manualshive.com logo in svg

Extreme Networks EPICenter 5.0, Manual

Get in-depth knowledge of Extreme Networks EPICenter 5.0 with our free user manual download. Whether you're a beginner or advanced user, this manual will guide you through every feature and functionality of the product. Download it now from manualshive.com and enhance your network management skills.

Share
Download
background image

 

Policy Types

EPICenter Concepts and Solutions Guide

149

Policy Types

The EPICenter Policy Manager supports four types of policies: Access-based Security QoS policies, IP 
QoS (Access List) policies, Source Physical Port QoS policies, and VLAN QoS policies. These policies 
assign QoS profiles to traffic flows that are identified based on dynamically determined destination 
port, IP-based endpoint addressing information, physical port of origin, or VLAN origin. This release of 
the EPICenter Policy Manager does not support policies for traffic based on MAC address destination 
information or on explicit class of service (802.1P and DiffServ) information. 

ExtremeWare versions 5.0 or later support IP, VLAN and source port types. Only ExtremeWare 7.0 
supports Security policies. ExtremeWare versions prior to 5.0 support only VLAN-based QoS. Thus, 
although the Policy Manager supports IP, Access-based Security, and Source Port policies, non-

i-

series 

devices will not be able to use those policies unless they are running ExtremeWare version 5.0. The 
Policy Manager will not attempt to configure policies on devices that cannot support them. 

In the EPICenter Policy Manager, each policy type acts somewhat like a template, allowing you to 
specify only components that are valid for the policy type. For example, the Policy Manager expects you 
to enter two sets of endpoints for a Security or an IP policy, but only a single set of endpoints for a 
VLAN or Source Port policy. In addition, the Policy Manager will only show endpoints of valid types in 
the Select Policy Traffic list in the Edit Policy, Network Resource, Server, Clients or Users Endpoints 
windows. 

Access-based Security Policies

Access-based Security Policies represent a new policy type similar to IP policies. They are dynamic 
policies which are designed and typically implemented at the edge of the network to enforce user based 
security on an IP basis whenever and wherever the user connects. The principal difference is that the 
ACL rules associated with the policy are dynamically applied to and removed from the network in 
response to network login and 802.1x login and logout events. The IP addresses are static in nature and 
determined by the network resources. The device port the user logs on dynamically determines the user 
IP addresses. In addition, unlike IP policies, security policies are applied only on the device through 
which the user logged on. These policies operate in concert with the currently defined static policies 
and other access-based security policies and share the same precedence properties.

You use Access-based Security policies for a number of important reasons. One primary function of 
these policies is to protect core network resources by controlling and enforcing security for user access 
at the point of entry to the network (e.g. edge network devices). Additionally, these policies allow you 
to augment the basic yes/no security provided by Netlogin with a finer grain control of access levels. 
Users can be granted or denied access to certain areas of the network and users can be given different 
service level guarantees by the use of different QoS profiles.

You also use Access-Based Security policies to grant various levels of service on a per user or user 
group level. By using different QP assignments on a per user or user group basis in the access domain 
of the security policy, each user receives a specific level of service on the edge device port. Static IP 
policies should be defined in conjunction with dynamic user policies to establish a baseline security 
access level and QoS level for all users. Typically, these static IP policies would be used to deny access 
to sensitive network resources and/or to provide a base level quality of service. These static IP policies 
should have lower precedence than the dynamic user based security policies to allow the dynamic user 
based security policies to override the static IP policies on a per user basis.

Access-based Security policies are implemented with dynamic ACL allocation/deallocation on a per 
edge device port basis by the policy server based on current users on the network. The ACL rules are 
only applied to the single edge device port in the access domain on demand upon user network login 

Summary of Contents for EPICenter 5.0

Page 1: ...Networks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 http www extremenetworks com EPICenter Concepts and Solutions Guide Version 5 0 Published October 2004 Part number 100175 00...

Page 2: ...are trademarks of Extreme Networks Inc which may be registered or pending registration in certain jurisdictions The Extreme Turbodrive logo is a service mark of Extreme Networks which may be registere...

Page 3: ...ing Manager 16 The IP MAC Address Finder 16 The Telnet Feature 16 Real Time Statistics 17 Topology Views 17 Enterprise wide VLAN Management 18 The ESRP Manager 18 The STP Monitor 18 EPICenter Reports...

Page 4: ...ing Baseline Configuration Files in the Configuration Manager 37 Scheduling Configuration File Archiving 39 Checking for Software Updates 40 Using the EPICenter Alarm System 41 Predefined Alarms 41 Th...

Page 5: ...Multidevice VLAN Configuration 88 Modifying VLANs from a Topology Map 89 Displaying VLAN Misconfigurations with Topology Maps 90 Chapter 6 Managing Network Device Configurations and Updates Archiving...

Page 6: ...Status with Reports 114 Performance Visibility with Reports 114 Debugging Access Issues with Syslog Reports 115 Fault Isolation with Reports 115 Chapter 9 Tuning and Debugging EPICenter Monitoring an...

Page 7: ...e 145 Chapter 11 Policy Manager Overview Overview of the Policy Manager 147 Basic EPICenter Policy Definition 148 Policy Types 149 Access based Security Policies 149 IP Based Policies Access List Poli...

Page 8: ...ing the SNMPCLI Utility 185 SNMPCLI Examples 186 Port Configuration Utility 187 The AlarmMgr Utility 188 Using the AlarmMgr Command 189 AlarmMgr Output 191 AlarmMgr Examples 191 The FindAddr Utility 1...

Page 9: ...dging concepts Routing concepts The Simple Network Management Protocol SNMP NOTE If the information in the Release Notes shipped with your software differs from the information in this guide follow th...

Page 10: ...ould type a particular command The words enter and type When you see the word enter in this guide you must type something and then press the Return or Enter key Do not press the Return or Enter key wh...

Page 11: ...nline Help available from the Help menu in each EPICenter applet as well as through Help buttons in most windows and dialogs throughout the software Other manuals that you will find useful are Extreme...

Page 12: ...12 EPICenter Concepts and Solutions Guide Preface...

Page 13: ...are easy to use from a client workstation running EPICenter client software or from a workstation configured with a web browser and the Java plug in EPICenter leverages the three tier client server ar...

Page 14: ...re For even larger networks you can split the management task among several EPICenter servers in a distributed server mode that lets you monitor the status of those servers from a single client Policy...

Page 15: ...covered by specific IP address or within a range of IP addresses Third party devices that support SNMP version 3 SNMPv3 are discovered as SNMP version 1 SNMPv1 and are added to the EPICenter database...

Page 16: ...One of the powerful features of the EPICenter software is its ability to take actions on multiple devices or resources with a single user action The Grouping Manager facilitates this by letting you or...

Page 17: ...en save print or e mail the page Topology Views The EPICenter software s Topology feature allows you to view your network EPICenter managed devices and the links between Extreme Networks devices as a...

Page 18: ...SRP enabled VLANs being monitored by the EPICenter software You can also view detailed information for an individual ESRP enabled VLAN and the switches in those VLANs The STP Monitor The EPICenter Spa...

Page 19: ...e Utilities The EPICenter software provides a number of stand alone utilities or scripts that streamline the process of getting information into and out of the EPICenter database or facilitate certain...

Page 20: ...her servers in the group From the EPICenter home page a client attached to any one of the servers in the server group can view summary status information from the other servers in the group in additio...

Page 21: ...e also gives you the ability to gather device status at any time using the Sync feature in the Inventory Manager applet To avoid the overhead of frequent device polling the EPICenter software also use...

Page 22: ...in device status such as fan failure or overheating or configuration changes made on the switch through the ExtremeWare CLI or ExtremeWare Vista For non Extreme devices EPICenter does not automaticall...

Page 23: ...EPICenter to poll the switch and update all configuration and status information except for uploaded configuration files During a Sync operation the SmartTraps rules are also reset in case the user h...

Page 24: ...escription files may be added over time check the Extreme Networks web site for information on new device support EPICenter also provides support for Avaya Voice network devices through an integration...

Page 25: ...nter server is running multiple clients can connect to it The EPICenter software supports multiple administrator users with different roles that determine the EPICenter functions each user can perform...

Page 26: ...commended etc init d EPICenter start To run the EPICenter Server as an application 1 Set the current directory to the EPICenter install directory cd install_dir install_dir is the directory path where...

Page 27: ...nter 5 0 then select EPICenter 5 0 Client If you are running the client on a system different from where the EPICenter server is installed select EPICenter 5 0 Client then select Client Application Th...

Page 28: ...PICenter client in a Solaris environment 1 Set the current directory cd install_dir install_dir is the directory path where you installed the EPICenter components If you installed in the default direc...

Page 29: ...EPICenter user name in the User field If you are the network administrator logging in to the EPICenter server for the first time since it has been installed use the name admin Once you have logged in...

Page 30: ...Software Images Updates window or Remind Me Later which closes the window The EPICenter Home page appears displaying the Network Summary Report as shown in Figure 4 Figure 4 The EPICenter Home page S...

Page 31: ...Java based applets that operate on device configuration and status information stored in the EPICenter database The devices being managed are the common thread between these applets or features and m...

Page 32: ...Administration applet where the features of EPICenter itself can be configured and where users can be added or deleted and their roles modified The Manager role provided full read write access to all...

Page 33: ...Manager applet Using Discovery When you first run EPICenter the device inventory is empty The easiest way to populate the inventory database is to use Discovery to automatically detect the devices on...

Page 34: ...of devices you want to add and click the Add button For each device or set of devices you add to the inventory database EPICenter first asks you to provide contact information for those devices The de...

Page 35: ...n with no password SSH2 disabled For Cisco devices only the default Cisco enable password none Default SNMP v1 community strings public for read and private for write SNMP V3 user initialmd5 SNMP V3 p...

Page 36: ...ew group you can specify the devices that should be included in the group The Available Devices list shows you all the devices available to be placed in the new device group Figure 7 Adding a device g...

Page 37: ...rd Since there are multiple versions of software for different device and module types and the software images and bootROM versions must also be compatible the Firmware Manager can warn you if you att...

Page 38: ...or a device the Device display indicates which configuration file is the one that became the baseline file as shown in Figure 9 Subsequent configuration uploads are compared to the baseline and if cha...

Page 39: ...o schedule uploads on a regular basis click Archive or select the Archive command from the Config menu The Schedule Upload window has three tabs From the Device Schedule tab you can select a set of de...

Page 40: ...heck the Extreme Networks web site to determine if new versions have been released When you install EPICenter you can enable the Automatic Information Update feature This feature will connect to the E...

Page 41: ...es a set of predefined enabled alarms that will immediately report conditions such as authentication or login failures device problems such as power supply or fan failures reachability problems or dev...

Page 42: ...usive Mode To receive traps from non Extreme Networks devices you must manually configure those devices to send traps to the EPICenter server See Appendix B in the EPICenter Reference Guide for inform...

Page 43: ...display filters to view any subset of alarms that you wish If you have selected a device in another applet when you open the Alarm Browser or if you invoke the Alarm Browser from the Devices sub menu...

Page 44: ...Uncheck the View last 300 alarms checkbox 3 From the drop down menu in the Field field select Source IP 4 Enter the IP address into Value field 5 Click Add Modify Condition This adds the condition So...

Page 45: ...w You can create a filter that uses several conditions but you cannot filter using multiple specifications of the same condition Multiple conditions are combined using a logical AND function all condi...

Page 46: ...on on a device exceeds a threshold utilization rises above 80 for example An alarm definition has three parts The basic alarm properties which include the event related parameters of the alarm its nam...

Page 47: ...List with the Overheat alarm selected 2 Scroll down in the list and select the Overheat alarm definition The basic properties for this alarm definition are displayed in the lower part of the page when...

Page 48: ...ure EPICenter s email settings click the Settings button to the right of the Email to field This opens the Alarm Definition Email Settings dialog Figure 16 The Email Settings dialog a Enter the host n...

Page 49: ...il server to respond 6 To configure EPICenter to send a text message as an alarm action click the Short email to check box to turn on the check 7 Type 4085551212 paging com as the email address in the...

Page 50: ...tab at the top of the window then click Add to open the New Alarm Definition dialog with the Basic tab displayed a Type a name for the alarm for example WAN Link Down in the Name field b Make sure th...

Page 51: ...b and do the following a Make sure the All devices and ports checkbox is not checked b Select Port in the Source Type field c Select the device Summit_24 from the Device list d Select the port 10 from...

Page 52: ...levant group You will not need to modify our alarms every time you add move or change elements in your network adding or removing ports or devices from the relevant devices groups will be sufficient 3...

Page 53: ...in the EPICenter threshold configuration function where the threshold conditions can be configured directly on the switch With threshold events traps are generated based on comparing the value of the...

Page 54: ...component under that rule The rule name will also appear in the Event Name list For CPU Utilization rules each target device for a CPU utilization rule appears as a separate component under the CPU U...

Page 55: ...an alarm in the EPICenter Alarm System you need to define an alarm that responds to a RMON Rising Threshold or RMON Falling Threshold event If you define an alarm based on the RMON Rising Threshold e...

Page 56: ...Close to dismiss the New Configuration dialog Configuring a CPU Utilization Rule NOTE CPU Utilization is only supported on switches running ExtremeWare 6 2 or later If you select CPU Utilization only...

Page 57: ...rossed the other threshold The diagram shown in Figure 23 illustrates how CPU Utilization trap events will occur once you have configured a CPU Utilization rising threshold The startup condition for a...

Page 58: ...e devices links between devices and basic status of those devices and links including link utilization statistics and VLAN membership and configuration information EPICenter automatically creates a de...

Page 59: ...he device or on a device in a submap with the color of the icon indication the highest severity level of the unacknowledged alarms The color of the links between devices indicates the status of the li...

Page 60: ...s using EDP and places those on the map as appropriate As new devices are added to the EPICenter inventory they are automatically added to the default map unless you have disabled the auto populate fe...

Page 61: ...States and Europe and you can add images of your own as well Figure 26 Topology Map with VLAN information Using Basic EPICenter Reports EPICenter provides a large number of reports based on the data...

Page 62: ...s can be sorted in a number of ways and many reports can be filtered to display only the data of interest based on the types of information shown in the report In addition from some reports the displa...

Page 63: ...ort showing phone and egress parts by device Logs Alarm Event Syslog Config Mgmt EPICenter alarm log more information available through Alarm Log Browser feature EPICenter event log entries Syslog ent...

Page 64: ...y Displays data in a MIB collection Users with an Administrator role can start or stop a collection Provides an interface to query for the value of specific MIB variables This is available only to use...

Page 65: ...ces and Device Groups dialog in the Inventory Manager Add devices to the inventory using a command line script You may also want to create in advance a set of Device Groups so that you can assign the...

Page 66: ...h a mask of 22 will expand to the range 10 203 16 1 10 203 19 254 a range of 1022 addresses The ranges specified through the use of wild cards and the subnet mask interact in that the two specificatio...

Page 67: ...oes not automatically add any devices to the EPICenter inventory From the Discovery Results window you can select individual or multiple devices to add to EPICenter s inventory database When you add d...

Page 68: ...s you an opportunity to either confirm it or change it as appropriate You can change what EPICenter uses as its defaults see Setting up Default Device Contact Information on page 35 or refer to the on...

Page 69: ...ce groups If you want to add devices to a specific device group other than Default the device group must exists before you add the devices The following is an example of a set of commands you could us...

Page 70: ...and still maintain the ability to contact the device You could then run a Telnet macro on the device to make changes to the other device contact settings To change contact information on multiple devi...

Page 71: ...evices in the group and modify the information for all those devices in a single operation Another very useful function of device groups is to create groups for scoping alarms To reduce load on your n...

Page 72: ...organize ports into groups using the Grouping Manager Port groups can include ports from many different devices and can be used as the scope for alarm definitions as well as in the Real Time Statisti...

Page 73: ...tistical display which makes it very easy to monitor the status of these critical links Figure 33 Utilization statistics for ports based on a port group Using this same port group as the scope you cou...

Page 74: ...in a device group or of a specific device type including the MAC address serial number and current image on the device From this report you can view a detailed report for an individual device If you...

Page 75: ...f it happens that you need to work with Extreme Networks Technical Assistance Center TAC the TAC personnel may need information on your devices in order to provide the appropriate assistance From the...

Page 76: ...76 EPICenter Concepts and Solutions Guide Managing your Network Assets...

Page 77: ...eate your own Telnet macros to perform device configuration actions and then have EPICenter run those macros on multiple devices Due to multi threading EPICenter can execute a macro on multiple device...

Page 78: ...lp in diagnosing a configuration problem for example Even though EPICenter can execute a macro concurrently on multiple devices it still logs the responses and results separately for each device and d...

Page 79: ...ity level local0 you could create the following macro config syslog add serverIP local0 enable syslog Once you ve saved this macro any time you want to configure EPICenter as a Syslog server on a swit...

Page 80: ...p up menu or from the Tools menu in many of EPICenter s applets This means that users who do not have access to the Telnet applet users with a Monitor role for example can still execute selected Telne...

Page 81: ...macro If you do not specify any execution role at all for the macro that macro will not be available for execution outside of the Telnet applet In that case only users who have access to the Telnet a...

Page 82: ...net macro with selected execution roles Note that if you add a new role to EPICenter after you have created your Telnet macros that role will not be included in the execution roles for your macros If...

Page 83: ...AN reports also provide information on VLAN membership in a form that can be printed out if desired See Chapter 5 Managing VLANs for a more detailed discussion of EPICenter s capabilities for managing...

Page 84: ...rts feature provides a large number of HTML based reports that can be used to monitor network configuration details These reports are tabular in nature but they can be printed out and in some cases th...

Page 85: ...des two facilities for configuring and monitoring the VLANs on your network through a graphical user interface the VLAN Manager and the Topology Views Both provide graphical user interfaces that let y...

Page 86: ...er s main view shows you a summary of all VLANs on your network either by switch or by VLAN Figure 38 Viewing VLANs by switch or by device in the VLAN Manager By selecting an individual VLAN you can s...

Page 87: ...om the drop down list in the VLAN field The devices and links that are not part of the VLAN are dimmed on the map so that the devices and links in the selected VLAN are visible Figure 39 Displaying a...

Page 88: ...VLAN and defining port membership across multiple devices Under the Properties Ports tab of the Add VLAN dialog EPICenter provides a list of all the switches and ports that are available to be added t...

Page 89: ...cted device in the By Switch Component Tree The Modify VLAN Membership dialog lets you add and delete ports and devices and ports from the selected VLAN the Modify VLAN dialog also lets you change oth...

Page 90: ...ption of proceeding or cancelling One benefit to creating or modifying VLAN port membership through a Topology map is that it makes it easy to determine whether you are adding link ports or edge ports...

Page 91: ...if the VLAN should not be configured on either end of the link you could use the VLAN Manager s Modify VLAN or Modify VLAN Membership commands to remove port 19 on Bld1Core from the bld1 vlan VLAN The...

Page 92: ...92 EPICenter Concepts and Solutions Guide Managing VLANs...

Page 93: ...nfigurations on your devices and to maintain an audit trail of configuration updates can help you troubleshoot when configuration problems arise Archiving Component Configurations You can use EPICente...

Page 94: ...ach device or limit the length of time EPICenter keeps a file In either case when the limit is reached the oldest files are deleted first If you don t want to schedule all your devices individually yo...

Page 95: ...anges to a device s configuration or if you know there have been and want to identify them you can compare two uploaded configuration files or to compare a configuration file with the baseline file fo...

Page 96: ...e larger than 1 Mbyte cannot be analyzed with the automatic change detection feature Device Configuration Management Log In the Configuration Manager you can view the status of the most recent configu...

Page 97: ...vices in the upgrade operation are compatible with the image you are planning to download The Firmware Manager will warn you and will not perform the upgrade if you attempt to specify devices that can...

Page 98: ...de process Figure 45 Multi step upgrade information display It will also proceed to do the first upgrade in the set of recommended upgrades When the first upgrade is finished you can request the same...

Page 99: ...from unauthorized external access as well as from internal access to sensitive company information Extreme Networks products incorporate multiple security features such as IP access control lists and...

Page 100: ...DIUS server The external RADIUS server can also be configured to return role information to EPICenter as a Vendor Specific Attribute VSA along with a successful authentication You must create correspo...

Page 101: ...in your network Select a device group to determine what SNMP version is configured for each device in that group If you change the contact password or SNMP community string EPICenter will ask if you...

Page 102: ...the devices for which you want EPICenter to use SSH for direct communications EPICenter will now use SSH instead of regular Telnet for direct communications with the device including Netlogin and poll...

Page 103: ...faster than the network search although the database may be less up to date as a full MAC address poll cycle can take a reasonably long time However if you want to identify the switch port where the h...

Page 104: ...traffic and continue other services Once DoS Protection is setup on the switches you could define an Alarm for the traps DOS Threshold cleared and DOS Threshold reached and have it take an action such...

Page 105: ...nts of your network or network traffic from one another Using VLANs you can create autonomous logical segments on your network for different business needs such as creating a Marketing VLAN a Finance...

Page 106: ...tes and manages VLANs for Extreme Networks devices In the EPICenter system a VLAN is defined uniquely by the following Name 802 1Q tag if defined Protocol filters applied to the VLAN As a result multi...

Page 107: ...u need to allow or block This should be based on your corporate security guidelines and the acceptable use guidelines for the hosts on your network 2 Set your access control requirements in order of p...

Page 108: ...resource services protocols allowed or denied 3 Save your new policy 4 Click the Order button to set the order of precedence for your policies This must match the order you determined while designing...

Page 109: ...access and accountability features of a wired network with the flexibility of on demand access and roaming A wireless host can log into the network in one building and then roam to another building on...

Page 110: ...nterface as well as the number of clients associating through that interface Refer to Chapter 16 in the EPICenter Reference Guide for details on the Wireless AP Report and the Wireless Interface Repor...

Page 111: ...xclude these cases from the report you can specify a wireless client time out length minimum connection time to correspond to the client age out setting on the switch Figure 49 shows an example of a S...

Page 112: ...etection To do this you configure authorized APs using the Safe AP MAC Address List The Safe AP Mac List shows the list of MAC addresses that belong to Access Points that have been determined to be le...

Page 113: ...pping and interception of your critical data you must monitor and control the clients accessing your wireless networks EPICenter provides the tools to determine the security abilities of the clients a...

Page 114: ...of rogue access points unauthenticated clients and the number of clients using different authentications methods Each summary type provides a direct link to a detailed report on these topics Performan...

Page 115: ...s a user could not log in using telnet INFO SYST User pjorgensen logged out from telnet 209 75 2 1 These messages indicate that a telnet connection was opened to a switch and then closed without enter...

Page 116: ...116 EPICenter Concepts and Solutions Guide Managing Wireless Networks...

Page 117: ...affect the performance of EPICenter Some of these you can affect with various settings in EPICenter In other cases you may be able to affect the overall performance of the system by considering how yo...

Page 118: ...EPICenter does several types of polling using SNMP or Telnet for the information it needs SNMP Polling EPICenter does two types of polls for device information using SNMP A global heartbeat poll that...

Page 119: ...retrieving Netlogin information for retrieving ESRP information on older Extreme switches and for retrieving Alpine power supply IDs You cannot modify its frequency other than as discussed for MAC pol...

Page 120: ...larms are predefined in the EPICenter database and all are enabled by default scoped for all devices and ports Authentication failure SNMP MIB 2 trap Config Upload Failed EPICenter event indicates fai...

Page 121: ...generated for each type of event 3 If this list shows large number of alarm instances for an alarm that you don t care about disabling that alarm could potentially have a beneficial impact on EPICente...

Page 122: ...Port then the Select Group field lets you select a Device Group to display the devices in the group in the field below If the Source Type is Devices individual devices in the selected Device Group ca...

Page 123: ...about alarm log backups Using the MIB Poller Tools The MIB Poller Tools found in the Reports module can be used to collect and inspect data from any MIB variables supported by the devices on your netw...

Page 124: ...r oid name scalarVariable1 dataLabel Label description oid name scalarVariable2 dataLabel Label description scalar scope ipAddress 123 234 345 456 scope ipAddress 123 234 345 789 collection collection...

Page 125: ...ced in the user collections directory The Reload button in the MIB Poller Summary report will load the collections xml specification and begin the collection process if the initialState property speci...

Page 126: ...the collection definitions Once you have loaded the collections xml file the collections defined in that file will continue to be maintained either running or stopped until they are replaced by reload...

Page 127: ...s The status of the collection running or stopped Startup State Whether the poll should be started automatically when it is loaded running or should be left in the stopped state Poll Saving Limit The...

Page 128: ...for which to export the collection results To export results for a device click to check the appropriate box then click the Export button below the table You can select all devices by checking the bo...

Page 129: ...Poller Summary report or from the MIB POller Poling DEtail Report From the MIB Poller Summary report you can export the results for an entire collection click the Export link in the row for the colle...

Page 130: ...gure 57 A MIB Query example To perform a MIB query you enter the required data into the appropriate fields Enter into the first field the IP addresses of the devices from which you want to get data En...

Page 131: ...ou may need to change the ports used by the Tomcat server if they conflict with those used by other applications To change these ports you must edit the server xml file found in the tomcat conf direct...

Page 132: ...o use any of these tools except under the direction of Extreme Networks Technical Assistance Center personnel This report provides links to the following tools Set logging level lets you set the Serve...

Page 133: ...OTE Avaya s Avaya Integrated Management 2 2 is supported on Windows 2000 and Windows 2003 Server therefore the Avaya EPICenter integration is only supported in those two operating environments For inf...

Page 134: ...alled as a plug in to HP OpenView Import IP Phones gets location and status information about IP phones connected to an Extreme Networks device Sync IP Phones updates location and status information f...

Page 135: ...P servers but only one run To avoid problems you should disable one of the TFTP servers and configure the TFTP root to point to the enabled TFTP server To disable the TFTP server in EPICenter do the f...

Page 136: ...ntory Manager database The discovery typically discovers both Avaya network devices and Avaya IP phones NOTE It is recommended that you NOT add Avaya IP phones into the EPICenter Inventory database IP...

Page 137: ...select an Avaya device either in the Component Tree or from a feature such Topology map you can use the Device sub menu to launch the Avaya Device Manager for the selected Avaya device The Device sub...

Page 138: ...u The three Avaya specific commands are Table 5 Avaya Sub menu Commands on Tools Menu AIM Console Launches the Avaya Integrated Management Console If your client is running on the same system where th...

Page 139: ...h the Device Slot or Port Properties displays for those devices You can also view an IP Phones report using the Reports feature that shows you the identities locations and status information for all t...

Page 140: ...only be able to detect the phone when it appears on a port on an Extreme Networks device This can result in multiple phones appearing on a single port the port connecting the Extreme device and the Av...

Page 141: ...uired a message box shows the progress of the sync operation When the Sync has finished updated information can be viewed through the Properties displays or through the IP Phones report The IP Phones...

Page 142: ...ation IP Phones Reports The IP Phones report shows the complete inventory of IP phones known to EPICenter The report can be sorted based on any of the columns and can be filtered by Device Group and w...

Page 143: ...ter Admin applet that control aspects of the EPICenter Avaya integration Through the Avaya Server properties you can set The Avaya Integrated Management server host IP address the URL for the Avaya In...

Page 144: ...anagement Console when the EPICenter client is running on the same system as the Avaya Integrated Management and EPICenter servers AIM Web Port The port used to communicate via HTTP with the Avaya Int...

Page 145: ...nter starts the Avaya user will be logged in automatically to EPICenter assuming he she is a known user If the user cannot be recognized the user will be mapped to one of the default EPICenter users a...

Page 146: ...146 EPICenter Concepts and Solutions Guide VoIP and EPICenter Avaya Integrated Management...

Page 147: ...The policy system translates those policy components into the specific information needed for QoS configuration of network devices It also detects overlaps and conflicts in policies with precedence ru...

Page 148: ...tation type Access based Security QoS IP QoS Source Port QoS or VLAN QoS The implementation type determines the type of traffic grouping the switch will look for in implementing the policy This in tur...

Page 149: ...amically applied to and removed from the network in response to network login and 802 1x login and logout events The IP addresses are static in nature and determined by the network resources The devic...

Page 150: ...ffic between the user and the network resource s can be prioritized and guaranteed by the assignment of a specific quality profile on a per user basis You can also further define the network resource...

Page 151: ...C as user endpoints In addition you can indicate that the traffic from the server should be filtered only to include traffic generated by the Baan application which translates to TCP traffic originati...

Page 152: ...ient to the server Although not shown in this diagram you can specify multiple servers as well as multiple clients Figure 67 IP QoS policy Unlike the VLAN and source port policy types Security and IP...

Page 153: ...specify a large number of endpoints for both servers and clients For n servers and m clients the number of traffic flows affected by the policy will be m n For this reason the use of subnets rather t...

Page 154: ...i directional and implements Source Port QoS on the traffic flow from the specified source port Figure 69 Source Port policy You can specify multiple source ports in a single policy and you can specif...

Page 155: ...e specified VLANs on the devices you have defined in your policy scope Figure 70 shows the effects of a VLAN Policy that has been specified for VLAN A and scoped on switches A and B The policy specifi...

Page 156: ...tself is determined by the configuration of each individual switch If you want to ensure that VLAN QoS is effective end to end you should make sure your switch to switch links use tagged ports Policy...

Page 157: ...ost are entered into the EPICenter database through the Grouping Manager either using the Import capability or through the GUI A Host to IP address mapping can be established in several ways The IP ad...

Page 158: ...e Policy Manager from mappings associated with named components such as users or hosts They can also be entered directly as endpoints in an IP policy traffic definition QoS Profiles QoS profiles provi...

Page 159: ...s limited to the edge device to which the user is connected many of these issues are not relevant for Security policies Assume that you want to define an IP policy Access List rule applying to all TCP...

Page 160: ...ser resources either by entering them individually through the GUI or by importing them Ensure that a mapping relationship exists from each user to an IP address This is necessary so that the Policy M...

Page 161: ...en the resources in a policy scope is used to determine which QoS profile specification should be used when a particular device is specified multiple times within a scope definition Policy precedence...

Page 162: ...e Policy Manager toolbar The EPICenter policy server also supports policy enabling and disabling and policy configuration through an external access protocol and API External applications can use Tcl...

Page 163: ...Appendices...

Page 164: ......

Page 165: ...cation you can run the EPICenter client in debug mode In Windows 2000 XP enter one of the following commands at the prompt in a command window or in the Run field If you have both server and client in...

Page 166: ...e browser 1 Start the client with the URL http host port everest debug 2 After you enter your login information but before the main EPICenter page is displayed a page with debug settings is displayed...

Page 167: ...down list in the Color Palette field to select the appropriate setting Problem After running for a while the display disappears in some applets Windows browser only Under some conditions in the browse...

Page 168: ...mmand window The following commands assume you have accepted the default installation location c Program Files Extreme Networks EPICenter 5 0 If you have installed EPICenter in a different location su...

Page 169: ...the ping command from a MS DOS or Solaris command shell If the switch is using SNMPv1 verify that the read and write community strings used in EPICenter match those configured on the switch If the swi...

Page 170: ...erence Guide for information on the EPICenter Administration applet Problem Telnet polling messages can fill up a device s syslog file For switches running older versions of ExtremeWare prior to 6 0 t...

Page 171: ...ich the network connection is listed in the Adapters and Bindings tab in Advanced Settings and may not be the NIC that is actually connected to the management network There is no guarantee that the pr...

Page 172: ...th a secondary IP address EPICenter does not currently support secondary IP addressing for a VLAN Problem Configuration fails when attempting to configure a VLAN with a modified protocol definition EP...

Page 173: ...the New Alarm Definition dialog You need to specify an e mail server in order to send e mail Click the Settings button next to the Email to field to set up your mail server Problem An RMON rule is def...

Page 174: ...n Problem Email alarm actions generate too much text for a text pager You can use the Short email to option to send an abbreviated message appropriate for a text pager or cell phone The short email pr...

Page 175: ...nter Reference Guide for more information on setting EPICenter server properties Problem Discovery does not display the MAC address for some devices in discovery results list In addition may not add t...

Page 176: ...ort the browser can appear to freeze Printing a report or a topology map can cause the browser utilization to become very high approaching 100 and can spool a very large amount of memory There is no c...

Page 177: ...omains are configured with different tags on different switches Reports Problem After viewing reports added a user defined report but it doesn t appear in the list of reports on the main reports page...

Page 178: ...178 EPICenter Concepts and Solutions Guide Troubleshooting...

Page 179: ...to upload or download device configurations or to download new software versions The VlanMgr utility used to create reset and delete VLANs The ImportResources utility used to import resources into th...

Page 180: ...he password on device 10 205 1 51 to use an empty string enter the command devcli mod u admin a 10 205 1 51 d NOTE If you are running the DevCLI on a Windows platform enter forward slashes to separate...

Page 181: ...word e Device group description None f Input file name for IP addresses This specifies an ascii file that contains a list of IP addresses one per line No other information can be included in this file...

Page 182: ...ng one device group name and one description if applicable per line such as Device Group 2 Marketing Building B dg4 If a line has multiple words delimited by white space and the words are not enclosed...

Page 183: ...ault c Program Files Extreme Networks EPICenter 5 0 under Windows or opt extreme epc5_0 under Solaris You must have the user scripts bin directory as your current directory in order to run these scrip...

Page 184: ...illustrate the usage of these commands To export slot information to the file slotinventory csv from the EPICenter database whose login is admin123 and password is sesame under Windows enter the follo...

Page 185: ...ter the following command msinv sh d o devices csv s serverlist2 txt This command logs in to each of the EPICenter servers specified in the file serverlist2 txt using the default login and password an...

Page 186: ...the following command snmpcli snmpget a 10 205 0 99 o 1 3 6 1 4 1 1916 1 1 1 9 Table 8 specifies the options you can use with these commands SNMPCLI Examples The following examples illustrate the usag...

Page 187: ...The EPICenter Port Configuration utility provides a way for an EPICenter administrator to change some of EPICenter s logical TCP IP port numbers in the event that there are conflicts between these por...

Page 188: ...you want to keep the new value anyway 4 To have the new port settings take effect restart the server s whose ports you have changed Changes do not take effect until the corresponding service is stoppe...

Page 189: ...rms based on criteria such as the alarm name severity category source the IP address or IP address and port that generated the alarm and whether the alarm has been acknowledged You can combine many of...

Page 190: ...However there are no alarms that meet this criteria since an alarm cannot be both To display both alarms that are acknowledged and alarms that are unacknowledged do not specify either option c catego...

Page 191: ...Failed To find all alarm log entries that were generated from port 12 on device 10 2 3 4 and place the results in the file device1 txt enter the following command AlarmMgr user admin dip 10 2 3 4 p 12...

Page 192: ...on Value Default user username EPICenter user name This option is required None password password EPICenter user password If the password is blank do not include this argument No password host hostnam...

Page 193: ...server port specification You can specify individual devices device groups and port groups in a single command FindAddr Output The output from the FindAddr command is displayed as tab delimited text...

Page 194: ...created by default in the EPICenter bin directory The TransferMgr Utility The Transfer Manager utility TransferMgr allows you to upload configuration information from a device to a file and to downloa...

Page 195: ...The TransferMgr Utility EPICenter Concepts and Solutions Guide 195 The EPICenter user name one of the four transfer options and a device IP address are required Other options are optional...

Page 196: ...be placed tftp_root is the location of your TFTP server By default tftp_root is EPICenter_install_dir user tftp tftp_root config s a Place upload file into the archive directory tftp_root configs year...

Page 197: ...iple TransferMgr commands TransferMgr Examples The following examples illustrate the usage of these commands To upload configuration information from device 10 20 30 40 enter the following command Tra...

Page 198: ...ng the VlanMgr Command The VlanMgr utility is located in the EPICenter bin directory EPICenter_install_dir bin By default this is Program Files Extreme Networks EPICenter 5 0 bin in Windows or opt ext...

Page 199: ...dded to VLAN as untagged ports on the device specified by the preceding dip option These options must immediately follow the dip option to which they apply Each option may be specified once per dip op...

Page 200: ...t device and its ports will be removed from the VLAN port ports Ports to be included in the VLAN as untagged ports on the device specified by the preceding dip option If this option is not included an...

Page 201: ...2 leaving the configuration otherwise unchanged enter the following command VlanMgr user admin modify test2 dip 10 201 20 35 tagport 10 11 12 ipf ip 10 201 20 100 24 dip 10 201 20 36 tagport 11 12 13...

Page 202: ...text file you define the resources you want to import in a tab delimited text file See Importing from a File in Chapter 8 of the EPICenter Reference Guide for details Importing from an LDAP Directory...

Page 203: ...g command ImportResources user admin s NewUsers domain Table 13 ImportResources command options Option Value Default user username EPICenter user name This option is required None password password EP...

Page 204: ...204 EPICenter Concepts and Solutions Guide EPICenter Utilities This imports user data from the Windows Domain Controller that is serving the domain where the EPICenter server resides...

Page 205: ...stics 114 architecture of EPICenter software 21 auto configuration 161 Avaya Integrated Management commands table 138 description 133 installation 134 IP phones and EPICenter 139 launching 137 launchi...

Page 206: ...face report 63 inventory changing device information 69 creation 65 discovery 65 export scripts 183 importing devices with DevCLI 68 69 manually adding devices 68 monitoring links 72 organizing with d...

Page 207: ...Detail 63 Wireless Summary 63 Resource to Attribute report 64 rising threshold CPU utilization 56 RMON alarm event generation 55 57 alarm examples 50 event generation figure 55 predefined alarms 41 S...

Page 208: ...9 manager access 19 monitor access 19 using RADIUS 100 User to Host report 64 user defined macro variables 80 User Defined Telnet Macros 78 users as policy components 158 V VLAN Manager description 18...

Reviews:

No comments

Related manuals for EPICenter 5.0

Samsung SCX 4500 - B/W Laser - All-in-One Manual preview
SCX 4500 - B/W Laser - All-in-One
Brand: Samsung Pages: 21
Samsung SCX 4828FN - Laser Multi-Function Printer Manual preview
SCX 4828FN - Laser Multi-Function Printer
Brand: Samsung Pages: 38
Samsung SCX 4725FN - B/W Laser - All-in-One Manual preview
SCX 4725FN - B/W Laser - All-in-One
Brand: Samsung Pages: 33
Garmin GPSMAP GPSMAP 196 Getting Started preview
GPSMAP GPSMAP 196
Brand: Garmin Pages: 4
Garmin MapSource Owner'S Manual preview
MapSource
Brand: Garmin Pages: 2
MACROMEDIA COLDFUSION MX 7.0.2-USING COLDFUSION MX WITH FLEX... Use Manual preview
COLDFUSION MX 7.0.2-USING COLDFUSION MX WITH FLEX...
Brand: MACROMEDIA Pages: 90
Alphasmart AS 3000 Installation And User Manual preview
AS 3000
Brand: Alphasmart Pages: 4
Avermedia A16AR User Manual preview
A16AR
Brand: Avermedia Pages: 97
VESA DisplayPort User Manual preview
DisplayPort
Brand: VESA Pages: 18
DeLorme Topo North America User Manual preview
Topo North America
Brand: DeLorme Pages: 369
VDO TIS OFFICE Brochure preview
TIS OFFICE
Brand: VDO Pages: 8
Red Hat Application Server Manual preview
Application Server
Brand: Red Hat Pages: 296
Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual preview
CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Brand: Red Hat Pages: 564
Symantec Norton Antispam Personal Firewall and Systemwork - Norton Antispam User Manual preview
Norton Antispam Personal Firewall and Systemwork - Norton Antispam
Brand: Symantec Pages: 33
Symantec NORTON 360 5.0 User Manual preview
NORTON 360 5.0
Brand: Symantec Pages: 40
Symantec NORTON GHOST User Manual preview
NORTON GHOST
Brand: Symantec Pages: 80
Symantec OLE Automation Manual preview
OLE Automation
Brand: Symantec Pages: 91
Symantec ALTIRIS INVENTORY 7.0 SP2 - FOR NETWORK DEVICES V1.0 Manual preview
ALTIRIS INVENTORY 7.0 SP2 - FOR NETWORK DEVICES V1.0
Brand: Symantec Pages: 148

Brands by name

Popular brands

Load more brands