide 229
230
The Grouping Manager
NOTE
You can only destroy resources whose source is “Manual” (except for the predefined groups) and the root groups of imported resources. You cannot destroy the predefined groups, system-defined resources (devices, device groups, or ports) whose source is EPICenter, or individual imported resources (where the source is a file, LDAP database, etc.).
If you select a resource you cannot delete, the Destroy button is not available.
To delete a user-defined resource do the following:
1 Select the resource in the Component Tree.
2 Click the Destroy button on the toolbar.
A confirmation dialog is displayed. Click OK to confirm that you want to delete this resource.
If you delete a group, any orphaned children of the group (resources that are not members of any other group) are also deleted.
If you delete a Host or User, all relationships to other resources are also deleted.
To remove a resource as a child of a group, use the Remove function, see “
Removing A Child Resource from a Group
,”
. This just removes the parent-child relationship with the group, but does not delete the resource from the database.
Adding a Resource as a Child of a Group
NOTE
You cannot add Resources as a Child of a Group for Custom Applications.
A group’s children are individual resources or subordinate groups that are manipulated or managed together. A resource is placed into a group as it is created— either the root-level group, or the group that was selected when it was created. However, because a resource can be a member of multiple groups, you may wish to add an existing resource to an additional group, or move it to a different group. To add a resource to a group, you select the resource from a list of the resources that are currently defined in the EPICenter database.
You can add individual resources as children of a group, or you can add groups as children. You cannot add an ancestor group as a child of one of its subordinate groups. You cannot have subordinate groups of Applications below the Custom Applications group.
When you add a group as a child of another group, all members of the sub-group (its children) are considered members of the higher level (ancestor) group. As membership in the sub-group changes, so does the membership in the higher level (ancestor) group. This can have important effects when a group is used by another EPICenter module. For example, suppose you create group “A” that contains two groups of hosts “HostsA” and “HostsB”, and then use group A in defining access list policies through the Policy Manager. The Policy Manager generates access list rules for traffic related to all the hosts in groups HostsA and HostsB. If you subsequently change the membership of HostsB, and autoconfiguration of policies is enabled in the Policy Manager, the QoS rules that define the access lists are
automatically recomputed and reconfigured. (See the Chapter 18 “Using the Policy Manager”
for more information on this optional applet).
EPICenter Reference Guide
Adding a Resource as a Child of a Group
Adding resources to a group as individuals is a more static relationship—resources remain as children until they are explicitly removed from the group (or deleted from the EPICenter database).
To add a resource or group of resources to a higher-level group, do the following:
1 In the Component Tree, select the group to which you want to add the resource, so that the group’s information is displayed in the Resource Details view.
2 Click the tab labeled Children to display the list of children belonging to this group.
3 Click the Add button at the bottom of the list of Children to display the Add Resources to Group pop-up dialog, as shown in Figure 109 .
Figure 109: Adding Resources to a Group
This window has two parts:
■ A display of the resources in the EPICenter database that are available to be added to the group.
■ A list of the resources you have selected to add.
4 Select a resource from one of the lists in the Select Resources to be Added panel at the left hand side of the dialog window. You can make your selection from either side of the panel.
The Select Resources to be Added panel is split into two parts:
■ The Component Tree in the left half of the panel displays the groups that contain resources of interest. It may include devices if you have filtering set to display port resources.
The drop-down menu field at the top of the Component Tree lets you select a filter to apply to the resource display. This filter controls the types of resources that are displayed as subcomponents of the groups in the tree.
Groups are always displayed. The following filter choices determine the types of individual resources that are displayed within the groups:
Show All allows resource children of all types to be displayed.
Show Devices shows only Device resources within the groups.
Show Hosts shows only Host resources within the groups.
Show Ports shows only Device and Port resources within the groups.
Show Users shows only User resources within the groups.
EPICenter Reference Guide 231
232
The Grouping Manager
■
Show VLANs shows only VLAN resources within the groups.
The resource list in the right half of the panel displays the resources available within the group you have selected in the Component Tree.
5 Select one or more resources from the list of individual resources, or select a resource group or device from the left-hand list.
6 Click the Add button to add your selections to the Resource Results list. You can select a group in the Component Tree or one or more groups or individual resources from the resource list.
Click the Add All button
Resource Results list.
to add all the individual resources in the right-hand list to the
NOTE
There is an important difference between adding individual resources as children of a group, and adding a group as a child of another group. Adding a group to the results list does not have the same effect as selecting the group in the Component Tree, and then adding its children using the Add All button.
When you add a group as a child of another group, all members of the subgroup (its children) are considered members of the higher level (ancestor) group. As membership in a subgroup changes, so does the membership in the higher level (ancestor) group. Resources added individually, on the other hand, remain as children until they are explicitly removed from the group (or deleted from the EPICenter database).
To search for a resource using the Query function, click the Find button. You can add the results of your query directly into your Resource Results list by selecting the resources you want to add and
7 You can remove resources from the Resource Results list if you change your mind about your selections.
Select one or more resources in the Resource Results list, and click the Remove button to remove the selected resources, and return them to the Resources to be Added list.
Click the Remove All button to clear the Resource Results list.
8 Click OK to add the resources in the Resource Results list to the list of children for this resource, or
Cancel to cancel the Add function.
9 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager prompts you to save your changes. However, you can add and remove children and attributes to the group you have selected in multiple operations before you save.
Click the Cancel button at the bottom of the window to cancel the changes you have made to this group.
Removing A Child Resource from a Group
If you have added a resource as a child of a group, you can remove the resource from that group using the Remove function. This removes the parent-child relationship between the resource and the group.
This does not remove the resource from the EPICenter database, unless it is a user-defined resource and
EPICenter Reference Guide
Adding Relationships to a Resource this is the only instance of the resource. (Removing all instances of a resource is the equivalent of destroying the resource.)
To remove a resource from a group, do the following:
1 Select the parent group in the Component Tree to display the group in the Resource Details window.
2 Select the Children tab to display the resources that are children of the group.
3 Select the resource you want to remove.
4 Click the Remove button at the bottom of the window.
5 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager prompts you to save your changes. However, you can add and remove children and attributes to the group you have selected in multiple operations before you save.
Click the Cancel button at the bottom of the window to cancel the changes you have made to this group.
Note that you can also remove resources by locating them using the Find function, and removing them using the search results list. See
“Searching for a Resource” on page 238
for more information on the
Find function.
Removing a resource from all groups of which it is a member is the equivalent of destroying the resource.
Adding Relationships to a Resource
Individual resources cannot have children. However, certain types of resources (Hosts, Users, or Ports) can have relationships. Devices cannot have either relationships or children.
For example, a Host may have a relationship with a User, which indicates that the User is associated with the IP address of that Host. A Host may also have a relationship with a port, indicating that the host communicates over that port.
These relationships may be used by the Policy Manager applet to create low-level QoS policy rules based on named higher-level objects such as users and hosts. Relationships can be created between the following:
●
●
●
Hosts and Users
Hosts and Ports
Users and Ports
These relationships are always reciprocal: when you create a relationship between two resources, it is added simultaneously to both resources.
1 In the Component Tree, select the resource to which you want to add a relationship, so that it is displayed in the Resource Details view.
2 Click the tab labeled Relationships to display the list of children belonging to this group.
3 Click the Add button at the bottom of the list of Children to display the Add Relationship to Group pop-up dialog, as shown in Figure 110 .
EPICenter Reference Guide 233
The Grouping Manager
Figure 110: Adding Relationships to a Resource
234
This window has two parts:
■ A display of the resources in the EPICenter database that are eligible to be used in a relationship.
■ A list of the relationships you’ve selected to add to the resource.
4 Select a resource from one of the lists in the Select Resources to be Added panel at the left hand side of the dialog window. You can make your selection from either side of the panel.
The Select Resources to be Added panel is split into two parts:
■ The Component Tree in the left half of the panel displays the groups that contain resources of interest.
The drop-down menu field at the top of the Component Tree lets you select a filter to apply to the resource display. You can filter the resources that are presented as children of the groups in the tree.
■
Show All allows resource children of all types to be displayed.
Show Devices shows only Device resources. (However, devices cannot be used in relationships, so nothing is displayed if you select this filter.)
Show Hosts shows only Host resources.
Show Ports shows only Device and Port resources.
Show Users shows only User resources.
Show VLANs shows only VLAN resources. (However, VLAN resources cannot be used in relationships, so nothing is displayed if you select this filter.)
The resource list in the right half of the panel displays the resources available within the group you have selected in the Component Tree. It displays only the types of resources that are eligible to have relationships (host, users, and ports).
5 Select one or more resources in the list, and click the Add button to add your selections to the Resource Results list. You can select a group in the Component Tree or one or more groups or individual resources from the resource list.
EPICenter Reference Guide
Adding Relationships to a Resource
Click the Add All button
Resource Results list.
to add all the individual resources in the right-hand list to the
To search for a resource using the Search function, click the Find button. You can add the results of your query directly into your Resource Results list by selecting the resources you want to add and
clicking the Add button at the bottom of the Search window. See “ Searching for a Resource
,”
on page 238 for more information on the Find function.
6 You can remove resources from the Resource Results list if you change your mind about your selections.
Select one or more resources in the Resource Results list, and click the Remove button to remove the selected resources, and return them to the Resources to be Added list.
Click the Remove All button to clear the Resource Results list.
7 Click OK to add the resources in the Resource Results list to the list of relationships for this resource.
8 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager prompts you to save your changes. However, you can add and remove relationships and attributes in multiple operations on the resource you have selected before you save.
Click the Cancel button at the bottom of the window to cancel the changes you have made to this group.
Removing Relationships from a Resource
To remove a relationship between two resources (Hosts, Users, or Ports) do the following:
1 In the Component Tree, select one of the resources that is involved in the relationship, so that the resource is displayed in the Resource Details window.
2 Select the Relationship tab to display the relationships for the resource.
3 Select the relationship you want to remove.
4 Click the Remove button at the bottom of the window. The relationship is removed both from the resource you are viewing, and from the other resource involved in the relationship.
For example, if Host resource “HostB” has a relationship with user resource “Watson” the relationship appears in the relationship list of both resources. If you display the relationships for resource HostB, and remove the relationship with user Watson, the relationship is removed from the relationship lists of both HostB and Watson.
5 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager prompts you to save your changes. However, you can add and remove relationships and attributes in multiple operations on the resource you’ve selected before you save.
Click the Cancel button at the bottom of the window to cancel the changes you’ve made to this group.
Removing a relationship does not affect the group memberships of either resource.
EPICenter Reference Guide 235
236
The Grouping Manager
NOTE
If you destroy a resource, any relationships with that resource are automatically removed from the other resources involved.
Adding and Removing Attributes
Any resource (individual resources or groups) can have attributes. Attributes are simply name-value pairs that can be used for a number of purposes.
There are four types of attributes:
● Generic —A user-defined attribute not specified as one of the other two types. The value is a string.
You can use this attribute to classify your resources in any way you want, for search purposes.
●
●
IP/Subnet —An IP address and subnet mask. This attribute may be used by the Policy Manager to map a User or Host resource to an IP address.
Netlogin ID —This attribute specifies a Netlogin ID (user ID or host ID) that can be detected by
Netlogin in the switch. Netlogin ID attributes are most commonly created when a resource is imported from an external source such as an NT Domain Controller or NIS that contains user and host information.
●
For Host and User resources, this attribute may be used by the EPICenter Policy Manager. If
Netlogin is enabled on the switches in your network, attribute and relationship information
(mappings between users, hosts, and IP addresses) for host and user resources with Netlogin IDs are maintained automatically.
L4 —This attribute specifies a UDP or TCP port or range of ports. This attribute is used to specify the port(s) for an application. This type of group is only available to Custom Applications. Specifying multiple L4 attributes for an Application resource allows the Application resource to reference different types of ports which are not contiguous.
To view the attributes associated with a resource, do the following:
1 Select the resource in the Component Tree, so that it is displayed in the Resource Details view.
2 Click the Attributes tab. This displays the attributes (if any) associated with the resource, as shown in Figure 111 .
EPICenter Reference Guide
Figure 111: Resource attribute display
Adding and Removing Attributes
To add an attribute to the displayed resource, do the following:
1 Make sure the Attributes page is displayed. If it is not, the Add button is not present.
2 Click the Add button .
The Add Attributes pop-up dialog appears, as shown in Figure 112 .
Figure 112: Adding attributes to a resource
3 Enter the name of the attribute in the Attribute Name field.
4 Select an attribute type from the drop-down list in the Attribute Type field. You can choose from the first three for all groups but Custom Applications. For Custom Applications, L4 is the only allowed attribute type:
EPICenter Reference Guide 237
238
The Grouping Manager
Generic —Any user-defined attribute other than an IP Address or Netlogin ID.
IP/Subnet —An IP address and subnet mask.
Netlogin ID —A User ID or Host ID as it will be detected by Netlogin in the switch.
L4 —A valid UDP or TCP port or range of ports.
5 Enter a value for the attribute:
For a Generic attribute, enter a string.
For an IP/Subnet attribute, fill in the fields provided, and edit the subnet mask specification as appropriate.
For a Netlogin ID, enter a string. In order to be recognized correctly by Netlogin in Extreme switches, this should be the user name (login name) or host name as known within the network.
For an L4 attribute enter a single UDP or TCP port or a range of UDP or TCP ports using the following format: Type/range. For example, both TCP/45 and UDP/34-56 are valid entries.
6 Click OK to enter the attribute into the attribute list.
7 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager prompts you to save your changes. However, you can add and remove relationships and attributes in multiple operations on the resource you’ve selected before you save.
Click the Cancel button at the bottom of the window to cancel the changes you’ve made to this group.
To remove an attribute from the list of attributes, do the following:
1 Select one or more attributes you want to remove.
2 Click the Remove button .
3 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping
Manager window.
Click the Cancel button at the bottom of the window to cancel the changes you have made to this group.
Searching for a Resource
If you have a large number of resources defined in your EPICenter database, it may be cumbersome to find a specific resource in the Component Tree. In addition, you may want to be able to quickly identify all the resources that share a certain attribute. The Grouping Manager’s Search function lets you find resources using any of the resource information fields as well as attributes as search criteria.
A search can be initiated either from the main toolbar, or by using the Find button in the Add Resource or Add Relationship pop-up windows. Setting up and executing the search is the same regardless of where you initiate the search; however, the actions you can take with the results differ depending on where you started from.
The Search Results provide you with the name of the resources that match your criteria, and the paths
(group hierarchy) to where the resources reside within your search scope.
EPICenter Reference Guide
Searching for a Resource
●
●
If you initiate the Search from the main toolbar, you can select one or more resource in the result list, and remove them from their parent groups. See “
Searching from the Main Toolbar
,”
more information. You can double-click a resource in the results list to see where it is located in the
Component Tree.
If you initiate the search from an Add Relationship or Add Resource window, you can select one or more resources in the result list and add them to the Resource Results list in the Add Resource or
Add Relationship window. See “
Searching from the Add Resources or Add Relationship Window
,”
for more information.
Setting up a Resource Search
To search for resources that match criteria you specify, do the following:
1 Click the Find button in the toolbar at the top of the main Grouping Manager window, or click the
Find button in the Add Relationship or Add Resource pop-up windows.
The Search Criteria window is displayed, as shown in Figure 113 .
Figure 113: Searching for a resource
The top half of the window is used to specify your search criteria. The Component Tree is used to define a scope for the search.
EPICenter Reference Guide 239
240
The Grouping Manager
The bottom half of the window contains the results of the search. You can limit the number of results you want to receive in the case of a search that could yield a large number of matches.
2 Enter your search criteria using the fields in the top part of the window. A resource matches the query if it meets all the criteria specified in this section:
■ <ANY> specifies a wildcard match, meaning that any and all values for this item produces a match. There are also two other ways to indicate a wildcard match:
■
■
■
■
The asterisk character * used by itself.
A blank field.
For Resource Name, Resource Description, and Resource Source, enter a string to specify the value you want to match. You can specify a partial match using the wildcard characters * and ?.
■
■
An * indicates a wildcard match of unspecified length. Specifying a Resource Name as “A*n” finds all Resources whose names start with “A” and end with “n.” This would include Ann,
Alan, Allen, Allison, and so on. Using the * by itself is the same as specifying <ANY>.
A ? indicates a single character wildcard. Specifying a Resource Name as “A?n” finds all
Resources whose name start with “A”, and with “n” and having exactly one character in between. This would include Ann and Ayn, but not Alan, Allen or Allison.
For Resource Type, select a specific type from the drop-down menu, or use <ANY> to match on all types.
NOTE
The values you enter into the search criteria fields are combined using a Boolean AND. This means a resource must match all the criteria you specify in these fields in order be included in the search results.
3 Enter any attribute specifications you want to use as search criteria. The process is similar to that used to add attributes to a resource. A resource matches the query if it matches any of the attributes specified in this section: a Enter an attribute name or a partial name using the * and ? wildcard characters. b Select an attribute type from the drop-down list in the Type field, or select <ANY> to match all attribute types. c Enter a value you want to match, or a partial match using the * and ? wildcard characters. d Click the Add button, , to add the attribute specification to the Attribute Criteria list. e To remove an attribute search criteria you have added to the Attribute Criteria list, select the attribute and click the Remove button .
NOTE
Attributes used as search criteria are combined using a Boolean OR. This means that a resource that matches all the criteria specified in search criteria fields (in the top part of the window) and that matches any one (or more) of the attribute criteria, are included in the search results.
4 Specify a Scope for the search from the Component Tree at the left side of Search Criteria area. The scope limits the search to the group you select, and its subordinate groups. By default the scope is set to the root-level group “Groups,” which means all groups are searched.
5 To reset all the criteria to their defaults (<ANY>) and to clear the Attribute Criteria list, click the
Reset button at the bottom of the window.
EPICenter Reference Guide
Searching for a Resource
6 At the top of the Results portion of the window, select from the drop-down menu a limit for the number of matches you want to see. All indicates you want to see all matches. You can limit the results to 1, 10, 50, or 100 matches. The actual number of matches found are displayed next to this field.
7 Click the Query button to initiate the search. The results are displayed in the bottom portion of the window. The list becomes a scrolling list if the number of results requires it.
For each match, the results display the following:
■ Resource ID : A unique internal number provided by the EPICenter software. This may be useful to distinguish between resources if you happen to have created several resources with the same name.
■
■
Resource Name : The name of the resource.
Path : The path through the Group hierarchy to the location of the resource.
Note that an individual resource (i.e., the same Name and ID) may appear multiple times in this list if it is a child of multiple groups.
Once the list is complete, you can select resources in the Results list and take actions, depending on how you initiated the Find function. The buttons at the bottom of the window are slightly different depending on where you initiated the Find. See the following sections, “
,” and “
Searching from the Add Resources or Add Relationship Window ,” on page 242
, for details on how you can use the results of the search.
Searching from the Main Toolbar
When you initiate a search from the Main Toolbar, you can use the results to determine where a resource is used—i.e., to find out what groups it belongs to. Since a resource can be a child of multiple groups, this lets you identify all the parents of a particular resource. In particular, before you delete a resource from the EPICenter database, you may want to make sure that you know all the places it is being used to avoid problems when you remove it. Once you find a resource using the Find function from the main toolbar, you can remove instances of the resource directly from the Find window.
Setting up a search is the same regardless of where you initiate the Find function. This is describe in the section “
Setting up a Resource Search ,” on page 239 .
To remove resources you have identified with the Search function, do the following:
1 Select and highlight the resource or resources you want to remove.
You can double-click on the resource and its location is highlighted in the Component Tree.
2 Click the Remove button to remove those resources from the locations specified in the Results entries you’ve selected.
The results list may present multiple entries for a given resource, if the resource is a child of multiple groups. You can remove a resource from specific groups on an individual basis without removing it from the EPICenter database.
The Remove function is subject to the same restrictions as removing resource children through the
Resource Details window. If the resource is a system or imported resource (its source is EPICenter, a file, LDAP database etc.) you cannot remove the resource from it’s “home” group—the group in which it was initially created. If the function is a user-defined resource (source is “Manual”), removing it from all groups deletes it from the EPICenter database.
When you are finished, click the OK button to close the window.
EPICenter Reference Guide 241
242
The Grouping Manager
Searching from the Add Resources or Add Relationship Window
When you initiate a search from the Add Resources or Add Relationship window, you can identify resources with a common set of attributes, which can simplify the process of finding the attributes you want to include in a group. Once you find a set of resource using the Find function from the Add
Resources or Add Relationship windows, you can add those resources directly from the Find window to the Resource Results list of the “Add...” window.
Setting up a search is the same regardless of where you initiate the Find function. This is describe in the section “
Setting up a Resource Search ,” on page 239 .
NOTE
When you do a search from the Add Resources or Add Relationship windows, the results includes only those resources that are relevant to the Add function you are performing.
To add resources you have identified with the Search function to the Resource Results list of the Add
Resources or Add Relationship windows, do the following:
1 Select and highlight the resource or resources you want to add.
2 Click the Add button to add those resources to the Resource Results list.
The selected resources are added to the list, and the Search window is closed.
To close the Search window without adding any resources, click the Cancel button.
Importing Resources
The Import feature allows you to import user and host resource definitions, and groups containing those resources, from a source external to the EPICenter system. You can import from an NT Domain server, an NIS server, or an LDAP directory. You can also import host and user resource definitions from a tab-delimited text file.
●
●
●
Importing from a text file requires a tab-delimited file in a very specific format.
Importing from an LDAP directory requires an import specification file that defines how to map entries in the LDAP directory to resources and their attributes.
Importing default domain information from an NT Domain server or an NIS server does not require any special preparation.
NOTE
If you import information from an LDAP server or NT Domain Controller, that information becomes visible to all
EPICenter users. If this is a security concern, you may want to consider exporting information from the NT Domain
Controller or LDAP directory to a file, and using that to create an import file that contains only the information that you want to be visible through EPICenter Grouping Manager.
Imported resources are placed under a group created in the Import Sources group (one of the predefined EPICenter groups). The name you specify in the Source Name field of the Import dialog is used as the group name.
EPICenter Reference Guide
Importing Resources
You can perform the same import operation (importing from the same source) multiple times. Once an import is complete, subsequent imports from the same source acts as an update:
●
●
Existing resources are left intact (including any attributes you may have added).
New resources are added.
●
●
Resources that have been removed from the source are deleted from the EPICenter database.
Changes is group memberships and changes in relationships are enacted.
To import resources from an external source, do the following:
1 Click the Import button in the toolbar at the top of the main Grouping Manager window. The
Import Resources window is displayed (see Figure 114 ).
Figure 114: Importing resources
2 Select the type of source from which you want to import information.
■ Select NT Domain Controller/NIS to import information from the default Windows Domain
Controller or NIS server. This imports information about users, hosts (stations), and user groups.
See
“Importing from an NT Domain Controller or NIS Server” on page 248 for more detailed
information.
■ Select LDAP to import information from an LDAP directory.
See
“Importing from an LDAP Directory” on page 244 for information on modifying the file
containing the LDAP import mapping specification.
■
■
Select File to import information from a tab-delimited text file.
See
“Importing from a File” on page 245
for information on creating the import text file.
In the Source Name field, enter a name that identifies the source of the imported resources. This name is used for two purposes:
■
■
It is used to create a group under which all the resources imported in this operation are placed. The group is created under the Import Sources group.
It appears in the Source field of the Resource Details view, or in the Source column when the resource is displayed as a child of group, for all resources imported from this source. It can be used as a search criteria in the Find function.
3 Click Import to begin the import process. The import button is not enabled until you enter a source name.
Progress during the import is displayed in a pop-up window, as shown in Figure 115 .
EPICenter Reference Guide 243
The Grouping Manager
Figure 115: Monitoring the progress of an Import function
244
4 When the process has completed, click OK.
If you are importing from a large source, the import process can take several minutes.
The new group and resources are available under the Import Sources group in the Component Tree.
If errors occur in the import process, it is possible that no data is imported. This can result in an empty import group in the Import Sources tree. Once you fix the problems, you can rerun the import.
Importing from an LDAP Directory
The EPICenter Grouping Manager supports importing groups, users, and hosts from a LDAP directory.
The import process uses a TCL script to extract the requested data from the LDAP directory, and create a text file that specifies how the resources should be added to the EPICenter database. This file is in the
same format as the import file discussed in “Importing from a File” on page 245
.
The import process uses an import specification file that defines the following:
● The information you want to extract from the directory.
● How to map that data to groups, resources, and attributes in the EPICenter Grouping module.
The specification file must be named
LDAPConfig.txt
, and must reside in the EPICenter user/import directory.
You can use the
LDAPConfig.txt
file provided in the EPICenter user/import
directory as a template.
You should only need to modify three lines in this file: host
: The name of the host where the directory resides.
user
: The username, if required, to allow access to the directory.
password
: The password, if required, to allow access to the directory.
NOTE
The information below is provided as an aid to importing data from LDAP directories with schemas that differ from the template provided. However, Extreme Networks cannot provide support for modifications to the template file other than the three changes mentioned above.
EPICenter Reference Guide
Importing Resources
If your LDAP directory is organized differently, you can modify the LDAPConfig.txt
file to meet your individual needs. This requires that you understand the organizational structure of the directory from which you want to import data.
The
LDAPConfig.txt
file must include the following entries: base : Specifies the LDAP naming context. Leave this blank to use the default LDAP naming context.
This is required.
attributes : Specifies the attributes that you want to import into the EPICenter database from entries in the LDAP directory. By default, all imported attributes are considered type Generic.You can specify an EPICenter attribute type (Generic, IP/subnet, or Netlogin ID) by enclosing both the attribute name and the EPICenter attribute type in curly brackets, as shown: {uid {Netlogin ID}} .
This is required.
uniqueID
: Specifies the attribute that should be used in the EPICenter database as the ID for this resource. This is required.
scope : The scope of the search (base, sub, one). This is required.
groupBy : The attribute that should be used to create EPICenter sub-groups within the imported group structure. This is optional. memberNameAttribute
: The attribute that should be used to define the child entry in a group.
resourceName : The attribute that should be used as the displayed name of the resource within the
EPICenter Grouping Manager. This is required.
filterList : Defines the search criteria. Because of the limits on the amount of data that a search returns in one operation, you may need to split your search into multiple operations, as is done in the example file. This is required.
objectClassMapping
: This maps an LDAP entry to a Grouping Manager resource type based on the object class of the entry. You will need multiple entries of this type. The name-value pair contains the
EPICenter resource type on the left, and either the LDAP object class specification or an EPICenter resource type of the right.
For example, the following line specifies that entries whose object class is “organizationalPerson” should be imported as user resources. objectClassMapping: user=organizationalPerson person Top
The following line specifies that user resources can be group members.
objectClassMapping: groupmember=user
At least one mapping specification is required. You can comment out resource types that you don’t need to use in the sample file, or leave them. They are ignored if not defined.
Importing from a File
To import data from a text file, you define the resources you want to import in a tab-delimited text file.
The elements on each line are separated by tabs.
The Import File Format
The simplest way to create this file is to enter it in a spreadsheet program such as Microsoft Excel, and then export it as tab-delimited text.
The elements on each line are separated by tabs.
EPICenter Reference Guide 245
246
The Grouping Manager
Format Definitions. The first three lines are required. They define the format of the data that follows. The first three lines are:
#SYNTAX VERSION:1.0
Resource_UniqueName <tab> Resource_Type <tab> Resource_Name [ <tab> attribute ... ]
<tab> <tab> <tab> (<attribute_type>) [ <tab> (<attribute_type>) ...]
The first line simply defines the version of the import syntax:
#SYNTAX VERSION:1.0
Enter this exactly as specified.
The second line defines the mapping of the data in the file to EPICenter resources:
Resource_UniqueName <tab> Resource_Type <tab> Resource_Name [ <tab> attribute ... ]
●
●
The first three items are required:
■ Resource_UniqueName
specifies that the first field maps to the unique ID.
■
■
Resource_Type
specifies that the second field defines the resource type (user, host, group, device, or port).
ResourceName
specifies that the third field maps to the resource name. This is the name that appears as the name of the resource in the Grouping Manager.
The remaining items on the line define the attributes that can be included for each resource. The names you specify here are used as the attribute names in the Grouping Manager.
The third line defines the type of each attribute (Generic, IP/subnet, or Netlogin ID).
<tab> <tab> <tab> (<attribute_type>) [ <tab> (<attribute_type>) ...]
Each type specifier must be enclosed by parenthesis, and separated from the preceding type specifier by a tab. Three tabs must precede the first type specifier.
●
●
The items in this line define the type of each attribute defined in line two. You must include a type specification for every attribute included in line two.
The first three items in line two do not require a type (as they are predefined). You skip these by including the three tabs before the first type specifier.
Resource Definitions. The remaining lines in the first section define the resources to be imported. Each resource must include the uniqueID, the resource type, and a name. Attribute values are optional, and are assigned in the order presented on the line (separated by tabs). These lines are formatted as follows:
●
●
● uniqueID1 <tab> <resource_type> <tab> resource_name1 <tab> {attribute <tab> ... } uniqueID2 <tab> <resource_type> <tab> resource_name2 <tab> {attribute <tab> ... }
...
uniqueIDn <tab> <resource_type> <tab> resource_nameN <tab> {attribute <tab> ... }
● uniqueID
is used as the resource’s unique name. It can be the same or different from the resource name. For a device, the uniqueID must be the device IP address. For a port it is the IP address of the device followed by the port number. resource_type can be user , host , group , device , or port . resource_name
is the name that is displayed as the name of the resource.
attribute
defines the value of the attribute that corresponds to this position in the list.
EPICenter Reference Guide
Importing Resources
The combination of uniqueID and resource_type must be unique within this section. Duplicate definitions generate a warning.
For example, assume the following format definition at the beginning of the import file:
Resource_UniqueName Resource_Type Resource_Name Location Department RoomNo
To create a user resource named Judy Jones, with three attributes:
■ Location, whose value is Denver
■
■
Department, whose value is Sales
RoomNo whose value is 3050
Enter a resource definition as follows: judy user Judy Jones Denver Sales 3050
You cannot use the Import function to create new device or port resources. You can import attributes for device and port resources, and define relationships for them. The device and port resources must already exist in the EPICenter database, and the names you specify must match their names in the database.
See “ Resource Details ,” on page 226
for more information on the components of a resource.
Group and Relationship Definitions. The second part of the file defines the relationships between the
resources—both group membership and relationships between the resources themselves (see “ Adding
Relationships to a Resource ,” on page 233 for more information about relationships).
The #GROUPS# specification is required, even if you do not define any groups.
#GROUPS#
Each line in this section has the following form:
<resource_type>:<resource_uniqueID> <tab> <resource_type>:<resource_uniqueID>
<resource_type>:<resource_uniqueID> <tab> <resource_type>:<resource_uniqueID>
●
● resource_type can be user , host , group , device , or port . A group that exists in the EPICenter database (and is not defined in the import file) can be specified as a child of an imported group, but the reverse is not supported. resource_uniqueID is the unique ID defined in the first part of the file (or known to exist already in the EPICenter database).
For creating group membership relationships, the first type:ID pair defines the parent, the second one defines the child. Thus, the first pair must always be a group. The second pair can be a group or an individual resource.
For defining peer-to-peer relationships, (user-host, user-port, and host-port relationships) either member of the relationship can be specified first.
EPICenter Reference Guide 247
248
The Grouping Manager
Example
The following is an example of an import file.
#SYNTAX VERSION:1.0
Resource_UniqueName Resource_TypeResource_Name IP Address DLCS OSType wendy heidi pam eric mary win2k host1 host2 host3 host4 user user user user user host host host host host
Wendy Lee
Heidi Smith
Pam Johnson
Eric Wilson
Mary Baker win2k host1 host2 host3 host4
10.20.30.2
10.20.30.4
10.20.30.5
10.20.30.6
10.20.30.7
wlee windows NMS
HPUX NMS
Solaris NMS windows SQA
Solaris SQA
Dept
NMS
NMS
SQA
SQA
NMS ugr1 ugr2 hgr1 dgr1 switch portgr group group group group group group
SQA dev hostgr1 eng1 switch portgr
#GROUPS# group:ugr1 group:ugr1 group:ugr1 group:ugr2 group:ugr2 group:hgr1 group:hgr1 group:hgr1 user:wendy user:heidi user:mary user:pam user:eric host:win2k host:host1 host:host2 group:dgr1 group:dgr1 host:host3 host:host4
## Host to User Relation user:wendy host:win2k user:heidi host:host1 user:mary host:host3 host:host4 host:host2 user:pam user:eric
Importing from an NT Domain Controller or NIS Server
Importing from an NT Domain Controller or NIS server is straightforward. The import is always done from the Domain Controller or NIS server that is serving the domain for the system running the
EPICenter server. The type of system you are running determines where the EPICenter server looks for the information.
In order to import information from an NT Domain Controller, the EPICenter server must be running with the appropriate user permissions in order to extract the information from the Domain Controller.
EPICenter Reference Guide
Importing Resources
NOTE
If you import information from an NT Domain Controller, that information becomes visible to all EPICenter user. If this is a security concern, you may want to consider exporting information from the NT Domain Controller to a file, and using that to create an import file that contains only the information that you want to be visible through
EPICenter Grouping Manager.
The import process imports the following information:
● For users: username, fullname, description.
●
●
For hosts: hostname, description, primary IP address.
For groups (users only): name, description, usernames of members.
The import process creates a file, import.txt
, in the user/import
subdirectory.
EPICenter Reference Guide 249
The Grouping Manager
250 EPICenter Reference Guide
9
Using the IP/MAC Address Finder
This chapter describes how to use the IP/MAC Address Finder applet for:
●
●
Creating search requests for locating specific MAC or IP addresses, and determining the devices and ports where they are located.
Creating search requests to identify the MAC and IP addresses on specific devices and ports.
Overview of the IP/MAC Address Finder
Using the IP/MAC Address Finder feature you can specify a set of Media Access Control (MAC) or
Internet Protocol (IP) network addresses, and a set of network devices to query for those addresses. The applet returns a list of the devices and ports associated with those addresses. You can also specify a set of devices and ports, and search for all MAC and IP addresses that appear on those devices and ports.
The Search Tool lets you configure and start a search task, view the status of the task, view the task results, and export the results either to your local system or to the EPICenter server system. The task specification and results are kept in the task list until you delete them, or until you end your EPICenter client session by logging out.
The IP/MAC Address Finder supports two types of searches: a Database search, that looks for a MAC or IP address among edge port information maintained in the EPICenter database, and a Network search, that searches switches on the network for the specified MAC or IP addresses.
If you have configured EPICenter to do MAC polling, EPICenter maintains in its own database the information it learns about edge ports from the switches it polls. (See
for information on setting MAC Poller properties to enable MAC polling). In this case, the
IP/MAC Address Finder can search for addresses within the database rather than searching over the network. If you do not have MAC polling enabled, the IP/MAC Address Finder will always do a network search.
In a network search the IP/MAC Address Finder searches the IP Address Translation Table (the ipNetToMediaTable ) in each device agent for IP addresses, and the Forwarding Database (FDB) for
MAC addresses of the switches in your search domain to find address information. If you specify a search for a specific IP address, the IP/MAC Address Finder will attempt to ping that address from the switches you have included in the search domain.
IP/MAC Address Finder Functions
The IP/MAC Address Finder feature does not provide any feature-specific menus. The four standard
EPICenter menus are available (EPICenter, Display, Tools and Help). However, the functions on the
Display and Tools menus are not available. Right-click pop-up menus are also not available in this feature.
For information on the standard EPICenter menu functions, see
“EPICenter Menus” on page 32 .
EPICenter Reference Guide 251
252
Using the IP/MAC Address Finder
The buttons at the top of the IP/MAC Address Finder applet provide the following functions:
Table 22: IP/MAC Address Finder Function Buttons
Up
Down
Find
Help
Moves the selection (focus) up in the Task Component Tree.
Moves the selection (focus) down in the Task Component Tree.
Displays the Find IP and MAC addresses window where you can specify a search task.
Displays the online Help for the IP/MAC Finder applet (same as the Applet Help command from the Help menu).
ExtremeWare Software Requirements
The IP/MAC AddressFinder applet requires certain versions of ExtremeWare to be running on your
Extreme switch in order to retrieve data from an IP address or MAC address search task.
Table 23 lists versions of ExtremeWare and whether or not they are currently supported by the IP/MAC address applet.
Table 23: ExtremeWare Requirements for Using the IP/MAC Address Applet
ExtremeWare Version
6.1.5
6.1.6 through 6.1.9
6.2 and later
Requirements
Not supported.
Supported using the using the dot1dTpFdbTable. Use the enable snmp dot1dTpFdbTable command to enable the dot1dTpFdbTable on the switch.
Fully supported using a private MIB.
Tasks List Summary Window
When you click the Find IP/MAC button in the Navigation Toolbar, the main IP/MAC Address Finder page is displayed as shown in Figure 116 . Initially there are no search requests displayed.
As search tasks are initiated, they are placed in the Find Address Tasks List in the Component Tree.
Selecting the Find Address Tasks folder in the Component Tree displays a summary of the status of the tasks in the Task List (see Figure 116 ).
EPICenter Reference Guide
Figure 116: Tasks List summary
Tasks List Summary Window
The Tasks List shows you basic information about the tasks you set up:
ID
Name
Search Type
Status
Date Submitted
Date Completed
Automatically assigned by the EPICenter server.
The name you gave the task when you created it. Giving a task a unique name is important to distinguish it from other tasks in the Tasks List.
The type of search this will perform (Database of Network).
Shows the status of the request.
Shows the date and time the task was submitted.
Shows the date and time the task was finished.
From the Tasks List you can perform the following functions:
Cancel
Delete
ReRun
Clone
Export
Export Local
Select a Pending task and click Cancel to cancel the task before it has completed.
Select a task and click Delete to delete an individual task. This deletes the task specification as well as the task results. Once a task has completed, it cannot be rerun unless it is the most recent task completed.
Select a task and click ReRun to execute the task again
Select a task and click Clone to bring up the Find Addresses window with the specifications of the selected task already displayed.
Select a task and click Export to export the task details to a text file. See “Exporting
Task Results to a Text File” on page 259 for more information.
Select a task and click Export Local to export the task details locally to a text file on your client system. You can only use this feature if you are running the stand-alone client on your local system. If you are using the browser-based client, this button will
be grayed out. See “Exporting Task Results to a Text File” on page 259 for more
information.
EPICenter Reference Guide 253
Using the IP/MAC Address Finder
NOTE
The specified tasks and their search results persist as long as you are running the EPICenter client, even if you leave the IP/MAC Address Finder applet and go to another EPICenter applet. However, when you exit the EPICenter client, all the task specifications and search results are deleted.
Creating a Search Task
To create a search task, click the Find button in the Tool bar at the top of the IP/MAC Address
Finder page. This displays the Find IP and MAC Addresses window ( Figure 117 ).
NOTE
If you have already submitted a task, the most recent task with its specifications is displayed in the Find Addresses window.
Figure 117: Find IP and MAC Addresses window
254 EPICenter Reference Guide
Creating a Search Task
The fields in this window are as follows:
Task Name A user-defined name for the task. The name helps you identify the task in the Find
Address Tasks List. Names of the form Task1, Task2 and so on are provided by default.
The search criteria for addresses to find Search Targets
Enter an Address area The addresses to be located:
• IP lets you enter an IP address (as four octets).
• MAC lets you enter a MAC address (as six hexadecimal tuples).
• All specifies that the IP/MAC Address Finder should find all addresses in the Target
Domain.
• WildCard enables a search for a MAC address defined only by the first three hexadecimal tuples.
Adds the specified address to the Addresses to Find list. Add
Remove Address
Addresses to Find
Search Type
Database
Removes selected addresses from the Addresses to Find list.
Lists the addresses to find based on search criteria specified in the Enter an Address area.
Define the search type: Database or Network.
Database performs a search from the EPICenter database using the collected edge port information. EPICenter does not report unreachable devices with this type of search.
This option results in a much faster search.
Network
Search Domains
Source Type
A database search will not be available if MAC Polling is disabled; see “MAC Polling
for information on enabling or disabling MAC Polling.
Network performs a search from the network by searching the devices in the search domain. This option may take longer to complete, but can provide more current results.
If you perform a network search, EPICenter reports unreachable devices.
Define the search domain criteria (the devices to be searched) for a Network search.
Note: No search domain can be specified if you are doing a Database search.
Specifies the type of elements that will appear in the search domains list, from which you can select to add to the Target Domain.
Devices: Displays a list of individual devices from the device group specified in the
Select Group field.
Device Groups: Displays a list of device groups (domains).
Select Group
Devices/Domains
/Ports/Port Groups
Add
Remove
Ports: Displays devices and ports from the device group specified in the Select Group field.
Port Groups: Displays a list of Port Groups.
If you select Devices or Ports as the Source Type, you must also select a Device Group from the Select Group field to define the list of devices that will appear in the Devices list. If you select Device Groups or Port Groups, this field will be inactive.
Select a device group, to display the devices in that group in the search domains list.
Displays a list of components from which you can select to include in the Target
Domains list. The types of components available in this list is determined by your selection in the Source Type field.
Moves the selected component to the Target Domains list.
Removes the selected component from the Target Domains list.
EPICenter Reference Guide 255
256
Using the IP/MAC Address Finder
Remove All
Target Domains
Removes all components from the Target Domains list.
Lists the devices, device groups (domains), ports, or port groups to be included in the search. Devices not included in the Target Domain will not be searched.
Select the Device, Port, Device Group, or Port Group that you want to search and click the Add button to move it into the Target Domains list.
For each item you have added to the Target list, the following is displayed:
Type: The type of target—Devices, Device Groups, Ports, Port Groups
Value: The name, IP address, or port number of the selected target
Device Status: If the target is a device or port, shows the status of the device: Online or
Offline/Down
To remove a member from the Target Domains list, select the item in the list and click
Remove. To clear the Target Domains list, click Remove All.
To create a search task to do a Database search:
1 Provide a name in the Task Name field.
2 Define the search targets.
You can paste a MAC address or IP address into the address field; place the cursor into the first cell of the address and paste an address you have copied, using your system’s keyboard paste command
(Ctrl-V in Windows). For example, you might copy an address from a report or a syslog entry to paste into the IP/MAC Address Finder.
3 Select Database as the search type.
4 Click the Submit button at the bottom of the window to initiate the search.
NOTE
A Database search is only available if you have MAC Polling Enabled. If you specify a database search, you cannot specify a search domain; the entire EPICenter database will be searched.
To create a search task to do a Network search:
1 Provide a name in the Task Name field.
2 Define the search targets.
3 Select Network as the search type.
4 Define the search domain. The Target Domains list specifies the scope of the devices to be included in the search. Devices not included in this domain are not searched.
Select the devices, ports, Device Groups, or Port Groups that you want to search and click the Add button to move them into the Target Domains list.
You can create a target domain that includes a combination of these specifications.
NOTE
The IP/MAC Address Finder applet does not support hierarchical port groups. If you have created port groups in the Grouping Manager that include subgroups as members, those subgroups will not appear in the Target
Domains list. Instead, any ports that are members of subgroups will be displayed directly under the top-level port group, as if they are members of the top-level group.
5 When you have completed your search specification, click the Submit button at the bottom of the window to initiate the search.
EPICenter Reference Guide
Detailed Task View
The IP/MAC Address Finder applet searches the IP Address Translation Table (the ipNetToMediaTable ) in each device agent for IP addresses, and the Forwarding Database (FDB) for
MAC addresses.
NOTE
The IP/MAC Address Finder applet will not identify a device’s own IP address when you search for IP addresses on that device. In other words, the applet will not find IP address 10.2.3.4 on the switch whose address is 10.2.3.4. It can only find addresses that are in the agent’s IP Address Translation table, and a device’s own address is not included in the table. The applet will find the address on the other switches that have connectivity to the switch with the target IP address, however.
NOTE
Each search task can return a maximum of 2,000 MAC address entries. If a search returns more than 2,000 entries, a warning message is displayed in the status window. If you see a warning message, add additional search constraints to reduce the number of returned MAC addresses to less than 2,000.
Detailed Task View
When you initiate a search, the task is placed in the Find Address Tasks list in the Component Tree. The main panel displays the Detailed Task View for the current search task.
While the task is in progress, the window shows the status as Pending. When the search is complete, the Detailed Task View shows the results for the search ( Figure 118 ).
EPICenter Reference Guide 257
Using the IP/MAC Address Finder
Figure 118: Address search results in the Detailed Task view
258
The Detailed Task View shows the following information about your search:
Task Name
Status
Search Type
Submitted
Ended
The name you gave the task when you created it. Giving a task a unique name is important to distinguish it from other tasks in the Tasks List.
Shows the status of the request.
The type of search (Database or Network).
Shows the date and time the task was submitted.
Shows the date and time the task was finished.
The Search Criteria areas shows:
Addresses to Find
Search Domains
The list of IP or MAC addresses that were the object of the search
For a Network search only, the Search Domains where the search took place. This will be empty when the search type is Database.
For a Network search, the Search Domains lists shows:
Type: The type (Devices, Device Groups, Ports, Port Groups) of the components in the domain specification
Value: The name of the component (group or device name)
Device Status: If the target is a device or port, shows the status of the device: Online or
Offline/Down
EPICenter Reference Guide
Detailed Task View
The Search Results list shows the results of the search. For every address successfully located, this list shows:
MAC Address
IP Address
Switch
Port
User
The MAC address
The corresponding IP address
The switch to which the address is connected
The port to which the address is connected
The User (name) currently logged in at that address
Once the search is complete, the search results will stay in the Tasks List until you explicitly delete them using the Delete Function from the Tasks List Summary View, or until you exit the EPICenter client.
From the Task Detail window you can do the following:
Cancel
Delete
ReRun
Clone
Export
Export Local
Cancel a running task.
Delete this task. This deletes the task specification as well as the task results.
Execute the task again.
Bring up the Find Addresses window with the specifications of the selected task already displayed.
Export task search results to a text file on the server machine. See “Exporting Task Results to a
Text File” on page 259 for more information.
Export task search results locally to a text file on your client system. You can only use this feature if you are running the stand-alone client on your local system. If you are using the
The text field located above the action buttons (Delete, ReRun, Clone) provides search status details, such as a list of devices that are offline or not reachable.
Exporting Task Results to a Text File
You can export a task’s detail results or search results to a text file. You can do this from the Tasks List.
To export the detail or search results to a file, do the following:
1 From the Detailed Task View, click the Export button to save the file on the EPICenter server. Click the Export Local button if you are running the client on a remote system and you want to save the file locally.
If you select Export, the Export pop-up dialog is displayed.
If you select Export Local, a Save File dialog is displayed.
2 Enter a file name and subdirectory name in the fields provided.
If you select Export:
■
■
Detail and search result files for a task are saved in the EPICenter user.war/AddressFinderResults directory, which is a subdirectory of the EPICenter installation directory. You can optionally specify a subdirectory within the AddressFinderResults directory by entering the subdirectory name into the Directory field.
By default, a search result exported file will be given a name created from the current date, time, and task name. For example, the results for task “Task 2” run on April 25, 2006 at 3:52 pm will be saved in a file named 2006_4_25_1552_Task 2.txt
. You can change the file name by replacing the name in the File Name field.
EPICenter Reference Guide 259
Using the IP/MAC Address Finder
If you select Export Local:
■ Select the location where you want the file to be saved.
■ You must provide a file name, it is not predefined for this option.
3 Click the Apply button to save the results.
Click Reset to clear all the fields.
Click Close to close the dialog without saving the file.
260 EPICenter Reference Guide
10
Real-Time Statistics
This chapter describes how to use the Real-Time Statistics applet for:
● Viewing percentage utilization or total errors data for multiple ports in an Extreme Networks switch, a switch slot, or a port group.
● Viewing historical utilization, total errors, or individual errors data for a specific port on an Extreme
Networks switch.
Overview of Real-Time Statistics
The Real-Time Statistics feature of the EPICenter software enables you to view a graphical presentation of utilization and error statistics for Extreme Networks switches in real time. The data is taken from
Management Information Base (MIB) objects in the etherHistory table of the Remote Monitoring
(RMON) MIB. The Real-Time Statistics function is supported only for Extreme Networks switches.
NOTE
You must have RMON enabled on the switch in order to collect real-time statistics for the switch. You can enable
RMON for a switch using the “enable rmon” CLI command.
You can view data for multiple ports on a device, device slot, or within a port group, and optionally limit the display to the “top N” ports (where N is a number you can configure). If you choose to view multiple ports, the display shows data for the most recent sampling interval for the selected set of ports.
The display is updated every sampling interval.
You can also view historical statistics for a single port. If you choose to view a single port, the display shows the value of the selected variable(s) over time, based on the number of datapoints the MIB maintains in the etherHistory table.
You can choose from a variety of styles of charts and graphs as well as a tabular display.
You can view the following types of data:
Percent Utilization
Total Errors
Individual Errors
Error Variables
The percent of utilization for each port in the set (device, port group, or single port). This percent reports the value of the etherHistoryUtilization MIB object.
The MIB defines this variable as the best estimate of the mean physical layer network utilization on this interface during this sampling interval, graphed in percents.
Total number or errors for each port in the set (device, port group, or single port). Total Errors is the sum of the six error variables shown below.
The number of individual errors for a single port. An individual errors display shows the six error variables shown below.
RMON etherHistory error variables for port error displays.
EPICenter Reference Guide 261
262
Real-Time Statistics
• etherHistoryCRCAlignErrors
• etherHistoryUndersizePkts
• etherHistoryOversizePkts
• etherHistoryFragments
• etherHistoryJabbers
• etherHistoryCollisions
The number of packets received during this sampling interval that had a length between 64 and 1518 octets, inclusive (excluding framing bits but including
Frame Check Sequence (FCS) octets), but that had either a bad FCS with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
The number of packets received during this sampling interval that were less than 64 octets long (excluding framing bits but including FCS octets) and were otherwise well formed.
The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets) but were otherwise well formed.
The total number of packets received during this sampling interval that were less than 64 octets in length (excluding framing bits but including FCS octets) had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets
(Alignment Error).
The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets
(FCS Error) or a bad FCS with a non-integral number of octets (Alignment
Error).
The best estimate of the total number of collisions on this Ethernet segment during this sampling interval.
You can choose to have the component tree show the device name only, the device name followed by the IP address in parentheses, or the device IP address followed by the device name in parentheses. See
Chapter 14 , “Administering EPICenter” for more details about how to display the device in the
component tree.
Real-Time Statistics Functions
There are multiple ways to invoke the functions provided by the Real-Time Statistics:
● Using the menus at the top of the main applet frame
●
●
Using the function buttons shown directly below the EPICenter menus
Using commands from a pop-up menu that appears when you right-click on a device or device group entry in the Component Tree, or when you right-click on a device node on the Topology or
EAPS map.
For simplicity, most of the instructions in this chapter only specify a one method of invoking a function
(usually the function button).
EPICenter Reference Guide
Real-Time Statistics Functions
Real-Time Statistics Function Buttons
The buttons at the top of the main Real-Time Statistics applet provide the following functions:
Table 24: Real-Time Statistics Function Buttons
Select this to determine whether the display for a device or port group will include all ports, or only the top N ports (where N is initially fifteen). Click the icon to toggle between the red X, which indicates the top N limitation is not in effect, and a green check, which indicates that the top N ports are being displayed. The top N ports are displayed in order from highest (largest percent utilization or largest total errors) to lowest. The number of ports (N) is a user-configurable setting.
This option is available only for multi-port displays.
Select this to display the data as a line graph. This chart type is especially useful when displaying individual errors for a single port.
Select this to display the data as a pie chart. This chart type is available only when you are displaying statistics for multiple ports on a device, device slot, or in a port group. The maximum number of slices in the pie is a user-configurable setting. It is initially set to display 10 slices.
Select this to display the data as a bar chart. A 3D bar chart is the default for all chart displays.
The 3D setting is also a user-configurable option.
Select this to display the data as a horizontal bar chart. This chart type by default displays in 3D.
The 3D setting is also a user-configurable option.
Select this to display the data as a stacked bar chart. This chart type is only available when you are displaying individual errors for a single port.
Select this to display the data as an area chart. This chart type by default displays in 3D. The 3D setting is also a user-configurable option.
Select this to display the data as a table.
Select this to zoom in on (magnify) the size of the display. You can select this repeatedly to zoom up to three times the screen size.
Select this to zoom out (shrink) the size of the display. You can select this repeatedly until the chart is the desired size.
Select this to display grid lines on the background of the chart.
Determines whether the graph data is updated automatically at every sampling interval. Click on the icon to toggle between continuous updates, and suspended updates.
Select this to take a “snapshot” of the graph or table view of the current real-time statistics data.
Select this to bring up the graph preferences pop-up window. You can change a variety of settings, such as graph and data colors, the sampling interval, or the number of ports in a top N display.
These functions can also be accessed through the Statistics menu.
EPICenter Reference Guide 263
264
Real-Time Statistics
The Statistics Menu
EPICenter provides a set of menus at the top of the main applet frame. Most of these are standard across all the EPICenter applets, and are described in
“EPICenter Menus” on page 32 .
The Real-Time Statistics Manager provides an additional menu, Statistics, that contains commands unique to the Real-Time Statistics Manager. The Statistics menu contains the following items:
Table 25: The Statistics Menu
Top 15
Line
Pie
Toggles between the red X, which indicates the top N limitation is not in effect, and a green check, which indicates that the top N ports are being displayed. The top N ports are displayed in order from highest (largest percent utilization or largest total errors) to lowest. The number of ports (N) is a user-configurable setting. This option is available only for multi-port displays.
Displays the data as a line graph. This chart type is especially useful when displaying individual errors for a single port.
Displays the data as a pie chart. This chart type is available only when you are displaying statistics for multiple ports on a device, device slot, or in a port group. The maximum number of slices in the pie is a user-configurable setting. It is initially set to display 10 slices.
Bar Displays the data as a bar chart. A 3D bar chart is the default for all chart displays. The 3D setting is also a user-configurable option.
Horizontal Bar Displays the data as a horizontal bar chart. This chart type by default displays in 3D. The 3D setting is also a user-configurable option.
Stacking Bar
Area
Displays the data as a stacked bar chart. This chart type is only available when you are displaying individual errors for a single port.
Displays the data as an area chart. This chart type by default displays in 3D. The 3D setting is also a user-configurable option.
Table
In
Out
Grid
Pause
Displays the data as a table.
Zooms in on (magnifies) the size of the display. You can select this repeatedly to zoom up to three times the screen size.
Zooms out (shrinks) the size of the display. You can select this repeatedly until the chart is the desired size.
Displays grid lines on the background of the chart.
Snapshot
Preferences
Determines whether the graph data is updated automatically at every sampling interval. Toggles between continuous updates, and suspended updates.
Takes a “snapshot” of the graph or table view of the current real-time statistics data.
Opens the graph preferences pop-up window. You can change a variety of settings, such as graph and data colors, the sampling interval, or the number of ports in a top N display.
Pop-Up Menus
You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains commands relevant to the selected device or device group.
See
“Right-Click Pop-Up Menus” on page 38
for basic information about using pop-up menus.
The contents of a pop-up menu depends on the type of item you have selected in the Component Tree.
●
●
If you select the top-level Device Groups item, the pop-up menu provides the Properties command shown in Table 26 .
If you select a specific device group, the pop-up menu provides all the commands except the Device command.
EPICenter Reference Guide
Displaying Multi-Port Statistics
● If you select a device, all the commands shown in Table 26 are available.
Table 26: Pop-Up Menu Commands
Device >
Macros >
Properties
Same as the Device command from the Tools menu. Provides a submenu of commands:
Alarms, Sync, Telnet, Viewer, VLANs, Device Manager. See “The Device Sub-Menu” on page 39
for a description of each command.
Same as the Macros command from the Tools menu. See “The Macros Sub-Menu” on page 41
for more information.
Same as the Properties command from the Display menu. See
“The Properties Display” on page 85 for details about what this command shows.
Displaying Multi-Port Statistics
When you click the RT Stats button in the Navigation Toolbar, the main Real-Time Statistics page is displayed. Initially, no data is displayed—you see a message asking you to select a device, port group, or port group to be displayed.
You can select a device, slot, or port group to display statistics on all the ports in that item, or you can select an individual port to display statistics for the port.
The Component Tree displays the devices and port groups for which you can display statistics. An “S” in a red circle next to a device name indicates that the device is not responding to SNMP requests.
NOTE
The Real-Time Statistics applet does not support hierarchical port groups. If you have created port groups in the
Grouping Manager that include subgroups as members, the subgroups will not appear in the Component Tree of the
Real-Time statistics applet. Instead, any ports that are members of subgroups will be displayed directly under the top-level port group, as if they are members of the top-level group.
For a port, you can display individual errors in addition to utilization and total errors.
●
●
Select a network device to display data for some or all ports on the device.
Select a port group to display data for all ports in the port group.
You will first see a message saying “Please wait, loading statistics data.” If the EPICenter server is successful in accessing the data, utilization data is displayed as shown in Figure 119 .
EPICenter Reference Guide 265
Real-Time Statistics
Figure 119: Bar chart showing port statistics for a group of ports
266
If you place the cursor near a bar in the chart, a pop-up window shows the port number and device, actual data value, and the time stamp on the data sample.
You can use the mouse to change the depth and rotation of a three-dimensional chart:
●
●
Hold down the [Shift] key, press the left mouse button, and drag the cursor left or right to rotate the graph.
Hold down the [Ctrl] key, press the left mouse button, and drag the cursor up or down to set the depth of the three-dimensional view.
For any of the bar graphs, move the cursor and then wait to see the change take effect, which may take a few seconds.
There are cases where you may not see data for every port you expect in a multi-port display:
● You have selected the “top N” feature (top 15 by default), so only the “N” ports with the highest utilization or the highest total number of errors are displayed.
EPICenter Reference Guide
Displaying Multi-Port Statistics
● RMON is disabled for some ports on the switch. If the switch as a whole can be reached and is reporting data, then individual ports that do not report data will be ignored. No error message appears in this case.
If the EPICenter server is not successful in loading data from the device, it displays a message similar to that shown in Figure 120 .
Figure 120: Warning displayed when the EPICenter server cannot retrieve data
There are several reasons why the EPICenter server may not be able to display any device data:
● The EPICenter server cannot communicate with the device (indicated by an “S” in a red circle next to the device name).
●
●
The device does not have RMON enabled, or RMON was just recently enabled and no data samples exist yet.
The device is marked offline.
EPICenter Reference Guide 267
Real-Time Statistics
Displaying Statistics for a Single Port
In addition to displaying data for a set of ports, you can display historical data for an individual port.
You can select a port in one of two ways:
● Double-click on the data point for an individual port in the device or port group statistics display
(bar, data point, or pie slice in the respective chart, or row in a tabular display).
● Click on a device, device slot, or port group in the left-side Component Tree to list the ports it contains, then select a port.
A set of utilization statistics for the selected port is displayed, as shown in Figure 121 .
Figure 121: Utilization data over time for an individual port on a device
268
The number of data points displayed, and the sampling interval are user-configurable parameters, within the limitations of the device’s RMON configuration. The defaults are:
●
●
A 30-second sampling interval
50 data points displayed
EPICenter Reference Guide
Changing the Display Mode
NOTE
For BlackDiamond switches, only 25 data points are displayed because that is the maximum number of values the switch stores as historical data.
For an individual port, you can display individual errors in addition to utilization and total errors.
Select the tab at the bottom of the page to generate one of these displays. Figure 122 is an example.
Figure 122: Individual errors in a single-port chart
Changing the Display Mode
The buttons at the top of the page let you select the format of the statistical display, and control several other aspects of the display. The commands on the Statistics menu perform the same functions. You can change the display mode in the following ways:
●
●
Apply a top 15 limitation, which means only the top 15 ports should be displayed. The top 15 ports are displayed in order from highest (largest percent utilization or largest total errors) to lowest. The number of ports is a user-configurable setting and is 15 by default. This option is available only for multi-port displays.
Display the data as a line graph, pie chart, bar chart, horizontal bar chart, stacked bar chart, or an area chart.
EPICenter Reference Guide 269
270
Real-Time Statistics
●
●
●
●
●
Display the data as a table.
Zoom in (magnify) or Zoom out (shrink) the display.
Display grid lines on the background of the chart.
Take a “snapshot” of the graph or table view of the current real-time statistics data.
Open the graph preferences pop-up window where you can change a variety of settings, such as graph and data colors, the sampling interval, or the number of ports in a top N display.
See Table 24 for a more complete description of the display functions.
Setting Graph Preferences
To change the graph settings used in this applet, click the Prefs function button.
The Graph Preferences window is displayed, as shown in Figure 123 .
Use the tabs across the top of the window to select the type of setting you want to change. Each tab displays a page with a group of related settings. When you have changed any setting you want on a given page:
●
●
Click Apply to put the changes into effect, but keep the Graph Preferences window open so you can make changes on another page.
Click OK to put the changes into effect and close the Graph Preferences window.
NOTE
The Graph preferences settings are not persistent—if you log out and close your EPICenter Client or browser, the settings will return to the defaults.
Graph View ( Figure 123 ) lets you change from 3D to 2D displays, and change the values for the 3D depth, elevation and rotation.
Figure 123: Setting 3D graph preferences
EPICenter Reference Guide
Setting Graph Preferences
The fields in this window are as follows:
Set 3D Graph View box
View Depth
View Elevation
To change to a 2D graph view, click the Set 3D Graph View box to remove the check mark.
Controls the depth of a bar. The default is 10, maximum is 1000.
Controls the elevation (rise) from the front of the bar to the back, in degrees. The default is 10°, range is ±45°.
Controls the angle of rotation of the bar, in degrees. The default is 12°, range is ±45°.
View Rotation
Minimum Graphed
Utilization
Specifies the minimum scale for the Y axis for utilization graphs. The default is 1.0
(1%), meaning that the Y axis will not show less than 1% as the top value of the Y axis.
Minimum Graphed Errors Specifies the minimum scale for the Y axis for error graphs. The default is 25, meaning that the Y axis will not show less than 25 errors as the top value of the Y axis.
The Graph Colors tab ( Figure 124 ) lets you set the colors for the graph background and text (data and axis labels).
Figure 124: Setting graph color preferences
To change a color, click on a button with the color bar icon. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying
HSB or RGB values.
The fields in this window are as follows:
Set Graph Background Color
Set Graph Foreground Color
Set Plot Background Color
Sets the color of the background surrounding the graph.
Sets the color of the text and bar outlines.
Sets the color of the background behind the graph data.
EPICenter Reference Guide 271
272
Real-Time Statistics
The Data Colors tab ( Figure 125 ) lets you set the colors used for the various data sets in your graph.
Figure 125: Setting data color preferences
To change a color, click on a button with the color bar icon. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying
HSB or RGB values.
The fields in this window are as follows:
Set Data Color 1
Set Data Color 1 through 12
The color used for Utilization and Total Error graphs.
The colors used for the different errors in a individual errors chart.
Data colors in order starting from 1 are used in a pie chart, for as many slices as you’ve specified. (If you specify more than 12 slices, the colors will repeat, with slice 13 using the same color as slice 1.)
The Graph Data tab ( Figure 126 ) lets you set several miscellaneous graph parameters.
Figure 126: Setting other graph preferences
EPICenter Reference Guide
Taking Graph Snapshots
The fields in this window are as follows:
Top N Display Count
Pie Slice Display Count
Historical Data Display
Count
Historical Data Sampling
Interval
Specifies the number of ports to include in a Top N display. The default is 15, maximum is 100.
Specifies the number of slices to display in a pie chart. The default is 10, maximum is
50.
Specifies the number of historical data points to display in a graph for an individual port. The default is 50, the maximum value you can set is 100. However, the actual maximum number of data points you can get is determined by the SNMP agent running in the device from which you are getting data.
The sampling interval to use when displaying historical data. Select a choice from the pull-down list. The choices in the list are determined by the configuration of the device from which you are getting data.
Taking Graph Snapshots
The Real-Time Statistics Snapshot feature lets you take a static image of a graph or table view of the current real-time statistics data. The snapshot generates a persistent HTML page that is displayed in a separate window (see Figure 127 ).
EPICenter Reference Guide 273
Real-Time Statistics
Figure 127: Snapshot of Real-Time Statistics graph display
274
To take a snapshot, click the camera icon located in the toolbar at the top of the RT Statistics applet window. The snapshot image will be displayed in a new window in the same form (graph or table) as it was in the RT Statistics applet. Graph images reflect the current display size and graph type (pie, bar, etc.).
From the window, the snapshot image can be saved as a file, printed, or sent by e-mail, just as with any other HTML page.
When a graph image is displayed in the window, you can click a link below the initial display to change the way the data is displayed: display table display graph/table display graph image
Reformats the data as a table.
Displays both the graph and table formats on the same HTML page.
Displays the data as a graph, in the style in which it was displayed when the snapshot was taken.
NOTE
Once you select “display graph image” you can no longer change the display format to a table or to a dual display. However, you can use the browser “Back” button to go to the previously displayed page.
EPICenter Reference Guide
Taking Graph Snapshots
When you snapshot a table, you cannot change to a graph from within the snapshot image window.
The HTML page persists in a snapshot image cache until the EPICenter server is restarted, or until the image cache becomes full. When the image cache reaches its limit, older snapshot images will be deleted as needed to make room for new snapshot images.
EPICenter Reference Guide 275
Real-Time Statistics
276 EPICenter Reference Guide
11
Network Topology Views
This chapter describes how to use the EPICenter Topology View applet for:
● Viewing EPICenter Topology maps
●
●
Creating new topology views
Adding, moving and deleting map elements (nodes and links)
●
●
●
●
Setting display properties for individual maps or a complete topology view
Modifying the layout of a topology map
Adding links or edge ports to VLANs
Viewing other information about a device through the right-click pop-up menu
Overview of Topology Views
EPICenter’s Topology applet allows you to view your network (EPICenter-managed devices and the links between devices) as a set of maps. These maps can be organized into sets of submaps that allow you to represent your network as a hierarchical system of campuses, buildings, floors, closets, or whatever logical groupings you want. You can also create additional topology views (sets of maps) for different purposes.
For views with the Auto Populate View option enabled, the Topology applet automatically adds device nodes as they are added to EPICenter’s device inventory. It also adds any links that exist between the device nodes, and organizes them into submaps as appropriate. You can customize the resulting maps by moving elements, adding new elements, such as links, “decorative” (non-managed) nodes, and text, and customizing the device nodes themselves. The Default view, which appears when you first access the Topology applet, is auto-populated with the devices currently in EPICenter’s inventory.
NOTE
Links can only be discovered and auto-populated between Extreme Networks devices that have the Extreme
Discovery Protocol (EDP) or the Link Layer Discovery Protocol (LLDP) enabled, or on third-party devices with LLDP enabled. Links cannot be discovered on non-Extreme Networks devices that do not run LLDP, or on Extreme
Networks devices with EDP and LLDP disabled,
In addition, from a managed device node on the map, you can invoke other EPICenter functions such as the alarm browser, interactive Telnet, real-time statistics, a front panel view, the VLAN Manager, or view device properties from a Properties window. You can also connect to ExtremeWare Vista for a selected device running ExtremeWare.
Maps are initially created in a layout based on information in EPICenter’s device inventory. You can customize the layouts into hierarchical views using cut and paste, or by deleting devices from a map and then adding them to a different map. You can also add and remove links between devices, and
“decorative” nodes (nodes that aren’t discovered or managed by EPICenter).
EPICenter Reference Guide 277
278
Network Topology Views
Topology Manager Functions
There are multiple ways to invoke the functions provided by the Topology Manager:
● Using the menus at the top of the main applet frame
●
●
●
Using the function buttons shown directly below the Topology Manager menus
Using commands from a pop-up menu that appears when you right-click on a device shown on a topology map
Using commands from a pop-up menu that appears when you right-click on the map background
Topology Manager Function Buttons
The buttons at the top of the Topology view page provide the following functions:
Table 27: Topology View Function Buttons
Mark
Map
Device
Cut
Paste
Layout
In
Out
Turns Mark Links Mode on or off. Mark Links mode lets you select multiple links on multiple maps, and is used in conjunction with the Add Links to VLAN function. Performs the same function as the Mark Links Mode command on the Tools menu. See
“Mark Links Mode” on page 318 .
Creates a new map as a submap of the currently map. Performs the same function as the New
Map command on the New menu. See “New Map” on page 296
.
Opens a list of devices not already used within the current view, and adds a selected device to the current map. Performs the same function as the New Device Map Node command on the
New menu. See
“New Device Map Node” on page 297
.
Cuts the selected node from the current map. Performs the same function as the Cut Map
Nodes command on the Edit menu. See “Cut Map Nodes” on page 302
.
Pastes a previously cut node onto the current map.Performs the same function as the Paste
Map Nodes command on the Edit menu. See
.
Creates a default map layout, optimizing for node and link placement to minimize overlap.
Performs the same function as the Layout command on the Map menu. See
Zooms in the current map display. Performs the same function as the Zoom Map In command
on the Map menu. See “Zoom Map In” on page 309 .
Zooms out the current map display. Performs the same function as the Zoom Map Out command on the Map menu. See
.
These functions can also be accessed through the Topology View menus, in most cases from the Map menu.
The Topology Menus
EPICenter provides a set of menus at the top of the main display frame. Most of these are standard across all the EPICenter applets, and are described in
“EPICenter Menus” on page 32 .
The Topology Manager provides several additional menus that contain commands unique to Topology
Views. In addition, the Topology Manager adds menu items to the standard Display and Tools menus.
The Topology Manager menus contain the following items:
EPICenter Reference Guide
Table 31: The Map Menu
Layout Map
Layout Map in Window
Fit Map in Window
Topology Manager Functions
Table 28: The New Menu
New View
New Map
New Device Map Node
New Decorative Map Node
New Text Map Node
New User Created Map Link
Table 30: The View Menu
View Properties...
Creates a new Topology View. See “New View” on page 291 .
Creates a new map as a submap of the currently map. See “New Map” on page 296
.
Opens a list of devices not already used within the current view, and adds a
selected device to the current map. See “New Device Map Node” on page 297
.
Creates a new decorative node on the current map. See “New Decorative
Creates a new text node on the current map. See “New Text Map Node” on page 298
.
Creates a new link between two devices. See “New User-Created Map Link” on page 298 .
Table 29: The Edit Menu
Rename View
Delete View
Rename Map
Delete Map
Cut Map Nodes
Paste Map Nodes
Delete Map Nodes
Select All Map Nodes
Delete User Created Map Links
Highlights the name in the View field for editing. See “Rename View” on page 300
.
Deletes the current view (after confirmation) including all of its maps. See
Highlights the current map name in the Map Hierarchy Tree for editing. See
Deletes an empty submap from the current map. See
.
Cuts selected map nodes from the current map. See
.
Pastes cut map nodes onto the current map. See “Paste Map Nodes” on page 302
.
Deletes selected map nodes from the current map. Deleted nodes are not available to be pasted; they will need to be added again or recreated. See
“Delete Map Nodes” on page 303
.
Selects all nodes on the current map. See “Select All Map Nodes” on page 301
.
Deletes the selected user-created map links. See
Lets you set the default properties for all new maps in this View, or for all
maps in the view. See “View Properties...” on page 304
.
Creates a default map layout, optimizing for node and link placement to
minimize overlap. See “Layout Map” on page 305
.
Creates a default map layout, optimizing the map to fit within the visible window while still attempting to minimize overlap. See
Creates a default map layout that fits within the visible window without
attempting to optimize for overlap. See “Fit Map in Window” on page 307 .
EPICenter Reference Guide 279
280
Network Topology Views
Table 31: The Map Menu
Expand Map
Compress Map
Inflate Nodes
Deflate Nodes
Undo Map Edit
Zoom Map In
Zoom Map Out
Unzoom Map
Sync Links for Map
Sync Links for All Maps
Find Map Node...
Map Properties
Print Map
Table 32: The Display Menu
VLAN Information
Properties
Expands the space between nodes on the map by increasing the length of the links between nodes, without increasing the size of the nodes. See
Reduces the space between nodes on the map by decreasing the length of
the links between nodes,. See “Compress Map” on page 308
.
Increases the size of the selected nodes (or all nodes) on the map. See
Decreases the size of the selected nodes (or all nodes) on the map. See
.
Undoes your last ten map layout and sizing actions, one by one. Each
Undo Map Edit action undoes the previous editing action. Does not undo delete, cut or paste of map elements. See
.
Expands the entire map, both the size of the nodes as well as the spacing between them. See
.
Shrinks the entire map, both the size of the nodes as well as the spacing between them. See
.
Returns the map to the size it was prior to any Zoom actions. See
.
Updates the status of links on all maps in the view. See “Sync Links for
Map or Sync Links for All Maps” on page 310
.
Lets you select a node from the list of all nodes in the current view.
EPICenter will find and “select” that node. See
Lets you set a number of properties related to the appearance of the current map. See
.
Prints the current map. See “Print Map” on page 315 .
Shows information about the VLANs configured on the devices on the current map. You can view information by VLAN or by Device. See
.
Available when a device is selected in the current map view. Opens the
Properties Display. See “The Properties Display” on page 85
.
Table 33: The Tools Menu
Mark Links Mode
Add Links to VLAN
Connect Edge Port to VLAN
Find Device
Technical Support
Enables or disables Mark Links Mode, used to select links that can be added to a VLAN using the Add Links to VLAN function. See
.
Adds marked links to a VLAN. See “Add Links to VLAN” on page 318
.
Opens the Connect Edge Port to VLAN Wizard, which guides you through
adding edge ports from a selected device to a VLAN. See “Connect Edge
Opens the Find Devices dialogue. See “Finding Devices” on page 84 .
Enables you to collect information about a selected device to help
diagnose and troubleshoot problematic behaviors. See “The Technical
for details on using this command.
EPICenter Reference Guide
Topology Manager Functions
Table 33: The Tools Menu
Device >
Macros >
Enables you to view other types of information about a device (from other
EPICenter applets) without having to leave the Topology View. Provides a submenu of commands that run in a separate window with the device preselected: Alarms, Statistics, Sync, Telnet, Viewer, VLANs, Device
Manager. See
“The Device Sub-Menu” on page 39 for a description of
each command.
Displays a list of Telnet macros available for the selected device. See “The
Macros Sub-Menu” on page 41 for more information.
Pop-Up Menus
The Topology Viewer provides three pop-up menus:
● When you select a device in the current map view, you can right-click to display a pop-up menu that contains commands relevant to the selected device.
●
●
When you select a submap in the current map view, you can right-click to display a pop-up menu that contains a command for enabling or disabling alarm propagation at the submap level.
You can right-click on the map background to display a pop-up menu with commands that let you modify the currently selected map.
See
“Right-Click Pop-Up Menus” on page 38
for basic information about using the device-related popup menus.
Device Node Pop-Up Menu
The pop-up menu that appears when you right-click on a device node contains the following commands:
Table 34: Device Node Pop-Up Menu Commands
Connect Edge Port to VLAN
Disable Alarm Propagation/
Enable Alarm Propagation
Device >
Technical Support >
Macros >
Properties
Same as the Connect Edge Port to VLAN command from the Tools menu.
Opens the Connect Edge Port to VLAN Wizard, which guides you through adding edge ports from a selected device to a VLAN. See
Enables or disables Alarm Propagation for the selected device. If disabled, this device will not be included when determining the alarm status at the map level.
When a device has Alarm Propagation disabled, the alarm status for the device is still be displayed as appropriate, but the alarm icon appears with an “X” through it.
Same as the Device command from the Tools menu. Provides a submenu of commands: Alarms, Statistics, Sync, Telnet, Viewer, VLANs, Device
Manager. See
“The Device Sub-Menu” on page 39 for a description of each
command.
Same as the Technical Support command from the Tools menu.
See
“The Technical Support Sub-Menu” on page 40
for details.
Same as the Macros command from the Tools menu. See “The Macros Sub-
for more information.
Same as the Properties command from the Display menu. See
Properties Display” on page 85 for details about what this command shows.
EPICenter Reference Guide 281
282
Network Topology Views
Submap Node Pop-Up Menu
The pop-up menu that appears when you right-click on a submap node contains the following command:
Table 35: Submap Node Pop-Up Menu
Disable Alarm Propagation/
Enable Alarm Propagation
Enables or disables Alarm Propagation for the selected submap. If disabled, the alarm status of this submap will not be included when determining the alarm status at the next highest map level.
When a submap has Alarm Propagation disabled, the alarm status for the submap is still be displayed, but the alarm icon appears with an “X” through it.
Map Pop-Up Menu
The pop-up menu displayed when you right-click on the map background provides the following commands:
Table 36: The Map Pop-Up Menu Commands
New Device Map Node
New Decorative Map Node
New Text Map Node
Cut Map Nodes
Paste Map Nodes
Delete Map Nodes
Sync Links for Map
Layout Map
Layout Map in Window
Fit Map in Window
Find Map Node...
Same as the New Device Map Node command from the New menu. Opens a list of devices not already used within the current view, and adds a
selected device to the current map. See “New Device Map Node” on page 297 .
Same as the New Decorative Map Node command from the New menu.
Creates a new decorative node on the current map. See “New Decorative
.
Same as the New Text Map Node command from the New menu. Creates a new text node on the current map. See
“New Text Map Node” on page 298 .
Same as the Cut Map Nodes command from the Edit menu. Cuts selected map nodes from the current map. See
.
Same as the Paste Map Nodes command from the Edit menu. Pastes cut
map nodes onto the current map. See “Paste Map Nodes” on page 302 .
Same as the Delete Map Nodes command from the Edit menu. Deletes selected map nodes from the current map. Deleted nodes are not available
to be pasted; they will need to be added again or recreated. See “Delete
Same as the Sync Links for Map command from the Edit menu. Updates
the status of links on the current map. See “Sync Links for Map or Sync
Links for All Maps” on page 310 .
Same as the Layout Map command from the Map menu. Creates a default map layout, optimizing for node and link placement to minimize overlap.
See
.
Same as the Layout Map in Window command from the Map menu.
Creates a default map layout, optimizing the map to fit within the visible window while still attempting to minimize overlap. See
Same as the Fit Map in Window command from the Map menu. Creates a default map layout that fits within the visible window without attempting to
optimize for overlap. See “Fit Map in Window” on page 307
.
Same as the Find Map Node... command from the Map menu. Lets you select a node from the list of all nodes in the current view. EPICenter will
find and “select” that node. See “Find Map Node” on page 311 .
EPICenter Reference Guide
Displaying a Network Topology View
Table 36: The Map Pop-Up Menu Commands
Map Properties
View Properties...
Same as the Map Properties command from the Map menu. Lets you set a number of properties related to the appearance of the current map. See
.
Same as the View Properties... command from the View menu. Lets you set the default properties for all new maps in this View, or for all maps in the view. See
“View Properties...” on page 304 .
Displaying a Network Topology View
Click the Topology button in the EPICenter Navigation Toolbar to display the main Topology View page, as shown in Figure 128 .
If a device is selected in the Component Tree in the previous applet, then the view and map containing that device is displayed, with the selected device highlighted. If the selected device appears in more than one map or view, a pop-up window asks you to select which map you want to display.
NOTE
If you have not yet performed a Discovery (i.e., there are no devices in EPICenter’s Inventory database) the map will be blank.
EPICenter Reference Guide 283
Network Topology Views
Figure 128: The Topology View
Map Element Description panel
Map Hierarchy Tree
Currently selected map
Device nodes
Current View Submap node Links Text node
Device alarm status
Hyper node
Decoration node
284
Map Alarm Status
The main components of the EPICenter Topology View are:
View
Map
Map Hierarchy Tree
Map Alarm Status
A unique, named hierarchy of maps, consisting of a root map and submaps, depending on the topology of the network. The current view name is displayed in the pull down field at the left of the icon bar.
A collection of nodes and links.
The top portion of the left-hand panel, where the hierarchy of submaps in the current topology view is displayed. The name of the currently displayed map is highlighted.
The highest level alarm currently unacknowledged among the devices in the current map or any of its submaps. Devices and submaps within this map that have alarm propagation disabled do not contribute to this status.
If the alarm icon has an “X” through it, this means alarm propagation has been disabled for this map or submap, and will not contribute to the alarm status of the next higher-level map.
EPICenter Reference Guide
Displaying a Network Topology View
Map Element Description panel
Currently selected map
The bottom portion of the left-hand panel, where information about the currently selected map element is displayed, if one (and only one) is selected. Otherwise, the panel is empty.
The main panel of the Topology Viewer. It shows the currently selected map (or submap) in the current topology view. Only one view and map can be displayed at a time.
Map Elements
The following elements can appear on a map:
Device Nodes. Device nodes represent the managed devices found in EPICenter’s Inventory data base.
Figure 129: Example of device nodes, including an unknown device type
A device node shows the following information:
●
●
●
●
●
●
The name of the device as it is kept in the Inventory database (this can be hidden using View or
Map properties).
An optional, user-supplied annotation for the node.
A small icon representing the specific device or device product line, as shown in Figure 129 . If the device is of an “unknown” type, an unknown device icon (a circle with a question mark) is displayed. The device icon can be hidden using View or Map properties.
The device’s IP address.
The device alarm status, indicated by the presence of an alarm icon (small bell). The alarm status shows the highest level alarm currently unacknowledged for the device. The color of the bell indicates the severity of the alarm.
If no icon appears, then either there are no unacknowledged alarms for the device, or the alarm status is below the alarm status threshold for the view. The alarm status threshold is set when you create a View, or in the View properties, and specifies the lowest severity level at which an alarm status icon should be displayed for a device node on the map.
If the alarm icon has an “X” through it, this means alarm propagation has been disabled for this device; the alarm status of this device does not influence the aggregate alarm status displayed for the map in which this node is located.
The device status, indicated by the color of the icon border.
■ A green border indicates that the device is up.
■
■
A red border indicates that the device is down.
A gray border indicates that the device is offline.
Each managed device known to EPICenter can only appear once in each topological view.
Submap Nodes. A submap node represents a child map of the current map.
EPICenter Reference Guide 285
Network Topology Views
Figure 130: Example of a submap node with alarm status
The submap node icon shows the following information:
● The name of the node (submap), which can be edited. By default, it is given the subnet address/ subnet mask as the name.
● The submap alarm status, indicated by the presence of an alarm icon (small bell). The alarm status shows the highest level alarm currently unacknowledged for any device within the submap. If multiple devices within the submap have unacknowledged alarms, the icon indicates the most severe alarm among all those devices. The color of the bell indicates the severity of the alarm.
If the alarm icon has an “X” through it, this means alarm propagation has been disabled for this submap; the alarm status of this submap does not influence the aggregate alarm status displayed for higher level maps.
A submap node does not provide any additional status information.
Hyper Nodes. A hyper node represents a link termination where the terminating node is present on another map. A hyper node shows the same information as the node it represents (except for the optional node annotation). A hyper node can have links only between itself and other devices on the displayed map. A hyper node does not link to other hyper nodes.
You can double-click on a hyper node icon to navigate directly to the map and the device represented by the hyper node.
Figure 131: Example of a hyper node icon representing a device
286
A hyper node icon shows the following information:
● The name of the device node that this hyper node represents (this can be hidden using View or Map properties).
●
●
●
An optional, user-supplied annotation for a device hyper node. This is a different annotation than will appear in the device node that this hyper node represents.
The device IP address, for a device hyper node.
The device status, for a device hyper node, as indicated by the color of the icon border:
●
■
■
A green border indicates that the device is up.
A red border indicates that the device is down.
■ A gray border indicates that the device has been taken offline.
The device alarm status, indicated by the presence of an alarm icon (small bell). The alarm status shows the highest level alarm currently unacknowledged for the device. The color of the bell indicates the severity of the alarm.
If no icon appears, then either there are no unacknowledged alarms for the device, or the alarm status is below the alarm status threshold for the view.
EPICenter Reference Guide
Displaying a Network Topology View
NOTE
You cannot add, cut, or delete hyper nodes; they are placed and removed automatically by EPICenter as required by device connectivity.
Decorative Nodes. A decorative map node can be created by the user to represent any other type of node that is not discovered or managed by EPICenter, such as a server or workstation.
Figure 132: Example of a decorative node
A decorative node shows the following information:
● The name or description of the node, which can be edited
Decorative nodes can be hidden using View or Map properties.
Text Nodes. A text map node is a single-line text field that can be placed anywhere in a network map. It can be used to create a title for the map, additional annotations for other map elements, comments, and so on.
Links. A link represents connectivity between nodes in the map. Links are automatically detected on
Extreme Networks devices when EDP or LLDP is enabled on either device. Links can also be detected on third-party devices that support LLDP. Links can also be user-created.
NOTE
For devices with EDP and/or LLDP disabled or not supported, you can manually add user-defined links to the map to represent connectivity between devices. These links will initially have unknown status, will not display endpoint or utilization information unless each endpoint is connected to an actual port. They are not updated when the map topology changes. The behavior of the system-discovered links described in the following paragraphs does not apply to user-defined links.
When a discovered link connects two devices on the same map, the link will be annotated with the port number, or slot and port number for each of the endpoints, as shown in Figure 133 .
Figure 133: Example of a gigabit link showing endpoint connectivity and Up status
When one of the endpoints is within another submap, a hyper node is used to represent the device that contains the endpoint within the submap.
NOTE
If there are more than 400 nodes on a map, link annotations are not displayed.
EPICenter Reference Guide 287
288
Network Topology Views
If there are multiple links running between two devices, each link is shown individually as long as there are 25 links or less. If more than 25 links connect two devices, they are represented as a composite
link. For a composite link, the link annotation provides the total number of links in the composite and the number of links in each applicable status category (up, down, partially up, or unknown).
The appearance of a link shows a variety of information about the link.
The width of the link line indicates the link type:
● A thin line indicates a 10/100 link.
●
●
●
A medium line indicates a gigabit link.
A thick line indicates a 10 gigabit link.
A very thick line indicates a composite link.
The color of the link line indicates the link status:
● A green line indicates that the link is up (both device ports are up).
●
●
A red line indicates that the link is down (both device ports are down).
A yellow line may be displayed for unknown, composite, or load-shared links:
■
■
For a composite link, yellow indicates that some of the links in the composite are up, and some are down or unknown.
For links that are members of a load shared group, yellow indicates that one or more load-shared links are down. All links in the group will be displayed as yellow if one or more of the links in the group is down.
●
●
■ A link is considered unknown when one side of the link is up and the other is down, or one or both ports are SNMP unreachable.
A blinking line indicates that the line has been marked in Mark Links mode.
A broken line (when viewing VLANs) indicates that the selected VLAN does not exist or may be misconfigured at one of the link endpoints (i.e., a device port).
The format of the link annotation indicates whether the link was created (discovered) automatically by
EPICenter, or is a user-created link:
● If the endpoints in the link annotation are separated by a dash ( p1:2 - p24 ) the link was created automatically.
●
●
●
If the endpoints in the annotation are separated by an “x” ( p1:2 x p24 ) the link is a user-created link. A user-created link may also have a “?” as the port, indicating an unknown port.
If the ports on a device running ExtremeWare are load-shared, the endpoint is followed by an “s”
( p17s - p24s
) in the annotation.
The management port is indicated by an “m” ( p17 - p2m
).
NOTE
EPICenter does not support load sharing on devices running ExtremeXOS.
If RMON statistics are enabled for the map, then link utilization (as a percentage of link capacity) will be displayed for each port on a link between devices that have RMON enabled in the device. The utilization is updated at the nominal RMON rate as set in the switch—typically every 30 seconds. The default is that RMON statistics are not enabled for a map. To enable the display of RMON statistics, see
“Map Properties” on page 312 .
EPICenter Reference Guide
Displaying a Network Topology View
NOTE
If RMON statistics are not enabled in the switch, then no statistics will be displayed, even if you enable the display of RMON statistics for the map.
Manipulating Map Elements
Map elements (nodes and links) can be resized, cut to a clipboard, pasted, deleted and added. There are a number of ways to invoke these actions:
●
●
Select a command from one of the menus in the Topology View menubar.
Select a command from a pop-menu enabled with a right-cursor click on the map background.
●
●
Select a command icon from the Topology View toolbar.
Use one of the Topology applet keyboard short cuts, or (under Windows XP or Windows 2003
Server) through the regular Windows mouse and cursor actions and keyboard shortcuts.
For example, you can resize an individual node by selecting the node and doing one of the following:
●
●
Use the cursor to grab one of the resize handles that appear when the node is selected, and drag the handle to resize the node.
Select the Inflate Nodes or Deflate Nodes command from the Map Menu.
● Use the keyboard shortcuts ([Ctrl]+I or [Ctrl]+D) for those commands (see
“Inflate Nodes” on page 309 and “Deflate Nodes” on page 309 ).
Displaying a Topology View with a Preselected Device
In EPICenter, when you select a device in one feature, that device remains preselected when you move to a different applet. Thus, if you had a device selected in a previous applet when you enter the
Topology applet, that device will be automatically highlighted on the map.
If the device exists on more than one map, EPICenter displays a pop-up window that presents the various Views and Maps on which the node appears, as shown in Figure 134 .
Figure 134: Selecting the View and Map for a preselected node
EPICenter Reference Guide 289
290
Network Topology Views
● Select an entry from the list and click OK to display the selected View and Map.
When the map appears the device will be automatically selected.
The Map Element Description Panel
When you select a map node or link with the cursor, the panel below the Map Hierarchy Tree displays information about the node or link.
Map Nodes
For map nodes the information panel displays the following:
Name
Annotation
Type
Status
IP
MAC
Vendor
Product
Device
VLANs/Ports list
The node name—can be edited for submap nodes, decoration and text nodes. Cannot be edited for device nodes and device hyper nodes.
An optional identifier for device nodes and device hyper nodes
The type of node (Device, Submap Node, Decoration Node, Text Node, or Hyper Node)
The node status (Up, Down, or None)
IP address for a Device node, n/a for any other node type
MAC address for a Device node, n/a for any other node type
Device vendor name for a Device node, n/a for any other node type
Product name for a Device node, n/a for any other node type
Device name obtained from the sysName variable for a Device node, n/a for any other node type
If the Display VLANs option is enabled, displays the VLANs configured on the device.
Appears for Device Nodes and Device Hyper Nodes only.
Map Links
For individual links, the information panel displays the following information: status type load shared
The status of the link—up, down, partially up (for load-shared links only) or unknown.
Partially up indicates that one or more of the links in the load shared group is down. In this case, all other links in the load-shared group are considered partially up.
The link type: speed and discovery protocol. Speed can be 10/100, 100, 1000, or unknown. Discovery protocol can be EDP, LLDP, or LLDP/EDP
Whether the link is load shared (yes or no)
In addition, for each link endpoint, the following information is displayed: node device port load shared utilization
The name of the node that contains the endpoint
The name of the device represented by the endpoint node
The device port or slot and port to which the link connects, if known
If the port is load shared, this lists the load-shared ports with their status (up or down).
The utilization percentage, if RMON is enabled on the device and if RMON statistics are enabled for this map. The default is that RMON statistics are not enabled for a map. This is updated regularly, typically every 30 seconds.
EPICenter Reference Guide
total errors
VLANs/Ports/Tag table
The New Menu
The total errors, if RMON is enabled on the device and if RMON statistics are enabled for this map. This is updated regularly, typically every 30 seconds.
Displays information about the VLANs configured on the endpoint port
Composite Links
For composite links, the information panel displays the following information: status link count links status
The overall status of the composite link—up, down, partially up, or unknown. Partially up indicates that some links in the composite are up, some are down.
The number of individual links in the composite link
The number of links up, partially up, down and unknown
In addition, for each link endpoint, the following information is displayed: endpoint 1 and endpoint 2 The name of each endpoint node endpoint 1 device and endpoint 2 device endpoint table
The device type or each endpoint node
A table showing the endpoint ports (or slot and port) for each individual link in the composite link, along with the link status and whether the link is load shared. You may need to move the right side boundary of the panel to see the last two columns.
The New Menu
The Default map contains all the network devices known to EPICenter, arranged based on EPICenter’s internal algorithms (see the discussion on page 293 in the section
“Displaying a Network Topology
). However, it is often convenient to create views based on other criteria, such as physical location, departmental organization, and so on. The Topology Viewer lets you create additional views that organize your network elements in any way you wish.
New View
You can create a new view (and its Root Map) by selecting New View from the New menu.
A Create New View dialog box opens, as shown in Figure 135 .
EPICenter Reference Guide 291
Network Topology Views
Figure 135: Creating a new View
292
The fields in this dialog box are as follows:
View Name
Auto populate view
View Alarm Status Threshold
The name for the view. The new view name must be unique.
Check to add the devices currently in the EPICenter inventory database to the new
View.
Submaps and hyper nodes are created as needed. In addition, as new devices are added to EPICenter, they are also added to the view. If you do a Discovery after you have created a view with the auto populate option enabled, all new discovered
devices are added to the view. See “Node Placement Criteria in an Auto Populate
for detailed information.
The lowest alarm severity level for which the alarm icon should be displayed. If the level is set to one of the higher levels, then lower-severity alarms will not cause an icon to appear.
Map Specific Properties
Display device names
Display node icons
Map Node Font Size
Uncheck to hide device names on the maps. The default is to display the names.
Uncheck to use plain boxes to indicate map nodes instead of icons representing specific device types. The default is to use device icons.
Change the size of the font used for map node labels (names, annotations, IP addresses, and so on). The default is a 12-point font.
If your map contains a large number of nodes, you may need to eliminate the device names and node icons from the display, and reduce the font size in order to fit all the map elements onto a map with adequate spacing.
When you click OK, a new root map is displayed. If the Auto populate view option is not selected, a new blank root map is displayed. If Auto populate view is selected, nodes, submaps and other map elements are created based on the current EPICenter inventory. The new view name appears in the
View field at the left of the icon bar.
Each newly created map within this view inherits the current view’s map-specific properties for display node names, display node icons, and map node font size.
EPICenter Reference Guide
The New Menu
Displaying a View
You can display the Default view or any other views you have created by selecting the View name from the pull down list in the View field.
Renaming a View
You can rename the view by clicking in the View field and typing over the view name. the new view name must be unique. Click away from the View field to commit the change.
Node Placement Criteria in an Auto Populate View
When you do a Discovery or add a device in the Inventory applet, the newly added devices are placed into the default topology view (named “Default”). If you have created other maps with the Auto
Populate View feature enabled, those views are also populated with the newly added devices. Device connectivity and the map hierarchy is determined by the information learned from the EPICenter database.
For views with the Auto Populate View option enabled, EPICenter places devices on the Root Map or into submaps based on the following criteria:
● Devices with IP Forwarding enabled are always placed on the Root Map
● Devices without IP Forwarding enabled are placed in submaps based on the subnet mask associated with the IP interface used by EPICenter to manage the device. In the Default view, submaps are named based on the subnet IP address plus the subnet mask: for example, 10.205.0.0/16, 10.205.0.0/
24, and so on.
Both Extreme Networks and third-party devices are placed using these rules. For Extreme Networks devices, you can find the subnet mask and IP Forwarding status by looking at the device in the VLAN applet. For third-party devices, you must query the device itself if you want to determine these settings.
Within a map, the Topology Manager attempts to optimize the layout to minimize node and link overlap. If there are more than 400 links in a single map, the Topology Manager does not put labels
(annotations) on the links. It displays a warning telling you that link labels will not appear.
If there are more than 400 nodes to be placed in a single map, the Topology Manager displays a warning that computing the default layout may take a significant amount of time (see Figure 136 ). You can then choose to have the nodes laid out in a simple row/column grid.
EPICenter Reference Guide 293
294
Network Topology Views
Figure 136: Map layout warning for placement of more than 400 nodes
If you want to proceed with the default (optimized) layout, check the Default Map Layout checkbox.
Even though the default layout may take a long time, it only needs to be done once, and produces a more optimal layout. To specify a grid layout (which may result in overlapping links) check the Grid
Map Layout checkbox. To bypass the layout process, check cancel.
Figure 137 shows an example of a the default layout for a 500 node map. Figure 138 shows the same nodes in a grid layout.
EPICenter Reference Guide
Figure 137: Example of a default layout for a 500 node map
The New Menu
EPICenter Reference Guide 295
Network Topology Views
Figure 138: Example of a grid layout
296
New Map
You can create a new map by doing one of the following:
● Select New Map from the New menu.
● Click the “Create new map” icon on the icon bar.
A new submap node appears on the map, and a New Map entry appears in the map hierarchy tree, as shown in Figure 139 .
EPICenter Reference Guide
Figure 139: Adding a new map
The New Menu
To give the submap a different name, select the submap node, and change the name in the name field in the Information panel. The change will take effect when you click away from the submap node.
You can also change the name of any map (including the Root Map) by clicking slowly twice on the name in the Map Tree Hierarchy. This puts you into an edit mode where you can change the name.
When editing the map name in either location, you can cancel the edit with the [Esc] key, as long as you have not yet committed it.
You can commit the change with the [Enter] key, or by clicking in a different panel from the one where you are editing.
New Device Map Node
You can add device nodes to your map by doing one of the following:
● Select New Device Map Node from the New menu.
●
●
Right-click on the map background to display the pop-up menu, then select New Device Map Node.
Click the “Create new device map” node icon on the icon bar.
A pop-up window appears with a list of all devices currently known to EPICenter, that are not already used somewhere in this view. A count of devices in the list is displayed at the top of the window. If all devices known to EPICenter are already placed in this view, a message window informs you of that fact.
To add a device node to the map, select the device and click OK. The device node will appear on the map, identified by the information from EPICenter’s inventory database.
EPICenter Reference Guide 297
298
Network Topology Views
If the device has known links to other devices already on the map, or on other submaps within the same view, those links will also be placed on the map. A hyper node may also be placed on the map, if required for connectivity between the devices.
If all devices known to EPICenter are already placed in this view (on any of the maps in the view) the pop-up window will inform you of that fact.
Hyper Nodes. You cannot add or remove hyper nodes to or from your map; they are added automatically if the connectivity between device nodes requires it.
New Decorative Map Node
You can add a decorative node to your map by doing one of the following:
● Select New Decorative Map Node from the New menu.
● Right-click on the map background to display the pop-up menu, then select New Decorative Map
Node .
A decorative map node is a node that can be used to represent any component of your network that is not recognized or managed by EPICenter.
You can change the node name by selecting the node, and editing the contents of the name field in the
Information panel. The change will take effect when you click away from the submap node.
New Text Map Node
You can add a text node to your map by doing one of the following:
● Select New Text Map Node from the New menu.
● Right click on the map background to display the pop-up menu, then select New Text Map Node.
A text map node can be used to annotate your map, such as to create a title for the map.
New User-Created Map Link
There may be situations where you want to represent a link between devices when a “real” link cannot be detected by EPICenter. This may be the case if EDP and LLDP are disabled on an Extreme Networks device, if a non-Extreme Networks device does not support LLDP, or if neither EDP or LLDP are supported by the version of ExtremeWare running on the device. In these cases you can add a link between nodes on your map by doing the following:
● Select New User Created Map Link from the New menu.
A link terminated with red triangles is added to your map, as shown in Figure 140 .
For a user-created link, the endpoints in the link annotation are separated by an “x” rather than by a dash “-”. For example, the link annotation “p1:1 - p24“ indicates a discovered link; the annotation “p1:1 x p24” indicates a user-created link.
The port annotations on a user-created link are initially shown as “ p? x p?
”. You can select each endpoint and specify actual port numbers as appropriate. User-created map links can be used for links to third-party devices that do not run LLDP, in order to display link status.
EPICenter Reference Guide
Figure 140: Adding a link to your map
The New Menu
To attach the link between two map nodes:
1 Select the edge of one of the red triangles, then wait until a move cursor appears.
2 Drag and drop one end of the link onto one of the node you want to connect.
3 Do the same with the other end of the link.
After the link is connected, you can specify endpoints for the link. To specify the end points:
1 Select the link.
2 In the Information panel, select the port for the endpoint from the list in the Port field for first device, as shown in Figure 141 .
3 Select the port for the other endpoint from the list in the Port field for second device.
EPICenter Reference Guide 299
Network Topology Views
Figure 141: Specifying ports for a new link connection
300
There are a number of restrictions that apply to the behavior of user created links:
● These links appear only on the map where they were created—they will not exist between the same devices in any other view.
●
●
These links are NOT updated when the status or endpoint of the real link it represents is changed. If, due to such a change, the real link is discovered by EPICenter (for example, the endpoint is moved to a device where EDP or LLDP is enabled) a new link is created on the map in addition to the usercreated link.
If the device to which a user-created link connects is cut from the map, the link must be manually recreated when the device is pasted back.
The Edit Menu
You can edit your topology views in a number of ways, including changing the names of the views and maps, and cutting, pasting, or deleting map elements.
Rename View
You can change the name of a view (including the Default view) by doing one of the following:
● Select Rename View from the Edit menu.
● Click once on the view name in the view name field.
Either of these actions puts you into an edit mode where you can directly change or replace the contents of the field.
EPICenter Reference Guide
The Edit Menu
Delete View
To delete the entire current view, select Delete View from the Edit menu. You will be asked to confirm that you want to delete the entire view. This function deletes the currently displayed view, including all of its maps.
Once the view is deleted, the next remaining view is displayed, if there are any other views.
Rename Map
You can change the name of the current map by doing one of the following:
● Select Rename Map from the Edit menu.
● Click twice on the Map name in the Map Hierarchy Tree.
Either of these actions puts you into an edit mode where you can change or replace the name in the
Map Hierarchy Tree.
You can also change the name of the map in the Map Properties window, as discussed in
Delete Map
To delete a submap, you must first display the submap you want to delete, and delete all the elements on the map. You can then delete the submap by selecting Delete Map from the Edit menu. You can also delete a submap by clicking the submap node on its parent map.
You will be asked to confirm that you want to delete the map.
NOTE
A submap must be empty before you can delete it.
You cannot use the Delete Map command to delete the Root Map.
To delete the Root map you must delete the entire View with the Delete View command.
Select All Map Nodes
You can select all the nodes in a map by doing one of the following:
● Select Select All Map Nodes from the Edit menu.
● Enter [Ctrl]+G from the keyboard.
NOTE
To move a multiple-node selection as a group, hold down the shift key while dragging to preserve the multiple-node selection.
EPICenter Reference Guide 301
302
Network Topology Views
Cut Map Nodes
You can cut selected device, decorative, or text nodes from the map in order to paste them in another location.
● You can cut a submap node as long as it is empty.
● You cannot cut a hyper node. A hyper node will be removed automatically as appropriate, if all nodes on the current map that have links to that node, are removed.
To cut one or more nodes, do the following:
1 Select the nodes you want to cut. You can select multiple nodes by dragging the cursor to rubberband the selection, or by using Shift-click (hold down the shift key while clicking the cursor on the nodes you want to select).
2 Cut the nodes by doing one of the following:
■ Select Cut Map Nodes from the Edit menu.
■
■
■
Click the “Cut nodes from map” icon on the icon bar.
Right-click on the map background to display the pop-up menu, then select Cut Map Nodes.
Enter [Ctrl]+H from the keyboard.
NOTE
You are NOT asked to confirm this action: if you cut a node by mistake, you just need to paste it back again to the map.
NOTE
If you switch to another topology view, or leave the topology applet, and you have not pasted the contents of the cut buffer, those contents are lost.
To remove nodes from the map without provision for pasting them, use the Delete Map Nodes command.
Paste Map Nodes
Once you have cut one or more nodes, you can paste them onto another map by doing one of the following:
●
●
Select Paste Map Nodes from the Edit menu.
Click the “Paste” icon on the icon bar.
●
●
Right-click on the map background to display the pop-up menu, then select New Device Map Node.
Enter [Ctrl]+J from the keyboard.
These commands will only be available if there are cut nodes currently on the clipboard.
If nodes are pasted partially or completely on top of one another, you can use the Layout Map command (see
“Layout Map” on page 305 ) to rearrange them.
EPICenter Reference Guide
The Edit Menu
NOTE
Cutting and pasting nodes does NOT preserve user-created links between the nodes. Links that are automatically discovered may be recreated after the nodes are pasted, but links that were created manually must be recreated manually.
Delete Map Nodes
You can delete selected device, decorative, or text nodes from the map, as opposed to cutting them for later pasting.
● You can delete a submap node as long as it is empty.
● You cannot delete hyper nodes. A hyper node is deleted automatically when the actual node it represents is deleted.
To delete one or more nodes, do the following:
1 Select the nodes you want to delete. You can select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you want to select).
2 Delete the nodes by doing one of the following:
■ Select Delete Map Nodes from the Edit menu.
■ Right-click on the map background to display the pop-up menu, then select Delete Map Nodes.
CAUTION
You will NOT be asked to confirm that you want to delete the nodes. If you delete nodes accidently, you will need to add them again to the map.
Delete User Created Map Links
You can remove one or more user-created links from the map using the Delete User Created Map Links command.
NOTE
You cannot delete links created automatically by EPICenter using this command. To remove links that no longer
Links for All Maps” on page 310
To delete one or more user-created links, do the following:
1 Select the links you want to delete. The Delete User Created Map Links command is not enabled until a user-created link is selected.
You can select multiple links using Shift-click (hold down the shift key and click the link you want to select).
2 Select Delete User Created Map Links from the Edit menu.
CAUTION
Links that have been deleted cannot be pasted. User-created links must be recreated manually.
EPICenter Reference Guide 303
Network Topology Views
The View Menu
View Properties...
You can change the properties you set when you created a new view (or change the properties of the
Default view) using the View Properties... function. To display the View Properties window, do one of the following:
●
●
Select View Properties... from the View menu.
Right-click on the map background to display the pop-up menu, then select View Properties...
The View Properties window appears, as shown in Figure 142 .
Figure 142: Setting View properties for the current view
304
The fields in the View Properties dialog box are as follows:
View Name
Auto populate view
View Alarm Status Threshold
The current view name is displayed here.
Check to add the devices currently in the EPICenter inventory database to the new
View. Submaps and hyper nodes are created as needed.
In addition, as new devices are added to EPICenter, they are also added to the view. If you do a Discovery after you have created a view with the auto populate option enabled, all new discovered devices will be added to the view automatically.
See
“Node Placement Criteria in an Auto Populate View” on page 293 for detailed
information.
The lowest alarm severity level for which an alarm icon should be displayed. If the level is set to one of the higher levels, then lower-severity alarms will not cause an icon to appear. Changing this affects status for alarms that occur after this setting is changed.
EPICenter Reference Guide
The Map Menu
Map Specific Properties
Display device names
Display node icons
Map Node Font Size
Update all maps in this view
Uncheck to hide device names on the maps. The default is to display the names.
Changing this affects only nodes created after this setting is changed; existing nodes retain their settings unless you also check the Update all maps in this view setting.
Uncheck to use plain boxes to indicate map nodes instead of icons representing specific device types. The default is to use device icons. Changing this affects only nodes created after this setting is changed; existing nodes retain their settings unless you also check the Update all maps in this view setting.
Change the size of the font used for map node labels (names, annotations, IP addresses, and so on). The default is a 12-point font. Changing this affects only nodes created after this setting is changed; existing nodes retain their settings unless you also check the Update all maps in this view setting.
Check to override the individual map settings for all current maps in this view. If unchecked, existing maps will retain the current values of their map properties.
However, all new maps created within this view will use the changed properties.
The Map Menu
EPICenter’s Topology applet provides a number of ways to view and manipulate the layout of a topology map.
The size and layout of map nodes is saved at every map operation (except for the map zoom level).
Layout Map
You can drag map nodes around on the map yourself, or you can have EPICenter lay out the map nodes for you. To have EPICenter do the map layout, do one of the following:
●
●
●
●
Select Layout Map from the Map menu.
Click the “Layout” icon on the tool bar.
Right-click on the map background to display the pop-up menu, then select Layout Map.
Enter [Ctrl]+L from the keyboard.
The Layout Map function calculates a default map layout, optimizing for node and link placement to minimize overlap. If necessary, the Topology Manager may create a layout that is larger than the visible window area. In this case, scroll bars allow you to view different parts of the map.
If there are a large number of nodes, the Topology Manager gives you the option of using a grid layout instead of the default layout. See
“Node Placement Criteria in an Auto Populate View” on page 293 for
more information on how layouts are determined.
Figure 143 shows the visible portion of the default layout produced for a map with approximately 100 nodes.
EPICenter Reference Guide 305
Network Topology Views
Figure 143: Default map layout optimized to minimize node and link overlap.
306
You can use the Expand Map and Compress Map commands to increase or decrease the space between nodes in the map. You can also move map nodes by selecting them and dragging them to the location where you want them placed.
Layout Map in Window
If the default map layout creates a map that is larger than the visible area of the Topology Manager window, you can have the Topology Manager attempt to optimize the map layout within the visible area of the window. To have EPICenter optimize the map layout within the current window, do one of the following:
●
●
●
Select Layout Map In Window from the Map menu.
Click with the right mouse button on the map background to display the pop-up menu, then select
Layout Map in Window .
Enter [Ctrl]+M from the keyboard.
Figure 144 shows the same nodes as shown in Figure 143 , but laid out to fit within the visible area of the window.
EPICenter Reference Guide
Figure 144: Map layout produced by Layout Map in Window command
The Map Menu
Fit Map in Window
If the default map layout is larger than the visible area of the Topology Manager window, you can have the Topology Manager shrink the map to fit into the visible area of the window. To have EPICenter shrink the map layout to fit within the current window, do one of the following:
●
●
●
Select Fit Map In Window from the Map menu.
Click with the right mouse button on the map background to display the pop-up menu, then select
Fit Map in Window .
Enter [Ctrl]+W from the keyboard.
This function does not attempt to optimize the layout for node or link overlap. To attempt to optimize the layout, use the Layout Map in Window command. Figure 145 shows the effects of using the Fit
Map in Window command on the map layout shown in Figure 143 .
EPICenter Reference Guide 307
Network Topology Views
Figure 145: Map layout produced by Fit Map in Window command
308
Expand Map
The Expand Map function increases the length of the links between map nodes without changing the size of the nodes. To expand the current map, do one of the following:
●
●
Select Expand Map from the Map menu.
Enter [Ctrl]+E from the keyboard.
Because this command affects map links, nodes that do not have links are not moved.
Compress Map
The Compress Map function decreases the length of the links between map nodes without changing the size of the nodes. To compress the current map, do one of the following:
●
●
Select Compress Map from the Map menu.
Enter [Ctrl]+S from the keyboard.
Because this command affects map links, nodes that do not have links are not moved.
EPICenter Reference Guide
The Map Menu
Inflate Nodes
The Inflate Nodes function increases the size of some or all of the nodes on the current map, without changing the spacing between the nodes.
By default (if you do not select any specific nodes) the command will inflate all nodes on the current map. If you select one or more nodes, the command will inflate just the nodes you’ve selected. You can select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you want to select).
To inflate the selected nodes, do one of the following:
● Select Inflate Nodes from the Map menu.
● Enter [Ctrl]+I from the keyboard.
Deflate Nodes
The Deflate Nodes function decreases the size of some or all of the nodes on the current map, without changing the spacing between the nodes.
By default (if you do not select any specific nodes) the command will deflate all nodes on the current map. If you select one or more nodes, the command will deflate just the nodes you’ve selected. You can select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you want to select).
To deflate the selected nodes, do one of the following:
● Select Deflate Nodes from the Map menu.
● Enter [Ctrl]+D from the keyboard.
Undo Map Edit
You can undo your last ten map layout and sizing actions one by one using the Undo Map Edit function. Each Undo Map Edit action undoes your previous editing action. To undo the most recent edit, do one of the following:
●
●
Select Undo Map Edit from the Map menu.
Enter [Ctrl]+U from the keyboard.
This command does not undo delete, cut or paste of map elements. It stores only the last ten map layout and sizing actions.
Zoom Map In
The Zoom Map In function expands the entire map, both the size of the nodes as well as the spacing between them. To zoom in the current map, do one of the following:
●
●
●
Select Zoom Map In from the Map menu.
Click the In icon on the icon bar.
Enter [Ctrl] and the [Plus] from the numeric keypad on the keyboard.
Unlike the other map manipulation commands, the zoom level is not saved with the map.
EPICenter Reference Guide 309
310
Network Topology Views
Zoom Map Out
The Zoom Out function shrinks the entire map, both the size of the nodes as well as the spacing between them. To Zoom Out the current map, do one of the following:
●
●
●
Select Zoom Map Out from the Map menu.
Click the Out icon on the icon bar.
Enter [Ctrl] and the [Minus] from the numeric keypad on the keyboard.
Unlike the other map manipulation commands, the zoom level is not saved with the map.
Unzoom Map
The Unzoom Map function restores the map to the size it was prior to any Zoom In or Zoom Out actions. To “unzoom” the map, do one of the following:
●
●
Select Unzoom Map from the Map menu.
Enter [Ctrl]+R from the keyboard.
Sync Links for Map or Sync Links for All Maps
EPICenter uses a combination of SNMP traps (EDP and LLDP) and periodic polling to collect topology connectivity information. Occasionally a device trap may be lost, or a device poll operation may be unsuccessful, making the EPICenter topology view temporarily out of sync with the actual network state.
EPICenter will eventually synchronize with the network state at the next successful polling cycle. It will discover new links between devices, or rediscover links that have been previously removed from the map if they are real links that are up. However, if you want to have EPICenter discover new links immediately, instead of waiting for the next polling cycle, you can use one of the Sync Links commands (Sync Links for Map or Sync Links for All Maps).
You can also use Sync Links for Map to remove links that no longer exist. Since EPICenter cannot distinguish between a link that no longer exists and a link that is down, when a link is moved,
EPICenter will continue to show the obsolete link as a down link. Doing a sync on the device (from the
Inventory Manager) does not affect this, you must use the Sync Links commands to remove obsolete links from the map.
To have EPICenter rediscover all existing links between devices on the current map, do the following:
● Select Sync Links for Map from the Edit menu.
To have EPICenter rediscover all existing links between devices on all map, do the following:
● Select Sync Links for All Maps from the Edit menu.
EPICenter will add or update the links that exist between the devices on your map(s), and will remove any links whose connectivity or status it cannot determine. If status is updated for a given device, and that device appears on multiple maps, this will affect the link status of that device on all maps on which it is present.
A small pop-up will appear asking you to wait while the synchronization operation is in progress.
EPICenter Reference Guide
The Map Menu
If some devices were unable to be synchronized, a pop-up will display a warning listing the devices that was unsuccessful.
NOTE
If there is a existing link that is down when you do a Sync Links command, EPICenter will remove that link, since it cannot discover links from which it cannot get status. However, if you have auto-populate turned on for the map, the real link will be added back to the map once the link comes back up.
Find Map Node
If your map has a large number of nodes, it may be difficult to quickly find a specific node you’re interested in seeing. The Find Map Node function lets you select a node from the list of all nodes in the current view. EPICenter will then find and “select” that node.
To find a node, do one of the following:
● Select Find Map Node... from the Map menu.
●
●
Right-click on the map background to display the pop-up menu, then select Find Map Node...
Enter [Ctrl]-F from the keyboard.
You are presented with a list of all the nodes in the current view (see Figure 146 ). The list includes the name of the node, the IP address, the node type, and the map where it can be found. The total number of nodes in the list is displayed at the top of the window.
EPICenter Reference Guide 311
Network Topology Views
Figure 146: Finding a node in the current view
312
● To find a node, select the node and click the Find button.
This displays the appropriate submap, if necessary, and highlights the node you have selected.
The Find Map Node window stays open until you dismiss it with the Close button. You can move around among different maps and views while the Find Map Node window remains displayed.
If you change views while the Find Map Node window is open, the list of devices will no longer be correct. To update the list to reflect the current view, click the Refresh button.
Map Properties
There are a number of properties you can set for the current map, such as the background color or image, node background color and style, node and link text color, and whether RMON statistics should be enabled for the devices on this map.
To display the Map Properties window, do one of the following:
● Select Map Properties... from the Map menu.
● Right-click on the map background to display the pop-up menu, then select Map Properties....
The Topology Map Properties window will appear, as shown in Figure 147 .
EPICenter Reference Guide
Figure 147: Setting Map Properties for the current map
The Map Menu
The fields in this dialog box are as follows:
Name
Background Image
Background Image Width
Background Image Height
Background Image X and Y
Map Background Color
Node Background Color
Node Text Color
Link Text Color
Modify the name of the map in this field.
Select a background image for the current map from the drop-down list in the
Background Image field.
Change the width (in pixels) for the background image by entering the number of pixels in this field.
Change the height (in pixels) for the background image by entering the number of pixels in this field.
Select the coordinates (in pixels) where the upper left hand corner of the background image should be placed by entering the number of pixels in the
Background Image X or Background Image Y field.
Change the map background color by clicking the color bar icon labeled Map
Background Color. You can select a color using color swatches, or by specifying
HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon.
Change the node background color for non-transparent map nodes by clicking the color bar icon labeled Node Background Color. You can select a color using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon.
Note: Device nodes that display a device icon use a transparent background color.
Thus, the node background color setting is ignored for these nodes. The background color affects only submap nodes, device hyper nodes, and device nodes that do not display a device icon.
Set the color used to label nodes by clicking the color bar icon labeled Node Text
Color. You can select a color by using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon.
Set the color of the text used to label links by clicking the color bar icon labeled
Link Text Color. You can select a color using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon. The default is black.
EPICenter Reference Guide 313
314
Network Topology Views
Node Gradient Background
Map Node Font Size
Display device names
Display device icons
Rmon Statistics
To use a gradient node background color (the color is shaded from light to dark to light), click the checkbox labeled Node Gradient Background. To turn the gradient off, so that the node background will be a uniform solid color, click in the checkbox to remove the check mark. The default is to use a gradient background.
Set the Map Node Font Size to change the size of the font used for map node labels (names, annotations, IP addresses and so on). The default is a 12-point font.
Uncheck the Display device names checkbox to hide device names on the maps.
Check the checkbox to show the device names. The default is to display device names.
Uncheck the Display device icons checkbox to use plain boxes to indicate map nodes instead of icons representing specific device types. Check the checkbox to display node icons. The default is to display device icons.
Select whether RMON statistics should be enabled for this map, click the checkbox labeled Rmon Statistics. When RMON statistics are on for a map, the percent utilization will be displayed for links.
RMON statistics can be enabled separately for each map in the view. The default is to have RMON statistics disabled for the map.
You can use Map Properties to change many aspects of the appearance of your map:
● To change the name of the map, modify the name in the Name field.
●
●
To select a background image for the map, select the image you want from the drop-down list in the
Background Image field.
To change the height and width (in pixels) for the background image, enter the number of pixels in the Background Image Width or Background Image Height field.
●
●
●
To select the coordinates (in pixels) where the upper left hand corner of the background image should be placed, enter the number of pixels in the Background Image X or Background Image Y field.
To change the map background color, click the color bar icon labeled Map Background Color. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon.
To change the node background color for non-transparent map nodes, click the color bar icon labeled
Node Background Color . This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon.
NOTE
Device nodes that display the node icon use a transparent background color. Thus, the node background color setting is ignored for these nodes. The background color affects only submap nodes, device hyper nodes, and device nodes that do not display a device icon.
●
●
●
To set the color used to label nodes, click the color bar icon labeled Node Text Color. This displays a color selection window where you can select a color by using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon.
To set the color of the text used to label links, click the color bar icon labeled Link Text Color. This displays a color selection window where you can select a color using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon. The default is black.
To use a gradient node background color (the color is shaded from light to dark to light), click the checkbox labeled Node Gradient Background. To turn the gradient off, so that the node background
EPICenter Reference Guide
The Map Menu
●
●
●
● will be a uniform solid color, click in the checkbox to remove the check mark. The default is to use a gradient background.
Set the Map Node Font Size to change the size of the font used for map node labels (names, annotations, IP addresses and so on). The default is a 12-point font.
Uncheck the Display device names checkbox to hide device names on the maps. Check the checkbox to show the device names. The default is to display device names.
Uncheck the Display device icons checkbox to use plain boxes to indicate map nodes instead of icons representing specific device types. Check the checkbox to display device icons. The default is to display device icons.
To select whether RMON statistics should be enabled for this map, click the checkbox labeled Rmon
Statistics . When RMON statistics are on for a map, the percent utilization will be displayed for links.
RMON statistics can be enabled separately for each map in the view. The default is to have RMON statistics disabled for the map.
NOTE
It is possible to disable RMON statistics for the Topology applet as a whole, so that the RMON Statistics checkbox will not have any effect. This is done setting RMON properties on the Server Properties page of the
Administration applet.
Adding Map Background Images
You can add images of your own to use as background images for topology maps by placing them in the
BackgroundImages
directory in the EPICenter server installation.
Both
.gif
and
.jpg
image types are supported.
Background images are kept in the directory
<EPICenter_install_dir>\extreme\gifs\topology.BackgroundImages where
<EPICenter_install_dir>
is the root directory of your EPICenter server installation (by default epc4_1
in the Windows operating environment, or
/opt/extreme/epc4_1
on a Solaris system
)
.
Print Map
You can print the current map using the Print Map function. To print a map, display the map you want to print and then do one of the following:
●
●
Select Print Map from the Map menu.
Enter [Ctrl]+P from the keyboard.
Printing a large map can be very memory-intensive, and can take a significant amount of time.
NOTE
Landscape mode and plotters are not supported.
EPICenter Reference Guide 315
316
Network Topology Views
The Display Menu
The Display menu provides two commands:
VLAN Information
Properties
When selected, displays information about the VLANs configured on the switched in the current map.
Available when a Device node is selected on the map. Opens the Properties Display for
the selected device (see “Device Properties” on page 88 ). If no Device node is selected,
the Properties item is not selectable.
VLAN Information
The Topology applet can display information on the VLANs configured on the switches in a map. By default, VLAN information is not displayed.
You can view VLAN information in two ways within the Topology View applet:
● By VLAN , which highlights all devices and links on the current map with ports in a selected VLAN.
● By device , which displays a list of VLANs configured on any endpoints (ports) on the selected device.
VLAN information for links is always displayed in the Map Element Description Panel whenever a link is selected, regardless of the VLAN Display mode.
To enable the VLAN information display for devices on a map, do one of the following:
● Click the VLANs icon in the Topology Map Toolbar.
● Select Display from the menu bar, and then select VLAN information. This is a toggle menu item; select it once to display VLAN information, select it again to remove the VLAN information display.
When you enable the VLAN information display, a drop down field appears in the applet Toolbar that lists all the VLANs configured for devices on the map.
● To view VLAN information by VLAN on the current map, select the VLAN from the drop-down list. The links and devices that are involved in the VLAN are highlighted on the map, devices and links not in the VLAN are dimmed. Figure 148 shows the VLAN display for a single node on the map.
EPICenter Reference Guide
Figure 148: Displaying VLAN information
The Display Menu
●
If a link is displayed as a broken line, this means that a VLAN with the selected name does not exist on one of the ports in that link. This typically indicates a misconfiguration. However, it is possible that a compatible VLAN with a different name exists on the other port, and no misconfiguration exists. For example, you could have an untagged VLAN vlan1 on one port, and untagged VLAN
vlan2 on the other port. Thus when you select either vlan1 or vlan2 the link is displayed as a broken line, but traffic will flow successfully between the two VLANs.
To view the VLANs configured on a device, select the device node on the map. The Map Element
Description panel on the left-hand side of the window displays information about the VLANs configured on a selected device node. For more detailed information about the VLANs on a device, you can right-click on the device and select Device, then VLANs from the pop-up menu that
appears. See “The Device Sub-Menu” on page 39 for more information.
NOTE
If you have a large number of VLANs configured on the device, it could take a while to display the VLANs. Do not deselect the node while this is in progress.
● To view VLANs configured on a link, select the link. VLAN configuration information for the devices on both sides of the link is displayed in the Map Element Description panel. (Note that this information is always displayed for links, even if you do not have the VLAN Display option selected.)
EPICenter Reference Guide 317
318
Network Topology Views
The Tools Menu
Using the Tools menu, you can add links to a VLAN, connect edge ports to a VLAN, and view a variety of information about the devices represented by the nodes on the map. By selecting a function from the
Tools menu, or from the Device pop-up menu, you can invoke displays of information kept by
EPICenter for the selected device.
Mark Links Mode
Mark Links Mode is required for using the Add Links to VLAN function.
When Mark Links Mode is turned on, you can click on multiple links on multiple maps in the view to select them. EPICenter remembers all of the selected links from each map.
To enable Mark Links Mode, do the following:
●
●
Select Mark Links Mode from the Tools menu.
Click the Mark icon in the Toolbar.
To select or deselect a link, click on the link. Marked links blink on the map.
Add Links to VLAN
Use the Add Links to VLAN function to add marked links to a new or existing VLAN.
To add a link to a VLAN, do the following:
●
●
●
Select Mark Links Mode from the Tools menu.
Select one or more links to be added to the VLAN.
Select Add Links to VLAN from the Tools menu.
The Add Links to VLAN Dialog box opens, as shown in Figure 149 .
EPICenter Reference Guide
Figure 149: Add Links to VLAN Dialog
The Tools Menu
●
●
To add the selected link to an existing VLAN, click the Add links to an existing VLAN radio button.
■ Select the VLAN from the list.
■ Uncheck the Add selected links to VLAN as tagged checkbox to specify that the VLAN should be added as untagged; check the checkbox to add the link as tagged.
To add the selected link to a new VLAN, click the Add links to a new VLAN radio button.
The display changes, as shown in Figure 150 .
EPICenter Reference Guide 319
Network Topology Views
Figure 150: Add links to new VLAN dialog
320
●
■
■
Enter the name of the new VLAN.
Select untagged or enter tag for the VLAN.
■ Select the VLAN protocol.
To add the selected links, click OK.
For more information on creating new VLANs, see
Chapter 12 “Using the VLAN Manager” .
Connect Edge Port to VLAN
You can add an edge port from a selected device to a particular VLAN from within the Topology feature. As you add the port, the map view is automatically updated to display your proposed changes.
To connect an edge port to a VLAN, select the node and do one of the following:
●
●
Select Connect Edge Port to VLAN from the Tools menu.
Right-click on the Device map node, then select Connect Edge Port to VLAN from the pop-up menu that appears.
This starts the Connect Edge Port to VLAN Wizard, as shown in Figure 151 .
EPICenter Reference Guide
Figure 151: Connect Edge Port to VLAN Wizard
The Tools Menu
To use the wizard, do the following:
1 Select the name of the VLAN from the VLAN List.
2 Select the port from the Available Ports in the Device list.
3 If you want to add the port as tagged, click the Add the selected port as tagged port checkbox.
4 Click Next.
The second page of the Connect Port to VLAN Wizard appears, as shown in Figure 152 .
Figure 152: Connect Port to VLAN Wizard (page 2)
■ If the connection from the selected edge port to the desired VLAN is viable, the Wizard displays path information, including any additional ports that must be added to the VLAN to accommodate the connection.
EPICenter Reference Guide 321
Network Topology Views
■
■
If the Wizard is unable to locate a path between the selected edge port and the desired VLAN, the Wizard gives you the option of creating the VLAN on the selected device. However, no path from the device to the VLAN is created.
If you try to add an edge port from a device that is already a member of the desired VLAN, the
Wizard reports that the VLAN is on the same device and that the port will be added without changing links.
5 Uncheck Add calculated links if you want to add the selected edge port to the VLAN and you do not want the found path to be added.
6 Click Finish to complete the connection.
Click Cancel to cancel the operation.
322 EPICenter Reference Guide
12
Using the VLAN Manager
This chapter describes how to use the VLAN Manager for:
● Viewing enterprise-wide, tagged and untagged VLAN information for Extreme (Summit and
BlackDiamond) switches managed by the EPICenter software
●
●
●
●
Adding new tagged or untagged VLANs to Extreme devices, adding ports to those VLANs, and modifying IP addresses
Deleting VLANs
Modifying VLANs
Adding and deleting protocol filters
Overview of Virtual LANs
A virtual local area network (VLAN) is a group of location- and topology-independent devices that communicate as if they were on the same physical LAN. Extreme Networks switches have a VLAN feature that enables you to construct broadcast domains without being restricted by physical connections.
The VLAN Manager creates and manages VLANs for Extreme Networks devices only. It does not handle other third-party devices, even though third-party devices can be managed through the
Inventory Manager.
If you run the EPICenter client with Administrator or Manager access, you can:
● Create and delete VLANs
●
●
Add or remove ports from existing VLANs
Modify a VLAN’s IP address
●
●
Create and modify the protocol filters used to filter VLAN traffic
Enable/disable IP Forwarding on a switch (for the entire switch)
Extreme Networks switches can support a maximum of 4000 VLANs. VLANs on Extreme Networks switches can be created according to the following criteria:
●
●
Physical port
802.1Q tag
●
●
Protocol sensitivity using Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol filters
A combination of these criteria
In the EPICenter system, a VLAN is defined uniquely by the following:
● Name
●
●
802.1Q tag (if defined)
Protocol filters applied to the VLAN
EPICenter Reference Guide 323
324
Using the VLAN Manager
As a result, multiple switches are shown as members of the same VLAN whenever all the above are the same.
For a more detailed explanation of VLANs, see the ExtremeWare Software User Guide.
VLAN Manager Functions
There are multiple ways to invoke the functions provided by the VLAN Manager:
● Using the menus at the top of the main applet frame
●
●
Using the function buttons shown directly below the EPICenter menus
Using commands from a pop-up menu that appears when you right-click on a device or device group entry in the Component Tree
For simplicity, most of the instructions in this chapter only specify one method of invoking a function
(usually the function button).
VLAN Manager Function Buttons
The buttons at the top of the main VLAN Manager applet provide the following functions:
Table 37: VLAN Manager Function Buttons
By VLAN
By Switch
Add
Delete
Modify
Filters
Refresh
Show all the switches with ports that are members of a specific VLAN.
Show the VLANs that have members on a specific switch.
Create VLANs on the switch. If you have Monitor access only, you can not use this function. See “
for details on using this feature.
Delete VLANs on the switch. If you have Monitor access only, you can not use this function. See “
”
for details on using this feature.
Modify VLANs on the switch. If you have Monitor access only, you can not use this function. See “
”
on page 335 for details on using this feature.
View, add, and delete protocol filter definitions. If you have Monitor access, you can view filter definitions, but not add or delete them. See “
Protocol Filters ” on page 339 for details on using this feature.
Refresh the information in the “By VLAN” Component Tree, deleting any VLANs that are no longer configured on any devices. See
.
These functions can also be accessed through the VLAN menu.
The VLAN Menu
EPICenter provides a set of menus at the top of the main applet frame. Most of these are standard across all the EPICenter applets, and are described in
“EPICenter Menus” on page 32 .
The VLAN Manager provides an additional menu, VLAN, that contains commands unique to the
VLAN Manager. The VLAN menu contains the following items:
EPICenter Reference Guide
VLAN Manager Functions
Table 38: The VLAN Menu
By VLAN
By Switch
Add VLAN
Delete VLAN
ModifyVLAN
Filters
Refresh
Show all the switches with ports that are members of a specific VLAN.
Show the VLANs that have members on a specific switch.
Create VLANs on the switch. If you have Monitor access only, you can not use this function. See “
”
on page 331 for details on using this feature.
Delete VLANs on the switch. If you have Monitor access only, you can not use this function. See “
for details on using this feature.
ModifyVLANs on the switch. If you have Monitor access only, you can not use this function. See “
Modifying a VLAN ” on page 335
for details on using this feature.
View, add, and delete protocol filter definitions. If you have Monitor access, you
can view filter definitions, but not add or delete them. See “ Adding and Deleting
”
on page 339 for details on using this feature.
Refresh the information in the “By VLAN” Component Tree, deleting any VLANs that are no longer configured on any devices. See
Viewing Device Information from Pop-Up Menus
From a device entry in the Component Tree (in either the By Switch or By VLAN view) you can select
The contents of the pop-up menu depend on the component you have selected:
By VLAN view
By VLAN view
By Switch view
By Switch view
Select a VLAN and right-click to access the Modify VLAN Membership and Properties commands.
Select a device and right-click to display a menu containing the Modify VLAN
Membership, Device, Technical Support, Macros and Properties commands.
Select a device and right-click to display a menu containing Device, Technical Support,
Macros and Properties commands.
Select a VLAN and right-click to access the Modify VLAN Membership and Properties commands.
Modify VLAN Membership
The Modify VLAN Membership command lets you modify the VLAN membership of the VLAN selected in the Component Tree. You can add ports on multiple switches to the VLAN, and delete ports from the VLAN. You cannot search for device connections or change the IP Forwarding behavior of a switch using this function. See
“Modifying a VLAN from the Component Tree Menu” on page 338 for
details on using this command.
Table 39 describes all the popup menu commands available.
Table 39: Pop-Up Menu Commands
Modify VLAN
Membership
Device >
Technical Support
Modify ports (add or delete) on a VLAN. See “Modifying a VLAN from the Component
Same as the Device command from the Tools menu. Provides a submenu of commands: Alarms, Statistics, Sync, Telnet, Viewer, Device Manager. See
Sub-Menu” on page 39 for a description of each command.
Same as the Technical Support command from the Tools menu.
See
“The Technical Support Sub-Menu” on page 40 for more information.
EPICenter Reference Guide 325
Using the VLAN Manager
Table 39: Pop-Up Menu Commands (continued)
Macros >
Properties
Same as the Macros command from the Tools menu. See
“The Macros Sub-Menu” on page 41 for more information.
If a device is selected, this opens the Device Properties display. See
for details about what this command shows.
If a VLAN is selected, this opens the VLAN Properties window. See “VLAN Properties” on page 341
for more information.
Displaying a VLAN
When you click the VLAN icon in the EPICenter Navigation Toolbar, the VLAN Manager window is displayed, as shown in Figure 153 .
Figure 153: VLAN Manager top-level view By VLAN, showing devices organized by VLAN
326
The VLANs currently known to the EPICenter database are displayed in the Component Tree on the left. The panel on the right shows summary information about each VLAN.
NOTE
You must add switches to the EPICenter database through Discovery or by using the Add function in the Inventory
Manager. Until you add a switch to the database, you cannot use EPICenter create any VLANs on that switch.
EPICenter Reference Guide
Displaying a VLAN
Information about VLAN configurations is obtained when a switch is added to the database.
The VLAN Manager can display information either by VLAN (showing all the switches with ports that are members of a specific VLAN) or by switch (showing the VLANs that have members on a specific switch).
● Select the By VLAN button to display VLANs at the first level of the Component Tree. Listed under each VLAN is every switch that has the VLAN defined on it (see Figure 153 ).
When the top level of the tree (the VLANs node) is selected, the right hand panel displays a list of all VLANs configured on the Extreme Networks switches included in the EPICenter database. The
All VLANs display includes:
Name
Tag
Protocol
The VLAN name
The VLAN tag value (if any) or “Untagged”
The protocol filter configured for the VLAN
●
Select an individual VLAN to view a summary of the configuration of the switches and ports that are members of that VLAN.
Select the By Switch button to display switches at the first level of the Component Tree. Listed under each switch is every VLAN that is defined on the switch, as shown in Figure 154 .
When the top level of the tree (the Switches node) is selected, the right hand panel displays a list of the Extreme Networks switches known to the EPICenter database on which VLANs are configured.
Figure 154: VLAN Manager view By Switch, showing VLANs organized by device
EPICenter Reference Guide 327
Using the VLAN Manager
The Devices view includes:
Name
Type
The switch name
An icon representing the switch type
Select an individual switch to list the VLANs that are configured on that switch.
Viewing VLANs on a Switch
To view all VLANs configured on an individual switch, select the switch in the Component Tree of the
By Switch view.
Figure 155 shows an example of the All VLANs on Switch view.
Figure 155: VLAN topology shown by switch
328
The following information is displayed for each VLAN on the selected switch:
Name
Tag
Protocol
VLAN IP Addr
Ports
VLAN name
VLAN tag
Protocol filter for the VLAN
VLAN IP address
Ports on this switch in the VLAN
EPICenter Reference Guide
Displaying a VLAN
Viewing Switches in a VLAN
To view all devices configured with a specific VLAN, select the VLAN in the Component Tree of the By
VLAN view.
Figure 156 shows an example of the Devices in VLAN view.
Figure 156: VLANs present on the selected switch
The following information is displayed for each switch in the selected VLAN:
Name
Type
VLAN IP Addr
Ports
Device name
An icon representing the device Type
IP address of the VLAN
Ports on this switch in the VLAN
Viewing VLAN Member Ports
You can display details about the component ports of a VLAN by selecting a VLAN and switch in the tree on the left. You can do this from either the By VLAN or By Switch view. Once you have selected a
VLAN and switch (or switch and VLAN) the panel on the right displays detailed information about the ports in the selected VLAN and switch, as shown in Figure 157 .
EPICenter Reference Guide 329
Using the VLAN Manager
Figure 157: VLAN member ports on a selected switch
330
The port details include the following information about each port:
#
Type
Speed
Duplex
State
Status
Tagging
The port number
The port type, shown as an icon. Different icons are used to represent the port types:
• 10/100Mbps (
• 100Base-FX ( )
)
• 100Base-T/TX (
• 1000BASE-X ( )
)
• Tagged ports are shown with a small orange tag ( )
• Load-shared ports (for devices running ExtremeWare) are indicated with a small green S ( ).
The port speed
The Duplex setting (Full or Half)
The port state (Enabled or Disabled)
The port status (Ready or Active)
Whether the port is tagged or untagged
NOTE
EPICenter does not support load sharing for devices running ExtremeXOS.
EPICenter Reference Guide
Adding a VLAN
Adding a VLAN
Users with Administrator or Manager access can create VLANs on the Extreme Networks switches managed by the EPICenter software. If you have Monitor access only, you can not use this function.
Figure 158: Add VLAN dialog, Properties and Ports page
The fields in this dialog box are as follows:
VLAN Name
Protocol Filter
Tag
Available Switches
Available Ports
Ports in VLAN
Tagged button
Untagged button
Remove button
Connect Device button
A descriptive name for the VLAN. The name must begin with a letter followed by up to
31 characters.
A drop-down list of protocol filters, from which you can select the protocol (if any) that determines membership in this VLAN.
An 802.1Q tag value for this VLAN. The tag value can be a number between 2 and
4095. Enter the text “untagged” to indicate that the VLAN is to be untagged.
The list of switches known to EPICenter. Select a switch from this list to display the ports on the switch that are available to be included in the VLAN. (If a protocol other than “ANY” is selected, only switches that support the assigning of the protocol to a
VLAN are included in the list.)
When a switch is selected in the Available Switches list, shows the ports on the switch that are available to be included in the VLAN.
Displays the ports in the selected VLAN for each switch in the VLAN.
Click Tagged to add the port as a tagged port. If this is an untagged VLAN, you are not allowed to add a tagged port.
Click Untagged to add the port as an untagged port.
To remove a port from the VLAN, select the port from the Ports in VLAN list, and then click Remove.
After you add a device and port to the VLAN, you can use the Connect Device button to determine whether that port can connect to the other members of the VLAN.
To add a new VLAN, do the following:
1 Click the Add button in the VLAN Manager Toolbar.
The Add VLAN dialog box, Properties & Ports page is displayed, as shown in Figure 158 .
EPICenter Reference Guide 331
Using the VLAN Manager
2 Enter a descriptive name for the VLAN. The name must begin with a letter followed by up to 31 characters. See the ExtremeWare Software User Guide for details on VLAN naming.
3 Select an entry from the pull-down Protocol Filter list. This selection determines what protocol (if any) is used to determine membership in this VLAN. Select ANY to have the filtering rules match all unfiltered protocols.
4 If the VLAN is to be tagged, enter a 802.1Q tag value in the Tag field. The tag value can be a number between 2 and 4095. By entering a tag number, you enable tagging for this VLAN. Enter the text “untagged” to indicate that the VLAN is to be untagged.
5 To add a port to the VLAN, first select the switch from the Available Switches list. This displays a list of ports on the switch that are available to be included in the VLAN.
NOTE
The Available Ports list does not include ports configured as slave load sharing ports.
6 Select one or more ports from the Available Ports list.
7 Click Tagged to add the port(s) as tagged. Click Untagged to add the ports as untagged ports.
If this is an untagged VLAN, you are not allowed to add a tagged port.
If you add a port untagged, EPICenter must remove it from any other VLAN that includes the port as an untagged member. EPICenter will warn you and let you confirm that this is what you want.
8 To remove a port from the VLAN, select the port from the Ports in VLAN list, and then click
Remove .
9 After you add a device and port to the VLAN, you can use the Connect Device button to determine whether that port can connect to the other members of the VLAN.
●
●
Select the device you want to check.
Click the Connect Device button.
If EPICenter can find a path from the device and port to another member of the VLAN, it opens a
Connection Information window that displays information about the path, as shown in Figure 159 .
Figure 159: Connection Information window
332
If additional ports, or devices and ports must be added to create a path, EPICenter lists the ports needed, and offers to add them to the VLAN.
EPICenter Reference Guide
Adding a VLAN
●
●
Click Yes to add the ports.
Click No to close the Connection Information window without adding the ports.
If EPICenter cannot find a path, it displays an error window.
10 When you have finished adding ports to the VLAN, click Apply to implement the changes.
The VLAN is created on the switches whose ports are members of the new VLAN.
Once you have added a VLAN, you can specify an IP address and mask for the VLAN on each switch, and also enable or disable the global IP Forwarding behavior of the switches on which the VLAN resides.
1 Select the IP Forwarding tab at the top of the Add VLAN window.
The IP Forwarding page is displayed, as shown in Figure 160 .
Figure 160: Add VLAN dialog, IP Forwarding page
The display lists the switches that you specified to be members of this VLAN., and shows whether
IP Forwarding is already enabled on the each switch.
2 Select a switch from the table of switches.
3 Enter an IP address and IP mask as appropriate. Click the Enable GLOBAL IP Forwarding on switch check box to enable IP forwarding on the switch.
CAUTION
This changes the IP Forwarding behavior for the entire switch, not just for the selected VLAN.
4 Click Apply to implement the changes.
5 Click Close to exit the window.
EPICenter Reference Guide 333
Using the VLAN Manager
Deleting a VLAN
Users with Administrator or Manager access can delete VLANs from Extreme Networks switches managed by the EPICenter software. If you have only Monitor access, you cannot use this function.
To delete a VLAN, follow these steps:
1 Click the Delete button in the VLAN Manager Toolbar.
The Delete VLAN dialog is displayed, as shown in Figure 161 .
Figure 161: The Delete VLAN page
334
2 Select the VLAN you want to delete.
3 Click Delete.
The VLAN is deleted from all the switches on which it exists. If any of the switches in the VLAN are offline or unreachable, the VLAN cannot be deleted completely, and remains with only those switches as members.
4 Click Close to exit the window.
NOTE
When you delete a VLAN, it is not immediately removed from the “By VLAN” Component Tree, even though it has been deleted from all switches. It can remain in the Component Tree, with no device members, for up to 24 hours before EPICenter removes it. You can use the Refresh command to update the Component Tree and remove any
VLANs that are no longer exist on any switches.
Refreshing the Component Tree
When you delete a VLAN, EPICenter removes the VLAN from all switches on which it exists, but may not remove the VLAN entry from the VLAN Manager Component Tree for as long as 24 hours. The
EPICenter Reference Guide
Modifying a VLAN
Refresh command, accessed from the VLAN menu or with the Refresh button, removes any VLANs which have been deleted from all switches but which still appear in the “By VLAN” view of the
Component Tree.
● To remove deleted VLANs from the By VLAN Component Tree, click the Refresh button.
Modifying a VLAN
Users with Administrator or Manager access can modify the properties of a VLAN, and add and remove ports from the VLAN. If you have only Monitor access, you can not use this function.
You can start the Modify VLAN process in two ways:
● Click the Modify icon in the VLAN Manager toolbar.
Using this method you can modify both the VLAN membership (devices and ports) and the VLAN tag, and change the IP Forwarding behavior of a switch where the VLAN resides. You can also search for device connections between devices in the VLAN.
If you are in the By VLAN view, and a VLAN is selected in the Component Tree before you click the Modify button, the Modify VLAN window will contain information on the selected VLAN. If you do not select a VLAN beforehand, you can select one from within the Modify VLAN window.
●
See
“Modifying a VLAN from the Toolbar” on page 335 for details.
In the By VLAN view, select a VLAN in the Component Tree, right-click to display the pop-up menu, and select Modify VLAN Membership. (This is not available if you are viewing By Switch.)
Using this method you can modify the VLAN membership (add or remove devices and ports) of the
VLAN selected in the Component Tree. You cannot change the IP Forwarding behavior of a switch
or search for device connections using this method. See “Modifying a VLAN from the Component
for details.
Modifying a VLAN from the Toolbar
If you want to modify the properties (tag and protocol filter) of a VLAN, or change the IP Forwarding behavior of a switch in addition to modifying the VLAN membership (devices and ports), you must use the Modify command from the VLAN Manager Toolbar. You can also search for device connections between devices in the VLAN.
To start the Modify VLAN process from the Toolbar, follow these steps:
1 Click the Modify button in the VLAN Manager Toolbar.
The Modify VLAN dialog, Properties & Ports page is displayed, as shown in Figure 162 .
EPICenter Reference Guide 335
Using the VLAN Manager
Figure 162: The Modify VLAN dialog, Properties and Ports page
336
2 Select a VLAN from the drop-down list in the VLAN Name field. (If a VLAN was selected in the
Component Tree prior to invoking the Modify VLAN function, that VLAN is pre-selected.
The current values for the VLAN are displayed.
NOTE
The Ports in VLAN list does not display SummitLink ports, because you cannot modify them.
The fields in this dialog box are as follows:
VLAN Name
Protocol Filter
Tag
Available Switches
Available Ports
Ports in VLAN
Tagged button
Untagged button
Remove button
Connect Device button
A drop-down list of VLANs that exists on the switches EPICenter is managing. You can select a VLAN to modify from this list.
The protocol (if any) that determines membership in the selected VLAN. This cannot be modified.
To change the tag value, type a new value into this field. The tag value can be a number between 2 and 4095. Enter the text “untagged” to indicate that the VLAN is to be untagged.
The list of switches known to EPICenter. Select a switch from this list to display the ports on the switch that are available to be included in the VLAN. (If a protocol other than “ANY” is selected, only switches that support the assigning of the protocol to a
VLAN are included in the list.)
Displays ports for the currently selected switch.
Displays the ports in the currently selected VLAN switch.
Click Tagged to add the port as a tagged port. If this is an untagged VLAN, you are not allowed to add a tagged port.
Click Untagged to add the port as an untagged port.
Select the port from the Ports in VLAN list, and click Remove to remove a port from the
VLAN.
After you add a device and port to the VLAN, you can use the Connect Device button to determine whether that port can connect to the other members of the VLAN.
•
EPICenter Reference Guide
Modifying a VLAN
3 To change the VLAN tag, type a new value into the Tag field.
To disable tagging for the VLAN, type “untagged” into the Tag field.
4 To remove a port from the VLAN, select the port in the Ports in VLAN list, and click Remove.
5 To add a port to the VLAN, first select the switch from the Available Switches list. This displays a list of ports on the switch that are available to be included in the VLAN.
NOTE
The Available Ports list does not include ports configured as slave load sharing ports.
6 Select one or more ports from the Available Ports list.
7 Click Tagged to add the ports as a tagged ports. Click Untagged to add the ports as an untagged ports.
If this is an untagged VLAN, you cannot add a tagged port. The tagged button will be grayed out in this case.
If you add a port untagged, EPICenter must remove it from any other VLAN that includes the port as an untagged member and that uses the same protocol as the VLAN to which you are adding the port. EPICenter will warn you and let you confirm that this is what you want.
8 After you add a device and port to the VLAN, you can use the Connect Device button to determine whether that port can connect to the other members of the VLAN.
●
●
Select the device you want to check.
Click the Connect Device button.
If EPICenter can find a path from the device and port to another member of the VLAN, it opens a
Connection Information window that displays information about the path, as shown in Figure 159 .
If additional ports or devices and ports must be added to create a path, EPICenter lists the ports needed, and offers to add them to the VLAN.
●
●
Click Yes to add the ports.
Click No to close the Connection Information window without adding the ports.
If EPICenter cannot find a path, it displays an error window.
9 When you have finished adding and removing ports, click Apply to implement the changes.
If all ports of a switch are removed from the VLAN, the VLAN is deleted from that switch.
If a port on a new switch is added to the VLAN, then the VLAN is created on that switch.
10 To modify the IP address and mask for a VLAN on a switch, and to enable or disable IP Forwarding globally for the entire switch, select the IP Forwarding tab at the top of the Add VLAN window.
The IP Forwarding page is displayed, as shown in Figure 160 .
EPICenter Reference Guide 337
Using the VLAN Manager
Figure 163: The Modify VLAN dialog, IP Forwarding page
338
11 Select a switch from the table of switches.
12 Change the IP address and IP mask as appropriate. Click the Enable GLOBAL IP Forwarding on switch... check box to enable or disable IP forwarding on the switch.
CAUTION
This changes the IP Forwarding behavior for the entire switch, not just for the selected VLAN.
13 Click Apply to implement the changes.
14 Click Close to exit the window.
Modifying a VLAN from the Component Tree Menu
To start the Modify VLAN process for a VLAN in the Component Tree, follow these steps:
1 Select a VLAN in the Component Tree.
2 Right-click to display the pop-up menu, and select Modify VLAN Membership.
The Modify Membership of VLAN dialog opens, as shown in Figure 164 .
EPICenter Reference Guide
Figure 164: Modify Membership of VLAN window
Adding and Deleting Protocol Filters
3 To add a port to the VLAN, first select the switch in the Component Tree on the left. The Resource
Table displays a list of ports on the selected switch that are available to be included in the VLAN.
NOTE
The list of port resources does not include ports configured as slave load sharing ports.
4 Select one or more ports from the port resources list.
5 Click Add Tagged to add the port as a tagged port. Click Add Untagged to add the port as an untagged port.
If this is an untagged VLAN, you cannot add a tagged port. The tagged button will be grayed out in this case.
NOTE
If you add a port untagged, EPICenter automatically removes it from any other VLAN that includes the port as an untagged member and that uses the same protocol as the VLAN to which you are adding the port.
6 To remove ports from the VLAN, select one or more ports in the Current VLAN Port Members list, and click Remove.
7 To remove all ports from the VLAN, click Remove All.
8 When you are finished making changes, click OK. To cancel all changes, click Cancel.
Adding and Deleting Protocol Filters
Users with Administrator or Manager access can view, add, and delete protocol filter definitions. If you have Monitor access, you can view filter definitions, but not add or delete them.
EPICenter Reference Guide 339
340
Using the VLAN Manager
To view, delete, or add protocol filter definitions, do the following:
1 Click Protocol Filters in the VLAN Manager.
The View/Delete page of the Protocol Panel dialog box is displayed, as shown in Figure 165 .
.
Figure 165: Protocol Panel dialog box, View/Delete page
This page shows all the protocol filters configured within the EPICenter database. Any filters that are in use by a VLAN are indicated with an asterisk (*) in the In Use column.
2 To delete a protocol filter, select a filter in the list, and click Delete.
This deletes the protocol filter from all Extreme Networks switches managed by the EPICenter software, as well as from the EPICenter database.
NOTE
If a filter is in use by a VLAN, you cannot delete it.
3 Click Close to exit the window.
To add a protocol filter, follow these steps:
1 Click the Add tab at the top of the Protocol Panel dialog box to display the Add Protocol page, as shown in Figure 166 .
.
Figure 166: Protocol Panel dialog box, Add Protocol page
EPICenter Reference Guide
VLAN Properties
2 Enter a descriptive name for the protocol. The name must begin with a letter followed by up to 31 characters. See the ExtremeWare Software User Guide for details on naming.
3 Select a protocol type from the pull-down list in the type column.
4 Type a corresponding four-digit hexadecimal filter value in the value field.
5 Repeat steps 3 and 4 to enter up to six type-value pairs.
6 When you have finished entering the definition, click Add to add the new protocol filter to the
EPICenter database.
NOTE
The protocol filter is now available to be used on any switch, but is not created on any switches at this time. The protocol filter is created on a switch only when you create a VLAN to use the new protocol filter on that switch.
The database acts as a collective store for network data without needing to replicate it on every switch.
7 Click Close to exit the window.
VLAN Properties
The VLAN Properties window displays the following information:
Name
Tag
Protocol
The VLAN name
The VLAN tag value (if any) or “Untagged”
The protocol filter configured for the VLAN
Click OK to close the window.
EPICenter Reference Guide 341
Using the VLAN Manager
342 EPICenter Reference Guide
13
The ESRP Monitor
This chapter describes how to use the EPICenter ESRP Monitor applet for:
● Viewing the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs
Overview of the ESRP Monitor
The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users. The ESRP
Manager displays the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs.
You can view a summary status for all the ESRP-enabled VLANs being monitored by EPICenter. You can also view detailed information for an individual ESRP-enabled VLAN and the switches in those
VLANs.
ESRP Monitor Functions
The ESRP Monitor feature does not provide any feature-specific menus. The four standard EPICenter menus are available (EPICenter, Display, Tools and Help). However, the functions on the Display and
Tools menus are not available. Right-click pop-up menus are also not available in this feature.
For information on the standard EPICenter menu functions, see
“EPICenter Menus” on page 32 .
NOTE
This chapter does not discuss ESRP functionality in any detail. For more information about ESRP, see the
ExtremeWare Software User Guide, versions 6.0 or later.
The VLAN Summary View
To start the ESRP Monitor feature, click the ESRP button in the EPICenter Navigation Toolbar. The
ESRP Manager applet appears, initially displaying a summary status of the ESRP-enabled VLANs known to EPICenter, as shown in Figure 167 .
EPICenter Reference Guide 343
The ESRP Monitor
Figure 167: ESRP Manager showing summary ESRP-enabled VLAN status
344
The information displayed is as follows:
VLAN Name
Master Switch
IP Address
Group
The name of the ESRP-enabled VLAN.
The name, if known, or MAC address of the switch currently designated as the Master switch. If this switch is being managed by EPICenter (is included in EPICenter’s
Inventory database) the name will appear. If the switch is not known to EPICenter, the
MAC address will appear.
The IP address of the ESRP-enabled VLAN. If the master switch is not known to
EPICenter, this will be “N/A.”
The ESRP group to which this ESRP-enabled VLAN belongs in a broadcast domain that contains multiple instances of ESRP (multiple ESRP groups). The names of the ESRPenabled VLANs participating in the same group must be identical.
EPICenter Reference Guide
Election Algorithm
Hello Timer
Viewing ESRP Detail Information
The ESRP election algorithm in use for this VLAN. The election algorithm determines the order of precedence of the election factors used to determine the ESRP Master. The election factors are:
• Ports: The number of active ports (the switch with the highest number takes priority)
• Track: Whether the switch is using ESRP tracking (a switch using tracking has priority)
• Priority: A user-defined priority number between 0 and 254 (a higher number has higher priority)
• MAC: The switch MAC address (a higher-number address has priority)
The election algorithm can be one of the following:
• ports_track_priority_mac (the default): This algorithm considers active ports first, then tracking, then priority, then the MAC address to determine the ESRP
Master. This is the only algorithm supported for ExtremeWare releases prior to version 6.0
• track_ports_priority_mac
• priority_ports_track_mac
• priority_track_ports_mac
• priority_mac_only: only considers priority and the MAC address
See the ExtremeWare Software User Guide, version 6.1 or later, for details.
NOTE
Note that the ESRP election algorithm must be identical on all switches in an ESRP group. If it is not, serious problems may arise.
This is the interval, in seconds, for exchanging keep-alive packets between the ESRP switches for this ESRP-enabled VLAN. Also known as the ESRP timer. The default is 2 seconds.
Viewing ESRP Detail Information
You can display detailed ESRP information for the switches in an individual ESRP-enabled VLAN by clicking on the VLAN name in the Component Tree in the left-hand panel of the window. This displays a status window for the selected VLAN similar to the one shown in Figure 168 .
EPICenter Reference Guide 345
The ESRP Monitor
Figure 168: ESRP detail for an individual ESRP-enabled VLAN
346
ESRP trap events will also be recorded in the EPICenter Event Log, which you can view using the
EPICenter Event Log Report (see Chapter 15“EPICenter Reports” ). ESRP state change traps will be
recorded in the EPICenter Alarm Log (see Chapter 4 “The EPICenter Alarm System” ).
NOTE
ESRP Traps are not implemented in ExtremeWare versions 4.x or 5.x. Thus, for switches running those versions of
ExtremeWare, state changes and other ESRP updates will only be reflected after the next device polling interval.
Note that an ESRP-enabled VLAN can be monitored by EPICenter as long as at least one of its ESRPenabled switches is managed by EPICenter (i.e., is included in EPICenter’s device database). If there are other ESRP-enabled switches in that VLAN, their ESRP status will also be displayed in the ESRP
Manager, even if they are not being managed by EPICenter.
The Detailed ESRP Information view displays the following information:
Switch Name
MAC
State
Priority
To Master
To Slave
Active Ports
The name of the switch, if known. (If the switch is not being managed by EPICenter, this field will contain “N/A.”)
The MAC address of this switch.
The current state of the switch—Master or Slave.
A user-defined value, between 0 and 254, which can be used by the ESRP election algorithm in determining which switch is the Master switch. The default is 0.
The number of times this switch has transitioned to become a Master.
The number of times this switch has transitioned to become a Slave.
The number of active ports in this ESRP-enable VLAN.
EPICenter Reference Guide
Tracked Ports
Tracked Routes
Tracked Pings
Viewing ESRP Detail Information
The number of tracked ports that are currently active.
The number of tracked IP routes that are currently active.
The number of tracked ping responders that are responding successfully.
NOTE
The number of Master and Slave transitions cannot be obtained from versions of ExtremeWare prior to version 6.1.6.
For switches running earlier versions of ExtremeWare, the display defaults to “N/A.”
NOTE
If some of the ESRP-enabled switches in an ESRP-enabled VLAN are not managed by EPICenter, the ToMaster and
ToSlave values for those switches will not be updated until the next device polling interval.
NOTE
The number of Tracked Pings cannot be obtained from versions of ExtremeWare prior to version 6.1.6. For switches running earlier versions of ExtremeWare, the display defaults to zero.
EPICenter Reference Guide 347
The ESRP Monitor
348 EPICenter Reference Guide
14
Administering EPICenter
This chapter describes how to use the Administration applet for the following:
● Changing your own user password, for users without Administration access
●
●
Adding and deleting EPICenter users
Setting and modifying user permissions for both the EPICenter and ExtremeWare software
●
●
●
●
Configuring the EPICenter server as a RADIUS client or a RADIUS server for user authentication
Enabling or disabling EPICenter Syslog receiver functionality
Modifying EPICenter server properties to change settings such as polling rates, time-outs, port assignments and other similar settings
Configuring EPICenter for a distributed server configuration
Overview of User Administration
In order to log in to the EPICenter server and use its management features, you must have a user name and password. An EPICenter administrator can create and modify EPICenter user accounts, passwords, and account permissions through the Administration applet. Individual users, regardless of their roles, can change their own password using the Administration applet.
By default, EPICenter provides its own authentication and authorization for EPICenter users. However, through the EPICenter Admin applet, EPICenter can be configured to act as a Remote Authentication
Dial In User Service (RADIUS) client, allowing it to use an external RADIUS server to authenticate
EPICenter users. As an option, the external RADIUS server can be configured to return user role information as well as the user authentication. As an alternative, EPICenter can be configured to act as a
RADIUS server—however, the RADIUS server built into EPICenter should only be used for demonstration or testing purposes, and should not be used to provide primary authentication services in a production environment.
Finally, the Administration applet provides an interface that allows an EPICenter administrator to modify a number of properties that affect the performance and configuration of the EPICenter server.
These properties are stored in the EPICenter database along with other EPICenter data.
Administration Functions
Unlike many of the other EPICenter functions, the Administrator function does not provide access to its features through function buttons or menus. Instead, functional areas are accessed through tabs at the top of the Administrator window.
The Administrator function provides the standard EPICenter menus (EPICenter, Display, Tools, and
Help ) but only the EPICenter and Help menus have commands available. Right-click pop-up menus are not available in this feature.
For information on the standard EPICenter menu functions, see
“EPICenter Menus” on page 32 .
EPICenter Reference Guide 349
350
Administering EPICenter
EPICenter Access Roles
The EPICenter server provides four predefined roles that define levels of access to EPICenter functions:
Administrator
Manager
Monitor
Disabled
Users who can create, modify, and delete user accounts, and can create or modify roles.
By default Administrators also have read/write access to all other EPICenter features, enabling them to modify device parameters as well as view status information and statistics.
Users who, by default, have read/write access to all EPICenter features (but do not have
Administrator capabilities). They can modify device parameters as well as view status information and statistics.
Users who, by default, have read-only access to EPICenter features—they can view status information and statistics.
Users whose account information is maintained, but who do not have EPICenter access.
The access for each of these roles can be specified on a feature-by-feature basis. With the exception of the Disabled role, access to EPICenter features can be changed or disabled per feature (see
). An EPICenter Administrator can also create new roles as needed.
These roles can have any combination of access to features. While access to EPICenter features can be changed or disabled for the Administrator role, the administrator’s ability to create, modify, and delete user accounts and roles cannot be changed.
The four predefined roles cannot be deleted.
In addition to modifying EPICenter feature access through roles, an Administrator can disable access to individual EPICenter features on a global basis. When a feature is globally disabled, it cannot be
enabled for any roles. See “Features Properties” on page 364
for information on globally enabling or disabling EPICenter features.
The EPICenter server provides two default users: admin user
User with Administrator role access. This user cannot be deleted.
User with Monitor role access
The two default users do not initially have passwords. All other user names must be added and enabled by an Administrator user.
Regardless of your access role, you can run the Administration applet to change your own password.
Users with an Administrator role can add and delete users and assign user access levels.
NOTE
The EPICenter user accounts are separate from the Extreme switch user accounts. You can configure both through the EPICenter software, or you can have switch access independently of the EPICenter software.
ExtremeWare Software Access
Through the EPICenter software, three levels of access to Extreme switches can be enabled:
User User can view device status information and statistics, but cannot modify any parameters.
EPICenter Reference Guide
Administration Functions
Administrator
No Access
User can modify device parameters as well as view status information and statistics.
User does not have switch access (cannot login, cannot obtain device status information, cannot change device settings or configuration.
These permissions enable access to Extreme Networks switches through Telnet or ExtremeWare Vista
(accessed through the Device Manager command from the Devices menu of a right-click menu or the
Tools menu). The use of the RADIUS server avoids the need to maintain user names, passwords, and access permissions in each switch, and instead centralizes the configuration in one location in the
EPICenter server.
EPICenter and RADIUS Authentication
By default EPICenter provides its own authentication and authorization for EPICenter users. However,
EPICenter can be configured to act as a client to an external RADIUS server, or as a RADIUS server.
RADIUS provides a standard way for the EPICenter software and Extreme Networks switches to handle user authentication, permitting the unification of the Extreme Networks CLI, ExtremeWare Vista, and
EPICenter user authentication. When EPICenter acts as a RADIUS client, the external RADIUS server can be configured using a Vendor Specific Attribute (VSA) to provide user role information to
EPICenter along with the login and password authentication.
The EPICenter software incorporates a basic RADIUS server that may be useful for demonstration or testing purposes. However, the built-in RADIUS server should not be used in a production environment. It is not sufficiently robust for use as an authentication service in a production environment.
Setting EPICenter Server Properties
The Server Properties interface of the Administration applet allows an EPICenter administrator to modify a number of parameters that affect server performance and function. These include communication parameters such as polling intervals, time-outs, port usage, number of retries, and a number of other parameters.
EPICenter Reference Guide 351
Administering EPICenter
User Administration
You must be logged in as a user with the Administrator role to administer EPICenter users.
On the User Administration page you can create and delete users, and modify user account settings: passwords, roles and ExtremeWare RADIUS access.
To access the Administrator applet, click Admin from the Navigation Toolbar.
The User Administration page appears, as shown in Figure 169 . Initially, the only users are “admin” and
“user.”
Figure 169: User Administration window
352
NOTE
If you have not done so already, you should add a password for the “admin” user account. By default neither the
Accounts” on page 353 for further information.
EPICenter Reference Guide
User Administration
When you select a user in the Users list, the EPICenter Feature Access list at the bottom of the page displays that user’s access on a feature-by feature basis, as determined by his current Role. To change this list, you can either assign a different role to the user, or modify the feature access defined for the current Role (which will affect all users with that Role).
Adding or Modifying User Accounts
To add users to the EPICenter database, or to modify EPICenter user account access, follow these steps:
1 Click Add to add a new user.
Select a user name and click Modify to change a user’s password, EPICenter access role, or
ExtremeWare access.
A New User window or Edit User window appears ( Figure 170 ).
Figure 170: New User and Edit User windows
The fields in these windows are:
User Name
Password
Verify Password
Role
ExtremeWare RADIUS
Account Access
The EPICenter login name for the user. This is filled in and cannot be modified if you are editing an existing user.
The password for this user.
The password typed a second time for verification.
The EPICenter Role for this user. The four basic roles (Administrator, Disabled,
Manager, and Monitor) are presented, along with any additional roles an EPICenter administrator may have defined.
Thee ExtremeWare RADIUS Access level for this user:
• Administrator access allows the user to modify device parameters as well as view status information and statistics.
• User access allows the user to view device status information and statistics, but not modify any parameters.
• No Access provides no access privileges, but keeps the user’s account information in the EPICenter database.
2 For a new user, enter the appropriate information. For an existing user, make the necessary changes to the password, role or ExtremeWare access. Note the for the user “admin” you cannot change the role. (The user “admin” cannot be deleted, either.)
3 Click OK.
The new user information is stored in the EPICenter database.
EPICenter Reference Guide 353
354
Administering EPICenter
NOTE
A change to a user account does not take effect until the next time the user logs in.
Deleting a User
You must be logged in as a user with the Administrator role to delete users.
To delete a user, follow these steps:
1 From within the Admin applet, click the User tab to show the User Administration page.
2 Select the user name you want to delete and click Delete.
NOTE
You cannot delete the “admin” user.
A confirmation window appears.
3 Click Yes.
This removes all information about this user account from the EPICenter database.
NOTE
To remove all access privileges for a user without removing the user account from the EPICenter database, use the
Modify User function and change the Role to Disabled.
Changing Your Own User Password
If your user role is Administrator, you can change your own password or passwords for other users through the Modify dialog initiated from the User Administration page.
If your role is any other role (except Disabled) you can change your own password at any time after you have logged in to the ExtremeWare EPICenter. To do so, follow these steps:
1 Click Admin in the Navigation Toolbar.
The Change Password window appears, as shown in Figure 171 .
EPICenter Reference Guide
Figure 171: Change Password window
Role Administration
The window shows your user name, EPICenter role and ExtremeWare RADIUS Access level, but you cannot change them.
2 Type your new password in the Password field, and type it again in the Verify Password field.
3 Click Apply.
Your new password is stored in the EPICenter database.
NOTE
The change does not take effect until the next time you log in.
Role Administration
If your user role is Administrator, you can add, modify and delete EPICenter roles.
Roles let you define different combinations of access to the features of EPICenter. For each feature, a role can provide Read/Write Access, Read-only access, or have access disabled for a feature.
EPICenter Reference Guide 355
356
Administering EPICenter
The EPICenter server provides four predefined roles:
Administrator
Manager
Monitor
Disabled
Users who can create, modify, and delete user accounts, and can create or modify roles.
By default Administrators also have read/write access to all other EPICenter features, enabling them to modify device parameters as well as view status information and statistics.
Users who, by default, have read/write access to all EPICenter features (but do not have
Administrator capabilities). They can modify device parameters as well as view status information and statistics.
Users who, by default, have read-only access to EPICenter features—they can view status information and statistics.
Users whose account information is maintained, but who do not have EPICenter access.
Except for the Disabled role, you can modify the feature access for each of these roles, but you cannot delete them. You can also create new roles with a combination of access to various EPICenter features.
NOTE
Feature access can be globally disabled through Server Properties administration. If a feature is globally disabled you cannot provide access to the feature through any role. See
“Features Properties” on page 364 for details.
To administer roles, click the Roles tab from within the Admin applet.
The Roles Administration page opens, as shown in Figure 172 .
EPICenter Reference Guide
Figure 172: The Roles Administration window
Role Administration
When you select a role, the feature setting for the role are displayed in the EPICenter Feature Access list at the bottom of the page.
Adding or Modifying a Role
1 To add a role, click Add.
To modify a role, select the role and click Modify. (You cannot modify the Disabled role).
A Role: New or Role: Modify window opens (see Figure 173 ).
EPICenter Reference Guide 357
Administering EPICenter
Figure 173: The Role: New and Role: Modify windows
358
2 For a new role, enter the role name and an optional description.
For an existing role, you can change the description and feature access, but not the role name.
3 Select the level of access the role should allow for each feature. The levels of access are:
Disabled
Read Only
Read/Write
A user with this role cannot access this feature. The icon will not appear in the
Navigation Toolbar when a user with the role logs into the EPICenter client.
A user with this role has read only access to this feature. This means the user can see any status or statistics displays, but cannot make any changes within the applet (such as discovering or adding devices in the Inventory Manager, creating Topology maps in the Topology applet, and so on).
A user with this role has full access to this feature.
NOTE
For the predefined roles (Administrator, Manager, and Monitor) you can disable access to EPICenter features, but you cannot change a feature from Read/Write to Read Only or vice-versa. The Administrator and Manager roles always provide full access to any features for which access is enabled, and the Monitor role provides only Read
Only access to any features for which access is enabled.
4 Click Apply to create or modify the role.
If features are globally disabled through the Features Properties settings under the Server Properties
Configuration tab, you will not be able to select those features when you add or modify a role. The
Access column will show Globally Disabled instead of access options. The STP and VoIP features are globally disabled by default, and this is shown in Figure 173 .
EPICenter Reference Guide
RADIUS Administration
Deleting a Role
To delete a role, follow these steps:
1 From within the Admin applet, click the Roles tab to show the Role Administration page.
2 Select the role you want to delete and click Delete.
NOTE
You cannot delete any of the predefined roles. You also cannot delete a role that is currently assigned to a user.
A confirmation window appears.
3 Click Yes.
This removes the role from the EPICenter database.
RADIUS Administration
If your user role is Administrator, you can enable EPICenter as a RADIUS client or RADIUS server, and change its port or the RADIUS secret. By default RADIUS authentication is disabled.
Enabling EPICenter as a RADIUS client means that when a user attempts to login to the EPICenter server, EPICenter will request authentication from an external RADIUS server. The external RADIUS server can also be configured to return role information to EPICenter along with a successful authentication. If this feature is enabled, you must create corresponding roles in EPICenter for every role that the RADIUS server may return. If a user is authenticated with a role that EPICenter does not recognize, the user will be given the Monitor role by default. See the EPICenter Concepts and Solutions
Guide for information on configuring this in the RADIUS server.
Enabling EPICenter as a RADIUS server means that Extreme switches can act as RADIUS clients, authenticating users against the RADIUS server’s database of users, as administered through EPICenter.
Thus, even if a user accesses the switch directly through Telnet or a browser, the RADIUS server will provide the authentication service. This may be useful for demonstration or testing purposes. However,
EPICenter should not be used to provide authentication services in a production environment.
If you have enabled the EPICenter RADIUS server, authentication activity is logged to the file radius_log.txt
, found in the EPICenter root install directory.
Disabling RADIUS in EPICenter means that EPICenter’s RADIUS server will not be available for authenticating users, and it will not request user authentication from an external RADIUS server.
● To change the EPICenter server RADIUS configuration, click the RADIUS tab at the top of the page.
The RADIUS Administration page appears, as shown in Figure 174 .
EPICenter Reference Guide 359
Administering EPICenter
Figure 174: RADIUS Administration page
360
RADIUS Client Configuration
To enable EPICenter as a RADIUS client, do the following:
1 Click the Enable EPICenter as a RADIUS Client button at the top of the page.
This enables the fields in the Client Configuration panel.
It is recommended, but not required, that both a primary and a secondary RADIUS server be available for authentication.
2 Fill in the name or IP address of the primary and secondary RADIUS servers.
3 The default port used for the RADIUS server is 1645. If either RDIAUS server uses a different port, enter that port number in the appropriate RADIUS Port field.
NOTE
The port you enter must match the port configured for the RADIUS server or EPICenter will not be able to access the RADIUS server.
EPICenter Reference Guide
RADIUS Administration
4 Enter the RADIUS server’s shared secret in the RADIUS Secret field for both the primary and secondary RADIUS servers.
This shared secret is a shared key by which the RADIUS server and its clients recognize each other, and which they use for secure transmission of user passwords.
NOTE
If the shared secret is changed in either of the RADIUS servers, you must change it in EPICenter as well, or else
EPICenter will no longer be able to access the RADIUS server.
5 Click Apply to have the configuration changes take effect.
NOTE
Some configuration may be required on the external RADIUS server to allow EPICenter to authenticate users with various roles. See the EPICenter Concepts and Solutions Guide for a full explanation of how to configure an external
RADIUS server to perform EPICenter user authentication.
RADIUS Server Configuration
To configure EPICenter as a RADIUS server, follow these steps:
1 Click the Enable EPICenter as a RADIUS Server button in the RADIUS Configuration panel at the top of the page.
This enables the fields in the Server Configuration panel.
2 Enter the RADIUS server’s shared secret in the RADIUS Secret field.
NOTE
If you change the secret in the RADIUS server, you must also change it in any of the RADIUS clients (Extreme switches) that use the RADIUS server for user authentication.
3 The default port used for the RADIUS server is 1645. To change the server port, enter the port number in the RADIUS Port field.
NOTE
If you change the RADIUS server port, you must make sure that the port used by any RADIUS clients (Extreme switches that use this RADIUS server for user authentication) match the port you enter for the server.
4 To disable RADIUS response messages, uncheck the Enable RADIUS Response Messages checkbox.
This prevents the RADIUS server from sending a response message when authentication fails. Check the box to enable these messages. This is enabled by default.
5 Click Apply to have the configuration changes take effect.
Disabling RADIUS for EPICenter
To disable the use of RADIUS authentication, do the following:
EPICenter Reference Guide 361
Administering EPICenter
1 Click the Disable RADIUS button at the top of the page.
2 Click Apply to have the configuration changes take effect.
Server Properties Administration
If your user role is Administrator, you can modify the values of a number of properties that affect the function and performance of the EPICenter server.
1 Click the Server Properties tab at the top of the page.
The Server Properties Configuration page appears, as shown in Figure 175 .
Figure 175: Server Properties Configuration page, initial properties list (Devices)
362
2 Select a set of properties from the drop-down menu field at the top of the central panel. You can select from these sets of properties:
■
EPICenter Reference Guide
Server Properties Administration
The Server Properties Configuration page displays the properties in that set.
3 Type a new value into the field for the property you want to change, or click a check-box to turn on or off an option. The specific properties and their meanings are discussed in the following sections.
4 Click the Apply button to cause your changes to take effect.
You can undo your changes in one of two ways:
■
■
Click the Reset button to restore the values that the displayed properties held when you first entered this page.
Click the Reset to Defaults button to restore the values to the EPICenter server default values
(the values in effect immediately after installation).
5 For some changes, you will need to restart the EPICenter server for the changes to take effect. A pop-up dialog will inform you that this is necessary.
Click OK to dismiss the dialog box, and then shut down and restart the EPICenter server.
See the EPICenter Installation and Upgrade Note for information on how to shut down and restart the
EPICenter server.
Devices Properties
When you select Devices from the drop-down menu field at the top of the properties panel, you can set the following properties:
Telnet Login Timeout
Period (sec)
Device HTTP Port
Device Telnet Port
Device SSH Port
Upload/Download Timeout
Period (sec)
Reboot Timeout
Period (min)
The length of time, in seconds, after which a CLI/Telnet login request to a switch should time out. The default is 10 seconds, the range is 1 to 30 seconds.
The port that the EPICenter server will use to communicate with an Extreme switch’s web server to run ExtremeWare Vista. Default is port 80.
The port that the EPICenter server will use to Telnet to a switch. Default is port 23.
The TCP port number that EPICenter uses to connect with the switch using the SSH protocol. The default is port 22.
The length of time, in seconds, after which a configuration upload or download operation should time out. If some devices have a large number of VLANs, the timeout may need to be increased to allow an upload or download operation to complete successfully without timing out.
The length of time, in minutes, to wait for a device to reboot after an image/bootrom upgrade in the Firmware Manager. Default is 5 minutes. some devices may require more time for a device to reboot.
EPICenter Reference Guide 363
364
Administering EPICenter
Syslog Server settings:
Enable Syslog Server A check specifies that the EPICenter server can function as a Syslog receiver to receive
Syslog messages. Uncheck the checkbox to disable syslog server functionality. The default is enabled.
Note: For Solaris, you must stop the Solaris Syslog server before you can enable
EPICenter’s syslog server. To stop the server in Solaris, enter the command /etc/ init.d/syslog stop . In EPICenter, you can restart the Syslog server by disabling and then re-enabling it.
On the device side, remote logging must be enabled, and the switch must be configured to log to the EPICenter server. The default on Extreme switches is for logging to be disabled. You can use the EPICenter Telnet applet or the ExtremeWare CLI to configure your switches appropriately. See the EPICenter Concepts and Solutions Guide for more information on setting up Syslog access.
Syslog Server Port
Accept SysLog
Messages with min
Severity
Save Changed
Configurations Only
Automatically save configuration on device
The port used for remote syslog communication from a switch. Default is port 514.
The minimum severity level of messages to be logged in a switch Syslog file. All messages with Severity equal to or higher than the setting you select will be logged. For example, if you select 2: Critical, then messages of severity 2 (Critical), 1 (Alert), and 0
(Emergency) will be logged. The default is 6: Information.
A check specifies that device configurations should be uploaded by the Configuration
Manager Archive feature only when the device configuration has changed (the default).
Uncheck the checkbox to specify that switch configurations should always be uploaded at the scheduled archive time.
A check indicates that EPICenter automatically saves the configuration to a switch whenever configuration changes are made. This is the default setting. If this checkbox is not checked, you must use the Save command to save changes to a switch configuration.
Poll Devices using Telnet Uncheck the checkbox to disable CLI/Telnet polling. This disables ESRP polling as well as EDP polling. It also disables polling for Netlogin information, and disables FDB polling for edge port MAC address information.
Save Switch Password for
Vista Login
A check specifies that EPICenter should save the switch password in the database for use when logging into a switch using ExtremeWare Vista (accessible from the Devices sub-menu). If you disable (uncheck) this property, you will be required to login to each switch in order to view Configuration and Statistics information through the Web interface. The default is enabled (passwords will be saved).
Use EPICenter login/ password for Telnet/SSH
A check indicates that the EPICenter login name and password should be used for establishing user-initiated Telnet or SSH2 sessions with the switch. Background functions, including trap handling, polling, and scheduled operations continue to use the Telnet/SSH login and password configured for the switch using the Inventory
Manager.
Features Properties
This feature enables the EPICenter Administrator to globally control which EPICenter applets appear in the Navigation Toolbar in the EPICenter client. Disabling an applet through the Features Properties menu disables the applet for all EPICenter users, regardless of their role. Applets may also be enabled and disabled on a role-by-role basis, so that only users with access based on the role will be affected.
See
“Role Administration” on page 355
for more information on Roles.
To globally disable a feature, uncheck the checkbox for that applet, then click Apply. Check the checkbox to enable a feature.
NOTE
The STP Manager and the VoIP Manager are disabled by default.
EPICenter Reference Guide
Server Properties Administration
Disabling a feature has the following effects:
● Removes the associated applet button from the Navigation Toolbar for all EPICenter users.
●
●
Removes the applet entries, if appropriate, from the Device submenu available from a right-click pop-up menu, from the EPICenter Tools menu, and from the Topology menu.
Makes the feature unavailable when creating or modifying roles.
In some cases, disabling a feature has additional effects:
● Disabling the Alarm Manager disables the generation and processing of alarms. However, traps and events are still logged, and traps are still forwarded if required.
● Disabling the Alarm Manager or the Configuration Manager removes the associated report links from the main Reports page.
Enabling a feature restores the applet button to the Navigation Toolbar and restores the appropriate
EPICenter menus and pop-up menus.
By default, all applets are globally enabled, assuming a license is installed for those applets.
The EAPS Monitor, the Policy Manager and VoIP Manager applets are not enabled unless an Advanced
Upgrade license has been installed. An attempt to enable any of those applets is ignored if an Advanced license is not installed.
NOTE
In some cases, the change takes effect as soon as you click Apply. In other cases, such as the enabling the
Configuration Manager, the EPICenter server must be restarted. A notification is displayed if a restart is required.
Scalability Properties
Select Scalability from the drop-down menu field at the top of the properties panel to modify the settings for server resources to provide better performance when managing a large number of devices.
Manipulating the thread pool size, default thread allocation size, number of SNMP sessions, and the number of traps and syslog messages EPICenter processes per minute lets you configure the EPICenter server to provide better performance based on the amount of server resources (number and speed of processors, amount of memory) available. Changing these values should not normally be necessary unless you are managing a very large number of devices (more than 1000 devices).
If you are managing more than 1000 devices, it is recommended that you run the EPICenter server on a system with a 1 GHz or faster processor, and at least 1 GB of physical memory. For such a configuration, you may also be able to improve the performance of the EPICenter server by changing the parameters below.
NOTE
Changing the scalability properties on a system without suitable hardware could actually decrease the performance of the EPICenter server.
To see the effects of the current scalability settings, run the Server State Summary Report in the Reports applet.
EPICenter Reference Guide 365
366
Administering EPICenter
You can set the following properties to affect the scalability of EPICenter:
Thread Pool Size This specifies the maximum number of threads available. The default is 40.
Thread Default Alloc Size This specifies the default number of threads allocated for a process request. The default is 20.
Traps per Device in 1/2
Minute
Total Traps Accepted per
Minute
This specifies the maximum number of traps that can be received from an individual
device in 28 seconds. If more than this number of traps are received from an individual device within a 28 second interval, the excess traps are dropped.
This specifies the maximum total number of traps that EPICenter can receive from all
managed devices in 55 seconds. If more than this number of traps are received within a 55 second interval, the excess traps are dropped. The default is 275, the maximum you can set is 500.
Syslog Messages per
Device in 1/2 Minute
Total Syslog Messages
Accepted per Minute
This specifies the maximum number of syslog messages that can be received from an
individual device in 28 seconds. If more than this number of traps are received within a
28 second interval, the excess messages are ignored.
This specifies the maximum number of syslog messages that EPICenter can receive in one minute from all managed devices. If more than this number of messages are received within a one-minute interval, the excess messages are ignored. The default is
275, the maximum you can set is 500.
NOTE
You should not change the values for traps and syslog messages accepted unless the EPICenter Server reports dropping lots of traps. Run the Server State Summary Report in the Reports applet to view the current performance metrics.
SNMP Properties
When you select SNMP from the drop-down menu field at the top of the properties panel, you can set the following properties:
Poll Interval
Timeout Period
The interval, in minutes, between SNMP polls of a switch to fetch basic device status information. The default is five minutes. The range is one minute to one hour. You can disable all SNMP polling by setting this property to zero.
Note: This Poll Interval is not the same as the Device Polling Interval you can set through the Inventory Manager. The Device Polling Interval controls the frequency of polling for detailed device information such as software version, BootROM version, and so on. The polling interval set here in the Administration applet controls only the basic
SNMP status information necessary to ensure SNMP reachability, and is typically performed relatively frequently.
The length of time, in seconds, to wait for an SNMP poll request to complete, in milliseconds, before timing out. The default is five seconds. The range is one to 60 seconds.
This setting determines the time-out interval only for the first unsuccessful SNMP request; once a request times out, subsequent requests will time out more slowly, based on an exponential time-out back-off algorithm, until it reaches the maximum number of retries.
Number of Retries The number of SNMP requests that should be attempted before giving up, for a request that has timed out. The default is one.
The port on which EPICenter expects to receive traps. Default is port 10550. EPICenter Trap Receiver
Port
Trap Fowarding:
These provide the default settings for the Trap Forwarding alarm action.
EPICenter Reference Guide
Host
Port
Community
Trap Conversion
Server Properties Administration
The host name or IP address of the system to which traps should be forwarded
The port on which the specified host receives traps (by default, port 162)
The community string for the specified host
The version of SNMP to which traps should be converted:
• No conversion: Trap will be sent as is.
• Convert trap to SNMPv1
• Convert trap to SNMPv2c
Topology Properties
Select Topology from the drop-down menu field at the top of the properties panel to set properties that affect the collection and display of RMON statistics in the Topology applet.
Enable Topology RMON
Statistics Data Collection
Display RMON Statistics in new Maps by Default
A check in this box enables the collection of RMON statistics in the Topology applet.
The default is enabled, which means that RMON statistics will be collected for all devices that have RMON enabled in the device. To disable the collection of RMON
Statistics, uncheck the checkbox. If this option is disabled, then no RMON statistics will be displayed on any maps, regardless of the setting of the Display RMON Statistics
The display of RMON statistics on a map can be enabled or disabled for individual maps through the RMON Statistics checkbox option in the Topology Map Properties window for each map. This server property specifies the default state of the RMON statistics display checkbox in the Topology Map Properties window.
A check in this box specifies that by default the RMON Statistics option in the Map
Properties window will be enabled. Thus, by default, RMON statistics will be displayed for all maps unless they are specifically disabled for an individual map. To disable the
RMON statistics display for an individual map, you can uncheck the RMON Statistics option in the Map Properties window for that map.
This option is disabled by default, meaning that the corresponding option in the Map
Properties is disabled by default.
Note: If Topology RMON statistics data collection is disabled, then this display option will have no effect.
EPICenter Reference Guide 367
368
Administering EPICenter
External Connections Properties
When you select External Connections Properties from the drop-down menu field at the top of the properties panel, you can set the following properties:
Load Information from http:// www.extremenetworks.com
HTTP Proxy Device
HTTP Proxy Port
A check in this box specifies that EPICenter can automatically connect to the
Extreme Networks web site to update image information using an external (web) connection.
The external connection is used by EPICenter to query the Extreme Networks web site for the latest versions of ExtremeWare software images and BootROM images.
It uses this information to determine if the versions running in your switches are current, or are obsolete. This information is shown in the Firmware Manager.
This also determines the latest version and patch level of the EPICenter software, and compare the information to the version currently running. If a newer version is available, it is noted on the basic status page, displayed when you first launch
EPICenter.
If you selected Yes to the Automatic Information Updates question when you installed the EPICenter server, this property will be enabled.
The IP address or hostname of an HTTP proxy device used to connect to the
Extreme Networks web site if your network uses a firewall. When an HTTP proxy is configured, all HTTP connections are made through the proxy server rather than directly to Extreme Networks.
The port number for the HTTP Proxy, used to connect to the Extreme Networks web site if your network uses a firewall.
MAC Polling Properties
MAC Address polling is used to identify edge ports and get the status of the devices on those ports.
MAC Polling must be enabled in order to see the Edge Port FDB display in the Inventory Manager and
Device Properties displays, and to enable a database-only search in the IP/MAC Address Finder applet.
EPICenter implements MAC Address polling using Telnet to retrieve FDB and ARP table data from the affected devices (devices that support FDB polling and for which FDB polling has been enabled in the
Inventory Manager). Telnet requests are initiated in sets—requests are sent to groups devices simultaneously. A MAC address polling cycle is complete when these multiple sets of requests have resulted in the retrieval of FDB table data from all eligible devices. Once a polling cycle is complete, a new polling cycle is started.
Individual devices are polled once in each MAC address polling cycle. The interval between polls of the
FDB on a given device (the length of time before FDB data is refreshed) is a function of the number of devices being polled per cycle, and the interval between the sets of Telnet polls in a complete polling cycle.
EPICenter calculates the interval between sets of Telnet requests dynamically, based on the length of time it took for the previous set of Telnet requests to complete. EPICenter assumes that if a set of Telnet requests takes a long time to complete, it means the EPICenter server is more heavily loaded than if the requests complete quickly.
The System Load setting tells EPICenter whether the calculated interval between sets of Telnet requests should be relatively longer or shorter compared to the perceived EPICenter server load. EPICenter uses the System Load setting, in conjunction with the time it took for the last set of Telnet requests to complete, to determine how long to wait before issuing the next set of Telnet requests.
EPICenter Reference Guide
Server Properties Administration
The Server State Summary Report includes Poller Statistics showing the status of the polling activity
(see
“Server State Summary Report” on page 439
).
When you select MAC Polling Properties from the drop-down menu field at the top of the properties panel, you can set the following properties:
Enable MAC Polling
System Load
A check in this box enables MAC address polling. Polling is disabled by default.
Tells EPICenter how much impact on EPICenter server performance is acceptable due to the MAC address polling cycle. EPICenter uses the System Load setting, in conjunction with the length of time it took for the most recent set of Telnet requests to complete, to calculate how long to wait before issuing the next set of Telnet requests.
A setting of Light (recommended) means EPICenter will calculate a relatively longer interval before the next set of Telnet requests, to place a lighter load on the EPICenter server. This in turn means it will take longer for the server to accomplish a complete
MAC Address polling cycle.
Moving the load indicator towards Heavy will result in shorter elapsed times between sets of Telnet requests, at the cost of a heavier load on the EPICenter server due to
MAC address polling. However, if your polling data is frequently out of date, moving this setting towards Heavy may result in more timely data.
Other Properties
When you select Other from the drop-down menu field at the top of the properties panel, you can set the following properties:
DNS Lookup Timeout
Period
Session Timeout Period
ServiceWatch URL
IP QoS Rule Precedence
Client Port
Update Type Library on
Server
Device Tree UI
The time-out period, in seconds, when performing DNS lookup operations for hosts found through DLCS or when importing (in the Grouping applet) from an NT Domain
Controller. The default is one second.
The non-activity time-out period, in minutes, after which the user is required to re-login to the EPICenter server. The default is 30 minutes. You can disable the time-out by setting the property to -1.
The URL for accessing ServiceWatch, to allow it to be launched from the EPICenter
Navigation Toolbar, and to run in the main EPICenter applet window.
For example, if ServiceWatch is running on a system named “tampico” at port 2000, you would enter http://tampico:2000 as the ServiceWatch URL. You must then restart the EPICenter server to activate the ServiceWatch integration.
The starting value that the EPICenter server will use for setting precedence in the Policy
Manager applet. This is an integer between 1 and 25,000. The default value is 10,000.
Setting this value lets you ensure that policies created by EPICenter will have higher precedence than policies created through the ExtremeWare CLI. It is also useful in distinguishing between policies created through the CLI and those created through the
EPICenter Policy Manager applet.
The TCP port number that a client will use to connect to the EPICenter server. The default is 0, meaning that the server will use any available port. You can use this setting to specify a fixed port number that the EPICenter server will use. For example, if the EPICenter server is behind a firewall, you may need to provide a fixed port number to allow clients to connect thought the firewall.
This function updates the EPICenter type library, which is a repository of information about devices (primarily from Extreme Networks) that are supported by EPICenter.
A setting that specifies how devices are identified in the Component Tree and in selected other locations. You can choose to have the component tree show the device name only, the device name followed by the IP address in parentheses, or the device IP address followed by the device name in parentheses. The default is device name followed by the device IP address.
EPICenter Reference Guide 369
370
Administering EPICenter
Port Tree UI
DHCP Temporary Lease
Enable Link Up/Link Down
Correlation
Telnet Screen Width
Configure Upload File
Name
A setting that specifies how ports are identified in the Component Tree and in selected other locations. You can choose to have the component tree show the port number only, or the port number followed by the port name in parentheses (if a name or display string has been associated with the port). The default is port number only.
A setting that informs the server how long to wait before querying a switch for a netlogin or a permanent IP address from an 802.1x client. The default is 20 seconds.
Enables correlation between link up and link down traps on a port. When this is enabled, a Link Down trap that is followed quickly (within 20 seconds) by a Link Up trap on the same port, will be marked in the Alarm Manager to be ignored. This feature is disabled by default.
The number of columns available on the screen for the Telnet application. The default number of columns is 80. The range is between 40 and 180 columns.
The default file name format for files used to store your uploaded configuration files.
This setting changes the global default name format.
Type a space to invoke a list of elements you can include. These include the system name (SysName), IP address, Date, and Time. You can specify the system default format (<IPAddress>_<Time>) by choosing DEFAULT from the list. You can select these elements in any order, but you must include both the IP address and the Time somewhere in your filename format. Each element you choose is separated from its neighboring elements by an underscore.
You can also include text of your own in the filename format; it will then appear in every file name EPICenter creates (until you change the format).
Distributed Server Administration
NOTE
The Distributed Server functionality is part of the Gold Upgrade, a separately licensed feature of the EPICenter software. If you do not have a Distributed Server license, only Single Server mode and Distributed Group Member modes are enabled.
If your user role is Administrator, if you have a Distributed Server license, and you have multiple
EPICenter servers installed on your network, you can configure these servers to operate in a distributed server mode.
Distributed Server mode allows multiple EPICenter servers, each managing their own sets of devices, to be designated as a server group, and to communicate status between the servers in the group. One server acts as a Server Group Manager, and the other servers act as server group members.
Each server in the server group is updated at regular intervals with a list of other servers, and with network summary and status information from the other servers in the group. In distributed server mode, the EPICenter home page contains a status information from the other servers in the group in addition to the standard Network Summary report.
1 Click the Distributed Server tab at the top of the page.
The Distributed Server Administration page appears, as shown in Figure 176 .
EPICenter Reference Guide
Figure 176: Distributed Server Administration page
Distributed Server Administration
Initially, the EPICenter server is configured as a single server. In single server mode, the server does not communicate with any other EPICenter servers. If you have a Distributed Server license, you can change its configuration to act as a server group member or as the server group master.
Configuring a Server Group Member
To configure your EPICenter server as a server group member:
1 Click the Server Group Member button in the Server Group Type panel at the top of the page.
This enables the fields in the Server Group Member panel.
2 Enter the host name or IP address of the server that acts as the group manager in the Server Group
Manager field.
3 Enter the port number to be used to communicate with the Server Group Manager. This port should match the HTTP port configured for the EPICenter server acting as the server group manager. The default is port 80.
4 Enter the shared secret in the Secret field.
EPICenter Reference Guide 371
372
Administering EPICenter
This string is a shared key by which the cooperating EPICenter servers recognize each other, and which they use for secure transmission of server data. The default shared secret is the string secret .
NOTE
If you change the secret for one EPICenter server, you must also change it for all of the other servers in the group.
5 Click Apply to have the configuration changes take effect.
Configuring a Server Group Manager
To function as the EPICenter Server Group Manager, the server must have a host name that is configured through DNS.
To enable this EPICenter server as a server Group Manager, do the following:
1 Click the Server Group Manager button in the Server Group Type panel at the top of the page.
This enables the fields in the Server Group Manager panel.
2 Enter the shared secret in the Secret field.
This string is a shared key by which the cooperating EPICenter servers recognize each other, and which they use for secure transmission of server data. The default shared secret is the string secret
.
NOTE
If you change the secret in one EPICenter server, you must also change it in all of the other servers in the group.
3 Enter the Poll Interval in minutes. This determines the frequency with which the Server Manager communicates information to the other server members of the EPICenter server group. The default is
10 minutes.
4 Add the other members of the server group to the server list: a Click Add to open the Add Server dialog box. b Enter the host name or IP address of the member server in the server field. A server member does not need to have a DNS-translatable host name. c Enter the port used to communicate with the server member. This must match the HTTP port configured for the member server d Click OK to add this server to the list, or Cancel to cancel the operation.
Servers added to this list must be configured as server group members with this server as the
Server Group Manager.
5 To delete a member server from the list, select the server and click Delete.
6 Click Apply to have the configuration changes take effect.
EPICenter Reference Guide
15
EPICenter Reports
This chapter describes the predefined reports provided by the EPICenter Reports feature. This chapter covers the following topics:
●
●
Accessing Reports from the EPICenter client or from a browser
The Network Summary Report, which is also displayed on the EPICenter client Home page
●
●
Exporting EPICenter data for use by Extreme Technical Assistance Center
Viewing predefined EPICenter status reports from a browser
Reports Overview
The EPICenter software provides a series of HTML-based reports that present a wide variety of information about your network and the devices EPICenter is managing. These reports can be accessed from Navigation Toolbar of the EPICenter client, or they can be accessed separately from a standard web browser.
The EPICenter reports do not require Java capability, and thus can be accessed from browsers that cannot run the full EPICenter user interface. These reports can be loaded quickly, even over a dial-up connection, and can also be printed. Some of these “reports” are actually tools to help you access information helpful for debugging problems with EPICenter or the devices it is managing.
With the exception of the Network Summary Report, EPICenter’s HTML reports are always displayed in a browser window, even if you are running the EPICenter installed client application. See “Browser
Requirements for Reports” in the EPICenter Management Suite Installation and Upgrade Guide or the
EPICenter Release Notes for a list of supported browsers. The browser configured as the default for your system is the one that is launched.
The Network Summary Report is also displayed on the EPICenter client Home page.
Accessing EPICenter Reports
You can access the EPICenter reporting capability in either of two ways:
● From the EPICenter client, by clicking the Reports button in the EPICenter Navigation Toolbar; the
Dynamic Reports Main page appears, as shown in Figure 178 on page 378 .
or
● Directly from a browser, without running the EPICenter client:
1 Launch your Web browser, and entering the following URL: http:// <host>:<port>/
EPICenter Reference Guide 373
EPICenter Reports
In the URL, replace <host> with the name of the system where the EPICenter server is running.
Replace <port> with the TCP port number that you assigned to the EPICenter Web Server during installation (by default this is port 8080).
2 When the EPICenter browser start-up page appears, as shown in Figure 177 , click View Reports in the left-hand panel.
Figure 177: EPICenter Start-up page
374
You will be asked to log in; use the same user name and password as you use to log in to the EPICenter server.
Reports Available in EPICenter
The EPICenter software provides the following reports and tools:
Table 40: EPICenter Reports
Report
Category
Main
Report Name
• Extreme eSupport Export
Description
Exports EPICenter data for use by Extreme technical support. Accessible from the Main reports page.
EPICenter Reference Guide
Accessing EPICenter Reports
Table 40: EPICenter Reports
Report Name Report
Category
Network
Summary
Report
Devices
Slots, Stacks and Ports
VLAN
EAPS
Logs
• Network Summary Report
• Device Inventory Report by Device Group and Device Type
By Device
Device Details
Power Over Ethernet
Power Over Ethernet Details
Wireless Ports
• Device Status Report by Device Group
By Device
Alarm Details
• Slot Inventory, by Card Type
Card Summary (by Card or All Cards)
Device Details
Slot Details
Empty Slots Report
• Stack Inventory
Stack Summary
• Event
Device Details
Stack Details
• Interface Report
• Unused Port Report
By Device
• VLAN Summary
VLAN Details
• Voice VLAN Summary (Voice over IP
Report)
Voice over IP Details
• EAPS Summary
• EAPS Log
• Alarm
• Syslog
• Config Mgmt
Description
Summary status of the network, as well as version and patch information about the EPICenter server.
Shows status of distributed servers if Gold upgrade is installed.
Overview of devices known to EPICenter, by Device
Group. From this report you can access the Device
Details report, and additional subreports such as
PoE information and Wireless port information for devices that support those features.
Status of devices by device group. From here you can access status of individual devices (alarms, not responding etc.) and can drill down to Alarm
Details
Inventory of cards (by type) installed in devices in the EPICenter database. The Card Summary Report shows details about cards of a given type. From there you can view details about the device hosting the card. The Empty Slots report shows empty slots by device.
Inventory of stacking devices. From this report you can access Device Details for the stacking device, or Stack Details.
Inventory of all ports on devices in the database
Summary of inactive ports by device including location, with subreports (by device) showing length of inactivity, VLAN membership etc.
Summary of all VLANs with device associations.
VLAN Details subreports show configuration details
Summary of voice VLANs with device associations.
Subreport shows phone and egress ports by device
Summary of EAPS domains known to EPICenter
EAPS-related Trap and Syslog entries for devices configured for EAPS
EPICenter alarm log (more information available through Alarm Log Browser feature)
EPICenter event log entries
Syslog entries
Log of configuration management actions (config file uploads/downloads) and results
EPICenter Reference Guide 375
376
EPICenter Reports
Table 40: EPICenter Reports
Report Name Report
Category
Wireless
Reports
• Wireless Summary
• Wireless AP (Wireless Port Inventory
Report)
Device Details
Wireless Port Details
• Wireless Interface Report
Device Details
Wireless Port Details
• Safe AP MAC List
Client
Reports
MIB Poller
Tools
• Rogue APs (Rogue Access Point
Detection Report
Rogue Access Point Detail
• Rogue AP Alarms (Log Report)
Automatic Rogue AP Detection
• Network Login
• Current Clients
Wireless Client History Report
• Client History
• Spoofed Clients
Device Details
Wireless Port Details
• Unconnected Clients
• Network Login
• Current Clients
Wireless Client History Report
• Client History
• Spoofed Clients
Device Details
Wireless Port Details
• Unconnected Clients
• MIB Poller Summary
• MIB Query
Description
Wireless status overview; with links to supporting detail reports
Inventory of Extreme Networks Wireless Access
Points. From here you can view details on the device to which an AP is connected, or details about a selected AP
Inventory of wireless interfaces (radios). Subreport shows details for a selected device or interface.
List of MAC addresses from known legitimate APs
From here you can add MAC addresses to the Safe
AP list, or delete addresses from the list.
List of Wireless APs not on the Safe AP list or shown in the wireless AP report. From here you can view the Rogue AP Detail Report, where you can add the AP to the Safe AP list, or disable the port.
List of alarms due to the detection of rogue APs
You can enable/disable rogue AP detection here.
List of network login activity by device
List of all current wireless clients detected, regardless of client state.
Historical presentation of activity by wireless client
List of clients with the same MAC address detected on different wireless interfaces. From here you can view details on the device or interface reporting the client.
List of wireless clients not in the data forwarding state
List of network login activity by device
List of all current wireless clients detected, regardless of client state.
Historical presentation of activity by wireless client
List of clients with the same MAC address detected on different wireless interfaces. From here you can view details on the device or interface reporting the client.
List of wireless clients not in the data forwarding state
Displays data in a MIB collection. Users with an
Administrator role can start or stop a collection.
Provides an interface to query for the value of specific MIB variables. This is available only to users with an Administrator role.
See the chapter on “Tuning and Debugging
EPICenter” in the EPICenter Concepts and
Solutions Guide for more information.
EPICenter Reference Guide
Table 40: EPICenter Reports
Report Name Report
Category
EPICenter
Server
• Server State Summary
• Debug EPICenter
Miscellaneous • Resource to Attribute
• User to Host
Accessing EPICenter Reports
Description
Shows a variety of status information about the
EPICenter server.
Tools to aid in analyzing EPICenter performance.
These are available only to users with an
Administrator role.
See the chapter on “Tuning and Debugging
EPICenter” in the EPICenter Concepts and
Solutions Guide for more information.
Shows all resources that include a specified attribute (from the Grouping Manager)
Lists current set of user to host mappings, including primary IP address of the host
EPICenter Reference Guide 377
EPICenter Reports
Selecting Predefined EPICenter Reports to View
The Reports browser interface initially shows the EPICenter Reports Main page, as shown in Figure 178 .
Figure 178: EPICenter Reports menu
378
The Main page includes a brief description of the predefined reports that are available; scroll down in the page to see the complete list.
EPICenter Reference Guide
Accessing EPICenter Reports
If you have started the Reports feature from within the EPICenter client (with the Reports button), you can use the Close Window button to exit the Reports feature.
If you have logged in to the Reports feature directly from a browser, the Close Window button is replaced by a Logout button, which returns you to the EPICenter Start-up page.
From the menu at the left on the Reports Main page, you can choose a report to view. Click a category
(Devices, Slots and Ports, VLANs, Logs, Wireless Reports etc.) to see the reports in that category.
NOTE
You can access Online Help for reports by clicking the Help link shown at the top of the EPICenter Reports
Welcome page. You can also access Help for Reports by selecting EPICenter Help from the Help menu in any
EPICenter feature, and then finding the Report you want in the Table of Contents.
The Extreme Networks eSupport Export Report
This report is generated by EPICenter on request, for use by Extreme technical support. It exports detailed information to a file is csv format. You can then send this report to Extreme.
To create a eSupport report, select a Device Group from the pull-down menu, then click Export. You are asked to provide a filename for the file, and will be able to specify a location on your local system where the file should be saved.
Using Report Filtering
A number of the reports provide a filtering capability so that you can specify the information you want in the report. Filtering lets you construct a conditional statement based on the values of relevant variables in the EPICenter database.
To create a filter, select the values to use in the filter from the drop-down fields provided at the top of the report. The variables from which you can choose are based on the columns in the report, and will vary depending on the type of report you are viewing.
In some reports, a field is provided for each column you can use to filter the report results; you select the value you want to use from the drop-down menu. The Wireless Interface Report is an example of such a report, as shown in Figure 179 . The filtering criteria labels match the column headings in the report.
Figure 179: Report filter specification for the Wireless Interface Report
EPICenter Reference Guide 379
EPICenter Reports
In other reports, you select a column name, then a comparison operator, and then the value to be used for comparison. In these reports you may often concatenate two conditional statements with a logical operator (and or or)
The Alarm Log report is an example of this type of filter specification, as shown in Figure 180 .
Figure 180: Report filter specification for logs
380
The comparison operators you can use are:
> (greater than)
< (less than)
<= (greater than or equal)
>= (less than or equal)
!= (not equal)
= (equal) starts with ends with contains
If the column values are strings, the comparisons are taken to indicate alphabetic order, where “greater than” specifies a letter that occurs later in the alphabet (for example, the letter B is greater than A), or later in alphabetical order (“Mary” is greater than “Joe”; “Mary” is also greater than “Many”).
NOTE
You can use the browser Copy and Paste functions to copy a specific value from the current report into the comparison field.
To use a second condition to your filter, choose one of the logical operators And or Or.
And
Or
Include a row in the report only if both conditions are true.
Include the row if either one (or both) of the conditions are true.
If you do not want to include a second condition, do not select any values for those fields.
With either type of filter specification, click Submit to run the filter. Click Reset to return the filter to its default values.
EPICenter Reference Guide
Accessing EPICenter Reports
Sorting Reports
If a column heading in a report is shown in purple and underlined, you can click on the heading to sort the report based on the contents of the column. Clicking once sorts the report in ascending alphabetic or numeric order; clicking a second time reverses the sort order.
Exiting Reports
To exit the Reports feature, close the browser, or click the Close Window link in the left-hand panel. If you logged in directly from a browser rather than the EPICenter client, click the Logout link to return to the EPICenter start-up page.
If you launched the Reports feature directly from the browser, the browser may time out if there is no activity for a period of time. To access Reports after the browser times out, log in again.
EPICenter Report Structure
EPICenter reports are either generated by Tcl scripts or are Java-based. The Tcl-based reports can be customized, and can serve as models for new reports. The Java-based reports cannot be customized.
The Tcl-based reports are:
● Device Inventory
●
●
Device Status
Unused Ports
●
●
●
●
VLAN summary
Voice VLAN Summary
EAPS reports
Wireless AP
●
●
●
●
●
●
●
●
●
●
Wireless Interface
Rogue APs
Rogue AP Alarms
Network login
Client History
Spoofed Clients
Unconnected Clients
Server State Summary
Resource to Attribute
User to Host
EPICenter Reference Guide 381
EPICenter Reports
Network Status Summary Report
The Network Status Summary Report is an at-a-glance summary of the status of the devices that the
EPICenter server is monitoring. The main report page, as shown in Figure 181 , appears when you first log into the EPICenter client, and when you click the Home button at the top of the Navigation Toolbar.
Figure 181: Network Status Summary Report
382
The Network Status Summary Report displays information about the overall health of the network. It also displays information on the current version of the EPICenter software running on the EPICenter service and compares the current version to the latest available version.
This summary shows the following statistics:
● The number of devices known to the EPICenter server that are not responding to EPICenter queries.
● The number of devices reported to be in marginal condition (such as a problem with the fan, temperature, or power).
●
●
●
●
The number of devices that are offline for planned service.
The number of critical alarms in the last 24 hours that have not been acknowledged.
The number of Syslog messages with a priority of Critical or worse that occurred in the last 24 hours.
The number of Invalid Login alarms that have occurred in the last 24 hours.
EPICenter Reference Guide
Network Status Summary Report
● The number off Authentication Failure alarms that have occurred in the last 24 hours.
For any of these items where the number is non-zero, the description becomes a link to a sub-report that gives you more information about the situation—a list of devices or alarms or messages.
The Network Status Summary Report also provides version information about the EPICenter software running on your machine. The information reported includes:
Software
Current Version
Available Version
Status
The EPICenter software. The name is a link to the Extreme support site where you can access more information about the software release or service pack.
The version of software currently running.
The number of the most recently available version of the software.
The status of the software running on this machine—whether it is up to date or is not up to the most current version available from Extreme.
In order for your machine to verify the latest EPICenter software version, it must access the Extreme
Networks web site at http://www.extremenetworks.com. If your network uses a firewall, you can configure HTTP proxy properties using the Server Properties, External Connections option of the
Admin feature.
To configure an HTTP proxy device and port, see “External Connections Properties” on page 368 .
The Distributed Server Summary
If you are running in a Distributed server configuration, a Distributed Server summary appears below the Network Summary, as shown in Figure 182 .
EPICenter Reference Guide 383
EPICenter Reports
Figure 182: Distributed Server Summary Report
384
Each row in the summary provides the status of one of the EPICenter server group members. It provides the following information about each server:
Server
Launch Client
Devices Up
Devices Down
Critical Alarms
Last Update
Server Status
The server name.
Clicking on the server name initiates the Dynamic Reports feature for that server. You can then run any of the available HTML reports.
A link that can launch a client connection to the server.
Clicking on the Client link launches a client that attempts to connect to that server.
The number of devices managed by the server that are up.
The number of devices managed by the server that are down.
The number of critical alarms that have occurred on devices managed by the server.
The date and time of the last update of the server summary information for this server.
The status of the server (whether it is responding to the periodic poll).
Device Reports
Click the Devices link to display links to the Device Reports. These reports provide a variety of status information about the devices being managed by EPICenter.
EPICenter Reference Guide
Device Reports
Device Inventory Report
To view a list of device groups and devices known to the EPICenter software, click the Device
Inventory link in the left-hand panel. Figure 183 shows example output.
Figure 183: Device Reports
The initial display presents summaries at the Device Group and the device type level.
A drill-down report, called Device Details, contains the same information you can view in the
Inventory applet. Information on this report is
.
Devices by Group Table
The Devices by Group table displays the following information:
Device Group Name of the device group
EPICenter Reference Guide 385
EPICenter Reports
Description
Quantity
Description of the group as kept in the EPICenter device inventory
Number of devices in the group
Devices by Type Table
The Devices by Type table displays the following information:
Device Type
Quantity
Type of device
Number of devices of this type known to EPICenter
Select a Device Group, a device type, or All Devices (at the bottom of either table) to display the All
Devices Device Summary . Figure 184 shows the Device Summary report for All Devices.
Figure 184: All Devices Device Summary
386
The All Devices Device Summary displays the following information about each device:
Device Group(s)
Name
IP Address
All EPICenter Device groups to which it belongs (this is displayed only if you select All
Devices)
Name of the device from the sysName variable
IP address of the device
Click the IP address to display a table with detailed configuration and status information. This is the same information you can view in the Inventory applet.
EPICenter Reference Guide
Device Reports
Type
Location
MAC
Serial Number
Current Image
Type of device
Device location from the sysLocation variable
Media access control address of the device
Device serial number
Software version currently running on the device, if known
Click on the IP Address of a device to show a Device Details Report for the device.
Device Details Report
The Device Details report shows information about an individual device. If the device includes wireless interfaces or a PoE blade, you will be able to link to reports about those features (the Additional Switch
Information links at the bottom of the details report). If the device does not support these features, the
Additional Switch Information links do not appear.
EPICenter Reference Guide 387
EPICenter Reports
Figure 185: Device Details
388
This report shows the following information:
Serial Number
IP Address
Device Group(s)
Device Type
Name
Description
Location
Contact
Boot Time (Pacific Daylight Time)
Software Version
Device serial number
IP address of the device
Device Groups to which this device belongs
The device type
The name given to the device
The description provided for the device
The location information for the device
The contact information for the device
Time of the most recent boot.
The version of software currently running on the device
EPICenter Reference Guide
Device Reports
Primary Image
Secondary Image
Status
Fan Status
Power Status
The version of software saved as the Primary Image
The version of software saved as the Secondary Image
Device Status: OK, marginal, or
Status of fans: OK, marginal, or If there are multiple fans, each is listed
(fan 1, fan 2 etc.)
Status of power supply modules: OK, marginal, or If there are multiple modules, each is listed (power 1, power 2 etc.)
If the device supports Power over Ethernet (PoE), you can view reports on PoE status. If wireless is supported, then you can see the wireless port inventory for this device.
Click Wireless Ports to view the Wireless Port Inventory Report. This report is described in the section
“Wireless AP (Wireless Port Inventory) Report” on page 420 .
Click Power Over Ethernet to view the Power over Ethernet Report.
Power over Ethernet Report
The Power Over Ethernet report shows information about the PoE configuration of the device.
Figure 186 shows an example of this report.
EPICenter Reference Guide 389
EPICenter Reports
Figure 186: Power over Ethernet Report
390
The report shows the following information about the PoE configuration:
Device-level information:
Configuration
Power Supply Mode
Disconnect Precedence
Usage Threshold (%)
Whether PoE is enabled for the switch. (Enabled or Disabled)
The configured power-supply mode: Redundant, Load-Sharing, or N/A (if only one power supply is installed).
The method used to determine which port to disconnect when power drain exceeds the power budget:
• lowest-priority (next port connected causes a shutdown of the lowest priority port)
• deny-port (next port that attempts to connect is denied power, regardless of priority)
The threshold for power utilization compared to the configured maximum for either the allocated power budget per slot, or for system level allocation.
PoE Power Source:
Group Index
Maximum Power (Watts)
The index for the specific power source
The maximum power available from the source
EPICenter Reference Guide
Device Reports
Measured Power (Watts)
Operational Status
The current measured power from the source
Operational Status of the power supply (on, off, faulty)
PoE Slot Information:
Slot Number
Group Index
Max Available Power (Watts)
Measured Power (Watts)
Configured Power Limit (Watts)
Configuration
Status
Power Source
Backup Power Source
The slot number where this module resides
The index of the power source supplying inline power to this slot
The maximum power available to this slot
The current measured power on the slot
The configured maximum amount of inline power available to this slot
Indicates whether PoE is enabled or not
Status of the slot: (initializing, operational, download fail, calibration required, invalid firmware, mismatch version, updating, invalid device, not operational, or other)
PoE supply source: external, internal, or none
PoE backup power source: External, internal, none, or not applicable
At the bottom of the page is a link to a detailed report on PoE ports. Click the link to access the Power over Ethernet Details report.
Power Over Ethernet Details Report
This report shows power details for each port on the device. Figure 187 shows an example of this report.
EPICenter Reference Guide 391
EPICenter Reports
Figure 187: Power over Ethernet Details Report (partial)
392
This report shows the following information:
Port Num
Measured Power (mW)
Operational Max Power (mW)
Reserved Power (mW)
Port Type
PoE status
Operation Status
Classification
Priority
Violation Precedence
Port number
Measured power on this port
Maximum power limit on this port
Reserved power limit on this port
The user-defined port type
Whether power is enabled on this port (Enabled or Disabled)
Status of the port (disabled, searching, delivering power, fault, test, other fault)
Class association for this port (0,1,2,3,4)
Port priority for purposes of power management
The limit used to determine power level violation (advertised class, operator limit, max advertised operator, or none)
EPICenter Reference Guide
Device Reports
Device Status Report
To view device status information, click the Device Status link in the left-hand panel. You can use this report and its sub-reports to determine status and failure log information for the devices known to
EPICenter.
Initially, this report displays summary status at the Device Group level. Figure 188 shows example output.
Figure 188: Device Status
The information displayed at Device Group level includes the following:
Group
Description
Alarms in last 24 hours
Devices Not Responding
Devices Marginal
Devices Offline
Devices Up
Name of the device group
Description of the group as kept in the EPICenter device inventory
Total alarms for all devices in the device group
Number of devices in the group that are not responding
Number of devices in the group whose operation is marginal
Number of devices in the group that are offline
Number of devices in the group that are up
Click a Device Group name in the Group column to display the Device Status Report for the devices in the group. Figure 189 shows example output.
EPICenter Reference Guide 393
EPICenter Reports
Figure 189: Device Status (Group detail)
394
The information shown is as follows:
Device Group
Device Name
IP
Status
Last Failure (Local Time
Zone)
Down Period (d:h:m:s)
Boot Time (Local Time
Zone)
Alarms in last 24 hours
Name of the device group
Name of the device from the sysName variable
IP address of the device
The status of the device: operational, offline, marginal, and not responding
Time at which the most recent device failure occurred, expressed in the local time zone of the EPICenter server
Length of time the device was unreachable, reported in days:hours:minutes:seconds
Time when the device was last booted, expressed in the local time zone of the
EPICenter server
Number of alarms in the last 24 hours from this device
If the number of alarms is greater than zero, you can click on the number in that field to display a summary of the alarms. This displays the Alarm Details sub-report.
Alarm Details Report
The Alarm Details report shows a summary of the alarms for the specific device. Figure 190 shows example output.
EPICenter Reference Guide
Figure 190: Device Status: Alarm Details
Slots, Stacks and Ports Reports
The information presented in this report is as follows:
Name Name of the device from the sysName variable
Category The device group
Time (Local Time Zone) Time at which the most recent device failure occurred, expressed in the local time zone of the EPICenter server
Severity
Message
Severity level of the failure
Error message displayed in the Alarm Log
Slots, Stacks and Ports Reports
The following reports show information about the slots (module cards) installed in the Extreme devices managed by EPICenter, or about stacking devices known to EPICenter. These reports also provide information about the ports on those devices or modules.
Slot Inventory (Card Reports)
Click the Slot Inventory link in the left-hand panel to view the Card Reports list showing an inventory of the slots and module cards known to EPICenter. Figure 191 shows example output. Click a Card
Type link to view a Card Summary Report for an individual card type. Click All Cards (at the bottom of
EPICenter Reference Guide 395
EPICenter Reports the list) to view a Card Summary Report showing all cards known to EPICenter. Click Empty Slots (also at the bottom of the list) to view a report on the empty slots detected by EPICenter.
Figure 191: Card Reports (Slot Inventory)
396
The initial display summarizes module card types and empty slots:
Card Types
Quantity
Type of module cards and empty slots known to EPICenter
Number of modules of a given type. For All Cards, this is the total number of cards in all modular devices known to EPICenter. For Empty Slots, this is the total number of empty slots detected among the modular devices known to EPICenter.
Card Summary Report
Select a Card Type or All Cards to display the Card Summary report for the modules known to
EPICenter. Figure 192 shows an example of output that appears if you select All Cards. The information shown for an individual card type is the same, except that the Card Type column is not included.
EPICenter Reference Guide
Figure 192: All Cards Card Summary
Slots, Stacks and Ports Reports
Each Card Summary displays the following information about each module:
Device Group(s)
Device Name
Device Address
Device Location
Card Type
Slot Name
Card Serial Number
Name of all the device groups of which the device is a member
Name of the device (where the card resides) from the sysName variable
IP address of the device
Device location from the sysLocation variable
Type of module card (this is displayed only if you select All Cards)
Number or letter of the slot where the module card is installed
Module card serial number
Click the heading of a column to sort on the contents of that column.
If you have selected an individual card type, this report shows only modules of the selected type. If you have selected All Cards, the report shows all cards in any of the devices known to EPICenter.
Empty Slots Report
Select Empty Slots to display the Empty Slots summary report for the empty slots known to EPICenter.
The Empty Slots summary report displays the following information about the empty slots:
Device Group
Device Name
Device Address
Device Location
Empty Slots
Name of the device group
Name of the device from the sysName variable
IP address of the device
Device location from the sysLocation variable
Number or letter of the empty slot(s) on the device
EPICenter Reference Guide 397
EPICenter Reports
Stack Inventory Reports
Click the Stack Inventory link in the left-hand panel to view the basic Stack Inventory Reports list showing an inventory of the stacking devices known to EPICenter. Figure 193 shows example output.
Click a Stack Device link to view a Stack Summary Report for an individual stack device. Click All
Stacks (at the bottom of the list) to view a Stack Summary Report showing all stack devices known to
EPICenter.
Figure 193: Stack Inventory
398
The initial display summarizes module card types and empty slots:
Stack Devices
Quantity
Type of stacking device
Number of devices of a certain type. All Stacks shows total number of stacking devices known to EPICenter.
Stack Summary Report
Select a Stack Device type or All Stacks to display the Stack Summary report for the stack devices known to EPICenter. Figure 192 shows an example of output that appears if you select All Stacks. The information shown for an individual stack device type is the same, except that the Card Type column is not displayed.
EPICenter Reference Guide
Figure 194: All Stacks Card Summary
Slots, Stacks and Ports Reports
Each Stack Summary displays the following information about the device:
Device Group(s)
Device Name
Device Address
Device Location
Card Type
Slot Name
Card Serial Number
Name of all the device groups of which the device (stack master) is a member.
Name of the device from the sysName variable
IP address of the device (link to the Device Details report)
Device location from the sysLocation variable
Type of stack device (this is displayed only if you select All Stacks)
Name of the stacking device, linked to the Stack Details report for the device
Stack Device serial number
Click the heading of a column to sort on the contents of that column.
If you have selected an individual stack device type, this report shows only modules of the selected type. If you have selected All Stacks, the report shows all stacking devices known to EPICenter.
Stack Details Report
Click on a slot name to display the Stack Details report for the selected device. Figure 195 shows an example of output.
EPICenter Reference Guide 399
EPICenter Reports
Figure 195: STack Details Report
400
Each Stack Details report displays the following information about the stack device:
Device Group(s)
Device Name
Device Address
Device Location
Device Current Image
Slot Type
Slot Name
Slot Serial Number
Slot Primary Image
Slot Secondary Image
Slot Current Image
Slot BootROM
Name of all the device groups of which the device (stack master) is a member.
Name of the device from the sysName variable
IP address of the stack master device
Device location from the sysLocation variable
Version of image running on the master device
Type of module card (this is displayed only if you select All Cards)
Name of the stacking device, linked to the Stack Details report for the device
Stack Device serial number
The version of software saved as the Primary Image in the stack device
The version of software saved as the Secondary Image in the stack device
The version of software currently running in the stack device
The BootROM version in the stack device.
EPICenter Reference Guide
Slots, Stacks and Ports Reports
Interface Report
To view a report on the status of every port known to the EPICenter software, click the Interface
Report link in the left-hand panel. Figure 196 shows a portion of an example output.
Figure 196: Report on Device Ports (Interface Report; portion)
The information reported for each interface includes:
IP Address
Port
Port Name
AdminStatus
OperStatus
Configured Speed/Type
Actual Speed/Type
FDB Polling
IP address of the interface
Port number of the interface
Port name of the interface
Interface administrative status (enabled/disabled)
Operational status of the interface (ready/active)
Nominal (configured) speed of the interface
Actual speed of the interface
Whether the port is being actively polled as an edge port, or is not being polled. If the port is not polled, the reason is included (Device Not Supported, Inactive Port, Not
Supported, Polling Disabled For Port, or Uplink Port)
EPICenter Reference Guide 401
EPICenter Reports
Because the EPICenter server may be aware of many hundreds of ports, the interface information is displayed in groups of 25 ports per page. You can navigate among the pages using any of the following methods:
●
●
●
Clicking the Previous and Next links
Selecting a page number from the at the top of the report
Clicking the First or Last links to display the first or last page in the report
The list of ports is sorted initially by IP address. Click the heading of a column to sort the report based on the contents of that column; for example, to sort by operational status, click on the OperStatus heading.
You can filter the ports that are displayed by constructing a conditional filter using the fields at the top of the page. This lets you construct a two-clause filter statement; Figure 197 shows an example.
Figure 197: Device Ports filter specification
402
For more information on the filtering choices, see
“Using Report Filtering” on page 379 and following
pages.
Unused Ports Report
To see inactive ports for a particular device, click the Unused Ports link in the left-hand panel.
Figure 198 shows example output.
EPICenter Reference Guide
Figure 198: Unused Ports Report
Slots, Stacks and Ports Reports
You can filter the report by selecting the following:
VLAN
Device Group
Inactive Days
Inactive Hours
Select all VLANs or the name of a particular VLAN
Select all groups or the name of a particular device group
Enter the number of days of inactivity for the requested port(s)
Enter the number of hours of inactivity for the requested port(s)
When you complete your selections, click Submit. The report can be saved in csv or xml format, or shown in a single page. It displays the following:
Device Name
IP Address
Inactive Ports
Groups
Location
Name of the device on which the port resides
IP Address of the device on which the port resides
Inactive ports on the device
Device groups to which this device belongs
Location of the device
Click on an entry in the Inactive Ports column to open the Unused Port Reports detail; Figure 199 shows a portion of example output.
EPICenter Reference Guide 403
EPICenter Reports
Figure 199: Unused Ports Report: detail (portion)
404
Again, you can filter the report by specifying the VLAN, the device group, and the time frame (inactive days, inactive hours). The Unused Port Reports detail displays the following:
Port Number
Port Name
Inactive Time
Vlan Name
Physical Type
Number of the unused port
An optional name (text string) configured for the port
Length of time this port has been inactive
Name of the VLAN to which this port belongs
Type of port
EPICenter Reference Guide
VLAN Reports
VLAN Reports
A VLAN is a group of location- and topology-independent devices that communicate as if they were on the same physical local area network (LAN). To view a report of the VLANs known to EPICenter, click the Vlan Summary link in the left-hand panel. Figure 200 shows example output.
VLAN Summary Report
The VLAN Summary Report shows basic information about all the VLANs on devices EPICenter is managing.
Figure 200: VLAN Reports
The information reported includes:
VLAN Name
Tag
Name of the VLAN
802.1Q tag, if any
EPICenter Reference Guide 405
EPICenter Reports
Protocol
Device List
Protocol used to filter packets for this VLAN
IP addresses of devices with QoS profiles configured for this VLAN
Select a VLAN to display the VLAN Details report for a VLAN. Figure 201 shows example output.
Figure 201: VLAN Details Report
406
The VLAN Details report displays the following information:
Device Name
IP Address
VLAN IP
Tagged Ports
Untagged Ports
# Tagged Ports
# Untagged Ports
# 10/100 Ports
# Gig Ports
# Active Ports
Name of a device on which the VLAN is configured
IP address of a device on which the VLAN is configured
IP address assigned to the VLAN
List of 802.1Q tagged ports
List of untagged ports
Number of tagged ports
Number of untagged ports
Number of 10BASE/100BASE ports
Number of Gigabit Ethernet ports
Number of active ports
See
Chapter 12 “Using the VLAN Manager” for more information on VLANs.
EPICenter Reference Guide
VLAN Reports
Voice VLAN Summary (Voice Over IP Reports)
To view a report of the voice VLANs known to the EPICenter software, click the Voice VLAN
Summary link in the left-hand panel. Figure 202 shows example output.
Figure 202: Voice Over IP Reports (Voice Vlan Summary)
The information reported includes the following:
VoIP Vlan Name
Device List
Name of the VLAN
IP addresses of devices with ports that are members of this VLAN, and the QoS Profile configured for this VLAN on each device
Click on a VLAN name to display the Voice over IP Details report for the devices in the VLAN.
The Voice over IP Details report displays the following information:
Device Name
IP Address
VLAN IP
Egress Port List
Number of Phone Ports
Name of the device
IP address of the device
The IP address and subnet mask assigned to the VLAN (if any) on the switch
The ports specified as Egress ports for the VoIP VLAN
The number of ports that are available for use as IP phone ports
Click the VLAN name to display a detailed report for an individual VLAN.
EPICenter Reference Guide 407
EPICenter Reports
EAPS Reports
There are two reports available under EAPS: the EAPS Summary report, and the EAPS Log report. Both of these reports are also accessible from within the EAPS Monitor applet.
EAPS Summary
The EAPS Summary report provides a brief overview of the status of the EAPS domains known to
EPICenter. This report can also be viewed from the Tools menu in the EAPS Monitor applet.
The report shows:
● The total number of EAPS domains known to EPICenter
●
●
The number of Domains currently in an error state
The number of domain failures that have occurred in the last 24 hours.
Figure 203: The EAPS Summary Report
408 EPICenter Reference Guide
EAPS Reports
EAPS Log Report
The EAPS log report shows the EAPS traps or EAPS-related syslog entries that have occurred for devices that meet the specified filter criteria. By default, all devices, traps and syslog entries are shown.
You can filter for:
●
●
A specific device by IP address (must be exact, wildcards are not supported).
The type of event (trap or syslog entries): you can enter any keywords that may appear under the
Type column as part of the description of the trap or syslog entry.
●
●
Specific varbinds (enter a keyword that matches the varbind you want to find, such as extremeEapsLastStatusChange .)
Events that occurred within a certain timeframe.
Figure 204: EAPS Log Report
EPICenter Reference Guide 409
EPICenter Reports
The EAPS Log report displays the following information:
Time
Source
Type
Varbinds
Time the event occurred, expressed in the local time zone of the EPICenter server
IP address of the device and port number (if applicable) that generated the event
Event type (for example, SNMP Trap)
Variable data transmitted with a trap
Log Reports
Four reports are provided under Logs: the Alarm, Event, Syslog, and Configuration Management
Activity reports.
Alarm Log Report
To see all the entries in the EPICenter Alarm Log, click the Alarm Log link in the left-hand panel.
Figure 205 shows a portion of an example output.
410 EPICenter Reference Guide
Figure 205: Alarm Log (portion)
Log Reports
The log can be saved in csv or xml format, or the entire report can be shown in a new page by clicking the show all link.
NOTE
If the EPICenter database has a large number of alarms, the show all option can take a very long time to complete.
The Alarm Log report displays the following information:
Time
Name
Severity
Source
Category
Ack’ed
Time the alarm occurred, expressed in the local time zone of the EPICenter server)
Name of the alarm
Severity level of the alarm
IP address of the device that generated the alarm
Category that the alarm is classified under
Whether the alarm has been acknowledged (0 is acknowledged, 1 is not acknowledged)
EPICenter Reference Guide 411
412
EPICenter Reports
Event #
Message
Event ID of the alarm (assigned by the EPICenter server when the alarm is received)
Message associated with the alarm
The alarm information is displayed in groups of 20 alarm events per page. You can navigate among the pages using any of the following methods:
●
●
●
Clicking the Previous and Next links.
Selecting a page number from the at the top of the report.
Clicking on the First or Last links to display the first or last page in the report.
The report is sorted initially by the Time that the alarm occurred. Click the heading of a column to sort on the contents of that column.
You can filter the alarms that are displayed by constructing a conditional filter using the fields at the top of the page. You can construct a two-clause filter statement as shown in Figure 206 .
Figure 206: Alarm Log filter specification
For further information on filtering, see
“Using Report Filtering” on page 379 . You can filter on any of
the variables shown in the report.
Event Log
To view all the entries in the EPICenter Event Log, click the Event Log link in the left-hand panel.
Figure 207 shows a portion of example output.
EPICenter Reference Guide
Figure 207: Event Log (portion)
Log Reports
The log can be saved in csv or xml format, or shown in a new page.
The information reported includes:
Event #
Count
Time
Source
Type
Varbinds
Event ID of the event (assigned by the EPICenter server when the event is received)
Number of consecutive events (if the same trap occurs at the same time and is received multiple times, only one event is created and the count displays the number of traps)
Time the event occurred, expressed in the local time zone of the EPICenter server
IP address of the device and port number (if applicable) that generated the event
Event type (for example, SNMP Trap)
Variable data transmitted with a trap
The event information is displayed in groups of 20 events per page. You can navigate among the pages using any of the following methods:
●
●
●
Clicking the Previous and Next links
Selecting a page number from the at the top of the report
Clicking the First or Last links to display the first or last page in the report
EPICenter Reference Guide 413
414
EPICenter Reports
You can filter the events that are displayed by constructing a conditional filter using the fields at the top of the page, as shown in Figure 208 . You can construct a two-clause filter statement.
Figure 208: Event Log filter specification
For further information on filtering, see
“Using Report Filtering” on page 379 . You can filter on any of
the variables shown in the report.
You can use the browser’s Copy and Paste functions to copy a specific value from the current report into the comparison field. This technique is particularly useful if you want to filter on a specific
Varbinds value.
EPICenter Reference Guide
Log Reports
Syslog (System Log)
To see all the entries in the system log, click the Syslog link in the left-hand panel. Figure 209 shows a portion of example output.
Figure 209: Syslog (portion)
The log can be saved in csv or xml format, or shown in a new page.
The information displayed includes the following:
Event #
Time
Source
Facility
Event ID of the syslog entry (assigned by the EPICenter server when the syslog is received)
Time the syslog is received by EPICenter, expressed in the local time zone of the
EPICenter server
IP address of the device that generated the syslog entry
Syslog facility
EPICenter Reference Guide 415
416
EPICenter Reports
Severity
Message
Syslog severity level
Error message text
The event information is displayed in groups of 25 events per page. You can navigate among the pages using any of the following methods:
●
●
●
Clicking the Previous and Next links
Selecting a page number from the at the top of the report
Clicking the First or Last links to display the first or last page in the report
You can filter the events that are displayed by constructing a conditional filter using the fields at the top
of the page, as shown in Figure 210
. You can construct a two-clause filter statement.
Figure 210: System Log filter specification
For further information on filtering, see
“Using Report Filtering” on page 379 .
The Configuration Management Activity Log
This log tracks all the configuration operations performed through EPICenter — uploading and downloading of configuration files. To see all the entries in the Configuration Management Activity log, click the Config Mgmt link in the left-hand panel. Figure 209 shows a portion of example output.
EPICenter Reference Guide
Figure 211: Configuration Management Activity Log (portion)
Log Reports
The log can be saved in csv or xml format, or shown in a new page.
The information displayed includes the following:
Time
Device
Activity
Status
Descr
File
Time at which the configuration activity occurred, expressed in the local time zone of the EPICenter server
IP address of the device on which the action was taken
The action that was attempted
Whether the action was successful or not
A message describing the reason for the status (the error message if the action could not be completed
The configuration file involved in the action, if appropriate.
The event information is displayed in groups of 25 events per page. You can navigate among the pages using any of the following methods:
●
●
Clicking the Previous and Next links
Selecting a page number from the at the top of the report
EPICenter Reference Guide 417
EPICenter Reports
● Clicking the First or Last links to display the first or last page in the report
You can filter the events that are displayed by constructing a conditional filter using the fields at the top
of the page, as shown in Figure 210
. You can construct a two-clause filter statement.
Figure 212: Configuration Management Activity Log filter specification
418
For further information on filtering, see
“Using Report Filtering” on page 379 .
Wireless Reports
The EPICenter wireless reports present information on wireless access points, interfaces (radios), and clients.
A number of Extreme Networks switches extend network services to wireless 802.11a/b/g clients within a fully integrated network infrastructure. Ports on these switches support wireless and Power over Ethernet, and handle all of the management functions typically associated with an access point.
The Altitude 300 wireless port serves as the radio transmitter and receiver, inheriting configuration information as soon as it is attached to the switch and as changes are made to the wireless profiles after the system is deployed.
The wireless interfaces are radios. A switch port usually represents one interface, but if a wireless port is connected, it adds two more interfaces to the switch port interface: interface 1 (A radio) and interface
2 (B/G radio). Thus, in the Interface column in several wireless reports, the interface is shown as
slot:port:interface_number:virtual_interface_number; for example, 1:20:1:1. The virtual interface number is currently not meaningful. It will be used in future Extreme Networks wireless features.
The wireless reports are explained in the following subsections.
Wireless Summary Report
The Wireless Summary Report provides an overview of the status of the wireless interfaces, Access
Points (APs) and wireless clients known to EPICenter (as shown in Figure 213 ). From this report you can link to detail reports in a number of areas.
EPICenter Reference Guide
Figure 213: Wireless Summary Report
Wireless Reports
From this page you can link to detail reports as follows:
Click this Link...
wireless ports wireless clients unconnected wireless clients last 1 hour spoofed wireless clients
To access the following report
Wireless Port Inventory Report
Current Wireless Clients Report
Unconnected Client Report
Wireless Client History Report filtered for Auth Failed client actions within the last hour.
Spoofing Wireless Client Report
EPICenter Reference Guide 419
420
EPICenter Reports
Click this Link...
rogue APs online interfaces offline interfaces wep encrypted interfaces no encryption web-based net login
MAC RADIUS
802.1x
WPA
WPA/PSK
WPA2
WPA2/PSK
To access the following report
Rogue Access Point Detection Report
Wireless Interface Report filtered for interfaces whose state is enabled
Wireless Interface Report filtered for interfaces whose state is disabled
The number of interfaces configured for wep encryption. (Note this is not a link)
Wireless Interface Report filtered for interfaces with Dot11 Auth = Open,
Network Auth=None, and Encryption=N/A.
Wireless Interface Report filtered for interfaces with Dot11 Auth = all dot11 auth,
Network Auth=Net Login, and Encryption=all encryptions.
Wireless Interface Report filtered for interfaces with Dot11 Auth = Open,
Network Auth=Mac RADIUS, and Encryption=all encryptions.
Wireless Interface Report filtered for interfaces with Dot11 Auth = Open,
Network Auth=802.1x, and Encryption=all encryptions.
Wireless Interface Report filtered for interfaces with Dot11 Auth = Open,
Network Auth=WPA, and Encryption=all encryptions.
Wireless Interface Report filtered for interfaces with Port Auth = open, Network
Auth = WPA, and Encryption = psk.
Wireless Interface Report filtered for interfaces with Port Auth = open, Network
Auth = WPA2, and Encryption = all encryptions.
Wireless Interface Report filtered for interfaces with Port Auth = open, Network
Auth = WPA2, and Encryption = psk
See the sections following for detailed information about these reports.
Wireless AP (Wireless Port Inventory) Report
To view an inventory of all Wireless Access Points which are connected to devices managed by
EPICenter, click the Wireless Reports link in the left-hand panel, then click the Wireless AP link.
Figure 214 shows example output.
EPICenter Reference Guide
Figure 214: Wireless Port Inventory Report
Wireless Reports
You can filter this report by specifying an IP address, or you can display information for all device IP addresses. The report can be saved in csv or xml format, or shown as a single page.
The initial display presents the status of all wireless ports (APs) known to EPICenter, at the Device
Group level:
Connected Device
Port
State
Wireless Port MAC
Serial Number
Product Name
Country Code
Antenna Type
Antenna Location
Location
Name and IP address of the switch to which the AP is connected
Port on the switch to which the AP is connected
State of the wireless port (Online or Offline)
MAC address for the wireless port
Wireless port serial number
Manufacturer’s name for the wireless port
Country code, which determines country-dependent frequency and other regulatory settings on the wireless port, shared by all wireless ports on the switch
Type of antenna, e.g. Integrated or detachable
Physical location of the antenna (Indoor, Outdoor)
Physical location of the wireless port as configured by the administrator
EPICenter Reference Guide 421
EPICenter Reports
Click on an entry in the Connected Device column in this report to view the Device Details report for the switch to which the AP is connected.
Click on a port in the Port column to view the Wireless Port Details report for the selected port.
Wireless Interface Report
To see information on all wireless interfaces (radios) in the entire network, click the Wireless Reports link in the left-hand panel, and then click the Wireless Interfaces link. Figure 215 shows example output.
Figure 215: Wireless Interface Report
422
You can filter this report by IP address, RF mode, SSID, Channel, State, Dot11Authentiction method,
Network Authentication method, Encryption method, or any combination of these factors.
The initial display presents a summary at the wireless interface level:
Device
Interface
Mode
Name and IP address of the switch to which the wireless interface is connected
Slot, port, and interface number for this wireless interface. If the interface is a remote connect interface, the interface number is preceded by a “v” to indicate a virtual interface, for example v:6:1:1, v:6:1:2, or v::2:1
Wireless LAN RF mode: 802.11a, 802.11b, 802.11g, or 802.11b/g
EPICenter Reference Guide
Wireless Reports
SSID
Channel
Dot11 Auth
Network Auth
Encryption
State
Associated Clients
Service set ID for the wireless interface
Radio frequency channel used by the wireless interface
Dot11 Authentication method for this wireless interface: all Dot11 authentication, Open or Shared.
Network Authentication method (all methods, none, Net Login, Mac RADIUS, 802.11x,
WPA or WPA/PSK)
Encryption method: all encryption methods (N/A (none), WEP64, TKIP, AES, WEP128, or Other)
Interface state (enabled or disabled)
Total number of clients associated with the wireless interface, including clients in the associated state and the data forwarding state
Click on an entry in the Device column to open the Device Details report (see
Wireless Port Details Report
Figure 216 shows an example of this report.
EPICenter Reference Guide 423
EPICenter Reports
Figure 216: Wireless Port Details Report
424
This report shows the following information for the slot and port:
Product Name
Manufacturer
Serial Number
MAC Address
Country Code
RF Modes
Name of the AP
Manufacturer of the AP
Serial number of the AP
MAC address of the AP
Country code, which determines country-dependent frequency and other regulatory settings on the wireless port, shared by all wireless ports on the switch
Supported RF modes: one or more of 802.11a, 802.11b, 802.11g, or 802.11b/g
EPICenter Reference Guide
Wireless Reports
Port State
State Change
Location
Description
• Disabled: Wireless port is disabled
• Enabled: Wireless port is enabled
• Online: Wireless port is connected, enabled, and functioning correctly
• Error: Wireless port is connected but is not functioning correctly
Time at which port last changed state
Location information for the AP connected to this port
Description of the AP
Remote connect (virtual) interfaces are indicated by a “v” preceding the interface identifier. For each wireless interface, it shows the following:
SSID
MAC Address
RF Mode
Channel
RF Profile
Bridging
Interface State
State Change
Network Auth
Dot11 Auth
Encryption Length
Encryption
Security Profile
Client Data VLAN
Data VLAN Tag
Use VSA VLAN
Service set ID for the wireless interface
MAC address of the wireless interface (radio)
Wireless LAN RF mode: 802.11a, 802.11b, 802.11g, or 802.11b/g
Radio frequency channel used by the interface
RF profile used by the interface
Whether bridging is enabled (Yes or No)
Enabled or Disabled
Time at which interface last changed state
Network Authorization method configured for this interface
Authentication method: (open for no WEP, or shared for shared key WEP authentication)
Encryption length (64 or 128 for WEP, 0 for no WEP))
Encryption method (none, WEP64, TKIP, WRAP, CCMP, WEP128, Other)
Security profile used by the interface
VLAN to use for client data if VLAN is not received as a RADIUS Vendor Specific
Attribute (VSA)
Tag of the client data VLAN
If True, use the VSA VLAN returned by the RADIUS server. If False, ignore the VSA
VLAN returned.
Safe AP MAC List
The Safe AP MAC List shows the list of MAC addresses that belong to Access Points that have been determined to be legitimate and added to this list. If you are an Administrator (with the Administrator role) you can also manage the list of safe MAC addresses through this page, by importing lists of MAC addresses or deleting the list.
You can add individual MAC addresses to this list through the Rogue Access Point Detail Report.
Figure 217 shows an example of this report.
EPICenter Reference Guide 425
EPICenter Reports
Figure 217: Safe AP MAC Address List
426
The report simply consists of a list of MAC addresses with a optional description.
●
●
To import a list of addresses, browse to the appropriate location, select a file and click Submit.
The input list is simply a text file with MAC address and optional description, separated by a comma, with one MAC address per line.
To delete all APs in the list, click the Delete All button.
Rogue APs (Rogue Access Point Detection Report)
This report shows the list of access points that have been detected by an by Extreme Networks Altitude
300 AP that are not managed by EPICenter, and are not on the Safe AP list at the time the user requests this report.
The data used to determine the existence of rogue APs is based on the most recent detail poll information for the devices, augmented by any traps (AP detected, AP modified, and AP removed) that
EPICenter has received.
If MAC polling is enabled within EPICenter, EPICenter may be able to determine the switch and port a rogue AP is connected to. If MAC Polling is disabled, EPICenter will detect the rogue AP but will not be able to identify the connecting switch.
Figure 218 shows an example of this report.
EPICenter Reference Guide
Figure 218: Rogue Access Point Detection Report
Wireless Reports
For each Rogue Access Point detected, the following information is provided:
Rogue AP MAC
Manufacturer
Mode
Channel
SSID
Possible Connected Devices
Nearest Detecting AP
Nearest Detecting Location
First Detected
MAC address of the AP. Click the link in this cell to view the Rogue Access Point
Detail Report for this AP.
Manufacturer of the AP
Wireless LAN RF mode: 802.11a, 802.11b, or 802.11g/b
Radio frequency channel used by the rogue interface
Service set ID for the wireless interface
The switch(es) the EPICenter MAC Poller has determined could be where the rogue AP is connected. There can be multiple devices in this field, if EPICenter detected the MAC address on more than one switch.
Click the link in this cell to view a Device Details report for this device.
If multiple APs detected the rogue, the identity of the nearest detecting AP.
Click the link in this cell to view a Wireless Port Details report for this AP.
The location of the nearest detecting AP
The time at which this rogue AP was first detected
You can view the details for each of the detected rogue APs through the Rogue Access Point Detail
Report.
Rogue Access Point Detail Report
This report shows you information about an AP that has been detected as a rogue, as well as information about how and where it was detected.
EPICenter Reference Guide 427
EPICenter Reports
Figure 219: Rogue Access Point Detail Report
428
The following information is provided:
Rogue AP MAC
Manufacturer
802.1x Mode
SSID
Possible Connected Devices
Possible Connected Ports
Encryption
WPA Enabled
WPA Encryption
WPA Auth
Data Rates (Mbps)
Ext Data Rates (Mbps)
MAC address of the AP
Manufacturer of the AP
Wireless LAN RF mode: 802.11a, 802.11b, or 802.11g/b
Service set ID for the wireless interface
The switch(es) the EPICenter MAC Poller has determined could be where the rogue AP is connected. There can be multiple devices in this field, if EPICenter detected the MAC address on more than one switch.
The port(s) on the possible connected devices where the AP could be connected.
Whether Encryption is being used by this AP (True or False)
Whether WPA is enabled (Yes or No)
The type of encryption, if WPA is enabled
The WPA authenticating method
The broadcast data rate for the AP
The broadcast extended data rate for the AP
EPICenter Reference Guide
Wireless Reports
For each detecting device, the following information is shown:
Detecting Device
Detecting Interface
Detecting AP Location
Average RSS
Network Type
Channel
First Seen
The identity of the nearest detecting AP
The wireless interface on which the rogue was detected
The location of the nearest detecting AP
The detected average received signal strength (RSS) from the rogue AP
BSS or IBSS
Radio frequency channel on which the rogue was detected
The time at which this rogue AP was first detected
From this report an EPICenter administrator (a user with an Administrator Role) can add this AP to the list of Safe APs.
● To add the device to the Safe APs list, click the Add to Safe List button.
If the rogue AP has been identified by the EPICenter MAC address poller as being connected to a unique device and port, you can also disable that port.
● To disable the port on which the rogue AP is connected, click the Disable Port button.
The Disable Port button will not be available if no possible connecting device has been detected, or if more than one possible connecting device has been detected.
Rogue AP Alarms
This report shows the alarms generated when an Extreme Altitude AP detects a rogue AP. From this report you can also access the Automatic Rogue AP Detection Status page, where you can enable or disable rogue AP detection, and change the detection interval.
EPICenter periodically checks the database to determine if any rogue AP detection events (traps) have occurred. If it finds that an AP has been detected, it generates a rogue AP alarm. It generates an alarm for each rogue AP detected, and will continue to generate alarms until either the Administrator adds the AP to the Safe AP MAC List, or until the AP is removed.
An Extreme Networks switch generates a trap for a rogue AP in the following situations:
● When a previously unknown AP is detected
●
●
When a previously detected rogue AP changes state
When a previously detected rogue AP is no longer detected (disappears).
Figure 220 shows an example of this report.
EPICenter Reference Guide 429
EPICenter Reports
Figure 220: Rogue AP Alarms Report
430
For each Rogue Access Point detected, the following information is provided:
Rogue AP MAC
Manufacturer
Mode
Channel
SSID
Possible Connected Devices
Nearest Detecting AP
Nearest Detecting Location
First Detected
Alarm Time
MAC address of the AP. Click the link in this cell to view the Rogue Access Point
Alarm Detail Report for this AP
Manufacturer of the AP
Wireless LAN RF mode: 802.11a, 802.11b, 802.11g, or 802.11b/g
Radio frequency channel used by the wireless interface
Service set ID for the wireless interface
The switch(es) the EPICenter MAC Poller has determined could be where the rogue AP is connected. There can be multiple devices in this field, if EPICenter detected the MAC address on more than one switch.
Click the link in this cell to view a Device Details report for this device.
If the rogue is detected by multiple APs, this shows the identity of the nearest detecting AP
The location of the nearest detecting AP
The time at which this AP was first detected
The time at which the alarm occurred
From this report you can enable or disable rogue AP detection:
● Click the link (“Click here to change status”) to display the Automatic Rogue AP Detection Status page (see Figure 221 ).
EPICenter Reference Guide
Figure 221: Enabling or Disabling Rogue AP Detection
Wireless Reports
● To enable or disable rogue AP detection, click the On or Off radio button, then click Change.
You can also change how frequently EPICenter queries the database for rouge AP detection events. The interval is set in minutes, and defaults to 180 minutes (3 hours).
● To change the interval, enter a different number, and click Change.
NOTE
You can also enable or disable the Rogue Access Point Found alarm in the Alarm Browser.
Network Login Report
The Network Login Report provides information about 802.1x and HTTP login activity. The HTTP network log is Extreme specific. To view a Network Login Report, click the Network Login link in the left-hand panel; Figure 222 shows example output.
EPICenter Reference Guide 431
EPICenter Reports
Figure 222: Network Login Report
432
In this version of the Reports software, this report does not display wireless clients. You can filter this report by specifying a device name, a number of hours, or any combination of these.
The report displays the following information:
Device Name
IP Address
Network Login Activity
Name of the device
IP address of the device
802.1x network login activity that has occurred on this device
Click the heading of a column to sort on the contents of that column.
Current Wireless Clients Report
The Current Wireless Clients report lists all wireless clients, regardless of their states, that are currently in the network as seen by the wireless ports. To view a summary of wireless clients, click the Wireless
Reports link in the left-hand panel, and then click the Current Clients link. Figure 223 shows a portion of an example output (reduced here because of its width).
EPICenter Reference Guide
Wireless Reports
Figure 223: Current Wireless Clients Report (portion, shown reduced because of width)
You can set filters in this report for authentication method, encryption method, client state, device IP address, in any combination, along with an additional choice from the drop-down list (device interface, interface mode, interface channel, client SSID, client MAC address, or user name).
The information displayed is as follows:
Client MAC
User Name
MAC address of the client. Click the link in this cell to display the Wireless Client
History report for this client.
User name associated with this client; appears only if the authentication method is
802.1x
EPICenter Reference Guide 433
434
EPICenter Reports
Client State
Client Auth Method
Client Encrypt Method
Client SSID
Device
Interface
RF Mode
RF Channel
Last State Change
Current state of the client:
• Detected: The client is detected by the wireless interface, but has not yet been authenticated
• Authenticated: The client is authenticated on this wireless interface by the method shown in the Client Auth Method column
• Associated: The client is associated with the wireless interface, but cannot communicate with the network
• Data forwarding: The client can communicate with the network
Note: A client state changes from detected, authenticated, associated, and data forwarding, in that order. For interfaces using the WEP authentication method, a client in the authenticated state means the client has been authenticated. However, for interfaces using 802.1x authentication method, a client in the authenticated or the associated state only means that the client has gone through open authentication. When a client goes through the 802.1x authentication, the client will be in the data forwarding state. (The 802.1x authentication happens between the associated state and the data forwarding state.)
Authentication method that client is using to access the network: Open, WEP, MAC,
802.1x, PSK, none, or all authentications
Encryption method used by this client: WEP64, WEP128, TKIP, AES, None, or unknown
Service set ID for the client
Name and IP address of device reporting this client
Wireless interface (radio) reporting this client
Wireless LAN RF mode: 802.11a, 802.11b, 802.11g, or 802.11b/g
Radio frequency channel used by the interface
Date and time of this client’s last state change, expressed in the EPICenter server’s local time zone
You can access drill-down reports as follows:
● Click on an entry in the Client MAC column to open the Wireless Client History Report for that client; see
“Wireless Client History Report” on page 434 .
Wireless Client History Report
The Wireless Client History Report displays the history of all client logins, logouts, authentication failures, and age-out activity. You can use this report to track users roaming from one interface to another.
Wireless client history is based on traps that the EPICenter software receives; thus the history contains entries recorded only when the EPICenter software is running.
When the database becomes full, earlier history entries are truncated, and do not appear in the display.
To view the history of a wireless client, click the Wireless Reports link in the left-hand panel, and then click the Client History link. Figure 224 shows a portion of example output.
EPICenter Reference Guide
Figure 224: Wireless Client History Report (portion)
Wireless Reports
Specify the client action, client MAC address, user name, and reporting period to filter this report. If you access this report by clicking the Client History link in the menu, the latest hour of history for all clients on all wireless ports is shown. If no time period is specified, the report displays the entire history in the database since the EPICenter software was last started.
The information displayed is as follows:
Time
Client MAC
User Name
Auth Method
Session Status
Action
Device IP
Time of this client’s action as noted in the Action column
MAC address of the client
User name that the client is using to connect to interface; a value appears here only if the authentication method is 802.1x
Authentication method that client is using to access the network: Open, WEP, MAC,
802.1x, PSK, none, or all authentications
Success or Authentication Failure
Action performed by the client at the time shown: Log in, Log out, Auth failure, and Age out
Name and IP address of the device reporting this client
EPICenter Reference Guide 435
436
EPICenter Reports
Interface
Current Wireless Port
Location
Slot, port, and interface (radio) reporting this client
Wireless port current physical location
The software does not save the location that was recorded for the reporting period, but records the current location. (These locations rarely differ.)
Spoofing Wireless Client Report
When the network detects two or more client stations with the same MAC address that are all in the data forwarding state on different wireless interfaces, the client might be using another client’s MAC address in an unauthorized way; such a client is known as a spoofing wireless client. The Spoofing
Wireless Client Report displays information on these clients.
However, a client can also appear on two or more wireless interfaces at the same time because it is roaming and thus changing from one interface to another. To exclude these cases from the report, you can specify a wireless client time-out length (minimum connection time) to correspond to the client ageout setting on the switch.
To view a summary of clients in the data forwarding state on more than one wireless interface, click the
Wireless Reports link in the left-hand panel, and then click the Spoofing Clients link. Figure 225 shows
MAC addresses of wireless clients in the data forwarding state that are appearing on more than one interface for at least 10 seconds.
Figure 225: Spoofing Wireless Client Report
EPICenter Reference Guide
Wireless Reports
You can use the Wireless client time-out length (seconds) field to specify a minimum connection time, to exclude cases in which a roaming client might be changing from one interface to another. Normally, this time is the same as the client age-out setting on the switch.
This report displays the following information:
Client MAC
User Name
Authentication Method
Encryption Method
Device
Interface
WP Location
MAC address of the client
User name that the client is using to connect to interface; a value appears here only if the authentication method is 802.1x
Authentication method that client is using to access the network: Open, WEP, MAC,
802.1x, PSK, none, or all authentications
Encryption method used by this client: WEP64, WEP128, TKIP, AES, None, or unknown
Name and IP address of the device reporting this client
Wireless interface reporting this client
Physical location of the wireless port
Click on an entry in the Device column to open the Device Details report; see the
see the information
.
Unconnected Client Report
The Unconnected Client Report helps diagnose why a client cannot connect to the network by listing clients not currently in the data forwarding state. This report can also show any client trying to access your network maliciously.
When a client is roaming from one interface to another, it shows on the new interface temporarily as not connected. However, the client may not truly be in the unconnected state, because it may still be connected on the old interface. It should be considered an unconnected client only if it is unconnected for longer than the wireless client time-out interval, which you can specify for this report.
To view a summary of clients that are not in the data forwarding state, click the Wireless Reports link in the left-hand panel, and then click the Unconnected Clients link. Figure 226 shows example output.
EPICenter Reference Guide 437
EPICenter Reports
Figure 226: Unconnected Client Report
438
You can use the Wireless client time-out length (seconds) field to specify a minimum connection time, to exclude cases in which a roaming client might be changing from one interface to another. Normally, this time is the same as the client age-out setting on the switch.
This report displays the following information:
Client MAC
Client State
Auth Method
Encrypt Method
Reporting Device
Reporting Interface
WP Location
MAC address of the client
• Detected: The client is detected by the wireless interface, but has not yet been authenticated
• Authenticated: The client is authenticated on this wireless interface by the method shown in the Client Auth Method column
• Associated: The client is associated with the wireless interface, but cannot communicate with the network
• Data forwarding: The client can communicate with the network
Authentication method that client is using to access the network: Open, WEP, MAC,
802.1x, PSK, none, or all authentications
Encryption method used by this client: WEP64, WEP128, TKIP, AES, None, or unknown
Name and IP address of the device reporting the client.
Click the link in this cell to view the Device Details report for this client.
Wireless interface (radio) reporting the client.
Click the link in this cell to display the Wireless Port Details Report for this interface.
Physical location of the wireless port reporting the unconnected client
EPICenter Reference Guide
RSS
Last State Change
Wireless Reports
Client’s received signal strength in dBm (minidecibels)
Date and time of this client’s last state change, expressed in the EPICenter server’s local time zone
Client Reports
There are five reports under the Clients heading: Network Login, Current Clients, Client History,
Spoofed Clients, and Unconnected Clients. These produce the same reports as under the Wireless
Reports heading. For details of these reports, please refer to the following sections:
Network Login
Current Clients
Client History
Spoofed Clients
Unconnected Clients
See
“Network Login Report” on page 431
See
“Current Wireless Clients Report” on page 432
See
“Wireless Client History Report” on page 434
See
“Spoofing Wireless Client Report” on page 436
See
“Unconnected Client Report” on page 437
MIB Poller Tools
The MIB Poller Tools are advanced Administrator Tools you can use to collect history for MIB variables of interest, or to do a one-time “get” of specific MIB variables. The MIB Poller can be used to collect
MIB variable data periodically. That data can later be exported to a text file that can be imported into programs like Microsoft Excel for historical trending analysis.
Users who do not have an Administrator role can view the MIB Collection Poller Summary, and can view detailed information about any MIB collections which have been implemented by an EPICenter
Administrator. However, only users with an Administrator role can Start or Stop the Collection process, or can load an XML file to define a Collection.
The MIB Poller Tools are described in the chapter on “Tuning and Debugging EPICenter” in the
EPICenter Concepts and Solutions Guide.
EPICenter Server Reports
This category includes both the Server State Summary report, which provides a large amount of information about the EPICenter server and its activity, and a set of administrator tools, available only to users with an Administrator role, that may be useful in analyzing EPICenter performance or activity questions.
If you do not have an Administrator role, the EPICenter debugging tools will not be available.
Server State Summary Report
The Server State Summary Report displays statistics about configured servers, SNMP activity, thread and SNMP session pools, database activity, the ports used by the EPICenter server, and EPICenter licenses. Figure 227 shows an example.
EPICenter Reference Guide 439
EPICenter Reports
Figure 227: Server State Summary Report (top half)
440
The report presents information in multiple tables.
The first table in the report shows the status of the various EPICenter subsystems:
EPICenter Subsystem
Configuration
Current Status
The name of the subsystem (TFTP Server, Internal Syslog Server, Internal RADIUS
Server, MAC Poller)
Whether the subsystem is enabled or disabled
Whether the subsystem is running or stopped
The second table shows statistics about the MAC/FDB Poller:
Last Poll Completed
Last Poll Duration
Average Duration
The time at which the last complete polling cycle finished
The length of time it took to perform the last complete FDB polling cycle
The average length of time it has taken to perform a complete FDB polling cycle
EPICenter Reference Guide
Wireless Reports
The third table in the report provides the number of operations that have occurred in the last minute, the last hour, and the last day (24 hours) for the following operations:
SNMP Queries
Database Commits
Client Requests
Trap Requests
Syslog Messages
Number of SNMP queries performed by the EPICenter server
Number of database commits performed by the EPICenter server
Number of data requests to the EPICenter server by all connected clients
Number of trap PDUs received by the EPICenter server
Number of syslog messages received by the EPICenter server
The fourth table in the report shows scalability statistics for the thread pool and the SNMP session pool:
Thread Pool Statistics column
• Pool Size
• Default Allocation Size
Thread pool size for the threads that are used to perform server operations (for example, reading data from a device or configuring the devices)
Number of threads used to perform a single operation (for example, running a
Telnet macro across a number of devices)
• Currently In Use
• Maximum In Use at Once
Number of threads currently in use
Maximum number of threads that are in use at one time
• Total # of Requests Total number of times a thread is requested to perform an operation in the server
• Total # of Wait For Thread Total number of times the server has to wait for a thread to become available
• Percentage Wait per
Request
Percentage of total wait versus total request for threads
SNMP Session Pool Statistics column
• Pool Size
• Default Allocation Size
• Currently In Use
• Maximum In Use at Once
Maximum number of allowed SNMP access sessions to the devices
Not applicable
Number of SNMP access sessions currently in use
Not applicable
• Total # of Requests Total number of times an SNMP object is requested to perform an operation in the server
• Total # of Wait For Thread Total number of times the server has to wait for an SNMP object to become available
• Percentage Wait per
Request
Percentage of total wait versus total number of requests for SNMP objects
The fifth table in the report shows the ports currently in use by the EPICenter server:
Web Server
Trap Receiver
Radius Server
Telnet
Database
Port currently used by the EPICenter web server
Port currently used by the EPICenter server to receive traps
Port currently used by the RADIUS server
Port currently used for Telnet
Port currently used for EPICenter database communication
The last table shows the EPICenter licenses currently installed, along with their Access Keys (which can be used to obtain a license key from Extreme):
License The type of license (EPICenter Base license, Advanced Upgrade, Gold Upgrade, or
SSH)
EPICenter Reference Guide 441
442
EPICenter Reports
Status
Access Key
Whether this license category is enabled or disabled.
The access key for the license (used to obtain a license key from Extreme).
See the EPICenter Release Notes or the EPICenter Installation and Upgrade Note for instructions on requesting and installing a license key.
If you have administrator-level access to EPICenter, you can use the Administration applet to change the Web Server, Trap Receiver, RADIUS and Telnet ports used by EPICenter. See
“Administering EPICenter” for more information.
If you are running under Windows XP or Windows 2003 Server, you can use the Port Configuration
Utility, accessible from the Programs menu, to change the database port. See Appendix B for details on the utility.
Debug EPICenter
These are not reports, but rather tools to allow a user with an Administrator role to set certain options for the purpose of analyzing EPICenter performance.
If you do not have an Administrator role, you will not see this link in the left-hand panel of the Reports feature.
The tools for debugging EPICenter are described in the chapter on “Tuning and Debugging EPICenter” in the EPICenter Concepts and Solutions Guide.
Miscellaneous Reports
Resource to Attribute Mapping Report
The Resource to Attribute Mapping Report lists all resources that include the specified attribute. Click the Resource to Attribute Mapping link in the left-hand panel to display the attribute selection field.
Then select an attribute from the pull-down list; Figure 228 shows an example.
EPICenter Reference Guide
Figure 228: Attribute specification for Resource to Attribute Mapping report
Wireless Reports
The pull-down list shows a set of system-defined attributes used by the Policy Manager, along with any attributes you have added to resources through the Grouping Manager. The system-defined attributes
(L4 Port, IP, UDP Any, TCP Any, TCP Permit-Established Any, IP Any, and IP Address) have static definitions and are used internally by the EPICenter Policy Manager. You create user-defined attributes within the Grouping Manager, either by adding them to a resource through the user interface, or by importing them.
For the attribute you select in the pull-down menu, the report displays the following information:
Resource Type
Resource Name
Attribute Value
Type of the resource (such as device, user, host, or group)
Name of the resource that includes the selected attribute
Value of the attribute associated with the resource
User to Host Mapping Report
The User to Host Mapping Report lists currently defined user and host mappings, along with the primary IP address of the host. You can create user-host mappings in the Grouping Manager, and also are created automatically if the Dynamic Link Context System (DLCS) is enabled on your Extreme devices. Click the User To Host Mapping link in the left-hand panel to display the attribute selection field; Figure 229 shows example output.
EPICenter Reference Guide 443
EPICenter Reports
Figure 229: User to Host Mapping
The report displays the following information:
User Name
Host Name
Host IP Address
User name
Name of the host mapped to the user
Primary IP address of the host
NOTE
In this version of the Reports software, this report does not display wireless clients.
444
Printing and Exporting EPICenter Reports
This section explains how to print or export reports.
Printing Reports
Unlike the other EPICenter applets, EPICenter reports can be printed with your browser’s print function. To print a report, place the cursor in the pane where the report is displayed, and use the browser’s Print button, or the Print command from the File menu, to initiate the print.
EPICenter Reference Guide
Printing and Exporting EPICenter Reports
You can also use the show all link to print all data from a large .html page.
Exporting Reports
You can export certain EPICenter reports to either .csv or .xml format. Exporting reports allows you to use various software applications to manipulate the data. The following reports can be exported:
●
●
Device Reports (Device Inventory)
Card Report (Slot Inventory)
●
●
●
●
EAPS Log Report
Wireless Port Inventory Report
Wireless Interface Report
Spoofing Wireless Client Report
●
●
●
●
●
●
●
●
●
●
Unauthenticated Client Report
Wireless Client Report
Wireless Client History Report
Report on Device Ports (Interface Reports)
Unused Ports
Network Login Report
Alarm Log
Event Log Report
Syslog Report
Config Management Log Report
From the Reports Main page, you can generate a report to be used by Extreme Networks eSupport using by selecting the Device Group and clicking Export.
EPICenter Reference Guide 445
EPICenter Reports
446 EPICenter Reference Guide
2
Advanced Upgrade Features
16
EAPS Protocol Monitoring and Verification
This chapter describes the following:
●
EAPS Monitor Main View on page 452
●
●
●
●
●
●
Reorganizing the Map View on page 459
●
●
●
Overview of the EAPS Monitor
The Ethernet Automatic Protection Switching (EAPS) Monitor provides a visual way to view the status of your EAPS configurations (EAPS domains) and to verify the configuration of your EAPS-enabled devices. With its multiple status displays and the ability to focus on individual EAPS domains, it can also help you debug EAPS problems on your network.
As with the EPICenter Topology Manager, the EAPS Monitor map is discovered and populated automatically.
NOTE
Your devices must be running ExtremeWare 7.7 or later, or ExtremeXOS 11.3 or later in order to be recognized by
EPICenter as EAPS nodes. ExtremeXOS 11.6 is required for full functionality within EPICenter.
EAPS Monitor Functions
There are multiple ways to invoke the functions provided by the EAPS Monitor:
● Using the menus at the top of the main applet frame
●
●
Using the three tabs shown directly below the EAPS Monitor menus
Using commands that appear on the Viewport Toolbar (the map toolbar)
●
●
Using commands from a pop-up menu that appears when you right-click on a device node shown on the EAPS map
Using commands from a pop-up menu that appears when you right-click on the map background
EPICenter Reference Guide 449
450
EAPS Protocol Monitoring and Verification
● Using commands from a pop-up menu that appears when you move the mouse over a device node or link
An EPICenter user with read-only access to this feature can view the EAPS map, and can view status information about the domains, devices, and links through the tables at the top of the main view. A read-only user cannot move elements around on the map (other than using the Fit command or Zoom slider or commands to position them within the viewable portion of the window), and cannot refresh
EAPS status with a Synchronize operation. A read-only user can run the Verify EAPS command, can select a domain to view in Focus mode. They can also run reports.
Users with Administrator or Manager roles, or other roles with write access to this feature, can reorganize and layout the topology map, and can edit domain names and descriptions. These users can also explicitly refresh the information in the database related to the EAPS status, using the Synchronize command.
EAPS Monitor Tabs
The tabs at the top of the EAPS main page provide the following information:
Table 41: Topology View Function Buttons
Domains
Devices
Links
Provides an overview of the EAPS domains known to EPICenter. From the table you can display detailed information, and navigate to domains in the map. See
“The Domains Tab” on page 465 .
Provides an overview of the devices known to EPICenter with respect to their EAPS configuration. From the table you can display detailed information, and navigate to devices in the map.See
“The Devices Tab” on page 469 .
Provides an overview of the links currently known to exist between devices in the EPICenter database. From the table you can display detailed information, and navigate to links in the map. See
The tables under these tabs are sortable by columns, and also support hierarchical sorting (primary and secondary sort by column). See
“Sorting a Table Display” on page 466 for details on setting sorting a
table or Detail Display.
The EAPS Monitor Menus
EPICenter provides a set of menus at the top of the main display frame. These are standard across all the EPICenter applets, and most of the commands in these menus are described in
.
The EAPS Monitor provides several additional menu items to the standard Tools menus. The EAPS
Monitor Tools menu contains the following items:
Table 42: The Tools Menu
Synchronize
Verify EAPS
EAPS Summary Report
Updates the EAPS status of the devices and links on the map. See
“Synchronize” on page 463 for further information.
Analyzes the EAPS configurations in your network, and creates a report that shows where configuration errors are found. See
“Verify EAPS” on page 463 for further information.
Runs the EAPS Summary Report. See
“EAPS Summary Report” on page 465 for further information.
EPICenter Reference Guide
EAPS Monitor Functions
Table 42: The Tools Menu
Technical Support
Device >
Macros >
Enables you to collect information about a selected device to help
diagnose and troubleshoot problematic behaviors. See “The Technical
for details on using this command.
Enables you to view other types of information about a device (from other
EPICenter applets) without having to leave the Topology View. Provides a submenu of commands that run in a separate window with the device preselected: Alarms, Statistics, Sync, Telnet, Viewer, VLANs, Device
Manager. You can also view the Properties display from this menu. See
“The Device Sub-Menu” on page 39
for a description of each command.
Displays a list of Telnet macros available for the selected device. See “The
Macros Sub-Menu” on page 41 for more information.
Pop-Up Menus
The EAPS Monitor provides two pop-up menus:
● When you select a device on the map, you can right-click to display a pop-up menu that contains commands relevant to the selected device.
● You can right-click on the map background to display a pop-up menu with commands that let you modify the map.
See
“Right-Click Pop-Up Menus” on page 38
for basic information about using the device-related popup menus.
Device Node Pop-Up Menu
The pop-up menu that appears when you right-click on a device node contains the following commands:
Table 43: Device Node Pop-Up Menu Commands
Device >
Technical Support >
Macros >
Properties
Same as the Device command from the Tools menu. Provides a submenu of commands: Alarms, Statistics, Sync, Telnet, Viewer, VLANs, Device
Manager. See
“The Device Sub-Menu” on page 39 for a description of each
command.
Same as the Technical Support command from the Tools menu.
See
“The Technical Support Sub-Menu” on page 40
for details.
Same as the Macros command from the Tools menu. See “The Macros Sub-
for more information.
Same as the Properties command from the Display menu. See
Properties Display” on page 85 for details about what this command shows.
Map Pop-Up Menu
The pop-up menu displayed when you right-click on the map background provides the following commands:
Table 44: The Map Pop-Up Menu Commands
Undo
Redo
Retracts the last layout or sizing change you made to the map.
Performs again the last layout change you made to the map.
EPICenter Reference Guide 451
452
EAPS Protocol Monitoring and Verification
Table 44: The Map Pop-Up Menu Commands
Automatic Layout
ZoomIn
ZoomOut
Fit
Synchronize
Legend
Export
Creates a default map layout, optimizing for node and link placement to
minimize overlap. See “Automatic Layout” on page 460 for further
information.
Expands the entire map, increasing the spacing between nodes. The style of the node may change at different zoom levels. See
for further information.
Shrinks the entire map, reducing the spacing between nodes. The style of
Changes the map scale to fit within the visible window (viewport) while
attempting to minimize overlap. See “The Fit Command” on page 460 for
further information.
Updates the EAPS status of the devices and links on the map. See
“Synchronize” on page 463 for further information.
Displays the Map Legend, which explains the symbols that appear on the map.
Exports the map layout in svg format, which can be imported into a tool such as Visio.
Prints the map. Reduces the map if necessary to fit on a single sheet of paper.
EAPS Monitor Main View
The EAPS Monitor applet provides a two-part display: a topological map view of the managed network with respect to the EAPS protocol implementation (the EAPS map), and a set of tables showing status information about the EAPS domains, network devices, and the EAPS-related links between devices.
The tables also provide a mechanism to navigate within the map—when you select a device or a link in a table, that device or link is centered and highlighted on the map. When you select a domain from the
Domains table, that domain is centered and is put into Focus mode.
Figure 230 shows the EAPS applet display as it appears when first invoked.
EPICenter Reference Guide
Figure 230: EAPS applet, initial view
EAPS Monitor Main View
The top panel initially displays the Domains tab, which lists the EAPS domains currently configured on the network, with a high-level assessment of their status.
The bottom panel, called the Viewport, displays a topological map of the network, showing the status of the devices and links in the network, including their status with respect to the EAPS protocol.
The top panel provides three tabs that allow you to switch between status displays for Domains,
Devices , or Links. In addition, within these displays you can display detailed status for individual domains, devices, ports, or links, while the corresponding elements are highlighted automatically on the map in the lower panel.
The viewport display provides a very flexible topological view of the devices being managed in the network with respect to the implementation of the EAPS protocol. The individual device nodes on the
EPICenter Reference Guide 453
454
EAPS Protocol Monitoring and Verification map display status including reachability, alarm status, and EAPS status (if applicable) in addition to the node identification information.
● Within the map view you can rearrange the layout by dragging nodes around the display, asking
EPICenter to layout the display based on built-in algorithms, and zooming the map in or out. See
“Reorganizing the Map View” on page 459 .
●
●
For a large map you can move the viewport (the visible portion of the map) around using a small pop-up navigation view where you can drag the viewport to show any portion of the larger map.
You can also reposition the viewport by clicking and holding the cursor on a background area of the map, and then dragging the map to show the area of interest. See
“Moving the Viewport” on page 460 for more information.
You can select an element (domain, device, or link) from the tables in the top panel and the Viewport automatically zooms in and highlights the selected element(s). It also pops up a detailed status display for the highlighted element.
●
●
Placing the cursor over a node opens a small window with links to obtain device status or status of any EAPS Domains to which the device belongs. For an EAPS node, clicking on a domain link displays detailed Domain status; right-clicking the link, or clicking the small Focus mode icon invokes Focus mode for that EAPS domain. You can also enter Focus mode for a domain by selecting
the daemon in the Domain table at the top of the window. See “Focus Mode” on page 461 for details
about using Focus Mode.
Right-clicking on a node displays a pop-up menu with a number of standard commands related to
the selected device. See “Right-Click Pop-Up Menus” on page 38 for information about using this
device-related pop-up menu.
The EAPS Map
The EAPS map shows all the devices managed by EPICenter with respect to their EAPS implementation, including the EAPS-related links between devices and a summary status for each device and for each
shows an example of the EAPS map.
NOTE
If some of the devices in an EAPS domain are missing from EPICenter’s inventory database, those devices will not appear on the EAPS map. The EAPS domain status will correctly reflect the status of the entire domain, but it may be difficult to troubleshoot domain operational problems that occur within nodes or links that are not shown on the map.
It is strongly recommended that you add all the nodes in your EAPS configuration to your EPICenter inventory database.
EPICenter Reference Guide
The EAPS Map
Figure 231: The EAPS Map (Viewport)
EAPS Viewport Toolbar
Synchronize
Undo last action/
Redo last action
Fit map into viewport
Automatic layout Display map legend
Viewport controls
(maximize, reset, minimize)
Save map Print map
Map statistics
Link endpoints shown when cursor moves over link.
Zoom slider
Activate map overview
Click the ?
Legend button to display the Map Legend, which defines the icons and colors that represent domain, device and link status as shown on the map.
Right click anywhere on the background of the Map to display a pop-up menu. It contains the same commands as are found on the toolbar at the top of the Map Viewport area.
The Viewport is the visible area of the map: if a map is larger than can be displayed within the
Viewport, the Map Overview feature lets you view a thumbnail view of the entire map, and lets you position the Viewport within it. The small boxed arrow in the lower right corner activates the Map
Overview. See
“Moving the Viewport” on page 460 for more information about this feature.
shows the Viewport with the Map Overview activated, and the Map’s right-click menu displayed. You can move the Viewport by dragging the small green Viewport area around within the
Map Overview.
EPICenter Reference Guide 455
EAPS Protocol Monitoring and Verification
Figure 232: The Map Viewport with PopUp Menu and Map Overview Box
The right-click map pop-up
456
Remove Overview Viewport area The Map Overview box
Node Status
The EAPS map shows all devices currently in the EPICenter database, whether or not they are configured for the EAPS protocol. If a device in the network is not included in the EPICenter database, it will not appear on the map, even if it is a member of a domain whose other members are shown on the map.
Domains are identified by their Control VLAN tags: all EAPS-enabled devices that share the same
Control VLAN, as identified by the VLAN tag, are determined to be members of the same Domain.
Thus if two independent EAPS domains in your network use the same Control VLAN tag, EPICenter will consider them to be a singe EAPS domain.
Initially, the name of the domain is determined by the name used on the first discovered node in the
domain. You can change the name that EPICenter uses to identify the domain (see “The EAPS Domain
); this does not change the domain’s name in the network.
EPICenter Reference Guide
Node Status
Status is shown on the map through icons displayed for each device node as follows:
Node Reachability (shown for all devices):
■
■
A green triangle: the device is up and is reachable via SNMP
A red X: the device is not reachable via SNMP (EPICenter cannot retrieve device status.
Note that if a device is not reachable, status for other items such as alarms or domain status may be out of date.
Node Alarm status (shown for all devices):
If alarms have occurred on the node and have not yet been acknowledged, the highest severity alarm is indicated with the small bell symbol. The color indicates the severity of the alarm:
■
■
A green bell is a “Normal” alarm.
A blue bell is a “Warning”
■
■
A yellow bell indicates a “Minor” alarm.
An orange bell indicates a “Major” alarm
■ A Red bell indicates a “Critical” alarm.
EAPS Worst Domain status :
A ring around the reachability icon shows that the device is configured for EAPS, and also indicates the worst state among the EAPS domains of which the device is a member.
Domain status is an aggregate of the status of all domains of which the node is a member, and shows the worst status among all relevant domains. For example, if a node is a member of three domains, two of which are fully operational and one which is not operational, the Domain status will be displayed as a Red ring, indicating that the node is a member of at least one nonoperational domain.
■
■
A green ring indicates that all domains in which this device participates are fully operational.
A yellow ring indicates that one or more of the domains is not fully operational, but is in a transitional state or an unknown state (as when the device is SNMP unreachable).
■ A red ring indicates that one or more of the domains is not operational—if the device has a master in a Failed state, or a Transit node in a “links down” state.
You can use Focus Mode (see
) to view the status of an individual domain.
EAPS Node status :
For an EAPS node the status display shows whether the device is a Master node (M) or Transit node (T), and displays an aggregate status for the node. If the node is a member of more than one domain, the node is shown as a Master if it is a master node in any of the domains to which it belongs. A node is shown as a Transit node only if it is a transit node in all domains to which it belongs, and is not a master node in any domain. For example, if a node that is a member of three domains, and is a Master node in one domain and a Transit node in the other two domains, it will appear on the EAPS map as a Master node.
You can use Focus Mode (see
) to show a node’s status relative to an individual domain.
Note that if a node is unreachable, the EAPS node status will reflect the last known node status— thus a node that is unreachable may still display Master or Transit node status as green.
For a Master node:
■ A Green M indicates the domain is complete (all links are up and forwarding).
■ A Yellow M indicates the domain is in a transient or startup state, or in an unknown state (as when the device is SNMP unreachable).
EPICenter Reference Guide 457
EAPS Protocol Monitoring and Verification
■ A Red M indicates the status is failed.
For a Transit node:
■
■
■
A Green T means both ring ports are up and forwarding
A Yellow means a ring port is up but blocked
A Red means that one or both ring ports are down.
shows two examples of nodes that are members of EAPS domains:
Node 1 status shows that the device is reachable, that it functions as a Master node (whose status is
Complete) in at least one domain of which it is a member, and all Domains of which it is a member are operational. The device also has generated at least one unacknowledged Minor alarm.
Node 2 status shows that the device is currently unreachable; no alarms have been detected, and at least one domain of which it is a member is in a transitional state. It is a Transit node, and its last status indicated that its ring ports were up and forwarding.
Figure 233: Examples of EAPS Node showing Status
458
Node 1 Node 2
Node Actions
You can initiate a number of actions from a device node on the map.
● Move the cursor over a node to display a small pop-up with links for the device, and for each domain of which this node is a member:
■ Click the device link to display the Device Details display. See
“The Device Details Display” on page 471
for more information about this display.
Click the small Reports icon to the right of the device link to display the EAPS Log Report for this device.
■
■
Click a domain link (left click) to show the EAPS Domain Details display for the domain. See
“The EAPS Domain Details Display” on page 467 .
Right click a domain link to enter Focus mode for the domain. In Focus mode, the devices and links in the selected domain are centered and highlighted, and all other devices and links are
shown in grey. See “Focus Mode” on page 461 for details on Focus mode.
●
●
You can also enter Focus mode by clicking the small Focus mode button ( ) to the right of the domain link.
Click (left) and hold the cursor on the node to enable dragging the node around on the map.
Right-click to display a pop-up menu with a set of standard device-related commands. See “Right-
Click Pop-Up Menus” on page 38
for information
Node Display at Outer Zoom levels
When there are many nodes on a map that must be displayed within the Viewport, EPICenter will automatically zoom the display out, and will represent nodes using only their status icons, rather than the entire set of node information.
EPICenter Reference Guide
Link Status
Figure 234: Map node display at outermost zoom level
EAPS Master Node
Device Up with Alarm
Move cursor over node to display node information (name,
IP address, domains)
Display the EAPS Log report for this device
Enter Focus Mode for this Domain
Link Status
Links between devices may be single links (a connection exists between only one port on each device) or bundled links (connections exist between multiple ports on each of the devices.)
Single links are shown as a single line. Bundled links are shown with a small box within the link.
● A green line indicates that the link is up.
●
●
A red line indicates that the link is down
A yellow line indicates that the link status is unknown. For a bundled link, yellow may indicate that some links are down (or unknown) and some are up.
When the map is zoomed in sufficiently, the port endpoints are automatically displayed for each link.
When the map is zoomed out, the port endpoints are not shown automatically; move the cursor over a link to display the ports that are the endpoints of that link.
Reorganizing the Map View
There are a number of ways to manipulate the view of your network as shown on the EAPS map.
● You can reorganize the placement on the nodes in the map either by asking EPICenter to calculate a layout, or by dragging nodes around yourself. (You must have write access to the EAPS Monitor in order to perform this function—Read-Only users cannot do this.)
● You can zoom in and out either by command or by using the Zoom slider on the right-hand side of the viewport, or you can zoom in on selected domains or devices using by selecting them in the
Domain or device table.
Depending on the zoom level, individual nodes may be displayed with only minimal information.
At the outermost zoom levels, nodes may be represented only by their status icons, with their IP
addresses and system names hidden (see Figure 234 on page 459
).
EPICenter Reference Guide 459
460
EAPS Protocol Monitoring and Verification
● You can move the visible area (the Viewport) within a large map to show the portion of the map in which you are interested.
Manually Arranging the Topology
You can rearrange the appearance of your map by manually moving node around the map.
● To drag a node, left-click and hold on the node, and drag it to the location you want. Links between the selected node and other nodes on the map will expand or contract to maintain connectivity.
You must have write access to the EAPS Monitor in order to perform this function.
Automatic Layout
The Automatic Layout command automatically calculates a topology layout and arranges the nodes and links based on an internal algorithm.
● The Automatic Layout command can be accessed from the Viewport toolbar, or from the map rightclick pop-up menu.
You must have write access to the EAPS Monitor in order to perform this function.
The Fit Command
The Fit command rearranges the nodes and links in the map to fit entirely within the Viewport. In a large network, this may result in a map that is zoomed out such that nodes are represented only by
status icons (as shown in Figure 234 on page 459 .
Any user can perform this function.
Moving the Viewport
If the complete EAPS map is too large to fit within the display area, you can move the viewport around to view different parts of the total map. There are several ways to do this. In addition, you can minimize or maximize the viewport, or change its vertical dimension with respect to the amount of space allocated to the EAPS tables shown in the top portion of the EAPS display.
To change the dimensions of the viewport:
● Click the minimize button (the small down-pointing triangle at the right of the viewport toolbar) to remove the viewport from the EAPS view, leaving only the EAPS tables visible. The Viewport toolbar moves to the bottom of the EPICenter client window.
●
●
●
Click the maximize button (the small up-pointing triangle at the right of the viewport toolbar) to expand the viewport vertically to fill the entire EPICenter client window. The Viewport toolbar moves to the top of the EPICenter client window.
Click and drag the bar that separates the Viewport from the EAPS tables to expand or contract the viewport relative to the size of the tables.
Click the Restore button (the small button between the minimize and maximize buttons) to return the viewport to its default size.
Refer to
, which shows the Viewport Controls at the top right corner of the viewport.
EPICenter Reference Guide
Focus Mode
To move the viewport by dragging the map:
● Click and hold the cursor on a background portion of the map, and drag the map until the portion you want to see comes into view.
To move the viewport using the Map Overview:
1 Click the small boxed up-diagonal arrow at the lower right-hand corner of the window to activate
the Map Overview (see Figure 231 on page 455
which shows the Activate Map Overview button).
The Map Overview shows a thumbnail view of the total map layout, with a green rectangle superimposed to show where the viewport is focused.
2 Click in the green rectangle and drag it to move the viewport around on the map.
3 Click the small boxed down-diagonal arrow to remove the Map Overview.
Zooming the Map
The map is automatically zoomed when you select a Device, a Link, or a Domain from the EAPS tables, or when you enter Focus Mode. You can also zoom the map manually.
● You can use the Zoom In and Zoom Out buttons found above and below the Zoom slider at the right side of the viewport. The Zoom In and Zoom Out buttons can also be accessed from the Map right-click menu.
●
●
You can use the Zoom slider at the right of the viewport to zoom the map in and out.
You can use the mouse scrolling wheel to zoom the map in and out.
When the map is zoomed in to the innermost (closest) level, full details are displayed for each node (IP address, name, and status icons). The port endpoints for each link are also displayed.
When the map is zoomed out to the outermost (farthest) level, only the status icons for the nodes, and the links between nodes, are displayed. Device and port information can be displayed by moving the cursor over a node or link of interest.
Focus Mode
Focus mode enables you to highlight and zoom in on a domain, to make the devices and links in that domain easier to identify. There are two ways to enter Focus mode:
1 Click the domain name in Domains table under the Domains tab. (This also pops open the Domain
Details display.)
2 Move the cursor over a node in the domain to display the pop-up list of domain links, then rightclick on the link to the domain, or click the Focus mode button ( ) to the right of the domain link.
The Viewport will zoom in on the selected domain, highlighting the nodes and links in the selected domain, while all nodes and links not in the selected domain are shown in grey.
In Focus mode, the status of the nodes in the domain reflect their status only within the selected domain. For example, if a node is a member of two domains, and is a Master in one domain and a
Transit node in the other, its aggregate status is shown as Master on the EAPS map. However, if you enter Focus mode for the domain in which that node is a Transit node, the status is shown as Transit for as long as you maintain focus on that domain.
EPICenter Reference Guide 461
EAPS Protocol Monitoring and Verification
Figure 235: Focus mode on a domain
462
Indicates Focus Mode is in effect Exit Focus Mode
The blue bar at the top of the Viewport indicates that the Focus mode is enabled, and specifies the domain that is currently in focus.
Exiting Focus Mode
To exit focus mode, you can double-click the blue Focus Mode indicator bar, or click the small boxed arrow at the right end of the Focus mode bar.
The Tools Menu
Using the Tools menu, you can update the EAPS status of the devices on the map, run a verification on the EAPS devices, and view a variety of information about the devices represented by the nodes on the map. By selecting a function from the Tools menu, or from the Device pop-up menu, you can invoke displays of information kept by EPICenter for the selected device.
EPICenter Reference Guide
The Tools Menu
Synchronize
The Synchronize command goes to the network to update the status of the devices on the map, and then updates the EAPS status of those devices and links. For a large number of managed devices, this can take some time to complete.
The Synchronize command appears on the Tools Menu, as a button on the Viewport Toolbar, and on the
Map right-click pop-up menu.
Verify EAPS
The EPICenter EAPS application lets you verify the EAPS configurations in your network, and provides a report that shows where configuration errors are found.
● To run a verification on your EAPS domains, click Verify EAPS under the Tools menu. Depending on the size of your network and your EAPS configurations, this can take as long as 15 minutes.
The results of the verification are shown in the EAPS Verification Results window.
Figure 236: EAPS Verification Results
The information shown in this report is as follows:
Table 45: EAPS Verification Results Report
Column
Type
Severity
The type of error. See
for a list of errors that the EAPS verification process may report.
The severity level of the error: Error, Warning, or Information
EPICenter Reference Guide 463
464
EAPS Protocol Monitoring and Verification
Table 45: EAPS Verification Results Report
Column
Source
Description
The element that was the source of the error. By clicking this link you can highlight the domain, device, or link on the EAPS map.
An more detailed description of the error.
If errors are reported, you should log into the affected device(s) to correct the problems. (You can do this using the EPICenter Interactive Telnet feature, assuming you have the proper Administrator privileges.) Once you have corrected any reported errors, you should run the verification again to ensure that the configuration is correct.
●
●
Click the Refresh button to re-run the verification process.
Click Save... to save the verification results to a file.
The recommended workflow for identifying and correcting EAPS configuration problems is as follows:
1 Run the Verify EAPS command.
2 If there are errors, you can click the domain or device link in the source column, and this will put you into Focus mode for the domain or device where the errors occurred.
3 From a highlighted device node on the EAPS map, you can run the EAPS Log report, which may contain much information useful in debugging these issue. (Just move the cursor over the node and
the resulting pop-up contains a link to generate the EAPS Log Report— Figure 234 on page 459
shows this pop-up.)
4 From the highlighted device node on the EAPS map, right-click to bring up the pop-up menu, then select Device > Telnet. This opens an interactive Telnet session on the device, without exiting the
EAPS Monitor application. This means you can execute CLI commands on the device while still viewing the EAPS Verification Report and the EAPS map showing the highlighted device or domain.
5 When you have fixed the problems via ExtremeWare or ExtremeXOS commands, you can close the
Telnet applet, and then Refresh the EAPS Verification Report to see the results of your corrections.
NOTE
It may take multiple iterations of correcting errors and running the verification process to produce a correct EAPS configuration, as correcting one set of configuration errors may reveal other errors. You should continue to re-run the verification process until no errors are reported.
The following table lists the error types that may be reported by the EAPS verification process:
Table 46: EAPS Verification Error Types
• No Master Node
• Multiple Master Nodes
• Disabled EAPS Node
• Missing Control VLAN
• Missing Primary Domain Port
• Missing Secondary Domain
Port
• Mismatched Domain Ports
• Incomplete VLAN Protection
• Inconsistent EAPS Node Naming
• Control VLAN not in QP3
• Unprotected Shared Link
• Duplicate Link ID
• Missing Link ID
• Mismatched Link ID
• Misconfigured Shared Port Mode
• Shared Port Not Created
• No Physical Link
• Domain List Mismatch
• Link ID Not Configured
• Control VLAN Misconfigured
• Protected VLAN Misconfigured
• Shared Port Misconfigured
• Controller Misconfigured
EPICenter Reference Guide
The Domains Tab
Table 46: EAPS Verification Error Types
• Inconsistent Control VLAN
Naming
• Shared Port Not Configured
EAPS Summary Report
The EAPS Summary Report provides a brief overview of the status of the EAPS domains known to
EPICenter.
● Click EAPS Summary Report from the Tools menu to produce this report.
The report shows:
● The total number of EAPS domains known to EPICenter
●
●
The number of Domains currently in an error state
The number of domain failures that have occurred in the last 24 hours.
Figure 237: The EAPS Summary Report
The report can also be run from within EPICenter’s Reports feature. See “EAPS Summary” on page 408 .
The Domains Tab
The Domains table, shown under the Domains tab, provides an overview of the domains known to
EPICenter. The table shows the following information:
EPICenter Reference Guide 465
EAPS Protocol Monitoring and Verification
Table 47: Columns in the Domains Tab
Column
O (Domain status)
Domain
Description
The status of the domain: Operational (green), Transitional (Yellow), Down (Red)
The name of the domain. Click this link to open the Domain Detail window, and to highlight the nodes and links on the EAPS map that are included in the domain.
See
“The EAPS Domain Details Display” on page 467
.
An optional description for the domain.
Figure 238: The EAPS Monitor showing the Domains Tab
466
Sorting a Table Display
Any of the table displays in the EAPS Monitor application can be sorted based on one or more columns.
To sort on a column, click the column header:
●
●
The first click in a column header sorts the column in ascending order
The second click in the column header reverses the sort order
EPICenter Reference Guide
The Domains Tab
● The third click removes the sort specifications.
You can specify additional levels of sorting using Ctrl-click:
1 Click in the column you want to use as the top-level sort
2 Ctrl-click in each column you want to use for an additional level of sorting. Each additional sort specification sorts within the order established by the previous level sort.
● Ctrl-click a second time to reverse the sort order for a column.
● Ctrl-click a third time to remove the sort specification for this column only. Any lower-level column sort indicators are renumbered.
The sort order is shown using small up or down-pointing triangles followed by a small numeral that indicates the sort level of that column. Figure 239 shows a three column sort.
Doing a regular click for the third time in any column heading removes all the sort specifications.
You can specify as many sort levels as there are columns in the table.
You can sort columns in the various Details Displays in the same manner.
Figure 239: Sorting by multiple columns
Sorting indicators
The EAPS Domain Details Display
The EAPS Domain Details window appears when you select a domain name in the Domains table. You can also display the Domain Details window by clicking a domain link in the pop-up window that appears when you move your mouse over a domain node on the map.
The Domain Details window shows information in two parts: information about the domain as a whole, and information about the nodes in the domain.
Figure 240 shows the information provided when the EAPS Domain Details window first appears.
EPICenter Reference Guide 467
EAPS Protocol Monitoring and Verification
Figure 240: The EAPS Domain Details windows
468
The top portion of the window shows information about the domain as a whole, and the middle area shows information about the nodes that are members of the domain, as follows:
Table 48: EAPS Domain Details window, Domain information
Domain Information (top of window)
Domain Name The name of the domain. Initially, the domain name on the first discovered node in a domain is taken as the domain name. You can change the name that EPICenter uses to identify the domain; this does not change the domain’s name in the network.
Domain Description
To change the domain name, click the Edit button. Type a new name, and either
Save the name or Cancel the edit.
An optional description of the domain.
Domain Status
Last Updated
Control VLAN Tag
To add or change a description, click the Edit button. Type a description, and either
Save it or Cancel the edit.
Status of the domain: Error, Warning, or Complete
The date of the last status update.
VLAN tag (ID) of the EAPS control VLAN
Domain Nodes Information
Device Name
IP Address
Node Status
Mode
Primary Port
Secondary Port
Name of the device
IP address of the device
Status of the node: Can be Idle, Complete, Failed, Links Up, Links Down,
Preforwarding, Init, Precomplete, PreInit, or Unknown.
Whether the node is a Master or Transit node
Primary port number
Secondary port number
EPICenter Reference Guide
The Devices Tab
Table 48: EAPS Domain Details window, Domain information
Device Enabled
Fast Convergence
Whether EAPS is globally enabled on the device (true or false)
Whether the device is enabled for fast convergence (true or false)
● Select a node in the Domain Nodes list to display information about that node and the VLANs it is protecting.
The information shown in this part of the window is a follows:
Table 49: EAPS Domain Details window, Domain node information
Domain Node Information
Device Name
IP Address
Node Status
Mode
Primary Port
Secondary Port
Device Enabled
Fast Convergence
Domain Node Detail
Domain Node name
Enabled
Control VLAN Name
Control VLAN Tag
Hello Timer
Failed Timer
Failed Timer Action
Primary Port Status
Secondary Port Status
Protected VLAN
VLAN Name
VLAN Tag
Name of the device
IP address of the device
Status of the node: Can be Idle, Complete, Failed, Links Up, Links Down,
Preforwarding, Init, Precomplete, PreInit, or Unknown.
Whether the node is a Master or Transit node
Primary port number
Secondary port number
Whether EAPS is globally enabled on the device (true or false)
Whether the device is enabled for fast convergence (true or false)
The node’s name within the domain
Whether this specific node is enabled as an EAPS node. True or false
Name of the control VLAN
VLAN tag (ID) of the control VLAN
The interval at which the EAPS master polls to check the status of its EAPS member nodes
The interval after a failure is detected before the Failed Timer expires
Action to be taken when Failed Timer expires
Status of the primary port: Up, Down, Blocked, or Unknown
Status of the secondary port: Up, Down, Blocked, or Unknown
The name of the protected VLAN
The ID of the protected VLAN
The Devices Tab
The Devices table, shown under the Devices tab, provides an overview of the devices known to
EPICenter with respect to their EAPS configuration. Figure 241 shows the Devices tab.
EPICenter Reference Guide 469
EAPS Protocol Monitoring and Verification
Figure 241: The EAPS Monitor showing the Devices Tab
470
You can sort the rows in the Devices table based on the one or more columns. See “Sorting a Table
Display” on page 466 for details.
The table shows the following information:
Table 50: Columns in the Devices Tab
Column
{
(Domain Status)
M (EAPS Mode)
(Alarm Status)
(Device SNMP
Reachability)
Device name
The status of the domain: Operational (green), Transitional (yellow), Down (red)
EAPS Mode (Master or Transit) of an EAPS node device (Highest mode if the node is in multiple domains)
Highest unacknowledged alarm state on the device
Reachability status: Reachable via SNMP (green triangle) or not reachable (red X).
IP Address
Description
The name of the device. Click the name to find and highlight the device on the
EAPS map. For EAPS nodes, the name is also a link to open the Device Details window. If the name is not shown as a link, then the device is not enabled for
EAPS.
The IP address of the device. Click the IP address to find and highlight the device on the EAPS map. For EAPS nodes, the IP address is also a link to open the
Device Details window. If the IP address is not shown as a link, then the device is not enabled for EAPS.
The device description (from the sysDescr MIB variable).
EPICenter Reference Guide
The Devices Tab
Table 50: Columns in the Devices Tab
Column
Reports For EAPS nodes, click the Report icon to display the EAPS Trap/syslog report for
that device (see “EAPS Log Reports” on page 478
). This report is not available for non-EAPS devices (no report icon will be present).
Click on a device name to open the Device Details display. This also highlights the device on the map.
The Device Details Display
When you select a device name or IP address of an EAPS-enabled device in the Devices Table, the
Device Details window appears. The Device Details window shows information in under four tabs:
●
●
Domain Nodes
Shared Ports
●
●
Domain Ports
Device Settings
The Domain Nodes Tab
Figure 242 shows the Domain Nodes tab as displayed when the Device Details window first appears.
Figure 242: The Device Details windows, Domain Nodes tab
EPICenter Reference Guide 471
472
EAPS Protocol Monitoring and Verification
The top portion of the window shows information about the device in relation to each of the EAPS domains of which it is a member. The lower area shows information about a selected domain node.
● Select a node to display the Domain Node Detail and Protected VLAN information.
This tab shows the following information:
Table 51: Device Details window, Domain Nodes tab
Domain Nodes
Domain Node
Status
Mode
Primary
Secondary
Domain
Domain Node Detail
Enabled
Control VLAN Name
Control VLAN Tag
Hello Timer
Failed Timer
Failed Timer Action
Primary Port Status
Secondary Port Status
Protected VLAN
VLAN Name
VLAN Tag
The name of the node given to the device as a member of a domain.
Status of the node: Can be Idle, Complete, Failed, Links Up, Links Down,
Preforwarding, Init, Precomplete, PreInit, or Unknown.
Whether the node acts as a Master or Transit node for this domain.
Primary port number
Secondary port number
The name of the domain to which this node belongs.
Whether this node is enabled as an EAPS node. True or false.
Name of the control VLAN
VLAN tag (ID) of the control VLAN
The interval at which the EAPS master polls to check the status of its EAPS member nodes
The interval after a failure is detected before the Failed Timer expires
Action to be taken when Failed Timer expires
Status of the primary port: Up, Down, Blocked, or Unknown
Status of the secondary port: Up, Down, Blocked, or Unknown
The name of the protected VLAN
The ID of the protected VLAN
The Shared Ports Tab
Figure 243 shows the Shared Ports tab of the Device Details window.
EPICenter Reference Guide
Figure 243: The Device Details windows, Shared Ports tab
The Devices Tab
The top portion of the window shows information about the shared port(s) on this device. The lower area shows information about each of the domains that share the port.
● Select a shared port to display the Sharing Domain information. for that port.
This tab shows the following information:
Table 52: Device Details window, Shared Ports tab
Shared Ports
Port
Status
Mode
Link ID
Neighbor
Root Blocker
Port Status
Sharing Domains
Domain Name
Domain Status
Other Domain Port
Related Domain
The port number of the shared port.
Status of the shared port: Idle, Ready, Blocking, Preforwarding.
Whether the node acts as a Controller or a Partner node for this shared link.
An integer configured on the switch. for the shared port
Status of the neighboring node: Down, Up, Error
The port’s status as a root blocker (None or Active)
Status of the port: Ready, Active .
The name of a domain that shares the port
The status of the domain
The other port (besides the shared port) configured in the pair for this domain
The other domain(s) that share this port.
EPICenter Reference Guide 473
EAPS Protocol Monitoring and Verification
The Domain Ports Tab
Figure 240 shows the Domain Ports tab of the Device Details window.
The Device Details windows, Domain Ports tab
474
The top portion of the window shows information about the ports on this device in relation to the EAPS domains to which the device belongs. The lower area shows information about the domains related to a selected port.
● Select a port to display the domain nodes that are configured on the selected port.
This tab shows the following information:
Table 53: Device Details window, Domain Ports tab
Domain Ports
Port
Status
Link ID
Mode
The number of a port configured for one of the domains sharing a link.
Status of the port: Up, Down, Blocked, or Unknown
An integer ID configured on the switch. for the shared port only.
Whether the node acts as a Controller or a Partner node or is unconfigured for the shared port.
Domain Nodes
Domain Node
Status
Mode
Primary Port
The domain node name given to the device as a member of a domain.
Status of the node: Idle, Complete, Failed, Links Up, Links Down, Preforwarding,
Init, Precomplete, PreInit, or Unknown.
Whether the node acts as a Master or Transit node for this domain
Primary port number
EPICenter Reference Guide
Table 53: Device Details window, Domain Ports tab
Secondary Port Secondary port number
The Device Settings Tab
Figure 240 shows the Device Settings tab of the Device Details window.
Figure 244: The Device Details windows, Device Settings tab
The Links Tab
This tab shows information about the device configuration in relation to EAPS. It shows the following:
Table 54: Device Details window, Device Settings tab
EAPS Protocol Enabled
Fast Convergence Enabled
Last Configuration Updated
Last Status Updated
Whether the EAPS protocol is enabled on this device (true or false)
Whether the fast convergence is enabled for this device (true or false)
The date of the last configuration update.
The date of the last status update.
The Links Tab
The Links table, shown under the Links tab, provides an overview of the links currently known to exist between devices in the EPICenter database. Figure 245 shows the Links tab.
EPICenter Reference Guide 475
EAPS Protocol Monitoring and Verification
Figure 245: The EAPS Monitor showing the Links Tab
476
You can sort the rows in the Devices table based on the one or more columns. See “Sorting a Table
Display” on page 466 for details.
The Links table shows the following information:
Table 55: Columns in the Links Table
Column
(Link Operational State)
(EAPS Shared Port
Present)
Blank if the link is up, shows a red Stop symbol (red circle with diagonal line) if the link is down.
Whether a shared port is present on this link. SP indicates a shared port is present. Click the link (SP) to display the Shared Port information window (See
DP (Link Discovery Protocol) The discovery protocol enabled on the link (EDP, LLDP, or EDP and LLDP)
Type The link type (speed)
Device Name
IP Address
The name of the device at one endpoint of the link. Click the device name to
display the Device Properties window (see “Device Properties” on page 88 ).
The IP address of the first endpoint device. Clicking the IP address also displays the Device Properties window.
Port
Device Name
The port on which the link exists on the first endpoint device. Click the port number to display the Port Properties window (see
“Port Properties” on page 96 ).
The name of the device at the other endpoint of the link. Click the device name to display the Device Properties window (see
“Device Properties” on page 88
).
EPICenter Reference Guide
The Links Tab
Table 55: Columns in the Links Table
Column
IP Address
Port
The IP address of the second endpoint device. Clicking the IP address also displays the Device Properties window.
The port on which the link exists on the second endpoint device. Click the port number to display the Port Properties window (see
“Port Properties” on page 96 ).
The Shared Ports Display
If a link is a shared link, that fact is indicated by the presence of an SP link in the Shared Port column of
). Click the SP in the shared port column to open the Shared Port display.
Figure 246 shows the Shared Ports window.
Figure 246: The Shared Ports display
The two columns are headed by the device names, IP addresses, and ports that define the shared link.
For each of the ports, the display shows the following information:
Table 56: Shared Ports window
Shared Port Link ID
Shared Port Mode
An integer configured on the switch for the shared port
Whether the node acts as a Controller or a Partner node for this shared link.
Shared Port Status Status of the shared port: Idle, Ready, Blocking, Preforwarding.
Shared Port Expiry Action Action to be taken when the Shared Port fail timer expires.
Neighbor Status
Root Blocker Status
Root Blocker ID
Status of the neighboring node: Down, Up, Error
The status of the port if it is a root blocker, else None if it is not a root blocker)
An integer configured for the port when it is configured as a root blocker. None if the port is not a root blocker.
EPICenter Reference Guide 477
EAPS Protocol Monitoring and Verification
EAPS Log Reports
The EAPS log report shows the EAPS traps and EAPS-related syslog entries that have occurred for the selected device. Once you run the report, you can filter it further based on the following:
● The IP address (must be exact, wildcards are not supported).
●
●
●
The type of event (trap or syslog entries): you can enter any keywords that may appear under the
Type column as part of the description of the trap or syslog entry.
Specific varbinds (enter a keyword that matches the varbind you want to find, such as extremeEapsLastStatusChange .)
Events that occurred within a certain time frame.
Enter values into the fields and click Submit. This report can also be run from within EPICenter’s
Reports feature, see
.
478 EPICenter Reference Guide
Figure 247: EAPS Log Report
EAPS Log Reports
The EAPS Log report displays the following information:
Time
Source
Type
Varbinds
Time the event occurred, expressed in the local time zone of the EPICenter server.
IP address of the device and port number (if applicable) that generated the event
Event type (SNMP trap or syslog, including description)
Variable data transmitted with a trap, as appropriate
EPICenter Reference Guide 479
EAPS Protocol Monitoring and Verification
480 EPICenter Reference Guide
17
Using the Policy Manager
This chapter describes how to use the EPICenter Policy Manager for:
● Creating, modifying, and deleting network Quality of Service (QoS), access list, and Access-based policies
●
●
Configuring QoS profile settings on network devices
Configuring network devices with the defined network policies
Using the Policy Manager
The Policy Manager provides a high-level interface for specifying QoS and access list rules for Extreme devices. It is strongly recommended that you become familiar with the Policy Manager concepts presented in the EPICenter Concepts and Solutions Guide before you begin to create policies through
EPICenter on your network devices.
The Policy Manager is closely tied to the EPICenter Grouping applet, which is used to define the network resources that can be used as endpoints or in the scope for a policy definition. Resources must be set up through the Grouping applet prior to using them in a policy definition. You should be familiar with the Grouping applet before you begin to define policies through the Policy Manager.
In addition, you must have Administrator or Manager access to create, modify, and configure policies within the Policy Manager. If you have Monitor-level access only, you cannot use these functions.
To invoke the Policy Manager, click the Policy button in the Navigation Toolbar. The Policy Manager main window is displayed (see Figure 248 ).
The Policy Manager is organized into two functional areas.
●
The Policies View , where you can create, view, and modify EPICenter policy definitions for
Extreme devices. The organizing principle within the Policies View is the policy definition.
●
The ACL Viewer where you can view the access list and QoS rules generated by the Policy Manager
for the devices in your network. You cannot modify EPICenter policy definitions from within this view. The organizing principle within the ACL Viewer is the network device.
From either the Policies View or ACL Viewer, you can modify QoS profiles, change policy precedence, and configure the currently enabled policies on one or more devices.
When the Policy Manager applet first appears, the Policies View is selected, showing a summary of the policies currently defined within the EPICenter Policy Manager. You can view the details of an individual policy by selecting the policy in the component tree, or by double-clicking a policy entry in the policy list in the main window of the applet.
for details on defining policies.
EPICenter Reference Guide 481
482
Using the Policy Manager
The buttons and icons at the top of the page provide the following functions:
New
Save
Delete
Reset
Auto
Order
Cfg All
Config
Profile
Status
Lets you create new policy definitions. This button is available only in the Policies View. See
“Creating a New Policy” on page 488 .
Lets you add a new policy definition to the database, or replace a modified policy. This button
is available only in the Policies View. See “Creating a New Policy” on page 488
Removes the selected policy definition from the database. This button is available only in the
Policies View. See “Deleting a Policy” on page 501 .
Abandons all modifications you have made to a policy definition, and restores the last saved definition for the selected policy to the fields displayed in the Policy description page. This button is available only in the Policies View. See
“Resetting a Policy” on page 502
.
A toggled-state button that indicates whether auto-configuration is enabled or disabled. When auto-configuration is enabled, any access list or QoS changes made within the Policy Manager, any changes made within the Grouping Manager or Inventory Manager that affect the endpoints or scoping of a policy, or any changes on a device that affect access list or QoS settings on the device, will cause an immediate reconfiguration of all enabled policies on the network devices.
Access-based Security policies will be automatically configured only if the Auto-configuration mode is activated.
When auto-configuration is disabled device policy configuration occurs only when specifically invoked using one the configure buttons (Config or Config All). See
Access-based Security policies and auto-configuration is disabled, these policies have to be configured each time a user logs in over the network.
Lets you change the precedence of your policies relative to one another. See “Configuring
Policy Precedence” on page 502 .
Computes rules for your policies and configures them on all affected devices. See “Configuring
.
Computes the set of access list and QoS rules that affect the devices you select, and configures them on those devices. You can select an individual device or a group, and all policies that have those devices in their scope will be configured. This button is available only
in the ACL Viewer. See “Configuring QoS Policies” on page 505
.
Lets you modify the settings of the QoS profiles for a device or device port. See
Modifying QoS Profiles” on page 503
.
Shows the status of a configuration operation due to an automatic or directed configuration.
This icon is not functional, shows status only. See “Configuring QoS Policies” on page 505
.
Each function is described in more detail in later sections of this chapter.
The Policies View
The Policies View lets you create, view, and modify the policies managed by the EPICenter Policy
Manager. The Policies View organizes information by policy—information related to devices is presented relative to the currently selected policy.
EPICenter Reference Guide
The Policies View
To view the policies currently defined within the EPICenter Policy System, click the Policies radio button just above the component tree. This displays a summary of the policies currently known to the
Policy Manager (see Figure 248 ).
Figure 248: Policy View in the Policy Manager
The component tree on the left shows the policies defined through the Policy Manager. The main applet frame shows the definition and function of the selected elements.
! (exclamation point)
Name
Type
Enabled
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order.
The name of the policy.
The type of policy (Access-based security, IP, source physical port, or VLAN).
Indicates whether the policy is enabled. A green check ( ) indicates that the policy is enabled. A red X ( ) indicates that the policy is not enabled. A policy that is not enabled will not be configured on any devices, either automatically or when you start a configuration manually.
EPICenter Reference Guide 483
484
Using the Policy Manager
Direction
Description
Indicates whether rules are generated by this policy for traffic in one direction only, or are generated for traffic in both directions.
• For Access-based Security policies, “network resources to users” indicates traffic going from the endpoints specified in Network Resources side of the Policy Traffic area of the Policy Description page, to the endpoints specified in the Users area.
“Users to network resources” indicates traffic flowing from user endpoint(s) to the network resource endpoint(s). “Bidirectional” indicates that access list rules are generated for traffic in both directions. The default for these policies is the “users to network resources direction”. The default choice gives a lower total number of ACLs since bi-directional requires twice the number of rules as uni-directional.
• For IP policies, “server to client” indicates traffic going from the endpoints specified in Server side of the Policy Traffic area of the Policy Description page, to the endpoints specified in the Client area. “Client to server” indicates traffic flowing from client endpoint(s) to the server endpoint(s). “Bidirectional” indicates that access list rules are generated for traffic in both directions.
• For Source Port policies, the direction will always be “from source port.”
• For VLAN policies, the direction will always be “from VLAN.”
Displays the description, if any, that was entered when the policy was defined.
By default, the policy list is sorted by policy type. To sort based on the contents of a different column, click the column header. Clicking a second time reverses the sorting sequence.
To view the specifications for an individual policy, you can do one of the following:
● Select the policy name in the component tree.
● Double-click anywhere within the policy entry in the policy list display.
This displays the Policy description page for the selected policy.
Policy Definition Page
The Policy Definition page displays the high-level definition of the selected policy, in terms of the network elements (users, hosts, and L4 ports as appropriate) that define the traffic flow, and the devices on which the policy is implemented.
Figure 249 shows the Policy Definition page for an Access-based Security policy.
EPICenter Reference Guide
Figure 249: Policy definition page for an Access-based Security policy
The Policies View
The policy name and optional description are displayed at the top of the page.
The Policy Traffic section, shows the elements that define the traffic flow:
●
●
The Policy Type radio buttons determine the type of rules that will be generated from the policy description, and thus affect how the policy endpoints are specified.
The rest of this area shows the network resources that define the traffic flow for the policy.
■ In the Access-based Security policy example shown in Figure 249 , the policy traffic specification includes two lists of resources that define the “network resources” or left-side endpoints for the policy, and the “users” or right-side endpoints. These resources are defined in the EPICenter
Inventory or Grouping applets, and may include hosts, custom applications, users, devices, and ports, or groups of any of those resources.
For example, the resource shown in the Network Resources list in Figure 249 is a single host. The resource in the Users list is a User group. If you have Administrator or Manager access, you can use the Edit... button to access the resources list and view the definition of the resource groups.
You can also view their definitions through the Grouping applet. For the Network Resources side, the resources are mapped to specific IP addresses and ports, but for the Users side, the IP addresses are determined dynamically at network login.
If you are entering a new IP policy, the left-side endpoints will be “servers” and the right-side endpoints will be “clients.” For the purpose of generating access list rules, those resources are mapped to specific IP addresses and ports for use as source and destination endpoints. These lists may also show IP addresses that have been entered directly.
EPICenter Reference Guide 485
486
Using the Policy Manager
■
■
■
The traffic specification for an Access-based Security policy includes a flow direction (network resources to user, user to network resources, or bidirectional). This is used by the EPICenter policy server to determine the source and destination for each traffic flow. In the example, the traffic is unidirectional, from user to network resource, which is the default for Security policies.
This means that access list rules will be generated with the hosts listed on the network resources
for an explanation of the traffic flows that this example generates.)
The traffic specification for an Access-based Security policy also includes the specification of a
“network resource” on the network resource side, that can be used to define a protocol and an L4 port or port range, or a named application (which translates to a protocol and specific L4 port).You can define an L4 port for the userside as well, if needed.
For an IP policy, the Policy Traffic section is similar to that for Access-based Security policies with the substitution of “Servers” and “Clients”, for “Network resources” and “Users” respectively. IP policies default to bi-directional.
■ For a Source Port or VLAN policy, the Policy Traffic section is much simpler, showing you either the network resources that define the source physical ports or the VLANs that are used to define the traffic flow for the policy. Flow direction is not a factor in Source Port or VLAN QoS Policy specifications.
See
“Creating a New Policy” on page 488 for detailed information on specifying the endpoints for
defining policy traffic.
The Policy Access Domain (Scope for IP policies) section displays the network devices on which the policy rules should be implemented. The devices can be specified individually, or as groups whose member devices or device ports will be included in the domain. The policy domain also specifies the
QoS profiles that are implemented on each device for the specified traffic flows.
The Policy Access Domain (Scope for IP policies) display includes:
● The resources (devices or groups that contain devices) on which the policy should be implemented
●
●
●
The type of the resource (Device or Group)
The QoS profile that will be used for the device or devices specified by this resource
An optional comment entered when the QoS profile is selected for the resource
The resources are displayed in order of precedence. Because the domain/scope can include groups as well as individual device resources, it is possible that a device could be included more than once in the domain/scope (as a member of multiple groups, for example) and the QoS profile setting of each of those occurrences could conflict. Therefore, the order of the list determines the precedence in case of
QoS profile conflicts—the first occurrence of a device in the list determines the QoS profile that will be used on that device.
See
“Creating a New Policy” on page 488
for detailed information on specifying scope resources for a policy.
Policy Traffic Page
The Policy Traffic page shows the actual traffic patterns derived from the Policy Traffic specification as defined on the Policy Description page. Access-based Security policy traffic will not show on this page unless the user endpoint is specified as a fixed IP address. Otherwise, the traffic will only show when the user is actively logged in over the network. The diagram below shows an example for an IP policy.
For an Access-based Security policy, this page may be blank except when the user is logged into the
EPICenter Reference Guide
The Policies View network. In the case where a user is assigned a specific IP address however, the page will look the same as it does for an IP policy.
Figure 250 show the traffic patterns generated for the IP policy from Figure 249 .
Figure 250: Policy Traffic page
In Figure 249 , the Policy Traffic specification consists of two Host groups as end points, (each containing two hosts), a unidirectional traffic flow (server to client), and the service specification “UDP Any.” This resulted in the four traffic flows shown in Figure 250 .
Protocol
Dest IP
Dest Port
Src IP
Src Port
The protocol specified for the traffic (TCP in the example).
The destination IP address, derived from one of the host specifications.
The L4 port associated with the destination IP address, if a port has been specified. An asterisk indicates the specification “Any.”
The source IP address, derived from one of the host specifications.
The L4 port associated with the source IP address, if a port has been specified. An asterisk indicates the specification “Any.”
EPICenter Reference Guide 487
488
Using the Policy Manager
Creating a New Policy
To create a network policy, follow these steps:
1 Select New
Figure 251 . from the toolbar. This displays a new Policy Definition page, as shown in
Figure 251: Policy description page for a new Access-based Security policy
Flow direction (IP and Security policies only)
Policy traffic endpoint selection
Service filter specification
(IP and
Security)
Policy access domain selection
2 Enter a name for the policy (required) and a description of the policy (optional).
3 If you do not want this policy to be configured onto any devices, click the Enabled check box once to remove the check mark and indicate that this policy should not be enabled. The presence of a check in the box indicates that the policy will be enabled, which is the default state.
4 Select a schedule for this policy, if desired. Default is 24 hours a day, 7 days a week. You can check desired days, set start time on the 24-hour clock, and set time periods from 0 to 168 hours.
Scheduled times are allowed to overlap (see Figure 252 ).
EPICenter Reference Guide
e
Figure 252: Example of a schedule
Creating a New Policy
5 Select the type of policy you want to create. The type of policy you choose will determine the type of information you need to provide.
The policy type acts as a sort of template, requiring definition only of the components relevant to the particular policy type.
Select the appropriate Policy Type as follows:
Security
IP
VLAN
Source Port
Select to specify the components of a policy for traffic between resources and dynamically obtained user endpoints. A policy of this type will generate access list rules for implementation of the devices in the access domain. These rules are generated whenever an authorized user logs on and will be deleted when that user logs off.
Select o specify the components of a policy for traffic between endpoints, such as a server and specific clients or a particular service and server.
Select to specify the components (VLANs) of a policy for traffic originating from the member ports of one or more VLANs. A policy of this type will generate VLAN QoS rules for implementation on the devices in the policy scope.
Select to specify the components of a policy for traffic originating from specific ingress ports. A policy of this type generates source physical port QoS rules for implementation on the devices in the policy scope.
6 Specify the endpoints that will define the traffic flows to which this policy will apply.
● For a Security policy: You must specify two sets of endpoints for a Security policy, which are classified as network resources and users. The resources you select are typically hosts or users, but do not need to be in a conventional “client-server” relationship. They simply represent the endpoints (source and destination, translated to an IP address and port) of the traffic flow. You can specify individual endpoints, or groups that contain the endpoints. The user end of the specification does not need to have a specific IP address assigned to it, although it may.
You must also specify the traffic direction to which the policy should apply. The default for an
Access-based Security policy is user to resource.
● For an IP policy: You must specify two sets of endpoints for an IP policy, which are classified as servers and clients. The resources you select are typically hosts or users, but do not need to be in a conventional “client-server” relationship. They simply represent the endpoints (source and destination, translated to an IP address and port) of the traffic flow. You can specify individual endpoints, or groups that contain the endpoints. You can also specify a subnet address or the
“Any” wildcard as an endpoint.
You must also specify the traffic direction to which the policy should apply. The default direction for an IP policy is bidirectional.
EPICenter Reference Guide 489
490
Using the Policy Manager
●
●
For a Source Port policy: You must specify one or more devices and physical ports as source endpoints. You can specify them individually or as groups that contain ports.
For a VLAN policy: You must specify the VLANs to which the policy should apply. You can specify VLANs individually or as groups that contain VLAN members.
NOTE
You should not include the Management (Mgmt) or MacVlanDiscover VLANs as policy endpoints. These VLANs cannot have policies associated with them.
7 To select one or more endpoints for any of the policy types, click the Edit... button that appears either to the right or below the list of endpoint resources.
● For a Security policy: Two Edit buttons are provided, one to the right of the Network Resources list, and one to the right of the Users resource list, as shown in Figure 251 .
●
●
For an IP policy: Two Edit buttons are provided, one to the right of the Servers resource list, and one to the right of the Clients resource list, similar to that shown in Figure 251 .
For a VLAN or Source Port policy: The Edit button appears at the bottom of the Policy Traffic area, below the Resource list. a Click the appropriate Edit... button to display the Edit Policy Endpoints window, as shown in
Figure 253 and Figure 254
. For a more detailed explanation of this window, see “Edit Policy
Endpoints Window” on page 495 .
Figure 253: Edit Policy Endpoints window for the resources of Security policy
EPICenter Reference Guide
Creating a New Policy
Figure 254: Edit Policy Endpoints window for the Users side of an Access-based Security policy
The left panels of this window, Select Endpoints to be Added, displays the component tree showing the resources currently defined in the Grouping applet. You can specify endpoints using any of the available high-level resources: users, hosts, devices, VLANs, or groups of these resources. The types you select will depend on the type of policy you are creating.
When you select a group in the component tree, its children (groups or individual resources) are displayed in the associated Resource list (the right half of the Select Endpoints to be Added area). Individual resources are displayed only if they are of types that can be used as endpoints for the policy type you have selected.
The area on the right of the window Current Policy Endpoints, shows the resources that are already selected as endpoints.
■ Use the Add button to add selected resources to the Current Policy Endpoints list.
■ Use the Add All button to add all the children of the group you have selected in the component tree.
■
■
Use the Remove button to remove selected resources from the Current Policy Endpoints list.
Use the Remove All button to remove all resources from the Current Policy Endpoints list.
For an IP policy and for the Network Resources side of an Access-based Security policy: There are two additional ways to create endpoints:
■
■
Select Add IP Addr to specify an IP address directly. (This button will not appear if you are creating VLAN or Source Port endpoints.) A small pop-up window appears, in which you can enter an IP address and subnet mask into the fields provided. A subnet mask of 32 indicates a host.
Select Add Wildcard to add the endpoint specification “Any” to the Current Policy Endpoints list. This indicates that any IP address will be accepted as a match for this policy endpoint.
(This button does not appear if you are creating VLAN or Source Port endpoints.) b Click OK to close the Edit window and display the contents of the Current Policy Endpoints list in the appropriate resource list in the Policy Traffic area.
EPICenter Reference Guide 491
492
Using the Policy Manager c Cancel closes the Edit window and abandons any changes you’ve made to the Current Policy
Endpoints list.
8 For a VLAN or Source Port policy: Your next step is to define the Policy Scope. Skip to Step 11 on page 493 for instructions on specifying a scope for your policy.
9 Traffic direction for a Security or an IP policy: You must indicate whether this policy should affect traffic flowing only in one direction between the endpoints, or whether it should affect traffic in both directions. The directional selection buttons do not appear if you are creating VLAN or Source Port endpoints.
Click the appropriate button to indicate the traffic flow directions to which this policy should be applied (for IP policies, substitute server for network resource and substitute client for user):
●
●
●
The top button (- - >) indicates that this policy should apply only to traffic flowing from the network resource (left-side) endpoints to the user (right-side) endpoints. The network resource endpoints will be considered the source, and the user endpoints will be considered the destination in the access list rules created from this policy.
The middle button (< - -) indicates that this policy should apply only to traffic flowing from the user (right-side) endpoints to the network resource (left-side) endpoints. The user endpoints will be considered the source, and the network resource endpoints will be considered the destination in the access list rules created from this policy.
The bottom button (< - - >) indicates that this policy should apply to all traffic flowing between the user (right-side) endpoints and the network resource (left-side) endpoints, in either direction.
10 Server service and L4 ports for a Security or an IP policy: You may indicate a protocol service and
L4 (layer 4) ports that should be used as a filter when looking for traffic that matches the access list criteria. You can specify this information by selecting a protocol and entering the L4 port numbers, or you can select a predefined service or application that the policy server can translate to a protocol and one or more L4 ports or you can use a group of the Custom Applications type. When using the latter, you can group different types of ports as well as non-contiguous groups of ports.
●
●
The default is “IP Any” which specifies layer 3 traffic.
Specification of L4 ports for the client endpoints is optional.
● These fields do not appear if you are creating VLAN or Source Port policies.
Figure 255 shows the portion of the Policy Definition window where you can make these selections.
This illustration shows the minimum specification if you select a service that translates to a port (or set of ports) known to the EPICenter policy server.
Figure 255: Service and port selection area for a Security or an IP policy—basic specification
a To specify a service, select one from the drop-down list provided, as shown in Figure 256 .
EPICenter Reference Guide
Figure 256: Service selection for an IP policy
Creating a New Policy
From this list you can select from the standard TCP, UDP, IP services, from Custom Applications, or from specific named services (applications) that are known to the EPICenter policy server. In the list shown in Figure 256 , Baan is an example of such a service, and has been preconfigured with a protocol and L4 port. If you select an application, the policy server will determine the L4 port from its pre-configured value in the EPICenter database.
The settings “Deny TCP SYN packets” and “Deny TCP SYN packets Any” are the same as the
ExtremeWare settings called “TCP permit established.” These settings specify that all new TCP connections (as indicated by the presence of a Sync request) from the client endpoints to the server will be denied (existing TCP sessions will continue). When you select either of the “Deny
TCP SYN packet” settings, the traffic direction is automatically set from client to server.
NOTE
When you select either of the Deny TCP SYN packets services, the QoS profiles for all devices in your policy scope are automatically set to “blackhole” to accomplish the denial of new TCP traffic. b To specify an L4 port or port range, enter a port number in the L4 Port Range field. Enter a single port number, or a port range in the form <first_port>-<last_port> .
The L4 Port Range field appears only if you select a service that requires a port specification.
These selections are:
■
■
Specify TCP port range
Specify UDP port range
■ Deny TCP SYN packets
The other selections either indicate any port (TCP Any, UDP Any, IP Any, Deny any TCP SYN packets) or translate directly to an L4 port. c If you want to specify an L4 port for the client or user endpoints, click the Specify client L4 port or the Specify user L4 port check box to display the client service selection fields. The drop-down list of services is limited to the ability to specify TCP or UDP Any, or a TCP or UDP port range.
11 The last step is to define the access domain for a Security policy or scope for an IP policy—the devices on which the access list rules should be implemented, along with the QoS profile that should be associated with these rules.
EPICenter Reference Guide 493
494
Using the Policy Manager
Figure 257: Policy Access Domain display
The Policy Access Domain (Scope for IP policies) display includes:
● Each resource (device, or group that contains devices or ports) included in the scope
●
●
The type of each resource (Device or Group)
The QoS profile that will apply to the resource—to the individual device or to all the devices in the group if the resource is a Group
An optional comment you can enter when you select the QoS profile for the resource ●
The order in which the resources are displayed in the Policy Access Domain or Scope Resource list determines their precedence. Precedence is significant when an individual device appears more than once in the list (as a member of multiple groups, for example) and the QoS profile setting of each of those occurrences is in conflict. a To add a resource to the list (or to modify the list) click the Edit... button. The
is displayed, as shown in Figure 258 .
Figure 258: Edit Policy Access Domain window
EPICenter Reference Guide
Edit Policy Endpoints Window
This window is similar to the Edit Policy Endpoints window described previously.
The left side of this window Select Policy Access Domain Devices to be Added, displays a component tree showing the resources currently defined in the Grouping applet.
When you select a group in the component tree, its children (groups or individual devices) are displayed in the associated Resource list (the right half of the Select Policy Access Domain Devices to be Added area). You can select groups or devices as access domain resources. If you select a group that does not contain any devices as children, the group is added as an access domain resource, but will not actually have any effect on the policy access domain.
The area on the right of the window (Current Policy Access Domain Devices) shows the resources you have already selected to include in the access domain for your policy.
● Use the Add button to add selected resources to the Current Policy Access Domain Devices list.
●
●
Use the Add All button to add all the children of the group you have selected in the component tree.
Use the Remove button to remove selected resources from the Current Policy Access Domain
Devices list.
●
●
Use the Remove All button to remove all resources from the Current Policy Access Domain
Devices list.
You can select the Security QoS Profile that should be configured on the device for this policy by selecting a resource in the Current Policy Access Domain Devices list, and then selecting a profile from the drop-down list associated with that resource.
●
●
Click OK to close the Edit window and display the contents of the Current Policy Endpoints list in the appropriate resource list in the Access List (Policy Traffic for IP policies) area.
Cancel closes the Edit window and abandons any changes you’ve made to the Current Policy
Endpoints list.
b Use the Up and Down buttons to change the precedence of the entries in the list.
■ Select an entry and click the Up button to move it up in the list (giving it higher precedence).
■ Select an entry and click the Down button to move it down in the list (giving it lower precedence).
12 To save your new policy definition, click the Save button.
If you attempt to leave the policy definition page without saving your new policy definition, a small
Confirm Save Policy Changes pop-up appears, asking if you want to save the changes (your new policy).
●
●
●
Click the Yes button to save the policy.
Click No to abandon the policy
Click Cancel to return to the Policy Definition page of the policy you were creating.
NOTE
If auto-configuration is enabled, this policy will be configured immediately on the network. This could cause network problems if policy precedence relationships are not set correctly.
Edit Policy Endpoints Window
The Edit Policy Endpoints window, as shown in
, looks basically the same regardless of the type of policy you are creating. The exception is the Add IP Addr and Add Any buttons that appear
EPICenter Reference Guide 495
Using the Policy Manager only for a Security or an IP Policy endpoint. Note that these extra buttons only appear for the Network
Resources (left-hand) side for Security policies. If you are creating a VLAN or Source Physical Port policy, these two buttons will not be present.
Figure 259: Edit Policy Endpoints window for a Security policy
496
The left side of this window (see Figure 259
) Select Endpoints to be Added, displays the component tree showing the resources currently defined in the Grouping applet. You can specify endpoints using any of the available high-level resources: Users, hosts, custom applications, devices, VLANs, or groups of these resources. The types you can select will depend on the type of policy you are creating.
The area on the right of the window (see Figure 259
) Current Policy Endpoints, shows the resources that are already selected as endpoints.
When you select a group in the component tree, its children (groups or individual resources) are displayed in the associated Resource list (the right half of the Select Endpoints to be Added area).
Individual resources are displayed only if they are of types that can be used as endpoints for the policy type you have selected. For example, if you are creating a VLAN policy, the Select Endpoints to be
Added list will only display groups and VLAN resources.
The standard buttons at the center of the window allow you to do the following:
Add
Add All
Remove
Remove All
Select one or more individual resources or groups from the Resources list, and click the Add button to add them to the Current Policy Endpoints list.
Click the Add All button to add all the resource children of the group you have selected in the component tree.
To remove resources from the Current Policy Endpoints list, select one or more resources and click the Remove button.
To remove all resources from the Current Policy Endpoints list, click the Remove All button.
EPICenter Reference Guide
Edit Policy Access Domain/Policy Scope Window
For an IP or Security policy: There are two additional ways to create endpoints for an IP or Security policy:
● Select Add IP Addr to specify an IP address directly. (This button will not appear if you are creating User-side Security, VLAN or Source Port endpoints.) A small pop-up window appears, as shown in Figure 260 .
Figure 260: Add an IP address as an endpoint for an IP policy
● a Enter an IP address and subnet mask into the fields provided.
The subnet mask is used to set parts of the IP address to zero. A subnet mask of 32 indicates a host (all 32 bits of the address are used). A subnet mask of 24 is typically used to indicate a subnet address, and sets the last (right-most) address component (the least significant eight bits) to zero, leaving the other 24 bits as is. You can enter any number of bits as the subnet mask. b Click OK to add it to the Current Policy Endpoints list.
Select Add Wildcard to add the endpoint specification “Any” to the Current Policy
Endpoints list. This indicates that any IP address will be accepted as a match for this policy endpoint. (This button does not appear if you are creating User-side Security, VLAN or Source Port endpoints.)
NOTE
You cannot have both the wildcard endpoint specification and individual endpoint specifications in the Current
Policy Endpoints list, as individual endpoints are redundant with the “Any” specification. If you specify Add
Wildcard when there are other endpoints in the list, the Policy Manager will display a warning, and will remove the other endpoints if you elect to continue.
Further, if you attempt to add an individual endpoint specification when the Current Policy Endpoint specification is “Any,” the Policy Manager will display a warning, and remove the wildcard specification if you elect to continue.
● When you have finished adding resources to the Current Policy Endpoints list, click the OK button at the bottom of the window. This closes the Edit window and displays the contents of the Current
Policy Endpoints list in the appropriate resource list in the Policy Traffic area.
Click Cancel to close the Edit window and abandon any changes you’ve made to the Current Policy
Endpoints list.
Edit Policy Access Domain/Policy Scope Window
The Edit Policy Access Domain (shown in Figure 258 ) and Edit Policy Scope windows (shown in
Figure 261
), are very similar to the Edit Policy Endpoints Window
.
EPICenter Reference Guide 497
Using the Policy Manager
Figure 261: Edit Policy Scope window
498
The left side of this window Select Policy Access Domain Devices to be Added, or Select Policy Scope
Devices to be Added displays a component tree showing the resources currently defined in the
Grouping applet.
When you select a group in the component tree, its children (groups or individual devices) are displayed in the associated Resource list (the right half of the Select Policy Access Domain Devices to be Added or Select Policy Scope Devices to be Added area). You can select groups or devices as scope resources. If you select a group that does not contain any devices as children, the group is added as an access domain resource, but will not actually have any effect on the policy access domain.
The area on the right of the window Current Policy Access Domain Devices, shows the resources you have already selected to include in the access domain for your policy.
1 Add or remove resources from the Current Policy Access Domain Devices list:
Add
Add All
Remove
Remove All
Select one or more individual resources or groups from the Devices list, and click the Add button to add them to the Current Access Domain Devices list.
Click the Add All button to add all the resource children of the group you have selected in the component tree.
To remove selected resources from the Current Domain Devices list, select the resources and click the Remove button.
To remove all resources from the Current Policy Domain Devices list, click the
Remove All button.
2 In addition to selecting resources, you can select the QoS Profile that should be configured on the device for this policy. a Select a resource in the Current Policy Access Domain Devices list.
EPICenter Reference Guide
Modifying Policies b Click the entry in the QoS Profile column for the selected resource, or in the QoS Profile field below the list. In either case, a drop-down list of the available QoS profiles is displayed, from which you can select the profile you want to associate with this policy.
c To enter a comment about this resource, enter it in the Comment field below the resource list.
NOTE
For devices running older versions of ExtremeWare (prior to 6.x) only four QoS profiles (QP1-QP4) are supported.
If you select a profile that is not supported on the device you are configuring, your selection will be ignored.
3 When you have finished adding resources to the Current Policy Access Domain Resources list, click the OK button at the bottom of the window. This closes the Edit window and displays the contents of the Current Policy Scope Resources list in the appropriate resource list in the Policy Traffic area.
Click Cancel to close the Edit window and abandon any changes you have made to the Current
Policy Scope Resources list.
Modifying Policies
To modify a network policy, you follow the same steps you use to create a policy, but you start with the settings of the current policy. You can change any of the policy settings, including the policy name and policy type.
To modify a policy, follow these steps:
1 Click the Policies radio button just above the component tree to display a summary of the policies currently known to the Policy Manager.
2 Select the policy you want to modify either in the component tree or from the list of policies. This displays the Policy Description page for the selected policy, as shown in Figure 262 .
EPICenter Reference Guide 499
Using the Policy Manager
Figure 262: Policy Definition page for an existing source port policy
500
The fields in this dialog box are as follows:
Name
Enabled
Description
Policy Type
To change the policy name, type the new name in the Name field.
To enable or disable the policy, click the Enabled checkbox to add or remove the check mark. The presence of the check indicates that the policy is in the enabled state.
To enter or change the description for this policy, just type the new text into the
Description field.
To change the policy type, click the IP, VLAN, or Source Port Policy Type radio button.
3 To change the policy name, type the new name in the Name field.
4 To enable or disable the policy, click the Enabled checkbox to add or remove the check mark. The presence of the check indicates that the policy is in the enabled state.
5 To enter or change the description for this policy, just type the new text into the Description field.
6 To change the policy type, click the appropriate Policy Type selector.
NOTE
If you change the policy type, the contents of the Policy Traffic fields will change. The current entries in the traffic resource list(s) are removed, although they will still appear in the Current Policy Endpoints list in the Edit
Policy Endpoints window. However, if they are not valid endpoint types for the new policy type, they will not be added to the endpoint resource lists, and you will need to select new endpoints for your policy.
EPICenter Reference Guide
Deleting a Policy
7 To modify the list of endpoints for any of the policy types, click the Edit... button that appears either to the right or below the list of endpoint resources.
This displays the Edit Policy Endpoints Window discussed in detail on page 495 .
●
●
Add resources to or remove them from the Current Policy Endpoints list. See
Endpoints Window” on page 495 for more detailed information about this window.
Click the OK button to closes the Edit window and displays the modified contents of the Current
Policy Endpoints list in the appropriate resource list in the Policy Traffic area.
● Click Cancel to close the Edit window and abandon any changes you have made to the Current
Policy Endpoints list.
8 To modify the access domain or policy scope click the Edit... button to the right of the Policy Scope
resource list. The Edit Policy Access Domain/Policy Scope Window is displayed. This window is
discussed in detail in
“Edit Policy Endpoints Window” on page 495
.
The left side of this window (Select Network Resource Endpoint(s) to be Added) displays the resources currently defined in the Grouping applet.
●
Add resources to or remove them from the Current Policy Scope Resources List. See “Edit Policy
Access Domain/Policy Scope Window” on page 497 for more information.
● Modify the QoS Profile that should be configured on the device for this policy by selecting a resource in the Current Policy Scope Resources list, and then selecting a profile from the dropdown list associated with that resource.
●
●
●
Click OK to close the Edit window and display the contents of the Current Policy Endpoints list in the appropriate resource list in the Policy Traffic area.
Cancel closes the Edit window and abandons any changes you have made to the Current Policy
Endpoints list.
To change the precedence of an entry in the Policy Scope resources list, select the entry and use the Up or Down buttons to move it in the list. Moving it up will give it higher precedence; moving it lower will reduce its precedence.
The order in which the resources are displayed in the Policy Scope Resource list determines their precedence. If individual device appears more than once in the list (as a member of multiple groups, for example) and the QoS profile setting of each of those occurrences is in conflict, the first occurrence of the device in the list will determine which profile will be used.
9 To save your modified policy definition, click the Save button.
If you attempt to leave the policy definition page without saving your changed, a small Confirm
Save Policy Changes pop-up appears, asking if you want to save the changes.
●
●
●
Click Yes to save your changes.
Click No to abandon your changes.
Click Cancel to return to the Policy Definition page of the policy you were modifying.
Deleting a Policy
Use the Delete policy button to delete the currently selected policy. A pop-up window appears asking for confirmation of the deletion.
Click Yes to proceed with the deletion, or No to cancel the operation.
EPICenter Reference Guide 501
Using the Policy Manager
Resetting a Policy
Use the Reset policy button to undo the changes you have made to a policy definition at any time
before you save it. The reset operation returns the settings of the policy to the last saved settings for the policy. In the case of a new policy, it will remove all policy settings.
Configuring Policy Precedence
To configure the precedence settings of your policies, click the Order Policy Precedence button to display the Order Policy Precedence window as shown in Figure 263 .
Figure 263: Order Policy Precedence window
502
Policies are displayed in the Configure Policy Precedence window in their current precedence order, from highest at the top to lowest at the bottom. The top entry in the list has the highest priority, the last entry has the lowest priority. In the case where multiple policies could apply to the same traffic flow, the policy with higher priority is used by the switch over policies of lower priority.
The policy precedence defined in this window only controls the relationships between policies of the same type. Policies of different types have a predefined precedence relationship: Security and IP QoS policies are the highest priority, Source Port QoS policies are second, and VLAN QoS policies have the lowest priority. For Security and IP policies, the precedence can be manipulated between the two types since they are of similar type in this respect. For VLAN and source port policies, you can only manipulate its precedence relative to other policies of the same type.
If all other precedence variables are equal, and you do not change the precedence order explicitly, then precedence is determined by the time of creation, with the policy created last having the lowest precedence, and will appear at the bottom of the list.
● To change the precedence of a policy, select the policy, and click the appropriate Up or Down arrow button to move the policy higher or lower in the list. Move a policy up in the list to give it priority over the policies below it in the list. Move it lower in the to reduce its priority relative to other policies.
EPICenter Reference Guide
Viewing and Modifying QoS Profiles
●
●
Clicking Cancel at any time prior to clicking OK will restore the precedence settings to those currently in effect relative to the selected policy.
Click the OK button to save the changes for the affected policies.
Viewing and Modifying QoS Profiles
QoS profiles cannot be added, deleted, or renamed. You can change the priority and bandwidths of each of the eight profiles, QP1 through QP8, and configure your modified profiles on a selected set of devices, or on individual ports on a device.
You cannot change the settings of the “blackhole” profile, which is set to priority “deny” and does not use the minimum or maximum bandwidth settings.
Click the Configure QoS profiles button to view or change the current QoS profile definitions in the Policy System. This displays the Configure QoS Profiles window (see Figure 264 ).
The Configure QoS Profiles window is similar to the Edit Policy Endpoints window shown in
Figure 253 and discussed in detail on page 490 .
Figure 264: Configure QoS Profiles window
EPICenter Reference Guide 503
Using the Policy Manager
The fields in this window are as follows:
QoS Profile
Min Bandwidth
Max Bandwidth
Priority
Select a QoS profile from this drop-down menu.
Use this field to change the minimum bandwidth for the profile, by typing in a value between 0 and 89, and less than or equal to the value you plan to use for maximum bandwidth. The sum of all minimum bandwidth cannot be greater than 90%.
Use this field to change the maximum bandwidth for the profile, by typing in a value between 0 and 100, and greater than or equal to the minimum bandwidth specified in the previous field.
Select one of the eight priorities (low, lowHi, normal, normalHi, medium, mediumHi, high, highHi, or deny).
To modify the settings or device scope of a QoS profile, follow these steps:
1 Select the profile you want to modify from the drop-down menu.
The default definitions for the eight QoS profiles you can configure are shown in
.
Table 57: Default QoS Profile Settings
QoS Treatment Name
QP1
QP2
QP3
QP4
QP5
QP6
QP7
QP8
Priority low lowHi normal normalHi medium mediumHi high highHi
0%
0%
0%
0%
0%
Min Bandwidth
0
0%
0%
Max Bandwidth
100%
100%
100%
100%
100%
100%
100%
100%
504
NOTE
For devices running older versions of ExtremeWare (prior to 6.x) only four QoS profiles (QP1-QP4) are supported.
Their priorities are low, normal, medium, and high. If you select a profile that is not supported on the device you are configuring, the profile will not be configured on the device.
2 To change the minimum bandwidth for the profile, type a value into the Min Bandwidth field. The value must be between 0 and 89, and less than or equal to the value you plan to use for maximum bandwidth.
NOTE
The sum of all minimum bandwidth cannot be greater than 90%.
3 To change the maximum bandwidth for the profile, type a value into the Max Bandwidth field. The value must be between 0 and 100, and greater than or equal to the minimum bandwidth specified in the previous field.
4 To change the priority, select one of the eight priorities (low, lowHi, normal, normalHi, medium, mediumHi, high, highHi, or deny) from the drop-down menu in the Priority field.
5 To specify the devices or ports on which this modified profile should be configured, select devices or groups from the Select Resources to be Added part of the window, and move them to the Resource
Results list.
EPICenter Reference Guide
Configuring QoS Policies
The Select Resources to be Added part of the window shows the resources currently defined in the
Grouping applet.
When you select a group in the component tree, its children (groups or individual devices) are displayed in the associated Resource list (the right half of the Select Resources to be Added area).
You can select groups, individual devices, or individual ports as resources on which the QoS profile should be configured. If you select a group that does not contain any devices as children, the group is added to the Resource Results list, but will not affect the QoS profile configuration.
Add
Add All
Remove
Remove All
Select one or more individual resources or groups from the Select Resources to be
Added list, and click this button to add them to the Resource Results list.
Click this button to add all the resource children of the group you have selected in the component tree.
Select one or more resources and click this button to remove resources from the
Resource Results list.
Click this button to remove all resources from the Resource Results list.
To view the QoS profiles currently configured on a device, use the ACL Viewer, select a device in the component tree, and then select the QoS Profile tab to view the current device configuration.
Configuring QoS Policies
There are two ways to configure your enabled policies onto the affected devices:
You can have the EPICenter server make configuration changes on the affected devices any time it detects a change.
You explicitly direct that configuration changes should be made by invoking the configuration function. You can direct a configuration operation for an individual device or for all devices.
Policies that are not enabled are not configured on any devices through either of these methods.
Auto Configuration
If auto configuration is enabled , any changes you make within the EPICenter software may trigger an immediate recomputation and reconfiguration of the QoS policies on your network. When auto-configuration is enabled, a policy reconfiguration may be triggered by any of the following events:
●
●
Changes to group memberships made through the Grouping Manager or Inventory Manager that affect a group used to define a policy endpoint or policy scope
Network login/802.1x user login/logout
●
●
●
Changes made through the ExtremeWare CLI or ExtremeWare Vista on a device managed by the
EPICenter server
A user login or end station reboot when DLCS is enabled
Saving a change to a policy within the Policy Manager
EPICenter Reference Guide 505
506
Using the Policy Manager
The status icon displayed in the upper right corner of the Policy Manager indicates that the configuration is occurring (see
“Configuration Status” below for details).
If auto configuration is disabled , you must explicitly perform the configuration process. In this mode, policies can be created or modified and saved, but they are not configured on the network until a directed configuration (Config or Config All) is done.
NOTE
It is strongly recommended that you disable auto configuration while editing multiple policy definitions or changing the precedence of policies, especially if they involve the “blackhole” profile (deny access). With auto configuration enabled, each change is configured on the network immediately as the individual policy is changed, possibly before the appropriate precedence relationships have been established. This could cause serious network connectivity problems. After all changes have been made, you can re-enable auto configuration so that all configuration changes will be made only after the correct precedence relationships have been established.
Configuration Status
When an automatic configuration operation occurs the configuration status icon, shown at the upper right corner of the Policy Manager, displays an animated status indication of the progress of the configuration.
●
●
First, the Policy Manager must compute the access list and QoS rules based on your policy definitions. This is indicated by an animated display of the following graphic:
Second, the Policy Manager applies the computed policies to the device (those policies that are valid, and not in conflict with any other policies). This is indicated with another animated display:
When the configuration is complete, the icon returns to its quiescent state. You can use the ACL Viewer to view the results of the policy configuration.
Directed Configuration
You can configure policies on a selected device or group of devices, or on all devices known to the
EPICenter server in one operation.
●
●
From the ACL Viewer, you can configure policies on selected devices.
Select the device or group in the component tree, and click the Config button.
To configure all policies on all devices at once, click the Cfg All button either the Policies View or from the ACL Viewer.
.
. You can do this from
In either case, a pop-up window appears asking for confirmation of the configuration.
Click Yes to proceed with the configuration, or No to cancel the operation.
A message window (shown in Figure 265 ) pops up to show you the progress of the configuration.
EPICenter Reference Guide
Figure 265: Message window showing policy configuration progress
Configuring QoS Policies
Devices are listed followed by a small purple rotating clock icon while the configuration function is in progress.
●
●
When a configuration has been successful, the clock turns into a green checkbox .
If the configuration fails, the clock turns into a red X and the device name is displayed in red.
The indicators just below the tree area of the window show the number of devices currently in each state.
To see the messages related to the configuration function (either successful or unsuccessful), select a device in the list. The messages related to the device are displayed as lines under the device node.
Plus sign
Minus sign
Up and down arrows
Errors Only
Collapse All
Click the plus sign at the left of the device name to display server messages related to configuring the device.
Click the minus sign at the left of the device to hide the server messages.
The up and down arrow buttons let you move up and down the device tree, displaying the server messages associated with each device.
If you check the Errors Only box, the up and down arrow buttons will expand only devices that had errors.
The Collapse All button collapses all the device nodes, hiding all the server messages.
EPICenter Reference Guide 507
Using the Policy Manager
508 EPICenter Reference Guide
18
The ACL Viewer
This chapter describes how to use the EPICenter Policy Manager for:
● Viewing the policy configurations currently configured on Extreme devices
●
●
Viewing the policy configurations specified for a device through the EPICenter Policy Manager
Comparing policy configurations specified within the EPICenter Policy Manager with the policies currently configured on a device
Using the ACL Viewer
The ACL Viewer lets you view information about the policies you’ve specified for the devices in your network:
● The traffic patterns computed from the policies you have defined.
●
●
The actual access list or QoS rules generated by the EPICenter Policy Manager, based on the policies you have defined. It also shows the rules currently configured on a selected device, and lets you compare the actual rules with the rules generated by the Policy Manager based on your policy definitions. Rules for Access-based Security policies will normally only be displayed while the users are logged into the network.
The QoS Profile settings for the devices managed by the EPICenter server.
The ACL Viewer shows information about the policies you’ve defined, even if they have not been configured on the network. Thus, you can use the ACL Viewer to preview the rules you’ve specified before they take effect on your network.
The ACL Viewer organizes information by device scope—information related to a policy is presented relative to the currently selected resource (device or group).
To invoke the Policy Manager, click the Policy button in the Navigation Toolbar. When the Policy
Manager applet first appears, the Policies View is selected.
To view the access list and QoS rules currently defined for devices managed by the EPICenter Policy
Manager, click the ACL Viewer radio button just above the component tree. The ACL Viewer also displays Network Login/802.1x activity for a specific device, slot, or port.
The ACL Viewer displays the Access List summary view for the top level of the component tree (the
Groups node) as shown in Figure 266 . The Access List summary view provides an overview of the IP policies defined in the Policy Manager, as related to their scope definitions.
EPICenter Reference Guide 509
The ACL Viewer
Figure 266: Top-level Access List view in the ACL Viewer
510
From either the Policies View or ACL Viewer, you can modify the QoS profiles, change policy precedence, and configure the currently enabled policies on one or more devices.
ACL Viewer Summary Displays
When the Groups node is displayed in the ACL Viewer, you can view a summary of the rules created for Access Lists, VLAN QoS, and Source Port QoS.
The format of each of these displays is the same, and is organized by policy scope—one entry for each policy and scope resource (device or group). If a policy has multiple scope resources, each has a separate entry. For example, in Figure 266 , the policy ip1 is scoped on two individual devices, so there are two entries in the list for that policy.
Each entry in the summary display shows the following:
! (exclamation point)
Policy
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order.
The name of the policy.
EPICenter Reference Guide
Access List Display
Scope
Enabled
The scope resource (device or group) and its associated QoS profile.
Indicates whether the policy is enabled for this policy scope. A green check ( ) indicates that the policy is enabled. A red X ( ) indicates that the policy is not enabled. A policy that is not enabled will not be configured on the devices within the scope, either automatically or when you start a configuration manually.
The Access List display shows IP and Security policies only. If the Security policy allows the system to dynamically determine the IP at network login, then those policies will only appear while the user is logged into the network. The VLAN QoS page display shows VLAN policies, and the Source Port QoS page shows Source Port policies.
Access List Display
You can use the Access List display to view traffic patterns and access list rules generated by your
EPICenter IP policies and active Security policies. At the group level, you can view the traffic patterns generated by all the IP and Security policies that include a selected group in the policy scope or domain. At the individual device level, you can view all the access rules generated by EPICenter policies for an Extreme i-series device, as well as the policies actually configured on the device. Most
Security policies are shown only while the user is actively connected to the network.
NOTE
IP policies can only be configured on Extreme Networks devices running ExtremeWare versions 5.0x or 6.0.x or later.
Non-i-series devices only support IP policies if they run ExtremeWare 5.0x. (All Extreme Networks devices support
VLAN QoS.)
● To display the traffic patterns generated by the IP and Security policies that include the group in the policy scope, select a group in the component tree.
The Access List page shows all the traffic patterns generated by any IP and Security policies that have the selected group in its scope (see Figure 267 ).
EPICenter Reference Guide 511
The ACL Viewer
Figure 267: Traffic patterns generated from IP policies for scoped devices
512
The display includes the following information:
! (exclamation point)
Policy
Protocol
Dest IP
Dest L4 Port
Src IP
Src L4 Port
Profile
Status
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order.
Displays the name of the policy.
Indicates the protocol specified for the traffic (UPD, TCP, etc. in the example).
The destination IP address, derived from one of the host specifications.
The L4 port associated with the destination IP address, if a port has been specified. An asterisk indicates the specification “Any.”
The source IP address, derived from one of the host specifications.
The L4 port associated with the source IP address, if a port has been specified. An asterisk indicates the specification “Any.”
The QoS profile that applies to this traffic flow.
Indicates whether the traffic pattern is unique or if it duplicates another traffic pattern.
If a rule is a duplicate, only one of the duplicate rules is used to configure the device.
The rule used is based on the precedence of the duplicate rules.
To view the access list rules related to a specific device, select the device. If the device supports IP and
Security policies (Extreme devices running 5.0x, 6.1 or later), the Access List page displays a comparison of the “ideal” access list rules (rules generated by the EPICenter Policy Manager based on your policy definitions) and the rules actually configured on the device, as shown in Figure 268 .
EPICenter Reference Guide
Figure 268: AccessList display showing rules for an i-series device
Access List Display
The View field at the top of the display lets you select how you want to view the device rules. You can view the Access List rules in three ways:
Compare policy and configured rules
Select to compare the EPICenter-generated rules with the rules configured on the device (as shown in Figure 268 ).
View policy rules
View configured rules
Select to display the EPICenter rules only.
Select to display the configured rules only.
Policy Rule Comparison
The policy rule comparison display shows both the ideal rules, as generated by the EPICenter Policy
Manager (shown in the left half of the table) and the configured rules as they exist on the device, shown in the right half of the table.
The rows in the comparison display are displayed in colors that indicate the status of the rule:
Green
White
The rule is a valid rule (is not in conflict with a rule already on the device), but that it has not been configured on the device. Only the Ideal side of the table is filled in for these rules.
The rule is valid, and has been configured on the device. Both the Ideal and Configured sides of the table are filled in.
EPICenter Reference Guide 513
514
The ACL Viewer
Yellow
Blue
The EPICenter-generated “ideal” rule conflicts with a rule already configured on the device. Two rules conflict when the traffic patterns for the rule are the same but the treatment specified (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in.
The rule is configured on the device, but it was not generated by the EPICenter Policy
Manager. Only the Configured side of the table is filled in for these rules.
The columns in the display show information as follows:
! (exclamation point)
Policy
Ideal Traffic
Ideal Profile
Ideal Rule Precedence
Config Rule
Config Traffic
Config Profile
Owner
Config Rule Precedence
An empty column used to invoke a sort by policy precedence. Clicking the column header sorts the policies in precedence order.
Displays the name of the policy.
A policy traffic definition specified for this policy. The summary in this field includes the protocol, the In Ports, the destination IP address and ports, and the source IP address and ports.
The QoS profile specified in the Policy Manager for this traffic flow.
The precedence specified for the rule by the Policy Manager.
Displays the name of the rule on the device (as specified either through the Policy
Manager or through the ExtremeWare CLI).
The traffic definition to which this rule applies. The summary in this field includes the protocol, the ingress ports (In Ports) on the switch, the destination IP address and ports, and the source IP address and ports.
The QoS profile applied to this traffic flow.
Indicates how the rule was generated. If the rule was configured by the Policy manager, the owner will be EPICenter. If the rule was configured through the ExtremeWare CLI or through ExtremeWare Vista, then no owner name is set.
The precedence specified for the rule, either by the Policy Manager or through the
ExtremeWare CLI.
View Policy Rules
The Policy Rules display shows details of the ideal rules, as generated by the EPICenter Policy
Manager. The information in this display is as follows:
! (exclamation point)
Policy
Protocol
In Ports
Dest IP
Dest L4 Port
Src IP
Src L4 Port
Rule Precedence
An empty column used to invoke a sort by policy precedence. Clicking the column header sorts the policies in policy precedence order.
Displays the name of the policy.
Indicates the protocol specified for the traffic (UPD, TCP, etc. in the example).
Shows the switch ingress ports specified for this rule on this device.
The destination IP address, derived from one of the host specifications.
The L4 port associated with the destination IP address, if a port has been specified. An asterisk indicates the specification “Any.”
The source IP address, derived from one of the host specifications.
The L4 port associated with the source IP address, if a port has been specified. An asterisk indicates the specification “Any.”
The precedence value assigned to the rule by the Policy Manager.
EPICenter Reference Guide
Profile
To be used
VLAN QoS Display
The QoS profile specified for this traffic flow by this policy.
Indicates whether the rule is acceptable for configuration on the device (not in conflict with any other rules). Values for this column are:
• Yes, the rule can be used.
• No (duplicated) indicating that the rule duplicates another rule.
• No (disabled) indicating that the policy is disabled.
View Configured Rules
The Configured Rules display shows details of the rules that are actually configured on the device, either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in this display is as follows:
Rule
Protocol
In Ports
Dest IP
Dest L4 Port
Src IP
Src L4 Port
Rule Precedence
Profile
Owner
Displays the name of the rule.
Indicates the protocol specified for the traffic.
Shows the switch ingress ports specified for this rule on this device.
The traffic destination IP address.
The L4 port associated with the destination IP address, if a port has been specified. An asterisk indicates the specification “Any.”
The traffic source IP address.
The L4 port associated with the source IP address, if a port has been specified. An asterisk indicates the specification “Any.”
The precedence value assigned to the rule.
The QoS profile that applies to this traffic flow.
Indicates how the rule was generated. If the rule was configured by the Policy Manager, the owner will be EPICenter.
VLAN QoS Display
You can use the VLAN QoS display to view traffic patterns and access list rules generated by your
EPICenter VLAN QoS policies. At the group level, you can view the traffic patterns generated by all the
VLAN QoS policies that include a selected group in the policy scope. At the individual device level, you can view all the VLAN QoS rules generated by VLAN QoS policies for Extreme devices, as well as the policies actually configured on the device. VLAN QoS is supported on both i-series and non-i-series devices.
● To display the traffic patterns generated by the VLAN QoS policies that include the group in the policy scope, select a group in the component tree.
The VLAN QoS page shows all the traffic patterns generated by any VLAN QoS policies that have the selected group in its scope (see Figure 269 ).
EPICenter Reference Guide 515
The ACL Viewer
Figure 269: Traffic patterns generated from VLAN QoS policies for scoped devices
516
The display includes the following information:
! (exclamation point)
Policy
VLAN
Profile
Status
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order.
Displays the name of the policy.
The VLAN for which this policy is specified.
The QoS profile that applies to this VLAN.
Indicates whether the traffic pattern is unique or if it duplicates another traffic pattern.
To view the VLAN QoS rules related to a device, select the individual device. The VLAN QoS page displays a comparison of the “ideal” VLAN QoS rules (rules generated by the EPICenter Policy
Manager based on your policy definitions) and the rules actually configured on the device, as shown in
Figure 270 .
EPICenter Reference Guide
Figure 270: VLAN QoS display showing ideal and configured rules for a device
VLAN QoS Display
The View field at the top of the display lets you select how you want to view the device rules. You can view the Access List rules in three ways:
Compare policy and configured rules
Select to compare the EPICenter-generated rules with the rules configured on the device (as shown in Figure 268 ).
View policy rules
View configured rules
Select to display the EPICenter rules only.
Select to display the configured rules only.
Policy Rule Comparison
The VLAN QoS policy rule comparison display shows both the ideal rules, as generated by the
EPICenter Policy Manager (shown in the left half of the table) and the configured rules as they exist on the device, shown in the right half of the table.
EPICenter Reference Guide 517
518
The ACL Viewer
The rows in the comparison display are displayed in colors that indicate the status of the rule:
White
Yellow
Blue
The rule is valid, and has been configured on the device. Both the Ideal and Configured sides of the table are filled in.
The EPICenter-generated “ideal” rule conflicts with a rule already configured on the device. Two rules conflict when the traffic patterns for the rule are the same but the treatment specified (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in.
The rule is configured on the device, but it was not generated by the EPICenter Policy
Manager. Only the Configured side of the table is filled in for these rules.
The columns in the display show information as follows:
! (exclamation point)
Policy
Ideal Rule VLAN
Ideal Rule Profile
Config Rule VLAN
Config Rule Profile
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order.
Displays the name of the policy.
The VLAN specified by this policy.
The QoS profile specified for this traffic flow by this policy.
The VLAN to which the QoS rule applies.
The QoS profile that applies to this VLAN.
View Policy Rules
The Policy Rules display shows details of the Ideal Source Port QoS rules, as generated by the
EPICenter Policy Manager. The information in this display is as follows:
! (exclamation point)
Policy
VLAN
Profile
To be used
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order.
Displays the name of the policy.
The VLAN specified by this policy.
The QoS profile that is specified for this VLAN by this policy.
Indicates whether the rule is acceptable for configuration on the device (not in conflict with any other rules). Values for this column are:
• Yes, the rule can be used.
• No (duplicated) indicating that the rule duplicates another rule.
• No (disabled) indicating that the policy is disabled.
View Configured Rules
The Configured Rules display shows details of the VLAN QoS rules that are actually configured on the device, either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in this display is as follows:
VLAN
Profile
Specifies the VLAN to which the VLAN QoS rule applies.
The QoS profile that applies to this traffic flow.
EPICenter Reference Guide
Source Port QoS Display
Source Port QoS Display
You can use the Source Port QoS display to view traffic patterns and Access List rules generated by your EPICenter Source Port QoS policies. At the group level, you can view the traffic patterns generated by all the Source Port QoS policies that include the selected group in the policy scope. At the individual device level, you can view all the Source Port QoS rules generated by EPICenter policies for an Extreme
i-series device, as well as the policies actually configured on the device.
NOTE
Source Port QoS policies can only be configured on Extreme Networks devices running ExtremeWare versions 5.0x or
6.x or later. Non-i-series devices only support Source Port QoS if they run ExtremeWare 5.0x.
● To display the traffic patterns generated by the Source Port QoS policies that include the group in the policy scope, select a group in the component tree.
The Source Port QoS page shows all the traffic patterns generated by any Source Port QoS policies that have the selected group in its scope (see Figure 269 ).
Figure 271: Traffic patterns generated from Source Port QoS policies for scoped devices
EPICenter Reference Guide 519
The ACL Viewer
The display includes the following information:
! (exclamation point)
Policy
Source Port
Profile
Status
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order.
Displays the name of the policy.
The device and port for which this policy is specified.
The QoS profile that applies to this VLAN.
Indicates whether the traffic pattern is unique or if it duplicates another traffic pattern.
Each port is listed separately in the table, as a rule is generated for each port specified by the policy, even if they are specified in a single policy definition in the Policy Manager.
To view the Source Port QoS rules related to a device, select the device. The Source Port QoS page displays a comparison of the “ideal” Source Port QoS rules (rules generated by the EPICenter Policy
Manager based on your policy definitions) and the rules actually configured on the device, as shown in
Figure 270 .
Figure 272: Source Port QoS display showing ideal and configured rules for a device
520
The View field at the top of the display lets you select how you want to view the device rules. You can view the access list rules in three ways:
Compare policy and configured rules
Select to compare the EPICenter-generated rules with the rules configured on the device (as shown in Figure 268 ).
EPICenter Reference Guide
Source Port QoS Display
View policy rules
View configured rules
Select to display the EPICenter rules only.
Select to display the configured rules only.
Policy Rule Comparison
The Source Port QoS policy rule comparison display shows both the Ideal rules, as generated by the
EPICenter Policy Manager (shown in the left half of the table) and the Configured Rules as they exist on the device, shown in the right half of the table.
The rows in the comparison display are displayed in colors that indicate the status of the rule:
Green
White
Yellow
Blue
The rule is a valid rule (is not in conflict with a rule already on the device), but that it has not been configured on the device. Only the Ideal side of the table is filled in for these rules.
The rule is valid, and has been configured on the device. Both the Ideal and Configured sides of the table are filled in.
The EPICenter-generated “ideal” rule conflicts with a rule already configured on the device. Two rules conflict when the traffic patterns for the rule are the same but the specified treatment (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in.
The rule is configured on the device, but it was not generated by the EPICenter Policy
Manager. Only the Configured side of the table is filled in for these rules.
The columns in the display show information as follows:
! (exclamation point)
Policy
Ideal Source Port
Ideal Profile
Config Source Port
Config Rule Profile
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order.
Displays the name of the policy.
Displays the name of the device and the port specified by this policy.
Indicates the QoS profile specified for port by this policy.
The device and port to which the QoS rule applies.
The QoS profile that applies to this port.
View Policy Rules
The Policy Rules display shows details of the Ideal Source Port QoS rules, as generated by the
EPICenter Policy Manager. The information in this display is as follows:
! (exclamation point)
Policy
Source Port
Profile
To be used
An empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order.
Displays the name of the policy.
The device and port specified by this policy.
The QoS profile that is specified for this VLAN by this policy.
Indicates whether the rule is acceptable for configuration on the device (not in conflict with any other rules). Values for this column are:
• Yes, the rule can be used.
• No (duplicated) indicating that the rule duplicates another rule.
• No (disabled) indicating that the policy is disabled.
EPICenter Reference Guide 521
522
The ACL Viewer
View Configured Rules
The Configured Rules display shows details of the Source Port QoS rules that are actually configured on the device, either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in this display is as follows:
Source Port
Profile
Owner
Specifies the device and port to which this treatment (QoS profile) applies.
The QoS profile that applies to this port.
Indicates how the rule was generated. If the rule was configured by the Policy Manager, the owner will be EPICenter.
QoS Profile Display
The QoS Profile display shows the QoS profiles defined for the selected device. For i-series devices, this displays the eight profiles (QP1 through QP8) and the “blackhole” profile. For non-i-series devices, it shows the four QoS profiles (QP1 through QP4) and the “blackhole” profile.
For i-series devices, it also shows per-port QoS profile settings that are different from the QoS profile settings for the device as a whole. Figure 273 shows a QoS Profile display for an i-series device.
Figure 273: QoS profile display for an i-series device
EPICenter Reference Guide
Network Login/802.1x Display
The top table in the display, the Device profile settings, shows the QoS Profile settings configured for the device as a whole. The lower table, the Port exception QoS Profiles, appears only for i-series devices
running ExtremeWare 6.2 or later, and shows the QoS settings for any ports that have had a QoS profile defined individually for the port.
The information in the QoS Profile display is as follows:
Profile
Min BW
Max BW
Priority
Policy
The name of the profile.
The minimum bandwidth setting.
The maximum bandwidth setting.
The priority setting (low, lowHi, normal, normalHi, medium, mediumHi, high, highHi, or deny) of the profile.
Shows the policies that use this profile on this device.
The same columns are shown in the Port exception QoS Profiles table.
Network Login/802.1x Display
The Network Login/802.1x display shows lists the Network Login/802.1x information about each user connected to the device. Figure 274 shows the Network Login/802.1x display.
Figure 274: Network Login/802.1x display
EPICenter Reference Guide 523
The ACL Viewer
The information in the Network Login/802.1x display is as follows:
Port
User Name
IP Address
Login Type
MAC Address
VLAN
The port on the device on which the user is logged in.
The name of the user.
The IP address of the user’s host.
The login type, either network login or 802.1x.
The MAC address of the user’s host.
The VLAN to which the port belongs.
The Network Login/802.1x display is updated each time a user logs in and out of the selected device.
524 EPICenter Reference Guide
3
Appendices
A
Event Types for Alarms
This appendix describes the events that can be detected through the EPICenter Alarm System:
●
●
●
●
Configuring SNMP Trap Events on page 534
RMON Rising and Falling Trap Events on page 535
Many of the events defined below are standard traps applicable to all MIB-2 devices managed by the
EPICenter server. Extreme Networks proprietary traps are identified as such. For Extreme Networks devices, the level of support in ExtremeWare and ExtremeXOS is also indicated.
SNMP Trap Events
Table 58: SNMP Trap Events
Event
Authentication Failed
BGP Backward
Transition
BGP Established
BGP M2 Max
Exceeded
BGP M2 Threshold
Reached
BGP Prefix Max
Exceeded
BGP Prefix Reached
Threshold
CPU Health Check
Failed
CPU Utilization Falling
Threshold
CPU Utilization Rising
Threshold
Definition
This trap indicates that a SNMP request with an invalid community string is issued to the device.
This event is generated when the BGP FSM moves from a higher numbered state to a lower numbered state.
This event is generated when the BGP FSM enters the
ESTABLISHED state.
Extreme Networks proprietary trap. Indicates that the number of prefixes received over this peer session has reached the maximum configured limit. (BGP4-V2)
Extreme Networks proprietary trap. Indicates that the number of prefixes received over this peer session has reached the threshold limit. (BGP4-V2)
Extreme Networks proprietary trap. Indicates that the number of prefixes received over this peer session has reached the maximum configured limit.
Extreme Networks proprietary trap. Indicates that the number of prefixes received over this peer session has reached the threshold limit.
Extreme Networks proprietary trap. Indicates that the CPU
Health Check has failed.
Extreme Networks proprietary trap. CPU Utilization Falling Trap is generated when the extremeCpuAggregateUtilization falls below 80% of the extremeCpuUtilRisingThreshold.
Extreme Networks proprietary trap. CPU Utilizations Rising trap is generated when the value of extremeCpuAggregateUtilization touches/crosses extremeCpuUtilRisingThreshold.
ExtremeWare/
ExtremeXOS
Version
ExtremeWare All/
ExtremeXOS 11.2
ExtremeWare 6.1.5
Not supported in
EXOS
ExtremeWare 6.1.5
Not supported in
EXOS
EXOS 10.1
EXOS 10.1
ExtremeWare 6.2.2
Not supported in
EXOS
ExtremeWare 6.2.2
Not supported in
EXOS
ExtremeWare 6.2
Not supported in
EXOS
ExtremeWare 6.2
Not supported in
EXOS
EPICenter Reference Guide 527
528
Event Types for Alarms
Table 58: SNMP Trap Events (continued)
Event
Cold Start
DOS Threshold Cleared
DOS Threshold
Reached
Dsx1 Line Status
Change
Dsx1 Loss of Master
Clock
Dsx1 No Loss of
Master Clock
Dsx3 Line Status
Change
Dsx3 Loss of Master
Clock
Dsx3 No Loss of
Master Clock
EAPS Fail Timer
Expired Flag Cleared
EAPS Fail Timer
Expired Flag Set
EAPS Link Down Ring
Complete
EAPS State Change
EDP Neighbor Added
EDP Neighbor
Removed
Definition
This trap indicates that the device is rebooted by power recycling. Extreme switches always send out this trap after a reboot. <
Extreme Networks proprietary trap. Generated with the DOS threshold is cleared.
Extreme Networks proprietary trap. Generated when the DOS threshold is crossed for any of the ports.
Extreme Networks proprietary trap. Indicates that the DS1 line status change for the specified interface has been detected.
Extreme Networks proprietary trap. Indicates that the wanDsx1LossOfMasterClock event for the specified interface has been detected.
Extreme Networks proprietary trap. Indicates that the wanDsx1NoLossOfMasterClock event for the specified interface has been detected.
Extreme Networks proprietary trap. Indicates that the T3 line status change for the specified interface has been detected.
Extreme Networks proprietary trap. Indicates that the wanDsx3LossOfMasterClock event for the specified interface has been detected.
Extreme Networks proprietary trap. Indicates that the wanDsx3NoLossOfMasterClock event for the specified interface has been detected.
ExtremeWare/
ExtremeXOS
Version
ExtremeWare All/
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare
6.1.8b66/
Not supported in
ExtremeXOS
ExtremeWare
6.1.8b66
Not supported in
ExtremeXOS
ExtremeWare
6.1.8b66
Not supported in
ExtremeXOS
ExtremeWare
6.1.8b66
Not supported in
ExtremeXOS
ExtremeWare
6.1.8b66
Not supported in
ExtremeXOS
ExtremeWare
6.1.8b66
Not supported in
ExtremeXOS
ExtremeXOS 10.1 Extreme Networks proprietary trap. Generated when the EAPS domain’s fail timer is cleared.
Extreme Networks proprietary trap. Generated when the EAPS domain’s fail timer expires for the first time, while its state is
NOT the failed state.
Extreme Networks proprietary trap. Indicates that a transit that is in a Link Down state has received a Health-Check-Pdu from the Master indicating that the link is complete. This indicates a problem with the transit switch that has issued this trap.
Extreme Networks proprietary trap. Generated when an EAPS domain has a state change.
Extreme Networks proprietary trap. A new neighbor has been discovered through the Extreme Discovery Protocol (EDP).
Extreme Networks proprietary trap. No EDP updates have been received from this neighbor within the configured time-out period, and this neighbor entry has been aged out by the device.
ExtremeXOS 10.1
ExtremeXOS 10.1
ExtremeXOS 10.1
ExtremeWare 6.1
ExtremeXOS 10.1
ExtremeWare 6.1
ExtremeXOS 10.1
EPICenter Reference Guide
SNMP Trap Events
Table 58: SNMP Trap Events (continued)
Event
EGPNbrLoss
Definition
An EGP neighbor, for which the device is an EGP peer, is down and the peer relationship no longer exists. An Extreme Networks switch never sends out this trap.
Extreme Networks proprietary trap. Generated when the ELRP client detects a loop in the VLAN.
ExtremeWare/
ExtremeXOS
Version
None
ELRP VLAN Loop
Detected
ExtremeWare 7.3
Not supported in
EXOS
ESRP Master Reelection After MSM
Failover
ESRP State Change
Enhanced DOS
Threshold Cleared
Extreme Networks proprietary trap. Indicates this device was elected master when the previous master node failed to resume normal operation within the reelect timeout after performing a hitless MSM failover.
Extreme Networks proprietary trap. Indicates that the ESRP state (master or slave) of a VLAN has changed on the device.
Not supported in
EXOS
Extreme Networks proprietary trap. Generated when the DOS threshold is cleared (if enhanced DOS protection is enabled).
ExtremeWare 6.0
Not supported in
EXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Enhanced DOS
Threshold Reached
Entity MIB Changed
Fan Failed
Fan OK
Health Check Failed
Invalid Login
Link Down
Link Up
MAC Address Detected
On Locked Port
Extreme Networks proprietary trap. Generated when the DOS threshold is crossed for any of the ports (if enhanced DOS protection is enabled).
Indicates a change has been made to a row in a table in the
Entity MIB (a row has been added, deleted, or modified).
Extreme Networks proprietary trap. This trap indicates one or more of the cooling fans inside the device has failed. A fan OK trap will be sent once the fan has attained normal operation.
This trap is sent repetitively every 30 seconds until all the fans are back to normal condition.
Extreme Networks proprietary trap. This trap indicates that a fan has transitioned out of a failure state and is now operating correctly.
Extreme Networks proprietary trap. The CPU HealthCheck has failed.
Extreme Networks proprietary trap. This trap indicates that a user attempted to login to console or by Telnet but was refused access due to incorrect user name or password. The trap is issued after three consecutive failure of log in.
Indicates that a link is transitioning to the down state from a previous active state.
Indicates that a port is transitioning from the down state to another (active) state.
Extreme Networks proprietary trap. Generated on a port for which lock-learning has been configured, when a new MAC address is learned on that port.
All
All
ExtremeWare 6.1.9
ExtremeXOS 10.1
All
All
All
MAC Address Detected
On Unauthorized Port
MAC Address Learning
Limit Exceeded
Extreme Networks proprietary trap. Generated when a MAC address is learned on a port on which it is not authorized. This happens when the MAC address is statically configured as a
'secure mac' on some other port(s).
Extreme Networks proprietary trap. Generated when a new MAC address exceeding the limit is learned on a port on which limitlearning has been configured.
ExtremeWare 7.0
SR1
Not supported in
ExtremeXOS
ExtremeWare 7.0
SR1
Not supported in
ExtremeXOS
ExtremeWare 7.0
SR1
Not supported in
ExtremeXOS
EPICenter Reference Guide 529
530
Event Types for Alarms
Table 58: SNMP Trap Events (continued)
Event Definition
ExtremeWare/
ExtremeXOS
Version
MSM Failover Occurred Extreme Networks proprietary trap. An MSM Failover occurred. ExtremeXOS 10.1
Main Power Usage Off ExtremeXOS 11.1
Main Power Usage On
Indicates the PSE Threshold usage indication off, the usage power is below the threshold. At least 500 msec must elapse between notifications being emitted by the same object instance.
Indicates the PSE threshold usage indication is on, and the usage power is above the threshold. At least 500 msec must elapse between notifications being emitted by the same object instance.
ExtremeXOS 11.1
Netlogin
Authentication Failure
Netlogin User Login
Netlogin User Logout
OSPF Interface
Authentication Failure
Extreme Networks proprietary trap. Generated upon authentication failure for a netlogin supplicant.
Extreme Networks proprietary trap. Generated when a netlogin supplicant passes authentication and logs in successfully into the network.
Extreme Networks proprietary trap. Generated when an authenticated and logged in netlogin supplicant logs out.
An ospfIfAuthFailure trap signifies that a packet has been received on a non-virtual interface from a router whose authentication key or authentication type conflicts with this router’s authentication key or authentication type.
Not supported in
ExtremeXOS
Not supported in
ExtremeXOS
Not supported in
ExtremeXOS
ExtremeWare 6.1.9
ExtremeXOS 10.1
OSPF Interface Config
Error
ExtremeWare 6.1.9
ExtremeXOS 10.1
OSPF Interface
Receive Bad Packet
OSPF Interface State
Change
OSPF LSDB
Approaching Overflow
OSPF LSDB Overflow
OSPF Max_Age LSA
OSPF Neighbor State
Change
An ospfIfConfigError trap signifies that a packet has been received on a non-virtual interface from a router whose configuration parameters conflict with this router’s configuration parameters. Note that the event optionMismatch should cause a trap only if it prevents an adjacency from forming.
An ospfIfRxBadPacket trap signifies that an OSPF packet has been received on a non-virtual interface that cannot be parsed.
An ospfIfStateChange trap signifies that there has been a change in the state of a non-virtual OSPF interface. This trap should be generated when the interface state regresses (e.g., goes from Dr to Down) or progresses to a terminal state (i.e.,
Point-to-Point, DR Other, Dr, or Backup).
An ospfLsdbApproachingOverflow trap signifies that the number of LSAs in the router’s link-state database has exceeded ninety percent of ospfExtLsdbLimit.
An ospfLsdbOverflow trap signifies that the number of LSAs in the router’s link-state database has exceeded ospfExtLsdbLimit.
An ospfMaxAgeLsa trap signifies that one of the LSA in the router’s link-state database has aged to MaxAge.
An ospfNbrStateChange trap signifies that there has been a change in the state of a non- virtual OSPF neighbor. This trap should be generated when the neighbor state regresses (e.g., goes from Attempt or Full to 1-Way or Down) or progresses to a terminal state (e.g., 2-Way or Full). When an neighbor transitions from or to Full on non-broadcast multi-access and broadcast networks, the trap should be generated by the designated router. A designated router transitioned to Down will be noted by ospfIfStateChange.
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
EPICenter Reference Guide
SNMP Trap Events
Table 58: SNMP Trap Events (continued)
Event
OSPF Originate LSA
OSPF TX_Retransmit
OSPF Virtual Interface
Authentication Failure
OSPF Virtual Interface
Config Error
OSPF Virtual Interface
Receive Bad Packet
OSPF Virtual Interface
State Change
OSPF Virtual Interface
TX Retransmit
OSPF Virtual Neighbor
State Change
Overheat
Ping Probe Failed
Definition
An ospfOriginateLsa trap signifies that a new LSA has been originated by this router. This trap should not be invoked for simple refreshes of LSAs (which happens every 30 minutes), but instead will only be invoked when an LSA is (re)originated due to a topology change. Additionally, this trap does not include LSAs that are being flushed because they have reached
MaxAge.
An ospfTxRetransmit trap signifies than an OSPF packet has been retransmitted on a non- virtual interface. All packets that may be retransmitted are associated with an LSDB entry. The
LS type, LS ID, and Router ID are used to identify the LSDB entry.
An ospfVirtIfAuthFailure trap signifies that a packet has been received on a virtual interface from a router whose authentication key or authentication type conflicts with this router’s authentication key or authentication type.
An ospfVirtIfConfigError trap signifies that a packet has been received on a virtual interface from a router whose configuration parameters conflict with this router’s configuration parameters.
Note that the event optionMismatch should cause a trap only if it prevents an adjacency from forming.
An ospfVirtIfRxBadPacket trap signifies that an OSPF packet has been received on a virtual interface that cannot be parsed.
An ospfVirtIfStateChange trap signifies that there has been a change in the state of an OSPF virtual interface. This trap should be generated when the interface state regresses (e.g., goes from Point- to-Point to Down) or progresses to a terminal state (i.e., Point-to-Point).
An ospfVirtIfTxRetransmit trap signifies than an OSPF packet has been retransmitted on a virtual interface. All packets that may be retransmitted are associated with an LSDB entry. The
LS type, LS ID, and Router ID are used to identify the LSDB entry.
An ospfVirtNbrStateChange trap signifies that there has been a change in the state of an OSPF virtual neighbor. This trap should be generated when the neighbor state regresses (e.g., goes from Attempt or Full to 1-Way or Down) or progresses to a terminal state (e.g., Full).
Extreme Networks proprietary trap. Indicates the on board temperature sensor has reported an overheat condition. This indicates the temperature has reached the Overheat threshold.
The switch will continue to function until it reaches its shutdown threshold. The system will then shutdown until the unit has sufficiently cooled such that operation may begin again. A cold start trap will be issued when the unit has come back on line. This trap is sent repetitively every 30 seconds until the temperature goes back to normal.
Generated when a probe failure is detected when the corresponding pingCtlTrapGeneration object is set to probeFailure(0) subject to the value of pingCtlTrapProbeFailureFilter. The object pingCtlTrapProbeFailureFilter can be used to specify the number of successive probe failures that are required before this notification can be generated.
ExtremeWare/
ExtremeXOS
Version
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
ExtremeWare 6.1.9
ExtremeXOS 10.1
All
ExtremeWare 6.1.9
Not supported in
ExtremeXOS
EPICenter Reference Guide 531
532
Event Types for Alarms
Table 58: SNMP Trap Events (continued)
Event
Ping Test Completed
Ping Test Failed
PoE PSU Status
Changed
Port Diagnostics
Power Supply Failed
Power Supply OK
Processor State Change
Trap
Pse Port On/Off
Redundant Power
Supply Failed
Redundant Power
Supply OK
SLB Unit Added
SLB Unit Removed
STP New Root
Definition
Generated at the completion of a ping test when the corresponding pingCtlTrapGeneration object is set to testCompletion(4).
Generated when a ping test is determined to have failed when the corresponding pingCtlTrapGeneration object is set to testFailure(1). In this instance pingCtlTrapTestFailureFilter should specify the number of probes in a test required to have failed in order to consider the test as failed.
Extreme Networks proprietary trap. Indicates a change in the
PoE PSU for the slot.
Extreme Networks proprietary trap. Indicates the status of
Diagnostics for a port. The status indicates whether Diagnostics for a particular port failed.
Extreme Networks proprietary trap. This trap indicates that one or more sources of power have failed. Presumably a redundant power-supply has taken over. This trap is sent repetitively every
30 seconds until all the power supplies are back to normal condition.
Extreme Networks proprietary trap. This trap indicates that one or more previously bad sources of power have come back to life without causing the device to restart.
Extreme Networks proprietary trap. This trap indicated a failed processor on a module is detected.
Indicates a change in the power delivery status of the PSE port
(whether the port is delivering power or not. This notification should be sent on every status change except in the searching mode. At least 500 msec must elapse between notifications emitted by the same object instance.
Extreme Networks proprietary trap. This trap indicates that the attached redundant power supply device is indicating an alarm condition. This trap is sent repetitively every 30 seconds until the redundant power supply is back to normal condition.
Extreme Networks proprietary trap. This trap indicates that the attached redundant power supply device is no longer indicating an alarm condition.
Extreme Networks proprietary trap. Indicates that the server load balancer has activated a group of virtual servers that it normally would not activate. This may be due to the failure of another server load balancer.
Extreme Networks proprietary trap. Indicates that the server load balancer has deactivated a group of virtual servers that it normally has active. This indicates that something is wrong in the server load balancer; for example, its ping check may be failing.
Extreme Networks proprietary trap. Indicates that the sending agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.g., upon expiration of the Topology Change Timer immediately subsequent to its election.
ExtremeWare/
ExtremeXOS
Version
ExtremeWare 6.1.9
Not supported in
ExtremeXOS
ExtremeWare 6.1.9
Not supported in
ExtremeXOS
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
All
All
ExtremeXOS 11.1
ExtremeWare All/
Not supported in
EXOS
ExtremeWare All/
Not supported in
EXOS
ExtremeWare 6.1
Not supported in
EXOS
ExtremeWare 6.1
Not supported in
EXOS
ExtremeWare 6.2.2
ExtremeXOS 10.1
EPICenter Reference Guide
SNMP Trap Events
Table 58: SNMP Trap Events (continued)
Event
STP Topology Change
Slot Change
Smarttrap
Stack Member Status
Changed
Stacking Port Status
Changed
Warm Start
Wireless AP Added
Wireless AP Removed
Wireless AP Updated
Wireless Client
Netlogin Client
Associated
Wireless Client Station
Aged Out
Wireless Counter
Measure Started
Wireless Counter
Measure Stopped
Wireless Off Channel
Scan Finished
Wireless Off Channel
Scan Started
Definition
Extreme Networks proprietary trap. A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state, or from the
Forwarding state to the Blocking state. The trap is not sent if a newRoot trap is sent for the same transition.
Extreme Networks proprietary trap. This trap indicates that the value of the extremeSlotModuleState for the specified extremeSlotNumber has changed.
Extreme Networks proprietary trap. This trap indicates that the value of one of the object identifiers (or the value of an object below that in the MIB tree) defined in the extremeSmartTrapRulesTable has changed, and hence a new entry has been created in the extremeSmartTrapInstanceTable.
Such a trap is sent at most once every thirty seconds if one or more entry was created in the last thirty seconds.
Extreme Networks proprietary trap. Generated when the operational status of the stacking member changes.
Extreme Networks proprietary trap. Generated when the operational status of the stacking port changes.
ExtremeWare/
ExtremeXOS
Version
ExtremeWare 6.2.2
ExtremeXOS 10.1
ExtremeWare All/
ExtremeXOS 11.1
All
ExtremeWare 7.4
Not supported in
ExtremeXOS
ExtremeWare 7.4
Not supported in
ExtremeXOS
All Trap indicates that the device has been rebooted without power recycling. An Extreme switch never sends out this trap.
Extreme Networks proprietary trap. Generated when a new AP is added to the scan results table. Generated only if the value of extremeWirelessScanSendAPAddedTrap is true.
Extreme Networks proprietary trap. Generated when an AP is removed from the scan results table. Generated only if the value of extremeWirelessScanSendAPRemovededTrap is true.
Extreme Networks proprietary trap. Generated when the IEs recorded for an AP in the scan results table change. Generated only if the value of extremeWirelessScanSendAPUpdatedTrap is true.
Extreme Networks proprietary trap. Generated when a client associates to an interface that is web based network login enabled.
Extreme Networks proprietary trap. Generated when a client is aged out of the table.
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
Extreme Networks proprietary trap. Generated when counter measures are started on a wireless interface.
Extreme Networks proprietary trap. Generated when counter measures are stopped on a wireless interface.
Extreme Networks proprietary trap. Generated when an offchannel scan finishes running.
Extreme Networks proprietary trap. Generated when an offchannel scan starts running.
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
EPICenter Reference Guide 533
534
Event Types for Alarms
Table 58: SNMP Trap Events (continued)
Event
Wireless Port Boot
Failed
Wireless Port State
Changed
Wireless Probe Info
Added
Wireless Probe Info
Removed lldp Remote Table
Changed
Definition
Extreme Networks proprietary trap. Sent by the platform if a wireless port fails to boot too many times.
Extreme Networks proprietary trap. Generated when a wireless port moves into enabled, disabled, or online state.
Extreme Networks proprietary trap. Generated when a new station is added to the probe info table. Generated only if the value of extremeWirelessProbeInfoSendAddedTrap is true.
Extreme Networks proprietary trap. Generated when a station is removed from the probe info table. Generated only if the value of extremeWirelessProbeInfoSendRemovedTrap is true.
A lldpRemTablesChange notification is sent when the value of lldpStatsRemTableLastChangeTime changes. It can be utilized by an NMS to trigger LLDP remote systems table maintenance polls.
Note that transmission of lldpRemTablesChange notifications are throttled by the agent, as specified by the
'lldpNotificationInterval' object.
ExtremeWare/
ExtremeXOS
Version
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeWare 7.3
Not supported in
ExtremeXOS
ExtremeXOS 11.4/
Supported by Avaya devices
Configuring SNMP Trap Events
There are a number of SNMP events that require configuration on the switch before they can be used in
EPICenter alarm definitions. If the configuration is not done on the switch, no trap events are generated, and no EPICenter alarms for those events can occur. The Ping and OSPF traps fall into this category.
To configure the switch to send one of these traps, you must use a tool that allows you to set the value of the appropriate SNMP variable. Tools such as SNMPc can be used to perform this function. The following information assumes that you have a thorough understanding of SNMP and an appropriate
SNMP utility.
Refer to the appropriate MIBs for details of the variable settings:
● Ping MIB: pingmib.mib (RFC 2925)
● OSPF v2 MIB: RFC 1850 or RFC 1850t
Table 59: Trap Variable Configuration
Trap
Ping Probe Failed
Ping Test Failed
Ping Test Completed
Variables set pingCtlTrapGeneration bit 0 ON to enable trap.
set pingCtlTrapProbeFailureFilter to specify the number of successive probe failures that must occur to generate a Probe
Failed trap. set pingCtlTrapGeneration bit 1 ON to enable trap.
set pingCtlTrapTestFailureFilter to specify the number of successive test failures that must occur to generate a Test Failed trap. set pingCtlTrapGeneration bit 2 ON to enable the trap.
EPICenter Reference Guide
Table 59: Trap Variable Configuration
Trap
OSPF Virtual Interface State Change
OSPF Neighbor State Change
OSPF Virtual Neighbor State Change
OSPF Interface Config Error
OSPF Virtual Interface Config Error
OSPF Interface Authentication Failure
OSPF Virtual Interface Authentication
Failure
OSPF Interface Receive Bad Packet
OSPF Virtual Interface Receive Bad Packet
OSPF TX_Retransmit
OSPF Virtual Interface TX Retransmit
OSPF Originate LSA
OSPF Max_Age LSA
OSPF LSDB Overflow
OSPF LSDB Approaching Overflow
OSPF Interface State Change
Variables set ospfSetTrap bit 1 ON set ospfSetTrap bit 2 ON set ospfSetTrap bit 3 ON set ospfSetTrap bit 4 ON set ospfSetTrap bit 5 ON set ospfSetTrap bit 6 ON set ospfSetTrap bit 7 ON set ospfSetTrap bit 8 ON set ospfSetTrap bit 9 ON set ospfSetTrap bit 10 ON set ospfSetTrap bit 11 ON set ospfSetTrap bit 12 ON set ospfSetTrap bit 13 ON set ospfSetTrap bit 14 ON set ospfSetTrap bit 15 ON set ospfSetTrap bit 16 ON
RMON Rising and Falling Trap Events
RMON Rising and Falling Trap Events
An RMON rising trap indicates that the value of the monitored variable has risen to or above the rising threshold value. RMON rules need to be configured on a device for it to send out this trap. See
“Threshold Configuration” on page 127 ” for more information.
An RMON falling trap indicates that the value of the monitored variable has fallen to or below the falling threshold value. RMON rules need to be configured on a device for it to send out this trap. See
“Threshold Configuration” on page 127 ” for more information.
EPICenter Events
An EPICenter event is generated by the EPICenter server based on the results of its periodic polling. In some cases, an EPICenter event may result from the same condition that could generate an SNMP or other trap. An EPICenter event has the advantage that it guarantees that the condition will be detected
(by polling) even if the corresponding trap is missed.
Table 60: EPICenter Events, Detected Through Polling
Event
Configuration Upload Failed
Definition
The EPICenter server generates this event when it fails to upload configuration information from a device. This event occurs ONLY when the upload is attempted from EPICenter, not if it was attempted from Telnet,
ExtremeWare Vista or any other method.
EPICenter Reference Guide 535
536
Event Types for Alarms
Table 60: EPICenter Events, Detected Through Polling (continued)
Event
Configuration Upload OK
Device Policy Configuration
Device Reboot
Device Warning from EPICenter
Fan Failed
Definition
The EPICenter server generates this event when it successfully uploads configuration from a device. This event occurs ONLY when the upload is done from EPICenter, not from Telnet, ExtremeWare Vista or any other method.
The EPICenter server generates this event when it encounters a problem configuring policies on a device using ACL and QoS.
The EPICenter server generates this event for a device when it detects a device reboot (cold start or warm start). Unlike the cold start or warm start
SNMP trap, EPICenter generates this event by polling the device.
For Extreme Networks devices only. The EPICenter server generates this event in one of two situations:
• If the server detects an infinite loop while walking the device’s SNMP
MIB (may occur with ExtremeWare 4.1.19b2).
• If the device has a bad serial number reported through SNMP (may occur with ExtremeWare 6.2.1 on the BlackDiamond 6816).
For Extreme Networks devices only. The EPICenter server generates this event for an Extreme device when it detects, via polling, a transition from fan OK to fan failed condition on the device. Unlike the SNMP Fan Failed trap event, this event is generated only once, based on a state transition.
As an alternative, you can detect a Fan Failed condition by using the
SNMP Fan Failed trap, which will be generated every 30 seconds until the condition is corrected.
High Trap Count
One-Shot Event No Longer Valid
Overheat
Power Supply Failed
For Extreme Networks devices only. The EPICenter server generates this event for an Extreme device when it detects a transition from normal temperature to overheat condition on the device. Unlike the SNMP overheat trap event, this event is based on a state transition, and will be generated only once. As an alternative, you can detect an Overheat condition by using the SNMP Overheat trap, which will be generated every
30 seconds until the condition is corrected.
For Extreme Networks devices only. The EPICenter server generates this event if the device reports a power supply failure.
Rogue Access Point Found
SNMP Reachable
SNMP Unreachable
The EPICenter server generates this event when the state of communication with the device transitions from unreachable to reachable.
The EPICenter server generates this event when it fails to communicate with a device following a previously successful communication. In other words, this event is generated when the state of communication with the device transitions from reachable to unreachable.
Stack Member Down
Stacking Link Down
Syslog Flood The EPICenter server generates this event if the server receives syslog messages at a rate that exceeds the user-defined limit set in the
Administration applet via the Scalability Properties. See
for more information.
EPICenter Reference Guide
B
EPICenter Backup
This appendix describes the following:
● The EPICenter Alarm Log and Event Log backup files
●
●
The DBVALID command-line database validation utility
The DBBACKUP command-line database backup utility
EPICenter Log Backups
Both the EPICenter Event Log and Alarm Log files are kept in tables in the EPICenter database. These tables can contain approximately 50,000 and 12,000 entries, respectively.
When the EPICenter server starts, it checks once an hour to determine if either of these logs has reached its maximum size. When one reaches 115% of its maximum, EPICenter moves the oldest 10% of the entries to a backup file, and clears those entries from the table.
For Windows, the backup files are created in the directory <install_dir>/user , where <install_dir> is the root directory of the EPICenter install, by default c:\Program Files\Extreme
Networks\EPICenter 6.0
. For Solaris, the backup files are created in the directory /opt/
ExtremeNetworks/EPICenter6.0/user.war
, where /opt/ExtremeNetworks/EPICenter6.0
is the
<install_dir> .
●
●
The Alarm Log is backed up to the file Alarm_Log.txt
The Event Log is backed up to the file Event_Log.txt
Each primary backup file is in turn backed up to a secondary file when it reaches its maximum size of approximately 30 MB for Event_Log.txt
and 6 MB for Alarm_Log.txt
.
●
●
Alarm_Log.txt
is backed up to the file Alarm_Log.old
Event_Log.txt
is backed up to the file Event_Log.old
The primary file is then emptied.
When the primary file becomes full for the second time, the secondary backup file will be overwritten with the new contents of the primary backup file.
If you want to maintain a complete set of log file backups over time, you should save the *_Log.txt
and *_Log.old
files periodically.
Database Utilities
Sybase database validation and backup utilities are shipped with the EPICenter software.
The Validation utility validates all indexes and keys on some or all of the tables in the database. The
Validation utility scans the entire table and looks up each record in every index and key defined in the
EPICenter Reference Guide 537
538
EPICenter Backup table. This utility can be used in combination with regular backups to give you confidence in the security of the data in your database.
The Backup utility makes a backup copy of all data in the database, except for user names and passwords, which are kept in separate files. Backing up your database regularly ensures that you will not need to re-enter or recreate all the switch, VLAN, Topology, and Alarm information in the event that the database is corrupted or destroyed.
Both database utilities are found in the <install_dir>\database directory. < install_dir > is the directory where you installed the EPICenter software. Substitute the name of the actual directory for
< install_dir > when you run these commands.
NOTE
In the Solaris operating system, you must ensure that the EPICenter database path is set in the LD_LIBRARY_PATH
environment variable. This should be set to <install_dir>/database where <install_dir> is the root
directory of the EPICenter install, for example /opt/ExtremeNetworks/EPICenter6.0.
The Validation Utility
The Validation utility validates all indexes and keys on some or all of the tables in the database. Access the Validation utility from the MS DOS or Solaris command line using the dbvalid command. This convention also allows incorporation into batch or command files.
Using the DBVALID Command-Line Utility
To validate the EPICenter database running under Windows, use the command:
<install_dir>\database\dbvalid -c
“uid=dba;pwd=sql;eng=EPIC51;dbf=<install_dir>\basecamp.db”
Under Solaris, use the command:
<install_dir>/database/dbvalid -c
“uid=dba;pwd=sql;eng=EPIC51;dbf=<install_dir>/basecamp.db”
This example assumes a database user ID of dba , with password sql . These are the defaults used when the database server is installed through the EPICenter installation process. If you have changed your database user ID and password, substitute your actual user ID and password in the command.
< install_dir > is the directory where the EPICenter software is installed. Substitute the actual directory name in the command.
This operation should report no errors. If there are errors, the system should be stopped and a backup
EPICenter software must be re-installed.
Syntax: dbvalid [switches]
EPICenter Reference Guide
The Backup Utility
Table 61: dbvalid Command Switches
Switch
-c “keyword=value; ...”
Description
Supply database connection parameters
Database Connection Parameters
These are the parameters for the -c command-line switch. If the connection parameters are not specified, connection parameters from the SQLCONNECT environment variable are used, if set.
Table 62: Database Connection Parameters for dbvalid Utility
uid=< user name> pwd=< password> dbf=< database_file> eng=EPIC51
The user name used to login to the database. Default is dba. The user ID must have DBA authority.
The password used to login to the database. Default is sql.
The name of the file that stores the data. This is the file to be validated.
The name of the database engine. This value must be EPIC51 for EPICenter
6.0.
The connection parameters are separated by semicolons, and the entire set must be quoted. For example, under Windows, the following validates the EPICenter, connecting as user ID dba with password sql:
<install_dir>\database\dbvalid -c
“uid=dba;pwd=sql;eng=EPIC51;dbf=<install_dir>\basecamp.db”
The Backup Utility
The Backup utility makes a backup copy of all data in the database, except for user names and passwords. Access the Backup utility from the MS DOS or Solaris command line using the dbbackup command. This convention also allows incorporation into batch or command files.
The DBBACKUP Command-Line Utility
To back up the EPICenter database running under Windows, use the command:
<install_dir>\database\dbbackup -c
“uid=dba;pwd=sql;eng=EPIC51;dbf=<install_dir>\basecamp.db” <backup_dir>
Under Solaris, use the command:
<install_dir>/database/dbbackup -c
“uid=dba;pwd=sql;eng=EPIC51;dbf=<install_dir>/basecamp.db” <backup_dir>
This example assumes a database user ID of dba
, with password sql
. These are the defaults used when the database server is installed through the EPICenter installation process. If you have changed your database user ID and password, substitute your actual user ID and password in the command.
< install_dir > is the directory where the EPICenter software is installed. Substitute the actual directory name in the command.
EPICenter Reference Guide 539
540
EPICenter Backup
< backup_dir > is the directory where the backup copy of the database should be stored. Substitute an actual directory name in the command.
This command generates a backup of the database in the specified backup directory. The backup consists of two files, basecamp.db
and basecamp.log
. All database files are backed up. These files should be saved so they can be used to replace the original files in the event of a problem.
NOTE
Do not stop the EPICenter server to perform daily backups of the database. This action is not necessary and will prevent the alarm and event logs from truncating.
Syntax: dbbackup [switches] directory
Table 63: dbbackup Command Switches
Switch
-c “keyword=value; ...”
-y
Description
Supply database connection parameters
Replace files without confirmation
Database Connection Parameters
These are the parameters for the
-c
command-line switch. If the connection parameters are not specified, connection parameters from the SQLCONNECT environment variable are used, if set.
Table 64: Database Connection Parameters for dbbackup Utility
uid= <user name> pwd= <password> dbf=< database_file> eng=EPIC51
The user name used to login to the database. Default is dba. The user ID must have
DBA authority.
The password used to login to the database. Default is sql.
The name of the file that stores the data. This is the file to be backed up.
The name of the database engine. This value must be EPIC51 for EPICenter 6.0.
The connection parameters are separated by semicolons, and the entire set must be quoted. For example, under Windows, the following backs up the EPICenter database basecamp.db, connecting as user ID dba
with password sql
:
<install_dir>\database\dbbackup -c
“uid=dba;pwd=sql;eng=EPIC51;dbf=<install_dir>\basecamp.db” c:\tmp
Installing a Backup Database
The backup database is named basecamp.db
, and is kept in the directory you specified when you ran the dbbackup command ( c:\tmp in the example).
To replace a damaged database with the backup copy, follow these steps:
1 Shut down the EPICenter software following the instructions for your operating system in the
EPICenter Installation and Upgrade Note.
2 Move or delete the old copy of basecamp.db
and basecamp.log
found in the EPICenter installation directory.
EPICenter Reference Guide
The Backup Utility
3 Copy the backup copy of basecamp.db
and basecamp.log to the EPICenter installation directory.
4 Restart the EPICenter software following the instructions in the EPICenter Installation and Upgrade
Note for your operating system.
EPICenter Reference Guide 541
EPICenter Backup
542 EPICenter Reference Guide
C
The Spanning Tree Monitor
This chapter describes how to use the EPICenter Spanning Tree Monitor module for:
●
●
●
Viewing the configuration and status of STP domains
Viewing the status and configuration of VLANs associated with an STP domain
Viewing the status and configuration of devices and ports associated with an STP domain
NOTE
In order for the EPICenter server to acquire information about a device’s STPD configuration, that device must be running ExtremeWare 6.2.2 or later. Prior to version 6.2.2, the ExtremeWare SNMP agent did not provide Spanning
Tree information.
Overview of the Spanning Tree Monitor
The EPICenter Spanning Tree Monitor module displays information about STP domains at the domain,
VLAN, device, and port levels.
STP is a bridge-based mechanism for providing fault tolerance on networks. In the Extreme Networks implementation of STP, a switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent Spanning Tree instance, called a Spanning Tree Domain (STPD). Each STP domain has its own root bridge and active path. After an STPD is created, one or more VLANs can be assigned to it, depending on the mode of the ports.
The default switch configuration includes a single STP domain called s0. The default VLAN is a member of STPD s0.
STP ports can run in one of three modes:
●
●
●
802.1D mode. which conforms to the IEEE 802.1D standard.
Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode, an Extreme implementation of
STP that allows a port to belong to multiple STP domains. This is the default on Extreme switches.
Enhanced Per-VLAN Spanning Tree Protocol (PVST+) mode, an STP implementation widely deployed on many vendors’ switches, that is interoperable with 802.1Q spanning tree.
A physical port can belong to multiple STPDs through membership in multiple VLANs, if the port is in
EMISTP mode. In addition, a single VLAN can span multiple STPDs.
STP configuration must be done through the EPICenter Telnet applet or through the ExtremeWare command line interface. The STP monitor displays summary and detailed STP configuration information about the devices being managed by the EPICenter server. It allows you to view STP configuration information network-wide rather than only device by device as is the case through the
ExtremeWare CLI.
The EPICenter server receives STP topology information through traps from the SNMP agent in the switch, and through polling. Not all STP-related changes generate traps—for example, updating the root port and path cost for the previous root when the root changes. The EPICenter server relies on
EPICenter Reference Guide 543
544
The Spanning Tree Monitor device polling to detect these types of changes. However, device polling by default is only done every
90 minutes, so if you want STP status updated more frequently, you may want to group your STP devices into their own device group and change the polling interval to a more appropriate interval.
For more details on STP, see the ExtremeWare Software User Guide.
STP Monitor Functions
The STP Monitor feature does not provide any feature-specific menus. The four standard menus are available (EPICenter, Display, Tools and Help) but none of the commands on the Tools menu are available.
For information on the standard EPICenter menu functions, see
“EPICenter Menus” on page 32 .
Viewing STP Domain Properties from Pop-Up Menus
You can select an STP domain, VLAN, or a device in the Component Tree, then right-click to display a pop-up menu that contains commands relevant to the selected device or device group.
See
“Right-Click Pop-Up Menus” on page 38
for basic information about using pop-up menus.
The contents of a pop-up menu depends on the type of item you have selected in the Component Tree.
●
●
If you select a specific STP domain or VLAN, the pop-up menu provides a Properties command.
If you select a device, all the commands shown in Table 65 are available.
Table 65: Pop-Up Menu Commands
Device >
Macros >
Properties
Same as the Device command from the Tools menu. Provides a submenu of commands:
Alarms, Sync, Telnet, Viewer, VLANs, Device Manager. See “The Device Sub-Menu” on page 39
for a description of each command.
Same as the Macros command from the Tools menu. See “The Macros Sub-Menu” on page 41
for more information.
Same as the Properties command from the Display menu.
• If a VLAN is selected, this opens the VLAN Properties window. See
“VLAN Properties” on page 341 for more information.
• For an STP domain, this opens the STP Properties window. See “STP Properties” on page 550
for more information.
Displaying STP Domain Information
Click the STP button in the EPICenter Navigation Toolbar to run the Spanning Tree Monitor module.
The STP Domains window appears, as shown in Figure 275 .
EPICenter Reference Guide
Figure 275: STP Domains view
Displaying STP Domain Information
This view, displayed when the root node of the Component Tree is selected, and shows information about the STP domains configured on the devices managed by the EPICenter server that are running
ExtremeWare 6.2.2 or later.
Under the root node the Component Tree displays all the STP domains identified by the EPICenter server. The VLANs included in the domain are listed as subcomponents of the domain. The VLANs in turn show the devices with ports that are members of the VLAN within the domain.
NOTE
Devices running earlier versions of ExtremeWare may also have Spanning Tree domains configured and enabled, but the EPICenter server is unable to obtain information about these domains because SNMP agent support for STP was added in version 6.2.2.
The information presented for each STP domain includes:
Name
Tag
Root
The name of the STP domain.
The 802.1Q tag of one of the wholly contained VLANs in the domain.
The device name, IP address, or MAC address of the device configured as the designated root of this STP domain. If STP is disabled for this domain, this field is blank.
EPICenter Reference Guide 545
The Spanning Tree Monitor
Root Max Age
Root Hello Time
Root Forward Delay
VLANs
Devices
Ports
The maximum allowable age for STP information learned by the root for this domain. If this age is reached, the current information is discarded and the Spanning Tree is recalculated. Value is in seconds.
The interval between transmission of Configuration BPDUs by the root for this domain.
Value is in seconds.
The forward delay time being used by the root for this domain. The forward delay is the time that a bridge remains in the learning and listening states, not forwarding data.
Value is in seconds.
The number of VLANs participating in this domain.
The number of devices participating in this domain.
The total number of ports participating in this domain, if the domain is enabled.
NOTE
If an untagged STP domain spans multiple switches and is configured with different tags on different switches, it may appear as separate STP domains in EPICenter’s STP Monitor.
Displaying STP VLAN Configurations
Select a specific STP domain in the Component Tree to view summary information about the VLANs in the selected domain. When you select an STP domain, the STP VLAN view appears, as shown in
Figure 276 .
Figure 276: STP VLANs view
546
This view shows information about the VLANs in the selected domain.
EPICenter Reference Guide
Displaying STP Domain Information
The information presented for each VLAN in the domain includes:
Name
Devices
Ports
The name of the VLAN.
The number of devices participating in this VLAN for this domain.
The number of ports participating in this VLAN in this domain, if the domain is enabled. This will be zero if the STP domain is disabled on the bridge.
The panel at the bottom of this view shows summary information about the STP domain in which these
VLANs are included.
Displaying STP Device Configurations
Select a specific STP VLAN in the Component Tree to view summary information about the devices in the selected VLAN that participate in the STP domain. When you select a VLAN, the STP Devices view appears, as shown in Figure 277 .
Figure 277: STP Devices view
This view shows information about the devices participating in the selected VLAN within this domain.
The information presented for each device includes:
Name
State
The name of the device.
The state of STP on this domain (enabled or disabled). If disabled, most of the remaining fields are zero.
EPICenter Reference Guide 547
548
The Spanning Tree Monitor
Configured Tag
Root
Root Port
Root Path Cost
Designated Bridge
Priority
Max Age
Hello Time
Forward Delay
Hold Time
Ports
The 802.1Q tag of one of the VLANs in the domain, as configured by the user.
Indicates whether this device is currently the STP root bridge for this domain (Yes or
No).
The port with the best path to the root bridge. It this device is the root bridge, this will be zero.
The cost of the path from this bridge to the root bridge. If this device is the root bridge, the cost will be zero.
Indicates whether this device is a designated bridge (transmits configuration BPDUs to other bridges on any of its ports).
The bridge priority of this bridge for this STP domain.
The maximum allowable age for STP information as determined by the root for this domain. If this age is reached, the current information is discarded and the Spanning
Tree is recalculated. Value is in seconds.
The interval between transmission of Configuration BPDUs by the root for this domain.
Value is in seconds.
The actual forward delay time as determined by the root for this STP domain. Value is in seconds.
The time during which no more than two configuration BPDUs can be transmitted by this node. Value is in seconds.
The number of ports on this bridge participating in this VLAN in this domain, if the domain is enabled. This will be zero if the STP domain is disabled on the bridge.
The panel at the bottom of this view shows summary information about the STP domain and VLAN with which these devices are associated.
Displaying STP Port Information
Select a device in the Component Tree to view information about the ports on the device that are members of the selected VLAN and STP domain. When you select a device, the STP Ports view appears, as shown in Figure 278 .
EPICenter Reference Guide
Figure 278: STP Ports view
Displaying STP Domain Information
This view shows information about ports on the selected device that are participating in an enabled STP domain. The information presented for each port includes:
Port
STP State
State
Mode
Priority
Port Cost
Designated Cost
Link
The device and port number.
Whether STP is enabled or disabled on this port.
The state of the port: Disabled, Blocking, Listening, Learning, or Forwarding
The port mode (802.1D, PVST or EMISTP).
The port priority of this port in this STP domain.
This port’s contribution to the cost of the path from this port to the root bridge for this
STP domain.
The total cost of the path from this port (the Designated Port) to the root bridge for this
STP domain.
The switch and port at the other side of the link.
The panel at the bottom of this view shows summary information about the STP domain, VLAN and device with which these ports are associated.
NOTE
If the domain is disabled, the port table will be empty.
EPICenter Reference Guide 549
550
The Spanning Tree Monitor
STP Properties
The STP Properties window displays the following information:
Name
Tag
Root
Root Max Age
Root Hello Time
Root Forward Delay
Number of VLANs
Number of Devices
Number of Ports
The name of the STP domain.
The 802.1Q tag of one of the wholly contained VLANs in the domain.
The device name, IP address, or MAC address of the device configured as the designated root of this STP domain. If STP is disabled for this domain, this field is blank.
The maximum allowable age for STP information learned by the root for this domain. If this age is reached, the current information is discarded and the Spanning Tree is recalculated. Value is in seconds.
The interval between transmission of Configuration BPDUs by the root for this domain.
Value is in seconds.
The forward delay time being used by the root for this domain. The forward delay is the time that a bridge remains in the learning and listening states, not forwarding data.
Value is in seconds.
The number of VLANs participating in this domain.
The number of devices participating in this domain.
The total number of ports participating in this domain, if the domain is enabled.
Click OK to close the window.
EPICenter Reference Guide
D
Voice over IP Manager
This document describes how to use the optional EPICenter Voice over IP Manager applet for:
● Configuring VLANs for use with IP phone sets
●
●
Configuring QoS profile and priority settings for VoIP VLANs
Computing the minimum and maximum bandwidth settings for the QoS profile used with a VoIP
VLAN
Overview of Voice over IP Management
The Voice over IP Manager module enables you to configure quality of service parameters for VLANs that are used for Voice over IP traffic. You can identify the VLANs that contain IP phone ports, specify which ports in the VLAN are the egress ports for VoIP traffic, and configure the priority and bandwidth parameters for those VLANs.
The VoIP applet computes the minimum bandwidth required for acceptable VoIP performance based on the number of VoIP phone ports in combination with the compression rates used in the IP phones for coding/decoding voice traffic. The VoIP applet can then configure the appropriate QoS settings on the switches on which the VoIP VLANs reside.
The EPICenter VoIP module is a separately licensed component of the EPICenter product family. When a VoIP applet license is installed on the EPICenter server, the VoIP icon appears in the Navigation
Toolbar at the left of your browser window.
If no icon is present, it indicates that no current license can be found for the VoIP module. See the
EPICenter Installation and Upgrade Note or the EPICenter Release Notes for information on obtaining and installing a license.
Viewing VoIP VLAN Settings
To view the VLANs configured for Voice over IP, click the Voice over IP button in the EPICenter
Navigation Toolbar. The main Voice over IP window appears, as shown in Figure 279 .
NOTE
for instructions on selecting VLANs for VoIP traffic.
EPICenter Reference Guide 551
Voice over IP Manager
Figure 279: Voice over IP main page showing VoIP VLANs
552
The Voice over IP window initially displays the Voice VLANs page. Only VLANs selected for Voice over IP are shown in this table. A message at the bottom of the window indicates how many VLANs have been configured for Voice over IP.
If you have selected VLANs to carry VoIP traffic, this page shows a summary of the configuration, switch by switch, of every VLAN that has been selected.
For each switch and VLAN, this table shows the following information:
VLAN
IP Address
Switch
QoS Profile
Priority
Min Bw
Max Bw
The name of the VLAN. This may appear in the list multiple times if the VLAN is configured on more than one switch.
The IP address assigned to the VLAN on the switch. This may be blank if the VLAN does not have an IP address assigned (as is the case with the Default VLAN).
The name of the switch.
The QoS profile assigned to this VLAN on this switch.
The priority associated with the QoS profile.
The minimum bandwidth for this QoS profile.
The maximum bandwidth for this QoS profile.
When the root node is selected in the component tree (Voice over IP VLANs) the display shows all
VoIP VLANs and their included devices. If you select an individual VLAN in the Component Tree, the display shows only the devices that include the selected VLAN.
The Select button at the top of this window lets you select VLANs for Voice over IP.
EPICenter Reference Guide
Selecting VLANs for VoIP
The QoS Settings tab lets you view VoIP VLAN QoS settings, change the configuration, and automatically calculate the minimum bandwidth required.
Selecting VLANs for VoIP
The VoIP Manager module assumes that you have already created the VLAN(s) for your VoIP phone ports. A VoIP VLAN should include both the edge switches that contain the actual IP phone ports, and any core switches that lie between the edge and the Call Manager or PBX. You can use the EPICenter
VLAN Manager module to create a VLAN for your voice over IP network, if you have not already done so. A VLAN that will be used with VoIP traffic should use protocol IP or Any, and may be tagged or untagged.
If you add a new device to an existing VoIP VLAN (for example, to expand the number of IP phones) the new device will not be configured automatically as a VoIP VLAN. You will need to select the VLAN on the new device, and then configure the VoIP settings on that device.
1 To select the VLANs to configure for Voice over IP, click the Voice over IP button in the EPICenter
Navigation Toolbar. The main Voice over IP window appears, as shown in Figure 280 .
Figure 280: Voice over IP applet, main page
When you run the VoIP applet for the first time, and have not yet selected any VLANs for VoIP, the table shown on this page will be empty.
2 Click the Select button at the top of the VoIP window. This displays the Select Voice over IP
VLANs window, as shown in Figure 281 .
EPICenter Reference Guide 553
Voice over IP Manager
Figure 281: Select Voice over IP window
554
In this window you can select individual VLANs, and enable or disable VoIP for that VLAN.
The Select Voice over IP VLANs table shows information about each switch in the selected VLAN:
Enabled
IP Address
Switch
QoS Profile
Priority
Min Bw
Max Bw
A green check indicates that this switch is selected as part of the VoIP VLAN. A red X indicates that this device has not been selected (or has been deselected). As a rule, all devices in the VLAN will be enabled or disabled for VoIP, and switches cannot be enabled or disabled individual. However, if a device is added to the VLAN after the
VLAN has been enabled, that switch will not be enabled until you re-enable the entire
VLAN.
The IP address assigned to the VLAN on the switch. This may be blank if the VLAN does not have an IP address assigned (as is the case with the Default VLAN).
The name of the switch.
The QoS profile assigned to this VLAN on this switch.
The priority associated with the QoS profile.
The minimum bandwidth for this QoS profile.
The maximum bandwidth for this QoS profile.
The VoIP Manager applet assumes that you have already set up the VLANs you will be using for your VoIP traffic.
3 To display a VLAN, pull down the list of VLANs from the All VLANs field at the top of the window, and select a VLAN, as shown in Figure 282 .
EPICenter Reference Guide
Figure 282: Select Voice over IP window with Disabled VLAN
Selecting VLANs for VoIP
NOTE
Although the device-created VLANs (Default, Mgmt and MacVlanDiscover) can be selected as VoIP VLANs, it is not recommended that you use these for voice traffic. Configuring the QoS profiles could conflict with other uses of those VLANs.
4 To enable VoIP on a VLAN, click the Enable VoIP button. This will select this VLAN as a VoIPenabled VLAN, and will save this setting in the EPICenter database.
To disable VoIP on a VLAN, click the Disable VoIP button. This will remove this VLAN as a VoIPenabled VLAN, and will save this setting in the EPICenter database.
NOTE
Any devices added to the VLAN after the VLAN has been configured for VoIP are not automatically configured for
VoIP. You must return to the VoIP applet and configure the new device.
5 Click Close to close the window.
NOTE
When you disable a VLAN, the VoIP settings for the devices in the VLAN remain in the EPICenter database.
Therefore, if you re-enable the VLAN at a later time, the same settings (such as egress ports and QoS profile settings) will still apply. The VoIP VLAN settings for a device will be deleted from the database only when the device is removed from the EPICenter inventory, or if the VLAN itself is deleted.
Only VoIP-enabled VLANs appear in the list of VoIP VLANs in the main VoIP window.
EPICenter Reference Guide 555
Voice over IP Manager
QoS Settings for a VoIP VLAN
For each Voice over IP VLAN, you can specify the compressions algorithm and QoS profile settings that should be used for the VLAN. In addition, you can indicate which of the ports within the VLAN are the egress ports for the VoIP traffic.
To manipulate the settings for a VoIP VLAN, do the following:
1 Select the QoS Settings tab in the main VoIP window.
2 Select one of the VoIP VLANs from the Component Tree at the left hand side of the window.
The QoS Settings for the selected VLAN are displayed, as shown in Figure 283 .
Figure 283: QoS Settings page for a VoIP VLAN
556
The top portion of the QoS Settings page shows the current QoS settings for each switch in the VLAN.
If you configure new settings using the Configure VoIP QoS Parameters dialog, the settings shown in this part of the display may change to reflect the new settings.
The bottom portion of the QoS Settings page shows the default configuration attributes (compression algorithm, priority and QoS profile) for the selected VLAN. It also displays all the ports that are members of the VLAN, including the ports you have selected as egress ports. You can use these lists to indicate which ports in the VLAN are the egress ports.
EPICenter Reference Guide
QoS Settings for a VoIP VLAN
Default Configuration Attributes
The default configuration settings are used in the calculation of the minimum bandwidth for the VLAN, and can also be used to configure all switches in the VLAN automatically. As an alternative, you can you specify settings for individual switches in the VLAN and configure the devices individually. The default configuration settings are saved in the EPICenter database; individual switch settings are not.
The Default Configuration Attributes display shows the following information:
● Max # of Phones : This shows the number of ports that are available for use as IP phone ports. This number is calculated as the total number of ports in the VLAN minus the number used as egress ports.
● Compression Algorithm : This specifies the speech encoding/decoding algorithm that is being used by the IP phone sets you have connected to this VLAN. You can select from the following algorithms:
G.729
G.711
G.723.1
Other
Encodes speech at 8 Kbps.
Encodes speech at 64 Kbps (uncompressed). This is the default.
Encodes speech at 6.4 Kbps.
If you select this, you must set a compression rate in the Configure VoIP Parameters dialog.
Select the setting that matches the configuration of your IP phones. The setting you select does not actually affect the compression algorithm used, since this is done in the IP phone itself, but is used to compute the minimum bandwidth for the QoS profile settings for this VLAN.
You can modify this setting for individual switches using the manual QoS configuration process.
You may need to do this if you have several types of IP phones that use different compression algorithms. If the setting you select does not match the algorithm actually used to encode speech by your phone, the computed QoS bandwidth settings may not be accurate.
NOTE
VoIP configuration attributes are set on a switch-by-switch basis, meaning that all IP phones connected to an individual switch are assumed to use the same compression algorithm. Settings cannot currently be configured for individual ports.
●
●
Priority : This specifies the priority of the VoIP traffic on this VLAN. You can select any of the eight priority settings (from low to highHi). The default is highHi. Typically the priority for VoIP traffic should be high relative to other traffic. Again, you can also set this parameter individually for switches in the VLAN using the manual QoS configuration process.
If you specify an unsupported priority for a non-i-series device, the EPICenter VoIP server will automatically map the unsupported priority to a supported priority when it does the QoS configuration on the device. This process maps priority lowHi to low, normalHi to normal, mediumHi to medium, and highHi to high.
Profile : This specifies the QoS profile that will be used by default for this VLAN on each switch in the VLAN. The default is QP8. Note that non-i-series switches (Summit switches running
ExtremeWare 4.x) only support four QoS profiles (QP1 through QP4) so for a non-i-series switch, you must change the profile using the manual configuration process.
NOTE
Each of these setting (except for maximum number of phones) can be modified for individual switches in this
VLAN on a switch-by-switch basis. You can do this using the manual QoS configuration process.
EPICenter Reference Guide 557
558
Voice over IP Manager
● Egress Port Selection : The QoS Settings page also displays every port in the VLAN in one of the two lists in the Egress Port Selection portion of the window. You use these lists to designate the ports that should be used as the egress port on each device in the VLAN. Egress ports are used to route
VoIP traffic from the IP phone ports (ingress ports) to the Call Manager or PBX, either directly or via trunk ports between other switches in the VLAN. You should designate at least one port on each switch in the VLAN as an egress port in order for VoIP to function over the VLAN. You can designate as many egress ports as you need.
To designate egress ports, use one of the following options:
Add
Remove
Remove All
Select one or more ports in the Ports in VLAN list, and click the Add button to move them to the Selected Egress Ports in VLAN list. You can select multiple ports by holding down the CTRL or Shift keys while you make your selections.
To remove ports from the Selected Egress Ports in VLAN list, select the ports and click the Remove button.
You can remove all ports from the Selected Egress Ports in VLAN list by clicking the Remove All button.
NOTE
If some of the ports in your port list are not physically present in the device (a GBIC has been removed, for example) and those ports are not set to auto-negotiate, the port speed will be shown as zero in the port list. If you select such a port as an egress port, this will result in the minimum bandwidth being calculated as zero for the VLAN. If the port speed is set to auto, the calculation will assume a port speed of 100 Mbps and will work correctly.
Minimum Bandwidth Calculations
The VoIP Manager module computes the minimum bandwidth setting for the QoS profile used for the
VoIP VLAN to ensure acceptable VoIP performance. It first computes the total bandwidth needed based on the number of VoIP phone ports in combination with the compression rate used in the IP phones for coding/decoding voice traffic. It then determines the minimum bandwidth as the percentage of the egress port bandwidth that is required to support all the IP phone ports simultaneously. The minimum bandwidth setting will never be less than 1% of the egress port’s total available bandwidth. However, there may be situations where the bandwidth calculation algorithm either overestimates or underestimates the minimum bandwidth requirements.
If the egress port speed is set to Auto, the bandwidth calculation assumes 100 Mbps as the configured port speed. If the port’s actual speed is 1000 Mbps, the calculation may overestimate the percentage of bandwidth required for VoIP traffic. If there are multiple egress ports running at different speeds, the
VoIP applet calculates the percentage based on the lowest port speed among the egress ports. For best results, it is recommended that you turn auto-negotiation off and explicitly configure the speed of your egress ports.
The VoIP Manager module calculates the minimum bandwidth requirements separately for each switch in the VLAN. The bandwidth calculation algorithm assumes there is a one-to-one correspondence between the number of IP phones and the number ingress ports included in the VoIP VLAN, and that all ingress ports in the VLAN (those not designated as egress ports) are IP phone ports. However, if the
VoIP VLAN topology includes upstream switches, the ingress port may actually be a trunk port carrying aggregated VoIP traffic. In this case, the bandwidth calculation algorithm may underestimate the minimum bandwidth needed for the ingress port on the upstream switch.
EPICenter Reference Guide
QoS Settings for a VoIP VLAN
For example, Figure 284 shows a topological representation of devices in a VoIP network. In this illustration, IP phones are connected to 10/100Mbps ports on switch A. The VoIP VLAN also includes a gigabit port (port 50) designated as the egress port on switch A, and two gigabit ports on upstream switch B, with port 30 designated as an egress port. This port could be connected to a Call Manager, a
PBX, or another internetworking device. Port 29 on the upstream switch is the ingress port for the VoIP
VLAN on that switch.
Figure 284: VoIP topology example
Egress port 30
Switch B
(upstream switch)
Egress port 50
29 30
Ingress port 29
31 32
49 49R
50
Switch A
50R
IP phone ports
XM_031
The VoIP Manager module calculates the minimum bandwidth for each switch based on the number of
IP phone ports in the VLAN on that switch, the compression rate, and the speed of the egress port. For switch A, the number of ingress ports does correspond to the number of IP phone connections.
However, for the upstream switch (B), the VoIP Manager module assumes that the one ingress port
(port 29) is a single IP phone port when it is actually a trunk port.
If the egress port (port 30) on the upstream switch B is configured as 1000 Mbps port (as is the case in the example) the minimum bandwidth setting will probably be acceptable in most cases, because the
VoIP Manager module will never assign less than 1% of the bandwidth (10 Mbps for a 1000 Mbps port) as the minimum. However, if switch A were a chassis switch that has several hundred phones connected, the bandwidth calculation could determine that the minimum bandwidth setting for the egress port should be 2-3%. But, based on the assumption that there is only one ingress IP phone port
(port 29) on switch B, the bandwidth calculation would determine that a 1% minimum is sufficient for the egress port 30.
The information in Table 66 is provided to help you ensure that the minimum bandwidth setting in the
QoS profile for your VoIP VLAN is sufficient on any upstream switches.
EPICenter Reference Guide 559
560
Voice over IP Manager
Table 66: Minimum Bandwidth Requirements and Calculations for VoIP VLAN
Compression algorithm
G.711, rate=64 Kbps
G.711, rate=64Kbps
G.711, rate=64Kbps
G.711, rate=64Kbps
G.729, rate=8.0Kbps
G.729, rate=8.0Kbps
G.729, rate=8.0Kbps
G.729, rate=8.0Kbps
G.723.1, rate=6.4Kbps
G.723.1, rate=6.4Kbps
G.723.1, rate=6.4Kbps
G.723.1, rate=6.4Kbps
Number of phones
(one per port)
0~100
100~200
200~300
300~400
0~100
100~200
200~300
300~400
0~100
100~200
200~300
300~400
Total calculated bandwidth
0~7 Mbps
7~13 Mbps
13~20 Mbps
20~26 Mbps
0~1 Mbps
1~2 Mbps
2~3 Mbps
3~4 Mbps
0~1 Mbps
1~2 Mbps
2 Mbps
2~3 Mbps
Min bandwidth needed for egress ports
10 Mbps (Min=1%)
20 Mbps(Min=2%)
20 Mbps(Min=2%)
30 Mbps(Min=3%)
10 Mbps(Min=1%)
10 Mbps(Min=1%)
10 Mbps(Min=1%)
10 Mbps(Min=1%)
10 Mbps(Min=1%)
10 Mbps(Min=1%)
10 Mbps(Min=1%)
10 Mbps(Min=1%)
1250
1250
1250
1562
1562
1562
1562
Max number of phones supported
156
312
312
468
1250
●
●
●
●
The first two columns of Table 66 show various combinations of the compression algorithms and number of IP phone ports.
The third column shows the total bandwidth requirement calculated based on the compression rate and number of ports as shown in the first two columns.
The fourth column (Min bandwidth needed for egress ports) shows the corresponding minimum bandwidth that should be configured for a gigabit egress port such as the egress port on the upstream switch.
The last column shows the actual maximum number of simultaneous calls that can be supported by the minimum bandwidth.
Find the minimum bandwidth setting in the table that corresponds to your VoIP setup (number of phones and compressions algorithm. Then, make sure the minimum bandwidth setting for the VLAN on your upstream switch(es) meets this requirement. You can change the bandwidth settings for an
for more information.
Note that the bandwidth calculation algorithm always assumes there is a one-to-one correspondence between the number of IP phones and the number of ingress ports included in the VoIP VLAN.
Another situation that may result in an incorrect bandwidth calculation is where multiple IP phone are connected via a hub to a single ingress port on a switch. In this configuration the VoIP Manager will underestimate the number of IP phone connections, and will therefore underestimate the required minimum bandwidth. In this case, you can also use the information in Table 66 to help you determine the correct minimum bandwidth in the QoS profile for the VoIP VLAN on the switch.
Configuring QoS Settings
Changing the default configuration attributes does not actually configure any settings on the switches.
The information is provided to simplify the configuration task for the user and to recommend
EPICenter Reference Guide
Configuring QoS Settings minimum bandwidth settings for the QoS profiles on the component switches. You can configure the recommended QoS settings on your switches in one of two ways:
Auto Configure QoS button Calculates the recommended settings based on your default selections, and configures them on all switches in the selected VLAN.
Manually Configure QoS button
Displays a dialog where you can modify the settings for individual switches, and then configure only selected devices.
To configure the default QoS settings on all switches in the VLAN, do the following:
1 On the QoS Settings page, select the default settings for the VLAN.
2 Click the Auto Configure QoS button at the bottom of the page.
The VoIP applet calculates the recommended bandwidth settings, and sends the configuration to each switch in the VLAN.
To configure one or more individual switches with a particular setting that differs from the default settings, do the following:
1 From the QoS Setting page, click the Manually Configure QoS... button at the bottom of the page.
This displays the Configure VoIP QoS Parameters dialog, as shown in Figure 285 .
Figure 285: Configure VoIP QoS Configuration Parameters dialog
Initially, the left hand side of this dialog displays a list of the switches in the selected VLAN, and the default configuration attributes you specified on the QoS Settings page. You can configure the switches with the default settings, or modify the settings for one or more individual switches. For example, if your organization uses several types of VoIP phones with different compression algorithms, you may need to set different algorithms and QoS profile settings for the switches to which these phones are connected.
NOTE
VoIP Configuration attributes can only be set on a switch-by-switch basis, meaning that all IP phones connected to an individual switch are assumed to use the same compression algorithm. Settings cannot currently be configured for individual ports.
When you move a switch to the Calculated Settings list, the VoIP applet calculates the minimum bandwidth required to support the VoIP traffic. It makes the calculation based on the compression algorithm and compression rate, the number of ingress ports in the VLAN, and the speed of the
EPICenter Reference Guide 561
562
Voice over IP Manager ports. Depending on your VoIP network topology and device configuration, there may be situations where the minimum bandwidth is either overestimated or underestimated. See
Bandwidth Calculations” on page 558
for more details. If this occurs, you can edit the bandwidth parameters as part of this configuration process.
The VoIP applet also sets the QoS profile and priority in the Calculated Settings list based on the settings you select in the fields in the Select Switches area of the window.
To configure one or more switches with settings that differs from the default settings, do the following:
2 Make your changes to the QoS settings: a Select the QoS profile that should be used (QP1 through QP8). b Select the priority (low to highHi).
c Select the compression algorithm.
d Type in a compression rate to be used as a parameter in the calculation of minimum bandwidth.
The default is the rate normally used by the compression algorithm. If you have selected “Other” as the compression algorithm, the default is set to zero. This value is used only in the calculation of minimum bandwidth, and does not affect the actual compression rate used by the phone. As a rule, you should set the compression rate to be the same as the rate actually used by the compression algorithm for the phone.
3 Select one or more switches that should be configured using these QoS settings, and use one of the following options to move the switches to the Calculated Settings list:
Add
Add All
Click the Add button to move the selected switches to the Calculated
Settings list.
Click the Add All button to move the entire list of switches to the Calculated
Settings list.
4 You can edit the minimum and maximum bandwidth setting values once an entry has been placed in the Calculated Settings list. Select the cell containing the bandwidth percentage you want to change, type in a new percentage, and click outside the cell for the change to be recognized.
There are a number of reasons why you might want to change the minimum or maximum bandwidth settings:
■ To reduce the minimum bandwidth percentage when the IP phone ports are set to Auto but actually run at 1000 Mbps
■ To increase the minimum bandwidth percentage when a ingress port is actually a trunk port carrying aggregated VoIP traffic from an edge switch
To limit the maximum bandwidth (the default maximum is 100%) ■
See
“Minimum Bandwidth Calculations” on page 558
for more details on the bandwidth calculation issues.
5 You can repeat steps one and two for other switches in the Select Device(s) list.
6 To change the profile, priority, algorithm or compression rate for an entry in the Calculated Settings list, you must remove the switch from the list, change the settings, and add it again. To remove the switches from the list, choose one of the following options:
Remove
Remove All
Remove switches from the Calculated Settings list by selecting the switches and clicking the Remove button.
You can remove all switches from the Calculated Settings list by clicking the
Remove All button.
7 Click the Apply button to initiate configuration of the QoS parameters on the switches.
EPICenter Reference Guide
VoIP Reports
VoIP Reports
A Voice VLAN Summary report and a Voice over IP Details report are available from the EPICenter
Reports Main page. The summary report provides a list of the VLANs that have been selected as Voice over IP VLANs, along with the switches that are included in those VLANs. The Voice over IP Details report displays information about each device in the VLAN.
You can access the EPICenter software Dynamic Reporting capability in one of two ways:
● By clicking the Reports icon in the EPICenter software Navigation Toolbar
● By logging in directly from the EPICenter Start-up page
See
“Voice over IP Manager” for a description of these reports.
EPICenter Reference Guide 563
Voice over IP Manager
564 EPICenter Reference Guide
Index
Numerics
A
access list policies
Add All button
in Add Relationship to Group, 235
Add Attribute to Resource button, 229
Add button
in Add Attribute to Resource, 237
in Add Relationship to Group, 234
in Grouping Manager search, 240
in Inventory Manager, 46, 68, 224
in IP/MAC Address Finder, 255, 256
in Threshold Configuration, 130
Add Links to VLAN function, 318
Add/Modify Condition button, 111
adding
EPICenter Reference Guide
relationships to resource, 233
address range
admin
predefined administrator user, 350
Administrator
deleting a user account, 354, 359
distributed server configuration, 370
server properties configuration, 362
Administrator access
alarm actions
short email, 122 sound alert, 122
alarm events
Extreme proprietary traps, 102
Alarm Log Detail View, 106, 107
alarm status
threshold for topology view, 292
alarms
565
566
CPU utilization rule display, 129
CPU utilization threshold configuration, 129
creating a display filter, 106, 109
delete saved display filters, 107
falling threshold configuration, 129, 133
falling threshold for CPU utilization rules, 135
falling threshold, predefined RMON rules, 137
predefined RMON event configuration, 136
rising threshold configuration, 129, 130, 133
rising threshold for CPU utilization rules, 135
rising threshold, predefined RMON rules, 136
RMON threshold configuration, 129
short email alarm action, 122 sound alert action, 122
startup condition for CPU utilization, 135
startup condition for RMON alarms, 134
startup condition for threshold alarms, 129
Temperature threshold rule, 136
threshold rule target configuration, 137
Archive button (Configuration Manager), 152
Archive/Baseline differences report, 156
archiving configuration settings, 152
attributes of resources, 223, 227
DLCS ID type, 236, 238 generic type, 229, 236, 238
Auto button, 482, 505 auto configuration, 505
Automatic Rogue AP Detection Status page, 430
B
background image for Topology, 313
baseline configuration
scheduled upload, 162 uploading, 162
BootROM images
Add (Grouping Manager search), 240
Add (Grouping Manager), 231, 233
Add (Inventory Manager), 46, 68, 224
Add (IP/MAC Address Finder), 255, 256
Add (Relationship to Group), 234
Add (Threshold Configuration), 130
Add All (Relationship to Group), 235
Add Attribute to Resource, 229
Add to Safe List (Reports), 429
Archive (Configuration Manager), 152
Clone (IP/MAC Address Finder), 253, 259
EPICenter Reference Guide
Config (Configuration Manager), 141
Default (Inventory Manager), 46
Delete (Alarm Definition), 116
Delete (Inventory Manager), 46, 80, 224
Delete (IP/MAC Address Finder), 253, 259
Delete (RMON Configuration), 131
Delete alarms with specified conditions, 106,
Discover (Device Discovery dialog), 63
Discover (Inventory Manager), 46, 223
Download (Configuration Manager), 157
Export (IP/MAC Address Finder), 253, 259
Export Local (IP/MAC Address Finder), 259
Export Local (IP/MAC Finder), 253
Find (Grouping Manager), 232, 238
Find (IP/MAC Address Finder), 254
Firmware (Firmware Manager), 173, 176
Increment (Configuration Manager), 159
Modify (Alarm Definition), 115
Modify (Inventory Manager), 46, 73, 224
Modify (RMON Configuration), 131
Remove (Grouping Manager), 233, 235
Remove (IP/MAC Address Finder), 255, 256
Remove (Relationship from Group), 235
Remove All (Add Resources), 232
Remove All (IP/MAC Address Finder), 256
Remove All (Relationships from Group), 235
Remove Attribute from Resource button, 229
ReRun (IP/MAC Address Finder), 253, 259
Reset (Grouping Manager search), 240
Settings... (Alarm Definition), 124, 125
Submit (IP/MAC Address Finder), 256
Sync (Inventory Manager), 46, 80
Sync (RMON Configuration), 131, 138
TFTP (Configuration Manager), 170
Upgrade (Firmware Manager), 183
Upload (Configuration Manager), 149
Variables... (Alarm Definition), 123
Versions (Firmware Manager), 194
WildCard (IP/MAC Address Finder), 255
C
changing password
changing policy precedence, 502
EPICenter Reference Guide 567
568
Clone button (IP/MAC Address Finder), 259
columns
Compare policy and configured rules, 513, 517,
displaying subcomponents, 34 icons, 34
composite link (topology), 288, 291
Compress Map menu selection, 308
Compression Algorithm
Config button, 30, 141, 482, 506
configuration file
configuration files
archive/baseline differences report, 156
archiving configuration files, 152
comparing configuration files, 167
download incremental configuration, 159
download saved configuration, 157 email notification, 157
restoring a baseline configuration, 164
scheduled baseline upload, 162
scheduling global archive uploads, 153
software version specification, 194
Upload button, 149 uploading device configuration, 149
viewing configuration files, 166
configured rules display
configuring policy precedence, 502
Connect Edge Port to VLAN (Topology), 320
conventions
notice icons, About This Guide, 16 text, About This Guide, 16
CPU Utilization
event configuration rules, 129
falling threshold configuration, 135
Rising Threshold configuration, 130
rising threshold configuration, 135
rule target configuration, 137
creating
alarm threshold event rules, 130
incremental configuration file, 161
search task (IP/MAC Address Finder), 254
Cut nodes from map button, 302 cutting map nodes, 302
D
database validation utility, 537
Default button (Inventory Manager), 46
EPICenter Reference Guide
Deflate Nodes menu selection, 309
Delete alarms with specified conditions button,
in Inventory Manager, 46, 80, 224
in IP/MAC Address Finder, 253, 259
Delete Map Nodes (Topology), 303
Delete User Created Map Links (Topology), 303
deleting
Detailed ESRP Information view, 346
Detailed Task View (IP/MAC Address Finder), 257
device
download incremental configuration, 159
download saved configuration, 157
uploading configuration from, 149
Device Discovery set up window, 62
Device Inventory report, 375, 384, 385
Device Menu
Device profile settings display, 523
device status
Device Status report, 375, 393
drop-down menu fields, 38 list box fields, 38
selecting multiple items in a list, 38 text fields, 38
disable rouge AP detection, 429, 431
disabling port for a rogue AP, 429
Discover button
Discover button (Device Discovery dialog), 63
display mode, real-time statistics, 269
distributed server administration, 370
configuring server group manager, 372
configuring server group member, 371
Distributed Server summary report, 27, 383
download
ExtremeWare software image, device, 183
incremental configuration, 159
saved device configuration, 157
Download button (Configuration Manager), 157
E
EAPS map
EAPS Monitor
ExtremeWare version support, 449
ExtremeXOS version support, 449
Edge Port FDB display, Inventory Manager, 57
Edge Port FDB status
Edit Policy Endpoints window, 490
election algorithm (ESRP), 345
alarm action, 122 alarm action (short e-mail), 122
email notification (Config Mgr), 157
enable rogue AP detection, 429, 431
endpoints
EPICenter Reference Guide 569
570
for source port policy, 490 for VLAN policy, 490
EPAS configuration
EPICenter
EPICenter Telnet
ESRP
detailed information view, 346
eSupport Export report, 374, 379
CPU utilization rule display, 129
Extreme switch
ExtremeWare images
ExtremeWare requirements
for IP/MAC Address Finder, 252
ExtremeWare software image
specifying current version, 174, 175, 194
ExtremeWare Vista
F falling threshold
for predefined RMON events, 137
FDB polling
file import
filtering
filtering alarms, 104, 106, 109
Find Address Tasks List window, 252
Find button
buttons
software version specification, 174, 175
Fit Map in Window (Topology), 307
Focus Mode
Focus mode, 461 activating, 461
Forward trap alarm action, 122
G
global archive uploads, scheduling, 153
Grouping Manager, 221 predefined groups, 221
groups
definition of, 221 predefined, 221
H
EPICenter Reference Guide
I image files
BootROM files location, 175 file locations, 175
image upgrade
ExtremeWare software image, device, 182
from file, 243 from LDAP directory, 243, 244
from NIS, 243, 248 from NT Domain controller, 243, 248
Increment button (Configuration Manager), 159
incremental configuration file, 161
Inventory Manager
IP address
finding with IP/MAC Address Finder, 251
IP forwarding
IP/MAC Address Finder
EPICenter Reference Guide
L
L4 port range field, 493 specifying for client, 493 specifying for user, 493
Layout Map In Window (Topology), 306
Layout Map menu selection, 305
LDAP directory, importing from, 243, 244
marking for adding to VLAN, 318
link text color (topology map), 313
M
macros (Telnet)
Map (Topology)
adding custom backgrounds, 315
deleting a submap, 301 deleting a view, 301
enabling RMON stat display, 314
Fit Map in Window function, 307
Layout Map In Window function, 306
selecting a background image, 313, 314
setting the background color, 314 setting the node background color, 314
Map Alarm Status (Topology), 284
map background images
571
572
map element description panel, 285, 290
map nodes
Max Bandwidth
MIB Poller Summary report, 376
MIB variables
in RMON rules, 133 in RMON threshold configuration, 133
Min Bandwidth
Minimum Bandwidth Calculations, 558
Modify button
in Inventory Manager, 46, 73, 224
modifying
N
navigating EPICenter applications, 29
Network Login/802.x1 display, 523
network resource specification, 486
Network Resources list, 485 policy definition page, 485
Network Status Summary report, 25, 382
New User Created Map Link, 298
node background color gradient, 314 node font size (topology map), 314
node labels
changing color, 313 node text color, 313
NT Domain Controller, importing from, 243, 248
O
P
passwords
Paste Map Nodes (Topology), 302
Paste nodes into map button, 302
EPICenter Reference Guide
policy access domain
Policy Access Domain Resource list, 494
policy configuration
comparing policies with configured rules, 513,
directed configuration, 506 status, 506
policy definition page, 484, 488
network resource, 486 policy scope, 486
policy type buttons, 485 traffic definition, 485
policy precedence
changing, 502 configuring, 502
policy rule comparison display
policy rules display
Policy Scope Resource list, 494
policy traffic definition, 485
Port exception QoS Profiles display, 523
Ports
ports
enabling/disabling FDB polling, 60
port types in VLAN Manager, 330
removing from VLAN, 331, 332, 337, 339
Properties
Q
QoS profile
default QoS profiles, 504 devices for configuration, 504
QoS Settings
QoS Settings for VLAN
R
EPICenter Reference Guide 573
574
server port configuration, 360, 361
RADIUS Administration tab, 359
individual errors graph, 261 total errors graph, 261
related publications, About This Guide, 16
relationships of resources, 223, 227
Remote Authentication Dial In User Service. See
in Add Relationship to Group, 235
Remove Attribute from Resource button, 229
Remove button
in Add Attribute to Resource, 238
in Add Relationship to Group, 235
in IP/MAC Address Finder, 255, 256
remove children from a group, 233
remove resource from results list, 232
Remove Condition(s) button, 111
removing a child resource, 232
Rename View menu selection view (topology)
Reports
Network Summary Report, 375 reports, 375, 381
Device Inventory report, 375, 384
Device Status report, 375, 393
Distributed Server summary, 27, 383
Network Status Summary report, 382
Resource to Attribute Mapping report, 442
Rogue AP Detail report, 376, 427
Slot Inventory report, 375, 395
User to Host Mapping report, 443
Wireless Interface report, 376
in Grouping Manager search, 240
resizing
resource
EPICenter Reference Guide
filtering, 227 relationships, 223, 227
Select Resource to be Added panel, 231
Resource to Attribute Mapping report, 442
Resource to Attribute report, 377
resources
creating in Grouping Manager, 228
DLCS ID attribute type, 236, 238
generic attribute type, 229, 236, 238
IP/subnet attribute type, 229, 236, 238
Netlogin ID attribute type, 229
rising threshold
for predefined RMON events, 136
RMON
event configuration rules, 129
Falling Threshold configuration, 129, 133
falling threshold, predefined events, 137
Port Utilization predefined rule, 136 predefined rule definition, 136
Rising Threshold configuration, 129, 133
rising threshold for predefined events, 136
rule target configuration, 137
Sample Type (predefined rule), 137
Startup Alarm for predefined rule, 137
synchronize with device rules, 139
Temperature predefined rule, 136
Topology change predefined rule, 136
EPICenter Reference Guide
RMON statistics enable on topology map topology
enabling RMON statistics
RMON Statistics (Topology), 315
rogue AP
adding to Safe APs list, 429 alarms report, 429
Rogue AP Alarms report, 376, 429
Rogue AP Detail report, 376, 427
Rogue AP Detectioon report, 426
roles
rouge AP
enable or disable detection, 429, 431
rule
CPU utilization event configuration, 134
display, CPU utilization, 129 display, RMON, 129
predefined RMON event configuration, 136
RMON threshold configuration, 133
threshold target configuration, 137
S
Safe AP MAC List
delete all APs, 426 importing from a file, 426
Safe AP MAC List report, 376, 425
Safe APs list
Sample Type
Absolute (for CPU Utilization, 135
Absolute (predefined RMON), 137
Delta (for CPU Utilization), 135
Save button, 232, 235, 238, 482, 501
scheduled baseline upload, 162
scheduled configuration upload, 152
search results
575
576
Search Target, IP/MAC Address Finder, 255
search task (IP/MAC Address Finder), 254
Search Type, IP/MAC Address Finder, 255
Select All Map Nodes (Topology), 301
Select Resources to be Added panel, 231, 234
Automatically Save Configuration, 364
Default Map RMON Statistics, 367
DNS Lookup Timeout Period, 369
EPICenter Trap Receiver Port, 366
External Connections Properties, 368
Load Information from http
//www.extremenetworks.com, 368
Poll Devices Using Telnet, 364
Save Changed Configurations, 364
Save Switch Password for Vista Login, 364
SysLog Message Min Severity, 364
Syslog Message per Device, 366
Syslog Message per Minute, 366
Telnet Login Timeout Period, 363
Thread Default Alloc Size, 366
Update Type Library on Server, 369
Upload/Download Timeout Period, 363
Use EPICenter Login for Telnet, 364
Server State Summary report, 377
setting
graph preferences (RT Stats), 270
Settings... button (Alarms), 124, 125
Slot Inventory report, 375, 395
SNMP
traps per device rate limit, 366
software image
checking for version availability, 182
software images
sorting
Specify client L4 port checkbox, 493
Specify user L4 port checkbox, 493
SSH2 (Inventory Manager), 74, 82
Stacking device
Stacking device support
Startup Alarm
statistics
graph preferences (RT Stats), 270
individual port real-time, 268
Status/Detail Information panel, 35
EPICenter Reference Guide
STP
1D mode, 543 default domain, 543
STP Monitor
displaying device configuration information,
displaying port configuration information, 548
displaying STP domain information, 544
displaying VLAN configuration information,
STPD See Spanning Tree domains
in RMON configuration, 131, 138
Syslog
enabling EPICenter Syslog server, 364
restarting the server, 364 setting minimum severity for message acceptance, 364
total messages rate limit, 366
T
Task Name, IP/MAC Address Finder, 255
Tasks List Summary window, 252
Telnet applet
terminology, About This Guide, 15
TFTP button (Configuration Manager), 170
TFTP server
setting root directory path, 171, 195
third-party device support, 23
Threshold Configuration page, 128
Threshold Configuration tab, 128
topology
displaying VLAN information, 316
Fit Map in Window function, 307
Layout Map In Window function, 306
Map Alarm Status, 284 map definition, 284
map element description panel, 285, 290 map elements, 285
marking links to add to VLAN, 318
setting map properties, 312, 314
topology menus
EPICenter Reference Guide 577
578
TrackedActivePorts (ESRP), 347
traffic patterns, access lists, 511
traps
total traps rate limit, 366 traps per device rate limit, 366
U
Unconnected Clients report, 376
Undo Map Edit menu selection, 309
Unzoom Map menu selection, 310
updating switch information, 80
upgrade
Upgrade button (Firmware Manager), 183
upload
Upload button (Configuration Manager), 149
user
ExtremeWare access, 350 predefined user, 350
User to Host Mapping report, 443
user-created map links
users, adding, 353 users, modifying, 353
utilities
V
Variables... button (Alarms), 123
Versions button (Firmware Manager), 194
View configured rules menu item, 513, 517, 521
View policy rules menu item, 513, 517, 521
viewing
port exception QoS profiles, 523
viewport
changing the size of, 460 moving, 460
VLAN
Modify VLAN Membership command, 325,
802.1Q tag, 323, 331, 332 adding, 331
adding links to VLAN from topology map, 318
EPICenter Reference Guide
adding tagged ports, 331, 332, 336
adding untagged ports, 331, 332, 336
connecting edge ports from topology map, 320
deleting protocol filters, 340
displaying in Topology applet, 316
enabling IP forwarding, 337 finding connections, 337
modifying VLAN membership, 338
removing deleted VLANs from tree, 334
Voice VLAN Summary report, 375
VoIP
Voice VLAN Summary report, 563
VoIP Settings
Maximum Bandwidth (Max BW), 552
Minimum Bandwidth (Min BW), 552
W
wildcards
Wireless Interface report, 376
Wireless Port Detail report, 376
Z
Zoom Map In menu selection, 309
Zoom Map Out menu selection, 310
EPICenter Reference Guide 579
580 EPICenter Reference Guide
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement