manualshive.com logo in svg

Extreme Networks EPICenter 5.0, Руководство пользователя

Поделиться
Скачать
Extreme Networks EPICenter 5.0 Скачать руководство пользователя страница 107

 

Network Access Security

EPICenter Concepts and Solutions Guide

107

See Chapter 5 “Managing VLANs” for more information about how EPICenter can help you manage the 
VLANs on your network.

Using IP Access Lists

IP access lists (ACLs) determine what traffic is allowed on your network. ACLs use a set of access rules 
you create to determine if each packet received on a switch port is allowed to pass through the switch, 
and if so, at what priority and with how much bandwidth, or is denied (dropped) at the ingress port. 
ACLs can be use to regulate both the type of traffic, the priority and minimum and maximum 
bandwidth (via a QoS profile), and the source or destination of the traffic allowed on your network. 
This is done by setting up access lists for the traffic, and determining if the traffic is allowed or denied 
on the network, and if allowed, what QoS Profile applies. The access list controls can be set based on 
the source or destination addresses. Refer to the 

ExtremeWare Software User Guide

 for complete 

description and syntax for ACLs.

You should use access lists to provide basic controls on what kind of traffic you will allow on your 
network. Without access lists, any traffic from anywhere can traverse your entire network. For example, 
you use access lists to allow HTTP traffic across your network, but deny online gaming traffic.

Designing IP Access Lists Through Policies

Access lists are configured based on policies created through EPICenter. Before creating these policies, 
you need to translate your security requirements into appropriate IP or security policies. To design your 
access list requirements, follow these steps:

1

Determine what traffic types you want to allow and deny on your network. Be sure to include both 
protocol types and source or destination addresses you need to allow or block. This should be based 
on your corporate security guidelines and the acceptable use guidelines for the hosts on your 
network.

2

Set your access control requirements in order of precedence. Traffic will be checked against access 
lists in order, using the first matching access list as the control for that traffic pattern.

3

Verify there is an appropriate “fall-through” control in your access list design. This default control is 
what will be used when all other access lists do not match the traffic pattern. Typically, this default 
control is a “deny-all” access list to block all traffic that does not match any security policy in place.

Using EPICenter to Create Access Lists

You use the optional Policy Manager feature in EPICenter to configure and monitor access lists. The 
Policy Manager has a set of predefined services that you can configure to control network traffic 
between users, devices or groups of users and devices. You create a set of policies to match the traffic 
controls you want in place on your network. You must also set up the order in which these policies will 
be applied. EPICenter uses these high-level policies to automatically create a set of access lists in each of 
the network devices affected by the policy. When traffic comes into your network, the Extreme 
Networks ingress switch port compares the traffic pattern (protocol, source and destination addresses 
and ports) with the set of configured access lists. The access list is traversed in order until a match 
occurs. If the traffic pattern matches an access list, that access list controls what happens to the traffic 
(allowing it to continue on the network, or denying it and dropping the packets at the ingress port).

You need to have the appropriate license to use the optional Policy Manager feature in EPICenter. 
Selecting the Policy Manager from the navigation bar in EPICenter displays the list of configured 
policies. To create a new policy for IP Access Lists, follow these steps:

Содержание EPICenter 5.0

Страница 1: ...Networks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 http www extremenetworks com EPICenter Concepts and Solutions Guide Version 5 0 Published October 2004 Part number 100175 00...

Страница 2: ...are trademarks of Extreme Networks Inc which may be registered or pending registration in certain jurisdictions The Extreme Turbodrive logo is a service mark of Extreme Networks which may be registere...

Страница 3: ...ing Manager 16 The IP MAC Address Finder 16 The Telnet Feature 16 Real Time Statistics 17 Topology Views 17 Enterprise wide VLAN Management 18 The ESRP Manager 18 The STP Monitor 18 EPICenter Reports...

Страница 4: ...ing Baseline Configuration Files in the Configuration Manager 37 Scheduling Configuration File Archiving 39 Checking for Software Updates 40 Using the EPICenter Alarm System 41 Predefined Alarms 41 Th...

Страница 5: ...Multidevice VLAN Configuration 88 Modifying VLANs from a Topology Map 89 Displaying VLAN Misconfigurations with Topology Maps 90 Chapter 6 Managing Network Device Configurations and Updates Archiving...

Страница 6: ...Status with Reports 114 Performance Visibility with Reports 114 Debugging Access Issues with Syslog Reports 115 Fault Isolation with Reports 115 Chapter 9 Tuning and Debugging EPICenter Monitoring an...

Страница 7: ...e 145 Chapter 11 Policy Manager Overview Overview of the Policy Manager 147 Basic EPICenter Policy Definition 148 Policy Types 149 Access based Security Policies 149 IP Based Policies Access List Poli...

Страница 8: ...ing the SNMPCLI Utility 185 SNMPCLI Examples 186 Port Configuration Utility 187 The AlarmMgr Utility 188 Using the AlarmMgr Command 189 AlarmMgr Output 191 AlarmMgr Examples 191 The FindAddr Utility 1...

Страница 9: ...dging concepts Routing concepts The Simple Network Management Protocol SNMP NOTE If the information in the Release Notes shipped with your software differs from the information in this guide follow th...

Страница 10: ...ould type a particular command The words enter and type When you see the word enter in this guide you must type something and then press the Return or Enter key Do not press the Return or Enter key wh...

Страница 11: ...nline Help available from the Help menu in each EPICenter applet as well as through Help buttons in most windows and dialogs throughout the software Other manuals that you will find useful are Extreme...

Страница 12: ...12 EPICenter Concepts and Solutions Guide Preface...

Страница 13: ...are easy to use from a client workstation running EPICenter client software or from a workstation configured with a web browser and the Java plug in EPICenter leverages the three tier client server ar...

Страница 14: ...re For even larger networks you can split the management task among several EPICenter servers in a distributed server mode that lets you monitor the status of those servers from a single client Policy...

Страница 15: ...covered by specific IP address or within a range of IP addresses Third party devices that support SNMP version 3 SNMPv3 are discovered as SNMP version 1 SNMPv1 and are added to the EPICenter database...

Страница 16: ...One of the powerful features of the EPICenter software is its ability to take actions on multiple devices or resources with a single user action The Grouping Manager facilitates this by letting you or...

Страница 17: ...en save print or e mail the page Topology Views The EPICenter software s Topology feature allows you to view your network EPICenter managed devices and the links between Extreme Networks devices as a...

Страница 18: ...SRP enabled VLANs being monitored by the EPICenter software You can also view detailed information for an individual ESRP enabled VLAN and the switches in those VLANs The STP Monitor The EPICenter Spa...

Страница 19: ...e Utilities The EPICenter software provides a number of stand alone utilities or scripts that streamline the process of getting information into and out of the EPICenter database or facilitate certain...

Страница 20: ...her servers in the group From the EPICenter home page a client attached to any one of the servers in the server group can view summary status information from the other servers in the group in additio...

Страница 21: ...e also gives you the ability to gather device status at any time using the Sync feature in the Inventory Manager applet To avoid the overhead of frequent device polling the EPICenter software also use...

Страница 22: ...in device status such as fan failure or overheating or configuration changes made on the switch through the ExtremeWare CLI or ExtremeWare Vista For non Extreme devices EPICenter does not automaticall...

Страница 23: ...EPICenter to poll the switch and update all configuration and status information except for uploaded configuration files During a Sync operation the SmartTraps rules are also reset in case the user h...

Страница 24: ...escription files may be added over time check the Extreme Networks web site for information on new device support EPICenter also provides support for Avaya Voice network devices through an integration...

Страница 25: ...nter server is running multiple clients can connect to it The EPICenter software supports multiple administrator users with different roles that determine the EPICenter functions each user can perform...

Страница 26: ...commended etc init d EPICenter start To run the EPICenter Server as an application 1 Set the current directory to the EPICenter install directory cd install_dir install_dir is the directory path where...

Страница 27: ...nter 5 0 then select EPICenter 5 0 Client If you are running the client on a system different from where the EPICenter server is installed select EPICenter 5 0 Client then select Client Application Th...

Страница 28: ...PICenter client in a Solaris environment 1 Set the current directory cd install_dir install_dir is the directory path where you installed the EPICenter components If you installed in the default direc...

Страница 29: ...EPICenter user name in the User field If you are the network administrator logging in to the EPICenter server for the first time since it has been installed use the name admin Once you have logged in...

Страница 30: ...Software Images Updates window or Remind Me Later which closes the window The EPICenter Home page appears displaying the Network Summary Report as shown in Figure 4 Figure 4 The EPICenter Home page S...

Страница 31: ...Java based applets that operate on device configuration and status information stored in the EPICenter database The devices being managed are the common thread between these applets or features and m...

Страница 32: ...Administration applet where the features of EPICenter itself can be configured and where users can be added or deleted and their roles modified The Manager role provided full read write access to all...

Страница 33: ...Manager applet Using Discovery When you first run EPICenter the device inventory is empty The easiest way to populate the inventory database is to use Discovery to automatically detect the devices on...

Страница 34: ...of devices you want to add and click the Add button For each device or set of devices you add to the inventory database EPICenter first asks you to provide contact information for those devices The de...

Страница 35: ...n with no password SSH2 disabled For Cisco devices only the default Cisco enable password none Default SNMP v1 community strings public for read and private for write SNMP V3 user initialmd5 SNMP V3 p...

Страница 36: ...ew group you can specify the devices that should be included in the group The Available Devices list shows you all the devices available to be placed in the new device group Figure 7 Adding a device g...

Страница 37: ...rd Since there are multiple versions of software for different device and module types and the software images and bootROM versions must also be compatible the Firmware Manager can warn you if you att...

Страница 38: ...or a device the Device display indicates which configuration file is the one that became the baseline file as shown in Figure 9 Subsequent configuration uploads are compared to the baseline and if cha...

Страница 39: ...o schedule uploads on a regular basis click Archive or select the Archive command from the Config menu The Schedule Upload window has three tabs From the Device Schedule tab you can select a set of de...

Страница 40: ...heck the Extreme Networks web site to determine if new versions have been released When you install EPICenter you can enable the Automatic Information Update feature This feature will connect to the E...

Страница 41: ...es a set of predefined enabled alarms that will immediately report conditions such as authentication or login failures device problems such as power supply or fan failures reachability problems or dev...

Страница 42: ...usive Mode To receive traps from non Extreme Networks devices you must manually configure those devices to send traps to the EPICenter server See Appendix B in the EPICenter Reference Guide for inform...

Страница 43: ...display filters to view any subset of alarms that you wish If you have selected a device in another applet when you open the Alarm Browser or if you invoke the Alarm Browser from the Devices sub menu...

Страница 44: ...Uncheck the View last 300 alarms checkbox 3 From the drop down menu in the Field field select Source IP 4 Enter the IP address into Value field 5 Click Add Modify Condition This adds the condition So...

Страница 45: ...w You can create a filter that uses several conditions but you cannot filter using multiple specifications of the same condition Multiple conditions are combined using a logical AND function all condi...

Страница 46: ...on on a device exceeds a threshold utilization rises above 80 for example An alarm definition has three parts The basic alarm properties which include the event related parameters of the alarm its nam...

Страница 47: ...List with the Overheat alarm selected 2 Scroll down in the list and select the Overheat alarm definition The basic properties for this alarm definition are displayed in the lower part of the page when...

Страница 48: ...ure EPICenter s email settings click the Settings button to the right of the Email to field This opens the Alarm Definition Email Settings dialog Figure 16 The Email Settings dialog a Enter the host n...

Страница 49: ...il server to respond 6 To configure EPICenter to send a text message as an alarm action click the Short email to check box to turn on the check 7 Type 4085551212 paging com as the email address in the...

Страница 50: ...tab at the top of the window then click Add to open the New Alarm Definition dialog with the Basic tab displayed a Type a name for the alarm for example WAN Link Down in the Name field b Make sure th...

Страница 51: ...b and do the following a Make sure the All devices and ports checkbox is not checked b Select Port in the Source Type field c Select the device Summit_24 from the Device list d Select the port 10 from...

Страница 52: ...levant group You will not need to modify our alarms every time you add move or change elements in your network adding or removing ports or devices from the relevant devices groups will be sufficient 3...

Страница 53: ...in the EPICenter threshold configuration function where the threshold conditions can be configured directly on the switch With threshold events traps are generated based on comparing the value of the...

Страница 54: ...component under that rule The rule name will also appear in the Event Name list For CPU Utilization rules each target device for a CPU utilization rule appears as a separate component under the CPU U...

Страница 55: ...an alarm in the EPICenter Alarm System you need to define an alarm that responds to a RMON Rising Threshold or RMON Falling Threshold event If you define an alarm based on the RMON Rising Threshold e...

Страница 56: ...Close to dismiss the New Configuration dialog Configuring a CPU Utilization Rule NOTE CPU Utilization is only supported on switches running ExtremeWare 6 2 or later If you select CPU Utilization only...

Страница 57: ...rossed the other threshold The diagram shown in Figure 23 illustrates how CPU Utilization trap events will occur once you have configured a CPU Utilization rising threshold The startup condition for a...

Страница 58: ...e devices links between devices and basic status of those devices and links including link utilization statistics and VLAN membership and configuration information EPICenter automatically creates a de...

Страница 59: ...he device or on a device in a submap with the color of the icon indication the highest severity level of the unacknowledged alarms The color of the links between devices indicates the status of the li...

Страница 60: ...s using EDP and places those on the map as appropriate As new devices are added to the EPICenter inventory they are automatically added to the default map unless you have disabled the auto populate fe...

Страница 61: ...States and Europe and you can add images of your own as well Figure 26 Topology Map with VLAN information Using Basic EPICenter Reports EPICenter provides a large number of reports based on the data...

Страница 62: ...s can be sorted in a number of ways and many reports can be filtered to display only the data of interest based on the types of information shown in the report In addition from some reports the displa...

Страница 63: ...ort showing phone and egress parts by device Logs Alarm Event Syslog Config Mgmt EPICenter alarm log more information available through Alarm Log Browser feature EPICenter event log entries Syslog ent...

Страница 64: ...y Displays data in a MIB collection Users with an Administrator role can start or stop a collection Provides an interface to query for the value of specific MIB variables This is available only to use...

Страница 65: ...ces and Device Groups dialog in the Inventory Manager Add devices to the inventory using a command line script You may also want to create in advance a set of Device Groups so that you can assign the...

Страница 66: ...h a mask of 22 will expand to the range 10 203 16 1 10 203 19 254 a range of 1022 addresses The ranges specified through the use of wild cards and the subnet mask interact in that the two specificatio...

Страница 67: ...oes not automatically add any devices to the EPICenter inventory From the Discovery Results window you can select individual or multiple devices to add to EPICenter s inventory database When you add d...

Страница 68: ...s you an opportunity to either confirm it or change it as appropriate You can change what EPICenter uses as its defaults see Setting up Default Device Contact Information on page 35 or refer to the on...

Страница 69: ...ce groups If you want to add devices to a specific device group other than Default the device group must exists before you add the devices The following is an example of a set of commands you could us...

Страница 70: ...and still maintain the ability to contact the device You could then run a Telnet macro on the device to make changes to the other device contact settings To change contact information on multiple devi...

Страница 71: ...evices in the group and modify the information for all those devices in a single operation Another very useful function of device groups is to create groups for scoping alarms To reduce load on your n...

Страница 72: ...organize ports into groups using the Grouping Manager Port groups can include ports from many different devices and can be used as the scope for alarm definitions as well as in the Real Time Statisti...

Страница 73: ...tistical display which makes it very easy to monitor the status of these critical links Figure 33 Utilization statistics for ports based on a port group Using this same port group as the scope you cou...

Страница 74: ...in a device group or of a specific device type including the MAC address serial number and current image on the device From this report you can view a detailed report for an individual device If you...

Страница 75: ...f it happens that you need to work with Extreme Networks Technical Assistance Center TAC the TAC personnel may need information on your devices in order to provide the appropriate assistance From the...

Страница 76: ...76 EPICenter Concepts and Solutions Guide Managing your Network Assets...

Страница 77: ...eate your own Telnet macros to perform device configuration actions and then have EPICenter run those macros on multiple devices Due to multi threading EPICenter can execute a macro on multiple device...

Страница 78: ...lp in diagnosing a configuration problem for example Even though EPICenter can execute a macro concurrently on multiple devices it still logs the responses and results separately for each device and d...

Страница 79: ...ity level local0 you could create the following macro config syslog add serverIP local0 enable syslog Once you ve saved this macro any time you want to configure EPICenter as a Syslog server on a swit...

Страница 80: ...p up menu or from the Tools menu in many of EPICenter s applets This means that users who do not have access to the Telnet applet users with a Monitor role for example can still execute selected Telne...

Страница 81: ...macro If you do not specify any execution role at all for the macro that macro will not be available for execution outside of the Telnet applet In that case only users who have access to the Telnet a...

Страница 82: ...net macro with selected execution roles Note that if you add a new role to EPICenter after you have created your Telnet macros that role will not be included in the execution roles for your macros If...

Страница 83: ...AN reports also provide information on VLAN membership in a form that can be printed out if desired See Chapter 5 Managing VLANs for a more detailed discussion of EPICenter s capabilities for managing...

Страница 84: ...rts feature provides a large number of HTML based reports that can be used to monitor network configuration details These reports are tabular in nature but they can be printed out and in some cases th...

Страница 85: ...des two facilities for configuring and monitoring the VLANs on your network through a graphical user interface the VLAN Manager and the Topology Views Both provide graphical user interfaces that let y...

Страница 86: ...er s main view shows you a summary of all VLANs on your network either by switch or by VLAN Figure 38 Viewing VLANs by switch or by device in the VLAN Manager By selecting an individual VLAN you can s...

Страница 87: ...om the drop down list in the VLAN field The devices and links that are not part of the VLAN are dimmed on the map so that the devices and links in the selected VLAN are visible Figure 39 Displaying a...

Страница 88: ...VLAN and defining port membership across multiple devices Under the Properties Ports tab of the Add VLAN dialog EPICenter provides a list of all the switches and ports that are available to be added t...

Страница 89: ...cted device in the By Switch Component Tree The Modify VLAN Membership dialog lets you add and delete ports and devices and ports from the selected VLAN the Modify VLAN dialog also lets you change oth...

Страница 90: ...ption of proceeding or cancelling One benefit to creating or modifying VLAN port membership through a Topology map is that it makes it easy to determine whether you are adding link ports or edge ports...

Страница 91: ...if the VLAN should not be configured on either end of the link you could use the VLAN Manager s Modify VLAN or Modify VLAN Membership commands to remove port 19 on Bld1Core from the bld1 vlan VLAN The...

Страница 92: ...92 EPICenter Concepts and Solutions Guide Managing VLANs...

Страница 93: ...nfigurations on your devices and to maintain an audit trail of configuration updates can help you troubleshoot when configuration problems arise Archiving Component Configurations You can use EPICente...

Страница 94: ...ach device or limit the length of time EPICenter keeps a file In either case when the limit is reached the oldest files are deleted first If you don t want to schedule all your devices individually yo...

Страница 95: ...anges to a device s configuration or if you know there have been and want to identify them you can compare two uploaded configuration files or to compare a configuration file with the baseline file fo...

Страница 96: ...e larger than 1 Mbyte cannot be analyzed with the automatic change detection feature Device Configuration Management Log In the Configuration Manager you can view the status of the most recent configu...

Страница 97: ...vices in the upgrade operation are compatible with the image you are planning to download The Firmware Manager will warn you and will not perform the upgrade if you attempt to specify devices that can...

Страница 98: ...de process Figure 45 Multi step upgrade information display It will also proceed to do the first upgrade in the set of recommended upgrades When the first upgrade is finished you can request the same...

Страница 99: ...from unauthorized external access as well as from internal access to sensitive company information Extreme Networks products incorporate multiple security features such as IP access control lists and...

Страница 100: ...DIUS server The external RADIUS server can also be configured to return role information to EPICenter as a Vendor Specific Attribute VSA along with a successful authentication You must create correspo...

Страница 101: ...in your network Select a device group to determine what SNMP version is configured for each device in that group If you change the contact password or SNMP community string EPICenter will ask if you...

Страница 102: ...the devices for which you want EPICenter to use SSH for direct communications EPICenter will now use SSH instead of regular Telnet for direct communications with the device including Netlogin and poll...

Страница 103: ...faster than the network search although the database may be less up to date as a full MAC address poll cycle can take a reasonably long time However if you want to identify the switch port where the h...

Страница 104: ...traffic and continue other services Once DoS Protection is setup on the switches you could define an Alarm for the traps DOS Threshold cleared and DOS Threshold reached and have it take an action such...

Страница 105: ...nts of your network or network traffic from one another Using VLANs you can create autonomous logical segments on your network for different business needs such as creating a Marketing VLAN a Finance...

Страница 106: ...tes and manages VLANs for Extreme Networks devices In the EPICenter system a VLAN is defined uniquely by the following Name 802 1Q tag if defined Protocol filters applied to the VLAN As a result multi...

Страница 107: ...u need to allow or block This should be based on your corporate security guidelines and the acceptable use guidelines for the hosts on your network 2 Set your access control requirements in order of p...

Страница 108: ...resource services protocols allowed or denied 3 Save your new policy 4 Click the Order button to set the order of precedence for your policies This must match the order you determined while designing...

Страница 109: ...access and accountability features of a wired network with the flexibility of on demand access and roaming A wireless host can log into the network in one building and then roam to another building on...

Страница 110: ...nterface as well as the number of clients associating through that interface Refer to Chapter 16 in the EPICenter Reference Guide for details on the Wireless AP Report and the Wireless Interface Repor...

Страница 111: ...xclude these cases from the report you can specify a wireless client time out length minimum connection time to correspond to the client age out setting on the switch Figure 49 shows an example of a S...

Страница 112: ...etection To do this you configure authorized APs using the Safe AP MAC Address List The Safe AP Mac List shows the list of MAC addresses that belong to Access Points that have been determined to be le...

Страница 113: ...pping and interception of your critical data you must monitor and control the clients accessing your wireless networks EPICenter provides the tools to determine the security abilities of the clients a...

Страница 114: ...of rogue access points unauthenticated clients and the number of clients using different authentications methods Each summary type provides a direct link to a detailed report on these topics Performan...

Страница 115: ...s a user could not log in using telnet INFO SYST User pjorgensen logged out from telnet 209 75 2 1 These messages indicate that a telnet connection was opened to a switch and then closed without enter...

Страница 116: ...116 EPICenter Concepts and Solutions Guide Managing Wireless Networks...

Страница 117: ...affect the performance of EPICenter Some of these you can affect with various settings in EPICenter In other cases you may be able to affect the overall performance of the system by considering how yo...

Страница 118: ...EPICenter does several types of polling using SNMP or Telnet for the information it needs SNMP Polling EPICenter does two types of polls for device information using SNMP A global heartbeat poll that...

Страница 119: ...retrieving Netlogin information for retrieving ESRP information on older Extreme switches and for retrieving Alpine power supply IDs You cannot modify its frequency other than as discussed for MAC pol...

Страница 120: ...larms are predefined in the EPICenter database and all are enabled by default scoped for all devices and ports Authentication failure SNMP MIB 2 trap Config Upload Failed EPICenter event indicates fai...

Страница 121: ...generated for each type of event 3 If this list shows large number of alarm instances for an alarm that you don t care about disabling that alarm could potentially have a beneficial impact on EPICente...

Страница 122: ...Port then the Select Group field lets you select a Device Group to display the devices in the group in the field below If the Source Type is Devices individual devices in the selected Device Group ca...

Страница 123: ...about alarm log backups Using the MIB Poller Tools The MIB Poller Tools found in the Reports module can be used to collect and inspect data from any MIB variables supported by the devices on your netw...

Страница 124: ...r oid name scalarVariable1 dataLabel Label description oid name scalarVariable2 dataLabel Label description scalar scope ipAddress 123 234 345 456 scope ipAddress 123 234 345 789 collection collection...

Страница 125: ...ced in the user collections directory The Reload button in the MIB Poller Summary report will load the collections xml specification and begin the collection process if the initialState property speci...

Страница 126: ...the collection definitions Once you have loaded the collections xml file the collections defined in that file will continue to be maintained either running or stopped until they are replaced by reload...

Страница 127: ...s The status of the collection running or stopped Startup State Whether the poll should be started automatically when it is loaded running or should be left in the stopped state Poll Saving Limit The...

Страница 128: ...for which to export the collection results To export results for a device click to check the appropriate box then click the Export button below the table You can select all devices by checking the bo...

Страница 129: ...Poller Summary report or from the MIB POller Poling DEtail Report From the MIB Poller Summary report you can export the results for an entire collection click the Export link in the row for the colle...

Страница 130: ...gure 57 A MIB Query example To perform a MIB query you enter the required data into the appropriate fields Enter into the first field the IP addresses of the devices from which you want to get data En...

Страница 131: ...ou may need to change the ports used by the Tomcat server if they conflict with those used by other applications To change these ports you must edit the server xml file found in the tomcat conf direct...

Страница 132: ...o use any of these tools except under the direction of Extreme Networks Technical Assistance Center personnel This report provides links to the following tools Set logging level lets you set the Serve...

Страница 133: ...OTE Avaya s Avaya Integrated Management 2 2 is supported on Windows 2000 and Windows 2003 Server therefore the Avaya EPICenter integration is only supported in those two operating environments For inf...

Страница 134: ...alled as a plug in to HP OpenView Import IP Phones gets location and status information about IP phones connected to an Extreme Networks device Sync IP Phones updates location and status information f...

Страница 135: ...P servers but only one run To avoid problems you should disable one of the TFTP servers and configure the TFTP root to point to the enabled TFTP server To disable the TFTP server in EPICenter do the f...

Страница 136: ...ntory Manager database The discovery typically discovers both Avaya network devices and Avaya IP phones NOTE It is recommended that you NOT add Avaya IP phones into the EPICenter Inventory database IP...

Страница 137: ...select an Avaya device either in the Component Tree or from a feature such Topology map you can use the Device sub menu to launch the Avaya Device Manager for the selected Avaya device The Device sub...

Страница 138: ...u The three Avaya specific commands are Table 5 Avaya Sub menu Commands on Tools Menu AIM Console Launches the Avaya Integrated Management Console If your client is running on the same system where th...

Страница 139: ...h the Device Slot or Port Properties displays for those devices You can also view an IP Phones report using the Reports feature that shows you the identities locations and status information for all t...

Страница 140: ...only be able to detect the phone when it appears on a port on an Extreme Networks device This can result in multiple phones appearing on a single port the port connecting the Extreme device and the Av...

Страница 141: ...uired a message box shows the progress of the sync operation When the Sync has finished updated information can be viewed through the Properties displays or through the IP Phones report The IP Phones...

Страница 142: ...ation IP Phones Reports The IP Phones report shows the complete inventory of IP phones known to EPICenter The report can be sorted based on any of the columns and can be filtered by Device Group and w...

Страница 143: ...ter Admin applet that control aspects of the EPICenter Avaya integration Through the Avaya Server properties you can set The Avaya Integrated Management server host IP address the URL for the Avaya In...

Страница 144: ...anagement Console when the EPICenter client is running on the same system as the Avaya Integrated Management and EPICenter servers AIM Web Port The port used to communicate via HTTP with the Avaya Int...

Страница 145: ...nter starts the Avaya user will be logged in automatically to EPICenter assuming he she is a known user If the user cannot be recognized the user will be mapped to one of the default EPICenter users a...

Страница 146: ...146 EPICenter Concepts and Solutions Guide VoIP and EPICenter Avaya Integrated Management...

Страница 147: ...The policy system translates those policy components into the specific information needed for QoS configuration of network devices It also detects overlaps and conflicts in policies with precedence ru...

Страница 148: ...tation type Access based Security QoS IP QoS Source Port QoS or VLAN QoS The implementation type determines the type of traffic grouping the switch will look for in implementing the policy This in tur...

Страница 149: ...amically applied to and removed from the network in response to network login and 802 1x login and logout events The IP addresses are static in nature and determined by the network resources The devic...

Страница 150: ...ffic between the user and the network resource s can be prioritized and guaranteed by the assignment of a specific quality profile on a per user basis You can also further define the network resource...

Страница 151: ...C as user endpoints In addition you can indicate that the traffic from the server should be filtered only to include traffic generated by the Baan application which translates to TCP traffic originati...

Страница 152: ...ient to the server Although not shown in this diagram you can specify multiple servers as well as multiple clients Figure 67 IP QoS policy Unlike the VLAN and source port policy types Security and IP...

Страница 153: ...specify a large number of endpoints for both servers and clients For n servers and m clients the number of traffic flows affected by the policy will be m n For this reason the use of subnets rather t...

Страница 154: ...i directional and implements Source Port QoS on the traffic flow from the specified source port Figure 69 Source Port policy You can specify multiple source ports in a single policy and you can specif...

Страница 155: ...e specified VLANs on the devices you have defined in your policy scope Figure 70 shows the effects of a VLAN Policy that has been specified for VLAN A and scoped on switches A and B The policy specifi...

Страница 156: ...tself is determined by the configuration of each individual switch If you want to ensure that VLAN QoS is effective end to end you should make sure your switch to switch links use tagged ports Policy...

Страница 157: ...ost are entered into the EPICenter database through the Grouping Manager either using the Import capability or through the GUI A Host to IP address mapping can be established in several ways The IP ad...

Страница 158: ...e Policy Manager from mappings associated with named components such as users or hosts They can also be entered directly as endpoints in an IP policy traffic definition QoS Profiles QoS profiles provi...

Страница 159: ...s limited to the edge device to which the user is connected many of these issues are not relevant for Security policies Assume that you want to define an IP policy Access List rule applying to all TCP...

Страница 160: ...ser resources either by entering them individually through the GUI or by importing them Ensure that a mapping relationship exists from each user to an IP address This is necessary so that the Policy M...

Страница 161: ...en the resources in a policy scope is used to determine which QoS profile specification should be used when a particular device is specified multiple times within a scope definition Policy precedence...

Страница 162: ...e Policy Manager toolbar The EPICenter policy server also supports policy enabling and disabling and policy configuration through an external access protocol and API External applications can use Tcl...

Страница 163: ...Appendices...

Страница 164: ......

Страница 165: ...cation you can run the EPICenter client in debug mode In Windows 2000 XP enter one of the following commands at the prompt in a command window or in the Run field If you have both server and client in...

Страница 166: ...e browser 1 Start the client with the URL http host port everest debug 2 After you enter your login information but before the main EPICenter page is displayed a page with debug settings is displayed...

Страница 167: ...down list in the Color Palette field to select the appropriate setting Problem After running for a while the display disappears in some applets Windows browser only Under some conditions in the browse...

Страница 168: ...mmand window The following commands assume you have accepted the default installation location c Program Files Extreme Networks EPICenter 5 0 If you have installed EPICenter in a different location su...

Страница 169: ...the ping command from a MS DOS or Solaris command shell If the switch is using SNMPv1 verify that the read and write community strings used in EPICenter match those configured on the switch If the swi...

Страница 170: ...erence Guide for information on the EPICenter Administration applet Problem Telnet polling messages can fill up a device s syslog file For switches running older versions of ExtremeWare prior to 6 0 t...

Страница 171: ...ich the network connection is listed in the Adapters and Bindings tab in Advanced Settings and may not be the NIC that is actually connected to the management network There is no guarantee that the pr...

Страница 172: ...th a secondary IP address EPICenter does not currently support secondary IP addressing for a VLAN Problem Configuration fails when attempting to configure a VLAN with a modified protocol definition EP...

Страница 173: ...the New Alarm Definition dialog You need to specify an e mail server in order to send e mail Click the Settings button next to the Email to field to set up your mail server Problem An RMON rule is def...

Страница 174: ...n Problem Email alarm actions generate too much text for a text pager You can use the Short email to option to send an abbreviated message appropriate for a text pager or cell phone The short email pr...

Страница 175: ...nter Reference Guide for more information on setting EPICenter server properties Problem Discovery does not display the MAC address for some devices in discovery results list In addition may not add t...

Страница 176: ...ort the browser can appear to freeze Printing a report or a topology map can cause the browser utilization to become very high approaching 100 and can spool a very large amount of memory There is no c...

Страница 177: ...omains are configured with different tags on different switches Reports Problem After viewing reports added a user defined report but it doesn t appear in the list of reports on the main reports page...

Страница 178: ...178 EPICenter Concepts and Solutions Guide Troubleshooting...

Страница 179: ...to upload or download device configurations or to download new software versions The VlanMgr utility used to create reset and delete VLANs The ImportResources utility used to import resources into th...

Страница 180: ...he password on device 10 205 1 51 to use an empty string enter the command devcli mod u admin a 10 205 1 51 d NOTE If you are running the DevCLI on a Windows platform enter forward slashes to separate...

Страница 181: ...word e Device group description None f Input file name for IP addresses This specifies an ascii file that contains a list of IP addresses one per line No other information can be included in this file...

Страница 182: ...ng one device group name and one description if applicable per line such as Device Group 2 Marketing Building B dg4 If a line has multiple words delimited by white space and the words are not enclosed...

Страница 183: ...ault c Program Files Extreme Networks EPICenter 5 0 under Windows or opt extreme epc5_0 under Solaris You must have the user scripts bin directory as your current directory in order to run these scrip...

Страница 184: ...illustrate the usage of these commands To export slot information to the file slotinventory csv from the EPICenter database whose login is admin123 and password is sesame under Windows enter the follo...

Страница 185: ...ter the following command msinv sh d o devices csv s serverlist2 txt This command logs in to each of the EPICenter servers specified in the file serverlist2 txt using the default login and password an...

Страница 186: ...the following command snmpcli snmpget a 10 205 0 99 o 1 3 6 1 4 1 1916 1 1 1 9 Table 8 specifies the options you can use with these commands SNMPCLI Examples The following examples illustrate the usag...

Страница 187: ...The EPICenter Port Configuration utility provides a way for an EPICenter administrator to change some of EPICenter s logical TCP IP port numbers in the event that there are conflicts between these por...

Страница 188: ...you want to keep the new value anyway 4 To have the new port settings take effect restart the server s whose ports you have changed Changes do not take effect until the corresponding service is stoppe...

Страница 189: ...rms based on criteria such as the alarm name severity category source the IP address or IP address and port that generated the alarm and whether the alarm has been acknowledged You can combine many of...

Страница 190: ...However there are no alarms that meet this criteria since an alarm cannot be both To display both alarms that are acknowledged and alarms that are unacknowledged do not specify either option c catego...

Страница 191: ...Failed To find all alarm log entries that were generated from port 12 on device 10 2 3 4 and place the results in the file device1 txt enter the following command AlarmMgr user admin dip 10 2 3 4 p 12...

Страница 192: ...on Value Default user username EPICenter user name This option is required None password password EPICenter user password If the password is blank do not include this argument No password host hostnam...

Страница 193: ...server port specification You can specify individual devices device groups and port groups in a single command FindAddr Output The output from the FindAddr command is displayed as tab delimited text...

Страница 194: ...created by default in the EPICenter bin directory The TransferMgr Utility The Transfer Manager utility TransferMgr allows you to upload configuration information from a device to a file and to downloa...

Страница 195: ...The TransferMgr Utility EPICenter Concepts and Solutions Guide 195 The EPICenter user name one of the four transfer options and a device IP address are required Other options are optional...

Страница 196: ...be placed tftp_root is the location of your TFTP server By default tftp_root is EPICenter_install_dir user tftp tftp_root config s a Place upload file into the archive directory tftp_root configs year...

Страница 197: ...iple TransferMgr commands TransferMgr Examples The following examples illustrate the usage of these commands To upload configuration information from device 10 20 30 40 enter the following command Tra...

Страница 198: ...ng the VlanMgr Command The VlanMgr utility is located in the EPICenter bin directory EPICenter_install_dir bin By default this is Program Files Extreme Networks EPICenter 5 0 bin in Windows or opt ext...

Страница 199: ...dded to VLAN as untagged ports on the device specified by the preceding dip option These options must immediately follow the dip option to which they apply Each option may be specified once per dip op...

Страница 200: ...t device and its ports will be removed from the VLAN port ports Ports to be included in the VLAN as untagged ports on the device specified by the preceding dip option If this option is not included an...

Страница 201: ...2 leaving the configuration otherwise unchanged enter the following command VlanMgr user admin modify test2 dip 10 201 20 35 tagport 10 11 12 ipf ip 10 201 20 100 24 dip 10 201 20 36 tagport 11 12 13...

Страница 202: ...text file you define the resources you want to import in a tab delimited text file See Importing from a File in Chapter 8 of the EPICenter Reference Guide for details Importing from an LDAP Directory...

Страница 203: ...g command ImportResources user admin s NewUsers domain Table 13 ImportResources command options Option Value Default user username EPICenter user name This option is required None password password EP...

Страница 204: ...204 EPICenter Concepts and Solutions Guide EPICenter Utilities This imports user data from the Windows Domain Controller that is serving the domain where the EPICenter server resides...

Страница 205: ...stics 114 architecture of EPICenter software 21 auto configuration 161 Avaya Integrated Management commands table 138 description 133 installation 134 IP phones and EPICenter 139 launching 137 launchi...

Страница 206: ...face report 63 inventory changing device information 69 creation 65 discovery 65 export scripts 183 importing devices with DevCLI 68 69 manually adding devices 68 monitoring links 72 organizing with d...

Страница 207: ...Detail 63 Wireless Summary 63 Resource to Attribute report 64 rising threshold CPU utilization 56 RMON alarm event generation 55 57 alarm examples 50 event generation figure 55 predefined alarms 41 S...

Страница 208: ...9 manager access 19 monitor access 19 using RADIUS 100 User to Host report 64 user defined macro variables 80 User Defined Telnet Macros 78 users as policy components 158 V VLAN Manager description 18...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды