manualshive.com logo in svg

Extreme Networks EPICenter 4.1, Software Installation Manual

Share
Download
Extreme Networks EPICenter 4.1 Software Installation Manual Download Page 413

 

Policies View

EPICenter Software Installation and User Guide

413

Figure 201: Policy definition page for an Access-based Security policy

The policy name and optional description are displayed at the top of the page. 

The Policy Traffic section, shows the elements that define the traffic flow:

The Policy Type radio buttons determine the type of rules that will be generated from the policy 
description, and thus affect how the policy endpoints are specified. 

The rest of this area shows the network resources that define the traffic flow for the policy. 

In the Access-based Security policy example shown in Figure 201, the policy traffic specification 
includes two lists of resources that define the “network resources” or left-side endpoints for the 
policy, and the “users” or right-side endpoints. These resources are defined in the EPICenter 
Inventory or Grouping applets, and may include hosts, custom applications, users, devices, and 
ports, or groups of any of those resources. 

For example, the resource shown in the Network Resources list in Figure 201 is a single host. The 
resource in the Users list is a User group. If you have Administrator or Manager access, you can 
use the Edit button to access the resources list and view the definition of the resource groups. You 
can also view their definitions through the Grouping applet. For the Network Resources side, the 
resources are mapped to specific IP addresses and ports, but for the Users side, the IP addresses 
are determined dynamically at network login.

If you are entering a new IP policy, the left-side endpoints will be “servers” and the right-side 
endpoints will be “clients.” For the purpose of generating access list rules, those resources are 
mapped to specific IP addresses and ports for use as source and destination endpoints. These lists 
may also show IP addresses that have been entered directly. 

The traffic specification for an Access-based Security policy includes a flow direction (network 
resources to user, user to network resources, or bidirectional). This is used by the EPICenter 
policy server to determine the source and destination for each traffic flow. In the example, the 
traffic is unidirectional, from user to network resource, which is the default for Security policies. 

Summary of Contents for EPICenter 4.1

Page 1: ...Networks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 http www extremenetworks com EPICenter Software Installation and User Guide Version 4 1 Published June 2003 Part number 100143 00 Rev 01 ...

Page 2: ... are trademarks of Extreme Networks Inc which may be registered or pending registration in certain jurisdictions The Extreme Turbodrive logo is a service mark of Extreme Networks which may be registered or pending registration in certain jurisdictions Specifications are subject to change without notice Solaris is a trademark of Sun Microsystems Inc This product includes software developed by the A...

Page 3: ...Grouping Manager 23 The IP MAC Address Finder 24 Interactive Telnet Applet 24 ExtremeView Configuration and Status Monitoring 24 Real Time Statistics 24 Topology Views 25 Enterprise wide VLAN Management 25 The ESRP Manager 25 The STP Monitor 26 Dynamic Reports 26 Distributed Server Mode 26 Security Management 26 EPICenter Stand alone Utilities 27 EPICenter Components 27 Extreme Networks Switch Man...

Page 4: ... 48 Windows 2000 or Windows XP 48 Solaris 48 Client Requirements 49 Browser Requirements for Reports 49 EPICenter Software Licensing 50 Obtaining an Evaluation License 50 Obtaining a Permanent License 50 Upgrading an Evaluation License 50 Adding a License for an Optional Product 51 Upgrading from a Previous Release 51 Installing on a Windows 2000 or Windows XP System 52 Adding or Updating the Lice...

Page 5: ...ter Server 71 Shutting Down the EPICenter Server Components 71 The EPICenter Client 72 Running the EPICenter Stand alone Client 72 Viewing Reports from the Stand Alone Client 74 Running the EPICenter Client in a Browser 74 The Network Status Summary Report Page 77 The Distributed Server Summary 78 The About EPICenter Page 79 Navigating the EPICenter Applications 80 The Navigation Toolbar 80 Main A...

Page 6: ... Alarm System Overview of the EPICenter Alarm System 121 The Alarm Log Browser 122 Acknowledging an Alarm 124 Deleting Alarm Log Entries 124 Deleting Groups of Log Entries 124 Viewing Alarm Details 126 Filtering the Alarm Display 126 Deleting Alarm Log Filters 128 Pausing All Alarms 129 Defining Alarms 129 Creating a New Alarm Definition 130 Modifying Alarm Definitions 138 Deleting Alarm Definitio...

Page 7: ...emental Configuration File 170 Upgrading Software Images 170 Performing a Multi Step Upgrade 171 Upgrading Images on Devices 173 Upgrading BootROM on Devices 177 Upgrading Slot Images on Modular Devices 178 Selecting Software Images 181 Specifying the Current Software Versions 182 Performing a Live Software Update 183 Obtaining New Software Images 184 Configuring the TFTP Server 186 Finding Device...

Page 8: ...ces 213 Adding a Resource as a Child of a Group 213 Removing A Child Resource from a Group 216 Adding Relationships to a Resource 216 Removing Relationships from a Resource 218 Adding and Removing Attributes 219 Searching for a Resource 221 Setting up a Resource Search 222 Searching from the Main Toolbar 224 Searching from the Add Resources or Add Relationship Window 225 Importing Resources 225 Im...

Page 9: ...Menus 256 Properties 256 Alarms 257 Browse 257 Statistics 258 Sync 258 Telnet 258 VLANs 258 Displaying Properties 259 Device Group Properties 259 Device Properties 259 Slot Properties 260 Port Properties 263 Chapter 11 Real Time Statistics Overview of Real Time Statistics 267 Displaying Multi port Statistics 269 Displaying Statistics For a Single Port 271 Changing the Display Mode 273 Setting Grap...

Page 10: ...pulate View 294 Adding Elements to the Map 297 Editing the Map 301 Setting View Properties 304 Map Viewing Functions 305 Displaying VLAN Information 313 Using the Tools Menu 315 Mark Links Mode 315 Adding Links to a VLAN 315 Connecting an Edge Port to a VLAN 317 Device Alarms 318 Device Browse 319 Device Statistics 319 Device Telnet 319 Device View 319 Device VLANs 320 Device Properties 320 Chapte...

Page 11: ...Chapter 15 The ESRP Manager Overview of the ESRP Manager 351 Viewing ESRP Detail Information 353 Chapter 16 Administering EPICenter Overview of User Administration 355 Controlling EPICenter Access 355 The EPICenter RADIUS Server 356 Setting EPICenter Server Properties 356 Starting the EPICenter Client for the First Time 357 Changing the Admin Password 358 Adding or Modifying User Accounts 358 Dele...

Page 12: ... Report 383 Interface Report 383 Resource to Attribute Mapping Report 384 Unused Ports Report 385 User to Host Mapping Report 385 Network Login Report 386 Alarm Log Report 386 Event Log Report 387 System Log Report 387 Configuration Management Log Report 388 Printing EPICenter Reports 389 Exporting Reports 389 Creating New Reports 389 Creating or Modifying a Report 391 Adding a User Defined Report...

Page 13: ...eting a Policy 429 Resetting a Policy 429 Configuring Policy Precedence 430 Viewing and Modifying QoS Profiles 431 Configuring QoS Policies 433 Auto Configuration 433 Directed Configuration 434 Chapter 20 The ACL Viewer ACL Viewer Summary Displays 438 Access List Display 439 Policy Rule Comparison 441 View Policy Rules 442 View Configured Rules 442 VLAN QoS Display 443 Policy Rule Comparison 444 V...

Page 14: ...ng Manager 466 Printing 466 Topology 466 STP Monitor 467 Reports 467 Appendix B EPICenter Utilities The DevCLI Utility 469 Using the DevCLI Commands 470 DevCLI Examples 472 Inventory Export Scripts 473 Using the Inventory Export Scripts 473 Inventory Export Examples 475 The SNMPCLI Utility 476 Using the SNMPCLI Utility 476 SNMPCLI Examples 477 Port Configuration Utility 477 The AlarmMgr Utility 47...

Page 15: ... 493 External Access Protocol Structure 493 EPICenter Server Commands 496 Tcl Client API 498 Installing and Using the Tcl Client API 499 Tcl Exported Functions 499 Appendix D EPICenter Database Views Device Report View 505 Interface Report View 507 Database Event Log View 508 Database Alarm Log View 509 Appendix E Event Types for Alarms SNMP Trap Events 511 RMON Rising Trap Events 515 RMON Falling...

Page 16: ...523 Using DLCS with the Policy Manager 523 DLCS Properties 524 Enabling DLCS on an Extreme Switch 524 DLCS Limitations 524 ISQ Improvements 525 Appendix H EPICenter Policy System Feature Comparison ExtremeWare 6 2 Features Supported 527 ExtremeWare 6 0 x and 6 1 x Features Supported 528 ExtremeWare 5 x Features 529 ExtremeWare 4 x Features 530 Cisco Internetworking Operating System IOS 11 2 Featur...

Page 17: ...epts Routing concepts The Simple Network Management Protocol SNMP NOTE If the information in the EPICenter Release Note and Quick Start Guide shipped with your software differs from the information in this guide follow the Release Note Terminology When features functionality or operation is specific to the Summit Alpine or BlackDiamond switch family the family name is used Explanations about featu...

Page 18: ...you would type a particular command The words enter and type When you see the word enter in this guide you must type something and then press the Return or Enter key Do not press the Return or Enter key when an instruction simply says type Key names Key names appear in text in one of two ways They may be referred to by their labels such as the Return key or the Escape key written with brackets suc...

Page 19: ...ge Other manuals that you will find useful are ExtremeWare Software User Guide ExtremeWare Quick Reference Guide For documentation on Extreme Networks products and for general information about Extreme Networks see the Extreme Networks home page http www extremenetworks com Customers with a support contract can access the Technical Support pages at http www extremenetworks com support database htm...

Page 20: ...20 EPICenter Software Installation and User Guide Preface ...

Page 21: ... is a powerful yet easy to use application suite that facilitates the management of a network of Summit BlackDiamond and Alpine switches as well as selected third party switches EPICenter makes it easier to perform configuration and status monitoring create virtual LANs VLANs and implement policy based networking in enterprise LANs with Extreme Networks switches EPICenter offers a comprehensive se...

Page 22: ...anted different levels of access to the application features Web based or installed clients The EPICenter software gives you a choice of installing client software or connecting to the EPICenter server through a web browser based client available on Windows client machines Manage large numbers of devices The EPICenter server can manage up to 2000 devices with a single installation of the EPICenter...

Page 23: ...tions you specify such as repeated occurrences or exceeding threshold values You can specify the actions that should be taken when an alarm occurs and you can enable and disable individual alarms Fault detection is based on SNMP traps RMON traps Syslog messages and some limited polling The Alarm System supports SNMP MIB 2 and the Extreme Networks private MIB You can also configure alarms based on ...

Page 24: ...tremeView applet any Extreme Networks switch can be monitored through a front panel image that provides a visual device representation and can be configured without leaving the EPICenter client to invoke another program or Telnet session The ExtremeView applet displays detailed information about the status of Extreme switches in a number of categories Any EPICenter user can view status information...

Page 25: ...Ns are configured on that device You can also configure a VLAN in a topology by adding ports or trunk links Finally from a managed device node on the map you can invoke other EPICenter functions such as the alarm browser telnet real time statistics a front panel view the VLAN Manager or ExtremeWare Vista for the selected device Enterprise wide VLAN Management A virtual LAN VLAN is a group of locat...

Page 26: ...r Mode To manage very large numbers of network devices or devices that are geographically distributed the management task can be divided up between multiple EPICenter servers Each server in the server group is updated at regular intervals with network summary and status information from the other servers in the group From the EPICenter home page a client attached to any one of the servers in the s...

Page 27: ...rmation for troubleshooting A set of utilities that provide a command line interface to several EPICenter software functions These include the AlarmMgr utility FindAddr utility TransferMgr utility and VlanMgr utility These utilities enable you to perform certain EPICenter functions from the command line or through a script rather than through the EPICenter graphical user interface Results from the...

Page 28: ...uration change takes place the ExtremeWare software in the switch uses the SmartTraps rules to determine if the EPICenter server should be notified These changes can be changes in device status such as fan failure or overheating or configuration changes made on the switch through the ExtremeWare CLI or ExtremeWare Vista The EPICenter server does a heartbeat check by default every five minutes of a...

Page 29: ...and are added to the EPICenter database as SNMPv1 devices In the Telnet applet you can use the Telnet feature with any device that supports a Telnet interface In the ExtremeView applet all Extreme devices and selected third party devices including certain Cisco and 3COM devices can display a device specific front panel view in the Summary view In addition vendor specific generic images are availab...

Page 30: ...m either the Policies View or ACL Viewer you can modify the QoS profiles change policy precedence and configure the currently enabled policies on one or more devices The Policy Manager is closely tied to the EPICenter Grouping applet which is used to define the network resources that can be used as traffic endpoints or to specify the policy scope in a policy definition Resources must be set up thr...

Page 31: ... those policies unless they are running ExtremeWare version 5 0 The Policy Manager will not attempt to configure policies on devices that cannot support them In the EPICenter Policy Manager each policy type acts somewhat like a template allowing you to specify only components that are valid for the policy type For example the Policy Manager expects you to enter two sets of endpoints for a Security...

Page 32: ...e resources within the group and its subgroups that can be mapped to an IP or subnet address will be used as policy endpoints on the network services side The default traffic direction for Access based Security policies is user to network resource s which creates ACL rules with the source IP address as the user s IP address and the destination IP address as the network resource IP addresse This se...

Page 33: ...riginating from L4 port 512 Ports are not specified for the users More details of the traffic flow can be seen in the following sections IP Based Policies Access List Policies An IP based policy identifies IP traffic flowing between specific source and destination endpoints and then assigns that traffic to a QoS profile For IP QoS the traffic of interest is identified using any combination of IP s...

Page 34: ...ll the devices between the two endpoints This is done by including these devices in the policy scope On each device along the route the traffic is identified based on the endpoint definitions the IP address protocols and L4 ports and is assigned to the specified QoS profile on that device The diagrams shown in Figure 4 illustrate how the traffic flows are generated for the example shown in Figure ...

Page 35: ...nt specification For example if you specify policy endpoints as 10 2 0 0 16 10 2 0 1 and 10 2 0 25 the Policy Manager will use only 10 2 0 0 16 The IP QoS rules generated from EPICenter IP policy definitions are also known as Access List rules because they define and control IP based access between endpoints A rule implementing IP based QoS between server A and client B effectively defines the acc...

Page 36: ...port QoS the endpoint specification and the scope are theoretically redundant because the endpoint specification effectively defines the scope of the policy However you must specify both the endpoint and the policy scope If there are devices in the policy scope for example when the scope resource is a group that are not related to the ports specified as endpoints These will not be affected by the ...

Page 37: ... included in the policy scope Figure 6 VLAN policy Like Source Port QoS VLAN QoS rules are implemented only in the devices included in the policy scope that have the specified VLAN To enforce QoS settings across switch VLAN boundaries you must use 802 1Q tagging specifically through explicit packet marking using 802 1p or DiffServ If the switch ports used for output use 802 1Q tagging the QoS prof...

Page 38: ...that can be implemented in a network device Policy named components are components such as groups which are mapped to their individual members users and named hosts which can be mapped to IP addresses and ports These are represented by the shaded boxes in Figure 7 Policy primitive components are components such as device ports IP addresses VLANs and QoS profiles that are used to define the QoS rul...

Page 39: ...me Host are entered into the EPICenter database through the Grouping Manager either using the Import capability or through the GUI A Host to IP address mapping can be established in several ways The IP address can be added as a component attribute through the GUI or as part of the Import function Alternatively the mapping can be obtained through a name lookup service such as DNS Within the Policy ...

Page 40: ...rmined by the Policy Manager from mappings associated with named components such as users or hosts They can also be entered directly as endpoints in an IP policy traffic definition QoS Profiles QoS profiles provide the definitions of traffic priority and minimum and maximum bandwidth that when combined with a traffic flow specification define a policy QoS profiles are predefined but they can be re...

Page 41: ...ies is limited to the edge device to which the user is connected many of these issues are not relevant for Security policies Assume that you want to define an IP policy Access List rule applying to all TCP traffic in both directions between Host1 and Host2 This defines two traffic flows for the policy From any L4 port on Host1 to any L4 port on Host2 From any L4 port on Host2 to any L4 port on Hos...

Page 42: ...define the user resources either by entering them individually through the GUI or by importing them Ensure that a mapping relationship exists from each user to an IP address This is necessary so that the Policy Manager can use them to create identifiable traffic flows User host IP address relationships are often created as part of the import process If Netlogin DLCS is running on your Extreme netw...

Page 43: ...between the resources in a policy scope is used to determine which QoS profile specification should be used when a particular device is specified multiple times within a scope definition Policy precedence precedence between policies is used to determine which policy should be used when multiple policies could apply to the same traffic flow If this occurs the policy with higher priority is used by ...

Page 44: ...k but have not been tested See the EPICenter Release Note and Quick Start Guide that accompanies your software for the most current list of supported models EPICenter software uses a custom queue list for bandwidth control and a priority queue list for priority control The custom or priority queue list are bound to each interface independently so you can specify the queueing strategy individually ...

Page 45: ...he entire set of policy based QoS features found in the most current versions of the ExtremeWare software In addition not all versions of the ExtremeWare software support all the features available through the Policy Manager Appendix H presents information about how the policy features available in the various versions of the ExtremeWare software are supported by the EPICenter Policy Manager Appen...

Page 46: ...46 EPICenter Software Installation and User Guide EPICenter and Policy Manager Overview ...

Page 47: ... The installation process installs all of these components on a Windows 2000 or Windows XP system or under Solaris 7 or Solaris 8 The EPICenter software offers two different clients One is an installed client that runs as a stand alone application on the client workstation The other client runs within a web browser Microsoft Internet Explorer under Windows with the Java Plug in version 1 3 1 or la...

Page 48: ...ded You can tell the type of file system by looking at the disk properties Right click on the drive letter in the Windows Explorer or My Computer windows 400 Mhz Pentium compatible processor CDROM drive for installation A network connection Solaris For installation under Solaris the requirements are Solaris 7 or Solaris 8 with required patches already installed 128 MB RAM 256 MB recommended especi...

Page 49: ... and the Java 1 3 1 plug in NOTE See the EPICenter Release Note and Quick Start Guide shipped with the software for the latest information about configuration requirements Browser Requirements for Reports Even if you are running the stand alone client application a browser is required to run the EPICenter HTML reports The EPICenter dynamic reports are HTML pages that do not require Java capability...

Page 50: ... key found on the License Agreement included in your software package This key starts with AC and can be used to obtain a permanent license key You do not need an activation key to obtain an evaluation license key NOTE See the EPICenter Release Note and Quick Start Guide shipped with the software for the latest information about obtaining a license key Obtaining an Evaluation License To obtain an ...

Page 51: ...pdate your license key to enable the new module To add a license key for an optional EPICenter product module use the instlic utility In Windows run the instlic command using the Run command from the Windows Start menu or from an MS DOS command window From Solaris run the command from a command shell The instlic utility is found in the EPICenter install directory by default c Program Files Extreme...

Page 52: ...atabase follow the update procedure described in Adding or Updating the License Key on page 55 NOTE If you already installed the EPICenter client software you must UNINSTALL the client software before you begin the EPICenter server installation To install the EPICenter server follow these steps 1 Close any open applications 2 Insert the CDROM into the CDROM drive 3 In most cases the Extreme Networ...

Page 53: ...e 9 In the Destination dialog box choose one of two options Accept the default target drive and folder displayed in the Destination Directory box Click Browse and select or enter a new folder a new drive or both and click Next If you are installing on a disk that uses the FAT file system rather than the NTFS file system a warning message pops up when you click Next This is because under the FAT fi...

Page 54: ...In addition if you want to be able to import user and host information from a Windows NT Domain Controller the EPICenter server must run with permissions that allow it to get user information from a Domain Controller Click No if you do not want to install the components as services 14 If you are upgrading from the previous release of the EPICenter software you are asked whether you want to copy th...

Page 55: ...install a license key after the original installation is complete use the instlic utility provided CAUTION DO NOT reinstall the software if you have any data or configurations of value in the EPICenter database Re installation will re initialize the database To update your license key follow these steps 1 Select Run from the Start menu or start an MS DOS command window NOTE Because you must enter ...

Page 56: ...nd then you will be presented with the download page that includes Solaris patch bundles Local Name Resolution The Solaris system on which EPICenter is installed must be able to resolve both its own local name and its domain name For example if you install EPICenter on a system named system1 then it must be able to resolve both system1 and its domain name such as system1 company com You can test f...

Page 57: ...ation script install sh The EPICenter Welcome message appears as follows Welcome to the Extreme Networks EPICenter install program This program will install EPICenter version 4 1 0 on this system Please review the following software license terms and conditions You will need to accept this license to continue the installation Press space to page through the license Press enter to view the license ...

Page 58: ...configure EPICenter we will need to ask you for some information In most case the default answers will work correctly 9 First you are asked whether you want to upgrade from a previous installation of EPICenter You can upgrade from EPICenter 3 1 or EPICenter 4 0 Upgrade Parameters If there is a previous installation of EPICenter installed you may import the database from the previous installation I...

Page 59: ...ameters EPICenter will run an SQL database server on this machine The database needs the name of this machine and an unused port to listen on Please enter the port for the database 10553 Accept the default 10553 for the TCP port that the EPICenter Web Server will use to communicate with the database or enter a different port number You can use any port number a number between 1024 and 65535 is rec...

Page 60: ...are upgrading from an earlier version of EPICenter you will also see the following Database Upgrade Upgrading Database Upgrading from EPICenter 4 0 Generating sql files Dumping data from tables in old database Loading data into tables in new database Database Upgrade Complete Next you are asked to move or copy any previous switch software images or uploaded switch configuration files from export h...

Page 61: ... the instlic utility provided CAUTION DO NOT reinstall the software if you have any data or configurations of value in the EPICenter database Re installation will re initialize the database Run the installation script found in the EPICenter installation directory install_dir instlic key install_dir is the directory path where you installed the EPICenter components key is the 14 character license k...

Page 62: ...t The EPICenter software provides two options for connecting to an EPICenter server from a client system a stand alone client application or a browser based client you can run from a web browser such as Microsoft Internet Explorer On Solaris based systems only the stand alone client is supported NOTE The browser based client is supported on Windows based systems only When you run the EPICenter sta...

Page 63: ... steps If the CD does not start up automatically follow these steps a Open My Computer or Windows Explorer and go to your CDROM drive b Go to the nt directory open the client sub directory and start setup exe The EPICenter Client Welcome screen appears 4 Follow the on screen instruction to progress through the Welcome screen 5 Click Yes to accept the license agreement 6 Enter your company informat...

Page 64: ...n the File Manager Go to the sol directory then to the client sub directory To run an Xterm window cd cdrom x sol client where x is your CDROM drive number e g cdrom0 The volume label of the installation CD is epc41b xx where xx is the build number for example epc41b34 3 Run the installation script client sh The EPICenter Client Welcome message appears as follows Welcome to the Extreme Networks EP...

Page 65: ...owing message appears File copy complete Configuring Installation At this point additional files are copied and the EPICenter Client installation tree is created and filled out This will take several minutes When the files are complete you are asked for a set of configuration information To configure the EPICenter client we will need to ask you for some information In most case the default answers...

Page 66: ...r software and all of the EPICenter components including the stand alone client do the following 1 Shut down the EPICenter components if they are still running If they are running as services a From the Start menu highlight Settings then select the Control Panel b Double click Services to display the Services Properties window c Highlight EPICenter 4 1 Server and click Stop to stop the EPICenter 4...

Page 67: ... the server using the stopserv command then remove the all the files in the installation directory To remove the EPICenter server software including the stand alone client follow these steps 1 Run the stopserv command found in the root installation directory The installation directory is the directory path where you installed the EPICenter components For example if you installed in the default dir...

Page 68: ...station do the following 1 Make the parent of the installation directory the current directory and remove all files from the directory and its sub directories For example if you installed using the default directory path opt extreme epc4_1_client enter cd opt 2 Remove all files from the installation directory tree For example if you installed using the default directory path enter rm rf epc4_1_cli...

Page 69: ... following instructions assume that the Windows 2000 or Windows XP operating system is already running and that the EPICenter server software is already installed If you have installed the EPICenter components as services under Windows 2000 or Windows XP the EPICenter Server and database component will start automatically when you boot the server This is the recommended method of installing EPICen...

Page 70: ...s There may be occasions when you need to shut down the EPICenter server such as to upgrade a license key from an evaluation to a permanent license or to add an optional module license Components Running as Services If the EPICenter server components are running as services follow these steps to shut them down 1 Open the Control Panel folder 2 From the Control Panel double click Administrative Too...

Page 71: ... do not have those permissions as you are currently logged on you can specify a different log on account for the EPICenter web server as a start up parameter In the Log On As section of the Startup pop up window enter the account name and password for a user that has the appropriate permissions to access the Domain Controller Running the EPICenter Server Software under Solaris The following instru...

Page 72: ...nt Internet Explorer 5 0 or Internet Explorer 5 5 with Service Pack 1 and the Java 1 3 1_03 plug in Running the EPICenter Stand alone Client To start the EPICenter stand alone client interface on a system different from where the EPICenter server is installed 1 From the Start menu highlight Programs then Extreme Networks followed by EPICenter 4 1 Client to display the EPICenter Client menu 2 Selec...

Page 73: ... installed log in as admin You will be able to change the administrator password strongly recommended and to create additional user accounts If you are a new user without your own account on the EPICenter server type user as the User Name You will be able to view information in the various modules but will not be able to change any configurations 6 Type your password in the Password field Both def...

Page 74: ...Center Client in a Browser NOTE The browser based client is supported on Windows based systems only To start the EPICenter client in a browser window 1 Launch your web browser 2 Enter the following URL http host port In the URL replace host with the name of the system where the EPICenter server is running Replace port with the TCP port number that you assigned to the EPICenter Web Server during in...

Page 75: ...rsion installed or if you encountered problems downloading it Click the Get Java PlugIn link which will install the required version from the EPICenter server installation This requires access to the system where the EPICenter server is installed and does not require Internet access The EPICenter Login page appears as shown in Figure 11 From the start up page you can view a variety of reports abou...

Page 76: ... strongly recommended and to create additional user accounts If you are a new user without your own account on the EPICenter server type user as the User Name You will be able to view information in the various modules but will not be able to change any configurations 2 Type your password in the Password field Both default names user and admin initially have no password so you can leave the field ...

Page 77: ... the left hand side of the page to display a detail report about a specific status item Figure 12 The Network Status Summary Report page From this summary report you can view the following reports Summary status of the devices known to the EPICenter server that are not responding to EPICenter queries A summary of the reported to be in marginal condition such as a problem with the fan temperature o...

Page 78: ...ble Version The number of the most recently available version of the software Status The status of the software running on this machine In order for your machine to verify the latest EPICenter software version it must access the Extreme Networks website at http www extremenetworks com If your network uses a firewall you can configure HTTP proxy properties using the Server Properties External Conne...

Page 79: ...tical alarms that have occurred on devices managed by the server The date and time of the last update of the server summary information for this server The status of the server whether it is responding to the periodic poll The About EPICenter Page From the bottom of the Summary Report panel you can navigate to the About EPICenter page The About EPICenter page shown in Figure 14 provides informatio...

Page 80: ...y Manager if you have a license for those modules Home returns you to the Network Summary Report display shown in Figure 15 From this page you can access the About EPICenter page Figure 15 The EPICenter Home page Inventory runs the Inventory Manager where you can discover devices on your network and set up device groups and port groups so you can manage network elements in sets rather than individ...

Page 81: ... this applet STP runs the STP Monitor which lets you view the status of devices and VLANs configured for STP The devices must be running ExtremeWare 6 2 2 or later in order to be monitored by EPICenter Reports runs the Dynamic Reports module where you can run a number of pre defined HTML based reports from data in EPICenter s inventory database You can also define your own reports Logoff ends your...

Page 82: ...functions within the applet The Component Tree The left side panel shows the Component Tree The Component Tree is a nested tree that displays the components known to the EPICenter database that are relevant to the active module The Component Tree may display different types of components depending on which EPICenter module you are viewing For example in the Inventory Manager the Component Tree sho...

Page 83: ... VLAN and is a tagged VLAN and are examples of folder icons indicates a general purpose group in the Grouping module indicates a host resource in the Grouping module indicates a user resource in the Grouping module Devices are identified in the tree by their device name as defined in the SysName MIB variable and IP address A user with administrator access can change this to reverse the order of th...

Page 84: ...ntents change depending on which applet you are viewing and also on the permissions associated with your user account Moving the Component Tree Boundary You can move the boundary between the Component Tree panel and the main applet panel by following these steps 1 Place the cursor over the line separating the panels 2 Click and hold the left mouse button to grab the panel separator 3 Drag the sepa...

Page 85: ...ton invokes a pop up dialog box for the function as shown in Figure 18 NOTE If you have Monitor access some or all of the buttons in a given applet are not available to you For example in the VLAN Manager a user with Monitor access can view information about the components in the Component Tree but cannot Add Delete or Modify VLANs or perform any port configurations Figure 18 Pop up dialog box for...

Page 86: ...rts page as shown in Figure 18 click Apply to commit those settings then display the IP Forwarding settings and make changes on that page Other dialog boxes may provide a button that executes the function of the dialog such as Add or Delete Like the Apply button these often perform the function but leave the dialog box open so you can perform additional operations Most dialog boxes also provide a ...

Page 87: ...tware provides an automatic discovery function This feature can discover Extreme and MIB 2 compatible devices by specific IP address or within a range of IP addresses You can also add network devices to the EPICenter database manually using the Inventory Manager Add function Once a network device is known to the EPICenter database you can assign it to a specific device group and configure it using...

Page 88: ...d line interface or ExtremeWare Vista These traps are based on a set of SmartTraps rules that the Inventory Manager creates on the switch when it is added to the switch inventory The rules tell the switch what events or changes EPICenter wants to be notified about The rules are created on the switch using SNMP EPICenter also adds itself on the switch as a trap receiver The switch uses the SmartTra...

Page 89: ...ps currently defined in the EPICenter database are displayed in the Component Tree in the left panel The panel on the right shows the All Device Groups page a list of the currently defined device groups with their descriptions The first time you run EPICenter there is only one device group Default You cannot delete or change the name of the Default device group Click on the plus sign to the left o...

Page 90: ...he EPICenter database with current device configuration and status information Default lets you create default access parameters for network devices Find searches for devices by name IP address or device type and returns information such as the device group s to which the device belongs Help displays an on line help page for the Inventory Manager Viewing Device Status Information When you select a...

Page 91: ... The ExtremeWare software running in the switch provides comprehensive status information through the Extreme MIB Figure 22 show the information displayed for a 3Com device a subset of the information available for an Extreme device Table 3 Inventory Manager Device Status Indicators Status Light Device Status Green Device is up and OK Yellow Device is responding but reports an error condition such...

Page 92: ...x information The device pop up menu also contains the Alarms Browse EView Statistics Sync Telnet and VLANs commands All of these commands perform the same functions as the applets in the Navigation Toolbar to the left of the page but with the appropriate device displayed Modify The Modify function lets you change the members of a device group or update the contact parameters for a device in the E...

Page 93: ...line state While offline EPICenter does not communicate with the device EPICenter does not process traps or syslog messages received from a device that is in the offline state However you can create references to the device for alarms policies groups RMON thresholds and so on You can also request an interactive telnet session with the device Once you bring the device online the network state of th...

Page 94: ...ter 7 for details on using this feature VLANs The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to the EPICenter database See Chapter 13 for details on using this feature Properties The Properties function lets you view the attributes for a device group or a device To view the Properties display for all device groups Right click on the Device Groups componen...

Page 95: ...very set up window 2 Click the appropriate boxes to select the types of devices you want to include in the discovery You can discover Extreme devices only or all devices with MIB 2 compatible agents 3 Specify the device address range you want to discover You may specify the range in one of two ways As an IP Address with Wildcards such as 10 203 10 or 10 203 Valid wildcard characters are and dash a...

Page 96: ...rieve information from any SNMP version 1 devices it discovers 6 Select Enable SNMP V3 Discovery if devices on your network use SNMP version 3 7 Click the New button to add the range into the Device Discovery Criteria list 8 Repeat steps 3 through 6 to specify any additional device addresses or ranges for the discovery 9 If necessary you can remove an address range from the Device Discovery Criter...

Page 97: ...atabase select individual devices or a range of devices in the Results list and click the Add button at the bottom of the window NOTE If you select multiple devices make sure the devices you select have identical contact information As part of the Add process you will be asked for a single password that will apply to all the selected devices If the password is specified incorrectly for any of thes...

Page 98: ...ds you specify are correct for each device A device cannot be added if the password is not correct Figure 25 Setting default device options for discovered devices 13 Click the SNMP tab to configure SNMP settings see Figure 26 Figure 26 Setting SNMP default device options for discovered devices 14 Click OK to proceed with the Add process A message window shown in Figure 27 appears to show you the p...

Page 99: ... each state To see the messages related to an Add function either successful or unsuccessful select a device in the list The messages related to the device are displayed as lines under the device node as shown in Figure 28 Click the plus sign at the left of the device name to display server messages related to adding the device Click the minus sign at the left of the device to hide the server mess...

Page 100: ...as finished the Discovery Results window is re displayed You can select more devices and specify a different set of Inventory Device Options and add those devices to the Inventory Manager Adding Devices and Device Groups Users with Administrator or Manager access can add devices to the EPICenter database and create Device Groups If you have Monitor access only you may not use this function Adding ...

Page 101: ...kable chassis 4 Enter the Cisco Enable Password is used if this device is a Cisco device If the device is not a Cisco device this field is grey 5 If EPICenter is going to use SSH2 for secure Telnet sessions select SSH Enabled in the Use SSH field SSH2 must be configured on the device in order for an SSH2 session to be established between EPICenter and the device 6 Select the device group to which ...

Page 102: ...ation MD5 Authentication or SHA Authentication SNMP V3 Authentication Password If the devices is using SNMP V3 Authentication enter the authentication password 4 To clear the contents of the fields and reset them to their default values click Reset 5 To add the new device to the database click Add When you click Add the Inventory Manager adds the devices to the database It makes a set of SNMP requ...

Page 103: ...Figure 31 Add Device Group window in the Inventory Manager 2 Type a name for the device group into the Device Group Name field and a description optional into the Device Group Description field 3 To add a device to the selected device group perform one of the following steps a To move a device to the selected device group select one or more devices in the Available Devices list and click Move The ...

Page 104: ...than one device group the Available Devices list displays a separate entry for each device group to which the device belongs as shown in Figure 32 Figure 32 Device belonging to multiple device groups in Add Device Groups window Modifying Devices and Device Groups You can use the Modify function to modify the access parameters for an individual device or to add and delete members of a device group ...

Page 105: ...act Password The login and password needed in order to Telnet to the device or to use ExtremeWare Vista Device Poll Interval Specifies how frequently the EPICenter server should poll the for detailed device information such as software version bootrom version and so on This also includes EDP and ESRP information for non i series devices To avoid a potentially large amount of polling traffic this d...

Page 106: ... the appropriate fields of the SNMP tab as shown in Figure 34 Figure 34 SNMP tab of the Modify Devices and Device Groups window SNMP Version The version of SNMP version 1 or version 3 that EPICenter uses to access the device SNMP Read Community String and SNMP Write Community String Can be modified if the device is using SNMP version 1 WARNING If you change the community string for a device so tha...

Page 107: ...Group Devices are always a member of a device group devices not explicitly assigned to another device group are members of the Default device group This has two effects related to modifying device groups When devices are removed from all other device groups they are automatically added to the Default device group Devices cannot be removed from the Default device group using the Remove button in th...

Page 108: ... group and the device group being modified select one or more devices in the Available Devices list and click Copy 5 To remove a device from the device group select one or more devices in the Included Devices list and click Remove The device s will be moved from the selected device group If the selected device group is the only group to which the device belongs the device is returned to the Defaul...

Page 109: ...te Devices window see Figure 36 Figure 36 Devices tab of the Delete Devices and Device Groups window 2 To select a device from a specific device group select the device group from the pull down list in the Filter by Device Group field Select All Devices to view the list of all devices from all device groups 3 Select one or more devices in the Devices list and click Delete 4 Click OK to confirm tha...

Page 110: ...right clicking to display the pop up menu and selecting Delete Device Group To delete a device group from the EPICenter database follow these steps 1 Click the Delete button at the top of the Inventory Manager main page Select the appropriate tab to display the Delete Device Groups window see Figure 37 Figure 37 Device Groups tab of the Delete Devices and Device Groups window 2 Select one or more ...

Page 111: ...in the Component Tree right clicking to display the pop up menu and selecting the Sync command To refresh the configuration and status information follow these steps 1 Click Sync at the top of the Inventory Manager page The Synchronize Devices dialog shown in Figure 38 is displayed listing the devices in the EPICenter database Figure 38 Synchronize Devices dialog 2 To select a device from a specif...

Page 112: ...s window shown in Figure 39 is displayed Figure 39 Configure Defaults window Basic tab 2 Enter or make changes to any of the Basic fields These options will apply to future network devices that you add to the EPICenter database Device Login and Device Contact Password The login and password needed in order to Telnet to the device or to use ExtremeWare Vista Cisco Enable Password Used if this devic...

Page 113: ...lect No Authentication MD5 Authentication or SHA Authentication SNMP V3 Authentication Password If the devices is using SNMP V3 Authentication enter the authentication password 4 Click Reset to clear the contents of the fields and reset them to their default values 5 Click Save to save your changes to the EPICenter database A message window shown in Figure 41 appears to show you the progress of th...

Page 114: ...e Find Devices dialog shown in Figure 43 is displayed Figure 43 Find Devices dialog 2 Enter your search criteria You can search for devices by name or by IP address You can limit the search to a specific device group or to a specific type of Extreme device Search criteria can include A device name Click the Device Name button and enter a complete or partial name in the Search field An IP address C...

Page 115: ...ce or device group combination 4 Double click on a device in the results table to highlight the device in the Component Tree or select a device in the results table and click OK to display the associated status information for that device see Viewing Device Status Information on page 90 If you click OK the search window will close 5 Click New Search to clear all search criteria 6 Click Cancel to c...

Page 116: ...a table which contains the following columns Device Group The name s of the device group s known to EPICenter Description A description of each device group known to EPICenter You can also view properties for a specific device group To view properties for a specific device group right click on a device group in the Component Tree and select Properties from the pop up menu The Device Group Properti...

Page 117: ...device group Count The number of devices in the device group There is also a table which contains the following columns Device The name of the devices that are members of this device group IP Address The IP addresses of the devices that are members of this device group Device Properties To view properties for a device right click on a device in the Component Tree and select Properties from the pop...

Page 118: ...e name of the device and a status light which shows the status of the device as detected by EPICenter The Device Tab The Device tab displays information about the device such as its IP address MAC address and boot time The main section of the window presents the same information you can view in the Inventory Manager for the device If the device is an Extreme device the ExtremeWare software running...

Page 119: ...connected to the device VLAN VLAN name Tag VLAN tag Protocol Protocol filter for the VLAN IP Address IP address of the VLAN Subnet Mask Subnet Mask for the VLAN QoS Profile The QoS profile configured for this VLAN ESRP Whether ESRP is configured for this device STP The STP Domain name State The domain state Enabled or Disabled VLAN The name of the VLAN participating in this domain Tag The 802 1Q t...

Page 120: ... a minimum of 10days of event history The event log can be a maximum of 30 MB per file and uses two rotating archive files If you want to retain historical even log records you should backup the event log Time The time that the message was received Severity The severity level of the message Severity levels include the following 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informatio...

Page 121: ...so lets you define your own alarms that will report errors under conditions you specify such as repeated occurrences or exceeding threshold values You can specify the actions that should be taken when an alarm occurs and you can enable and disable individual alarms Fault detection is based on Simple Network Management Protocol SNMP traps syslog messages and some limited polling The Alarm System su...

Page 122: ...on Extreme Networks devices you must manually configure the devices to send traps to the EPICenter server To receive syslog messages from an Extreme Networks device EPICenter must be configured as a syslog receiver on the device See Configuring EPICenter as a Syslog Receiver on page 153 for more information Not all trap events are supported in older versions of the ExtremeWare software Please refe...

Page 123: ...Alarm Log Browser summary displays the following information for each alarm instance ID An integer number assigned by the EPICenter Alarm System based on the order in which the alarm occurred Name A name for the alarm provided when the alarm is defined Category An optional user defined classification that defaults to Default Severity The severity level associated with the alarm when it was defined...

Page 124: ...utton in the EPICenter Navigation Toolbar also returns to black You can unacknowledge alarms if needed by selecting the alarms and clicking the Unack button The Ack or Unack operation may take a few seconds to update the database When the update is complete the rows are deselected Deleting Alarm Log Entries To delete an alarm log entry 1 Select the alarm entry or entries you want to delete 2 Click...

Page 125: ...sen the Between operator available for Log ID Source IP and Port IfIndex you will be asked to enter two values For some parameters you can select values from a drop down list For a more detailed explanation of defining a filter condition see Filtering the Alarm Display on page 126 5 Click the Add Modify Condition button to add this specification to the filter definition You can create a multi crit...

Page 126: ...w details for other alarms Enter or select an Alarm ID in the Go to alarm field Click the Next button to view the next alarm down in the list the next earlier alarm based on the default sorting order Click the Previous button to view the next alarm higher in the list the next later alarm based on the default sorting order Filtering the Alarm Display The alarms you see in the Alarm Log browser are ...

Page 127: ... Click the New button to clear the previous filter definition If the View last 300 alarms check box is checked this will uncheck it and enable the other fields in the window 2 Select the parameter you want to use as a filter criterion from the pull down menu in the Field field 3 Select an operator using the pull down menu in the Operator field 4 Enter the value or values against which the paramete...

Page 128: ...multiple specifications of the same parameter For example in order to find and view alarms for IP addresses 10 205 0 55 and 10 205 0 61 you must use the Between operator to test for all Source IP addresses between these two IP addresses You cannot create a filter that includes both Source IP 10 205 0 55 and Source IP 10 205 0 61 6 To remove an individual criteria select it in the current filter li...

Page 129: ...predefined alarms generate alarm log entries upon occurrence but no other actions are specified You can modify the predefined alarms or define additional alarms based on a fairly large number of events To view the current alarm definitions to create new definitions or to modify existing definitions click the Alarm Definition tab at the top of the page The Alarm System Alarm Definition page is disp...

Page 130: ... To create a new alarm click the Add button at the top of the page The New Alarm Definition window appears as shown in Figure 52 and displays the Basic page of the three page alarm definition Figure 52 The New Alarm Definition window Basic definition There are three parts to an alarm definition the Basic definition the Scope definition and the Action definition Each is represented on its own page ...

Page 131: ...devices from which you want to receive Syslog messages See Configuring EPICenter as a Syslog Receiver on page 153 for more information Syslog messages received from devices not managed by EPICenter are ignored For certain other events you must do the configuration on the switch using an SNMP configuration tool such as SNMPc See Configuring Other SNMP Trap Events on page 152 for more information Th...

Page 132: ... must occur before an alarm is generated alarmRepeatPeriod The time frame within which the repeated events must occur for the alarm to be generated alarmSourceDeviceName The name of the device on which the event s occurred taken from the EPICenter database alarmSourceIP The IP address of the device on which the event s occurred alarmSourceIfIndex The interface on the device on which the event s oc...

Page 133: ...up Select the type you want from the pull down list Selecting Device Group or Port Group will scope the alarm on all members of the selected group Group membership is evaluated every time a trap is received Therefore changes to the group membership adding or removing devices or ports will have an immediate effect on alarm processing To scope the alarm on individual devices or ports select Device o...

Page 134: ... components from the Selection list Remove All Removes all the components from the Selection list The Alarm Actions To define actions for the alarm click the Actions tab The Action definition page is displayed as shown in Figure 54 Figure 54 The New Alarm Definition window Action definition In this window you define the actions for the alarm the functions that should be performed when the alarm oc...

Page 135: ...iting a script using the extr sendMail command See Writing Tcl Scripts for Alarm Actions on page 155 for more information NOTE If this box is greyed out you must first configure your e mail settings See Setting Up E mail for the Alarm System on page 136 for details Forward Trap to Click this checkbox to forward the trap event that caused this alarm Specify the forwarding instructions in the fields...

Page 136: ... the following 1 Click the Settings button on the Action page This displays the Email Settings window as shown in Figure 55 Figure 55 Setting up E mail for EPICenter alarm actions 2 Enter your outgoing mail server name or IP address into the SMTP Host field 3 Enter into the Sent By field the e mail address that should be used as the sender of the e mail 4 If your mail server authenticates the user...

Page 137: ...he Selection list No ifIndex list will be displayed 3 Click the Action tab and enter Joe s paging information as you did in Example 1 4 Click OK to finish the alarm definition Example 3 In a Windows NT environment where both the EPICenter server and client are running under Windows define an alarm that will pop up a message on the Windows client system joe if the port utilization on port 10 on dev...

Page 138: ...l to the New Alarm Definition window except that the current information for the alarm you selected is filled in To modify the alarm make any changes you want then click OK For definitions of the various fields see the section Creating a New Alarm Definition on page 130 Deleting Alarm Definitions To delete an alarm definition select the alarm in the Alarm Definition List and click the Delete butto...

Page 139: ...e Default category cannot be deleted Threshold Configuration The Threshold Configuration page lets you define the conditions or rules that will cause certain trap events to occur and specify the devices on which these rules should be configured You can use this page to define thresholds for RMON utilization or CPU utilization You can configure RMON threshold traps for a wide range of variables but...

Page 140: ...rm System Configuration page is displayed Figure 56 shows the Alarm System Configuration page as it appears when displaying RMON rules for a device Figure 56 The Threshold Configuration window showing RMON rules The Configurations tree shows the existing RMON rule definitions as nodes in the tree with the devices to which they are applied shown as subnodes The main panel shows the definition for t...

Page 141: ...eshold value that will trigger an event when the value of the variable decreases past this value Startup The condition that will cause the initial event Rising Falling or RisingOrFalling Index the device index as obtained by the EPICenter server from the device For a detailed definition of these parameters see Configuring an RMON Rule on page 143 CPU Utilization Rule Display To display the CPU Uti...

Page 142: ...the Add button at the top of the page The New Configuration window is displayed as shown in Figure 58 Figure 58 New Configuration window for an RMON Rule There are two parts to an event rule the rule configuration itself and the association of the rule to its target devices The New Configuration window comes up with the Configuration page displayed In the Configuration Type field select the type o...

Page 143: ...les that are available organized by MIB groups as shown in Figure 59 Figure 59 A list of MIB variables available for use in RMON rules Click on a variable group to display the individual variables within the group You can use the up and down arrow keys to scroll the list You can also type the beginning of a variable name into the MIB Variable field then type a space and the Alarm System will attem...

Page 144: ...ld for the first time after the alarm is enabled if the Startup Alarm condition is set to Falling or RisingOrFalling The first time the sample value becomes less than or equal to the Falling Threshold after having become greater than or equal to the Rising Threshold Sample Type The method used to compare the variable to the threshold Specify the type as follows Absolute to use the actual sample va...

Page 145: ...ess than the Falling threshold Another Rising threshold trap event cannot occur until after a Falling threshold alarm has occurred as happens at point D Note that in order to have any of these trap events cause an alarm in the EPICenter Alarm System you need to define an alarm that responds to a RMON Rising Threshold or RMON Falling Threshold event If you define an alarm based on the RMON Rising T...

Page 146: ...s also used to compute a falling threshold which is defined as 80 of the rising threshold Description The description of the extremeCpuUtilRisingThreshold MIB variable The other parameters that you can set when you configure an RMON event are predefined in the Extreme switch agent for a CPU Utilization event These are MIB Variable The MIB variable is predefined to be extremeCpuUtilRisingThreshold ...

Page 147: ...me after having crossed the other threshold The diagram shown in Figure 62 illustrates how CPU Utilization trap events will occur once you have configured a CPU Utilization rising threshold The startup condition for a CPU Utilization event is always predefined to be Rising Figure 62 CPU Utilization event generation The first CPU Utilization trap occurs at the initial sample value since the value i...

Page 148: ...r a trap event when the value of relevant variable rises past this value The thresholds are specified based on the configuration type as follows Port Utilization A threshold value in 100ths of a percent that will trigger an event when the port utilization rises past this value Temperature A threshold value in degrees celsius that will trigger an Overheat event when the temperature rises past this ...

Page 149: ... per port you will be able to select by Port or Port Group Source List Device Device Group Port Group The list of components devices or groups of the specified type The field label changes based on the Source Type It is labeled Device when you select either Device or Ports a second Port field is provided for port selection Note that when you leave your cursor on a device for a moment a pop up disp...

Page 150: ...maller value for example 1450 in the Falling Threshold field f Leave the Sample Type as Absolute and the Sample Interval at the default value 15 g Select Rising for the Startup Alarm field 2 Click the Target tab and do the following a Select Port as the Source Type b Select switch8 from the Device list c Select 10 from the ifIndex list d Click Add to add the port to the Selection list 3 Click the ...

Page 151: ... a folder in the Configurations tree and this specific rule target will be moved under the new rule Deleting a Rule To delete an RMON or CPU Utilization rule do the following 1 Select the rule folder or the individual rule name in the Configurations tree to display the rule details in the main panel of the window 2 Select the individual rule or rules you want to delete 3 Click the Delete button at...

Page 152: ...ger uses SNMP to retrieve configuration and status information from each selected switch and updates the database with that information 6 The Synchronize function displays a dialog box with status or error information Click OK to continue 7 Click Close to exit the Synchronize RMON Rules window Configuring Other SNMP Trap Events There are a number of SNMP events that require configuration on the sw...

Page 153: ...ocal0 through local7 See the ExtremeWare Software User Guide or the ExtremeWare Software Command Reference Guide for more information on these commands To configure remote logging on multiple devices you can run these commands as a macro in the EPICenter Telnet module You can also include a severity in the config syslog command which will filter log messages before they are sent to the EPICenter S...

Page 154: ...ve RMON traps you need to ensure that RMON is enabled on the device For Extreme devices you can do this through the ExtremeWare CLI with the command enable rmon Log Archive The EPICenter server stores a minimum of 10 days of event log history and a minimum of 10 days of alarm log history in the server database Excess data from the event log and alarm log are archived to files The event log archive...

Page 155: ...the overall EPICenter server A safe interpreter creates a private sandbox in which the alarm action scripts executes The master interpreter hides certain functions from the scripts inside the sandbox The master interpreter performs some other functions on behalf of the slave interpreter By performing functions for the slave the master has a chance to check to see if the slave s request is valid If...

Page 156: ...ls the command to retrieves data from the EEM server in which the alarm action scripts are executing raw Optional If specified the result of the query is returned unparsed as a string containing the data in the XML format sql The sql query arg Arguments to the sql query for variable substitution extr sendMail Sends e mail through the EPICenter server Syntax extr sendMail toList from subject body s...

Page 157: ...d or most current image Performing a live software update by retrieving the latest ExtremeWare software images from Extreme Networks Specifying and configuring the TFTP server to be used for uploading and downloading configuration settings and software images Searching for a specific device or group of devices Displaying device and device group parameters Multi step upgrade Overview of the Configu...

Page 158: ...sion The version of the ExtremeWare software that is currently running in the device BootROM The version of the bootROM currently running in the device Next Scheduled Upload The date and time for the next Archival upload if one is scheduled Last Activity The last activity upload or download of a configuration file software image or BootROM that has taken place through the EPICenter Configuration M...

Page 159: ...to display a pop up menu that contains the Upload Archive Download Increment Upgrade Devices and Properties commands All of the commands with the exception of the Properties command perform the same functions as the buttons at the top of the page but with the appropriate device or device group displayed The Properties command displays the attributes for a specific device group or device The device...

Page 160: ...he pop up menu that appears or click Download from the Tool Bar This opens the Download Configuration to Devices window and displays the devices in a device group If configuration information has been uploaded from the device the file where it was saved is listed in the Last Upload Configuration column See Downloading Configuration Information to a Device on page 168 for details on using this feat...

Page 161: ...ed device To view the Alarms display for a selected device Right click on the device then select Alarms from the pop up menu that appears This starts the Alarm System applet in a new window The Alarm System displays the Alarm Log Browser and displays the alarms for the selected device See Chapter 5 for details on using this feature Browse The Browse function runs the ExtremeWare Vista switch manag...

Page 162: ...ted in EPICenter applets Sync causes EPICenter to poll the switch and update all configuration and status information To launch the synchronization procedure for a selected device Right click on the device then select Sync from the pop up menu that appears This starts the Sync procedure for the selected device See Chapter 4 for details on using this feature Telnet The Telnet function opens an EPIC...

Page 163: ...ties display for a selected device group Right click on the device group then select Properties from the pop up menu that appears The Device Group Properties window appears and displays the attributes for the selected device group To view the Properties display for a selected device Right click on the device then select Properties from the pop up menu that appears The Device Properties window appe...

Page 164: ...ices back to the Available Devices list Click Remove All to move all the devices in the Devices for Upload list back to the Available Devices list 3 Specify where the uploaded information should be stored a Select Archive to create files for each upload under the EPICenter Configs directory in a subdirectory hierarchy organized by year month and day The form of the fully qualified file names for t...

Page 165: ...ilename for the device Summit24 would be 10 205 0 25_week_8_backup txt 4 Click Apply to start the upload process The Reset button restores all the fields to their initial state Archiving Configuration Settings You can schedule the uploading archiving of configuration information so that it is done automatically either once a day or once a week By default all new devices added to the EPICenter data...

Page 166: ...click the Remove button This moves the selected devices back to the Available Devices list Click Remove All to move all the devices in the Devices for Scheduling list back to the Available Devices list 4 Specify the schedule you want No Schedule will remove any schedule associated with the selected device s Repeat Every Day indicates that the upload should be done every day at the specified time W...

Page 167: ...ay the Global Schedule window as shown in Figure 70 Figure 70 Global Schedule Upload window 2 Specify the global schedule you want No Schedule will remove any schedule associated with the device s that use the global schedule Repeat Every Day indicates that the upload should be done every day at the specified time for devices that use the global schedule When you select this option you will be abl...

Page 168: ...ce do the following 1 Select a device group or All Devices from the drop down menu in the Device Group field 2 Select the device from the device list presented You can only download to one device at a time If configuration information has been uploaded from the device the file where it was saved is listed in the Last Uploaded Config column 3 In the File Location field type the location and name of...

Page 169: ... incremental download file It does not reset the switch configuration or replace any other configuration settings that may exist in the device No reboot is necessary The EPICenter incremental download does not save the configuration you must do so Incremental downloads are supported on Extreme Networks devices running ExtremeWare 6 0 or later and on Cisco devices running IOS 12 0 or later To downl...

Page 170: ...ation you can start with a configuration file you have uploaded or one of the standard configuration You can edit it if needed to reflect the basic configuration settings you want to use as your baseline configuration and to remove settings you don t want changed Incremental configuration files must be stored in the tftp_root baselines directory where tftp_root is the location of your TFTP server ...

Page 171: ... image and BootROM versions loaded on the switch to determine what intermediate steps if any are required Only Extreme Networks i series switches are evaluated for a multi step upgrade Extreme devices that are not part of the i series can be upgrade only using a single step method NOTE For more information on upgrading your Extreme switch see the ExtremeWare Release Notes Upgrade Logic The multi s...

Page 172: ... If the EPICenter server times out while the device is rebooting it is possible that the device reboot time is longer than what the server will waits before timing out Obtaining the Image and BootROM Versions Before you perform a multi step upgrade make sure that you have all of the required image and BootROM versions available on your EPICenter client machine To get the image and BootROM versions...

Page 173: ...ine_inferno 6 2 2 v622b56 xtr alpine_inferno boot 7 8 ngboot78 bin blackdiamond_inferno boot 7 6 ngboot76 bin blackdiamond_inferno 6 1 9 v619b27 xtr blackdiamond_inferno 6 2 2 v622b56 xtr blackdiamond_inferno boot 7 8 ngboot78 bin By default all values are commented out You must uncomment each file that the switch will need in order to complete the multi step upgrade Upgrading Images on Devices To...

Page 174: ... of this type see Specifying the Current Software Versions on page 182 If you have not specified a software version in the Versions window this will be blank Image Status shows the status of the image compared to the version shown in the New Image Available column A green check indicates that the version running in the device and the New Image Available version are the same A red X indicates that ...

Page 175: ...out any additional prompts This is the original behavior When finished the device reboots according to the setting of the Reboot Options selection 6 If a multi step upgrade is recommended for the device and you have not modified the file installdir extreme upgrade properties the Configuration Error dialog box is displayed as shown in Figure 74 Figure 74 Configuration Error 7 After you have appropr...

Page 176: ...tep Upgrade Skipping the multi step upgrade and upgrade directly to the specified version WARNING If you select Skip Multi Step Upgrade be sure that you fully understand all upgrade procedures Skipping the multi step upgrade procedure may cause an error on the device and can cause the upgrade to fail 9 To begin the first part of the multi step upgrade process click Begin Upgrade To print the table...

Page 177: ...dentically to a standard single upgrade of either the software image or BootROM The switch is rebooted according to the option you select using the Reboot Options setting Do not reboot after download indicates the devices should not be rebooted Reboot immediately after download indicates the devices should be rebooted immediately after the download This selection also provides an option to restore...

Page 178: ...booted Click Reboot immediately after download to indicate the devices should be rebooted immediately after the download Click Reboot after to indicate the devices should be rebooted at a later time and enter the number of hours up to 72 to wait before doing the reboot 4 Click Apply to start the software download to the selected devices Click Reset to return the window to its initial state removin...

Page 179: ...ule that is installed in the slot If a module is not installed in the slot the Type field shows the word Empty Image shows the ExtremeWare software version that is currently installed in the module if applicable BootROM shows the BootROM image that is currently installed in the module if applicable NOTE If the Image and BootROM columns are empty the module does not contain a special ExtremeWare so...

Page 180: ...ages see Selecting Software Images on page 181 NOTE Some Alpine modules and BlackDiamond modules require a special ExtremeWare software image that only runs on that particular module If you try to download an incompatible image you will receive an error message b Select the download target in the Download To field Current Primary or Secondary 5 For a BootROM upgrade click the BootROM Download butt...

Page 181: ...oftware For example if the software is available for i series devices only you may see a notation in the Description column If you select a software image and click the Close button to exit the Select Software Image window the software image is displayed in the Selected Software Image field To select BootROM images 1 From the Download Image on window select the appropriate tab to display the Devic...

Page 182: ...the EPICenter software to determine whether an individual device is running the version you have specified as the current version This is the version that appears in the New Image Available column in the Download Image on Device window Click the Versions button at the top of the window to display the Configure Standard version window as shown in Figure 79 Figure 79 Configure Standard version windo...

Page 183: ...es and BootROM images to your local EPICenter server After you download the new images you can use the images to upgrade your managed devices and modules Before you can download the software images you must have a current support contract as well as a user name and password to obtain access to the Extreme Networks server Downloading the software or BootROM images from Extreme Networks does not aut...

Page 184: ...ing New Software Images To obtain a current software image do the following 1 Click the Update button at the top of the window to display the Live Update Software Images window as shown in Figure 81 You can also access the Live Update Software Images window by clicking the Live Update button from the Select Software Image window as described in the section Specifying the Current Software Versions ...

Page 185: ...or the Summit product line Use the description information to determine the type of device or module the software is intended for 2 Select the device or slot image you want to update You can select more than one image 3 Click OK to display the Login to Remote Server window as shown in Figure 82 Figure 82 Login to Remote Server window 4 Enter your support user name in the User Name field and passwo...

Page 186: ...of the server Click the TFTP button at the top of the window to display the Configure TFTP Server window as shown in Figure 83 Figure 83 Configure TFTP Server window By default the embedded TFTP server is enabled Click the Disable EPICenter TFTP Server button to disable the server Click the Enable EPICenter TFTP Server button to enable the server NOTE You cannot disable the server unless you provi...

Page 187: ...d You can use the wild card characters or in your search criteria acts as a wildcard for an entire octet 0 255 is a wildcard for a single digit 0 9 A device group Select the device group from the drop down menu in the device group field If you do not specify a name or IP address in the Search field all devices in the device group you select will be found A device type Select the device type from t...

Page 188: ... the group and a list of the devices For more details about this display see Chapter 4 Device Properties To view properties for a device right click on a device in the Component Tree and select Properties from the pop up menu that appears The Device Properties window has five tabs at the top of the window Device VLAN STP Network Login 802 1x Syslog Messages Each tab displays the name of the device...

Page 189: ...uide 189 The Network Login 802 1x Tab The Network Login 802 1x tab lists the Network Login 802 1x information about each user connected to the device The Syslog Messages Tab The Syslog Messages tab lists information about each Syslog Message received from the device ...

Page 190: ...190 EPICenter Software Installation and User Guide Configuration Manager ...

Page 191: ... by EPICenter The Telnet application provides two usage modes A Macro View where you can set up CLI command macros and run them on multiple switches in a single operation You set a macro to run repeatedly and can save them in the EPICenter database for future use An individual session mode where you can open a session on an individual device and execute commands just as you would from a standard T...

Page 192: ... it will not appear in the Telnet Connections list or in the Component Tree in this applet When a Telnet session is currently open on a switch the switch name is highlighted in bold in the list of switches in the Component Tree NOTE If a switch displayed in the Component Tree has an S in a red circle along with the name that means that the switch is not responding to SNMP requests However the swit...

Page 193: ...are three ways to enter commands into the macro buffer Type the commands directly into the buffer Cut or copy commands from another location either elsewhere in the buffer or from an external document and paste them into the buffer Click the right mouse button anywhere in the macro buffer to display a pop up edit menu which provides copy and paste functions You can copy text from within the macro ...

Page 194: ... the macro is a repeating macro it will repeat sequentially on all selected switches until you click Stop You can execute just a portion of a macro by highlighting just the portion of the macro that you want to execute Only the selected portion will execute when you initiate the playback This will not affect saving the macro the entire macro will be saved even if only a portion is highlighted The ...

Page 195: ...he log files display the command output for the last macro played Saving a Macro in the EPICenter Database To save a macro you have defined click the Save button This displays the Macro Save pop up window see Figure 86 Figure 86 Saving a macro to the database Enter a name for the macro an optional description and click OK All current contents of the macro buffer will be saved in the database under...

Page 196: ...d to enter the password twice In a command macro unlike an interactive Telnet session the first password sets the password and the second password confirms the password To use the save command to save a configuration to the switch enter the following commands save yes To delete a user defined STPD domain stpd2 from the switch enter the following commands delete stpd2 yes To reboot the switch enter...

Page 197: ...st recent Telnet output The Telnet session window will display the commands and results from macros that are run on the switch You can also type in commands individually Copy Paste from an Interactive Telnet Session A copy and paste function is available within an interactive Telnet session Copy and paste let you copy from one interactive Telnet session into another interactive session or into the...

Page 198: ... you type in an interactive Telnet session into the Macro Record Play Buffer The record function is controlled by commands from a pop up menu displayed by using the right mouse button as shown in Figure 89 To start recording a macro click the right mouse button and select Start Record from the pop up menu Everything you type after this is copied into the macro Record Play Buffer until you select S...

Page 199: ... Telnet applet Viewing Device Information from Pop up Menus You can select a device group or a device in the Component Tree then right click to display a pop up menu that contains the Properties command The Properties command displays the attributes for a specific device group or device The device pop up menu also contains the Alarms Browse EView Statistics Sync and VLANs commands All of these com...

Page 200: ...Ware Vista login page in a new web browser window Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista EView The EView function runs the EPICenter ExtremeView applet and displays the device front panel image and device information for the selected device To view the EView for a selected device Right click on the device then select EView from the pop up menu that appe...

Page 201: ... the EPICenter database by name by IP address or by type of device This may be useful if you have a large number of devices in your inventory To search for a device follow these steps 1 Click Find at the top of the Telnet applet page 2 Enter your search criteria You can search for devices by name or by IP address You can limit the search to a specific domain or to a specific type of Extreme device...

Page 202: ... view information about individual device groups To view summary information for all device groups right click on the Device Groups component and select Properties from the pop up menu The Device Groups Properties window appears showing the All Device Groups display This displays a list of the current device groups and their descriptions For more details about this display see Chapter 4 You can al...

Page 203: ...es comprehensive status information The VLAN Tab The VLAN tab lists the VLANs configured on the device The STP Tab The STP tab lists the Spanning Tree domains STPDs configured on the device There may be more than one entry per STPD if the domain includes multiple VLANs The Network Login 802 1x Tab The Network Login 802 1x tab lists the Network Login 802 1x information about each user connected to ...

Page 204: ...204 EPICenter Software Installation and User Guide Using the Interactive Telnet Application ...

Page 205: ... be a member child of more than one group Resources are individual elements in your network such as a device port host end station user or VLAN Device port and VLAN resources are defined externally to the Grouping Manager through the EPICenter discovery capability and the Inventory and VLAN applets User and Host resources are defined within the Grouping module either by importing the information f...

Page 206: ...orts in the group to be contiguous or of uniform type For instance you can mix UDP and TCP ports in one group You can also have sets of contiguous and single ports in the same group Port Groups may be used by the Real Time Statistics applet and the IP MAC Address Finder applet However these applets do not support hierarchical groups if you have subordinate groups within a port group the subordinat...

Page 207: ...ps Some predefined resources such as devices and imported resources may also have predefined attributes For example device resources have their IP address as an attribute Imported resources may bring with them sets of attributes determined by the content and configuration of the import source Certain attributes such as IP subnet address L4 and Netlogin ID are used by the optional Policy Manager ap...

Page 208: ...user resource indicates a VLAN resource Devices slots and ports are indicated by icons that vary based on the specific device model and port type The icons are the same as are used in the Component Tree of the Inventory module and other EPICenter modules Although slots appear in the Component Tree they are not true resources and cannot be children of groups within the Grouping Manager VLANs may ap...

Page 209: ...ese resources or their children if they are groups through the Grouping Applet Manual indicates that this is a user defined resource created within the grouping applet using the New button These resources can be deleted from the Grouping Manager using the Destroy function The exception is the three predefined groups Hosts Users and Port Groups which are considered Manual resources but cannot be de...

Page 210: ...ll be displayed within the groups All allows resource children of all types to be displayed Devices shows only the Device resources within the groups Hosts shows only Host resources within the groups Ports shows only Device and Port resources within the groups Users shows only User resources within the groups VLANs shows only VLAN resources within the groups Grouping Manager Functions The buttons ...

Page 211: ...ources it is suggested that you add these initially to the User or Host groups or to another group you have created rather than to the root level group Once you ve created a resource you can add it as a child of other groups For example a User resource Fred can be a member of both the group Marketing and the group Chicago 2 Click the New button at the top of the Grouping Manager window The Add a N...

Page 212: ...te may be used by the EPICenter Policy Manager If Netlogin is enabled on the switches in your network attribute and relationship information mappings between users hosts and IP addresses for host and user resources with Netlogin IDs will be maintained automatically L4 This attribute is used only for Custom Applications It is the only Type that is allowed for this kind of group c Enter a value for ...

Page 213: ...ion see Removing A Child Resource from a Group on page 216 This just removes the parent child relationship with the group but does not delete the resource from the database Adding a Resource as a Child of a Group NOTE You cannot add Resources as a Child of a Group for Custom Applications A group s children are individual resources or subordinate groups that will be manipulated or managed together ...

Page 214: ...source so that the group s information is displayed in the Resource Details view 2 Click the tab labeled Children to display the list of children belonging to this group 3 Click the Add button at the bottom of the list of Children to display the Add Resources to Group pop up dialog as shown in Figure 92 Figure 92 Adding Resources to a Group This window has two parts A display of the resources in t...

Page 215: ...ldren of a group and adding a group as a child of another group Adding a group to the results list does not have the same effect as selecting the group in the Component Tree and then adding its children using the Add All button When you add a group as a child of another group all members of the subgroup its children are considered members of the higher level ancestor group As membership in a subgr...

Page 216: ...ab to display the resources that are children of the group 3 Select the resource you want to remove 4 Click the Remove button at the bottom of the window 5 To save your changes to the EPICenter database click the Save button at the bottom of the Grouping Manager window If you attempt to begin a different operation or leave the Grouping Manager applet without saving the Grouping Manager will prompt...

Page 217: ...he Add button at the bottom of the list of Children to display the Add Relationship to Group pop up dialog as shown in Figure 93 Figure 93 Adding Relationships to a Resource This window has two parts A display of the resources in the EPICenter database that are eligible to be used in a relationship A list of the relationships you ve selected to add to the resource 4 Select a resource from one of t...

Page 218: ...ou want to add and clicking the Add button at the bottom of the Search window See Searching for a Resource on page 221 for more information on the Find function 6 You can remove resources from the Resource Results list if you change your mind about your selections Select one or more resources in the Resource Results list and click the Remove button to remove the selected resources and return them ...

Page 219: ...urces involved Adding and Removing Attributes Any resource individual resources or groups can have attributes Attributes are simply name value pairs that can be used for a number of purposes There are four types of attributes Generic A user defined attribute not specified as one of the other two types The value is a string You can use this attribute to classify your resources in any way you want f...

Page 220: ...2 Click the Attributes tab This will display the attributes if any associated with the resource as shown in Figure 94 Figure 94 Resource attribute display To add an attribute to the displayed resource do the following 1 Make sure the Attributes page is displayed If it is not the Add button will not be present 2 Click the Add button The Add Attributes pop up dialog appears as shown in Figure 95 Fig...

Page 221: ...e click the Save button at the bottom of the Grouping Manager window If you attempt to begin a different operation or leave the Grouping Manager applet without saving the Grouping Manager will prompt you to save your changes However you can add and remove relationships and attributes in multiple operations on the resource you ve selected before you save Click the Cancel button at the bottom of the...

Page 222: ...e it is located in the Component Tree If you initiate the search from an Add Relationship or Add Resource window you can select one or more resources in the result list and add them to the Resource Results list in the Add Resource or Add Relationship window See Searching from the Add Resources or Add Relationship Window on page 225 for more information Setting up a Resource Search To search for re...

Page 223: ...own menu or use ANY to match on all types NOTE The values you enter into the search criteria fields are combined using a Boolean AND This means a resource must match all the criteria you specify in these fields in order be included in the search results 3 Enter any attribute specifications you want to use as search criteria The process is similar to that used to add attributes to a resource A reso...

Page 224: ...onship Window on page 225 for details on how you can use the results of the search Searching from the Main Toolbar When you initiate a search from the Main Toolbar you can use the results to determine where a resource is used i e to find out what groups it belongs to Since a resource can be a child of multiple groups this lets you identify all the parents of a particular resource In particular bef...

Page 225: ...lationship windows do the following 1 Select and highlight the resource or resources you want to add 2 Click the Add button to add those resources to the Resource Results list The selected resources are added to the list and the Search window is closed To close the Search window without adding any resources click the Cancel button Importing Resources The Import feature allows you to import user an...

Page 226: ...information from the default Windows Domain Controller or NIS server This will import information about users hosts stations and user groups See Importing from an NT Domain Controller or NIS Server on page 232for more detailed information Select LDAP to import information from an LDAP directory See Importing from an LDAP Directory on page 227for information on modifying the file containing the LDA...

Page 227: ...ICenter database This file is in the same format as the import file discussed in Importing from a File on page 228 The import process uses an import specification file that defines the following The information you want to extract from the directory How to map that data to groups resources and attributes in the EPICenter Grouping module The specification file must be named LDAPConfig txt and must ...

Page 228: ...used as the displayed name of the resource within the EPICenter Grouping Manager This is required filterList defines the search criteria Because of the limits on the amount of data that a search will return in one operation you may need to split your search into multiple operations as is done in the example file This is required objectClassMapping this maps an LDAP entry to a Grouping Manager reso...

Page 229: ...IP subnet or Netlogin ID tab tab tab attribute_type tab attribute_type Each type specifier must be enclosed by parenthesis and separated from the preceding type specifier by a tab Three tabs must precede the first type specifier The items in this line define the type of each attribute defined in line two You must include a type specification for every attribute included in line two The first three...

Page 230: ... a resource Group and Relationship Definitions The second part of the file defines the relationships between the resources both group membership and relationships between the resources themselves see Adding Relationships to a Resource on page 216 for more information about relationships The GROUPS specification is required even if you do not define any groups GROUPS Each line in this section has t...

Page 231: ...ws NMS host1 host host1 10 20 30 4 HPUX NMS host2 host host2 10 20 30 5 Solaris NMS host3 host host3 10 20 30 6 windows SQA host4 host host4 10 20 30 7 Solaris SQA ugr1 group SQA ugr2 group dev hgr1 group hostgr1 dgr1 group eng1 switch group switch portgr group portgr GROUPS group ugr1 user wendy group ugr1 user heidi group ugr1 user mary group ugr2 user pam group ugr2 user eric group hgr1 host wi...

Page 232: ...appropriate user permissions in order to extract the information from the Domain Controller NOTE If you import information from an NT Domain Controller that information will become visible to all EPICenter user If this is a security concern you may want to consider exporting information from the NT Domain Controller to a file and using that to create an import file that contains only the informati...

Page 233: ...rnet Protocol IP network addresses and a set of network devices to query for those addresses The applet returns a list of the devices and ports associated with those addresses You can also specify a set of devices and ports and search for all MAC and IP addresses known to those devices and ports The Search Tool lets you configure and start a search task view the status of the task and view the tas...

Page 234: ... applet Tasks List Summary Window As search tasks are initiated they are placed in the Find Address Tasks List in the Component Tree Selecting the Find Address Tasks folder in the Component Tree displays a summary of the status of the tasks in the Task List see Figure 100 Table 7 ExtremeWare Requirements for Using the IP MAC Address Applet ExtremeWare Version Requirements 2 x through 6 1 4 Fully s...

Page 235: ... to cancel the task before it has completed Select a task and click Delete to delete an individual task This deletes the task specification as well as the task results Once a task has completed it cannot be rerun unless it is the most recent task completed Select a task and click ReRun to execute the task again Select a task and click Clone to bring up the Find Addresses window with the specificat...

Page 236: ...plet However when you exit the EPICenter client all the task specifications and search results are deleted Creating a Search Task To create a search task click the Find button in the tool bar at the top of the IP MAC Address Finder page This displays the Find IP and MAC Addresses window Figure 101 NOTE If you have already submitted a task the most recent task with its specifications is displayed i...

Page 237: ...uded in this domain will not be searched You can define the search space in several ways Devices lets you select individual devices to include in the search Device Groups lets you search all the devices in a specified device group Ports lets you select individual ports to include in the search PortGroups lets you search all the devices in a specified port group You can create a target domain that ...

Page 238: ... 2 3 4 It can only find addresses that are in the agent s IP Address Translation table and a device s own address is not included in the table The applet will find the address on the other switches that have connectivity to the switch with the target IP address however NOTE Each search task can return a maximum of 2 000 MAC address entries If a search returns more than 2 000 entries a warning mess...

Page 239: ...ch Task Name is the name you gave the task when you created it Giving a task a unique name is important to distinguish it from other tasks in the Tasks List Status shows the status of the request Submitted shows the date and time the task was submitted Completed shows the data and time the task was finished The Search Criteria areas shows The list of IP or MAC addresses that were the object of the...

Page 240: ...ting Task Results to a Text File on page 240 for more information The text field is located above the Delete ReRun Clone and so on action buttons It provides search status details such as a list of devices that are offline or not reachable Exporting Task Results to a Text File You can export a task s detail results or search results to a text file You can do this from the Tasks List To export the ...

Page 241: ...are saved by default in the WINNT Profiles user directory on Windows systems or your local home directory on Solaris systems You can also choose to save the file in a different location in the Save dialog 3 Click the Apply button to save the results Click Reset to clear all the fields Click Close to close the dialog without saving the file ...

Page 242: ...242 EPICenter Software Installation and User Guide Using the IP MAC Address Finder ...

Page 243: ...nter user can view status information about these network devices Users with Administrator or Manager access can view and modify configuration information for those switches through the ExtremeWare Vista graphical user interface ExtremeWare Vista is device management software running in a Summit Alpine or Black Diamond switch It allows you to access the switch over a TCP IP network using a standar...

Page 244: ...view summary configuration information for all devices in a device group known to EPICenter as well as detailed configuration information for individual Extreme Networks switches organized by ExtremeWare Vista configuration categories Individual third party devices cannot be accessed through this feature Statistics displays monitoring results for Extreme Networks switches also based on ExtremeWare...

Page 245: ...ation and User Guide 245 Figure 105 The ExtremeView applet Status window To show summary status for the devices in a Device Group select a Device Group name from the Component Tree on the left see Figure 106 Figure 106 The ExtremeView applet device group status ...

Page 246: ... applet switch status Table 8 ExtremeView Device Status Indicators Status Light Device Status Green Device is up and OK Yellow Device is responding but reports an error condition such as a fan or power supply failure or excessive temperature Grey Device is offline EPICenter cannot communicate with the device You can create references to the device for alarms policy groups device groups RMON thresh...

Page 247: ...s The right hand panel displays status information about the selected port There are a few Extreme devices such as the Summit24e2T Summit24e2X and Summit Px1 switches on which the ports are not selectable through ExtremeView In these cases the ifIndex entries for the device are displayed in the Device Information panel on the right Third party Device Status If the device you select is a third part...

Page 248: ...ailable on Extreme Networks support web site at www extremenetworks com services software epicenter asp under the the Patches section You can also contact your Extreme Networks sales representative or reseller if you would like help from Extreme s Professional Services organization for creating images or configuration files for specific devices Viewing Switch Configuration Information Select the C...

Page 249: ...ftware Installation and User Guide 249 Figure 110 The ExtremeView applet Configuration window To show a configuration summary for the Extreme Networks switches in a device group select a device group name from the Component Tree on the left see Figure 111 ...

Page 250: ...The sub components under the device group name in the Component Tree are the devices that are members of the device group Select a device slot or port from the Component Tree on the left to display the categories of configuration information that are available through this applet for the selected device as shown in Figure 112 ...

Page 251: ...es in the Configuration window correspond to pages from the ExtremeWare Vista application running on the switch Select one of the categories to view the configuration settings for that switch in the category you have chosen As shown in Figure 113 this displays the current switch configuration and provides an interface through which you can change the configuration ...

Page 252: ...remeView Figure 113 The ExtremeView applet Configuration details Enter your changes directly into the editable fields in the configuration display When you have made the necessary configuration changes click Submit to send these to the switch for implementation ...

Page 253: ...w applet to display the Statistics window The Statistics window displays a summary of all of the device groups known to EPICenter as shown in Figure 114 Figure 114 The ExtremeView applet Statistics window To show summary statistics for Extreme switches in a device group select a device group name from the Component Tree on the left see Figure 115 ...

Page 254: ...r the device group name in the Component Tree are the devices that are members of the device group Select a device from the Component Tree on the left to display the categories of statistical information that are available through this applet for the selected device as shown in Figure 116 Figure 116 The ExtremeView applet ExtremeWare Vista statistics ...

Page 255: ...ces You can search for a device in the EPICenter database by name by IP address or by type of device This may be useful if you have a large number of devices in your inventory To search for a device follow these steps 1 Click Find at the top of the ExtremeView applet page 2 Enter your search criteria You can search for devices by name or by IP address You can limit the search to a specific domain ...

Page 256: ...oup a device a slot or a port in the Component Tree then right click to display a pop up menu that contains the Properties command The Properties command displays the attributes for a specific device group device slot or port The device pop up menu also contains the Alarms Browse Statistics Sync Telnet and VLANs commands All of these commands perform the same functions as the applets in the Naviga...

Page 257: ... Login 802 1x The Network Login 802 1x tab lists the Network Login 802 1x information about each user connected to the port For more details about the Network Login 802 1x tab see Chapter 4 Using the Inventory Manager Alarms The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device To view the Alarms display for a selecte...

Page 258: ...n To launch the synchronization procedure for a selected device Right click on the device then select Sync from the pop up menu that appears This starts the Sync procedure for the selected device See Chapter 7 for details on using this feature Telnet The Telnet function opens an EPICenter telnet window that is connected to the selected device To open a telnet session for a selected device Right cl...

Page 259: ...roperties from the pop up menu The Device Group Properties window appears showing information about the selected group This includes the group description the number of devices in the group and a list of the devices For more details about this display see Chapter 4 Device Properties To view properties for a device right click on a device in the Component Tree and select Properties from the pop up ...

Page 260: ...ceived from the device Slot Properties To view slot properties do the following 1 From the Component Tree click on the plus sign of a modular device to display the slots for that particular device 2 Right click on a slot and select Properties from the pop up menu that appears The Device Slot Properties window appears The information displayed in this window depends on whether the module requires a...

Page 261: ...Serial Number The serial number of the module For modules that require a special version of ExtremeWare to be installed the Device Slot Properties window appears as shown in Figure 119 Figure 119 Device Slot Properties window for modules that require additional software For these modules the Slot tab of the Device Slot Properties window displays the following information Slot Name The number or le...

Page 262: ...ional state of the General Processor and the Network Processor s in the module NOTE The Component Tree does not display the empty slots in a device To view Network Login 802 1x information click the Network Login 802 1x tab as shown in Figure 120 Figure 120 Network Login 802 1x tab of Device Slot Properties window The Network Login 802 1x tab lists the following Network Login 802 1x information ab...

Page 263: ...a device For a non modular device this displays the ports for that particular device For a modular device this displays the slots for that particular device Click on the plus sign of a slot to display the ports for that particular device 2 Right click on a port and select Properties from the pop up menu that appears The Device Port Properties window appears as shown in Figure 121 Figure 121 Device...

Page 264: ...ort Actual Duplex The duplex setting of the port Half Full or None Load Sharing The load sharing state of the port On or Off Uplink Status The uplink status of the port Uplink or Edge port To view Network Login 802 1x information click the Network Login 802 1x tab as shown in Figure 122 Figure 122 Network Login 802 1x tab of Device Plot Properties window The Network Login 802 1x tab lists the foll...

Page 265: ...ing Properties EPICenter Software Installation and User Guide 265 Login Type The login type either network login or 802 1x MAC Address The MAC address of the user s host VLAN The VLAN to which the port belongs ...

Page 266: ...266 EPICenter Software Installation and User Guide Using ExtremeView ...

Page 267: ...able of the Remote Monitoring RMON MIB The Real Time Statistics function is supported only for Extreme Networks switches NOTE You must have RMON enabled on the switch in order to collect real time statistics for the switch You can view data for multiple ports on a device device slot or within a port group and optionally limit the display to the top N ports where N is a number you can configure If ...

Page 268: ...mpling interval that had a length between 64 and 1518 octets inclusive excluding framing bits but including Frame Check Sequence FCS octets but that had either a bad FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error etherHistoryUndersizePkts The number of packets received during this sampling interval that were less than 64 octets lon...

Page 269: ...Statistics applet does not support hierarchical port groups If you have created port groups in the Grouping Manager that include subgroups as members the subgroups will not appear in the Component Tree of the Real Time statistics applet Instead any ports that are members of subgroups will be displayed directly under the top level port group as if they are members of the top level group Figure 123 ...

Page 270: ...or down to set the depth of the 3 dimensional view For any of the bar graphs move the cursor and then wait to see the change take effect which may take a few seconds There are cases where you may not see data for every port you expect in a multi port display You have selected the top N feature top 15 by default so only the N ports with the highest utilization or the highest total number of errors ...

Page 271: ...led and no data samples exist yet The device is marked offline Displaying Statistics For a Single Port In addition to displaying data for a set of ports you can display historical data for an individual port You can select a port in one of two ways Double click on the data point for an individual port in the device or port group statistics display bar data point or pie slice in the respective char...

Page 272: ...itations of the device configuration The defaults are A 30 second sampling interval 50 data points displayed NOTE For BlackDiamond switches only 25 data points are displayed because that is the maximum number of values the switch stores as historical data For an individual port you can display individual errors in addition to utilization and total errors Select the tab at the bottom of the page to...

Page 273: ...effect and a green check which indicates that the top N ports are being displayed The top N ports are displayed in order from highest largest percent utilization or largest total errors to lowest The number of ports N is a user configurable setting This option is available only for multi port displays Select this to display the data as a line graph This chart type is especially useful when display...

Page 274: ...gnify the size of the display You can select this repeatedly to zoom up to three times the screen size Select this to zoom out shrink the size of the display You can select this repeatedly until the chart is the desired size Select this to display grid lines on the background of the chart Determines whether the graph data is updated automatically at every sampling interval Click on the icon to tog...

Page 275: ...om 3D to 2D displays and change the values for the 3D depth elevation and rotation Figure 128 Setting 3D graph preferences To change to a 2D graph view click the Set 3D Graph View box to remove the check mark View Depth controls the depth of a bar The default is 10 maximum is 1000 View Elevation controls the elevation rise from the front of the bar to the back in degrees The default is 10 range is...

Page 276: ...et Plot Background Color sets the color of the background behind the graph data Data Colors Figure 130 lets you set the colors used for the various data sets in your graph Figure 130 Setting data color preferences To change a color click on a button with the color bar icon This displays a color selection window where you can select the color you want You can select a color using color swatches or ...

Page 277: ...n individual port The default is 50 the maximum value you can set is 100 However the actual maximum number of data points you can get is determined by the SNMP agent running in the device from which you are getting data Historical Data Sampling Interval is the sampling interval to use when displaying historical data Select a choice from the pull down list The choices in the list are determined by ...

Page 278: ...l display to change the way the data is displayed display table reformats the data as a table display graph table displays both the graph and table formats on the same HTML page display graph image displays the data as a graph in the style in which it was displayed when the snapshot was taken NOTE Once you select display graph image you can no longer change the display format to a table or to a du...

Page 279: ...ted device See Device Properties on page 281 for details on using this feature Slot To view the Properties display for a selected slot Right click on the slot then select Properties from the pop up menu that appears The Slot Properties window appears and displays the attributes for the selected slot See Slot Properties on page 282 for details on using this feature Port To view the Properties displ...

Page 280: ...nel image and information for the selected device See Chapter 10 Using ExtremeView for details on using this feature Sync Sync is a manual update of the regular data gathering mechanisms Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets Sync causes EPICenter to poll the switch and update all configuration and status information To launch...

Page 281: ...ll device groups right click on the Device Groups component and select Properties from the pop up menu The Device Groups Properties window appears showing the All Device Groups display This displays a list of the current device groups and their descriptions For more details about this display see Chapter 4 Using the Inventory Manager You can also view properties for a specific device group To view...

Page 282: ...Syslog Message received from the device For more details about the Device Properties window see Chapter 4 Using the Inventory Manager Slot Properties You can view summary information about a specific slot in a modular device To view properties for a slot click on the plus sign of a modular device to display the slots for that particular device Right click on a slot and select Properties from the p...

Page 283: ... non modular device click on the plus sign of a device to display the ports for that particular device Right click on a device and select Properties from the pop up menu that appears The Device Port Properties window displays two tabs The Port tab displays information about the port such as the number of the port whether the port is enabled or disabled and the load sharing state of the port The ma...

Page 284: ...284 EPICenter Software Installation and User Guide Real Time Statistics ...

Page 285: ...eral different representations of your network for different purposes For views with the Auto Populate View option enabled the Topology applet automatically adds device nodes as they are added to EPICenter s device inventory It also adds any links that exist between the device nodes and organizes them into submaps as appropriate You can customize the resulting maps by moving elements adding new el...

Page 286: ...p and then adding them to a different map You can also add and remove decorative nodes nodes that aren t discovered or managed by EPICenter and links Displaying a Network Topology View Click the Topology button in the EPICenter Navigation Toolbar to display the main Topology View page as shown in Figure 133 NOTE If you have not yet performed a Discovery i e there are no devices in EPICenter s Inve...

Page 287: ...Example of device nodes including an unknown device type A device node shows the following information The name of the device as it is kept in the Inventory database this can be hidden using View or Map properties An optional user supplied annotation for the node A small icon representing the specific device or device product line if the device is of a known type or an unknown device icon a circle...

Page 288: ...EPICenter if still needed There may be situations where EPICenter creates an L2 cloud that is not really necessary For example An L2 cloud may be created as devices are added to the map but when the final topology is known the L2 cloud is no longer necessary When one end of a link is moved EPICenter will represent this as two links one link that is down the old endpoint port and a new link that is...

Page 289: ... as a server or workstation Figure 138 Example of a decorative node A decorative node shows the following information The name or description of the node which can be edited A decorative node icon as shown in Figure 138 This can be hidden using View or Map properties Text Nodes A text map node is a single line text field that can be placed anywhere in a network map It can be used to create a title...

Page 290: ...g information The width of the link line indicates the link type A thick line indicates a gigabit link A thin line indicates a 10 100 link A very thick line indicates a composite link The color of the link line indicates the link status A green line indicates that the link is up A red line indicates that the link is down A yellow line may be displayed for composite or load shared links For a compo...

Page 291: ...om the Map Menu Use the keyboard shortcuts Alt I or Alt D for those commands see the sections Inflating the Map Nodes and Deflating the Map Nodes on page 309 Map Element Description Panel When you select a map node or link with the cursor the panel below the Map Hierarchy Tree displays information about the node or link Map Nodes For map nodes the information panel displays the following Name The ...

Page 292: ...nd if RMON statistics are enabled for this map This is updated regularly typically every 30 seconds VLANs Ports list Displays the VLANs configured on that port Composite Link Nodes For composite links the information panel displays the following information Status The overall status of the composite link up down partially up or unknown Partially up indicates that some links in the composite are up...

Page 293: ... new view and its Root Map by selecting New View from the New menu A Create New View dialog box opens as shown in Figure 140 Figure 140 Creating a new View Enter a name for the view Select the Auto populate view option to add the devices currently in the EPICenter inventory database to the new View Submaps L2 clouds and hyper nodes will be created as needed In addition as new devices are added to ...

Page 294: ... enabled those views are also populated with the newly added devices Device connectivity and the map hierarchy is determined by the information learned from the EPICenter database For views with the Auto Populate View option enabled EPICenter places devices on the Root Map or into submaps based on the following criteria Devices with IP Forwarding enabled are always placed on the Root Map Devices w...

Page 295: ...checkbox Even though the default layout may take a long time it only needs to be done once and produces a more optimal layout To specify a grid layout which may result in overlapping links check the Grid Map Layout checkbox To bypass the layout process check cancel Figure 143 shows an example of a the default layout for a 405 node map Figure 143 shows the same nodes in a grid layout Figure 142 Exa...

Page 296: ...ple of a grid layout Creating a New Submap You can create a new map by doing one of the following Select New Map from the New menu Click the Create new map icon on the icon bar A new submap node appears on the map and a New Map entry appears in the map hierarchy tree as shown in Figure 144 ...

Page 297: ... where you are editing Adding Elements to the Map You can add a variety of elements to your map device nodes submap nodes links decorative nodes and text nodes Adding a Device Node You can add device nodes to your map by doing one of the following Select New Device Map Node from the New menu Right click on the map background to display the pop up menu then select New Device Map Node Click the Crea...

Page 298: ...e A decorative map node is a node that can be used to represent any component of your network that is not recognized or managed by EPICenter You can change the node name by selecting the node and editing the contents of the name field in the Information panel The change will take effect when you click away from the submap node Adding a Text Node You can add a text node to your map by doing one of ...

Page 299: ...and drop one end of the link onto one of the node you want to connect 3 Do the same with the other end of the link After the link is connected you can specify endpoint for the link To specify the end points 1 Select the link 2 In the Information panel select the port for the endpoint from the list in the Port field for first device 3 Select the port for the other endpoint from the list in the Port...

Page 300: ...ack Discovering Links Between Devices EPICenter will eventually discover new links between devices or rediscover links you have deleted from the map if they are real existing links that are up However if you want to have EPICenter discover new links immediately instead of waiting for the next polling cycle you can use the Discover Links command You can also use Discover Links to remove links that ...

Page 301: ...ent view select Delete View from the Edit menu You will be asked to confirm that you want to delete the entire view This function deletes the currently displayed view including all of its maps Once the view is deleted the next remaining view is displayed if there are any other views NOTE You can use this command to delete the Default view However if you do this it will be difficult to recreate the...

Page 302: ...e cursor to rubber band the selection or by using Shift click hold down the shift key while clicking the cursor on the nodes you want to select 2 Cut the nodes by doing one of the following Select Cut Map Nodes from the Edit menu Click the Cut nodes from map icon on the icon bar Right click on the map background to display the pop up menu then select Cut Map Nodes Enter Alt X from the keyboard NOT...

Page 303: ... the actual node it represents is deleted L2 cloud nodes are deleted when they are no longer needed You can also delete them manually To delete one or more nodes do the following 1 Select the nodes you want to delete You can select multiple nodes by using Shift click hold down the shift key and click the cursor on the node you want to select 2 Delete the nodes by doing one of the following Select ...

Page 304: ...in a map by doing one of the following Select Select All Map Nodes from the Edit menu Enter Alt A from the keyboard NOTE To move a multiple node selection as a group hold down the shift key while dragging to preserve the multiple node selection Setting View Properties You can change the properties you set when you created a new view or change the properties of the Default view using the View Prope...

Page 305: ... retain the current values of their map properties NOTE Once you change these settings any new future maps you create within this view will inherit the changed view property settings regardless of the setting for the Update Map Properties property Map Viewing Functions EPICenter s Topology applet provides a number of ways to view and manipulate the layout of a topology map The size and layout of m...

Page 306: ...efault map layout creates a map that is larger than the visible area of the Topology Manager window you can have the Topology Manager attempt to optimize the map layout within the visible area of the window To have EPICenter optimize the map layout within the current window do one of the following Select Layout Map In Window from the Map menu Click with the right mouse button on the map background...

Page 307: ... the window To have EPICenter shrink the map layout to fit within the current window do one of the following Select Fit Map In Window from the Map menu Click with the right mouse button on the map background to display the pop up menu then select Fit Map in Window Enter Alt W from the keyboard This function does not attempt to optimize the layout for node or link overlap To attempt to optimize the...

Page 308: ...d Because this command affects map links nodes that do not have links are not moved Compressing the Map The Compress Map function decreases the length of the links between map nodes without changing the size of the nodes To compress the current map do one of the following Select Compress Map from the Map menu Enter Alt S from the keyboard Because this command affects map links nodes that do not ha...

Page 309: ...ust the nodes you ve selected You can select multiple nodes by using Shift click hold down the shift key and click the cursor on the node you want to select To deflate the selected nodes do one of the following Select Deflate Nodes from the Map menu Enter Alt D from the keyboard Zooming In The Zoom In function expands the entire map both the size of the nodes as well as the spacing between them To...

Page 310: ... map you want to print and then do one of the following Select Print Map from the Map menu Click the Print icon on the icon bar Enter Alt P from the keyboard Printing a large map can be very memory intensive and can take a significant amount of time NOTE Landscape mode and plotters are not supported Finding a Map Node If your map has a large number of nodes it may be difficult to quickly find a sp...

Page 311: ...hange views while the Find Map Node window is displayed the list of devices will no longer be correct To update the list to reflect the current view click the Refresh button Setting Map Properties There are a number of properties you can set for the current map such as the background color or image node background color and style node and link text color and whether RMON statistics should be enabl...

Page 312: ...Background Color This displays a color selection window where you can select the color you want You can select a color using color swatches or by specifying HSB or RGB values The current color is displayed in the small box to the right of the color bar icon NOTE Device nodes that display the node icon use a transparent background color Thus the node background color setting is ignored for these no...

Page 313: ...s checkbox will not have any effect This is done setting RMON properties on the Server Properties page of the Administration applet Adding Map Background Images You can add images of your own to use as background images for topology maps by placing them in the BackgroundImages directory in the EPICenter server installation Both gif and jpg image types are supported Background images are kept in th...

Page 314: ...t exist on one of the ports in that link This typically indicates a misconfiguration However it is possible that a compatible VLAN with a different name exists on the other port and no misconfiguration exists For example you could have an untagged VLAN vlan1 on one port and untagged VLAN vlan2 on the other port Thus when you select either vlan1 or vlan2 the link is displayed as a broken line but t...

Page 315: ...nformation kept by EPICenter for the selected device Mark Links Mode The Mark Links Mode is a toggle that allows you to click on links to select them When the toggle is on you can select links on different maps EPICenter remembers all of the links from each map Selected links flash on the screen Mark links mode is required for using the Add Links to VLAN function To set mark links mode select Mark...

Page 316: ...LAN from the list You can add the VLAN as tagged or untagged by toggling the Add selected links to VLAN as tagged checkbox To add the selected link to a new VLAN click the Add links to a new VLAN radio button as shown in Figure 155 Figure 155 Add links to new VLAN dialog Enter the name of the new VLAN Select untagged or enter tag for the VLAN Select the VLAN protocol ...

Page 317: ...e and do one of the following Select Connect Edge Port to VLAN from the Tools menu Right click on the Device map node then select Connect Edge Port to VLAN from the pop up menu that appears This starts the Connect Edge Port to VLAN Wizard as shown in Figure 156 Figure 156 Connect Edge Port to VLAN Wizard To use the wizard do the following Select the name of the VLAN from the VLAN List Select the p...

Page 318: ...ce and that the port will be added without changing links Uncheck Add calculated links if you want to add the selected edge port to the VLAN and you do not want the found path to be added Click Finish to complete the connection Click Cancel to cancel the operation Device Alarms The Device Alarms function runs the EPICenter Alarm System applet and displays the Alarm Browser function to show the ala...

Page 319: ...select Device Statistics from the pop up menu that appears This starts the Real Time Statistics applet in a new window and displays port statistics for the device associated with the selected Device map node See Chapter 11 for details on using this feature Device Telnet The Device Telnet function opens an EPICenter telnet window that is connected to the selected device To open a telnet session for...

Page 320: ...m the Tools menu Right click on the Device map node then select Device VLANs from the pop up menu that appears This starts the VLAN Manager in a new browser window showing information for the selected device See Chapter 13 for details on using this feature Device Properties The Device Properties function opens the Device Properties window and displays the properties of the selected device To displ...

Page 321: ...witches have a VLAN feature that enables you to construct broadcast domains without being restricted by physical connections The VLAN Manager creates and manages VLAN for Extreme Networks devices only It does not handle other third party devices even though third party devices can be managed through the Inventory Manager If you run the EPICenter client with Administrator or Manager access you can ...

Page 322: ... whenever all the above are the same For a more detailed explanation of VLANs see the ExtremeWare Software User Guide Displaying a VLAN When you click the VLAN icon in the EPICenter Navigation Toolbar the VLAN Manager window is displayed as shown in Figure 158 Figure 158 VLAN Manager top level view By VLAN showing devices organized by VLAN The VLANs currently known to the EPICenter database are di...

Page 323: ... every switch that has the VLAN defined on it see Figure 158 When the top level of the tree the VLANs node is selected the right hand panel displays a list of all VLANs configured on the Extreme Networks switches included to the EPICenter database The All VLANs display includes Name The VLAN name Tag The VLAN tag value if any or Untagged Protocol The protocol filter configured for the VLAN Select ...

Page 324: ... view includes Name The switch name Type An icon representing the switch type Select an individual switch to list the VLANs that are configured on that switch Viewing VLANs on a Switch To view all VLANs configured on an individual switch select the switch in the Component Tree of the By Switch view Figure 160 shows an example of the All VLANs on Switch view ...

Page 325: ...e selected switch Name VLAN name Tag VLAN tag Protocol Protocol filter for the VLAN VLAN IP Addr VLAN IP address VLAN IP Mask VLAN IP Mask Ports Ports on this switch in the VLAN Viewing Switches in a VLAN To view all devices configured with a specific VLAN select the VLAN in the Component Tree of the By VLAN view Figure 161 shows an example of the Devices in VLAN view ...

Page 326: ...ress of the VLAN VLAN IP Mask IP Mask for the VLAN Ports Ports on this switch in the VLAN Viewing VLAN Member Ports You can display details about the component ports of a VLAN by selecting a VLAN and switch in the tree on the left You can do this from either the By VLAN or By Switch view Once you have selected a VLAN and switch or switch and VLAN the panel on the right displays detailed informatio...

Page 327: ...he port type shown as an icon Different icons are used to represent the port types 10 100Mbps 100Base FX 100Base T TX 1000BASE X Tagged ports are shown with a small orange tag Load shared ports are indicated with a small green S Speed The port speed Duplex The Duplex setting Full or Half State The port state Enabled or Disabled Status The port status Ready or Active Tagging Whether the port is tag...

Page 328: ...Alarms Browse EView Statistics Sync and Telnet commands perform the same functions as the applets in the Navigation Toolbar to the left of the page but with information displayed for the selected device Modify VLAN Membership The Modify VLAN Membership command lets you modify the VLAN membership of the VLAN selected in the Component Tree You cannot modify IP Forwarding behavior or search for devic...

Page 329: ...rts the Real Time Statistics applet in a new window and displays port statistics for the selected device See Chapter 11 for details on using this feature Sync Sync is a manual update of the regular data gathering mechanisms Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets Sync causes EPICenter to poll the switch and update all configura...

Page 330: ...Tab The VLAN tab lists the VLANs configured on the device The STP Tab The STP tab lists the Spanning Tree domains STPDs configured on the device There may be more than one entry per STPD if the domain includes multiple VLANs The Network Login 802 1x Tab The Network Login 802 1x tab lists the Network Login 802 1x information about each user connected to the device The Syslog Messages Tab The Syslog...

Page 331: ...ntagged 5 To add a port to the VLAN first select the switch from the Available Switches list This displays a list of ports on the switch that are available to be included in the VLAN NOTE The Available Ports list does not include ports configured as slave load sharing ports 6 Select one or more ports from the Available Ports list 7 Click Tagged to add the port as a tagged port Click Untagged to ad...

Page 332: ...dow If additional ports or devices and ports must be added to create a path EPICenter lists the ports needed and offers to add them to the VLAN Click Yes to add the ports Click No to close the Connection Information window without adding the ports If EPICenter cannot find a path it displays an error window 10 When you have finished adding ports to the VLAN click Apply to implement the changes The ...

Page 333: ...ing for this VLAN on the switch 4 Click Apply to implement the changes 5 Click Close to exit the window Deleting a VLAN Users with Administrator or Manager access can delete VLANs from Extreme Networks switches managed by the EPICenter software If you have only Monitor access you cannot use this function To delete a VLAN follow these steps 1 Click the Delete button in the VLAN Manager Toolbar The ...

Page 334: ...om the VLAN If you have only Monitor access you can not use this function You can start the Modify VLAN process in two ways Click the Modify icon in the VLAN Manager toolbar Using this method you can modify both the VLAN membership devices and ports and properties tag and protocol filter and modify the IP Forwarding behavior You can also search for device connections between devices in the VLAN If...

Page 335: ... Figure 167 The Modify VLAN dialog Properties and Ports page 2 Select a VLAN from the drop down list in the VLAN Name field The current values for the VLAN are displayed NOTE The Ports in VLAN list does not display SummitLink ports because you cannot modify them 3 To change the Protocol Filter selection select a different entry from the pull down Protocol Filter list 4 To change the VLAN tag type ...

Page 336: ...ect to the other members of the VLAN Select the device you want to check Click the Connect Device button If EPICenter can find a path from the device and port to another member of the VLAN it opens a Connection Information window that displays information about the path as shown in Figure 164 If additional ports or devices and ports must be added to create a path EPICenter lists the ports needed a...

Page 337: ...eck box to enable or disable IP forwarding for this VLAN on the switch 14 Click Apply to implement the changes 15 Click Close to exit the window Modifying a VLAN from the Component Tree Menu To start the Modify VLAN process for a VLAN in the Component Tree follow these steps 1 Select a VLAN in the Component Tree 2 Right click to display the pop up menu and select Modify VLAN Membership The Modify ...

Page 338: ... greyed out in this case NOTE If you add a port untagged EPICenter automatically removes it from any other VLAN that includes the port as an untagged member and that uses the same protocol as the VLAN to which you are adding the port You can add a switch to a VLAN as a unit just select the switch without selecting any ports and click Add Tagged or Add Untagged to add the switch to the VLAN 6 To re...

Page 339: ...abase Any filters that are in use by a VLAN are indicated with an asterisk in the In Use column 2 To delete a protocol filter select a filter in the list and click Delete This deletes the protocol filter from all Extreme Networks switches managed by the EPICenter software as well as from the EPICenter database NOTE If a filter is in use by a VLAN you cannot delete it 3 Click Close to exit the wind...

Page 340: ... in the value field 5 Repeat steps 3 and 4 to enter up to six type value pairs 6 When you have finished entering the definition click Add to add the new protocol filter to the EPICenter database NOTE The protocol filter is now available to be used on any switch but is not created on any switches at this time The protocol filter is created on a switch only when you create or modify a VLAN to use th...

Page 341: ...treme Networks implementation of STP a switch can be partitioned into multiple virtual bridges Each virtual bridge can run an independent Spanning Tree instance called a Spanning Tree Domain STPD Each STP domain has its own root bridge and active path After an STPD is created one or more VLANs can be assigned to it depending on the mode of the ports The default switch configuration includes a sing...

Page 342: ...nd path cost for the previous root when the root changes The EPICenter server relies on device polling to detect these types of changes However device polling by default is only done every 90 minutes so if you want STP status updated more frequently you may want to group your STP devices into their own device group and change the polling interval to a more appropriate interval For more details on ...

Page 343: ...nfigured as the designated root of this STP domain If STP is disabled for this domain this field is blank Root Max Age The maximum allowable age for STP information learned by the root for this domain If this age is reached the current information is discarded and the Spanning Tree is recalculated Value is in seconds Root Hello Time The interval between transmission of Configuration BPDUs by the r...

Page 344: ...domain includes Name The name of the VLAN Devices The number of devices participating in this VLAN for this domain Ports The number of ports participating in this VLAN in this domain if the domain is enabled This will be zero if the STP domain is disabled on the bridge The panel at the bottom of this view shows summary information about the STP domain in which these VLANs are included Displaying S...

Page 345: ...oot bridge It this device is the root bridge this will be zero Root Path Cost The cost of the path from this bridge to the root bridge If this device is the root bridge the cost will be zero Designated Bridge Indicates whether this device is a designated bridge transmits configuration BPDUs to other bridges on any of its ports Priority The bridge priority of this bridge for this STP domain Max Age...

Page 346: ...omponent Tree to view information about the ports on the device that are members of the selected VLAN and STP domain When you select a device the STP Ports view appears as shown in Figure 175 Figure 175 STP Ports view This view shows information about ports on the selected device that are participating in an enabled STP domain The information presented for each port includes Port The device and po...

Page 347: ... STP Properties The STP Properties window displays the following information Name The name of the STP domain Tag The 802 1Q tag of one of the wholly contained VLANs in the domain Root The device name IP address or MAC address of the device configured as the designated root of this STP domain If STP is disabled for this domain this field is blank Root Max Age The maximum allowable age for STP infor...

Page 348: ...a new window The Alarm System displays the Alarm Log Browser and displays the alarms for the selected device See Chapter 5 for details on using this feature Browse The Device Browse function runs the ExtremeWare Vista switch management interface for the selected device To run ExtremeWare Vista for a selected device Right click on the device then select Browse from the pop up menu that appears This...

Page 349: ...nd status information To launch the synchronization procedure for a selected device Right click on the device then select Sync from the pop up menu that appears This starts the Sync procedure for the selected device See Chapter 4 for details on using this feature Telnet The Telnet function opens an EPICenter telnet window that is connected to the selected device To open a telnet session for a sele...

Page 350: ...ion you can view in the Inventory Manager for the device If the device is an Extreme device the ExtremeWare software running in the switch provides comprehensive status information The VLAN Tab The VLAN tab lists the VLANs configured on the device The STP Tab The STP tab lists the Spanning Tree domains STPDs configured on the device There may be more than one entry per STPD if the domain includes ...

Page 351: ...s the status of ESRP enabled VLANs and the ESRP enabled switches in those VLANs You can view a summary status for all the ESRP enabled VLANs being monitored by EPICenter You can also view detailed information for an individual ESRP enabled VLAN and the switches in those VLANs NOTE This chapter does not discuss ESRP functionality in any detail For more information about ESRP see the ExtremeWare Sof...

Page 352: ...AN If the master switch is not known to EPICenter this will be N A Group The ESRP group to which this ESRP enabled VLAN belongs in a broadcast domain that contains multiple instances of ESRP multiple ESRP groups The names of the ESRP enabled VLANs participating in the same group must be identical Election Algorithm The ESRP election algorithm in use for this VLAN The election algorithm determines ...

Page 353: ...the ExtremeWare Software User Guide version 6 1 or later for details NOTE The ESRP election algorithm must be identical on all switches in an ESRP group If it is not serious problems may arise Hello Timer This is the interval in seconds for exchanging keep alive packets between the ESRP switches for this ESRP enabled VLAN Also known as the ESRP timer The default is 2 seconds Viewing ESRP Detail In...

Page 354: ...ss of this switch State The current state of the switch Master or Slave Priority A user defined value between 0 and 254 which can be used by the ESRP election algorithm in determining which switch is the Master switch The default is 0 To Master The number of times this switch has transitioned to become a Master To Slave The number of times this switch has transitioned to become a Slave NOTE The nu...

Page 355: ...dministrator can create and modify EPICenter user accounts passwords and account permissions through the Administration applet Individual users regardless of their access permissions can change their own password using the Administration applet The EPICenter server and its Remote Authentication Dial In User Service RADIUS server can be used for user authentication both for EPICenter server access ...

Page 356: ...device parameters as well as view status information and statistics These permissions enable access to Extreme Networks switches through Telnet or ExtremeWare Vista The use of the RADIUS server avoids the need to maintain user names passwords and access permissions in each switch and instead centralizes the configuration in one location in the EPICenter server The EPICenter RADIUS Server The EPICe...

Page 357: ...or or Administrator access To run the EPICenter client interface for the first time 1 Launch the EPICenter client The EPICenter Login page appears 2 Select or enter the host name or IP address and port of the EPICenter server 3 Type the user name admin in the User field 4 Leave the Password field empty 5 Click Login The Network Summary Report page appears 6 Click Admin in the Navigation Toolbar to...

Page 358: ...assword is stored in the EPICenter database You cannot change the EPICenter access level for this user You can however change the ExtremeWare account access The default for the EPICenter user Admin is Administrator See the information under Adding or Modifying User Accounts for details on the ExtremeWare account access levels Adding or Modifying User Accounts To add users to the EPICenter database...

Page 359: ...cs and modify device parameters Manager access allows the user to view status information and statistics and modify device parameters Monitor access allows the user to view status information and statistics Disabled provides no access privileges the user will not be able to log in to the EPICenter but keeps the user account information in the EPICenter database 9 Select the appropriate ExtremeWare...

Page 360: ...ssary 4 Select the user name you want to delete and click Delete NOTE You cannot delete the user name admin A confirmation window appears 5 Click Yes This removes all information about this user account from the EPICenter database NOTE To remove all access privileges for a user without removing the user account from the EPICenter database use the Modify User function and change the Account Access ...

Page 361: ...le EPICenter as a RADIUS server or RADIUS client and change its port or the RADIUS secret By default RADIUS authentication is disabled Enabling the RADIUS server means that Extreme switches can act as RADIUS clients authenticating users against the RADIUS server s database of users as administered through the EPICenter Thus even if a user accesses the switch directly through Telnet or a browser th...

Page 362: ... RADIUS server follow these steps Figure 182 Radius Administration page 1 Click the Enable EPICenter as a RADIUS Server button in the RADIUS Configuration panel at the top of the page This enables the fields in the Server Configuration panel 2 Enter the RADIUS server s shared secret in the RADIUS Secret field This string is basically a shared key by which the RADIUS server and its clients recogniz...

Page 363: ...S client do the following 1 Click the Enable EPICenter as a RADIUS Client button at the top of the page This enables the fields in the Client Configuration panel 2 Fill in the fields server name or IP address port and shared secret for the primary and secondary RADIUS servers as appropriate It is recommended but not required that both a primary and a secondary RADIUS server be available for authen...

Page 364: ...the properties in that set 3 Type a new value into the field for the property you want to change or click a check box to turn on or off an option The specific properties and their meanings are discussed in the following sections 4 Click the Apply button to cause your changes to take effect You can undo your changes in one of two ways Click the Reset button to restore the values that the displayed ...

Page 365: ...rver can function as a Syslog receiver to receive Syslog messages Port 514 is the port used for remote syslog communication from a switch Uncheck the checkbox to disable syslog server functionality The default is enabled NOTE For Solaris you must stop the Solaris Syslog server before you can enable EPICenter s syslog server To stop the server in Solaris enter the command etc init d syslog stop In ...

Page 366: ...w Configuration and Statistics information in the ExtremeView applet The default is enabled passwords will be saved Use EPICenter Login Password for Telnet SSH A check indicates that the EPICenter login name and password should be used for establishing user initiated Telnet or SSH2 sessions with the switch Background functions including trap handling polling and scheduled operations continue to us...

Page 367: ...ceive in one minute from all managed devices If more than this number of messages are received within a one minute interval the excess messages are ignored When managing more than 1000 devices you should increase this to 500 The default is 275 the maximum you can set is 500 Maximum Number of SNMP Sessions This specifies the maximum number of concurrent SNMP sessions the server will run Increasing ...

Page 368: ...hours If you set an interval that is shorter than the time it takes to poll all the edge ports then the actual interval may be longer than the interval you specify here Edge Port Maximum Table Size Setting Specifies the maximum size of the FDB table downloaded by EPICenter The default value is 1000 entries The range is between 0 and 100000 entries where 0 indicates that there is no maximum size If...

Page 369: ...out period in seconds when performing DNS lookup operations for hosts found through DLCS or when importing in the Grouping applet from an NT Domain Controller The default is one second Session Timeout Period The non activity time out period in minutes after which the user is required to re login to the EPICenter server The default is 30 minutes You can disable the time out by setting the property ...

Page 370: ...onsuming you can disable this feature without disabling the use of SSH2 for secure Telnet sessions SCP2 Command Line The path to the SCP2 client application EPICenter supports the Open SSH SFTP client on UNIX and the pscp exe SCP client on Windows NOTE To configure SSH2 on a device the device must be running a version of the ExtremeWare software that supports SSH2 For more information on configuri...

Page 371: ...p Member To configure your EPICenter server as a server group member 1 Click the Server Member button in the Server Group Type panel at the top of the page This enables the fields in the Server Group Member panel 2 Enter the host name or IP address of the server that acts as the group manager in the Server Group Manager field 3 Enter the port number to be used to communicate with the Server Group ...

Page 372: ...s the string secret NOTE If you change the secret in one EPICenter server you must also change it in all of the other servers in the group 3 Enter the polling interval in minutes This determines the frequency with which the Server Manager communicates information to the other server members of the EPICenter server group The default is 10 minutes 4 Add the other members of the server group to the s...

Page 373: ...rt provides summary statistics about the status of the devices being managed by the EPICenter server This report can also be accessed from the Dynamic Reports Main page EPICenter Dynamic Reports are a separate feature from the main EPICenter user interface If you use a browser based client the reports can be accessed directly from the initial EPICenter Start up page without logging in to the Java ...

Page 374: ...s shown in Figure 185 appears when you first log into the EPICenter client and when you click the Home button at the top of the Navigation Toolbar The Network Status Summary Report displays information about the overall health of the network It also displays information on the current version of EPICenter running on the EPICenter service and compares the current version to the latest available ver...

Page 375: ...rk Login Report Alarm Log Report not available if the alarm system is disabled Event Log Report System Log Report Configuration Management Log Report not available if the configuration manager is disabled The following reports are Java based Interface Report Alarm Log Report Event Log Report System Log Report Configuration Management Log Report The Java based reports can be sorted filtered and pag...

Page 376: ...r Login page appears 4 Enter your user name and password and click Login Use the same user name and password as you use to log in to the EPICenter system The Dynamic Reports module is displayed The main page includes a brief description of the predefined reports that are available Viewing Predefined EPICenter Reports To view a predefined report click the Reports button in the Navigation Toolbar To...

Page 377: ...ater than indicates later in later in the alphabet for example the letter B is greater than A 3 In the third field select the value you want to compare the variable against If the variable takes a string as its value enter a string If the variable is numeric enter an integer NOTE You can use the browser Copy and Paste functions to copy a specific value from the current report into the comparison f...

Page 378: ... of syslog message received by the EPICenter server The third table in the report shows scalability statistics for the thread pool and the SNMP session pool Thread Pool Statistics Pool Size Thread pool size for the threads that are used to perform server operations for example reading data from a device or configuring the devices Default Allocation Size Number of threads used to perform a single o...

Page 379: ... accessible from the Programs menu to change the database port See Appendix B for details on the utility The fifth table in the report shows the status of licenses licensed or not licensed that are supported by the EPICenter server EPICenter Server License for the EPICenter server Unlimited Nodes License to have unlimited nodes Distributed Server License for the Distributed Server Policy License f...

Page 380: ...eading of a column to sort on the contents of that column Device Type Summary The Devices by Type table displays the following information Device Type Type of device Quantity Number of devices of this type known to EPICenter Select a device type or All Devices to display the Device Summary report The Device Summary report displays the following information about each device Device Group All the EP...

Page 381: ...ach module Device Group Name of all the device groups Device Name Name of the device from the sysName variable Device Address IP address of the device Device Location Device location from the sysDescr variable Card Type Type of module card this is displayed only if you select All Cards Slot Name Number or letter of the slot where the module card is installed Card Serial Number Module card serial n...

Page 382: ...rom the sysName variable IP IP address of the device Status The status of the device Choices include operational offline marginal and not responding Last Failure Local Time Zone Time at which the most recent device failure occurred based on the local time zone of the EPICenter server Down Period d h m s Length of time the device was unreachable reported in days hours minutes seconds Boot Time Loca...

Page 383: ... with ports that are members of this VLAN and the QoS Profile configured for this VLAN on each device Click on a VLAN name to display the Voice over IP Details report for the devices in the VLAN The Voice over IP Details report displays the following information Device Name Name of the device IP Address IP address of the device VLAN IP The IP address and subnet mask assigned to the VLAN if any on ...

Page 384: ...ading of a column to sort the report based on the contents of that column For example to sort by operational status click on the OperStatus heading You can filter the ports that are displayed by constructing a conditional filter using the fields at the top of the page This lets you construct a two clause filter statement in the form shown in Figure 187 Figure 187 Device Ports filter specification ...

Page 385: ... a particular VLAN Device Group Select all groups or the name of a particular device group Inactive Days Enter the number of days of inactivity for the requested port s Inactive Hours Enter the number of hours of inactivity for the requested port s When you complete your selections click Submit The report can be saved in csv or xml format or shown in a single page and shows the following Device Na...

Page 386: ... classified under Ack ed acknowledged Whether the alarm has been acknowledged 1 is acknowledged 2 is not acknowledged Event Event ID of the alarm assigned by the EPICenter server when the alarm is received Message Message associated with the alarm The alarm information is displayed in groups of 25 alarm events per page You can navigate among the pages using any of the following methods Clicking th...

Page 387: ...ge number from the at the top of the report Clicking the First or Last links to display the first or last page in the report Click the heading of a column to sort on the contents of that column You can filter the events that are displayed by constructing a conditional filter using the fields at the top of the page as shown in Figure 190 This lets you construct a two clause filter statement Figure ...

Page 388: ... a Configuration Management Log Report click the Config Mgmt Log link in the left hand panel This creates a report of all the entries in the Configuration Management Log The information displayed includes the following Time Time when the activity occurred local time of the EPICenter server Device IP Address of the device Activity Activity that occurred such as uploading a configuration file updati...

Page 389: ...s can be exported to either csv or xml format Exporting reports allows you to use various software applications to manipulate the data The following reports can be exported Device Inventory Slot Inventory Interface Reports Unused Ports Network Login Alarm Log Event Log Sys Log Config Management Activity Log From the main Reports page you can generate a report to be used by Extreme Networks eSuppor...

Page 390: ...t that appears in the main panel of the window when the Reports feature is requested either from the EPICenter software Start up window or from the icon on the Navigation Toolbar Modify this file if you want to change or add to the list of Reports and their descriptions color1 html defines the color of the bar at the top of the main content window This is a generated file You can use this file in ...

Page 391: ...t generated on extr clock format clock seconds extr TD TR TR valign bottom TD P img src images green gif width 650px height 3px P TD TR TABLE BR xxxxxxxxxxxxxxxxxxxxxxxxx p font size 3 extr ShowVlanSummaryList extr font p p font size 3 font nbsp p p font size 3 font nbsp p body html The vlan_summary html file is just like a standard HTML file with one exception it has a new pair of tags extr extr ...

Page 392: ...user reports html userdefined directory The EPICenter server automatically creates a link on the Reports menu for files in the userdefined directory It will use the report file names as the report names They will appear below the heading User Defined Reports at the bottom of the left hand panel of the Reports page The file names must conform to two restrictions They must use html as the extension ...

Page 393: ...nts The name of the HTML file that will generate the report A string containing the parameter that should that should be available to the HTML file The values for the parameters can be obtained in the various Tcl methods using extr GetSessionParam You must ensure that the appropriate environment variables are set to allow access to Tcl These should be set as follows For Windows 2000 and Windows XP...

Page 394: ...ed to use this method only during debugging Arguments filePath This is the fully specified path of where to find the HTML file that has embedded extr tags params A string containing params and their values that should be available to the procedures in the HTML files The parameters are specified as in HTML i e the param is a string of type param1 value1 param2 value2 Returns The result of executing...

Page 395: ...required for acceptable VoIP performance based on the number of VoIP phone ports in combination with the compression rates used in the IP phones for coding decoding voice traffic The VoIP applet can then configure the appropriate QoS settings on the switches on which the VoIP VLANs reside The EPICenter VoIP module is a separately licensed component of the EPICenter product family When a VoIP apple...

Page 396: ...f you have selected VLANs to carry VoIP traffic this page shows a summary of the configuration switch by switch of every VLAN that has been selected For each switch and VLAN this table shows the following information VLAN The name of the VLAN This may appear in the list multiple times if the VLAN is configured on more than one switch IP Address The IP address assigned to the VLAN on the switch Thi...

Page 397: ...A VoIP VLAN should include both the edge switches that contain the actual IP phone ports and any core switches that lie between the edge and the Call Manager or PBX You can use the EPICenter VLAN Manager module to create a VLAN for your voice over IP network if you have not already done so A VLAN that will be used with VoIP traffic should use protocol IP or Any and may be tagged or untagged If you...

Page 398: ...As a rule all devices in the VLAN will be enabled or disabled for VoIP and switches cannot be enabled or disabled individual However if a device is added to the VLAN after the VLAN has been enabled that switch will not be enabled until you re enable the entire VLAN IP Address The IP address assigned to the VLAN on the switch This may be blank if the VLAN does not have an IP address assigned as is ...

Page 399: ...remove this VLAN as a VoIP enabled VLAN and will save this setting in the EPICenter database NOTE Any devices added to the VLAN after the VLAN has been configured for VoIP are not automatically configured for VoIP You must return to the VoIP applet and configure the new device 5 Click Close to close the window NOTE When you disable a VLAN the VoIP settings for the devices in the VLAN remain in the...

Page 400: ...ndow The QoS Settings for the selected VLAN are displayed as shown in Figure 197 Figure 197 QoS Settings page for a VoIP VLAN The top portion of the QoS Settings page shows the current QoS settings for each switch in the VLAN If you configure new settings using the Configure VoIP QoS Parameters dialog the settings shown in this part of the display may change to reflect the new settings The bottom ...

Page 401: ...nual QoS configuration process You may need to do this if you have several types of IP phones that use different compression algorithms If the setting you select does not match the algorithm actually used to encode speech by your phone the computed QoS bandwidth settings may not be accurate NOTE VoIP configuration attributes are set on a switch by switch basis meaning that all IP phones connected ...

Page 402: ...cceptable VoIP performance It first computes the total bandwidth needed based on the number of VoIP phone ports in combination with the compression rate used in the IP phones for coding decoding voice traffic It then determines the minimum bandwidth as the percentage of the egress port bandwidth that is required to support all the IP phone ports simultaneously The minimum bandwidth setting will ne...

Page 403: ...phone port when it is actually a trunk port If the egress port port 30 on the upstream switch B is configured as 1000 Mbps port as is the case in the example the minimum bandwidth setting will probably be acceptable in most cases because the VoIP Manager module will never assign less than 1 of the bandwidth 10 Mbps for a 1000 Mbps port as the minimum However if switch A were a chassis switch that ...

Page 404: ...lation is where multiple IP phone are connected via a hub to a single ingress port on a switch In this configuration the VoIP Manager will underestimate the number of IP phone connections and will therefore underestimate the required minimum bandwidth In this case you can also use the information in Table 11 to help you determine the correct minimum bandwidth in the QoS profile for the VoIP VLAN o...

Page 405: ... Configure QoS button at the bottom of the page This displays the Configure VoIP QoS Parameters dialog as shown in Figure 199 Figure 199 Configure VoIP QoS Configuration Parameters dialog Initially the left hand side of this dialog displays a list of the switches in the selected VLAN and the default configuration attributes you specified on the QoS Settings page You can configure the switches with...

Page 406: ...tches that should be configured using these QoS settings and click the Add button to move them to the Calculated Settings list Click the Add All button to move the entire list of switches to the Calculated Settings list 4 You can edit the minimum and maximum bandwidth setting values once an entry has been placed in the Calculated Settings list Select the cell containing the bandwidth percentage yo...

Page 407: ...me to display the Voice over IP Details report for the devices in the VLAN The Voice over IP Details report displays the following information Device Name Name of the device IP Address IP address of the device VLAN IP The IP address and subnet mask assigned to the VLAN if any on the switch Egress Port List The ports specified as Egress ports for the VoIP VLAN Number of Phone Ports The number of po...

Page 408: ...hanges you should ensure that the changes made to the VLAN do not conflict with your configuration or the configuration displayed through the VoIP applet may be inconsistent For example if you place a port in the egress port list and someone simultaneously removes that port from the VLAN if you save your configuration with that port still designated as an egress port your VoIP configuration will c...

Page 409: ...y definition You should be familiar with the Grouping applet before you begin to define policies through the Policy Manager In addition you must have Administrator or Manager access to create modify and configure policies within the Policy Manager If you have Monitor level access only you cannot use these functions To invoke the Policy Manager click the Policy button in the Navigation Toolbar The ...

Page 410: ... or QoS changes made within the Policy Manager any changes made within the Grouping Manager or Inventory Manager that affect the endpoints or scoping of a policy or any changes on a device that affect access list or QoS settings on the device will cause an immediate reconfiguration of all enabled policies on the network devices Access based Security policies will be automatically configured only i...

Page 411: ...nager The component tree on the left shows the policies defined through the Policy Manager The main applet frame shows the definition and function of the selected elements exclamation point is an empty column used to invoke a sort by policy precedence Clicking the column header will sort the policies in precedence order Name is the name of the policy Type indicates the type of policy Access based ...

Page 412: ...affic flowing from client endpoint s to the server endpoint s Bidirectional indicates that access list rules are generated for traffic in both directions For Source Port policies the direction will always be from source port For VLAN policies the direction will always be from VLAN Description displays the description if any that was entered when the policy was defined By default the policy list is...

Page 413: ...k Resources list in Figure 201 is a single host The resource in the Users list is a User group If you have Administrator or Manager access you can use the Edit button to access the resources list and view the definition of the resource groups You can also view their definitions through the Grouping applet For the Network Resources side the resources are mapped to specific IP addresses and ports bu...

Page 414: ...ies the QoS profiles that are implemented on each device for the specified traffic flows The Policy Access Domain Scope for IP policies display includes The resources devices or groups that contain devices on which the policy should be implemented The type of the resource Device or Group The QoS profile that will be used for the device or devices specified by this resource An optional comment ente...

Page 415: ...ows shown in Figure 202 Protocol indicates the protocol specified for the traffic TCP in the example Dest IP is the destination IP address derived from one of the host specifications Dest Port is the L4 port associated with the destination IP address if a port has been specified An asterisk indicates the specification Any Src IP is the source IP address derived from one of the host specifications ...

Page 416: ...figured onto any devices click the Enabled check box once to remove the check mark and indicate that this policy should not be enabled The presence of a check in the box indicates that the policy will be enabled which is the default state 4 Select a schedule for this policy if desired Default is 24 hours a day 7 days a week You can check desired days set start time on the 24 hour clock and set tim...

Page 417: ...s of a policy for traffic originating from specific ingress ports A policy of this type generates source physical port QoS rules for implementation on the devices in the policy scope 6 Specify the endpoints that will define the traffic flows to which this policy will apply For a Security policy You must specify two sets of endpoints for a Security policy which are classified as network resources a...

Page 418: ...more endpoints for any of the policy types click the Edit button that appears either to the right or below the list of endpoint resources For a Security policy Two Edit buttons are provided one to the right of the Network Resources list and one to the right of the Users resource list as shown in Figure 203 For an IP policy Two Edit buttons are provided one to the right of the Servers resource list...

Page 419: ... selected in the component tree Use the Remove button to remove selected resources from the Current Policy Endpoints list Use the Remove All button to remove all resources from the Current Policy Endpoints list For an IP policy and for the Network Resources side of an Access based Security policy There are two additional ways to create endpoints Select Add IP Addr to specify an IP address directly...

Page 420: ...ted from this policy The bottom button indicates that this policy should apply to all traffic flowing between the user right side endpoints and the network resource left side endpoints in either direction 10 Server service and L4 ports for a Security or an IP policy You may indicate a protocol service and L4 layer 4 ports that should be used as a filter when looking for traffic that matches the ac...

Page 421: ...er NOTE When you select either of the Deny TCP SYN packets services the QoS profiles for all devices in your policy scope are automatically set to blackhole to accomplish the denial of new TCP traffic b To specify an L4 port or port range enter a port number in the L4 Port Range field Enter a single port number or a port range in the form first_port last_port The L4 Port Range field appears only i...

Page 422: ... enter when you select the QoS profile for the resource The order in which the resources are displayed in the Policy Access Domain or Scope Resource list determines their precedence Precedence is significant when an individual device appears more than once in the list as a member of multiple groups for example and the QoS profile setting of each of those occurrences is in conflict a To add a resou...

Page 423: ...y Access Domain Devices list and then selecting a profile from the drop down list associated with that resource Click OK to close the Edit window and display the contents of the Current Policy Endpoints list in the appropriate resource list in the Access List Policy Traffic for IP policies area Cancel closes the Edit window and abandons any changes you ve made to the Current Policy Endpoints list ...

Page 424: ...ources that are already selected as endpoints When you select a group in the component tree its children groups or individual resources are displayed in the associated Resource list the right half of the Select Endpoints to be Added area Individual resources are displayed only if they are of types that can be used as endpoints for the policy type you have selected For example if you are creating a...

Page 425: ... match for this policy endpoint This button does not appear if you are creating User side Security VLAN or Source Port endpoints NOTE You cannot have both the wildcard endpoint specification and individual endpoint specifications in the Current Policy Endpoints list as individual endpoints are redundant with the Any specification If you specify Add Wildcard when there are other endpoints in the li...

Page 426: ...ually have any effect on the policy access domain The area on the right of the window Current Policy Access Domain Devices shows the resources you have already selected to include in the access domain for your policy 1 Add or remove resources from the Current Policy Access Domain Devices list Select one or more individual resources or groups from the Devices list and click the Add button to add th...

Page 427: ...sources list click the OK button at the bottom of the window This closes the Edit window and displays the contents of the Current Policy Scope Resources list in the appropriate resource list in the Policy Traffic area Click Cancel to close the Edit window and abandon any changes you have made to the Current Policy Scope Resources list Modifying Policies To modify a network policy you follow the sa...

Page 428: ...the Current Policy Endpoints list in the Edit Policy Endpoints window However if they are not valid endpoint types for the new policy type they will not be added to the endpoint resource lists and you will need to select new endpoints for your policy 7 To modify the list of endpoints for any of the policy types click the Edit button that appears either to the right or below the list of endpoint re...

Page 429: ...and use the Up or Down buttons to move it in the list Moving it up will give it higher precedence moving it lower will reduce its precedence The order in which the resources are displayed in the Policy Scope Resource list determines their precedence If individual device appears more than once in the list as a member of multiple groups for example and the QoS profile setting of each of those occurr...

Page 430: ...e highest priority Source Port QoS policies are second and VLAN QoS policies have the lowest priority For Security and IP policies the precedence can be manipulated between the two types since they are of similar type in this respect For VLAN and source port policies you can only manipulate its precedence relative to other policies of the same type If all other precedence variables are equal and y...

Page 431: ...t QoS profile definitions in the Policy System click the Configure QoS profiles button This displays the Configure QoS Profiles window see Figure 216 The Configure QoS Profiles window is similar to the Edit Policy Endpoints window shown in Figure 205 and discussed in detail on page 418 Figure 216 Configure QoS Profiles window To modify the settings or device scope of a QoS profile follow these ste...

Page 432: ...Results list The Select Resources to be Added part of the window shows the resources currently defined in the Grouping applet When you select a group in the component tree its children groups or individual devices are displayed in the associated Resource list the right half of the Select Resources to be Added area You can select groups individual devices or individual ports as resources on which t...

Page 433: ...ange to a policy within the Policy Manager The status icon displayed in the upper right corner of the Policy Manager indicates that the configuration is occurring see Configuration Status for details If auto configuration is disabled you must explicitly perform the configuration process In this mode policies can be created or modified and saved but they are not configured on the network until a di...

Page 434: ...l button You can do this from either the Policies View or from the ACL Viewer In either case a pop up window appears asking for confirmation of the configuration Click Yes to proceed with the configuration or No to cancel the operation A message window shown in Figure 217 pops up to show you the progress of the configuration Figure 217 Message window showing policy configuration progress Devices a...

Page 435: ...ick the minus sign at the left of the device to hide the server messages The up and down arrow buttons let you move up and down the device tree displaying the server messages associated with each device If you check the Errors Only box the up and down arrow buttons will expand only devices that had errors The Collapse All button collapses all the device nodes hiding all the server messages ...

Page 436: ...436 EPICenter Software Installation and User Guide Using the Policy Manager ...

Page 437: ...ill normally only be displayed while the users are logged into the network The QoS Profile settings for the devices managed by the EPICenter server The ACL Viewer shows information about the policies you ve defined even if they have not been configured on the network Thus you can use the ACL Viewer to preview the rules you ve specified before they take effect on your network The ACL Viewer organiz...

Page 438: ...ped on two individual devices so there are two entries in the list for that policy Each entry in the summary display shows the following exclamation point is an empty column used to invoke a sort by policy precedence Clicking the column header will sort the policies in precedence order Policy is the name of the policy Scope shows the scope resource device or group and its associated QoS profile En...

Page 439: ...ries device or a Cisco device as well as the policies actually configured on the device Most Security policies are shown only while the user is actively connected to the network NOTE IP policies can only be configured on Extreme Networks devices running ExtremeWare versions 5 0x or 6 0 x or later Non i series devices only support IP policies if they run ExtremeWare 5 0x All Extreme Networks device...

Page 440: ...s to this traffic flow Status indicates whether the traffic pattern is unique or if it duplicates another traffic pattern If a rule is a duplicate only one of the duplicate rules is used to configure the device The rule used is based on the precedence of the duplicate rules To view the access list rules related to a specific device select the device If the device supports IP and Security policies ...

Page 441: ...t was not generated by the EPICenter Policy Manager Only the Configured side of the table is filled in for these rules The columns in the display show information as follows exclamation point is an empty column used to invoke a sort by policy precedence Clicking the column header sorts the policies in precedence order Policy displays the name of the policy Ideal Traffic is a policy traffic definit...

Page 442: ...ified for this traffic flow by this policy To be used indicates whether the rule is acceptable for configuration on the device not in conflict with any other rules Values for this column are Yes the rule can be used No duplicated indicating that the rule duplicates another rule No disabled indicating that the policy is disabled View Configured Rules The Configured Rules display shows details of th...

Page 443: ...olicy scope select a group in the component tree The VLAN QoS page shows all the traffic patterns generated by any VLAN QoS policies that have the selected group in its scope see Figure 221 Figure 221 Traffic patterns generated from VLAN QoS policies for scoped devices The display includes the following information exclamation point is an empty column used to invoke a sort by policy precedence Cli...

Page 444: ...configured on the device as shown in Figure 220 Select View policy rules from the drop down list to display the EPICenter rules only Select View configured rules from the drop down list to display the configured rules only Policy Rule Comparison The VLAN QoS policy rule comparison display shows both the ideal rules as generated by the EPICenter Policy Manager shown in the left half of the table an...

Page 445: ...on point is an empty column used to invoke a sort by policy precedence Clicking the column header will sort the policies in policy precedence order Policy displays the name of the policy VLAN is the VLAN specified by this policy Profile is the QoS profile that is specified for this VLAN by this policy To be used indicates whether the rule is acceptable for configuration on the device not in confli...

Page 446: ... its scope see Figure 221 Figure 223 Traffic patterns generated from Source Port QoS policies for scoped devices The display includes the following information exclamation point is an empty column used to invoke a sort by policy precedence Clicking the column header will sort the policies in policy precedence order Policy displays the name of the policy Source Port is the device and port for which...

Page 447: ...down list to compare the EPICenter generated rules with the rules configured on the device as shown in Figure 220 Select View policy rules from the drop down list to display the EPICenter rules only Select View configured rules from the drop down list to display the configured rules only Policy Rule Comparison The Source Port QoS policy rule comparison display shows both the Ideal rules as generat...

Page 448: ...s Config Rule Profile is the QoS profile that applies to this port View Policy Rules The Policy Rules display shows details of the Ideal Source Port QoS rules as generated by the EPICenter Policy Manager The information in this display is as follows exclamation point is an empty column used to invoke a sort by policy precedence Clicking the column header will sort the policies in policy precedence...

Page 449: ...eries device Figure 225 QoS profile display for an i series device The top table in the display the Device profile settings shows the QoS Profile settings configured for the device as a whole The lower table the Port exception QoS Profiles appears only for i series devices running ExtremeWare 6 2 or later and shows the QoS settings for any ports that have had a QoS profile defined individually for...

Page 450: ...nnected to the device Figure 226 shows the Network Login 802 1x display Figure 226 Network Login 802 1x display The information in the Network Login 802 1x display is as follows Port is the port on the device on which the user is logged in User Name is the name of the user IP Address is the IP address of the user s host Login Type is the login type either network login or 802 1x MAC Address is the...

Page 451: ...ttom of the QoS Profile page for a Cisco device This displays the Cisco Device Policy Setup pop up window If you have not yet set the device up to be managed by EPICenter the pop up window appears as shown in Figure 227 Figure 227 Cisco Device Policy Setup window for an unmanaged Cisco device 5 To configure policy for the device through the EPICenter Policy Manager the device must be managed by th...

Page 452: ...oftware to use to apply policies that do bandwidth control You can select a custom queue list from 1 to 16 from the drop down menu provided The setting Don t use indicates that no custom queue list is configured on the device Priority Queue List You can specify a priority queue list for the EPICenter software to use to apply policies that do priority control You can select a priority queue list fr...

Page 453: ...ttings configured externally for these resources The parameters are stored in the EPICenter database and are also written into the Cisco device login banner If the same device is added again or sync ed to the EPICenter database these parameters will be read from the device during the synchronization process NOTE Configuring the banner causes the Cisco device to lose all ACL rules configured by EPI...

Page 454: ...454 EPICenter Software Installation and User Guide The ACL Viewer ...

Page 455: ...dow or in the Run field If you have both server and client installed on the same system c Program Files Extreme Networks EPICenter 4 1 runclient exe DEBUG DEBUG logfile If you have the client only installed c Program File extreme Networks EPICenter 4 1 runclient exe DEBUG DEBUG logfile In Solaris enter the one of the following commands at a command prompt If you have both server and client install...

Page 456: ...er page is displayed a page with debug settings is displayed 3 Select Info for Client Debug Level 4 Click Submit Query This enables more detailed information to be logged Enable the Java Console To facilitate problem diagnosis you can attempt to duplicate the problem with the Java Console enabled To enable the Java Console do the following 1 From the Windows Start menu select Programs then Java Pl...

Page 457: ...ist in the Color Palette field to select the appropriate setting Problem After running for a while the display disappears in some applets Windows browser only Under some conditions in the browser client the Java Plug in can run out of memory If you are running with the Java Console enabled you may see Out of Memory errors recorded in the console log file To alleviate this problem you can grant the...

Page 458: ...tabase in Windows 2000 or Windows XP do the following 1 Open a DOS command window The following commands assume you have accepted the default installation location c epc4_1 If you have installed EPICenter in a different location substitute the correct installation directory in the commands below 2 Go to the EPICenter install directory cd c epc4_1 3 Add the EPICenter database directory to your path...

Page 459: ...software version 2 0 or later Ping the switch s IP address to verify availability of a route Use the ping command from a MS DOS or Solaris command shell Verify that the read and write community strings used in the EPICenter match those configured on the switch Problem ExtremeWare CLI or ExtremeWare Vista changes are not reflected in EPICenter Verify that the switch is running ExtremeWare software ...

Page 460: ... switches running older versions of ExtremeWare prior to 6 0 the EPICenter server uses telnet polling to get EDP topology and ESRP information However each telnet login and logout message is logged to the switch s log file and will eventually fill up the log You can disable EDP and ESRP logging through the EPICenter Administration applet Server Properties page This will also avoid the syslog messa...

Page 461: ...key To obtain a license key use your browser to connect to the license page at http www extremenetworks com go epickey htm You can obtain an evaluation key or a permanent key through this page You will need your activation key to obtain a permanent license key In either case you will be asked to enter some information about yourself and the license key will be sent to you by return e mail Follow t...

Page 462: ...g There are several possible reasons this can occur Check the following Make sure that the alarm is enabled Check that the device is in your alarm scope Check that SNMP traps are enabled on the device For a non Extreme Networks device make sure you have set EPICenter as a trap receiver on the device see Chapter 8 For an RMON alarm make sure you have RMON enabled on the device For Syslog messages m...

Page 463: ...ng its functions If you are running the EPICenter server as a service you must specifically tell it to allow output to the desktop To do this you must stop and restart the EPICenter server as follows 1 In the Services properties window select EPICenter 4 1 Server and click Stop To find the Services window from the Start menu select Settings then Control Panel the double click the Services icon 2 W...

Page 464: ...ot being managed by the EPICenter software Problem Devices running ExtremeWare 4 x are not being polled for ESRP information The EPICenter server uses Telnet polling to add and update ESRP information for devices running ExtremeWare 4 x If you have the Poll devices using Telnet option disabled in the Administration applet no ESRP information will be obtained for these devices You can enable telnet...

Page 465: ...network a duplicate IP address Remove the problem device from the EPICenter inventory and add it in again with the correct IP address Problem While looking at a device in ExtremeView the device view was suddenly replaced by the top level ExtremeView page This will happen if another EPICenter user removes the device from the database while you are viewing it If you are running with the Java Console...

Page 466: ...g a report or a topology map can cause the browser utilization to become very high approaching 100 and can spool a very large amount of memory There is no current solution other than to wait and the process will eventually finish Topology Problem In Map Properties changed the node background color but only some of the node backgrounds changed The background color affects submap nodes device hyper ...

Page 467: ...ks will automatically reappear when they come up again You can also use the Discover Links command again after the down links have come back up STP Monitor Problem There are multiple STP nodes with the same name The EPICenter server identifies an STP domain by its name and tag If you see multiple STP domains in EPICenter you may have a misconfiguration where the same STP domains are configured wit...

Page 468: ...468 EPICenter Software Installation and User Guide Troubleshooting ...

Page 469: ...ity used to upload or download device configurations or to download new software versions The VlanMgr utility used to create reset and delete VLANs The ImportResources utility used to import resources into the Grouping Manager from an external source such as an LDAP or NT Domain Controller directory The DevCLI Utility The DevCLI utility allows you to add modify and remove devices and device groups...

Page 470: ... 1 51 to use an empty string enter the command devcli mod u admin a 10 205 1 51 d NOTE If you are running the DevCLI on a Windows platform enter forward slashes to separate empty double quotes to ensure the command executes correctly For example to use the previous command in a Windows environment enter the command devcli mod u admin a 10 205 1 51 d To modify the name of a device group from Device...

Page 471: ... included in this file This option can be specified more than once None g Device group to which devices should be added Case sensitive The device group must already exist Default h Input file name for device groups This specifies an ascii file that contains a list of device group descriptions one per line A device group description may be included by enclosing both the device group name and the de...

Page 472: ...er snoopy on port 81 with EPICenter login master and password king enter the following command devcli add u admin a 10 205 0 99 s snoopy n 81 u master p king To add two devices 10 205 0 98 and 10 205 0 99 to the EPICenter database on the local host with read community string read and write community string write enter the following command devcli add u admin a 10 205 0 98 a 10 205 0 99 r read w wr...

Page 473: ...ts you can run to export information about the devices or occupied slots known to the EPICenter inventory The scripts let you export information on devices known to a single EPICenter installation on slots known to a single EPICenter installation or on devices known to multiple EPICenter servers The information will be output in comma separated CSV format suitable for importing into a spreadsheet ...

Page 474: ...sword under Windows enter the command cd epc4_1 user scripts bin msinv bat d o alldevinfo csv s config servers txt Under Solaris enter the command cd epc4_1 user scripts bin msinv sh d o alldevinfo csv s config servers txt The server file defaults to the file servers txt in the user scripts config directory You can edit this file to include the names or IP addresses of the servers where the EPICen...

Page 475: ...ogin and default password under Windows enter the following command inv bat d o output csv Under Solaris enter the following command inv sh d o output csv This command will login using the default user name admin and the default password and will output the results to the file output csv in the user scripts bin directory To export device information from the EPICenter databases on the multiple ser...

Page 476: ...lue of the object the variable extremePrimaryPowerOperational in the Extreme Networks MIB whose OID is 1 3 6 1 4 1 1916 1 1 1 10 0 on the device at 10 205 0 99 enter the following command snmpcli snmpget a 10 205 0 99 o 1 3 6 1 4 1 1916 1 1 1 10 0 snmpcli snmpnext options returns the value of the next OID subsequent to the OID you specify in the MIB tree For example you can use this command to get...

Page 477: ... This returns the following IP Address 10 205 0 99 Read community string public Timeout ms 500 OUTPUT OID 1 3 6 1 4 1 1916 1 1 1 9 1 1 1 VALUE 1 OID 1 3 6 1 4 1 1916 1 1 1 9 1 1 2 VALUE 2 OID 1 3 6 1 4 1 1916 1 1 1 9 1 1 3 VALUE 3 OID 1 3 6 1 4 1 1916 1 1 1 9 1 2 1 VALUE 2 OID 1 3 6 1 4 1 1916 1 1 1 9 1 2 2 VALUE 2 OID 1 3 6 1 4 1 1916 1 1 1 9 1 2 3 VALUE 2 Port Configuration Utility The Port Conf...

Page 478: ...utton for a field is enabled when the corresponding values in the Current port value field is something other than the default Click Done when you have finished making and applying changes Any new text in the edit fields that has not been applied is discarded The utility checks to see if it can open the requested new port number s If the new port number is in use the utility reports this fact and ...

Page 479: ...larms You can specify a time period of interest as well as characteristics of the alarms you want to include You can select alarms based on criteria such as the alarm name severity category source the IP address or IP address and port that generated the alarm and whether the alarm has been acknowledged You can combine many of these criteria so that only alarms that meet all your criteria will be i...

Page 480: ...edged However there are no alarms that meet this criteria since an alarm cannot be both To display both alarms that are acknowledged and alarms that are unacknowledged do not specify either option c category Display alarms that occur for a specific category Category specification is case insensitive Must be quoted if category name includes spaces or other delimiters When these options are combined...

Page 481: ...the last 300 alarm log entries in the EPICenter database running on server snoopy on port 81 with EPICenter login master and password king enter the following command AlarmMgr host snoopy port 81 user master password king To display all alarm log entries for the alarm named FanFailed in the local EPICenter database that occurred yesterday and are unacknowledged enter the following command AlarmMgr...

Page 482: ...lt user username EPICenter user name This option is required None password password EPICenter user password If the password is blank do not include this argument No password host hostname IP address EPICenter server hostname or IP address localhost port port EPICenter server port number Do not specify this after the dip option or it will be taken as a search domain specification 80 f file specific...

Page 483: ...s the server port specification You can specify individual devices device groups and port groups in a single command FindAddr Output The output from the FindAddr command is displayed as tab delimited text one line per address Each line contains the following information Both the MAC address and the corresponding IP address The switch and port to which the address is connected The user name current...

Page 484: ...lready exist it will be created by default in the EPICenter bin directory The TransferMgr Utility The Transfer Manager utility TransferMgr allows you to upload configuration information from a device to a file and to download configuration information and ExtremeWare software images to Extreme devices This command provides a command line version of some of the functionality available in the EPICen...

Page 485: ...ry or path below the configs directory where the upload file should be placed tftp_root is the location of your TFTP server By default tftp_root is EPICenter_install_dir user tftp tftp_root config s a Place upload file into the archive directory tftp_root configs year month day ipaddress _ time txt This option may not be combined with the fl and ft options tftp_root config s ipaddress txt Download...

Page 486: ...ultiple TransferMgr commands TransferMgr Examples The following examples illustrate the usage of these commands To upload configuration information from device 10 20 30 40 enter the following command TransferMgr user admin upload dip 10 20 30 40 This will place the device configuration information in the file 10_20_30_40 txt in the configs directory under the TFTP root directory by default epc4_1 ...

Page 487: ...des options for specifying EPICenter server access information the operation to be performed create modify or delete the name of the VLAN and the devices in the VLAN with their configuration options The syntax of the command is as follows VlanMgr user EPICenter username create VLAN name dip IP address other options dip IP address other options VlanMgr user EPICenter username modify VLAN name dip I...

Page 488: ...ddress of device to be included in the VLAN This option may be repeated None port ports Ports to be included in the VLAN as untagged ports on the device specified by the preceding dip option If this option is not included any untagged ports configured on this device will be removed from the VLAN These options must immediately follow the dip option to which they apply Each option may be specified o...

Page 489: ...1 2 and dip 10 20 30 40 port 2 3 4 If you do not include device 10 20 30 40 in the command that device and its ports will be removed from the VLAN VlanMgr Output The VlanMgr command displays output indicating the progress of the command as it configures the VLAN VlanMgr Examples The following examples illustrate the usage of these commands To create untagged VLAN test1 consisting of untagged ports...

Page 490: ...ts 14 and 15 on switch 10 201 20 36 from VLAN test2 enter the following command VlanMgr user admin modify test2 dip 10 201 20 35 tagport 10 11 ipf ip 10 201 20 100 24 dip 10 201 20 36 tagport 11 12 13 ipf ip 10 201 20 102 24 tag 53 protocol ip To remove switch 10 201 20 36 from VLAN test2 enter the following command VlanMgr user admin modify test2 dip 10 201 20 35 tagport 10 11 ipf ip 10 201 20 10...

Page 491: ...nd one of the import type options f ldap or domain are required Table 20 specifies the options you can use with this command Table 20 ImportResources command options Option Value Default user username EPICenter user name This option is required None password password EPICenter user password If the password is blank do not include this argument No password host hostname IP address EPICenter server ...

Page 492: ... a source group named CorpUsers in the EPICenter database running on host snoopy on port 81 with EPICenter login master and password king enter the following command ImportResources host snoopy port 81 user master password king s CorpUsers ldap This requires a configuration file named LDAPConfig txt to be present in the EPICenter user import directory To import resources from an NT Domain server i...

Page 493: ...connection The external application must first establish a persistent TCP connection with the EPICenter server The EPICenter server listens on a TCP port on the server machine for incoming connections The EPICenter server picks a dynamic port number that is not in use on the server machine during startup This port number can be discovered by the external application by sending an HTTP request to h...

Page 494: ...e from the EPICenter server Data values appear between a begin tag and an end tag Data values are encoded using the following rules Only HTML compatible 7 bit ASCII characters are used to represent application data values All data values are represented using 7 bit ASCII characters There is no binary data representation Characters with ASCII value 9 10 13 33 35 37 39 59 61 63 126 are sent using th...

Page 495: ...R TABLE The EPICenter server responds to any requests sent by the external application using the above format The external application first establishes a TCP connection with the EPICenter server Then the external application must initiate a request by sending a command and any command arguments to the EPICenter server The EPICenter server responds by sending any results back to the external appli...

Page 496: ...ER server H2 If the login failed the server sends H2 ERROR Invalid login try again H2 The external application should check the result code in the message to determine the success or failure of the login REQUEST COMPLETE is login successful ERROR is login failed Dbquery Command The external application may send the following to issue a dbquery command command param dbquery param param sql param pa...

Page 497: ... 2 or more rows The first row contains the column name of each column in the resulting table The second row contains the column type of each column in the resulting table Rows 3 to n contains the actual row values in the table For example if the external application sends the following command param dbquery param param select from Employee param command The result may be TABLE TR TD name TD TD age...

Page 498: ... commands are sufficient for any external application to communicate with the EPICenter server However the EPICenter software also provides a client API that makes it easier for third party developers to develop external applications that communicate with the EPICenter server enable Enables one or more policies by name The arguments to this command are one or more policy names disable Disables one...

Page 499: ...extr name space in which a set of Tcl functions is available to the Tcl application These functions allow the Tcl application to connect login send database queries send policy configuration commands and logout from an EPICenter server The functions use Tcl sockets to connect with the EPICenter server send commands and receive responses according to the EPICenter external access protocol See path ...

Page 500: ...ssword to the EPICenter server to login If the client does not login the server will close the connection after a timeout Arguments channel_id channel id returned by extr connect name optional login name Defaults to user password optional password Defaults to no password Returns 1 login is successful 0 login failed Exceptions This function may throw an error if there is a problem communicating wit...

Page 501: ... encoded in HTML XML style tags The caller may choose to receive this data in its raw encoded form by using the raw option This function can also return the result already decoded into a list of list of cell data if raw is not specified The caller can optionally specify command cmd If this is specified then the user supplied cmd is executed after each row of data is received See below for the defi...

Page 502: ...hannel_id channel id returned by extr connect raw optional the constant raw which controls result data format decode flag optional 1 if we want to decode the data portion when returning as a list 0 means don t decode the data portion Default is to decode command cmd optional the cmd callback this option is mutually exclusive with respect to the raw option above sql the sql statement arg arg option...

Page 503: ...r The arguments are a list of policy names configure device_ip group_name Configures policy on devices The devices are specified either as device ip address or as a group name If a group name is given all devices within the group are configured During configuration all policy types are configured If no argument is given the all devices are configured Note must be logged in using an account with ad...

Page 504: ...504 EPICenter Software Installation and User Guide EPICenter External Access Protocol ...

Page 505: ... of the columns in the view contain Extreme specific information If a device is not an Extreme device the Extreme specific columns contain empty values such as an empty string Column Name Column Type Description device_id integer A database unique id identifying a device This column can be used as the primary key enterprise_oid integer The enterprise id e g 1916 for extreme networks system_oid str...

Page 506: ... e g 4 1 9 2 secondary_image string The secondary software image version on the device e g 6 1 5b20 boot_rom string The version of the device s boot rom e g 7 2 image_after_reboot string The image to use after a switch reboot primary secondary neither or unknown board_number string The hardware board number other_numbers string Other hardware board numbers serial_numbers string The serial number o...

Page 507: ...interface e g 10BaseTX half duplex auto_negotiation string The status of auto negotiation of the interface true or false admin_status string The admin status of the interface enabled or disabled operation_status string The operational status of the interface active ready or failed The following columns are Extreme specific IP_Address string The IP address of the device to which this interface belo...

Page 508: ...f the source from which the event is generated E g 10 205 0 31 10 205 0 31 port 2 1 or 10 205 0 2 ifIndex 10 event_type string The type of the event e g SNMP Trap Cold Start event_ip string The IP address of the source from which the event is generated E g 10 205 0 31 event_generic integer For SNMP trap based event this is the generic field of the trap event_specific integer For SNMP trap based ev...

Page 509: ...fined in the alarm definition source string The IP and the ifIndex if appropriate of the source from which the event that triggered the alarm is generated E g 10 205 0 31 10 205 0 31 port 2 1 or 10 205 0 2 ifIndex 10 severity string The severity of the alarm as defined in the alarm definition msg string The alarm message as defined in the alarm definition ack byte A byte value in hexadecimal repre...

Page 510: ...510 EPICenter Software Installation and User Guide EPICenter Database Views ...

Page 511: ...er numbered state 6 1 9 or later BGP Established The BGP Established event is generated when the BGP FSM enters the ESTABLISHED state 6 1 9 or later BGP Prefix Max Exceeded Extreme Networks proprietary trap This trap indicates that the number of prefixes received over this peer session has reached the maximum configured limit 6 2 2 or later BGP Prefix Reached Threshold Extreme Networks proprietary...

Page 512: ... from this neighbor within the configured timeout period and this neighbor entry has been aged out by the device 6 1 or later EGPNbrLoss An EGP neighbor for which the device is an EGP peer is down and the peer relationship no longer exists An Extreme Networks switch never sends out this trap None ESRP State Change Extreme Networks proprietary trap This trap indicates that the ESRP state master or ...

Page 513: ...irtual OSPF neighbor This trap should be generated when the neighbor state regresses e g goes from Attempt or Full to 1 Way or Down or progresses to a terminal state e g 2 Way or Full When an neighbor transitions from or to Full on non broadcast multi access and broadcast networks the trap should be generated by the designated router A designated router transitioned to Down will be noted by ospfIf...

Page 514: ... object is set to probeFailure 0 subject to the value of pingCtlTrapProbeFailureFilter The object pingCtlTrapProbeFailureFilter can be used to specify the number of successive probe failures that are required before this notification can be generated 6 1 9 or later Ping Test Completed Generated at the completion of a ping test when the corresponding pingCtlTrapGeneration object is set to testCompl...

Page 515: ...e Networks proprietary trap This trap indicates that the sending agent has become the new root of the Spanning Tree the trap is sent by a bridge soon after its election as the new root e g upon expiration of the Topology Change Timer immediately subsequent to its election 6 2 2 or later STP Topology Change Extreme Networks proprietary trap A topologyChange trap is sent by a bridge when any of its ...

Page 516: ...al number reported through SNMP may occur with ExtremeWare 6 2 1 on the BlackDiamond 6816 Fan Failed For Extreme Networks devices only The EPICenter server generates this event for an Extreme device when it detects via polling a transition from fan OK to fan failed condition on the device Unlike the SNMP Fan Failed trap event this event is generated only once based on a state transition As an alte...

Page 517: ...directory install_dir user where install_dir is the root directory of the EPICenter install by default c Program Files Extreme Networks EPICenter 4 1 For Solaris the backup files are created in the directory opt extreme epc4_1 user where opt extreme epc4_1 is the install_dir The Alarm Log is backed up to the file Alarm_Log txt The Event Log is backed up to the file Event_Log txt Each primary backu...

Page 518: ...nment variable This should be set to install_dir database where install_dir is the root directory of the EPICenter install for example opt extreme epc4_1 The Validation Utility The Validation utility validates all indexes and keys on some or all of the tables in the database Access the Validation utility from the MS DOS or Solaris command line using the dbvalid command This convention also allows ...

Page 519: ... back up the EPICenter database running under Windows use the command install_dir database dbbackup c uid dba pwd sql eng EPIC41 dbf install_dir basecamp db backup_dir Under Solaris use the command install_dir database dbbackup c uid dba pwd sql eng EPIC41 dbf install_dir basecamp db backup_dir This example assumes a database user ID of dba with password sql These are the defaults used when the da...

Page 520: ...specified connection parameters from the SQLCONNECT environment variable are used if set The connection parameters are separated by semicolons and the entire set must be quoted For example under Windows the following backs up the EPICenter database basecamp db connecting as user ID dba with password sql install_dir database dbbackup c uid dba pwd sql eng EPIC41 dbf install_dir basecamp db c tmp In...

Page 521: ...ing system in the EPICenter Software Installation and User Guide 2 Move or delete the old copy of basecamp db and basecamp log found in the EPICenter installation directory 3 Copy the backup copy of basecamp db and basecamp log to the EPICenter installation directory 4 Restart the EPICenter software following the instructions in the EPICenter Software Installation and User Guide for your operating...

Page 522: ...522 EPICenter Software Installation and User Guide EPICenter Backup ...

Page 523: ... user logs out or when the host is shut down This information is used by the EPICenter software in setting policies that can be applied to users These policies can dynamically follow a user s location if auto configuration of policies is enabled For DLCS to operate within ExtremeWare the user or host must allow automatic DLCS updates This feature should only be used in conjunction with the EPICent...

Page 524: ...t the switch you want to configure 3 Use the enable dlcs command to enable DLCS snooping of packets on the switch 4 Enable the ports on which you want to snoop You can enable individual ports or all ports on the switch enable dlcs fast ethernet ports ports port number all DLCS should be enabled on all edge ports ports that are directly connected to workstations servers and unintelligent hubs DLCS ...

Page 525: ... settings for DLCS However a VLAN must have an IP address in order for DLCS to function on ports on that VLAN For ExtremeWare 5 x ISQ has been improved to also allow the application of IP QoS for traffic on a Layer 2 switch that is destined outside the served subnet If your switch is running in L2 mode and you want to snoop Layer 4 NetBIOS packets you can do so using ISQ To configure this capabili...

Page 526: ...526 EPICenter Software Installation and User Guide Dynamic Link Context System DLCS ...

Page 527: ...eatures Supported in EPICenter Notes Access List Source ip subnet wildcard Yes Destination ip subnet wildcard Yes Source L4 port range wildcard Yes Destination L4 port range wildcard Yes Protocol IP UDP TCP Yes Protocol ICMP Partial Can display ICMP access list created via CLI Does not configure any access list using ICMP protocol Ingress port list Partial Can display access list with ingress port...

Page 528: ...urce Port QoS Supports QP1 QP8 Yes Supports blackhole Yes Source port blackhole is implemented by disabling the source port VLAN QoS Supports QP1 QP8 Yes QoS Profile Min Max bandwidth Yes Priority Yes Min Max Buffer No Per Port Profile Yes EW 6 0 x EW6 1 x Features Supported in EPICenter Notes Access List Source ip subnet wildcard Partial Only IP and ANY wildcard are supported Destination ip subne...

Page 529: ...e device to determine how to deal with overlaps between the policy rules Acl name No EPICenter cannot set or display the access list name Access list rules created by EPICenter created appear in the CLI with names mgmt1 mgmt2 and so on When displaying an access list in the ACL viewer the name column is empty Supports QP1 QP8 Yes See the ExtremeWare Software User Guide for information on how the de...

Page 530: ...y Yes Supports QP1 QP4 Yes Source Port QoS Supports QP1 QP4 Yes Supports blackhole Yes Source port blackhole is implemented as disabling the source port VLAN QoS Supports QP1 QP4 Yes QoS Profile Min Max bandwidth Yes Priority Yes Only four priorities are available EW 4 x Features Supported in EPICenter Notes IP QoS No Source Port QoS No VLAN QoS Supports QP1 QP4 Yes QoS Profile Min Max bandwidth Y...

Page 531: ...e overlapping rules the rule for the policy with the highest precedence is used EPICenter policy precedence is implemented by assigning precedence numbers to IP access lists that are configured to the devices These precedence numbers may be different on different devices depending on how many policies are active on a given device The actual IP access list precedence number is not as important beca...

Page 532: ... displayed for Cisco devices It is the relative ordering between the rules that is important not the precedence number itself If Cisco device is synchronized its equivalent precedence number is lost until the next policy configuration This can happen in the following cases The user removes the Cisco device from the EPICenter inventory then adds it back to the EPICenter database The user uses the S...

Page 533: ... 138 alarm definition 130 CPU Utilization rule 142 devices 100 map background images 313 nodes to a map 297 protocol filters 339 relationships to resource 216 resource as child 213 RMON rule 142 user accounts 358 VLANs 330 address range in Discovery 95 in IP MAC Address Finder 237 Admin button 81 Admin port 54 59 Administration page 357 Administrator adding users 358 changing password 358 default ...

Page 534: ...Change rule 148 unacknowledging 124 variables 132 writing Tcl scripts for alarm actions 155 All Device Groups page 89 All ESRPs view 352 application as policy component 39 Apply button 86 architecture of EPICenter software 28 Archive button Configuration Manager 165 167 archiving configuration settings 165 Attribute Name field 221 Attribute Type field 221 attributes of resources 207 210 DLCS ID ty...

Page 535: ...orts 81 ReRun IP MAC Address Finder 235 240 Reset 86 410 429 Reset Grouping Manager search 224 RT Stats 81 269 Save 216 218 219 221 410 429 ServiceWatch 81 Settings Alarm Definition 136 Stop Telnet 194 STP 81 Submit IP MAC Address Finder 238 Sync Inventory Manager 90 111 Sync Threshold Configuration 151 Telnet 81 191 TFTP Configuration Manager 186 Topology 81 286 Unack 124 Upgrade Configuration Ma...

Page 536: ...ration 146 rule definition 146 rule display 141 rule target configuration 149 Sample Type 146 Startup Alarm 146 Create new device button 297 Create new map button 296 creating alarm definitions 129 alarm threshold event rules 142 device groups 102 incremental configuration file 170 new device node Topology 297 new topology map 296 new topology view 293 resources 211 search task IP MAC Address Find...

Page 537: ...erver mode 26 Distributed Server summary report 78 DLCS 40 523 enabling on switch 524 limitations 524 Policy Manager requirements 523 properties 524 domains STP 341 download ExtremeWare software image device 173 177 ExtremeWare software image slot 178 incremental configuration 169 saved device configuration 168 Download button Configuration Manager 168 drop down menu fields 86 Dynamic Link Context...

Page 538: ...g Manager 226 Filter button 127 filtering in reports 376 resources 210 214 filtering alarms 126 Find Address Tasks List window 234 Find button in Grouping Manager 210 215 221 in IP MAC Address Finder 236 in Telnet applet 201 in Topology 311 Find IP MAC button 81 233 Find Map Node menu selection 310 FindAddr utility 27 481 Fit Map in Window menu selection 307 Forward trap alarm action 135 G Get Jav...

Page 539: ...button 81 M macro status 194 macros Telnet record play 192 Start Record command 198 Stop Record command 198 variables 194 Manager access 26 355 Map auto populate 293 294 305 creating 296 deleting submap 301 Expand Map 308 fit Map in Window 307 Layout Map In Window 306 renaming 301 map element description panel 287 291 map elements composite link 290 decorative node 289 device node 287 hyper node 2...

Page 540: ...0 policy configuration auto configuration 433 comparing policies with configured rules 440 444 447 directed configuration 434 status 433 Policy definition 30 policy definition page 412 416 network resource 414 policy scope 414 policy type buttons 413 traffic definition 413 traffic direction 413 Users list 413 policy description 30 policy name 30 policy precedence 43 changing 430 configuring 430 po...

Page 541: ...up 218 in IP MAC Address Finder 237 Remove Attribute from Resource button 212 Remove button in Add Attribute to Resource 221 in Add Relationship to Group 218 in Discovery 96 in Grouping Manager 219 in IP MAC Address Finder 237 remove children from a group 216 remove resource from results list 215 Remove Condition s button 125 128 removing a child resource 216 Rename Map menu selection 301 Rename V...

Page 542: ...te for CPU Utilization 146 Absolute predefined RMON 148 Absolute RMON 144 Delta for CPU Utilization 146 Delta RMON 144 Save button 216 218 219 221 410 429 scheduled configuration upload 165 scheduled configuration global 167 scope for alarms 132 Scope tab 132 search results Discovery 96 Grouping Manager query 224 IP MAC Address Finder 239 search task IP MAC Address Finder 236 Searching for a resou...

Page 543: ...148 RMON 144 State ESRP 354 statistics display mode real time 273 graph preferences RT Stats 274 in Extremeview 253 individual port real time 271 multi port real time 269 real time 267 Status icon 410 Status Detail Information panel 83 Stop button 194 Stop Record Telnet 198 stopping the server under Solaris 71 under Windows 70 stopserv command 71 STP 1D mode 341 default domain 341 EMISTP mode 341 ...

Page 544: ... link 289 map 287 map background color 312 map element description panel 287 291 map hierarchy tree 287 map properties 311 node background color 312 renaming a view 294 setting view properties 304 submap node 287 text node 289 view 286 VLANs button 313 Topology button 81 286 Topology views 25 285 ToSlave ESRP 354 total errors graph 268 TrackedActivePorts ESRP 354 TrackedIPRoutes ESRP 354 TrackedPi...

Page 545: ... Summary report 382 VLAN tab 119 VlanMgr utility 27 487 VLANs 325 802 1Q tag 321 331 adding 330 adding links 315 adding protocol filters 339 adding tagged ports 331 adding untagged ports 331 Connect Device 336 connecting edge port 317 definition of 322 deleting 333 deleting protocol filters 339 disabling IP forwarding 336 displaying 323 displaying in Topology applet 313 enabling IP forwarding 336 ...

Page 546: ......

Reviews:

No comments

Brands by name

Popular brands

Load more brands