Page 1 EPICenter Concepts and Solutions Guide Version 6.0 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: November, 2006 Part number: 100249-00 Rev. 01...
Page 2 Summit logos, the Extreme Turbodrive logo, and the Color Purple, among others, are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and other countries. Other names and marks may be the property of their respective owners.
Page 3: Table Of Contents
Distributed Server Mode (EPICenter Gold Upgrade) ..............19 The EPICenter Advanced Upgrade ....................20 EAPS Monitoring and Configuration Verification ..............20 The EPICenter Policy Manager....................20 EPICenter Software Architecture....................20 Extreme Networks Switch Management ..................21 SNMP and MIBs .........................21 Traps and Smart Traps......................22 Device Status Polling......................22 Extreme Networks Device Support..................23 Third-Party Device Support ....................23...
Page 4 Creating the Device Inventory .....................33 Using Discovery ........................33 Adding Devices Individually....................35 Setting up Default Device Contact Information ...............36 Creating and Using Device Groups ..................36 Managing Device Configurations and Firmware................38 Saving Baseline Configuration Files in the Configuration Manager ..........38 Scheduling Configuration File Archiving ................40 Checking for Software Updates .....................41 Using the EPICenter Alarm System .....................42 Predefined Alarms.......................42...
Page 5 Chapter 5: Managing VLANs......................95 Graphical Configuration and Monitoring of VLANs ................95 Network-wide VLAN Membership Visibility...................96 Network-wide Multidevice VLAN Configuration ................97 Modifying VLANs from a Topology Map..................99 Displaying VLAN Misconfigurations with Topology Maps..............100 Chapter 6: Managing Network Device Configurations and Updates ..........103 Archiving Component Configurations ..................103 Baseline Configurations ......................104 Identifying Changes in Configuration Files ................105...
Page 6 Chapter 9: Tuning and Debugging EPICenter ................. 131 Monitoring and Tuning EPICenter Performance ................131 Polling Types and Frequencies ...................132 Performance of the EPICenter Server ..................133 Tuning the Alarm System ......................133 Disabling Unnecessary Alarms ....................134 Limiting the Scope of Alarms .....................135 The Alarm and Event Log Archives ..................136 Using the MIB Poller Tools.......................137 Defining a MIB Collection ....................137...
Page 7 Appendix A: Troubleshooting ....................... 179 Troubleshooting Aids .......................179 Using the Stand-alone Client Application................179 Using the Browser-based Client (Windows Only) ..............180 EPICenter Client Issues ......................181 EPICenter Database ........................182 EPICenter Server Issues......................183 VLAN Manager........................187 Alarm System .........................188 ESRP Monitor .........................190 Inventory Manager........................190 Grouping Manager ........................191 Printing..........................191 Topology ..........................192...
Page 8 Inventory Export Scripts......................241 Using the Inventory Export Scripts ..................241 Inventory Export Examples ....................243 The SNMPCLI Utility ......................244 Using the SNMPCLI Utility....................244 SNMPCLI Examples ......................245 The AlarmMgr Utility .......................246 Using the AlarmMgr Command ...................246 AlarmMgr Output ......................248 AlarmMgr Examples......................248 The FindAddr Utility........................248 Using the FindAddr Command ....................249 FindAddr Output .......................251 FindAddr Examples ......................251...
Page 9: Preface
Preface This preface provides an overview of this guide, describes guide conventions, and lists other useful publications. Introduction This guide provides the required information to use the EPICenter software. It is intended for use by network managers who are responsible for monitoring and managing Local Area Networks, and assumes a basic working knowledge of: Local Area Networks (LANs) ●...
Page 10: Conventions
Preface Conventions Table 1 Table 2 list conventions that are used throughout this guide. Table 1: Notice Icons Icon Notice Type Alerts you to... Note Important features or instructions. Caution Risk of unintended consequences or loss of data. Warning Risk of permanent loss of data. Table 2: Text Conventions Convention Description...
Page 11: Related Publications
Customers with a support contract can access the Technical Support pages at: ● http://www.extremenetworks.com/services/eSupport.asp The technical support pages provide the latest information on Extreme Networks software products, including the latest Release Notes, information on known problems, downloadable updates or patches as appropriate, and other useful information and resources.
Page 12 Preface EPICenter Concepts and Solutions Guide...
Page 13: Chapter 1: Epicenter Overview
In large corporate networks, network managers need to manage systems “end to end.” The EPICenter software is a powerful, flexible and easy-to-use application for centralizing configuration, troubleshooting, and status monitoring of IP-based networks of Extreme Networks switches and selected third-party devices, regardless of the network size.
Page 14 Comprehensive Security. EPICenter provides multiple features that control and monitor the security ● features on Extreme Networks’ products. The VLAN Manager enables the creation and management of VLANs easily throughout the network. The Policy Manager’s access-based security policies enforce user-based security. The IP/MAC Address Finder tool to locate any MAC address on your network.
Page 15: Inventory Management
MIB-2 functionality. Based on EPICenter’s Third Party Integration Framework, selected appliances from Extreme Networks partners can be integrated into EPICenter in a robust fashion that allows reporting, the use of Telnet macros, alarm management, and monitoring with graphical front and back panel views in the Inventory Manager.
Page 16: The Alarm System
Fault detection is based on SNMP traps, RMON traps, Syslog messages, and some limited polling. The Alarm System supports SNMP MIB-2 and the Extreme Networks private MIB. You can also configure alarms based on certain event thresholds, or on the content of Syslog messages. When an alarm occurs you can specify actions such as sending e-mail, forwarding a trap, running a program, running a script, or a Telnet macro, sending a page, or sounding an audible alert.
Page 17: The Ip/Mac Address Finder
The IP/MAC Address Finder applet lets you search for specific network addresses (MAC or IP addresses) and identify the Extreme Networks switch and port on which the address resides. You can also use the IP/MAC Finder applet to find all addresses on a specific port or set of ports. If you have enabled EPICenter’s periodic MAC Address polling, which does polls for edge port address...
Page 18: Enterprise-Wide Vlan Management
EPICenter Overview EPICenter can add device nodes to your topology map automatically as devices are added to EPICenter software’s device inventory. The EPICenter software automatically detects and adds links that exist between Extreme devices, and organizes the device nodes into submaps as appropriate. The links between devices provide information about the configuration and status of the links.
Page 19: Role-Based Access Management
EPICenter Features cannot run the browser-based or installed EPICenter clients. Reports can be printed using the browser print function. The Reports capability provides a large number of predefined HTML reports that present a variety of types of information from the EPICenter database. You can also create your own reports by writing Tcl scripts.
Page 20: The Epicenter Advanced Upgrade
EPICenter Overview The EPICenter Advanced Upgrade The EPICenter Advanced upgrade is a separately-licensed component of the EPICenter product family. An Advanced license enables the Policy Manager and EAPS Monitoring applications. EAPS Monitoring and Configuration Verification Ethernet Automatic Protection Switching (EAPS) provides ‘carrier-class’ network resiliency and availability for enterprise networks.
Page 21: Extreme Networks Switch Management
Extreme Networks Switch Management Figure 1 illustrates the architecture of the EPICenter software. Figure 1: EPICenter software architecture Windows client system Windows or Solaris client system Browser with Java plug-in Installed client Browser EPICenter applets EPICenter applets HTML reports TCP sockets...
Page 22: Traps And Smart Traps
The Alarm System supports SNMP Management Information Base-2 (MIB-2), the Extreme Networks private MIB, Remote Monitoring (RMON) traps, and selected traps from other MIBs. The EPICenter software uses a mechanism called SmartTraps to identify changes in Extreme device configuration.
Page 23: Extreme Networks Device Support
ExtremeWare, ESRP information must be obtained via Telnet rather than SNMP. Telnet polling is also used to obtain power supply IDs for Alpine devices. Optionally, you can use SSH2 instead of Telnet to communicate with Extreme Networks devices. This requires that you run a version of ExtremeWare that supports SSH.
Page 24 EPICenter Overview inventory database, including RMON traps from devices with RMON enabled. The Real-Time Statistics module can display statistics for any device with RMON enabled, EPICenter’s third-party integration framework allows selected devices to be integrated into EPICenter with a higher level of functionality. Devices integrated through this framework may include device-specific front and rear panel views, additional SNMP trap support, support for Telnet macros, and the ability to launch external applications from within EPICenter, if appropriate.
Page 25: Chapter 2: Getting Started With Epicenter
Getting Started with EPICenter This chapter covers how to use some of the basic features of the EPICenter system: Starting EPICenter. ● How to get Help. ● EPICenter User Roles. ● Creating the Device Inventory. ● Organizing your network elements using groups. ●...
Page 26: Starting The Epicenter Client
If you installed EPICenter as a regular application rather than as services, you must start the server from the Start menu: 1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 6.0 to display the EPICenter menu.
Page 27 Starting the EPICenter Client in a Windows Environment To start the EPICenter stand-alone client: 1 From the Start menu, highlight Programs > Extreme Networks > EPICenter 6.0, then select EPICenter 6.0 Client The EPICenter Client Login window appears, as shown in...
Page 28: The Epicenter Client Login Window
Getting Started with EPICenter Figure 2: EPICenter Start-up page 3 In the left-hand column, click the Launch EPICenter link to display the EPICenter login page. The EPICenter Client Login Window The EPICenter installed client starts by opening a Client Login window, as shown in Figure EPICenter Concepts and Solutions Guide...
Page 29 Starting EPICenter Figure 3: EPICenter client Login window The browser-based client also presents a login page, but as you have already provided the server host name in the URL, the browser login window does not ask again for that information. 1 In the installed client login window, type or select in the Server Hostname field the name or IP address of the EPICenter server you want to connect to.
Page 30: Getting Help
Getting Started with EPICenter If you enabled Automatic Information Updates when you installed EPICenter, you may be presented with a message indicating that software updates are available. You can click Update Now (which opens the Display Software Images Updates window) or Remind Me Later, which closes the window.
Page 31: Working With The Epicenter Features
Working with the EPICenter Features For detailed help on specific features or applets, EPICenter provides context-sensitive online Help, accessible through Help buttons in most EPICenter applets, and through the Help menu located in the menu bar at the top of the main window in the EPICenter applets. From the Help menu or Help buttons you can view HTML-based help on the feature you are using, presented in a browser window.
Page 32: Device Selection Persistence
Getting Started with EPICenter Device Selection Persistence Navigating between EPICenter features is normally done by clicking a button in the Navigation Toolbar, which exits the feature you are currently in (typically abandoning any pending actions) and opens the new feature in the Main window of the EPICenter product. If a device was selected in the previous feature, that same device will be preselected in the newly-opened feature.
Page 33: Creating The Device Inventory
Creating the Device Inventory read-only access will be able to view status and configuration information, but will not be able to perform configuration operations or store information in the EPICenter database. Roles also used to determine whether a particular user can execute Telnet macros from the Tools menu or from right-click pop-up menu.
Page 34 Getting Started with EPICenter Figure 5: Discovering devices to add to the EPICenter inventory database Note that you must provide the SNMP read community string to enable EPICenter to get information from the devices it finds. If your devices do not all use the same read community string, you will need to add each set of devices as a separate specification, as shown in the example.
Page 35: Adding Devices Individually
Creating the Device Inventory Figure 6: Results of a discovery To add devices to the database, select the set of devices you want to add and click the Add button. For each device or set of devices you add to the inventory database, EPICenter first asks you to provide contact information for those devices: The device login name and password ●...
Page 36: Setting Up Default Device Contact Information
Getting Started with EPICenter You must input the IP address of the device you want to add, as well as the communication information for the device. EPICenter pre-fills the fields in the Add dialog with the default communication information—you can change it as appropriate. Setting up Default Device Contact Information For simplicity in managing multiple devices in large networks, administrators typically use the same logins, passwords, community strings and so on, for multiple devices.
Page 37 Creating the Device Inventory Initially, EPICenter provides a single device group, named Default. This is where Discovery places the devices you add to the inventory, unless you specify a different device group. You can create additional device groups and place devices in those groups as you see fit. To create a Device Group, click the Add button at the top of the page to bring up the Add Devices and Device Groups dialog, then click the Device Groups tab.
Page 38: Managing Device Configurations And Firmware
Getting Started with EPICenter NOTE Removing a device from all device groups does not remove the device from the database. The device is automatically placed back in the Default device group. if it is removed from all other device groups. Managing Device Configurations and Firmware EPICenter provides two features that can help you manage the configuration files and the firmware versions on your devices.
Page 39 Managing Device Configurations and Firmware Figure 8: Uploading a Baseline Configuration File This saves the configuration file as a baseline file in the directory, named by user.war/tftp/baselines IP address (e.g. 10_205_1_112.txt Note that you can also schedule the upload of baseline files. This feature is similar to scheduling archival uploads, except that a baseline upload cannot be scheduled on a repeating basis.
Page 40: Scheduling Configuration File Archiving
Getting Started with EPICenter Figure 9: Configuration file information for a device Scheduling Configuration File Archiving You can schedule regular archival configuration file uploads on a daily or weekly basis. You can also set a limit on how many configuration files per device will be saved (you can limit by time, or by the number of files).
Page 41: Checking For Software Updates
Managing Device Configurations and Firmware From the Global Schedule tab you can set an archive schedule for all devices other than those that ● have individual or group schedules set. The Global Schedule lets you set an archive schedule for “everyone else.”...
Page 42: Using The Epicenter Alarm System
Fault detection is based on SNMP traps, syslog messages, and some limited polling. The Alarm System supports SNMP MIB-2, the Extreme Networks private MIBs, RMON traps, and selected traps from other MIBs. When an alarm occurs you can specify actions such as sending e-mail, running a program, running a script, sending a page or sounding an audible alert.
Page 43: The Alarm Log Browser
● NOTE When Extreme Networks devices are added to the EPICenter Inventory database, they are automatically configured to send traps to the EPICenter server (unless you are running in non-intrusive Mode). To receive traps from non- Extreme devices, you must manually configure those devices to send traps to the EPICenter server. See “Setting...
Page 44: Filtering The Alarm Log Display
Getting Started with EPICenter Figure 11: The Alarm Log Browser page Predefined filters Alarm System module tabs Acknowledged alarms EPICenter standard menus Number of alarms New alarm displayed (per filter) Alarm summary Current filter definition indicator Filtering the Alarm Log Display You can filter the list of alarms to view only a subset of alarms that are of particular interest—only alarms from a specific device, or a specific type of alarm, for example.
Page 45 Using the EPICenter Alarm System Example: Filtering the Alarm Log Display for a Device IP Address Filter the list of alarms to view only alarms from the device at IP address 10.210.12.8 1 Click the Filter button at the top of the Alarm Summary window. The Define Alarm Log Filter window opens.
Page 46 Getting Started with EPICenter Figure 13: The filtered alarm summary list 7 If you want to save this filter for future use, click the Filter button again. The Define Alarm Log Filter window again opens, displaying the filter definition you just created. 8 Click Save and another small window opens where you can enter a name for this filter.
Page 47: Creating Or Modifying An Alarm Definition
Using the EPICenter Alarm System Creating or Modifying an Alarm Definition Although EPICenter provides a number of predefined alarms, you may find that you need to modify those alarm definitions, or even create your own alarms to alert you to specific conditions. For example, you may decide to modify the predefined SNMP Unreachable alarm to send an email to the network administrator when a device becomes unreachable (the predefined alarms by default do not take any actions other than to create an entry in the alarm log).
Page 48 Getting Started with EPICenter Figure 14: The Alarm Definition List with the Overheat alarm selected 2 Scroll down in the list and select the Overheat alarm definition. The basic properties for this alarm definition are displayed in the lower part of the page. 3 Click the Modify button.
Page 49 Using the EPICenter Alarm System Figure 15: The Modify Alarm Definition window with the Action Tab displayed For this alarm, you want to use an email action. However, before you can specify an email action, you must configure EPICenter with settings for the SMTP server it should use. If this has not yet been done, the two email checkboxes are not selectable, as shown in Figure 5 To configure EPICenter’s email settings, click the Settings...
Page 50 Getting Started with EPICenter 6 To configure EPICenter to send a text message as an alarm action, click the Short email to: check box to turn on the check. 7 Type as the email address in the text field next to the checkbox, as shown 4085551212@paging.com Figure Figure 17: A short email action defined for text paging...
Page 51 Using the EPICenter Alarm System Figure 18: The modified Overheat alarm Example 2: Define a New Alarm to Forward a Trap Define a new alarm that forwards a trap to a remote host if port 10 on device “Summit_24” goes down. 1 Click the Alarm Definition tab at the top of the window, then click Add to open the New Alarm Definition dialog with the Basic tab displayed.
Page 52 Getting Started with EPICenter Figure 19: The Basic tab of the New Alarm Definition window a Type a name for the alarm (for example, WAN Link Down) in the Name field. b Make sure the Enabled checkbox is checked. c Select a severity level in the Severity field d Select a category (e.g.
Page 53 Using the EPICenter Alarm System Figure 20: The Scope tab of the New Alarm Definition window NOTE For convenience in scoping alarms, you may want to consider creating special-purpose device groups or port groups, and use those in your alarm scope. The benefit is that you can change the scope of the alarm simply by changing the membership of the relevant group.
Page 54: Threshold Configuration For Rmon And Cpu Utilization Alarms
Getting Started with EPICenter Figure 21: The Action tab of the New Alarm Definition window b If you need to change the trap receiver configuration, click the Settings... button to the right of the Forward trap to: line. This opens a configuration dialog where you can change the trap receiver configuration.
Page 55 Using the EPICenter Alarm System A Rising Threshold means that a trap is generated when the value of the RMON variable increases ● past the threshold value. If only a Rising threshold is specified, then no trap is generated if the value decreases past the threshold.
Page 56 Getting Started with EPICenter How RMON Events are Generated When you configure an RMON threshold condition, you must specify not only the value of the threshold, but also the startup alarm condition. The initial occurrence of an RMON alarm is determined by the Startup Alarm condition specified when the alarm is defined.
Page 57: Configuring A Cpu Utilization Rule
Using the EPICenter Alarm System Example 3: Create an RMON Rule to Detect Excessive Port Utilization Example: Create an RMON rule that will cause an RMON Rising Trap when port utilization on a set of critical ports, members of the port group “CriticalPorts,” exceeds 15%. 1 Bring up the New Configuration dialog.
Page 58 Getting Started with EPICenter Sample Type: The sample value (a percentage) is always an absolute value ● Startup Alarm: The Startup condition is predefined to be Rising ● NOTE To define an alarm for a CPU Utilization threshold event, select SNMP Trap as the Event Type, then select CPU Utilization Rising Threshold or CPU Utilization Falling Threshold as the Event Name.
Page 59: Using Topology Views
Using Topology Views The second event occurs at point X, because the sample value has fallen below the falling threshold, which is defined as 80% of the rising threshold value. The third event occurs at point A because the sample value is again above the Rising Threshold after having fallen below the Falling threshold. At point B the value again passes the Rising Threshold, but no alarm is generated because the value has not yet become less than the Falling threshold.
Page 60 Getting Started with EPICenter Figure 24: Basic Topology Map A basic topology map such as the example in Figure 24 shows you a variety of information about the status of your network: The border color of each device image indicates whether they are up or down ●...
Page 61: Automated Map Creation Vs. Manual Map Creation
Using Topology Views Figure 25: Topology Map with VLAN information In this mode, the map dims out all the links that are not involved in the selected VLAN. It also shows information about the VLANs for a selected device in the Map Element Description panel. You can even do some basic VLAN configuration from the Topology View in VLAN mode—such as adding links or edge ports to a VLAN.
Page 62: Customizing The Look Of Your Maps
Getting Started with EPICenter You can create new Topology Views to represent your networks in any way you want. You can have EPICenter auto-populate a view you create or you can select devices to add to your map individually. You can create and delete submaps, add, move and delete devices, create links, add annotations, give names and labels to your devices and so on.
Page 63 Using Basic EPICenter Reports EPICenter reports are displayed in HTML in a browser window, even if you are running the EPICenter installed client. You must have a browser installed on your client system to be able to view reports. You can also view reports by logging directly into the Reports feature from a browser, without running the EPICenter client: just select the View Reports link from the EPICenter start-up page.
Page 64 Getting Started with EPICenter In addition to the Network Summary Report, EPICenter provides the following reports and tools: Table 3: EPICenter Reports Report Category Report Name Description Main • Extreme eSupport Export Exports EPICenter data for use by Extreme technical support.
Page 65 • Wireless Summary Wireless status overview; with links to supporting detail reports • Wireless AP (Wireless Port Inventory of Extreme Networks Wireless Access Points. Inventory Report) From here you can view details on the device to which Device Details an AP is connected, or details about a selected AP Wireless Port Details •...
Page 66 Getting Started with EPICenter Table 3: EPICenter Reports Report Category Report Name Description EPICenter Server • Server State Summary Shows a variety of status information about the EPICenter server. • Debug EPICenter Tools to aid in analyzing EPICenter performance. These are available only to users with an Administrator role.
Page 67: Chapter 3: Managing Your Network Assets
Managing your Network Assets This chapter describes how to manage and monitor your network assets. Topics include: Creating a complete network component inventory ● Importing inventory information using command line utilities ● Using Device Groups to organize and manage inventory ●...
Page 68 Managing your Network Assets Valid wildcard characters are *, ?, and - (dash): acts as a wildcard for the entire octet (0-255). ? is a wildcard for a single digit (0-9). - lets you specify a range for any octet. You can use this in more than one octet. Note that you cannot combine the dash with another wildcard in the same octet.
Page 69 Creating a Network Component Inventory Figure 28: Device Discovery specifications Once the discovery results have been returned, you can then select the devices you want to add the EPICenter inventory. Discovery does not automatically add any devices to the EPICenter inventory. From the Discovery Results window, you can select individual or multiple devices to add to EPICenter’s inventory database.
Page 70: Adding Devices Individually
Managing your Network Assets Figure 29: Discovery Results window You can perform multiple Add operations from the Discovery results window, so you can discover a wide range of devices in one operation, and then add them in small sets based on which devices use common contact information, or how you want to place them in device groups.
Page 71: Importing Devices Using The Devcli Utility
Making Device Contact Information Changes Importing Devices Using the DevCLI Utility If you have a large number of devices you want to add the EPICenter inventory, and you have there addresses and contact information available in machine-readable form, you can use the DevCLI command line utility to import device information into the EPICenter database.
Page 72 Managing your Network Assets You can change any of the device contact information kept for a device in the EPICenter database through the Modify Devices and Device Groups dialog in the Inventory Manager. If multiple devices use the same contact information, you can change the information for all those devices in a single operation (if they are members of the same device group).
Page 73: Organizing Your Inventory With Device Groups
Organizing Your Inventory with Device Groups Figure 31: Contact Information change dialog You can change the value in the database only, or in both the database and on the device (or do neither). You might elect to make changes in the database only if the values had already been changed on the devices.
Page 74: Monitoring Critical Links With Port Groups
Managing your Network Assets Device groups can be useful in the following areas: Alarms: If an alarm is scoped on a device group, when the group membership changes, the alarm ● scope automatically reflects that change. Telnet macros: If a Telnet macro has a device group execution context, you can run the macro on all ●...
Page 75 Monitoring Critical Links with Port Groups Figure 32: A port group defined in the Grouping Manager Figure 32 shows a port group as defined in the Grouping Manager for the uplink ports on the core devices in a specific building. Figure 33 shows a utilization chart for the ports in the same port group.
Page 76 Managing your Network Assets Figure 33: Utilization statistics for ports based on a port group Using this same port group as the scope, you could define an RMON threshold rule for link utilization (for MIB variable ) that would generate a trap when utilization exceeded extremeRtStatsUtilization some percentage you define on any of the ports in the port group.
Page 77: Inventory Reports
Inventory Reports Figure 34: An RMON threshold rule for port utilization scoped on a port group You could create similar port groups for load-shared ports, for example, or for the ports connecting to critical servers in your network. Inventory Reports The EPICenter Reports feature provides HTML reports on many aspects of the devices in the EPICenter database.
Page 78: Uploading Inventory Information To Extreme
Managing your Network Assets by device, which show the port type, VLAN membership (if any) and length of time the port has been inactive, for the inactive ports on a device. Each of these reports can be exported in csv or xml format. Uploading Inventory Information to Extreme If it happens that you need to work with Extreme’...
Page 79: Chapter 4: Configuring And Monitoring Your Network
Configuring and Monitoring Your Network This chapter describes how EPICenter can help you configure, monitor, and manage the components of your network on a network-wide basis. Topics include: Configuring multiple devices concurrently using user-defined Telnet macros ● Network-wide configuration of VLANs ●...
Page 80: Creating Telnet Macros For Re-Use
Configuring and Monitoring Your Network In the Macro Player, you can enter a macro (or load a saved macro) and run it on a selected set of devices, but you cannot save the macro. The Macro Player function is provided primarily to enable macros to be run on a one-time or ad-hoc basis.
Page 81 User-Defined Telnet Macros Example 1: A Macro to Configure EPICenter as a Syslog Server on a Device One example of a macro you would re-use is a macro to configure EPICenter as a Syslog server for your Extreme switches. You could create and save a macro that used a system variable to specify the EPICenter server’s host name or IP address.
Page 82: Creating Macros To Be Run From A Menu
Configuring and Monitoring Your Network enable ospf save are both user-defined variables. When the macro is run on a $salesVlanPorts $salesVlanIP device, EPICenter prompts for the values of the two variables. It uses as the prompt the description you entered when you created the variable. Note that the save command requires a confirmation, which must be included in the script.
Page 83: Role-Based Telnet Macro Execution
User-Defined Telnet Macros Figure 36: Telnet macros available from the Macros sub-menu The execution context and execution roles interact in that a macro will be available to a user only if the macro matches the execution context of the selected component (Device Group, Device, or Port) and the user’s role has been included as an execution role defined for the macro.
Page 84: Network-Wide Vlan Configuration
Configuring and Monitoring Your Network not to users with AlarmOnly or Config and Firmware roles. (The AlarmOnly and Config and Firmware roles are user-defined roles.) Figure 37: A Telnet macro with selected execution roles Note that if you add a new role to EPICenter after you have created your Telnet macros, that role will not be included in the execution roles for your macros.
Page 85: Graphical And Html-Based Configuration Monitoring
Graphical and HTML-based Configuration Monitoring recommend the devices and ports to be added to the VLAN, and can add them to the VLAN if you accept the recommendation. EPICenter’s Topology views can be used to show a topological view of the VLANs on your network. ●...
Page 86: Eaps Protocol Monitoring And Verification
Configuring and Monitoring Your Network EAPS Protocol Monitoring and Verification The Ethernet Automatic Protection Switching (EAPS) Monitor provides a visual way to view the status of your EAPS configurations (EAPS domains) and to verify the configuration of your EAPS-enabled devices. With its multiple status displays and the ability to focus on individual EAPS domains, it can also help you debug EAPS problems on your network.
Page 87: Eaps Domain And Device Status
EAPS Protocol Monitoring and Verification The EAPS map shows all the devices managed by EPICenter with respect to their EAPS implementation, including the EAPS-related links between devices and a summary status for each device and for each EAPS domain. NOTE If some of the devices in an EAPS domain are missing from EPICenter’s inventory database, those devices will not appear on the EAPS map.
Page 88: Focus Mode
Configuring and Monitoring Your Network Node Alarm status: shown using the small alarm bell indicating the highest level unacknowledged ● alarm for this device. EAPS Worst Domain status: If the device is configured for EAPS, this is indicated by a colored ring ●...
Page 89: Eaps Detail Status Displays
EAPS Protocol Monitoring and Verification Figure 39: Focus mode on a domain Indicates Focus Mode is in effect Exit Focus Mode The blue bar at the top of the Viewport indicates that Focus Mode is in effect, and specifies the domain that is currently in focus.
Page 90: Verifying The Eaps Configuration
Configuring and Monitoring Your Network From these tables you can viewed detailed information for individual domains, devices or links. For example, from the Domains table, clicking on a domain name pops up a Domain Details window for the selected domain. (It also puts the map into Focus Mode for the selected domain). Figure 40 shows the information provided when the EAPS Domain Details window appears.
Page 91 EAPS Protocol Monitoring and Verification The recommended workflow for identifying and correcting EAPS configuration problems from within the EPICenter EAPS Monitor is as follows: 1 Run the Verify EAPS command. 2 If there are errors in the Verification Report, you can click the domain or device link in the source column, and this will put you into Focus Mode for the domain or device where the errors occurred.
Page 92: The Eaps Log Report
Configuring and Monitoring Your Network The information shown in this report is as follows: Table 4: EAPS Verification Results Report Column Type The type of error. The online Help for the EAPS monitor applet includes a list of errors that the EAPS verification process may report. Severity The severity level of the error: Error, Warning, or Information Source...
Page 93 EAPS Protocol Monitoring and Verification Figure 42: EAPS Log Report EPICenter Concepts and Solutions Guide...
Page 94 Configuring and Monitoring Your Network EPICenter Concepts and Solutions Guide...
Page 95: Chapter 5: Managing Vlans
Managing VLANs This chapter describes how to configure, monitor, and manage VLANs. Topics include: Graphically configuring and monitoring VLANs ● Scalable multidevice network-wide VLAN functionality ● Network-wide VLAN membership visibility ● Displaying VLAN misconfigurations with Topology maps ● EPICenter provides a number of features that greatly simplify the management of VLANs on your network.
Page 96: Network-Wide Vlan Membership Visibility
Managing VLANs Network-wide VLAN Membership Visibility The VLAN Manager provides a comprehensive view of all the VLANs on your network. The VLAN Manager’s main view shows you a summary of all VLANs on your network, either by switch or by VLAN.
Page 97: Network-Wide Multidevice Vlan Configuration
Network-wide Multidevice VLAN Configuration 2 Select the VLAN you want to view from the drop-down list in the VLAN field. The devices and links that are not part of the VLAN are dimmed on the map so that the devices and links in the selected VLAN are visible.
Page 98 Managing VLANs the VLAN on all the devices and ports you specify. You do not need to create the VLAN separately on each device. To create a VLAN in the VLAN Manager, click the Add button to open the Add VLAN dialog. Figure 45 shows an example of the Add VLAN dialog, illustrating how you can specify ports from multiple devices when you create the VLAN.
Page 99: Modifying Vlans From A Topology Map
Network-wide Multidevice VLAN Configuration Figure 46: Connection Information for a new port member of a VLAN When you click Apply to create the VLAN, EPICenter will create the VLAN on all the specified devices with the specified ports. By using multi-threading EPICenter can initiate these requests concurrently on multiple devices, thus reducing the overall elapsed time required to implement those changes on the devices.
Page 100: Displaying Vlan Misconfigurations With Topology Maps
Managing VLANs If you choose to add the links to an existing VLAN, you can specify whether the endpoints of the links should be added as tagged or untagged ports. If you choose to create a new VLAN, a further dialog lets you specify the VLAN name, tag, and protocol for the VLAN, as well as whether the endpoints should be added as tagged or untagged ports.
Page 101 Displaying VLAN Misconfigurations with Topology Maps Figure 47: Displaying a misconfigured VLAN You can solve the misconfiguration problem by selecting the link and using the Add Link to VLAN command to add the VLAN on the devices at both ends of the link. Or, if the VLAN should not be configured on either end of the link, you could use the VLAN Manager’s Modify VLAN or Modify VLAN Membership commands to remove port 19 on Bld1Core from the bld1-vlan VLAN.
Page 102 Managing VLANs EPICenter Concepts and Solutions Guide...
Page 103: Chapter 6: Managing Network Device Configurations And Updates
Managing Network Device Configurations and Updates This chapter describes how to use EPICenter to manage your Extreme device configurations. Topics include: Archiving device configuration files ● Creating and using Baseline configurations ● Monitoring configuration changes with baselines and the Diff function ●...
Page 104: Baseline Configurations
Managing Network Device Configurations and Updates Figure 48: Scheduling archival configuration file uploads You can schedule daily or weekly uploads, and specify the time of day (and day of the week) at which they should be done. This lets you schedule uploads at times when it will have the least impact on your network load.
Page 105: Identifying Changes In Configuration Files
Baseline Configurations good” configuration in case of configuration problems, and you can use it as a reference to compare against archived configuration files to identify any configuration changes that have been made. When you view information about the configuration files that have been uploaded for a device or a device group in the main Configuration Manager window, the display indicates whether a baseline file exists for the device.
Page 106: Device Configuration Management Log
Managing Network Device Configurations and Updates Figure 49 shows an example of a report generated when EPICenter detects a difference between an archived configuration and the baseline configuration for a device. The report is created as a PDF file, and you can configure EPICenter to automatically email the file to recipients you designate. Figure 49: Configuration change report for changes detected in an archived configuration EPICenter will combine into one report any differences detected in archive operations that occur within a 10 hour time frame, to avoid generating many small reports.
Page 107: Managing Firmware Upgrades
Managing Firmware Upgrades Managing Firmware Upgrades Managing the versions of firmware on your devices can be a significant task, as there are a number of different versions for different device types and modules, and versions of the software and the bootROM images must be compatible as well.
Page 108 Managing Network Device Configurations and Updates and the software images, and you may need to do an intermediate software upgrade in order to upgrade to the most current version. If you request an upgrade that cannot be done in one step, the Firmware Manager will determine what the required steps are, and will provide that information to you as you proceed through the upgrade process.
Page 109: Chapter 7: Managing Network Security
Network administrators must protect their networks from unauthorized external access as well as from internal access to sensitive company information. Extreme Networks products incorporate multiple security features, such as IP access control lists and virtual LANs (VLANs), to protect enterprise networks from unauthorized access.
Page 110: Using Radius For Epicenter User Authentication
EPICenter should be configured as a RADIUS client. Configuring a RADIUS Server for EPICenter User Authentication EPICenter uses administrator roles to determine who can access and control your Extreme Networks network equipment through EPICenter. A user’s role determines what actions the administrative user is allowed to perform, through EPICenter or directly on the switch.
Page 111 Management Access Security In your authentication database, create a Group for each administrative role you plan to use in ● EPICenter, and then configure the appropriate users with the appropriate group membership. For example, if you want to authenticate both EPICenter Admin and Manger users, you must create a group for each one.
Page 112: Securing Management Traffic
Managing Network Security Example: Setting the Service Type for a Built-in EPICenter Role If you plan use an external RADIUS server to authenticate EPICenter users, but you do not want to configure your RADIUS server with a VSA to pass role information, then you must configure your RADIUS server’s “Service type”...
Page 113: Using Sshv2 To Access Network Devices
SNMPv1 for any reason, you can do so with minimal effort. Using SSHv2 to Access Network Devices. Extreme Networks products support the secure shell 2 (SSHv2) protocol to encrypt traffic between the switch management port and the network management application (EPICenter). This protects the...
Page 114 To receive the EPICenter SSH enabler key, fill out the End-User Certification Form at: http://www.extremenetworks.com/apps/EPICenter/ssh.asp b After the form is submitted, Extreme Networks will review the request and respond within 2 business days. c If your request is approved, an email will be sent with the information needed to obtain the “ssh- enabler”...
Page 115: Securing Epicenter Client-Server Traffic
EPICenter will now use SSH instead of regular Telnet for direct communications with the device, including Netlogin and polling for the FDB from the Extreme Networks switches. It will also use SFTP for file transfers such as uploading or downloading configuration files to the device.
Page 116: Using The Mac Address Finder
Managing Network Security configuration archive files to determine if any configuration changes have been made. If it detects changes, EPICenter will inspect the Syslog file for the device to identify any entries that are related to the configuration changes observed in the archived configuration file. Regularly archiving your device configuration files provides a backup in case a configuration is ●...
Page 117: Using Alarms To Monitor Potential Security Issues
Using Alarms to Monitor Potential Security Issues Using Alarms to Monitor Potential Security Issues The EPICenter Alarm Manager allows you to create custom alarm conditions on any supported MIB object known to EPICenter. Using the Alarm Manager, you can set up alarms for alerting you to critical security problems within your network.
Page 118: Device Syslog History
Managing Network Security Device Syslog History Syslog messages report important information about events in your network. Each Extreme Networks products acts as a syslog client, sending syslog messages to configured syslog servers. These messages include information that reveals the security status of your network. Using syslog messages, you can track events in your network that may affect security.
Page 119 LAN, but each is tagged with a different VLAN ID. Marketing traffic going through the same physical LAN switches will not reach Finance hosts because they exist on a separate VLAN. Extreme Networks switches can support a maximum of 4000 VLANs. VLANs on Extreme Networks switches can be created according to the following criteria: Physical port ●...
Page 120: Using Ip Access Lists
Managing Network Security Figure 53: Creating NetBIOS VLAN Chapter 5 “Managing VLANs” for more information about how EPICenter can help you manage the VLANs on your network. Using IP Access Lists IP access lists (ACLs) determine what traffic is allowed on your network. ACLs use a set of access rules you create to determine if each packet received on a switch port is allowed to pass through the switch, and if so, at what priority and with how much bandwidth, or is denied (dropped) at the ingress port.
Page 121 Network Access Security 3 Verify there is an appropriate “fall-through” control in your access list design. This default control is what will be used when all other access lists do not match the traffic pattern. Typically, this default control is a “deny-all” access list to block all traffic that does not match any security policy in place. Using EPICenter to Create Access Lists You use the optional Policy Manager feature in EPICenter to configure and monitor access lists.
Page 122 Managing Network Security Figure 54: IP Policy for Denying TCP SYN Packets. EPICenter Concepts and Solutions Guide...
Page 123: Chapter 8: Managing Wireless Networks
The EPICenter reports feature has a pre-defined Wireless AP Report that lists all the wireless Extreme Networks APs attached to Extreme switches. Click on any AP in the list to get a detailed inventory report for that AP.
Page 124: Security Monitoring With Reports
Managing Wireless Networks The Wireless Interface Report delves further into the configuration and status of individual interfaces associated with Wireless APs. This report details the security requirements for hosts connecting to the network through that interface as well as the number of clients associating through that interface. Refer to Chapter 16 in the EPICenter Reference Guide for details on the Wireless AP Report and the Wireless Interface Report.
Page 125: Client Mac Spoofing Report
Security Monitoring with Reports Client MAC spoofing report When the network detects two or more client stations with the same MAC address that are all in the data forwarding state on different wireless interfaces, the client might be using another client’s MAC address in an unauthorized way;...
Page 126: Detecting Rogue Access Points
Rogue APs. APs are marked as rogues in Extreme Networks switches by detecting when a new AP shows up on the network that does not appear in the list of authorized APs. The Rogue AP Report in EPICenter lists these unauthorized APs and gives details on the AP model, operating characteristics, and the interface that detected the rogue AP.
Page 127: Detecting Clients With Weak Or No Encryption
Detecting Clients with Weak or No Encryption 3 Click on the Add to Safe List button to add this AP MAC address to the EPICenter Safe AP MAC Address List. This AP will no longer show up as a rogue AP. Figure shows an example of the Rogue Access Point Detail Report.
Page 128: Wireless Network Status With Reports
Managing Wireless Networks Figure 57: Current Wireless Clients Report Example Wireless Network Status with Reports The EPICenter Reports feature provides multiple dynamic reports that can be used to monitor the status of your wireless network. These reports give a summary of the wireless network, as well as drill down details on access points, interfaces, network logins and clients.
Page 129: Debugging Access Issues With Syslog Reports
Debugging Access Issues with Syslog Reports 1 Configure the MIB Poller using a collections.xml file, as described in “Using the MIB Poller Tools” on page 137. 2 Add the necessary MIB variables to collections.xml to match the statistics you want to monitor on your wireless interfaces.
Page 130 Managing Wireless Networks EPICenter Concepts and Solutions Guide...
Page 131: Chapter 9: Tuning And Debugging Epicenter
Tuning and Debugging EPICenter This chapter describes how to tune EPICenter performance and features to more effectively manage your network. It also describes some advanced features that are available to an EPICenter administrator (a user with an Administrator role) to help analyze EPICenter or Extreme device operation. These include: Monitoring and tuning EPICenter performance ●...
Page 132: Polling Types And Frequencies
Tuning and Debugging EPICenter For devices that simply take a long time to sync or to poll on a Detail poll cycle, you can reduce the impact by reducing the Detail Poll frequency (lengthening the time between polls) for those devices. The default Detail polling frequency is 30 minutes for core devices and 90 minutes for edge devices.
Page 133: Performance Of The Epicenter Server
Tuning the Alarm System A setting of Light (recommended) means the elapsed time between groups of MAC address polling requests will be calculated to place a lighter load on the EPICenter server. As a result, it will take longer for the server to accomplish a complete polling cycle. Moving the load indicator towards Heavy will shorten the elapsed time between groups of MAC address polling requests, at the cost of a heavier load on the EPICenter server.
Page 134: Disabling Unnecessary Alarms
Tuning and Debugging EPICenter Disabling alarms you don’t care about ● Scoping alarms so they only function on for devices you care about ● Identifying individual devices that generate a lot of alarm activity, and either correcting the situation ● that may be producing these alarms, or removing the device from the scope of alarms that aren’t necessary for the device.
Page 135: Limiting The Scope Of Alarms
Tuning the Alarm System impact, as those alarms should never occur. However, if you do use ESRP but do not want to know about state changes, disabling that alarm could have some performance impact. One way to determine which alarms could be disabled for maximum performance impact is to look at the alarms that actually do occur within your network.
Page 136: The Alarm And Event Log Archives
Tuning and Debugging EPICenter You can scope an alarm to Device Groups and Port Groups as well as individual devices and ports. To change the alarm scope for an existing alarm: 1 Under the Alarm Definition tab in the Alarm System feature, select the alarm you want to scope, and click Modify.
Page 137: Using The Mib Poller Tools
Using the MIB Poller Tools An archiving check is performed once an hour. If you need to store additional historical data beyond the two 30 MB file limit for events and the 6 MB file limit for alarms, you can periodically make backup copies of the archive files to a separate location.
Page 138 Tuning and Debugging EPICenter </table> <table> <oid name="variableName2" dataLabel="Label/description" /> <oid name="variableName3" dataLabel="Label/description" /> </table> <scalar> <oid name="scalarVariable1" dataLabel="Label/description" /> <oid name="scalarVariable2" dataLabel="Label/description" /> </scalar> <scope ipAddress="123.234.345.456" /> <scope ipAddress="123.234.345.789" /> </collection> </collections> Within the outermost statement, you can define multiple individual collections, each collections bracketed with <collection name= ...
Page 139: The Mib Poller Summary
Using the MIB Poller Tools The MIB Poller Summary If a file has been loaded, the MIB Poller Summary shows the names of the collections collection.xml defined in the xml file, along with their status (running or stopped). Figure 59 shows the summary for a a set of three collections.
Page 140 Tuning and Debugging EPICenter which has been modified to specify a different set of collections, or until the file is collections.xml removed from the collections directory. You can stop the polling process for a running collection by placing a check in the checkbox in the first column next to the collection name, and clicking Stop.
Page 141: The Mib Poller Detail Report
Using the MIB Poller Tools Collection Name The name of the collection Polling Interval The polling interval, in seconds Save Polled Data Whether the polled data is being saved in the database (Yes or No) Scope The devices on which polling for this data is being conducted Status The status of the collection (running or stopped) Startup State...
Page 142: Viewing The Xml Collection Definition
Tuning and Debugging EPICenter This report shows the following information: Device The name of the device. This is also functions as a link to the Device Details report for the device Status The status of the collection on this device (running, stopped, or error) Message A message, if appropriate, explaining the status (such as an error message).
Page 143: The Mib Query Tool
Using the MIB Poller Tools Exporting the Collected Data One of the main purposes for collecting historical MIB data over time is to allow analysis to identify trends or patterns that may provide insights into your network usage. In order to do this, you need to export the collected MIB data so it can be used by other analysis tools.
Page 144 Tuning and Debugging EPICenter Figure 63: A MIB Query example To perform a MIB query, you enter the required data into the appropriate fields: Enter into the first field the IP addresses of the devices from which you want to get data. ●...
Page 145: Reconfiguring Epicenter Ports
EPICenter installation: runserver.sp jboss/bin In Windows this would be ● \Program Files\Extreme Networks\EPICenter 6.0\jboss\bin\runserver.sp In Solaris it would be ● /opt/ExtremeNetworks/EPICenter6.0/jboss/bin/runserver.sp The ports defined in this file, and their default settings, are: jboss.webservice.port=8083 jboss.ejb3.remoting.port=3873...
Page 146: Using The Epicenter Debugging Tools
Tuning and Debugging EPICenter When you edit this file, take care not to add any extra spaces. If editing this file does not solve your problems, you should call your Extreme Networks Technical Support representative for help. Using the EPICenter Debugging Tools The EPICenter debugging tools are available through the Reports modules for users with an administrator role.
Page 147: Chapter 10: Voip And Epicenter-Avaya Integrated Management
The EPICenter/Avaya integration has been developed jointly by Extreme and Avaya to deliver a set of tools that enable managing and troubleshooting Avaya Voice and Extreme Networks infrastructure networks in a coordinated manner. Each product can discover and display devices from the other vendor, and can cross-launch both the network management application (EPICenter or the Avaya Network Management Console) and device managers embedded in the supported devices.
Page 148: Installation Considerations
VoIP and EPICenter-Avaya Integrated Management Discovery: an External Discovery radio button will enable EPICenter to retrieve the IP addresses of ● devices the Avaya Integrated Management Console is managing so that EPICenter can discover those devices. This button loads the IP addresses of the devices in the Avaya Integrated Management inventory into the discovery list so that they can be discovered by EPICenter.
Page 149: Tftp Server Coordination
Discovering Avaya Devices TFTP Server Coordination Both EPICenter and the Avaya Integrated Management software provide TFTP servers, but only one run. To avoid problems, you should disable one of the TFTP servers, and configure the TFTP root to point to the enabled TFTP server. To disable the TFTP server in EPICenter, do the following: 1 From either the Configuration Manager or the Firmware Manager, click the TFTP button on the Toolbar (or select TFTP from the Firmware or Config menus).
Page 150: Avaya Devices In Epicenter
VoIP and EPICenter-Avaya Integrated Management 3 Select the All MIB-2 Devices checkbox to discover non-Extreme Networks devices. 4 Click New. EPICenter will query the Avaya Information Manager for the devices it is managing, and will add those to the list of IP addresses to discover.
Page 151: Launching The Avaya Device Manager From The Devices Sub-Menu
Tools Menu Commands The Device sub-menu, accessed from the right-click pop-up menu or the Tools menu, provides a command to launch the device manager for the selected Avaya device. The device manager appears in a separate window, either running in a browser window or as a separate application depending on whether your EPICenter client is running on the same system as the Avaya Integrated Management and EPICenter servers.
Page 152 VoIP and EPICenter-Avaya Integrated Management Figure 67: The Avaya sub-menu on the EPICenter Tools menu. The three Avaya-specific commands are shown in Table Table 7: Avaya Sub-menu Commands on Tools Menu AIM Console Launches the Avaya Integrated Management Console. If your client is running on the same system where the EPICenter server and the Avaya Integrated Management server are installed, the Avaya Integrated Management Console runs as an application.
Page 153: Launching The Avaya Integrated Management Console From Epicenter
Launching the Avaya Integrated Management Console from EPICenter Launching the Avaya Integrated Management Console from EPICenter As long as the Avaya Integrated Management server is installed directly on the same system as the EPICenter server (and not as a plug-in to HP OpenView) you can launch the Avaya Integrated Management Console from the EPICenter Tools menu (available from any feature within EPICenter.
Page 154: Syncing Ip Phones
VoIP and EPICenter-Avaya Integrated Management the device to which the phones are connected, or through the IP Phones report. IP phones connected to Extreme devices do not appear in the Component Tree or on any Topology maps. IP Phone location and status data is based on information learned by the EPICenter MAC Poller. The MAC Poller collects MAC address and other information about the devices it detects on the edge ports of Extreme devices.
Page 155: The Ip Phones Properties Display
Monitoring IP Phones on Extreme Devices To update IP Phone information in the EPICenter database, click Sync IP Phones under the Avaya ● sub-menu on the Tools menu at the top of the window. As with the Import IP phones command, no user input is required—a message box shows the progress of the sync operation.
Page 156: Ip Phones Reports
VoIP and EPICenter-Avaya Integrated Management Model The model (type) of IP phone Status The phone status: • Active: its MAC address is present in the device’s operational FDB • Inactive: the MAC address is not present in the operational FDB. This list will display the most current IP phones information;...
Page 157: Epicenter System Properties For Avaya Integration
EPICenter System Properties for Avaya Integration The IP Phones report displays the following information about each phone: Extension The phone extension Extension/IP Address The phone extension, or the IP address (if the Avaya Integrated Management server is installed as a plug-in to HP OpenView, only the address is available, not the extension). Netmask Subnet Mask for the IP phone The MAC address of the IP phone...
Page 158 VoIP and EPICenter-Avaya Integrated Management Figure 71: The Avaya Integration Server Properties, Admin feature When you select Avaya Integration from the drop-down menu field at the top of the Properties panel, you can set the following properties: AIM Server Host The IP address (or host name) of the system running the Avaya Integrated Management server.
Page 159: Launching Epicenter From The Avaya Integrated Management Console
Launching EPICenter from the Avaya Integrated Management Console AIM Trap Community The community string EPICenter should use when fowarding a trap. If the community has been reconfigured in the Avaya Integrated Management Console, you must reconfigure this setting to match. Enable Launching AIM A check in this box indicates that EPICenter will launch the Avaya Device Manager through Device Manager...
Page 160 VoIP and EPICenter-Avaya Integrated Management EPICenter Concepts and Solutions Guide...
Page 161: Chapter 11: Policy Manager Overview
Policy Manager Overview This chapter describes: An overview of the Policy Manager features ● An introduction to the concepts that are fundamental to creating policies using the EPICenter Policy ● Manager Overview of the Policy Manager Policy-based management is used to protect and guarantee delivery of mission-critical traffic. A network policy is a set of high-level rules for controlling the priority of, and amount of bandwidth available to, various types of network traffic.
Page 162: Basic Epicenter Policy Definition
Policy Manager Overview definition. Resources must be set up through the Grouping Manager or Inventory Manager before you can use them in a policy definition. You should be thoroughly familiar with the Grouping applet before you begin to define policies using the Policy Manager. Basic EPICenter Policy Definition A QoS policy in the EPICenter Policy Manager is composed of the following components: A Name and Description that you supply when you create the policy.
Page 163: Access-Based Security Policies
Policy Types In the EPICenter Policy Manager, each policy type acts somewhat like a template, allowing you to specify only components that are valid for the policy type. For example, the Policy Manager expects you to enter two sets of endpoints for a Security or an IP policy, but only a single set of endpoints for a VLAN or Source Port policy.
Page 164 Policy Manager Overview network resource(s) can be prioritized and guaranteed by the assignment of a specific quality profile on a per user basis. You can also further define the network resource-side traffic endpoints by specifying a named application or service, which translates to a protocol and L4 port, by directly specifying a protocol and L4 port range, or by using the Custom Applications group to collect a series of protocols and ports under one application.
Page 165: Ip-Based Policies (Access List Policies)
Policy Types the path for that policy. This reduces the policy load on the rest of the system. On the contrary, for an IP policy, the policy must be specified on each intermediate device in the path between the endpoints. The EPICenter Policy Manager lets you specify the policy traffic flow in terms of named components.
Page 166 Policy Manager Overview Figure 73: IP QoS policy Policy scope Server Client A Iceberg Application: Baan (TCP, L4 port 512) Client B Client C XM_016 Unlike the VLAN and source port policy types, Security and IP policies specifies a traffic flow between two endpoints, and that traffic may travel through multiple network devices between those two endpoints.
Page 167 Policy Types Figure 74: Translation of a client/server policy definition into traffic flows Server Client Iceberg Traffic direction: BOTH Baan Server Client 10.2.3.4 10.4.0.1 10.4.0.2 10.4.0.3 Server Client 10.2.3.4 10.4.0.1 10.4.0.2 10.4.0.3 Destination Destination Source Source L4 port L4 port 10.2.3.4 TCP 512 10.4.0.1...
Page 168: Source Port Policies
Policy Manager Overview profiles (QP1 through QP4 or QP8) that allow access, within the bandwidth and priority constraints defined by the QoS profile. An access rule intended to deny access from one endpoint to another is implemented in the EPICenter Policy Manager using the “blackhole” QoS profile. IP-based QoS policies (or Access List policies) are supported on Extreme devices running ExtremeWare 5.0 or later—...
Page 169: Vlan Policies
Policy Types VLAN Policies A VLAN policy identifies traffic originating from the member ports of one or more VLANs, and assigns that traffic to a QoS profile. The Policy System implements VLAN QoS for all the traffic flows from the specified VLANs, on the devices you have defined in your policy scope.
Page 170: Policy Named Components
Policy Manager Overview CLI or through ExtremeWare Vista. See the ExtremeWare Software User Guide for versions 6.0 or later for details on using 802.1p and DiffServ. In the example shown in Figure 76, if the links between switches A and C and switches B and C use tagging (as shown in the diagram), the QoS profile information specified by the VLAN policy will be propagated into switch C, for traffic originating on the links between the switches.
Page 171 Policy Named Components Figure 77: EPICenter Policy Manager components Device Group group Policy import import named components import Netlogin/DLCS import Device User Host Application as a Host Netlogin/DLCS import import System System Device L4 / VLAN IP/subnet QoS profile port L4 range Policy primitive components XM_020A...
Page 172: Policy Access Domain And Scope
Netlogin/DLCS indicates that the mapping may be obtained through Netlogin or the Dynamic Link ● Context System (DLCS) operating within Extreme Networks devices. DNS indicates that the mapping may be obtained via a name lookup service such as DNS. ●...
Page 173 Policy Access Domain and Scope on your network devices. The policy access domain or scope definition has three functions: It specifies the network devices on which the policy should be implemented, what the treatment should be on each device in the domain or scope. You can specify the domain or scope by selecting individual devices, or you can specify groups to ●...
Page 174: Using Groups In Policy Definitions
Policy Manager Overview traffic, in terms of the minimum and maximum bandwidth and traffic priority, may be different in each switch because profile QP1 is configured differently in each switch. Using Groups in Policy Definitions In many cases, you may want to define multiple policies that should apply to the same set of endpoints, or that should have the same set of devices as the policy domain or scope.
Page 175: Precedence Relationships Within The Policy Manager
Policy Configuration For example, when you use a group to define a traffic flow, you are specifying that all members of that group (that can be mapped to an IP address) are endpoints of the specified traffic flow. If you define a large group that is used for a variety of purposes, especially one with subgroups as members, you need to ensure that it does not contain members that will result in policy traffic flows other than the ones you intended to specify.
Page 176: Epicenter Policy Limitations
Policy Manager Overview If Auto Configuration is disabled, you must explicitly perform the configuration process using one of the directed configuration functions initiated using the Configure or Configure All buttons on the Policy Manager toolbar. EPICenter Policy Limitations The EPICenter Policy Manager does not support the entire set of policy-based QoS features found in the most current versions of the ExtremeWare software.
Page 177 Appendices...
Page 179: Appendix A: Troubleshooting
You can email this file to Extreme Networks technical support to provide them with detailed information on the state of the EPICenter server.
Page 180: Using The Browser-Based Client (Windows Only)
Troubleshooting In Windows, if you have EPICenter installed in the default directory, this would be c:\Program Files\Extreme Networks\EPICenter 6.0\client\bin runclient.exe DEBUG DEBUG In Linux or Solaris, if you have EPICenter installed in the default directory, this would be /opt/ExtremeNetworks/EPICenter6.0/client/bin/runclient DEBUG DEBUG Log files for the installed client can be found in <EPICenter_install_dir>/logs...
Page 181: Epicenter Client Issues
EPICenter Client Issues EPICenter Client Issues Problem: Client is unable to connect to the EPICenter server. Verify that the EPICenter Server process is running. Verify that the server is running on the specified port. You can try to connect to the server’s HTTP port using a browser.
Page 182: Epicenter Database
Files\Extreme Networks\EPICenter 6.0 different location, substitute the correct installation directory in the commands below. 2 Go to the EPICenter install directory: cd c:\Program Files\Extreme Networks\EPICenter 6.0\database\bin 3 Add the EPICenter database directory to your path: set path=c:\Program Files\Extreme Networks\EPICenter 6.0\database\bin;%path% 4 Execute the following commands: database\bin\dbeng9.exe -f ..\database\data\basecamp.db...
Page 183: Epicenter Server Issues
EPICenter Server Issues To recover the database in Solaris, do the following: 1 Open a shell window (csh is used for the following example). The following commands assume you have accepted the default installation location, /opt/ . If you have installed EPICenter in a different location, substitute ExtremeNetworks/EPICenter6.0 the correct installation directory in the commands below.
Page 184 Troubleshooting 1 Telnet to the switch. 2 Log in to the switch. 3 Type to verify that the system running the EPICenter is a trap receiver, or show management if the device is running SNMPv3. show snmpv3 target-addr <ipaddress> An Extreme switch can support a maximum of 16 trap destinations with ExtremeWare 6.0 or greater. If EPICenter is not specified as a trap destination, then no SmartTraps are sent, and the data is not refreshed.
Page 185 EPICenter Server Issues There are several things you can do to alleviate this problem: Periodically clear the switch’s log file using the ExtremeWare CLI command. Telnet login ● clear log and logout messages are Informational level messages. You can create a Telnet macro to do this. Disable device Telnet polling by clearing the Poll Devices Using Telnet property in the Devices list ●...
Page 186 Troubleshooting Exceeding the first limit (>20 traps in 28 seconds) is rare, and should be considered abnormal behavior in the managed device. If you are managing a large number of devices, you may reach the total (275) limit in normal circumstances. If you are managing more than 1000 devices, it is recommended that you increase the total number of traps to 500.
Page 187: Vlan Manager
If this is a persistent problem, the default log file size can be increased. Please call Extreme Networks technical support for guidance on how to modify EPICenter’s internal parameters to increase the log size.
Page 188: Alarm System
Troubleshooting Problem: Configuration fails when attempting to configure a VLAN with a modified protocol definition. EPICenter does not have a mechanism to modify protocols. When a VLAN is configured through EPICenter to use a protocol that does not exist on the switch, the protocol is first created on the switch. However, if a protocol with the same name but a different definition already exists on the switch, the operation will fail.
Page 189 Alarm System If the value of the counter was already above the threshold value when you set up the RMON rule, ● and you have the Sample Type set to Absolute, no alarm will ever be generated. This because the value must fall below the Falling Threshold value before the before another Rising Threshold trap will be sent, and this will never occur.
Page 190: Esrp Monitor
Inventory Manager Problem: Multiple switches have the same name. This is because the sysName of those switches is the same. Typically, Extreme Networks switches are shipped with the sysName set to the type of the switch “Summit48,” “Summit1i,” “Alpine3808,” and so on, depending on the type of switch.
Page 191: Grouping Manager
Grouping Manager address found in this manner. If no MAC address is found in any ifPhysAddress entry, the device will not be added to the EPICenter database. Problem: Attempted to add a switch in the Inventory Manager after rebooting the switch, and received an “SNMP not responding”...
Page 192: Topology
Troubleshooting Topology Problem: In Map Properties, changed the node background color, but only some of the node backgrounds changed. The background color affects submap nodes, device hyper nodes and device or decorative nodes that do not display the device icon (either because the icon display is turned off or the nodes have been reduced in size to where the icon cannot be displayed).
Page 193 Reports In the URL, replace with the name of the system where the EPICenter server is running. <host> Replace with the TCP port number that you assigned to the EPICenter Web Server during <port> installation. 2 Click the View Reports link. 3 Login to the Reports feature.
Page 194 Troubleshooting EPICenter Concepts and Solutions Guide...
Page 195: Appendix B: Configuring Devices For Use With Epicenter
Configuring Devices for Use With EPICenter This appendix describes how to configure certain features on Extreme and third-party devices to enable EPICenter features relative to those devices. It also includes information about configuring an external RADIUS server for use with EPICenter. Topics include: Configuring EPICenter as a Syslog Receiver on page 195 ●...
Page 196: Setting Epicenter As A Trap Receiver
Configuring Devices for Use With EPICenter Setting EPICenter as a Trap Receiver When Extreme devices are added to the EPICenter inventory, they are automatically configured to send traps to the EPICenter server. However, third-party devices are not automatically configured to do so. If you want alarms to function for third-party devices, you must manually configure the devices to send traps to the EPICenter server.
Page 197: Inventory Manager Integration
The device integration process may require editing of certain EPICenter files that can affect the functionality of the EPICenter server. In some cases, editing these files incorrectly may prevent the EPICenter server from running. It is strongly recommended that device integration be undertaken only under the supervision of Extreme Networks support personnel.
Page 198 XML files for 3rd-party devices extend and further specify properties unique to each device type and device. Extreme Networks devices are also recognized through this same ATL mechanism. When EPICenter discovers a device, it searches this hierarchy for a match to the device or device type that will provide the properties for the device.
Page 199 The EPICenter Third-party Device Integration Framework Table 8: Attributes Used in an ATL File Attribute Value Parent The parent XML file. For an individual device model, this may be the device type XML file (e.g. in the 3Com_SuperstackerII_1100.xml file, the parent is “3Com.xml”). For a device type XML file, such as the 3COM.xml file, the parent is “3rdParty.xml”.
Page 200 Configuring Devices for Use With EPICenter Note that in the file, the sysObjectID is the enterprise OID for 3COM; in the 3Com.xml file, it is the OID of the specific 3Com device. Many of the attributes 3Com_SuperstackerII_1100.xml in the 3Com.xml file are related to integration into Telnet. These are discussed in “Telnet Integration”...
Page 201: Telnet Integration
The EPICenter Third-party Device Integration Framework The dpsimages.zip File file contains the images used in the Component Tree that appears in places such as dpsimages.zip the Inventory Manager. If you are adding a completely new device or device type with its own unique image, you must add that image to this file.
Page 202: Alarm Integration
Configuring Devices for Use With EPICenter Table 9: Tags used for Telnet integration Value Comments CLI.MORE_PROMPT Provide the pattern that This tag is optional. matches the prompt used by the device to prompt when paging is enabled on the device. file provides an example of the prompts used for Telnet integration: 3Com.xml <?xml version="1.0"...
Page 203 The EPICenter Third-party Device Integration Framework Editing the Events.xml file CAUTION Make a backup copy of this file before you start, and edit carefully. Do not edit the existing entries in this file. Errors in this file may prevent the EPICenter server from starting up. file is located in the directory.
Page 204: Launching Third Party Applications
Configuring Devices for Use With EPICenter Add any new entries to the end of the file only, do not add them in between existing entries. ● Make sure each entry is unique ● Make sure each MIB file name matches the MIB definition name. ●...
Page 205: Appendix C: Using Ssh For Secure Communication
Using SSH for Secure Communication This appendix describes in detail how to set up secure tunneling between the EPICenter server and EPICenter clients. By default, communication between the EPICenter server and its clients is unencrypted. This means the traffic between client and server could easily be captured, including passwords, statistics, and device configurations.
Page 206: Step 2: Configure The Putty Client
Using SSH for Secure Communication You must download this application to each EPICenter client for which you want to secure your client- server communication. Step 2: Configure the PuTTY Client 1 Configure the Session settings: Click on the Session category in the left column tree, as shown in Figure 79.
Page 207 Step 2: Configure the PuTTY Client Figure 80: The basic SSH settings 3 Under SSH, click on Tunnels, as shown in Figure Figure 81: SSH Tunneling settings For X display location type ● localhost:0 EPICenter Concepts and Solutions Guide...
Page 208 Using SSH for Secure Communication Click the Local radio button. ● For the Source port type the HTTP port number you configured when you installed EPICenter ■ (by default, this is port 8080). For the Destination type where is the HTTP port you configured at ■...
Page 209: Step 3: Installing Openssh Server
Step 3: Installing OpenSSH Server Step 3: Installing OpenSSH Server The following section demonstrates the installation of the OpenSSH server on the EPICenter server. If there is an SSH server already running on the EPICenter server, skip this step. 1 Create a folder c:\cygwin 2 Next, download the file from...
Page 210 Using SSH for Secure Communication Figure 84: Choose Installation Directory 5 In the Root Directory field type , which is where the OpenSSH will be installed. C:\cygwin Select the All Users radio button so all users will have access the SSH server. Click Next.
Page 211 Step 3: Installing OpenSSH Server Figure 86: Select Packages 8 Locate the line , click on the word skip so that an X appears in Column B. OpenSSH 9 Find the line , click on the word skip so that an X appears in Column B. cygrunsrv 10 Click Next to begin the installation.
Page 212 Using SSH for Secure Communication Figure 87: Adding a system variable for Cygwin 13 In the bottom section of the window under System variables, click the New button to add a new entry to the system variables: Variable name: = ●...
Page 213 Step 3: Installing OpenSSH Server Figure 88: System variable for Cygwin successfully added 14 From the Environment Variables window, scroll the System variables list, select the Path variable, and click the Edit button. Figure 89: EPICenter Concepts and Solutions Guide...
Page 214: Step 4: Configure Microsoft Firewall To Allow Ssh Connects
Using SSH for Secure Communication 15 Append “ ” to the end of the existing variable string. ;c:\cygwin\bin Figure 90: Modifying the path Click OK. 16 Next, open a cygwin window (by double clicking the Cygwin icon ). A black window appears. Figure 91: Configuring the SSH server through cygwin 17 At the prompt, enter ssh-host-config...
Page 215 Step 4: Configure Microsoft Firewall to Allow SSH Connects To configure the Windows Firewall to allow SSH connects, do the following: 1 Open the Windows Control Panel and double click the Windows Firewall icon. The Windows Firewall window opens. Figure 92: Configuring the Windows Firewall to allow port 22 connections 2 Click on the Exceptions tab and click on Add Port….
Page 216: Step 5: Initiate Epicenter Server/Client Communication
Using SSH for Secure Communication 3 In the Name field, type SSH, and type and 22 for the Port number. Click the TCP radio button, then click OK. The Windows firewall is now configured to allow SSH connections. Step 5: Initiate EPICenter Server/Client Communication To establish an encrypted tunnel between the EPICenter server and client, do the following: 1 Run the Putty application ( ) and select the EPICenter session.
Page 217 Step 5: Initiate EPICenter Server/Client Communication Figure 95: Logging in to EPICenter via the secure tunnel as the Server Hostname. ● localhost Make sure the HTTP Port is ● 8080 Enter your EPICenter user name and password and click Login. ●...
Page 218 Using SSH for Secure Communication EPICenter Concepts and Solutions Guide...
Page 219: Appendix D: Configuring Radius For Epicenter Authentication
Configuring RADIUS for EPICenter Authentication This appendix describes in detail how to set up an external RADIUS server to provide authentication services for EPICenter users, when EPICenter is configured to act as a RADIUS client. The following example is a step-by-step walk-through example using Microsoft Active Directory and Internet Authentication Service.
Page 220: Step 2. Associate Users With The Epicenter Group
Configuring RADIUS for EPICenter Authentication Step 2. Associate Users with the EPICenter Group If necessary, create one or more new users. To add a new user, click Users, the New>User. Follow the steps to enter the user information and ● password.
Page 221 Step 2. Associate Users with the EPICenter Group Figure 98: The Member Of tab 3 In the Enter the object names to select field, type the name of the EPICenter-related group this user should be associated with (see Figure 99). Click OK to continue.
Page 222: Step 3. Enable Epicenter As A Radius Client
Configuring RADIUS for EPICenter Authentication Figure 100: The Dial-in tab configuration Step 3. Enable EPICenter as a RADIUS Client Within the Internet Authentication Service, enable EPICenter as a RADIUS client. 1 Under the Internet Authentication Service click RADIUS Clients, then New> RADIUS Client. 2 Type a Friendly Name for the RADIUS client (example uses EPICenter) and type the IP address or host name of the EPICenter server.
Page 223: Step 4. Create A Remote Access Policy For Epicenter Users
Step 4. Create a Remote Access Policy for EPICenter Users Figure 102: Setting the shared secret for a RADIUS client 4 Click Finish. The new client (EPICenter) should now appear in the list of RADIUS Clients under the Internet Authentication Service, as shown in Figure 103.
Page 224 Configuring RADIUS for EPICenter Authentication To create a Remote Access Policy: 1 Under the Internet Authentication Service, right click the Remote Access Policies folder, select New and then Remote Access Policy. The New Remote Access Policy Wizard will start. Click New to continue. 2 Type type a name for the Policy Name (see Figure 104, where EPICenter is used as an example),...
Page 225 Step 4. Create a Remote Access Policy for EPICenter Users Figure 105: Selecting the Access Method for network access 4 The User or Group Access window appears. This is where you associate a group with this policy. Figure 106: The User or Group Access selection 5 Select the Group radio button, then click Add..
Page 226 Configuring RADIUS for EPICenter Authentication Figure 107: The Select Groups window 6 Click on Locations..The Locations pop-up appears, as shown in Figure 108.) Figure 108: The Locations window 7 Select the appropriate domain (the ebcdemo.com domain in this example) where your EPICenter groups were created.
Page 227 Step 4. Create a Remote Access Policy for EPICenter Users Figure 109: The Select Groups window after setting the location 8 Type the name of the group you want to associate with this remote access policy. Click OK to continue. The User or Group Access window re-appears, with the domain and group you specified shown in the Group name list.
Page 228: Step 5. Edit The Remote Access Policy To Add A Vsa
Configuring RADIUS for EPICenter Authentication Figure 111: Setting the Authentication Method for the policy 10 Click Finish in the final window to complete your configuration of the remote access policy. Step 5. Edit the Remote Access Policy to add a VSA Edit each new Remote Access Policy to add a Vendor Specific Attribute (VSA) or to set the Service Type attribute value.
Page 229 Step 5. Edit the Remote Access Policy to add a VSA Figure 112: Selecting a Remote Access Policy to edit The Properties window appears (Figure 113). Figure 113: The Properties window for a remote access policy 2 Remove the NAS-Port-Type matches Ethernet policy: select NAS-Port-Type matches Ethernet and click Remove.
Page 230 Configuring RADIUS for EPICenter Authentication 3 Next, select the Windows-Group matches “EBCDEMO\EPICenter” policy and click Edit Profile. The Edit Dial-in Profile window appears. Figure 114: The Edit Profile window, Authentication Tab 4 Select the Authentication tab, and check Unencrypted authentication (PAP,SPAP). Then click the EAPS Methods button.
Page 231 Step 5. Edit the Remote Access Policy to add a VSA Figure 116: The Edit Profile window, Advanced Tab 7 Select Vendor-Specific and click Add. The Multivalued Attribute Information window appears. Figure 117: The Multivalued Attribute Information window 8 Click Add again. The Vendor-Specific Attribute Information window appears. This is where you add the EPICenter VSA settings.
Page 232 Configuring RADIUS for EPICenter Authentication Figure 118: The Vendor-Specific Attribute Information window 9 Select the Enter Vendor Code radio button, and type 1916 as the vendor code. Select the Yes. It conforms radio button. Click Configure Attribute... The Configure VSA pop-up appears. Figure 119: Configuring the VSA 10 In the next window, provide the following: Enter 210 for the Vendor-assigned attribute number.
Page 233 Step 5. Edit the Remote Access Policy to add a VSA 11 The new attribute will appear in the Multivalued Attribute Information window as with the value set to the role name you entered (Administrator in this Vendor code: 1916 example).
Page 234: Step 6. Configure Epicenter As A Radius Client
Configuring RADIUS for EPICenter Authentication Step 6. Configure EPICenter as a RADIUS Client Once EPICenter is configured in IAS as a RADIUS client, you must configure it as a RADIUS client through the Admin applet. 1 In the Admin applet, select the RADIUS tab, as shown in Figure 121.
Page 235: Appendix E: Epicenter Utilities
The Package EPICenter Info utility, that collects the various log files and other system information ● into an archive file (zip-format file) that can be sent to Extreme Networks technical support organization to help troubleshoot problems with EPICenter. The Port Configuration utility, a Windows-only utility that you can use to change the ports used by ●...
Page 236: Port Configuration Utility
In Windows, you can also run the Package EPICenter Info command from the Programs menu: Start > Programs > Extreme Networks > EPICenter 6.0 > Package EPICenter Info. In this case, a DOS window appears that will display the progress of the commands as they are executed.
Page 237: The Devcli Utility
The DevCLI Utility Figure 122: EPICenter Port Configuration Utility There are two tabs, one for the Web (HTTP) port, and one for the Database Port. Each shows the current port number, the default port number, and provides a field where you can enter a new number.
Page 238: Using The Devcli Commands
The utility is located in the subdirectory under the EPICenter install directory, by default client\bin in a Windows environment, or \Program Files\Extreme Networks\EPICenter 6.0\client\bin in a Linux or Solaris environment. /opt/ExtremeNetworks/EPICenter6.0/client/bin The DevCLI utility supports the following four commands: to add a device or device group.
Page 239 The DevCLI Utility To manually update the configurations for the default device group, enter the command: devcli sync -u admin -g Default NOTE You can type either sync or syn when you use the devcli sync command. These commands support a set of options for specifying device information such as passwords and community strings, device group information such as device group names and member devices, as well as information about the EPICenter server, such as host name or IP address, port, and user name and password.
Page 240: Devcli Examples
Most options default to the values equivalent to those used by default on Extreme Networks devices or in the EPICenter software.
Page 241: Inventory Export Scripts
<options> information from the EPICenter database. To export device information to file under Windows, enter the command: devinfo.csv cd “\Program Files\Extreme Networks\EPICenter 6.0\user.war\scripts\bin” inv.bat -o devinfo.csv Under Linux or Solaris, enter the command: cd /opt/ExtremeNetworks/EPICenter6.0/user.war/scripts/bin inv.sh -o devinfo.csv EPICenter Concepts and Solutions Guide...
Page 242 To run the command as user “user1,” and export slot information to file under slotinfo.csv Windows, enter the command: cd “\Program Files\Extreme Networks\EPICenter 6.0\user.war\scripts\bin” slots.bat -u user1 -o slotinfo.csv Under Linux or Solaris, enter the command: cd /opt/ExtremeNetworks/EPICenter6.0/user.war/scripts/bin slots.sh -u user1 -o slotinfo.csv...
Page 243: Inventory Export Examples
Inventory Export Scripts Table 12 specifies the options you can use with these commands: Table 12: Inventory script command options Option Value Default None If -p option not present, prompts for password If present, the command will use the default EPICenter password (“”) and will not prompt for a password.
Page 244: The Snmpcli Utility
<options> For example, to get the value of the object (the variable in the extremePrimaryPowerOperational Extreme Networks MIB) whose OID is . on the device at 10.205.0.99, 1.3.6.1.4.1.1916.1.1.1.10.0 enter the following command: snmpcli snmpget -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.10.0 returns the value of the next OID (subsequent to the OID you ●...
Page 245: Snmpcli Examples
To retrieve the values of the ● extremePrimaryPowerOperational variables for the Extreme Networks device with IP address 10.205.0 extremeRedundantPowerStatus 99, with read community string “purple” and a timeout of 1000 ms, enter the following command: snmpcli snmpget -a 10.205.0.99 -r purple -t 1000 -o .1.3.6.1.4.1.1916.1.1.1.10.0 - o .1.3.6.1.4.1.1916.1.1.1.11.0...
Page 246: The Alarmmgr Utility
The AlarmMgr utility is located in the EPICenter directory, <EPICenter_install_dir>/client/ . By default this is in Windows, \Program Files\Extreme Networks\EPICenter 6.0\client\bin in a UNIX environment. /opt/ExtremeNetworks/EPICenter6.0/client/bin This command includes options for specifying EPICenter server access information and alarm filtering parameters.
Page 247 The AlarmMgr Utility Table 14 specifies the options you can use with this command: Table 14: AlarmMgr command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not include this argument.
Page 248: Alarmmgr Output
EPICenter Utilities If you specify multiple filter options, they are combined in the manner of a logical AND. This means ● that an alarm entry must meet all the specified criteria to be included in the command results. The options for specifying the relevant time period are mutually exclusive and cannot be combined. ●...
Page 249: Using The Findaddr Command
<EPICenter_install_dir>/client/ . By default this is in Windows, \Program Files\Extreme Networks\EPICenter 6.0\client\bin in a UNIX environment. /opt/ExtremeNetworks/EPICenter6.0/client/bin This command includes options for specifying EPICenter server access information, the address to be located, and a search domain (an individual device and ports, or a device or port group).
Page 250 EPICenter Utilities Table 15 specifies the options you can use with this command: Table 15: FindAddr command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not include this argument.
Page 251: Findaddr Output
The FindAddr Utility You can specify multiple IP and MAC addresses as search items by repeating the ● -mac options. For MAC addresses, you can specify a wildcard for the last three values in the address (such as ■ 10:11:12:*:*:*). Wildcards are not supported for IP addresses.
Page 252: The Transfermgr Utility
<EPICenter_install_dir>/client/ . By default this is in Windows, or \Program Files\Extreme Networks\EPICenter 6.0\client\bin in a UNIX environment. /opt/ExtremeNetworks/EPICenter6.0/client/bin This command includes options for specifying EPICenter server access information, the transfer function to be performed (upload, download, incremental download, or ExtremeWare image download), the device on which to perform the operation on, and the file location on the server.
Page 253 The TransferMgr Utility Table 16 specifies the options you can use with this command: Table 16: TransferMgr command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not No password include this argument.
Page 254: Transfermgr Examples
. You can change the location of the <EPICenter_install_dir>\user.war\tftp TFTP root directory by using the Server function of the EPICenter Configuration Manager applet. Standard ExtremeWare software images as shipped by Extreme Networks are provided in the ● directory directory (by default <EPICenter_install_dir>\user.war\tftp\images...
Page 255: The Vlanmgr Utility
<EPICenter_install_dir>/client/bin By default this is in Windows, or \Program Files\Extreme Networks\EPICenter 6.0\client\bin in a UNIX environment. opt/ExtremeNetworks/EPICenter6.0/client/bin This command includes options for specifying EPICenter server access information, the operation to be performed (create, modify or delete), the name of the VLAN, and the devices in the VLAN with their configuration options.
Page 256 EPICenter Utilities Table 17 specifies the options you can use with this command: Table 17: VlanMgr command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not include this argument.
Page 257 The VlanMgr Utility Table 17: VlanMgr command options (continued) Option Value Default -port <ports> Ports to be included in the VLAN as untagged These options ports on the device specified by the preceding must immediately untagged -dip option. If this option is not included, any follow the -dip ports untagged ports configured on this device will...
Page 258: Vlanmgr Output
EPICenter Utilities VlanMgr Output The VlanMgr command displays output indicating the progress of the command as it configures the VLAN. VlanMgr Examples The following examples illustrate the usage of these commands. To create untagged VLAN test1 consisting of untagged ports 2-5, on the switch with IP address ●...
Page 259: The Importresources Utility
The ImportResources utility is located in the EPICenter directory, <EPICenter_install_dir>/ . By default this is client/bin \Program Files\Extreme Networks\EPICenter 6.0\client\bin Windows, or in a UNIX environment. /opt/ExtremeNetworks/EPICenter6.0/client/bin This command includes options for specifying EPICenter server access information, the operation to be performed (create, modify or delete), the name of the VLAN, and the devices in the VLAN with their configuration options.
Page 260: Importresources Examples
EPICenter Utilities Table 18 specifies the options you can use with this command: Table 18: ImportResources command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not No password include this argument.
Page 261 The ImportResources Utility This imports user data from the Windows Domain Controller that is serving the domain where the EPICenter server resides. EPICenter Concepts and Solutions Guide...
Page 262 EPICenter Utilities EPICenter Concepts and Solutions Guide...
Page 263: Index
Index Numerics installation, 148 IP phones and EPICenter, 153 802.1Q tag, 119 launching, 151 launching EPICenter, 159 Avaya, discovering devices, 149 Access Domain of a policy, 162 access levels. See user roles Access List, 162 browser-based client, 180 access list policies, 165 Access Points See APs Client History report, 65...
Page 264 73 starting under Solaris, 26 reports, 77 starting under Windows, 26 troubleshooting, 190 troubleshooting, 183 uploading to Extreme Networks TAC, 78 EPICenter Telnet. See Telnet applet Inventory Manager, 15 ESRP Manager IP address as policy components, 172 description, 18...
Page 265 Release Notes, 9 Remote Authentication Dial In User Service. See Navigation Toolbar, 42 RADIUS Network Login report, 65 Reports Network Summary Report, 64 Network Summary Report, 64 Network Summary report, 64 reports, 18, 64 Alarm Log, 64 Client History, 65 Config Mgmt Log, 64 policy Current Clients, 65...
Page 266 runclient command in Solaris, 27 runserv command in Solaris, 26 TCP SYN packets, blocking with IP policies, 122 Telnet applet, 17 example macros, 81 Safe AP MAC List report, 65 execution context, 82 safe MAC address list, 126 execution role, 82 Sample Type terminology, About This Guide, 9 Absolute (for CPU Utilization, 58...
Page 267 VLAN Summary report, 64 VlanMgr utility, 255 VLANs 802.1Q tag, 119 as policy components, 172 creating (figure), 98 definition of, 119 for security, 118 modifying from topology map, 99 protocol filters, 119 topology (figure), 97 viewing misconfigurations, 100 Voice VLAN Summary report, 64 VSA, 110 configuring, 111 Windows...
Page 268 EPICenter Concepts and Solutions Guide...

This manual is also suitable for:

Epicenter 6.0

Extreme Networks EPICenter Guide Manual

Preface

Chapter 1: Epicenter Overview

Chapter 2: Getting Started with Epicenter

Chapter 3: Managing Your Network Assets

Chapter 4: Configuring and Monitoring Your Network

Chapter 5: Managing Vlans

Chapter 6: Managing Network Device Configurations and Updates

Chapter 7: Managing Network Security

Chapter 8: Managing Wireless Networks

Chapter 9: Tuning and Debugging Epicenter

Chapter 10: Voip and Epicenter-Avaya Integrated Management

Chapter 11: Policy Manager Overview

Appendix A: Troubleshooting

Appendix B: Configuring Devices for Use with Epicenter

Appendix C: Using SSH for Secure Communication

Appendix D: Configuring RADIUS for Epicenter Authentication

Appendix E: Epicenter Utilities

Index

Quick Links

Need help?

Questions and answers

Related Manuals for Extreme Networks EPICenter Guide

Summary of Contents for Extreme Networks EPICenter Guide