Page 1 EPICenter Software ™ Installation and User Guide Version 4.1 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: June, 2003 Part number: 100143-00 Rev. 01...
Page 2 Chassis, SummitLink, SummitGbX, SummitRPS and the Extreme Networks logo are trademarks of Extreme Networks, Inc., which may be registered or pending registration in certain jurisdictions. The Extreme Turbodrive logo is a service mark of Extreme Networks, which may be registered or pending registration in certain jurisdictions. Specifications are subject to change without notice.
Page 3: Table Of Contents
The ESRP Manager The STP Monitor Dynamic Reports Distributed Server Mode Security Management EPICenter Stand-alone Utilities EPICenter Components Extreme Networks Switch Management Extreme Networks Device Support Third-Party Device Support Overview of the Policy Manager EPICenter Software Installation and User Guide...
Page 4 Contents Basic EPICenter Policy Definition Policy Types Access-based Security Policies IP-Based Policies (Access List Policies) Source Port Policies VLAN Policies Policy Named Components Policy Access Domain and Scope Using Groups in Policy Definitions Precedence Relationships within the Policy Manager Policy Configuration Cisco Device Support Cisco Port Mappings Limitations on Cisco Device Support...
Page 5 Contents Uninstalling the EPICenter Software Uninstalling the EPICenter Server on Windows 2000 or Windows XP Uninstalling the EPICenter Stand-Alone Client Application on Windows 2000 or Windows XP Uninstalling the EPICenter Server in Solaris Uninstalling the EPICenter Stand-Alone Client Application in Solaris Chapter 3 Starting EPICenter Running the EPICenter Server Software under Windows...
Page 6 Contents Adding Devices and Device Groups Adding a Device Creating a Device Group Modifying Devices and Device Groups Modifying a Device Modifying a Device Group Deleting Devices and Device Groups from the Database Deleting a Device Deleting a Device Group Updating Device Information Configuring Default Access Parameters Finding Devices...
Page 7 Contents Setting EPICenter as a Trap Receiver Log Archive Writing Tcl Scripts for Alarm Actions The Tcl Scripting Environment Chapter 6 Configuration Manager Overview of the Configuration Manager Viewing Device Information from Pop-up Menus Uploading Configurations from Devices Archiving Configuration Settings Device Schedules Global Schedules Downloading Configuration Information to a Device...
Page 8 Contents Viewing Device Information from Pop-up Menus Properties Alarms Browse EView Statistics Sync VLANs Finding Devices Displaying Properties Device Group Properties Device Properties Chapter 8 The Grouping Manager Overview of the Grouping Manager Displaying EPICenter Groups and Resources Resource Details Grouping Manager Functions Creating a New Resource Deleting Resources...
Page 9 Contents Detailed Task View Exporting Task Results to a Text File Chapter 10 Using ExtremeView Overview of the ExtremeView Application Viewing Device Status Information Viewing Switch Configuration Information Viewing Switch Statistics Finding Devices Viewing Device Information from Pop-up Menus Properties Alarms Browse Statistics...
Page 10 Contents Displaying Properties Device Group Properties Device Properties Slot Properties Port Properties Chapter 12 Network Topology Views Overview of EPICenter Topology Views Displaying a Network Topology View Map Elements Map Element Description Panel Manipulating Topology Views and Maps Creating a New View or a New Map Node Placement Criteria in an Auto Populate View Adding Elements to the Map Editing the Map...
Page 11 Contents Modifying a VLAN Modifying a VLAN from the Toolbar Modifying a VLAN from the Component Tree Menu Adding and Deleting Protocol Filters Chapter 14 The Spanning Tree Monitor Overview of the Spanning Tree Monitor Displaying STP Domain Information Displaying STP VLAN Configurations Displaying STP Device Configurations Displaying STP Port Information Viewing STP Domain Properties from Pop-Up Menus...
Page 12 Contents Distributed Server Administration Configuring a Server Group Member Configuring a Server Group Manager Chapter 17 Dynamic Reports Overview of EPICenter Reports Network Status Summary Report Dynamic Reports Viewing Predefined EPICenter Reports Report Filtering Server State Summary Report Device Inventory Report Slot Inventory Report Device Status Report VLAN Summary Report...
Page 13 Contents VoIP Reports Voice VLAN Summary Report Known Behaviors and Problems Chapter 19 Using the Policy Manager Using the Policy Manager Policies View Policy Definition Page Policy Traffic Page Creating a New Policy Edit Policy Endpoints Window Edit Policy Access Domain/Policy Scope Window Modifying Policies Deleting a Policy Resetting a Policy...
Page 14 Contents Appendix A Troubleshooting Troubleshooting Aids Using the Stand-alone Client Application Using the Browser-based Client (Windows Only) EPICenter Client EPICenter Database EPICenter Server Issues VLAN Manager Alarm System ESRP Manager Inventory Manager ExtremeView Grouping Manager Printing Topology STP Monitor Reports Appendix B EPICenter Utilities The DevCLI Utility...
Page 15 Contents The TransferMgr Utility Using the TransferMgr Command TransferMgr Examples The VlanMgr Utility Using the VlanMgr Command VlanMgr Output VlanMgr Examples The ImportResources Utility Using the ImportResources Command ImportResources Examples Appendix C EPICenter External Access Protocol External Access Protocol Overview External Access Protocol Structure EPICenter Server Commands Tcl Client API...
Page 16 Contents The Backup Utility The DBBACKUP Command-line Utility Database Connection Parameters Installing a Backup Database Appendix G Dynamic Link Context System (DLCS) Overview of DLCS Using DLCS with the Policy Manager DLCS Properties Enabling DLCS on an Extreme Switch DLCS Limitations ISQ Improvements Appendix H EPICenter Policy System Feature Comparison...
Page 17: Preface
Preface This preface provides an overview of this guide, describes guide conventions, and lists other useful publications. Introduction This guide provides the required information to use the EPICenter software. It is intended for use by network managers who are responsible for monitoring and managing Local Area Networks, and assumes a basic working knowledge of: •...
Page 18: Conventions
Preface Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1: Notice Icons Icon Notice Type Alerts you to... Note Important features or instructions. Caution Risk of unintended consequences or recoverable loss of data. Warning Risk of permanent loss of data.
Page 19: Related Publications
Customers with a support contract can access the Technical Support pages at: • http://www.extremenetworks.com/support/database.htm The technical support pages provide the latest information on Extreme Networks software products, including the latest Release Note, information on known problems, downloadable updates or patches as appropriate, and other useful information and resources.
Page 20 Preface EPICenter Software Installation and User Guide...
Page 21: Epicenter And Policy Manager Overview
Today's corporate networks commonly encompass hundreds or thousands of systems, including individual end user systems, servers, network devices such as printers, and internetworking systems. Extreme Networks™ recognizes that network managers have different needs, and delivers a suite of ExtremeWare™ management tools to meet those needs.
Page 22: Summary Of Features
EPICenter servers in a distributed server mode that lets you monitor the status of those servers from a single client. Extreme Networks switches and many other MIB-2 compatible devices can be monitored and controlled from a central interface, without exiting EPICenter to run a separate program or telnet session. Features such as SmartTraps and the EPICenter alarm system further maximize network monitoring capability while maintaining network usage efficiency.
Page 23: Simple Inventory Management
Fault detection is based on SNMP traps, RMON traps, Syslog messages, and some limited polling. The Alarm System supports SNMP MIB-2 and the Extreme Networks private MIB. You can also configure alarms based on certain event thresholds, or on the content of Syslog messages. When an alarm occurs you can specify actions such as sending e-mail, forwarding a trap, running a program, running a script, or sounding an audible alert.
Page 24: The Ip/Mac Address Finder
The IP/MAC Address Finder applet lets you search for specific network addresses (MAC or IP addresses) and identify the Extreme Networks switch and port on which the address resides. You can also use the IP/MAC Finder applet to find all addresses on a specific port or set of ports. You can export the results of your search to a file, either on the server or on your local (client) system.
Page 25: Topology Views
The EPICenter software’s Topology applet allows you to view your network (EPICenter-managed devices and the links between Extreme Networks devices) as a set of maps. These maps can be organized as a tree of submaps that allow you to represent your network as a hierarchical system of campuses, buildings, floors, closets, or whatever logical groupings you want.
Page 26: The Stp Monitor
EPICenter and Policy Manager Overview The STP Monitor The EPICenter Spanning Tree Protocol (STP) Monitor module displays information about STP domains network-wide at the domain, VLAN, device, and port levels. The STP Monitor can monitor STP domains configured on devices running ExtremeWare 6.2.2 or later. Earlier versions of ExtremeWare supported the Spanning Tree protocol.
Page 27: Epicenter Stand-Alone Utilities
EPICenter Components passwords, and access permissions in each switch, and instead centralizes the configuration in one location in EPICenter. EPICenter Stand-alone Utilities The EPICenter software provides several stand-alone utilities or scripts that streamline the process of getting information into and out of the EPICenter database, or facilitate certain device troubleshooting functions.
Page 28: Extreme Networks Switch Management
SmartTraps rules that define what events (status and configuration changes) the EPICenter server needs to know about. These rules are downloaded into the Extreme Networks switch, and the EPICenter server is automatically registered as a trap receiver. Subsequently, whenever a status or configuration change takes place, the ExtremeWare software in the switch uses the SmartTraps rules to determine if the EPICenter server should be notified.
Page 29: Extreme Networks Device Support
ExtremeView applet. Some features, such as ESRP, or the Policy Manager, require more recent versions of the ExtremeWare software. NOTE See the EPICenter Release Note and Quick Start Guide or the Extreme Networks web site for the most current information on device support in the EPICenter software. Third-Party Device Support Any device running a MIB-2 compatible SNMP agent can be discovered by the EPICenter Inventory manager, and saved in the Inventory database.
Page 30: Basic Epicenter Policy Definition
The EPICenter policy system is based on the policy-based QoS capabilities in the ExtremeWare software. For details on the capabilities and implementation of QoS in Extreme Networks switches, see the ExtremeWare Software User Guide or the ExtremeWare Release Note for the version(s) of the software running on your switches.
Page 31: Policy Types
Policy Types • The EPICenter Policy Manager converts the high-level policy definition you create into a set of low-level ACL and QoS rules that it will configure on the devices within the scope or domain of the policy. To do this, the Policy Manager takes the following steps: a Converts the endpoint components and the specified traffic direction into traffic patterns.
Page 32 EPICenter and Policy Manager Overview Users can be granted or denied access to certain areas of the network and users can be given different service level guarantees by the use of different QoS profiles. You also use Access-Based Security policies to grant various levels of service on a per user or user group level.
Page 33: Ip-Based Policies (Access List Policies)
Policy Types Figure 2: Access-based QoS policy An Access-based Security policy specifies traffic flow between two endpoints, one of which is dynamically determined when the user logs in on the network. The policy is applied only at the entry point to the system and does not need to be specified on each possible internal device that might be in the path for that policy.
Page 34 EPICenter and Policy Manager Overview range. The EPICenter Policy Manager currently supports TCP and UDP as L4 protocols. In some cases you can also specify client-side L4 ports. The ICMP protocol is not currently supported. The Policy Manager determines the traffic flows of interest based on the combination of endpoints and direction you have specified, and creates a set of IP QoS rules that can be implemented in the appropriate network devices.
Page 35 Policy Types Figure 4: Translation of a client/server policy definition into traffic flows Server Client Iceberg Traffic direction: BOTH Baan Server Client 10.2.3.4 10.4.0.1 10.4.0.2 10.4.0.3 Server Client 10.2.3.4 10.4.0.1 10.4.0.2 10.4.0.3 Destination Destination Source Source L4 port L4 port 10.2.3.4 TCP 512 10.4.0.1...
Page 36: Source Port Policies
EPICenter and Policy Manager Overview profiles (QP1 through QP4 or QP8) that allow access, within the bandwidth and priority constraints defined by the QoS profile. An access rule intended to deny access from one endpoint to another is implemented in the EPICenter Policy Manager using the “blackhole” QoS profile. IP-based QoS policies (or Access List policies) are supported on Extreme devices running ExtremeWare 5.0 or later—...
Page 37: Vlan Policies
Policy Types VLAN Policies A VLAN policy identifies traffic originating from the member ports of one or more VLANs, and assigns that traffic to a QoS profile. The Policy System implements VLAN QoS for all the traffic flows from the specified VLANs, on the devices you have defined in your policy scope.
Page 38: Policy Named Components
EPICenter and Policy Manager Overview In the example shown in Figure 6, if the links between switches A and C and switches B and C use tagging (as shown in the diagram), the QoS profile information specified by the VLAN policy will be propagated into switch C, for traffic originating on the links between the switches.
Page 39 Policy Named Components Figure 7: EPICenter Policy Manager components Device Group group Policy import import named components import Netlogin/DLCS import Device User Host Application as a Host Netlogin/DLCS import import System System Device L4 / VLAN IP/subnet QoS profile port L4 range Policy primitive components XM_020A...
Page 40 • Netlogin/DLCS indicates that the mapping may be obtained through Netlogin or the Dynamic Link Context System (DLCS) operating within Extreme Networks devices. • DNS indicates that the mapping may be obtained via a name lookup service such as DNS.
Page 41: Policy Access Domain And Scope
Policy Access Domain and Scope Policy Access Domain and Scope The policy type and policy traffic definitions specify how to identify a traffic flow of interest. The policy access domain (Security policy) or scope (IP policy) definition specifies how to handle that traffic flow on your network devices.
Page 42: Using Groups In Policy Definitions
EPICenter and Policy Manager Overview It is very important to understand the relationship of the target traffic flow, the QoS profile, and the profile configuration in each switch. The policy rules generated by the EPICenter Policy Manager associate a QoS profile with a particular traffic flow, but the configuration of that profile (its bandwidth and priority parameters) are defined in each individual switch.
Page 43: Precedence Relationships Within The Policy Manager
• Precedence between resources within the scope of a policy • Precedence between EPICenter policies • Precedence between the QoS rules implemented on an Extreme Networks device Each of these has a somewhat different use and effect. Precedence between the resources in a policy scope is used to determine which QoS profile specification should be used when a particular device is specified multiple times within a scope definition.
Page 44: Cisco Device Support
EPICenter and Policy Manager Overview • Changes made through the ExtremeWare CLI or ExtremeWare Vista on a device managed by the EPICenter server • A user login or end station reboot when DLCS is enabled • Saving a change to a policy within the Policy Manager If Auto Configuration is disabled, you must explicitly perform the configuration process using one of the directed configuration functions initiated using the Configure or Configure All buttons on the Policy Manager toolbar.
Page 45: Epicenter Policy Limitations
EPICenter Policy Limitations Maximum bandwidth parameter in a QoS profile The maximum bandwidth parameter is not used when EPICenter software pushes policies to Cisco devices. EPICenter Policy Limitations The EPICenter Policy Manager does not support the entire set of policy-based QoS features found in the most current versions of the ExtremeWare software.
Page 46 EPICenter and Policy Manager Overview EPICenter Software Installation and User Guide...
Page 47: Installing The Epicenter Software
Installing the EPICenter Software This chapter describes: • Hardware and software requirements for the EPICenter server and client • Procedure for obtaining an evaluation or permanent license key for the software • Installing the EPICenter server software under Windows 2000 or Windows XP •...
Page 48: Server Requirements
See “Required Patches” on page 56 for more information on obtaining any needed patches. For the most current information on required patches, see the EPICenter Release Note and Quick Start Guide that accompanies your EPICenter software, or check the Extreme Networks web site at www.extremenetworks.com.
Page 49: Client Requirements
Client Requirements Client Requirements The EPICenter software provides two options for connecting to an EPICenter server from a client system: a stand-alone client application, or a browser-based client you can run from a web browser such as Microsoft Internet Explorer. On Solaris-based systems, only the stand-alone client is supported.
Page 50: Epicenter Software Licensing
EPICenter client. (If you need to install the product without a license key, you can add the key at a later time using a license key upgrade utility.) You must obtain both evaluation and permanent license keys from the Extreme Networks licensing web site. The license key should be sent to you as e-mail within minutes of submitting your request.
Page 51: Adding A License For An Optional Product
Upgrading from a Previous Release In Windows, run the command using the Run command from the Windows Start menu, or instlic from an MS-DOS command window. From Solaris, run the command from a command shell. The utility is found in the EPICenter install directory, by default instlic c:\Program Files\Extreme in Windows, or...
Page 52: Installing On A Windows 2000 Or Windows Xp System
1 Close any open applications. 2 Insert the CDROM into the CDROM drive. 3 In most cases, the Extreme Networks EPICenter Welcome screen appears automatically. If it does not: a Open My Computer or Windows Explorer, and go to your CDROM drive.
Page 53 You can use any port number (a number between 1024 and 65535 is recommended), except a port number already in use by another process. NOTE Extreme Networks recommends that you choose a port number that is not currently registered at Internet Assigned Numbers Authority (IANA). To check if a port number is registered, go to http://www.iana.org/numbers.html.
Page 54 Installing the EPICenter Software 11 In the Get HTTP Port dialog box, you are asked for two ports that the EPICenter Web Server will use: — The HTTP Port for communication with clients (default 80). — The Admin Port used by the EPICenter web server (default 8009). Accept any or all of the default port numbers, or enter different port numbers.
Page 55: Adding Or Updating The License Key
4.1\ is the 14-character license key, starting with “EP,” that you obtained from Extreme Networks. <key> Type the key exactly as it is shown in the e-mail you received from Extreme Networks. The key is case sensitive. For example: c:\Program Files\Extreme Networks\EPICenter 4.1\instlic EP1a2B3c4D5+eF If the license update is successful, the message “...
Page 56: Installing On A Solaris System
For the most current information on required patches, see the EPICenter Release Note and Quick Start Guide that accompanies your EPICenter software, or the Extreme Networks web site at www.extremenetworks.com. Sun Microsystems makes these patches available on the Java download site in the form of tar files. They can be found at: http://www.sunsolve.sun.com/pub-cgi/show.pl?target=patches/J2SE...
Page 57 4 Run the installation script: ./install.sh The EPICenter Welcome message appears as follows: ****************************************************************** Welcome to the Extreme Networks EPICenter install program. This program will install: EPICenter version 4.1.0 on this system. ****************************************************************** Please review the following software license terms and conditions.
Page 58 Installing the EPICenter Software Install Directory [/opt/extreme/epc4_1]: Enter the directory or accept the default ( /opt/extreme/epc4_1 NOTE Make sure there are no spaces in the directory names. If you specify a directory that does not exist, you are asked whether it should be created: /opt/extreme/epc4_1: No such directory.
Page 59 1024 and 65535 is recommended) except a port number already in use by another process. NOTE Extreme Networks recommends that you choose a port number that is not currently registered at Internet Assigned Numbers Authority (IANA). To check if a port number is registered, go to http://www.iana.org/numbers.html.
Page 60: Configuration Files
Installing the EPICenter Software 14 Finally, you are asked to confirm the configuration parameters: *** Configuration Please review the following items. Upgrade = NO License = <the key you entered or “s”> Database Port = <the port you entered or 10551> HTTP Port = <the port you entered or 80>...
Page 61: Adding Or Updating A License Key
14-character license key, starting with “EP,” that you obtained from Extreme Networks. <key> Type the key exactly as it is shown in the e-mail you received from Extreme Networks. The key is case sensitive. For example, if you installed in the default directory, enter: /opt/extreme/epc4_1/instlic EP1a2B3c4D5+eF You must have write permission for the EPICenter install directory.
Page 62: Setting Up Snmp Version 3 For Solaris And Windows
Installing the EPICenter Software Setting Up SNMP Version 3 for Solaris and Windows To use SNMP Version 3 privacy, EPICenter supports SunJCE version 1.2.2. You can download SunJCE 1.2.2 from the following website: http://java.sun.com/products/jce/index-122.html To use SNMP V3, you should copy all four JAR files from the /lib directory to the following location on the EPICenter server: <epic_install_dir>/extreme/classes You must also edit the following file:...
Page 63: Installing The Stand-Alone Client Application On Windows 2000 Or Windows Xp
Installing the EPICenter Client If you do not have the required Java plug-in installed when you start the EPICenter client, you will be prompted to download it, and will be led through the brief installation process. This obtains the plug-in from the Sun Microsystems web site, and requires Internet access.
Page 64: Installing The Stand-Alone Client Application In The Solaris Operating Environment
3 Run the installation script: ./client.sh The EPICenter Client Welcome message appears as follows: ****************************************************************** Welcome to the Extreme Networks EPICenter Client install program. This program will install: EPICenter Client version 4.1.0 on this system. ****************************************************************** Please review the following software license terms and conditions.
Page 65 Installing the EPICenter Client 6 Next, you are prompted for the directory where the EPICenter Client software should be installed. Please enter the directory in which the software will be installed. The default directory is /opt/extreme/epc4_1_client, but the product may be installed anywhere.
Page 66: Uninstalling The Epicenter Software
Stop the EPICenter 4.1 Database Engine in the same manner. If they are running as applications: a From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1, then select Stop EPICenter 4.1 Server. This opens an MS-DOS command window and shuts down the EPICenter server and database.
Page 67: Uninstalling The Epicenter Stand-Alone Client Application On Windows 2000 Or Windows Xp
Uninstalling the EPICenter Software 4 If the Add/Remove utility is not able to remove all the files, it will inform you of that fact. You must then delete the remaining files manually. Uninstalling the EPICenter Stand-Alone Client Application on Windows 2000 or Windows XP To uninstall the stand-alone client on a client-only workstation, do the following: 1 From the Control Panel folder, double-click Add/Remove Programs.
Page 68: Uninstalling The Epicenter Stand-Alone Client Application In Solaris
Installing the EPICenter Software The EPICenter software is now completely uninstalled. Uninstalling the EPICenter Stand-Alone Client Application in Solaris To uninstall the stand-alone client on a client-only workstation, do the following: 1 Make the parent of the installation directory the current directory, and remove all files from the directory and its sub-directories.
Page 69: Starting Epicenter
Starting EPICenter This chapter describes: • Starting the EPICenter Server. • Launching an EPICenter Client. • Navigating the EPICenter pages. When you log in for the first time after installing the EPICenter server software, there are only two user accounts enabled—an Administrator account “admin,” and a user account “user” with Monitor access privileges.
Page 70: Shutting Down The Epicenter Server Components
Starting EPICenter To start the EPICenter Server and database components, follow these steps: 1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 to display the EPICenter menu. 2 Click Start EPICenter 4.1 Server. This runs , a program that starts the two components runserv.exe...
Page 71: Restarting The Epicenter Server Components As Services
Running the EPICenter Server Software under Solaris Restarting the EPICenter Server Components as Services If you have installed the EPICenter server components as services, follow these steps to restart them: 1 From the Start menu, open the Control Panel folder. 2 From the Control Panel, double-click Administrative Tools.
Page 72: The Epicenter Client
Figure 9. To run the stand-alone client on the same system as the EPICenter server: 1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 to display the EPICenter menu. 2 Select EPICenter 4.1 Client to start the EPICenter client.
Page 73 Running the EPICenter Stand-alone Client Figure 9: EPICenter installed client Login window 3 In the Server Hostname field, type the name or IP address of the server you want to connect to. If you are running the client on a system where an EPICenter server is installed, that server name will appear by default in the Server Hostname field.
Page 74: Viewing Reports From The Stand-Alone Client
Starting EPICenter To exit the EPICenter client, click Quit. To view the EPICenter version information, click About. Viewing Reports from the Stand-Alone Client EPICenter’s HTML reports are always displayed in a browser window, even if you are running the stand-alone client. See “Browser Requirements for Reports” on page 49 in Chapter 2 for supported browsers.
Page 75 Running the EPICenter Client in a Browser Figure 10: The EPICenter browser client start-up page From the Start-up page you can run the EPICenter client interface, view the online documentation, or log into the EPICenter reports module. • To launch the EPICenter client interface, click the Launch EPICenter link. This requires that the Java Plug-in version 1.3.1_03 be installed in your browser.
Page 76 Starting EPICenter Figure 11: The EPICenter browser client login page To log into EPICenter: 1 If you already have an EPICenter user account, type your EPICenter user name in the User Name field. • If you are the network administrator logging in to the EPICenter server for the first time since it has been installed, log in as “admin.”...
Page 77: The Network Status Summary Report Page
The Network Status Summary Report Page NOTE If you have problems with the client display the first time you try to run EPICenter after installing it, try clearing all browser cache (both memory and disk), then closing and re-opening the browser. The Network Status Summary Report Page The Network Status Summary Report page displays a simple HTML report with some basic statistics on the status of your network.
Page 78: The Distributed Server Summary
Starting EPICenter • A summary of Authentication Failure alarms that have occurred in the last 24 hours. The Network Summary Report can also be accessed from the Reports applet. See Chapter 17 for a more detailed discussion of these reports. The Network Status Summary Report also provides version information about the EPICenter software running on your machine.
Page 79: The "About Epicenter" Page
From this page you can do the following: • Access the online EPICenter Software Installation and User Guide. • Send e-mail to Extreme Networks’ technical support organization. • Return to the Network Summary Report page. EPICenter Software Installation and User Guide...
Page 80: Navigating The Epicenter Applications
Starting EPICenter Navigating the EPICenter Applications The EPICenter client consists of two frames: • The Navigation Toolbar, from which you can access the EPICenter applets • The Main Applet frame, where the currently active applet runs. The Navigation Toolbar The Navigation Toolbar, on the left, displays a set of buttons you can use to access various EPICenter modules.
Page 81 • Policy runs the EPICenter Policy Manager, where you can define QoS policies and access list rules for implementation on Extreme Networks and Cisco devices. This applet is an optional module that is licensed separately. It requires the installation of a separate license key. This applet is not available in scalability mode.
Page 82: Main Applet Frame
Starting EPICenter Main Applet Frame The main applet frame is used to display the active EPICenter applet. For example, in Figure 16, the VLAN Manager is displayed in the main applet frame. Figure 16: VLAN Manager applet Applet function buttons Component Tree Component status/detail EPICenter applets use a two-panel display within the main applet frame.
Page 83: The Status/Detail Information Panel
Navigating the EPICenter Applications is a VLAN, then it typically has Extreme switches as subcomponents. A switch may have ports as subcomponents, or slots which in turn have ports. • Click on the plus sign to display the nested subcomponents. The plus sign changes to a minus sign.
Page 84: Moving The Component Tree Boundary
Starting EPICenter Figure 17: Inventory Manager applet • Click on a component in the Component Tree to display information about that component. In Figure 17, the selected component is the Default device group. The component status/detail panel displays summary status information about each device in this device group. A red circle with the white “S”...
Page 85: Sorting Columns
Navigating the EPICenter Applications Sorting Columns You can sort the rows of a columnar display according to the contents of any individual column. • To sort the rows, click on the column heading you want to use as the sort criteria. Click once to sort in ascending order;...
Page 86: Printing From Epicenter
Starting EPICenter • Drop-down menu fields, such as the Protocol Filter field in Figure 18. Click in the field to drop down a menu of choices, then click on your selection to enter the value into the field. • List box fields, such as the Available Switches field in Figure 18. Click to highlight a value in the field.
Page 87: Using The Inventory Manager
Using the Inventory Manager This chapter describes how to use the EPICenter Inventory Manager applet for: • Viewing the EPICenter device inventory • Discovering network devices • Adding network devices to the EPICenter database • Modifying device contact parameters • Deleting a device from the EPICenter database •...
Page 88: Gathering Device Status Information
Using the Inventory Manager Device Groups Devices in the EPICenter are organized into one or more device groups. A device group is a set of network devices that have something in common, and that can be managed as a group. For example, devices might be grouped by physical location (Building 1, Building 2, first floor, second floor) or by functional grouping (engineering, marketing, finance) or by any other criteria that makes sense within the managed network environment.
Page 89: Displaying The Network Device Inventory
Displaying the Network Device Inventory Displaying the Network Device Inventory When you click the Inventory button in the Navigation Toolbar, the main Inventory Manager page appears as shown in Figure 19. Figure 19: The Inventory Manager applet, main page NOTE You must add network devices to the database using Discovery or the Add Devices function in order to make them “known”...
Page 90: Viewing Device Status Information
Using the Inventory Manager The buttons at the top of the page provide the following functions: • Discover lets you find network devices by IP address or range of addresses. • Add lets you add individual devices and device groups to the database. •...
Page 91 Viewing Device Status Information Table 3: Inventory Manager Device Status Indicators Status Light Device Status Device is up and OK. Green Device is responding, but reports an error condition such as a fan or power supply failure, or Yellow excessive temperature. Device is offline.
Page 92: Viewing Device Information From Pop-Up Menus
Using the Inventory Manager Figure 22: Inventory Manager information for a 3Com device Viewing Device Information from Pop-up Menus You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains the Modify, Delete, Sync, Take Offline, and Properties commands. All of the commands—with the exception of the Properties command—perform the same functions as the buttons at the top of the page, but with the appropriate device or device group displayed.
Page 93 Viewing Device Status Information Delete The Delete function lets you delete devices and device groups from the EPICenter database. To view the Delete display for a selected device group: • Right-click on the device group, then select Delete from the pop-up menu that appears. This opens the Delete Devices and Device Group window.
Page 94 Using the Inventory Manager Browse. The Browse function runs the ExtremeWare Vista switch management interface for the selected device. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. EView. The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image and device information for the selected device.
Page 95: Discovering Network Devices
Discovering Network Devices Discovering Network Devices EPICenter provides an automatic Discovery function that lets you discover network devices by IP address. To discover network devices, do the following: 1 Click the Discovery button at the top of the Inventory Manager main window. The Discover Devices window, shown in Figure 23, is displayed.
Page 96 Using the Inventory Manager You can also use the IP Address with Wildcards field to specify a single IP address. Examples: — As an IP address Range (such as 10.203.10.20 to 10.203.10.45) IP Address Specification Addresses Generated 10.203.0.* polls 10.203.0.0 through 10.203.0.255 10.203.?.?? polls 10.203.0.0 through 10.203.9.99 10.203.0.1? or 10.203.0.10-19...
Page 97 Discovering Network Devices status messages for each device it finds as it works through the set of IP addresses you have specified. Figure 24: Results of a discovery, with details visible — Click the Hide Details button at the bottom of this window to hide the detail display. —...
Page 98 Using the Inventory Manager NOTE Make sure the device passwords are correct for the selected devices. If you are adding multiple devices in one operation, make sure the passwords you specify are correct for each device. A device cannot be added if the password is not correct. Figure 25: Setting default device options for discovered devices 13 Click the SNMP tab to configure SNMP settings (see Figure 26).
Page 99 Discovering Network Devices Figure 27: Message window showing Add Device progress Devices are listed followed by a small purple rotating clock icon while the add function is in progress. • When a device has been successfully added, the clock turns into a green checkbox •...
Page 100: Adding Devices And Device Groups
Using the Inventory Manager Figure 28: Message window showing errors from the Add Device process CAUTION If you close the Discovery Results window without adding devices, the results for devices not already in the EPICenter database are lost. You must perform a discovery again to regenerate information on those devices.
Page 101 Adding Devices and Device Groups Figure 29: Add Device window in the Inventory Manager 2 Enter the device IP address that EPICenter uses to access the switch. You may also enter a DNS-resolvable host name in place of the Switch IP address. 3 Enter the device login, contact password, and device poll interval in the appropriate fields.
Page 102: Creating A Device Group
Using the Inventory Manager Figure 30: SNMP tab for Add Device window 1 Select the SNMP version from the SNMP Version pull-down menu. 2 If the device is using SNMP version 1, enter the SNMP read and write community strings in the appropriate fields.
Page 103 Adding Devices and Device Groups 2, first floor, second floor), by department (engineering, marketing, finance), or by any other criteria that makes sense within the managed network environment. All devices become members of a device group when they are added to the EPICenter database, either through Add Devices or as a part of the Discovery process.
Page 104: Modifying Devices And Device Groups
Using the Inventory Manager 4 To remove a device from the new device group, select one or more devices in the Included Devices list, and click <- Remove. The device(s) will be moved from the selected device group and return to any device groups from which it was moved.
Page 105 Modifying Devices and Device Groups To modify the contact information for a managed device in the database, do the following: 1 Click the Modify button at the top of the Inventory Manager main page. Select the appropriate tab to display the Modify Device window, as shown in Figure 33. Figure 33: Devices tab of the Modify Devices and Device Groups window 2 To select a device from a specific device group, select the device group from the pull-down list in the Filter by Device Group field.
Page 106 Using the Inventory Manager Use SSH: Selects if EPICenter is going to use SSH2 for secure Telnet sessions. SSH2 must be configured on the device in order for an SSH2 session to be established between EPICenter and the device. NOTE To configure SSH2 on a device, the device must be running a version of the ExtremeWare software that supports SSH2.
Page 107: Modifying A Device Group
Modifying Devices and Device Groups SNMP V3 Privacy Protocol: Specifies the SNMP V3 privacy protocol. Select either No Privacy or CBC DES Privacy. SNMP V3 Privacy Password: If the device is using CBC DES Privacy, enter the privacy password. SNMP V3 Authentication Protocol: Specifies the SNMP V3 authentication protocol. Select No Authentication, MD5 Authentication, or SHA Authentication.
Page 108 Using the Inventory Manager Figure 35: Device Groups tab of the Modify Devices and Device Groups window 2 Select the device group you want to modify. The Included Devices list displays the devices that are currently members of this group. The Available Devices list displays the other devices known to EPICenter, and their current device group membership.
Page 109: Deleting Devices And Device Groups From The Database
Deleting Devices and Device Groups from the Database Deleting Devices and Device Groups from the Database Users with Administrator or Manager access can delete devices and device groups from the EPICenter database. If you have Monitor access only, you cannot access this function. Deleting a Device You can begin the delete function using the Delete button on the toolbar, or by selecting a device in the Component Tree, right-clicking to display the pop-up menu, and selecting Delete Device.
Page 110: Deleting A Device Group
Using the Inventory Manager If the device is offline, the device is removed from inventory. The Smart Trap entries on the device are not removed. NOTE Deleting a device from EPICenter has no effect on the configuration of the device itself, other than altering the trap receiver table.
Page 111: Updating Device Information
Updating Device Information Updating Device Information Occasionally, you may want to update the configuration and status information for one or more devices in the EPICenter database. The Sync operation is a manual update you can use if you believe that the device configuration is not correctly represented in EPICenter applets.
Page 112: Configuring Default Access Parameters
Using the Inventory Manager 6 The Sync function displays a dialog box with status or error information. Click OK to continue. NOTE Offline devices display a warning and are not synchronized. Configuring Default Access Parameters The Default button allows you to configure a set of default access parameters for network devices you have not yet discovered.
Page 113 Configuring Default Access Parameters Figure 40: Configure Defaults window, SNMP tab SNMP Read Community String and SNMP Write Community String: The SNMP community strings for devices using SNMP version 1. SNMP V3 User Name: The principal name used for SNMP V3 authentication and security. SNMP V3 Privacy Protocol: Specifies the SNMP V3 privacy protocol.
Page 114: Finding Devices
Using the Inventory Manager Figure 42: Inventory dialog box Finding Devices You can search for a device in the EPICenter database by name, by IP address, or by type of device. This may be useful if you have a large number of devices in your inventory. To search for a device, follow these steps: 1 Click Find at the top of the Inventory Manager page.
Page 115: Displaying Properties
Displaying Properties is a wildcard for a single digit (0-9) — A device group. Select the device group from the drop-down menu in the device group field. If you do not specify a name or IP address in the Search field, all devices in the device group you select will be found.
Page 116 Using the Inventory Manager Figure 44: Device Groups Properties for all Device Groups The Device Groups Properties window displays the following information: • Count—The number of device groups known to EPICenter There is also a table which contains the following columns: •...
Page 117: Device Properties
Displaying Properties Figure 45: Device Group Properties for an individual device The Device Group Properties window displays the following information: • Device Group—The name of the device group • Description—A description of the device group • Count—The number of devices in the device group There is also a table which contains the following columns: •...
Page 118 Using the Inventory Manager Figure 46: Device Properties window The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter.
Page 119 Displaying Properties The VLAN Tab The VLAN tab lists the VLANs configured on the device. This window shows the following information about the VLANs on the device: VLAN VLAN name VLAN tag Protocol Protocol filter for the VLAN IP Address IP address of the VLAN Subnet Mask Subnet Mask for the VLAN...
Page 120 Using the Inventory Manager The Syslog Messages Tab The Syslog Messages tab lists information about the last 500 Syslog Message received from the device. Time The time that the message was received. The severity level of the message. Severity levels include the following: Severity •...
Page 121: The Epicenter Alarm System
The Alarm System supports SNMP Management Information Base-2 (MIB-2), the Extreme Networks private MIB, Remote Monitoring (RMON) traps, and selected traps from other MIBs. When an alarm occurs you can specify actions such as sending e-mail, running a program, running a script, or sounding an audible alert.
Page 122: The Alarm Log Browser
Networks devices, you must manually configure the devices to send traps to the EPICenter server. To receive syslog messages from an Extreme Networks device, EPICenter must be configured as a syslog receiver on the device. See “Configuring EPICenter as a Syslog Receiver” on page 153 for more information.
Page 123 The Alarm Log Browser The Alarm Log Browser page appears, as shown in Figure 47. Figure 47: The Alarm Log Browser page Predefined filters Alarm System module tabs New alarm Acknowledged indicator Current filter definition Alarm summary alarms The Alarm Log Browser page displays a summary of the alarms that have occurred, optionally filtered based on criteria you can specify.
Page 124: Acknowledging An Alarm
The EPICenter Alarm System The summary is initially sorted by ID in descending numerical order, so that the most recent alarm appears at the top of the list. You can sort the display by the contents of any column by clicking on the column heading. Click the heading a second time to reverse the sort order based on that column.
Page 125 The Alarm Log Browser Figure 48: Delete alarm records filter definition window In this window you can define a filter — a set of conditions — to use to evaluate whether an alarm record should be deleted. See “Deleting Groups of Log Entries” on page 124 for more detailed information.
Page 126: Viewing Alarm Details
The EPICenter Alarm System If you simply want to delete that last 300 alarms, leave the “View last 300 alarms” box checked, and click Delete. Viewing Alarm Details To view the details of an individual alarm: 1 Select the alarm you want to view. 2 Click the Detail button at the top of the page, or double-click on the alarm entry in the log.
Page 127 The Alarm Log Browser If you invoke the Alarm Browser from the Topology applet (using the pop-up menu for a specific node) the default filter is set to filter on the Source IP of the node you selected. You can create your own filters based on criteria such as Source IP, Severity, Alarm Name, LogID, and a number of others.
Page 128: Deleting Alarm Log Filters
The EPICenter Alarm System • Category: Text string. You can select a category from the drop-down list in the Value field, or enter a text string. You can test for an exact match or non-match, or a substring (Contains). • Severity: An alarm severity level. You must select a severity level from the drop-down list in the Value field.
Page 129: Pausing All Alarms
Defining Alarms Pausing All Alarms You can temporarily stop the processing of all enabled alarms using the Pause/Resume feature. Click Pause to stop processing enabled alarms. EPICenter ignores all traps when its alarms are paused. To resume processing traps, click Resume Defining Alarms For convenience, the EPICenter Alarm System provides a number of predefined alarms.
Page 130: Creating A New Alarm Definition
The EPICenter Alarm System Alarm Actions — An alarm action is a function that the alarm system executes when an alarm occurs, in addition to logging the occurrence of the alarm. By default the predefined alarms have no actions defined for them (other than logging). Alarm actions can include sending e-mail, sounding an audible alert, running a program or executing a script.
Page 131 Defining Alarms • Category — The category assigned to this alarm. Select the category using the pull-down menu at the end of the field (see the section “Creating a New Alarm Category” on page 138 for more information). This defines the variable alarmCategory. •...
Page 132 The EPICenter Alarm System • Repetitive occurrence specification (If event happens... ) — The required number of repeated occurrences of the event that must occur before an alarm is generated. You can specify both the number of times the event must occur, and the time frame within which these events must occur. This lets you define alarms that will filter out short-lived or non-repeatable events, and will only take action if the triggering event occurs repeatedly within a sufficiently short time frame.
Page 133 Defining Alarms Figure 53: The New Alarm Definition window, Scope definition In this window you define the scope of the alarm—the set of devices that can trigger the alarm. You can define the scope as a set of individual devices, one or more device groups, as a set of individual ports, or as one or more port groups.
Page 134 The EPICenter Alarm System • Source list (Device/Device Group/Port Group) — The list of components of the specified type. The field label changes based on the Source Type. It is labeled Device when you select either Device or Port as the Source Type. •...
Page 135 Defining Alarms is installed, by default in the Windows operating environment, or epc4_1 /opt/extreme/epc4_1 a Solaris system. • Email to — Click this check box to indicate that e-mail should be sent, then enter the e-mail address(es) of the recipients for the e-mail. E-mail addresses in a list can be separated by commas, semicolons, or spaces.
Page 136 The EPICenter Alarm System this option enabled. If you are running the EPICenter server as a regular program, this is not a problem. NOTE If you want to specify a batch file that does output to the desktop, you must specify the “.bat” file within a DOS “cmd”...
Page 137 Defining Alarms c Select a category (e.g. “Default”) in the Category field. d Select “SNMP Trap” in the Event Type field. e Select “Link Down” in the Event Name field. 2 Click the Scope tab, and do the following: a Uncheck the All devices and ports checkbox. b Select “Port”...
Page 138: Modifying Alarm Definitions
The EPICenter Alarm System See “RMON Rule Configuration Example” on page 150 for an example of how to create the RMON rule. 2 Click the Scope tab, and enter the port information as you did in Example 1: a Uncheck the All devices and ports checkbox. b Select “Port”...
Page 139: Modifying An Alarm Category
Threshold Configuration A small pop-up window appears into which you can enter the name of the new category. Click OK to enter the new category into the Category List. Modifying an Alarm Category To rename an alarm category, click the Modify button at the top of the window. A small pop-up window appears and displays the current name of the category.
Page 140 The EPICenter Alarm System NOTE Creating the rules that control trap (event) generation is only the first of the two steps required to create EPICenter alarms for these events. Even though you have set up these rules, the trap events generated as a result will be ignored by the Alarm System until you define alarms that take actions on those events.
Page 141 Threshold Configuration RMON Rule Display For RMON rules, the display shows the following for each device targeted by that rule: • Device: The name of the device • Variable: The MIB variable being monitored • Sample Type: Absolute or Delta •...
Page 142: Creating An Event Rule
The EPICenter Alarm System For each device targeted by that rule, the CPU Utilization rule display shows the following: • Device: The name of the device • Variable: The MIB variable being monitored (always extremeCpuUtilRisingThreshold.0) • Rising Threshold: A threshold value that will trigger an event when the CPU Utilization value (a percentage) increments past this value.
Page 143 Threshold Configuration each target device for the rule appears as a separate component under that rule. The rule name will also appear in the Event Name list. For CPU Utilization rules, each target device for a CPU utilization rule appears as a separate component under the CPU Utilization “folder”...
Page 144 The EPICenter Alarm System If the MIB variable you want to monitor does not appear in the MIB Variable lookup list, you can still use the variable by typing its complete OID into the MIB Variable field. Enter the OID in its numeric form, ending in .0 if it is a per device variable, or in the specific index if it is a per-port variable.
Page 145 Threshold Configuration NOTE To configure an alarm using an RMON threshold event, select RMON Rising or RMON Falling as the Event Type. The following diagram, shown in Figure 60, shows how alarms are generated for an RMON rule using Delta values, where the startup alarm condition is set to “Rising” or “RisingOrFalling.” Figure 60: RMON Alarm event generation Sampled Initial...
Page 146 The EPICenter Alarm System Configuring a CPU Utilization Rule NOTE CPU Utilization is only supported on switches running ExtremeWare 6.2 or later. If you select CPU Utilization, only the Rising Threshold field allows input, as shown in Figure 61. The other fields and buttons in this window are predefined.
Page 147 Threshold Configuration If you define an alarm for a CPU Utilization Rising Threshold event, an alarm will be generated each time the sample value meets the following conditions: — When the sample value becomes greater than or equal to the Rising Threshold for the first time (including the initial sample) after the alarm is enabled.
Page 148 The EPICenter Alarm System Note that in order to have any of these events cause an alarm in the EPICenter Alarm System, you need to define an alarm that responds to a CPU Utilization Rising Threshold or CPU Utilization Falling Threshold event.
Page 149 Threshold Configuration NOTE To define an alarm using one of these predefined threshold events, select RMON Trap Rising Alarm or RMON Trap Falling Alarm as the Event Type in the Alarm Definition window. Configuring the Rule Target Click the Target tab to display the New Configuration Target page, as shown in Figure 63. This page lets you specify which devices should be configured to generate the event you have defined.
Page 150: Modifying A Rule
The EPICenter Alarm System • <-Remove All: Removes all the components from the Selection list. RMON Rule Configuration Example Example: Create an RMON rule that will cause an RMON Rising Trap when port utilization on port 10 of device “switch8” exceeds 15%. 1 Bring up the New Configuration dialog.
Page 151: Deleting A Rule
Threshold Configuration Figure 64: Modify Configuration window for RMON rules The window shows the same information as the Configuration page of the New Configuration window, but with the information for the current target filled in. See “Configuring an RMON Rule” on page 143 for a definition of the fields on this page. This window is displayed for all existing RMON rules, including the three predefined rules (Temperature, Port Utilization, and Topology Change).
Page 152: Configuring Other Snmp Trap Events
To select individual devices, select Devices in the Source Type field. A list is displayed showing all the Extreme Networks devices managed by EPICenter. 3 To add a device or device group to the Selection list, select the device or device group and click Add ->.
Page 153: Configuring Epicenter As A Syslog Receiver
On the device side, remote logging must be enabled, and the switch must be configured to log to the EPICenter server. The default on Extreme Networks switches is for logging to be disabled. You must use the EPICenter Telnet applet or the ExtremeWare CLI to configure your switches. To enable remote...
Page 154: Log Archive
The EPICenter Alarm System • The EPICenter server community string. This is a string in the form: ST.<value of IP address>.<value of trap port> The value of the IP address is the decimal equivalent of the hex value of the IP address. For example, if the IP address of the EPICenter server is , you would calculate the decimal 10.0.4.1...
Page 155: Writing Tcl Scripts For Alarm Actions
Writing Tcl Scripts for Alarm Actions Writing Tcl Scripts for Alarm Actions An EPICenter alarm can call a Tcl function as an alarm action. This Tcl function can be a user-defined Tcl script that is executed in the EPICenter server. There is an example script in the directory called <epicenter_install_dir>/user/alarms...
Page 156 The EPICenter Alarm System Table 5: Command Restrictions in EPICenter Tcl Safe Interpreter (continued) ✔ ✔ fconfigure All channels are non-blocking by default, cannot set channel to blocking; cannot set channel buffer size ✔ ✔ open Can only open file in user/alarm and its subdirectories; file is opened in nonblocking mode using the default buffer size;...
Page 157: Configuration Manager
The Configuration Manager supports Extreme Networks and Cisco devices. To start the Configuration Manager applet, click the Config button in the EPICenter Navigation Toolbar.
Page 158 Configuration Manager When the applet initially appears, it shows the status of the device group(s) defined in EPICenter. Click a device group name in the Component Tree to display the summary status for the devices in the group, as shown in Figure 66. Figure 66: Configuration Manager showing summary device status This display shows a summary of the upload and download activity for each managed device, as follows:...
Page 159: Viewing Device Information From Pop-Up Menus
Overview of the Configuration Manager Figure 67: Configuration and Software status for an individual device The device status window displays the following information: • The success status, timestamp, and file name and location for configuration uploads and downloads. If archiving is scheduled, it also displays the time of the next scheduled archive. •...
Page 160 Configuration Manager This opens the Upload Configuration from Devices window. See “Uploading Configurations from Devices” on page 163 for details on using this feature. Archive The Archive function lets you schedule device configuration archive uploads. To view the Archive display for a selected device group or device: •...
Page 161 Overview of the Configuration Manager To view the Upgrade display for a selected device group or device: • Right-click on the device group or device, then select Upgrade from the pop-up menu that appears or click Upgrade from the Tool Bar. This opens the Download Image window.
Page 162 Configuration Manager This starts the ExtremeView applet in a new window and displays the front-panel image and information for the selected device. See Chapter 10 for details on using this feature. Statistics The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device.
Page 163: Uploading Configurations From Devices
Uploading Configurations from Devices See Chapter 13 for details on using this feature. Properties The Properties function lets you view the attributes for a device group or a device. To view the Properties display for all device groups: • Right-click on the Device Groups component, then select Properties from the pop-up menu that appears The Device Groups Properties window appears and displays the number of device groups and the names of the device groups that are known to EPICenter.
Page 164 EPICenter installation directory, by default <EPICenter_install_dir> epc4_1 For example, a file uploaded from device Summit24 (10.205.0.25) on September 1, 2000 at 8:06 am, would be saved as follows: c:\program files\Extreme Networks\EPICenter 4.1\user\tftp\configs\2000\Sept\01\10.205.0.25_0806.txt EPICenter Software Installation and User Guide...
Page 165: Archiving Configuration Settings
Archiving Configuration Settings NOTE If you have reconfigured your TFTP root directory (see “Configuring the TFTP Server” on page 186), the configs subdirectory will be found directly below (as a child of) your TFTP root directory. b Select Specify to specify your own directory structure and file naming convention relative to the TFTP root’s subdirectory.
Page 166 Configuration Manager Figure 69: Schedule Upload window To schedule the upload of device configurations, do the following: 1 Select the appropriate tab to display the Device Schedule window. 2 Select a device group or All Devices from the drop-down menu in the Device Group field. 3 From the Available Devices list, select the devices for which you want to schedule the upload of configuration information, then click the Add->...
Page 167: Global Schedules
Archiving Configuration Settings Global Schedules When you use the Inventory Manager to add devices to the EPICenter database, the devices use the global schedule for configuration uploads. If you have a device or series of devices that require a configuration upload schedule that differs from the global schedule, see “Device Schedules” on page 165 for information on how to create an individual configuration schedule.
Page 168: Downloading Configuration Information To A Device
Configuration downloads are supported on Extreme Networks devices and Cisco devices running IOS 12.0 and above. To download saved configuration information to a device, click the Download button at the top of the window.
Page 169: Downloading An Incremental Configuration To Devices
No reboot is necessary. The EPICenter incremental download does not save the configuration; you must do so. Incremental downloads are supported on Extreme Networks devices running ExtremeWare 6.0 or later and on Cisco devices running IOS 12.0 or later.
Page 170: Creating An Incremental Configuration File
EPICenter server under Windows 2000 or Windows XP using the default installation path, your incremental configurations must be in c:\program files\Extreme Networks\EPICenter , unless you have reconfigured your TFTP root directory. 4.1\user\tftp\baselines You can name an incremental configuration file any way you want.
Page 171: Performing A Multi-Step Upgrade
(source) image and BootROM versions loaded on the switch to determine what intermediate steps, if any, are required. Only Extreme Networks “i-series” switches are evaluated for a multi-step upgrade. Extreme devices that are not part of the “i-series” can be upgrade only using a single step method.
Page 172 . This file is located in upgrade.properties <installdir>/extreme/upgrade.properties file contains the following: upgrade.properties Extreme Networks EPICenter Config Manager - Multi-step Upgrade NOTE: Please read all documentation and release notes before proceeding The Upgrade feature in the Config Manager will use these values to determine the upgrade...
Page 173: Upgrading Images On Devices
Upgrading Software Images on the server for each device type. - Then uncomment the entry DO NOT DELETE ANY OF THE LINES, COMMENT OUT IF UNUSED #summit_inferno.boot.7.6 = ngboot76.bin #summit_inferno.6.1.9 = v619b27.xtr #summit_inferno.6.2.2 = v622b56.xtr #summit_inferno.boot.7.8 = ngboot78.bin #alpine_inferno.boot.7.6 = ngboot76.bin #alpine_inferno.6.1.9 = v619b27.xtr #alpine_inferno.6.2.2 = v622b56.xtr #alpine_inferno.boot.7.8 = ngboot78.bin...
Page 174 Configuration Manager Figure 73: Download Image on Device window To download a new software image to one or more Extreme Devices, do the following: 1 Select a device group or All Devices from the drop-down menu in the Device Group field. The devices that belong to this group are displayed in the Device list.
Page 175 Upgrading Software Images 3 In the Download Options box, click the Image Download button to specify a software image upgrade. 4 Click Apply to start the software download to the selected devices. Click Reset to return the window to its initial state (removing all devices from the Upgrade Image on Devices list, removing all image selections, and so on).
Page 176 Configuration Manager Figure 76: Multi-Step Upgrade The Multi-Step Upgrade table displays the action required to complete the upgrade: • N/A—No action is required (the device already meets the requirement). • Upgrade—This step will be performed during the current iteration. • Required—This step must be performed at a future iteration. The center section of the dialog box provides a written version of the required steps.
Page 177: Upgrading Bootrom On Devices
Upgrading Software Images Rebooting Procedures for Multi-Step Upgrades During a multi-step upgrade, your Extreme devices are automatically rebooted for each intermediate upgrade process between the source image and the destination image. For example, if the multi-step upgrade includes two sets of upgrade events, the switch is automatically rebooted between upgrade one and upgrade two.
Page 178: Upgrading Slot Images On Modular Devices
Configuration Manager To upgrade the BootROM on a device, do the following: 1 In the Download Options box select the BootROM Download button to specify a BootROM upgrade. This displays the Selected BootROM Image field. 2 Click the Select Image... button to display the Select Software Image window. Select the software image you want to download from the Select Software Image window and click OK.
Page 179 Upgrading Software Images Figure 78: Download Image on Device Slot window To download a new software image to one or more slots in Extreme modular devices, do the following: 1 Select a device group or All Devices from the drop-down menu in the Device Group field. Regardless of the number of devices that are members of a device group, only Extreme modular devices are displayed in the Device list.
Page 180 Configuration Manager NOTE If you try to download an ExtremeWare software image or BootROM image on a module that does not support those images, you will receive an error message. The modules you select will be moved to the Upgrade Image on device slot list. To remove modules from the Upgrade Image on device slot list, select the module and click the <-Remove button.
Page 181: Selecting Software Images
Selecting Software Images 8 When the upgrade process has completed, click Close to close the Download Image on device slot window. Selecting Software Images EPICenter makes it easy for you to select and download ExtremeWare software images or BootROM images to devices or device slots in modular devices. To select ExtremeWare software images: 1 From the Download Image on window, select the appropriate tab to display the Device or Device Slot options.
Page 182: Specifying The Current Software Versions
Configuration Manager Specifying the Current Software Versions The Versions window lets you specify the current version of the ExtremeWare software for each type of Extreme Networks device, including: • Alpine • BlackDiamond non-”i” Series • BlackDiamond “i” Series • Summit non-”i” Series •...
Page 183: Performing A Live Software Update
The Live Update Software Images window displays a list of available software and allows you to connect directly to Extreme Networks to download the most current ExtremeWare software images and BootROM images to your local EPICenter server. After you download the new images, you can use the images to upgrade your managed devices and modules.
Page 184: Obtaining New Software Images
Solaris system /opt/extreme/epc4_1/user/tftp/slotimages • Slot BootROM images— (by default <EPICenter_install_dir>\user\tftp\slotBootRom in the Windows c:\program files\Extreme Networks\EPICenter 4_1\user\tftp\slotBootRom operating environment) or on a Solaris system. /opt/extreme/epc4_1/user/tftp/slotbootrom Obtaining New Software Images To obtain a current software image, do the following: 1 Click the Update button at the top of the window to display the Live Update Software Images window, as shown in Figure 81.
Page 185 Networks. If you see yes, the software is available from EPICenter, and you have the most current release of software. If you see no, the software is available from Extreme Networks, and you do not have the most current release of software.
Page 186: Configuring The Tftp Server
<epicenter_install_dir>\user\tftp is the directory where the EPICenter server is install. By default, the <epicenter_install_dir> TFTP server is found in in the c:\program files\Extreme Networks\EPICenter 4.1\user\tftp Windows operating environment, or on a Solaris system. /opt/extreme/epc4_1/user/tftp EPICenter will create six subdirectories (...
Page 187: Finding Devices
Finding Devices NOTE If you plan to use this TFTP server with other software, such as the ExtremeWare CLI or for any other purpose, be aware of possible differences in the expected locations of the TFTP server and other components such as ExtremeWare software images or configuration files. See the EPICenter Release Note and Quick Start Guide for information on any known issues.
Page 188: Device Group Properties
Configuration Manager Device Group Properties You can view summary information for all device groups, or view information about individual device groups. To view summary information for all device groups, right-click on the Device Groups component and select Properties from the pop-up menu. The Device Groups Properties window appears, showing the All Device Groups display.
Page 189 Displaying Properties The Network Login/802.1x Tab The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device. The Syslog Messages Tab The Syslog Messages tab lists information about each Syslog Message received from the device. EPICenter Software Installation and User Guide...
Page 190 Configuration Manager EPICenter Software Installation and User Guide...
Page 191: Using The Interactive Telnet Application
Using the Interactive Telnet Application This chapter describes how to use the Interactive Telnet application for: • Configuring Extreme devices using Telnet and the ExtremeWare Command Line Interface (CLI) • Configuring third-party devices using interactive Telnet Overview of the Interactive Telnet Applet Users with Administrator or Manager access can view and modify configuration information for Extreme switches (Summit, Alpine, and Black Diamond switches) and third-party devices managed by EPICenter using Telnet and the ExtremeWare Command Line Interface (CLI).
Page 192: Running Extremeware Command Macros
Using the Interactive Telnet Application Figure 84: The Telnet applet, macro interface The Telnet Connections list displays the switches in all of the device groups, and shows the status of any macros that have run or are being run on the switch. If macros are not supported on an individual switch (true of third party switches and a few Extreme switches) the Macro Status will be “Macros not supported.”...
Page 193 Using Telnet with Extreme Switches Figure 85 shows a command script entered into the buffer. Figure 85: The Telnet record and play buffer To create a macro for playback to a set of Extreme switches, follow these steps: 1 In the Telnet Connections list, select the set of switches where you want your command macro to run.
Page 194 Using the Interactive Telnet Application There are four variables you can use in an ExtremeWare CLI command that will be expanded when the target switch is contacted. These are: Table 6: ExtremeView Macro Variables Variable Definition The name of the switch <NAME>...
Page 195 Using Telnet with Extreme Switches CAUTION Macro play will be automatically stopped if you exit the Telnet applet (by selecting another applet or logging out) while a macro is running. There are two ways to view the results of the last macro execution on a particular switch: •...
Page 196: Running A Telnet Session On An Individual Switch
Using the Interactive Telnet Application The contents of the saved macro will replace any previous contents in the macro buffer. You can delete a saved macro by clicking the Delete button. A pop-up window similar to the Load Macro window appears. Select one or more macros to delete, then click Delete. You will be asked to confirm the deletion.
Page 197 Using Telnet with Extreme Switches Figure 88: A newly-opened Telnet session Devices with open Telnet sessions The Telnet session window is a two-tone window—the bottom of the window is white, the top is grey. The last 25 lines of Telnet commands and responses always appear in the white portion of the window. As output grows, the older lines scroll up into the grey portion of the screen.
Page 198 Using the Interactive Telnet Application Figure 89: An open Telnet session showing the pop-up edit menu • To copy from an interactive session, highlight the lines you want to copy, click the right mouse button and select Copy from the pop-up menu. •...
Page 199: Using Interactive Telnet With Third-Party Devices
Select the switch from the Telnet device list in the Component Tree. This opens a Telnet session to the selected switch, and waits for input as appropriate to the device’s telnet interface. Unlike Telnet to an Extreme Networks switch, it does not log you in to the device. You must log in as required for the device.
Page 200: Alarms
Using the Interactive Telnet Application Alarms The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device. To view the Alarms display for a selected device: • Right-click on the device, then select Alarms from the pop-up menu that appears This starts the Alarm System applet in a new window.
Page 201: Sync
Finding Devices Sync Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to poll the switch and update all configuration and status information. To launch the synchronization procedure for a selected device: •...
Page 202: Displaying Properties
Using the Interactive Telnet Application 3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed in the center panel. Information includes the domain in which the device can be found, its name, IP address, and the type of device.
Page 203 Displaying Properties The Device Tab The Device tab displays information about the device such as its IP address, MAC address, and boot time. The main section of the window presents the same information you can view in the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the switch provides comprehensive status information.
Page 204 Using the Interactive Telnet Application EPICenter Software Installation and User Guide...
Page 205: The Grouping Manager
The Grouping Manager This chapter describes how to use the Grouping Manager to do the following: • Create new groups • Create new user or host resources • Add resources or groups to a parent group • Define relationships between resources •...
Page 206 The Grouping Manager You can define groups and add resources to them to create an organizational structure that facilitates managing your network. The EPICenter software provides several predefined groups: • Custom Applications • Device Groups • Hosts • Import Sources •...
Page 207: Displaying Epicenter Groups And Resources
Displaying EPICenter Groups and Resources • You can add resources that are children of Device Groups group—device groups, devices, and ports—as members (children) of other groups. • There is always a device group named “Default”. Import Sources. The Import Sources group is used to contain resources imported from an external source, such as a file, NT Domain Controller, or LDAP directory.
Page 208 The Grouping Manager Figure 90: Resource Details view Tab to display Children Tab to display or Relationships Attributes Groups Children Device Resources The Component Tree on the left shows the currently-defined resources. Initially, this shows only the root-level group named “Groups.” Click on the plus sign to the left of a resource to display the children of that resource.
Page 209: Resource Details
Displaying EPICenter Groups and Resources Resource Details The Resource Details display in the main panel shows the following information for the group (or resource) that is selected in the Component Tree on the left: • Name—The name of the Resource. For ports, the name of the port is the Device name followed by the port number.
Page 210: Grouping Manager Functions
The Grouping Manager • For Groups, you can view a list of Children of the group. This lists the resources (individual resources or subordinate groups) associated with the selected group. For each child, the list includes the resource name, its type, and its source. •...
Page 211: Creating A New Resource
Creating a New Resource Creating a New Resource You can create new groups and add new User and Host resources through the New Resource function. You can also associate attributes with the resource during this process. This function creates a new resource. To add an existing resource to an existing group, see “Adding a Resource as a Child of a Group,”...
Page 212 The Grouping Manager member of the Users group, the type defaults to User. Otherwise, the type is set to Group by default. For groups other than Custom Applications, you can change the group type. — Resource Description—an optional description of the resource 4 Define any attributes that you want to associate with this resource.
Page 213: Deleting Resources
Deleting Resources Deleting Resources The Destroy button in the Grouping Manager toolbar lets you delete user-defined resources from the EPICenter database. The destroy function removes the resource from the database entirely, removing it from all groups where it exists as a child. NOTE You can only destroy resources whose source is “Manual”...
Page 214 The Grouping Manager two groups of hosts “HostsA” and “HostsB”, and then use group A in defining access list policies through the Policy Manager. The Policy Manager will generate access list rules for traffic related to all the hosts in groups HostsA and HostsB. If you subsequently change the membership of HostsB, and auto-configuration of policies is enabled in the Policy Manager, the QoS rules that define the access lists will automatically be recomputed and reconfigured.
Page 215 Adding a Resource as a Child of a Group Groups are always displayed. The following filter choices determine the types of individual resources that will be displayed within the groups: Show All allows resource children of all types to be displayed. Show Devices shows only Device resources within the groups.
Page 216: Removing A Child Resource From A Group
The Grouping Manager 9 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window. If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager will prompt you to save your changes.
Page 217 Adding Relationships to a Resource These relationships may be used by the Policy Manager applet to create low-level QoS policy rules based on named higher-level objects such as users and hosts. Relationships can be created between the following: • Hosts and Users •...
Page 218: Removing Relationships From A Resource
The Grouping Manager Show All allows resource children of all types to be displayed. Show Devices shows only Device resources. (However, devices cannot be used in relationships, so nothing is displayed if you select this filter.) Show Hosts shows only Host resources. Show Ports shows only Device and Port resources.
Page 219: Adding And Removing Attributes
Adding and Removing Attributes 4 Click the Remove button at the bottom of the window. The relationship will be removed both from the resource you are viewing, and from the other resource involved in the relationship. For example, if Host resource “HostB” has a relationship with user resource “Watson” the relationship will appear in the relationship list of both resources.
Page 220 The Grouping Manager To view the attributes associated with a resource, do the following: 1 Select the resource in the Component Tree, so that it is displayed in the Resource Details view. 2 Click the Attributes tab. This will display the attributes (if any) associated with the resource, as shown in Figure 94.
Page 221: Searching For A Resource
Searching for a Resource 3 Enter the name of the attribute in the Attribute Name field. 4 Select an attribute type from the drop-down list in the Attribute Type field. You can choose from the first three for all groups but Custom Applications. For Custom Applications, L4 is the only allowed attribute type: Generic—Any user-defined attribute other than an IP Address or Netlogin ID.
Page 222: Setting Up A Resource Search
The Grouping Manager where you initiate the search; however, the actions you can take with the results differ depending on where you started from. The Search Results provide you with the name of the resources that match your criteria, and the paths (group hierarchy) to where the resources reside within your search scope.
Page 223 Searching for a Resource The bottom half of the window contains the results of the search. You can limit the number of results you want to receive in the case of a search that could yield a large number of matches. 2 Enter your search criteria using the fields in the top part of the window.
Page 224: Searching From The Main Toolbar
The Grouping Manager 5 To reset all the criteria to their defaults (<ANY>) and to clear the Attribute Criteria list, click the Reset button at the bottom of the window. 6 At the top of the Results portion of the window, select from the drop-down menu a limit for the number of matches you want to see.
Page 225: Searching From The Add Resources Or Add Relationship Window
Importing Resources it was initially created. If the function is a user-defined resource (source is “Manual”), removing it from all groups will delete it from the EPICenter database. When you are finished, click the OK button to close the window. Searching from the Add Resources or Add Relationship Window When you initiate a search from the Add Resources or Add Relationship window, you can identify resources with a common set of attributes, which can simplify the process of finding the attributes you...
Page 226 The Grouping Manager Imported resources are placed under a group created in the Import Sources group (one of the pre-defined EPICenter groups). The name you specify in the Source Name field of the Import dialog will be used as the group name. You can perform the same import operation (importing from the same source) multiple times.
Page 227: Importing From An Ldap Directory
The information below is provided as an aid to importing data from LDAP directories with schemas that differ from the template provided.However, Extreme Networks cannot provide support for modifications to the template file other than the three changes mentioned above.
Page 228: Importing From A File
The Grouping Manager If your LDAP directory is organized differently, you can modify the file to meet your LDAPConfig.txt individual needs. This requires that you understand the organizational structure of the directory from which you want to import data. file must include the following entries: LDAPConfig.txt specifies the LDAP naming context.
Page 229 Importing Resources Format Definitions. The first three lines are required. They define the format of the data that follows. The first three lines are: #SYNTAX VERSION:1.0 attribute ... ] Resource_UniqueName <tab> Resource_Type <tab> Resource_Name [ <tab> (< attribute_type>) ...] <tab> <tab> <tab> (<attribute_type>) [ <tab>...
Page 230 The Grouping Manager • defines the value of the attribute that corresponds to this position in the list. attribute The combination of must be unique within this section. Duplicate uniqueID resource_type definitions generate a warning. For example, assume the following format definition at the beginning of the import file: Resource_UniqueName Resource_Type Resource_Name Location Department RoomNo To create a user resource named Judy Jones, with three attributes: —...
Page 231 Importing Resources Example The following is an example of an import file. #SYNTAX VERSION:1.0 Resource_UniqueName Resource_TypeResource_Name IP Address DLCS OSType Dept (IP/Subnet)(DLCS ID)(Generic)(Generic) wendy user Wendy Lee heidi user Heidi Smith user Pam Johnson eric user Eric Wilson mary user Mary Baker win2k host...
Page 232: Importing From An Nt Domain Controller Or Nis Server
The Grouping Manager Importing from an NT Domain Controller or NIS Server Importing from an NT Domain Controller or NIS server is straightforward. The import is always done from the Domain Controller or NIS server that is serving the domain for the system running the EPICenter server.
Page 233: Using The Ip/Mac Address Finder
Using the IP/MAC Address Finder This chapter describes how to use the IP/MAC Address Finder applet for: • Creating search requests for locating specific MAC or IP addresses on the network, and determining the devices and ports where they are located. •...
Page 234: Extremeware Software Requirements
The IP/MAC AddressFinder applet requires certain versions of ExtremeWare to be running on your Extreme Networks switch in order to retrieve data from an IP address or MAC address search task. Table 7 lists versions of ExtremeWare and whether or not they are currently supported by the IP/MAC address applet.
Page 235 Tasks List Summary Window Figure 100: Tasks List summary The Tasks List shows you basic information about the tasks you set up: • ID is automatically assigned by the EPICenter server • Name is the name you gave the task when you created it. Giving a task a unique name is important to distinguish it from other tasks in the Tasks List •...
Page 236: Creating A Search Task
Using the IP/MAC Address Finder NOTE The specified tasks and their search results persist as long as you are running the EPICenter client, even if you leave the IP/MAC Address Finder applet and go to another EPICenter applet. However, when you exit the EPICenter client, all the task specifications and search results are deleted. Creating a Search Task To create a search task, click the Find button in the tool bar at the top of the IP/MAC Address...
Page 237 Creating a Search Task To create a search task: 1 Enter the task name in the Task Name field. This name helps you identify the task in the Find Address Tasks List. Names of the form Task1, Task2 and so on are provided by default. 2 Define the search targets: in the Enter an Address group box, select either IP or MAC to determine the format of the address to search for, and enter the address into the fields provided.
Page 238: Detailed Task View
Using the IP/MAC Address Finder 7 When you have completed your search specification, click the Submit button at the bottom of the window to initiate the search. The IP/MAC Finder applet searches the IP Address Translation Table (the ) in each ipNetToMediaTable device agent for IP addresses, and the Forwarding Database (FDB) for MAC addresses.
Page 239 Detailed Task View While the task is in progress, the window shows the status as Pending. When the search is complete, the Detailed Task View shows the results for the search (Figure 103). Figure 103: Address search results in the Detailed Task view The Detailed Task View shows the following information about your search.
Page 240: Exporting Task Results To A Text File
Using the IP/MAC Address Finder The Search Results list shows the results of the search. For every address successfully located, this list shows: • Both the MAC address and the corresponding IP address. • The switch and port to which the address is connected. •...
Page 241 Detailed Task View If you select Export Local: — Detail and search result files for a task are saved by default in the WINNT\Profiles\user directory on Windows systems or your local home directory on Solaris systems. You can also choose to save the file in a different location in the Save dialog. 3 Click the Apply button to save the results.
Page 242 Using the IP/MAC Address Finder EPICenter Software Installation and User Guide...
Page 243: Using Extremeview
Using ExtremeView This chapter describes how to use ExtremeView for: • Viewing Extreme and third-party device status. • Viewing and setting Extreme device configuration information using the ExtremeWare Vista graphical user interface. • Viewing Extreme device statistics using the ExtremeWare Vista graphical user interface. Overview of the ExtremeView Application The ExtremeView applet displays information about the status of Extreme switches (Summit, Alpine, and Black Diamond switches) and third-party devices managed by EPICenter.
Page 244: Viewing Device Status Information
Extreme Networks switches, organized by ExtremeWare Vista configuration categories. Individual third-party devices cannot be accessed through this feature. • Statistics displays monitoring results for Extreme Networks switches, also based on ExtremeWare Vista statistics monitoring categories. You can view summary statistics that include active and inactive port counters for all Extreme Networks devices—in a specific device group—known to...
Page 245 Viewing Device Status Information Figure 105: The ExtremeView applet, Status window To show summary status for the devices in a Device Group, select a Device Group name from the Component Tree on the left (see Figure 106). Figure 106: The ExtremeView applet, device group status EPICenter Software Installation and User Guide...
Page 246 Using ExtremeView The following status information is displayed: • The status “lights” show the status of the device as detected by EPICenter. Table 8: ExtremeView Device Status Indicators Status Light Device Status Device is up and OK Green Device is responding, but reports an error condition such as a fan or power supply failure, Yellow or excessive temperature Device is offline.
Page 247 Viewing Device Status Information This view shows an active graphical display of the switch front panel, as well as a panel of status information. You can view the status of individual modules (slots), ports, and power supplies (where shown), as shown in Figure 108, in two ways: •...
Page 248: Viewing Switch Configuration Information
The port type is ethernet-csmacd(6) by default. However, some devices may support other port types. For example, some 3Com devices support a layer 3 module which is of type other(1). As Extreme Networks continues to develop additional device images, they will be made available on Extreme Networks’ support web site at: www.extremenetworks.com/services/software/epicenter.asp...
Page 249 Viewing Switch Configuration Information Figure 110: The ExtremeView applet, Configuration window To show a configuration summary for the Extreme Networks switches in a device group, select a device group name from the Component Tree on the left (see Figure 111).
Page 250 Using ExtremeView Figure 111: The ExtremeView applet, Configuration summary The sub-components under the device group name in the Component Tree are the devices that are members of the device group. Select a device, slot, or port from the Component Tree on the left to display the categories of configuration information that are available through this applet for the selected device, as shown in Figure 112.
Page 251 Viewing Switch Configuration Information Figure 112: The ExtremeView applet, ExtremeWare Vista summary The categories in the Configuration window correspond to pages from the ExtremeWare Vista application running on the switch. Select one of the categories to view the configuration settings for that switch in the category you have chosen.
Page 252 Using ExtremeView Figure 113: The ExtremeView applet, Configuration details Enter your changes directly into the editable fields in the configuration display. When you have made the necessary configuration changes, click Submit to send these to the switch for implementation. EPICenter Software Installation and User Guide...
Page 253: Viewing Switch Statistics
Viewing Switch Statistics Viewing Switch Statistics Select the Statistics tab in the ExtremeView applet to display the Statistics window. The Statistics window displays a summary of all of the device groups known to EPICenter, as shown in Figure 114. Figure 114: The ExtremeView applet, Statistics window To show summary statistics for Extreme switches in a device group, select a device group name from the Component Tree on the left (see Figure 115).
Page 254 Using ExtremeView Figure 115: The ExtremeView applet, device group statistics The sub-components under the device group name in the Component Tree are the devices that are members of the device group. Select a device from the Component Tree on the left to display the categories of statistical information that are available through this applet for the selected device, as shown in Figure 116.
Page 255: Finding Devices
Finding Devices The categories in the Statistics window correspond to pages of information from the ExtremeWare Vista application running on the switch. Select one of these categories to to view the configuration settings for that switch in the category you have chosen. This displays the selected set of statistics for the selected switch.
Page 256: Viewing Device Information From Pop-Up Menus
Using ExtremeView — A domain. Select the domain from the drop-down menu in the domain field. If you do not specify a name or IP address in the Search field, all devices in the domain you select will be found. —...
Page 257: Alarms
Viewing Device Information from Pop-up Menus The Device Properties window appears and displays the attributes for the selected device. See “Device Properties” on page 259 for details on using this feature. Slot To view the Properties display for a selected slot: •...
Page 258: Statistics
Using ExtremeView Statistics The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device. To view the Device Statistics display for a selected device: • Right-click on the device, then select Devices -> Statistics from the pop-up menu that appears This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected device.
Page 259: Displaying Properties
Displaying Properties Displaying Properties You can view the properties of a device group, device, slot, or port in the EPICenter database. This section describes how to view properties through the ExtremeView applet. Device Group Properties You can view summary information for all device groups, or view information about individual device groups.
Page 260: Slot Properties
Using ExtremeView The STP Tab The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs. The Network Login/802.1x Tab The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device.
Page 261 Displaying Properties For these modules, the Device Slot Properties window displays two tabs: • Slot • Network Login/802.1x The Slot tab displays the following information: • Slot Name—The number, or letter, of the slot where the module is installed • Configured Type—The type of module that is configured for the slot •...
Page 262 Using ExtremeView • Description—A description of the module that is inserted into the slot • Primary Version—The primary ExtremeWare software image running on the module • Secondary Version—The secondary ExtremeWare software image running on the module • Current Version—The current ExtremeWare software image running on the module •...
Page 263: Port Properties
Displaying Properties • VLAN—The VLAN to which the port belongs. Port Properties To view port properties, do the following: 1 From the Component Tree, click on the plus sign of a device. For a non-modular device, this displays the ports for that particular device. For a modular device, this displays the slots for that particular device.
Page 264 Using ExtremeView The Device Port Properties window has two tabs: • Port • Network Login/802.1x The Port tab displays the following information: • Port Number—The number of the port • Configured Type—The type of port • Media—The media for a redundant port (Primary or Redundant) •...
Page 265 Displaying Properties • Login Type—The login type, either network login or 802.1x. • MAC Address—The MAC address of the user’s host. • VLAN—The VLAN to which the port belongs. EPICenter Software Installation and User Guide...
Page 266 Using ExtremeView EPICenter Software Installation and User Guide...
Page 267: Real-Time Statistics
The Real-Time Statistics feature of the EPICenter software enables you to view a graphical presentation of utilization and error statistics for Extreme Networks switches in real time. The data is taken from Management Information Base (MIB) objects in the etherHistory table of the Remote Monitoring (RMON) MIB.
Page 268 Real-Time Statistics You can view the following types of data: • Percent Utilization for each port in the set (device, port group, or single port). Percent utilization reports the value of the etherHistoryUtilization MIB object. The MIB defines this variable as follows: Table 9: Definition of RMON Utilization Variable Used in Port Utilization Displays etherHistoryUtilization The best estimate of the mean physical layer network utilization on this...
Page 269: Displaying Multi-Port Statistics
Displaying Multi-port Statistics Displaying Multi-port Statistics When you click the RT Stats button in the Navigation Toolbar, the main Real-Time Statistics page is displayed, as shown in Figure 123. Initially, no data is displayed—you see a message asking you to select a device, device slot, or port group to be displayed.
Page 270 Real-Time Statistics Figure 124: Bar chart showing port statistics for a group of ports If you place the cursor near a bar in the chart, a pop-up window shows the port number and device, actual data value, and the time stamp on the data sample. You can use the mouse to change the depth and rotation of a 3-dimensional chart: •...
Page 271: Displaying Statistics For A Single Port
Displaying Statistics For a Single Port Figure 125: Warning displayed when the EPICenter server cannot retrieve data There are several reasons why the EPICenter server may not be able to display any device data: • The EPICenter server cannot communicate with the device (indicated by an “S” in a red circle next to the device name).
Page 272 Real-Time Statistics Figure 126: Utilization data over time for an individual port on a device The number of data points displayed, and the sampling interval are user-configurable parameters, within the limitations of the device configuration. The defaults are: • A 30-second sampling interval •...
Page 273: Changing The Display Mode
Changing the Display Mode Figure 127: Individual errors in a single-port chart Changing the Display Mode The icons at the top of the page let you select the format of the statistical display, and control several other aspects of the display. Select this to determine whether the display for a device or port group will include all ports, or only the top N ports (where N is initially fifteen).
Page 274: Setting Graph Preferences
Real-Time Statistics Select this to display the data as a bar chart. A 3D bar chart is the default for all chart displays. The 3D setting is also a user-configurable option. Select this to display the data as a horizontal bar chart. This chart type by default displays in 3D.
Page 275 Setting Graph Preferences Use the tabs across the top of the window to select the type of setting you want to change. Each tab displays a page with a group of related settings. When you have changed any setting you want on a given page: •...
Page 276 Real-Time Statistics Graph Colors (Figure 129) lets you set the colors for the graph background and text (data and axis labels). Figure 129: Setting graph color preferences • To change a color, click on a button with the color bar icon. This displays a color selection window where you can select the color you want.
Page 277: Taking Graph Snapshots
Taking Graph Snapshots Graph Data (Figure 131) lets you set several miscellaneous graph parameters. Figure 131: Setting other graph preferences • Top N Display Count specifies the number of ports to include in a Top N display. The default is 15, maximum is 100.
Page 278 Real-Time Statistics Figure 132: Snapshot of Real-Time Statistics graph display To take a snapshot, click the camera icon located in the toolbar at the top of the RT Statistics applet window. The snapshot image will be displayed in a new window in the same form (graph or table) as it was in the RT Statistics applet.
Page 279: Viewing Device Information From Pop-Up Menus
Viewing Device Information from Pop-up Menus Viewing Device Information from Pop-up Menus You can select a device, a slot, or a port in the Component Tree, then right-click to display a pop-up menu that contains the Properties command. The Properties command displays the attributes for a specific device group, device, slot, or port.
Page 280: Browse
Real-Time Statistics Browse The Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected device: • Right-click on the device, then select Browse from the pop-up menu that appears This starts the ExtremeWare Vista login page in a new web browser window. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista.
Page 281: Vlans
Displaying Properties VLANs The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to the EPICenter database. To view the VLANs for a selected device: • Right-click on the device, then select VLANs from the pop-up menu that appears This starts the VLAN applet in a new window and displays the VLANs currently know to the EPICenter database.
Page 282: Slot Properties
Real-Time Statistics Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter. The Device Tab The Device tab displays information about the device such as its IP address, MAC address, and boot time.
Page 283: Port Properties
Displaying Properties Port Properties You can view summary information about a specific port in a device. To view properties for a port in a modular device, click on the plus sign of a device to display the slots for that particular device. Click on the plus sign of a slot to display the ports for that particular device. Right-click on a device and select Properties from the pop-up menu that appears.
Page 284 Real-Time Statistics EPICenter Software Installation and User Guide...
Page 285: Network Topology Views
Extreme Discovery Protocol (EDP) enabled. Links cannot be discovered on non-Extreme Networks devices, on Extreme Networks devices with EDP disabled, or on devices running the following versions of ExtremeWare: versions prior to 4.1.19b2, version 5.x, or version 6.0.x. Links can be discovered on devices with EDP enabled running ExtremeWare 4.1.19 b2, 4.1.20, or 4.1.21, or ExtremeWare 6.1 or...
Page 286: Displaying A Network Topology View
Network Topology Views In addition, from a managed device node on the map, you can invoke other EPICenter functions such as the alarm browser, Telnet, real-time statistics, a front panel view, the VLAN Manager, or ExtremeWare Vista for the selected device, or view device properties from a Properties window. Maps are initially created in a layout based on information in EPICenter’s device inventory about the devices and their connectivity.
Page 287: Map Elements
Displaying a Network Topology View A Map is a collection of nodes and links. The top portion of the left-hand panel displays the Map Hierarchy Tree. This starts at the root map and shows the hierarchy of submaps in the current topology view. The current map name is highlighted. The bottom portion of the left-hand panel is the Map Element Description panel, that displays information about the currently selected map element if one (and only one) is selected.
Page 288 Network Topology Views • A submap icon, as shown in Figure 135. A submap node does not provide any additional status information. L2 Cloud Nodes. An L2 cloud map node provides connectivity between devices when the details of the connectivity cannot be determined. For example, if there is a hub between two devices, the Topology applet will place an L2 cloud between the devices.
Page 289 Extreme Networks devices with EDP enabled. NOTE For third-party devices or Extreme Networks devices with EDP disabled or not supported, you can manually add links to the map to represent connectivity between devices. However, these links will always have unknown status, will not display endpoint or utilization information, and will not be updated when the map topology changes.
Page 290 Network Topology Views Figure 139: Example of a gigabit link showing endpoint connectivity and Up status When one of the endpoints is within another submap, the annotation will include the device name or IP address of the device that contains the endpoint within the submap. Whether the IP address or device name is used depends on the setting of the Device Tree UI property in the Administration applet—the one that appears first is used.
Page 291: Map Element Description Panel
Displaying a Network Topology View NOTE If RMON statistics are not enabled in the switch, then no statistics will be displayed, even if you enable the display of RMON statistics for the map. Manipulating Map Elements Map elements (nodes and links) can be resized, cut to a clipboard, pasted, deleted and added. There are a number of ways to invoke these actions: •...
Page 292: Manipulating Topology Views And Maps
Network Topology Views Link Nodes For individual links, the information panel displays the following information: • Status: The status of the link—up, down, partially up (for load-shared links only) or unknown. Partially up indicates that one or more of the links in the load shared group is down. In this case, all other links in the load-shared group are considered partially up.
Page 293: Creating A New View Or A New Map
Manipulating Topology Views and Maps • A pop-up menu you can invoke by clicking the right mouse button on any unoccupied area of the map background • A pop-up menu you can invoke by right-clicking on a Device map node •...
Page 294: Node Placement Criteria In An Auto Populate View
Network Topology Views If your map will contain a large number of nodes, you may need to eliminate the device names and node icons from the display, and reduce the font size in order to fit all the map elements onto a map with adequate spacing.
Page 295 Manipulating Topology Views and Maps Figure 141: Map layout warning for placement of more than 400 nodes If you want to proceed with the default (optimized) layout, check the Default Map Layout checkbox. Even though the default layout may take a long time, it only needs to be done once, and produces a more optimal layout.
Page 296 Network Topology Views Figure 143: Example of a grid layout Creating a New Submap You can create a new map by doing one of the following: • Select New Map from the New menu • Click the “Create new map” icon on the icon bar: A new submap node appears on the map, and a New Map entry appears in the map hierarchy tree, as shown in Figure 144.
Page 297: Adding Elements To The Map
Manipulating Topology Views and Maps Figure 144: Adding a new map To give the submap a different name, select the submap node, and change the name in the name field in the Information panel. The change will take effect when you click away from the submap node. You can also change the name of any map (including the Root Map) by clicking slowly twice on the name in the Map Tree Hierarchy.
Page 298 EPICenter. This may be the case if EDP is disabled on a device, if the device is a non-Extreme Networks device, or if EDP is not supported by the version of ExtremeWare running on the device. In these cases you can add a link between nodes on your map by doing the following: •...
Page 299 Manipulating Topology Views and Maps Figure 145: Adding a link to your map To attach the link between two map nodes: 1 Select one of the red triangles, then wait until a move cursor appears 2 Drag and drop one end of the link onto one of the node you want to connect 3 Do the same with the other end of the link After the link is connected, you can specify endpoint for the link.
Page 300 Network Topology Views Figure 146: Specifying ports for a new link connection There are a number of restrictions that apply to the behavior of manually-created links: • These links appear only on the map where they were created—they will not exist between the same devices in any other view.
Page 301: Editing The Map
Manipulating Topology Views and Maps NOTE If there is a existing link that is down when you do a Discover Links, EPICenter will remove that link, since it cannot discover links from which it cannot get status. However, if you have auto-populate turned on for the map, the real link will be added back to the map once the link comes back up.
Page 302 Network Topology Views You will be asked to confirm that you want to delete the map. NOTE A submap must be empty before you can delete it. You cannot use the Delete Map command to delete the Root Map. To delete the Root map you must delete the entire View with the Delete View command. Cutting Map Nodes You can cut selected device, decorative, or text nodes from the map in order to paste them in another location.
Page 303 Manipulating Topology Views and Maps If nodes are pasted partially or completely on top of one another, you can use the Layout Map command (see “Map Layout” on page 305) to rearrange them. NOTE Cutting and pasting nodes does NOT preserve manually-created links between the nodes. Links that are automatically discovered may be recreated after the nodes are pasted, but links that were created manually must be recreated manually.
Page 304: Setting View Properties
Network Topology Views CAUTION Active links that were created automatically by EPICenter will be recreated automatically on the next polling cycle as long as the endpoints they linked are still present on the map. The only links that can be permanently deleted are manually-created links or links that cease to exist. CAUTION Links that have been deleted cannot be pasted.
Page 305: Map Viewing Functions
Manipulating Topology Views and Maps To change the properties for the current view, do the following: • Select the Auto populate view option to add the devices currently in the EPICenter inventory database to the View. Submaps, L2 clouds and hyper nodes will be created as needed. In addition, as new devices are added to EPICenter, they will also be added to the view.
Page 306 Network Topology Views Figure 148: Default map layout optimized to minimize node and link overlap. You can use the Expand Map and Compress Map commands to increase or decrease the space between nodes in the map. You can also move map nodes by selecting them and dragging them to the location where you want them placed.
Page 307 Manipulating Topology Views and Maps Figure 149: Map layout produced by Layout Map in Window command Fitting a Map in the Window If the default map layout is larger than the visible area of the Topology Manager window, you can have the Topology Manager shrink the map to fit into the visible area of the window.
Page 308 Network Topology Views Figure 150: Map layout produced by Layout Map in Window command Expanding the Map The Expand Map function increases the length of the links between map nodes without changing the size of the nodes. To expand the current map, do one of the following: •...
Page 309 Manipulating Topology Views and Maps By default (if you do not select any specific nodes) the command will inflate all nodes on the current map. If you select one or more nodes, the command will inflate just the nodes you’ve selected. You can select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you want to select).
Page 310 Network Topology Views Unzooming the Map The Unzoom Map function restores the map to the size it was prior to any Zoom In or Zoom Out actions. To “unzoom” the map, do one of the following: • Select Unzoom Map from the Map menu •...
Page 311 Manipulating Topology Views and Maps Figure 151: Finding a node in the current view • To find a node, select the node and click the Find button. This will display the appropriate submap, if necessary, and highlight the node you have selected. The Find Map Node window will continue to be displayed until you dismiss it with the Close button.
Page 312 Network Topology Views Figure 152: Setting Map Properties for the current map In this window you can do the following: • To change the name of the map, modify the name in the Name field • To select a background image for the map, select the image you want from the drop-down list in the Background Image field •...
Page 313: Displaying Vlan Information
Displaying VLAN Information will be a uniform solid color, click in the checkbox to remove the check mark. The default is to use a gradient background. • Set the Map Node Font Size to change the size of the font used for map node labels (names, annotations, IP addresses and so on).
Page 314 Network Topology Views • Select Display from the menu bar, and then select VLAN information. This is a toggle menu item; select it once to display VLAN information, select it again to remove the VLAN information display. When you enable the VLAN information display, a drop down field appears in the applet Toolbar that lists all the VLANs configured for devices on the map.
Page 315: Using The Tools Menu
Using the Tools Menu • To view VLANs configured on a link, select the link. VLAN configuration information for the devices on both sides of the link is displayed in the Map Element Description panel. (Note that this information is always displayed for links, even if you do not have the VLAN Display option selected.) Using the Tools Menu Using the tools menu, you can add links to a VLAN, connect edge ports to a VLAN, and view a variety...
Page 316 Network Topology Views Figure 154: Add Links to VLAN Dialog • To add the selected link to an existing VLAN, select the VLAN from the list. You can add the VLAN as tagged or untagged by toggling the Add selected links to VLAN as tagged checkbox. •...
Page 317: Connecting An Edge Port To A Vlan
Using the Tools Menu • To add the selected links, click OK. For more information on creating new VLANs, see Chapter 13. Connecting an Edge Port to a VLAN Using the Topology applet, you can add an edge port from a selected device to a particular VLAN. As you add the port, the map view is automatically updated to display your proposed changes.
Page 318: Device Alarms
Network Topology Views Figure 157: Connect Port to VLAN Wizard (page 2) If the connection from the selected edge port to the desired VLAN is viable, the Wizard displays path information, including any additional ports that must be added to the VLAN to accommodate the connection.
Page 319: Device Browse
Using the Tools Menu Device Browse The Device Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected node, select the node and do one of the following: • Select Device Browse from the Tools menu •...
Page 320: Device Vlans
Network Topology Views This starts the ExtremeView applet in a new window and displays the front-panel image and information for the device associated with the selected Device map node. See Chapter 10 for details on using this feature. Device VLANs The Device VLANs function runs the VLAN Manager applet, and displays the VLAN configurations for the selected device.
Page 321: Using The Vlan Manager
A Virtual LAN is a group of location- and topology-independent devices that communicate as if they were on the same physical local area network (LAN). Extreme Networks switches have a VLAN feature that enables you to construct broadcast domains without being restricted by physical connections.
Page 322: Displaying A Vlan
Using the VLAN Manager • A combination of these criteria In the EPICenter system, a VLAN is defined uniquely by the following: • Name • 802.1Q tag (if defined) • Protocol filters applied to the VLAN As a result, multiple switches are shown as members of the same VLAN whenever all the above are the same.
Page 323 VLAN is every switch that has the VLAN defined on it (see Figure 158). When the top level of the tree (the VLANs node) is selected, the right hand panel displays a list of all VLANs configured on the Extreme Networks switches included to the EPICenter database. The All VLANs display includes: •...
Page 324: Viewing Vlans On A Switch
Using the VLAN Manager Figure 159: VLAN Manager view By Switch, showing VLANs organized by device The Devices view includes • Name—The switch name • Type—An icon representing the switch type. Select an individual switch to list the VLANs that are configured on that switch. Viewing VLANs on a Switch To view all VLANs configured on an individual switch, select the switch in the Component Tree of the By Switch view.
Page 325: Viewing Switches In A Vlan
Displaying a VLAN Figure 160: VLAN topology shown by switch The following information is displayed for each VLAN on the selected switch: • Name—VLAN name • Tag—VLAN tag • Protocol—Protocol filter for the VLAN • VLAN IP Addr—VLAN IP address •...
Page 326: Viewing Vlan Member Ports
Using the VLAN Manager Figure 161: VLANs present on the selected switch Put info here about what is shown for each switch in the selected VLAN: • Name—Device name • Type—An icon representing the device Type • VLAN IP Addr—IP address of the VLAN •...
Page 327 Displaying a VLAN Figure 162: VLAN member ports on a selected switch The port details include the following information about each port: • Port—The port number • Type—The port type, shown as an icon. Different icons are used to represent the port types: 10/100Mbps ( 100Base-FX ( 100Base-T/TX (...
Page 328: Viewing Device Information From Pop-Up Menus
Using the VLAN Manager Viewing Device Information from Pop-up Menus From a device entry in the Component Tree (in either the By Switch or By VLAN view) you can select a VLAN or a device and right-click to display a pop-up menu. The contents of the pop-up menu depend on the component you have selected: •...
Page 329 Displaying a VLAN EView The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image and device information for the selected device. To view the EView for a selected device: • Right-click on the device, then select EView from the pop-up menu that appears This starts the ExtremeView applet in a new window and displays the front-panel image and information for the selected device.
Page 330: Adding A Vlan
For more details about the Device Properties window, see“Device Properties” on page 117 in Chapter 4. Adding a VLAN Users with Administrator or Manager access can create VLANs on the Extreme Networks switches managed by the EPICenter software. If you have Monitor access only, you can not use this function.
Page 331 Adding a VLAN Figure 163: Add VLAN dialog, Properties and Ports page 2 Enter a descriptive name for the VLAN. The name must begin with a letter followed by up to 31 characters. See the ExtremeWare Software User Guide for details on VLAN naming. 3 Select an entry from the pull-down Protocol Filter list.
Page 332 Using the VLAN Manager 9 After you add a device and port to the VLAN, you can use the Connect Device button to determine whether that port can connect to the other members of the VLAN. • Select the device you want to check. •...
Page 333: Deleting A Vlan
5 Click Close to exit the window. Deleting a VLAN Users with Administrator or Manager access can delete VLANs from Extreme Networks switches managed by the EPICenter software. If you have only Monitor access, you cannot use this function. To delete a VLAN, follow these steps: 1 Click the Delete button in the VLAN Manager Toolbar.
Page 334: Modifying A Vlan
Using the VLAN Manager Figure 166: The Delete VLAN page 2 Select the VLAN you want to delete. 3 Click Delete. The VLAN is deleted from all the switches on which it exists. 4 Click Close to exit the window. If any of the switches are offline or unreachable, the VLAN remains with only those switches as a member.
Page 335: Modifying A Vlan From The Toolbar
Modifying a VLAN • Select a VLAN in the Component Tree, right-click to display the pop-up menu, and select Modify VLAN Membership. Using this method you can modify only the VLAN membership of the VLAN selected in the Component Tree. You cannot modify IP Forwarding behavior or search for device connections. See “Modifying a VLAN from the Component Tree Menu”...
Page 336 Using the VLAN Manager 7 Select one or more ports from the Available Ports list. 8 Click Tagged to add the ports as a tagged ports. Click Untagged to add the ports as an untagged ports. If this is an untagged VLAN, you cannot add a tagged port. The tagged button will be greyed out in this case.
Page 337: Modifying A Vlan From The Component Tree Menu
Modifying a VLAN Figure 168: The Modify VLAN dialog, IP Forwarding page 12 Select a switch from the table of switches. 13 Change the IP address and IP mask as appropriate. Click the Enable IP forwarding check box to enable or disable IP forwarding for this VLAN on the switch. 14 Click Apply to implement the changes.
Page 338: Adding And Deleting Protocol Filters
Using the VLAN Manager Figure 169: Modify Membership of VLAN window 3 To add a port to the VLAN, first select the switch in the Component Tree on the left. The Resource Table displays a list of ports on the selected switch that are available to be included in the VLAN. NOTE The list of port resources does not include ports configured as slave load sharing ports.
Page 339 VLAN are indicated with an asterisk (*) in the In Use column. 2 To delete a protocol filter, select a filter in the list, and click Delete. This deletes the protocol filter from all Extreme Networks switches managed by the EPICenter software, as well as from the EPICenter database.
Page 340 Using the VLAN Manager 2 Enter a descriptive name for the Protocol. The name must begin with a letter followed by up to 31 characters. See the ExtremeWare Software User Guide for details on naming. 3 Select a protocol type from the pull-down list in the type column. 4 Type a corresponding four-digit hexadecimal filter value in the value field.
Page 341: The Spanning Tree Monitor
The EPICenter Spanning Tree Monitor module displays information about STP domains at the domain, VLAN, device, and port levels. STP is a bridge-based mechanism for providing fault tolerance on networks. In the Extreme Networks implementation of STP, a switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent Spanning Tree instance, called a Spanning Tree Domain (STPD).
Page 342: Displaying Stp Domain Information
The Spanning Tree Monitor STP configuration must be done through the EPICenter Telnet applet or through the ExtremeWare command line interface. The STP monitor displays summary and detailed STP configuration information about the devices being managed by the EPICenter server. It allows you to view STP configuration information network-wide rather than only device by device as is the case through the ExtremeWare CLI.
Page 343 Displaying STP Domain Information Under the root node the Component Tree displays all the STP domains identified by the EPICenter server. The VLANs included in the domain are listed as subcomponents of the domain. The VLANs in turn show the devices with ports that are members of the VLAN within the domain. NOTE Devices running earlier versions of ExtremeWare may also have Spanning Tree domains configured and enabled, but the EPICenter server is unable to obtain information about these domains because...
Page 344: Displaying Stp Vlan Configurations
The Spanning Tree Monitor Displaying STP VLAN Configurations Select a specific STP domain in the Component Tree to view summary information about the VLANs in the selected domain. When you select an STP domain, the STP VLAN view appears, as shown in Figure 173.
Page 345 Displaying STP Domain Information Figure 174: STP Devices view This view shows information about the devices participating in the selected VLAN within this domain. The information presented for each device includes: • Name: The name of the device. • State: The state of STP on this domain (enabled or disabled). If disabled, most of the remaining fields are zero.
Page 346: Displaying Stp Port Information
The Spanning Tree Monitor • Hold Time: The time during which no more than two configuration BPDUs can be transmitted by this node. Value is in seconds. • Ports: The number of ports on this bridge participating in this VLAN in this domain, if the domain is enabled.
Page 347: Viewing Stp Domain Properties From Pop-Up Menus
Viewing STP Domain Properties from Pop-Up Menus • Designated Cost: The total cost of the path from this port (the Designated Port) to the root bridge for this STP domain. • Link: The switch and port at the other side of the link. The panel at the bottom of this view shows summary information about the STP domain, VLAN and device with which these ports are associated.
Page 348: Vlan Properties
The Spanning Tree Monitor VLAN Properties The VLAN Properties window displays the following information: • Name: The VLAN name • Tag: The VLAN tag value (if any) or “Untagged” • Protocol: The protocol filter configured for the VLAN Click OK to close the window. The Device Pop-Up Menu When you right-click on a device in the Component Tree, the pop-up menu contains Alarms, Browse, EView, Statistics, Sync, Telnet, VLANs, and Properties commands.
Page 349 Viewing STP Domain Properties from Pop-Up Menus Statistics The Device Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device. To view the Device Statistics display for a selected device: • Right-click on the device, then select Device from the pop-up menu that appears This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected device.
Page 350 The Spanning Tree Monitor Properties The Properties function lets you view the attributes for a selected device. The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages Each tab displays the name of the device and a status “light”...
Page 351: The Esrp Manager
The ESRP Manager This chapter describes how to use the EPICenter ESRP Manager applet for: • Viewing the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs Overview of the ESRP Manager The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users.
Page 352 The ESRP Manager Figure 176: ESRP Manager showing summary ESRP-enabled VLAN status This display shows a summary of the ESRP configuration for each ESRP-enabled VLAN. The information displayed is as follows: • VLAN Name—The name of the ESRP-enabled VLAN. • Master Switch—The name, if known, or MAC address of the switch currently designated as the Master switch.
Page 353: Viewing Esrp Detail Information
Viewing ESRP Detail Information The election algorithm can be one of the following: — (the default): This algorithm considers active ports first, then ports_track_priority_mac tracking, then priority, then the MAC address to determine the ESRP Master. This is the only algorithm supported for ExtremeWare releases prior to version 6.0 —...
Page 354 The ESRP Manager ESRP trap events will also be recorded in the EPICenter Event Log, which you can view using the EPICenter Event Log Report (see Chapter 17). ESRP state change traps will be recorded in the EPICenter Alarm Log (see Chapter 5). NOTE ESRP Traps are not implemented in ExtremeWare versions 4.x or 5.x.
Page 355: Administering Epicenter
The EPICenter server and its Remote Authentication Dial In User Service (RADIUS) server can be used for user authentication, both for EPICenter server access and Extreme Networks switch access. The Administration applet provides an interface for configuring the RADIUS server.
Page 356: The Epicenter Radius Server
The EPICenter software incorporates a basic RADIUS server for user authentication. RADIUS provides a standard way for the EPICenter software and Extreme Networks switches to handle user authentication, permitting the unification of the Extreme Networks CLI, ExtremeWare Vista, and EPICenter user authentication.
Page 357: Starting The Epicenter Client For The First Time
Starting the EPICenter Client for the First Time Starting the EPICenter Client for the First Time The two default users, admin and user, do not initially have passwords. It is strongly recommended that you log in the first time with the user name admin, and immediately change the admin password.
Page 358: Changing The Admin Password
Administering EPICenter Changing the Admin Password To change the Admin password: 1 Click the tab at the top of the page to display the User Administration page, if necessary. 2 Select the user admin in the User list. 3 Click Modify. The Edit User window appears, as shown in Figure 179.
Page 359 Adding or Modifying User Accounts 4 To add a user, click Add. To change a user’s access or password, select the user name and click Modify. The New User window (or Edit User window) appears (Figure 180). Figure 180: New User and Edit User windows 5 For a new user, type a user name into the Name field.
Page 360: Deleting Users
Administering EPICenter NOTE A change to a user account does not take effect until the next time the user logs in. Deleting Users To delete a user, follow these steps: 1 Log in to the ExtremeWare EPICenter as a user with Administrator access. 2 At the About ExtremeWare EPICenter window, click Admin in the Navigation Toolbar.
Page 361: Radius Administration
RADIUS Administration Figure 181: Change Password window The window shows your user name, and your EPICenter and RADIUS Account Access levels, but you cannot change them. 2 Type your new password in the Password field. 3 Type the password again in the Verify Password field. 4 Click Apply.
Page 362: Radius Server Configuration
Administering EPICenter If you have enabled the EPICenter RADIUS server, authentication activity is logged to the file , found in the EPICenter root install directory. radius_log.txt • To change the EPICenter server RADIUS configuration, click the RADIUS tab at the top of the page. The RADIUS Administration page appears, as shown in Figure 182.
Page 363: Radius Client Configuration
Server Properties Administration 3 The default port used for the RADIUS server is 1645. To change the server port, enter the port number in the RADIUS Port field. NOTE If you change the RADIUS server port, you must make sure that the ports used in any RADIUS clients (Extreme switches that use this RADIUS server for user authentication) match the port you enter for the server.
Page 364 Administering EPICenter Figure 183: Server Properties Configuration page, initial properties list 2 Select a set of properties from the drop-down menu field at the top of the central panel. You can select among five sets of properties: — Devices — Scalability —...
Page 365: Devices Properties
Server Properties Administration 5 For some changes, you will need to restart the EPICenter server for the changes to take effect. A pop-up dialog will inform you that this is necessary. Click OK to dismiss the dialog box, and then shut down and restart the EPICenter server. See Chapter 3 for information on how to shut down and restart the EPICenter server.
Page 366: Scalability Properties
Administering EPICenter — Accept SysLog messages with Min Severity: The minimum severity level of messages to be logged in a switch Syslog file. All messages with Severity equal to or higher than the setting you select will be logged. For example, if you select 2:Critical, then messages of severity 2 (Critical), 1 (Alert), and 0 (Emergency) will be logged.
Page 367: Snmp Properties
Server Properties Administration • Thread Pool Size: This specifies the maximum number of threads available. Increasing this number may improve overall performance. For managing more than 1000 devices, it is recommended that you increase this to 50. The default is 20. •...
Page 368: Topology Properties
Administering EPICenter • Timeout Period: The length of time, in seconds, to wait for an SNMP poll request to complete, in milliseconds, before timing out. The default is two seconds. The range is one to 10 seconds. This setting determines the time-out interval only for the first unsuccessful SNMP request; once a request times out, subsequent requests will time out more slowly, based on an exponential time-out back-off algorithm, until it reaches the maximum number of retries.
Page 369: External Connection Properties
Extreme Networks website if your network uses a firewall. When an HTTP proxy is configured, all HTTP connections are made through the proxy server rather than directly to Extreme Networks. • HTTP Proxy Port: The port number for the HTTP Proxy, used to connect to the Extreme Networks website if your network uses a firewall.
Page 370: Distributed Server Administration
Administering EPICenter • Update Type Library on Server: This function updates the EPICenter type library, which is a repository of information about devices (primarily from Extreme Networks) that are supported by EPICenter. • Device Tree UI: A setting that specifies how devices are identified in the Component Tree and in selected other locations.
Page 371: Configuring A Server Group Member
Distributed Server Administration 1 Click the Distributed Server tab at the top of the page. The Distributed Server Administration page appears, as shown in Figure 184. Figure 184: Distributed Server Administration page Initially, the EPICenter server is configured as a single server. In single server mode, the server does not communicate with any other EPICenter servers.
Page 372: Configuring A Server Group Manager
Administering EPICenter NOTE If you change the secret for one EPICenter server, you must also change it for all of the other servers in the group. 5 Click Apply to have the configuration changes take effect. Configuring a Server Group Manager To function as the EPICenter Server Group Manager, the server must have a host name that is configured through DNS.
Page 373: Dynamic Reports
Dynamic Reports This chapter describes how to use the EPICenter Reports capability for: • Viewing predefined Network Summary Reports from the Home EPICenter page • Viewing predefined EPICenter status reports from the Dynamic Reports • Creating new reports by writing Tcl scripts Overview of EPICenter Reports The EPICenter software provides several sets of HTML-based reports that provide information about the devices managed by the EPICenter server.
Page 374: Network Status Summary Report
Dynamic Reports Network Status Summary Report The Network Status Summary Report provides an at-a-glance summary of the status of the devices the EPICenter server is monitoring. The main report page, as shown in Figure 185, appears when you first log into the EPICenter client, and when you click the Home button at the top of the Navigation Toolbar. The Network Status Summary Report displays information about the overall health of the network.
Page 375: Dynamic Reports
Dynamic Reports Dynamic Reports A number of predefined reports present information from the EPICenter software database. The predefined reports include: • Network Status Summary Report (described in the previous section) • Server State Summary Report • Device Inventory Report • Slot Inventory Report •...
Page 376: Viewing Predefined Epicenter Reports
Dynamic Reports You can access the EPICenter software Dynamic Reporting capability in one of two ways: • By clicking the Reports button in the EPICenter software Navigation Toolbar • By launching your Web browser and logging in directly from the EPICenter Start-up page To log in directly from the EPICenter software Start-up page, follow these steps: 1 Launch your Web browser.
Page 377 Viewing Predefined EPICenter Reports • Config Mgmt Log These reports provide a set of fields at the top of the report similar to the ones shown in Figure 186. Figure 186: Report filter specification To create a filter, follow these steps: 1 In the first field, select the variable to use in the filter.
Page 378: Server State Summary Report
Dynamic Reports Server State Summary Report The Server State Summary Report displays statistics about configured servers, SNMP activity, thread and SNMP session pools, database activity, the ports used by the EPICenter server, and EPICenter licenses. The report provides the following information. The first table in the report shows the status of the servers known to EPICenter and whether they are enabled or disabled, and running or stopped: •...
Page 379: Device Inventory Report
Viewing Predefined EPICenter Reports • Total # of Wait For Thread—Total number of times the server has to wait for an SNMP object to become available • Percentage Wait per Request—Percentage of total wait versus total number of requests for SNMP objects The fourth table in the report shows the ports currently in use by the EPICenter server.
Page 380 Dynamic Reports Select a Device Group or All Devices to display the Device Summary report for the devices in the group. The Device Summary report displays the following information about each device: • Group—All EPICenter Device groups to which it belongs (this is displayed only if you select All Devices) •...
Page 381: Slot Inventory Report
Viewing Predefined EPICenter Reports Slot Inventory Report To view a Slot Inventory Report, click the Slot Inventory link in the left-hand panel. The Slot Inventory Report displays basic status and identification information for the slots and module cards known to EPICenter. The initial display presents a summary of module card types and empty slots.
Page 382: Device Status Report
Dynamic Reports Device Status Report To view a Device Status Report, click the Device Status link in the left-hand panel. This displays the device status and failure log for all devices known to EPICenter. The initial display presents a summary at the Device Group level. This includes the following information: •...
Page 383: Voice Vlan Summary Report
Viewing Predefined EPICenter Reports The VLAN Details report displays the following information: • Device Name—Name of the device that the VLAN is a member of • IP Address—IP address of the device that the VLAN is a member of • VLAN IP—IP address assigned to the VLAN •...
Page 384: Resource To Attribute Mapping Report
Dynamic Reports • Configured Speed/Type—Nominal (configured) speed of the interface • Actual Speed/Type—Actual speed of the interface • Edge/Uplink—Edge or uplink port interface Since the EPICenter server may be aware of many hundreds of ports, the interface information is displayed in groups of 25 ports per page. You can navigate among the pages using any of the following methods: •...
Page 385: Unused Ports Report
Viewing Predefined EPICenter Reports The pull-down list shows a set of system-defined attributes used by the Policy Manager, along with any attributes you have added to resources through the Grouping Manager. The system-defined attributes (IP, UDP Any, TCP Any, TCP Permit-Established Any, IP Any, L4 Port, and IP Address) have static definitions and are used internally by the EPICenter Policy Manager.
Page 386: Network Login Report
Dynamic Reports Network Login Report The Network Login Report provides information about 802.1x and HTTP login activity. The HTTP network log is Extreme-specific. The report displays the following information: • Device Name—Name of the device • IP Address—IP address of the device •...
Page 387: Event Log Report
Viewing Predefined EPICenter Reports Event Log Report To view an Event Log Report, click the Event Log link in the left-hand panel. This displays a report of all the entries in the EPICenter Event Log. The information reported includes: • Event #—Event ID of the event (assigned by the EPICenter server when the event is received) •...
Page 388: Configuration Management Log Report
Dynamic Reports • Severity—Syslog severity field • Message—Syslog message The event information is displayed in groups of 25 events per page. You can navigate among the pages using any of the following methods: • Clicking the Previous and Next links •...
Page 389: Printing Epicenter Reports
• Event Log • Sys Log • Config Management Activity Log From the main Reports page, you can generate a report to be used by Extreme Networks eSupport using by selecting the group and clicking Export. Creating New Reports The EPICenter software allows you to customize the existing EPICenter dynamic reports, and to define new reports.
Page 390 All the files needed to create or modify reports can be found in the directory , where is the directory where <epicenter_install_dir>/user/reports <epicenter_install_dir> the EPICenter software resides (by default c:/Program Files/Extreme Networks/EPICenter 4.1) in the Windows operating environment, or on a Solaris system). There are two /opt/extreme/epc4_1 subdirectories under the directory: reports •...
Page 391: Creating Or Modifying A Report
Creating New Reports Creating or Modifying a Report You can modify an EPICenter report HTML file in any HTML editor, such as Microsoft FrontPage. You can modify the existing HTML files to change the look and feel of the report, your icons, etc. The file is a good example.
Page 392: Adding A User-Defined Report To The Reports Menu
Dynamic Reports In addition, you can define new methods in any Tcl file in the directory, and use those methods inside the HTML file <epicenter_install_dir>/user/reports/tcl within the tags. <extr> </extr> A number of reports have been defined for use as examples. Look at the various HTML files to understand how tags are used within HTML files.
Page 393 Creating New Reports 3 Execute the command within the Tcl shell. source extrdebug.tcl This sets up the Tcl packages required, and also establish a connection with the database using the EPICenter software external API. 4 Now, run the command which parses your Tcl code and displays the extr::ExecuteExtrCommand resulting HTML file.
Page 394 Dynamic Reports Useful Methods for Debugging methods are defined as follows: GetfromDB ExecuteExtrCommand GetSessionParam ##################################################################### # extr::GetFromDB Used to make any SQL query to the database through the Epicenter server. The result is a SQL result table, formatted within HTML tags. # Arguments A string representing an SQL query.
Page 395: Voice Over Ip Manager
Voice over IP Manager This document describes how to use the optional EPICenter Voice over IP Manager applet for: • Configuring VLANs for use with IP phone sets • Configuring QoS profile and priority settings for VoIP VLANs • Computing the minimum and maximum bandwidth settings for the QoS profile used with a VoIP VLAN Overview of Voice Over IP Management The Voice over IP Manager module enables you to configure quality of service parameters for VLANs...
Page 396 Voice over IP Manager NOTE If you have not yet selected any VLANs for Voice over IP, the Voice VLANs page will be empty. See “Selecting VLANs for VoIP” on page 397 for instructions on selecting VLANs for VoIP traffic. Figure 193: Voice over IP main page showing VoIP VLANs The Voice over IP window initially displays the Voice VLANs page.
Page 397: Selecting Vlans For Voip
Selecting VLANs for VoIP When the root node is selected in the component tree (Voice over IP VLANs) the display shows all VoIP VLANs and their included devices. If you select an individual VLAN in the Component Tree, the display shows only the devices that include the selected VLAN. The Select button at the top of this window lets you select VLANs for Voice over IP.
Page 398 Voice over IP Manager When you run the VoIP applet for the first time, and have not yet selected any VLANs for VoIP, the table shown on this page will be empty. 2 Click the Select button at the top of the VoIP window. This displays the Select Voice over IP VLANs window, as shown in Figure 195.
Page 399 Selecting VLANs for VoIP Figure 196: Select Voice over IP window with Disabled VLAN NOTE Although the device-created VLANs (Default, Mgmt and MacVlanDiscover) can be selected as VoIP VLANs, it is not recommended that you use these for voice traffic. Configuring the QoS profiles could conflict with other uses of those VLANs.
Page 400: Qos Settings For A Voip Vlan
Voice over IP Manager QoS Settings for a VoIP VLAN For each Voice over IP VLAN, you can specify the compressions algorithm and QoS profile settings that should be used for the VLAN. In addition, you can indicate which of the ports within the VLAN are the egress ports for the VoIP traffic.
Page 401: Default Configuration Attributes
QoS Settings for a VoIP VLAN Default Configuration Attributes The default configuration settings are used in the calculation of the minimum bandwidth for the VLAN, and can also be used to configure all switches in the VLAN automatically. As an alternative, you can you specify settings for individual switches in the VLAN and configure the devices individually.
Page 402: Minimum Bandwidth Calculations
Voice over IP Manager • Egress Port Selection: The QoS Settings page also displays every port in the VLAN in one of the two lists in the Egress Port Selection portion of the window. You use these lists to designate the ports that should be used as the egress port on each device in the VLAN.
Page 403 QoS Settings for a VoIP VLAN gigabit port (port 50) designated as the egress port on switch A, and two gigabit ports on upstream switch B, with port 30 designated as an egress port. This port could be connected to a Call Manager, a PBX, or another internetworking device.
Page 404: Configuring Qos Settings
Voice over IP Manager Table 11: Minimum Bandwidth Requirements and Calculations for VoIP VLAN Compression Number of Total calculated Min bandwidth Max number algorithm phones bandwidth needed for egress of phones (one per port) ports supported G.711, rate=64 Kbps 0~100 0~7 Mbps 10 Mbps (Min=1%) G.711, rate=64Kbps...
Page 405 Configuring QoS Settings bandwidth settings for the QoS profiles on the component switches. You can configure the recommended QoS settings on your switches in one of two ways: • The Auto Configure QoS button calculates the recommended settings based on your default selections, and configures them on all switches in the selected VLAN.
Page 406 Voice over IP Manager ports. Depending on your VoIP network topology and device configuration, there may be situations where the minimum bandwidth is either overestimated or underestimated. See “Minimum Bandwidth Calculations” on page 402” for more details. If this occurs, you can edit the bandwidth parameters as part of this configuration process.
Page 407: Voip Reports
VoIP Reports VoIP Reports A Voice VLAN Summary report and a Voice over IP Details report are available from the EPICenter Dynamic Reports Main page. The summary report provides a list of the VLANs that have been selected as Voice over IP VLANs, along with the switches that are included in those VLANs. The Voice over IP Details report displays information about each device in the VLAN.
Page 408 Voice over IP Manager Refreshing the browser before a display update has completed may cause an exception When you enable or disable a VoIP VLAN that has multiple devices, or when you configure VoIP Qos settings on such a VLAN, it can take a long time (more than 30 seconds) to update the database and refresh the display.
Page 409: Using The Policy Manager
Using the Policy Manager This chapter describes how to use the EPICenter Policy Manager for: • Creating, modifying, and deleting network Quality of Service (QoS), access list, and Access-based policies • Configuring QoS profile settings on network devices • Configuring network devices with the defined network policies Using the Policy Manager The Policy Manager provides a high-level interface for specifying QoS and access list rules for Extreme Networks devices, and IP policies for Cisco devices.
Page 410 Using the Policy Manager When the Policy Manager applet first appears, the Policies View is selected, showing a summary of the policies currently defined within the EPICenter Policy Manager. You can view the details of an individual policy by selecting the policy in the component tree, or by double-clicking a policy entry in the policy list in the main window of the applet.
Page 411: Policies View
Policies View Each function is described in more detail in later sections of this chapter. Policies View The Policies View lets you create, view, and modify the policies managed by the EPICenter Policy Manager. The Policies View organizes information by policy—information related to devices is presented relative to the currently-selected policy.
Page 412: Policy Definition Page
Using the Policy Manager — For Access-based Security policies, “network resources to users” indicates traffic going from the endpoints specified in Network Resources side of the Policy Traffic area of the Policy Description page, to the endpoints specified in the Users area. “Users to network resources” indicates traffic flowing from user endpoint(s) to the network resource endpoint(s).
Page 413 Policies View Figure 201: Policy definition page for an Access-based Security policy The policy name and optional description are displayed at the top of the page. The Policy Traffic section, shows the elements that define the traffic flow: • The Policy Type radio buttons determine the type of rules that will be generated from the policy description, and thus affect how the policy endpoints are specified.
Page 414: Policy Traffic Page
Using the Policy Manager This means that access list rules will be generated with the hosts listed on the network resources side as the destinations, and users on the user side as the sources. (See “Policy Traffic Page” on page 414 for an explanation of the traffic flows that this example generates.) —...
Page 415 Policies View Figure 202: Policy Traffic page In Figure 201, the Policy Traffic specification consists of two Host groups as end points, (each containing two hosts), a unidirectional traffic flow (server to client), and the service specification “UDP Any.” This resulted in the four traffic flows shown in Figure 202.
Page 416: Creating A New Policy
Using the Policy Manager Creating a New Policy To create a network policy, follow these steps: 1 Select New from the toolbar. This displays a new Policy Definition page, as shown in Figure 203. Figure 203: Policy description page for a new Access-based Security policy Flow direction (IP and Security...
Page 417 Creating a New Policy Figure 204: Example of a schedul 5 Select the type of policy you want to create. The type of policy you choose will determine the type of information you need to provide. The policy type acts as a sort of template, requiring definition only of the components relevant to the particular policy type.
Page 418 Using the Policy Manager You must also specify the traffic direction to which the policy should apply. The default direction for an IP policy is bidirectional. For a Source Port policy: You must specify one or more devices and physical ports as source endpoints.
Page 419 Creating a New Policy Figure 206: Edit Policy Endpoints window for the Users side of an Access-based Security policy The left panels of this window, Select Endpoints to be Added, displays the component tree showing the resources currently defined in the Grouping applet. You can specify endpoints using any of the available high-level resources: users, hosts, devices, VLANs, or groups of these resources.
Page 420 Using the Policy Manager 9 Traffic direction for a Security or an IP policy: You must indicate whether this policy should affect traffic flowing only in one direction between the endpoints, or whether it should affect traffic in both directions. The directional selection buttons do not appear if you are creating VLAN or Source Port endpoints.
Page 421 Creating a New Policy Figure 208: Service selection for an IP policy From this list you can select from the standard TCP, UDP, IP services, from Custom Applications, or from specific named services (applications) that are known to the EPICenter policy server. In the list shown in Figure 208, Baan is an example of such a service, and has been preconfigured with a protocol and L4 port.
Page 422 Using the Policy Manager Figure 209: Policy Access Domain display The Policy Access Domain (Scope for IP policies) display includes: • Each resource (device, or group that contains devices or ports) included in the scope • The type of each resource (Device or Group) •...
Page 423: Edit Policy Endpoints Window
Edit Policy Endpoints Window The left side of this window Select Policy Access Domain Devices to be Added, displays a component tree showing the resources currently defined in the Grouping applet. When you select a group in the component tree, its children (groups or individual devices) are displayed in the associated Resource list (the right half of the Select Policy Access Domain Devices to be Added area).
Page 424 Using the Policy Manager Resources (left-hand) side for Security policies. If you are creating a VLAN or Source Physical Port policy, these two buttons will not be present. Figure 211: Edit Policy Endpoints window for a Security policy The left side of this window (see Figure 211) Select Endpoints to be Added, displays the component tree showing the resources currently defined in the Grouping applet.
Page 425: Edit Policy Access Domain/Policy Scope Window
Edit Policy Access Domain/Policy Scope Window For an IP or Security policy: There are two additional ways to create endpoints for an IP or Security policy: • Select Add IP Addr to specify an IP address directly. (This button will not appear if you are creating User-side Security, VLAN or Source Port endpoints.) A small pop-up window appears, as shown in Figure 212.
Page 426 Using the Policy Manager Figure 213: Edit Policy Scope window The left side of this window Select Policy Access Domain Devices to be Added, or Select Policy Scope Devices to be Added displays a component tree showing the resources currently defined in the Grouping applet.
Page 427: Modifying Policies
Modifying Policies b Click the entry in the QoS Profile column for the selected resource, or in the QoS Profile field below the list. In either case, a drop-down list of the available QoS profiles is displayed, from which you can select the profile you want to associate with this policy. c To enter a comment about this resource, enter it in the Comment field below the resource list.
Page 428 Using the Policy Manager Figure 214: Policy Definition page for an existing source port policy 3 To change the policy name, type the new name in the Name field. 4 To enable or disable the policy, click the Enabled checkbox to add or remove the check mark. The presence of the check indicates that the policy is in the enabled state.
Page 429: Deleting A Policy
Deleting a Policy 8 To modify the access domain or policy scope click the Edit... button to the right of the Policy Scope resource list. The Edit Policy Access Domain/Policy Scope Window is displayed. This window is discussed in detail in “Edit Policy Endpoints Window” on page 423. The left side of this window (Select Network Resource Endpoint(s) to be Added) displays the resources currently defined in the Grouping applet.
Page 430: Configuring Policy Precedence
Using the Policy Manager Configuring Policy Precedence To configure the precedence settings of your policies, click the Order Policy Precedence button to display the Order Policy Precedence window as shown in Figure 215. Figure 215: Order Policy Precedence window Policies are displayed in the Configure Policy Precedence window in their current precedence order, from highest at the top to lowest at the bottom.
Page 431: Viewing And Modifying Qos Profiles
Viewing and Modifying QoS Profiles Viewing and Modifying QoS Profiles QoS profiles cannot be added, deleted, or renamed. You can change the priority and bandwidths of each of the eight profiles, QP1 through QP8, and configure your modified profiles on a selected set of devices, or on individual ports on a device.
Page 432 Using the Policy Manager Table 12: Default QoS Profile Settings (continued) QoS Treatment Name Priority Min Bandwidth Max Bandwidth mediumHi 100% high 100% highHi 100% NOTE For devices running older versions of ExtremeWare (prior to 6.x) only four QoS profiles (QP1-QP4) are supported.
Page 433: Configuring Qos Policies
Configuring QoS Policies Configuring QoS Policies There are several ways to configure your enabled policies onto the affected devices: • Auto Configuration: You can have the EPICenter server make configuration changes on the affected devices any time it detects a change. •...
Page 434: Directed Configuration
Using the Policy Manager • Second, the Policy Manager applies the computed policies to the device (those policies that are valid, and not in conflict with any other policies). This is indicated with another animated display: When the configuration is complete, the icon returns to its quiescent state. You can use the ACL Viewer to view the results of the policy configuration.
Page 435 Configuring QoS Policies • Click the plus sign at the left of the device name to display server messages related to configuring the device. • Click the minus sign at the left of the device to hide the server messages. •...
Page 436 Using the Policy Manager EPICenter Software Installation and User Guide...
Page 437: The Acl Viewer
The ACL Viewer This chapter describes how to use the EPICenter Policy Manager for: • Viewing the policy configurations currently configured on Extreme devices • Viewing the policy configurations specified for a device through the EPICenter Policy Manager • Comparing policy configurations specified within the EPICenter Policy Manager with the policies currently configured on a device •...
Page 438: Acl Viewer Summary Displays
The ACL Viewer Figure 218: Top-level Access List view in the ACL Viewer From either the Policies View or ACL Viewer, you can modify the QoS profiles, change policy precedence, and configure the currently-enabled policies on one or more devices. ACL Viewer Summary Displays When the Groups node is displayed in the ACL Viewer, you can view a summary of the rules created for Access Lists, VLAN QoS, and Source Port QoS.
Page 439: Access List Display
Most Security policies are shown only while the user is actively connected to the network. NOTE IP policies can only be configured on Extreme Networks devices running ExtremeWare versions 5.0x or 6.0.x or later. Non-i-series devices only support IP policies if they run ExtremeWare 5.0x. (All Extreme Networks devices support VLAN QoS.) IP policies are also supported on Cisco devices.
Page 440 The ACL Viewer The display includes the following information: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order. • Policy displays the name of the policy. •...
Page 441: Policy Rule Comparison
Access List Display • Select View policy rules from the drop-down list to display the EPICenter rules only. • Select View configured rules from the drop-down list to display the configured rules only. Policy Rule Comparison The policy rule comparison display shows both the ideal rules, as generated by the EPICenter Policy Manager (shown in the left half of the table) and the configured rules as they exist on the device, shown in the right half of the table.
Page 442: View Policy Rules
The ACL Viewer View Policy Rules The Policy Rules display shows details of the ideal rules, as generated by the EPICenter Policy Manager. The information in this display is as follows: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header sorts the policies in policy precedence order.
Page 443: Vlan Qos Display
VLAN QoS Display VLAN QoS Display You can use the VLAN QoS display to view traffic patterns and access list rules generated by your EPICenter VLAN QoS policies. At the group level, you can view the traffic patterns generated by all the VLAN QoS policies that include a selected group in the policy scope.
Page 444: Policy Rule Comparison
The ACL Viewer Manager based on your policy definitions) and the rules actually configured on the device, as shown in Figure 222. Figure 222: VLAN QoS display showing ideal and configured rules for a device The View field at the top of the display lets you select how you want to view the device rules. You can view the Access List rules in three ways: •...
Page 445: View Policy Rules
Source Port QoS Display • Yellow indicates that the EPICenter-generated “ideal” rule conflicts with a rule already configured on the device. Two rules conflict when the traffic patterns for the rule are the same but the treatment specified (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in. •...
Page 446 The ACL Viewer NOTE Source Port QoS policies can only be configured on Extreme Networks devices running ExtremeWare versions 5.0x or 6.x or later. Non-i-series devices only support Source Port QoS if they run ExtremeWare 5.0x. • To display the traffic patterns generated by the Source Port QoS policies that include the group in the policy scope, select a group in the component tree.
Page 447: Policy Rule Comparison
Source Port QoS Display To view the Source Port QoS rules related to a device, select the device. The Source Port QoS page displays a comparison of the “ideal” Source Port QoS rules (rules generated by the EPICenter Policy Manager based on your policy definitions) and the rules actually configured on the device, as shown in Figure 222.
Page 448: View Policy Rules
The ACL Viewer • White indicates that the rule is valid, and has been configured on the device. Both the Ideal and Configured sides of the table are filled in. • Yellow indicates that the EPICenter-generated “ideal” rule conflicts with a rule already configured on the device.
Page 449: Qos Profile Display
QoS Profile Display QoS Profile Display The QoS Profile display shows the QoS profiles defined for the selected device. For i-series devices, this displays the eight profiles (QP1 through QP8) and the “blackhole” profile. For non-i-series devices, it shows the four QoS profiles (QP1 through QP4) and the “blackhole” profile. For i-series devices, it also shows per-port QoS profile settings that are different from the QoS profile settings for the device as a whole.
Page 450: Network Login/802.1X Display
The ACL Viewer The same columns are shown in the Port exception QoS Profiles table. NOTE For devices running versions of ExtremeWare prior to 6.x, only profiles QP1 through QP4 will be displayed. Network Login/802.1x Display The Network Login/802.1x display shows lists the Network Login/802.1x information about each user connected to the device.
Page 451: Cisco Device Policy Setup
Cisco Device Policy Setup Cisco Device Policy Setup You can set up IP policies through the ACL Viewer for a Cisco device running Cisco IOS 11.2 or later. 1 Click the ACL Viewer radio button to display the ACL Viewer. 2 Select in the component tree the Cisco device that you want to configure.
Page 452 The ACL Viewer Figure 228: Setting up Cisco device policy The initial values displayed either read from the switch, or are default values determined by the EPICenter server. 6 To change the Starting Access List, Custom Queue List, or Priority Queue List, type or select a new value in the appropriate field.
Page 453 Cisco Device Policy Setup • Select don’t manage if the Policy Manager should not manage this interface. This is the default strategy. 8 Click OK when you have completed your policy setup. After you have specified the access lists, and the custom and priority queue lists for the device, the EPICenter Policy Manager will assume complete control of these resources.
Page 454 The ACL Viewer EPICenter Software Installation and User Guide...
Page 455: Appendix A Troubleshooting
<logfile> If you have the client only installed: c:\Program File\extreme Networks\EPICenter 4.1 > runclient.exe DEBUG DEBUG > <logfile> In Solaris, enter the one of the following commands at a command prompt. If you have both server and client installed on the same system: /opt/extreme/epc4_1/runclient DEBUG DEBUG >&...
Page 456: Using The Browser-Based Client (Windows Only)
If you are using the browser-based client, please try to duplicate the problem with the Java Console enabled in Internet Explorer. Look at the Java Console window and copy/paste (using [Ctrl]+C and [Ctrl]+V on Windows 2000/XP) the contents into a text file. If a problem occurs, Extreme Networks customer support may require the Java Console output.
Page 457: Epicenter Client
EPICenter Client EPICenter Client Problem: Client is unable to connect to the EPICenter server. Verify that the EPICenter Server process is running. Verify that the server is running on the specified port. You can try to connect to the server’s HTTP port using a browser.
Page 458: Epicenter Database
Troubleshooting In Internet Explorer, clear cache by selecting Internet Options under the Tools Menu, then clicking Delete Files under the Temporary Internet Files section of the General tab. Problem: Cannot cut, paste or print from the browser-based client, or save to the local file system. As of EPICenter 4.0 the browser-based client no longer supports cut/paste/print or save from the browser-based client.
Page 459: Epicenter Server Issues
EPICenter Server Issues 2 Go to the EPICenter install directory: cd /opt/extreme/epc4_1 3 Make sure the environment variable is set to the EPICenter directory installation LD_LIBRARY_PATH directory: setenv LD_LIBRARY_PATH /opt/extreme/epc4_1/database 4 Execute the following command: database/dbeng7.exe -f basecamp.db 5 Watch the output from this command. If the database program indicates it cannot recover the database, delete the database log: rm basecamp.log and try executing the previous command again:...
Page 460 Troubleshooting then no SmartTraps are sent, and the data is not refreshed. If you need to remove a trap receiver, use the command: config snmp delete trapreceiver <ipaddress> For details, see the ExtremeWare Software User Guide. Problem: Need to change polling interval, SNMP request time-out, or number of SNMP request retries.
Page 461: Vlan Manager
Follow the instructions in the EPICenter Software Installation Guide or the EPICenter Release Note and Quick Start Guide to add this license to your EPICenter installation.
Page 462: Alarm System
• Check that the device is in your alarm scope. • Check that SNMP traps are enabled on the device. • For a non-Extreme Networks device, make sure you have set EPICenter as a trap receiver on the device (see Chapter 8).
Page 463 Alarm System • Make sure the RMON rule and the alarm definition are set up correctly • If the value of the counter was already above the threshold value when you set up the RMON rule, and you have the Sample Type set to Absolute, no alarm will ever be generated. This because the value must fall below the Falling Threshold value before the before another Rising Threshold trap will be sent, and this will never occur.
Page 464: Esrp Manager
10,000 devices, you must split your discovery into multiple operations. Problem: Multiple switches have the same name. This is because the sysName of those switches is the same. Typically, Extreme Networks switches are shipped with the sysName set to the type of the switch “Summit48,” “Summit1i,” “Alpine3808,” and so on, depending on the type of switch.
Page 465: Extremeview
ExtremeView Problem: Discovery does not display the MAC address for some devices in discovery results list. In addition, may not add the device to inventory (primarily happens with workstations). If the MAC address is not found in the first instance of ifPhysAddress, it is not displayed in the discovery results table.
Page 466: Grouping Manager
Troubleshooting Grouping Manager Problem: Cannot import users from NT Domain Controller The EPICenter Server must be running with permissions that enable it to get user information from a Domain Controller. To verify and change permissions for the Web Server, do the following: 1 From the Start menu, highlight Settings, pull right, and click on the Control Panel.
Page 467: Stp Monitor
STP Monitor To remove non-existent links and extraneous L2 clouds, you can use the Discover Links command in the Topology applet. This command will remove all down links and extraneous L2 clouds. Note that this command will also remove existing links that are down, but EPICenter will rediscover and add back those links when they come back up.
Page 468 Troubleshooting EPICenter Software Installation and User Guide...
Page 469: Epicenter Utilities
EPICenter Utilities This appendix describes several utilities and scripts shipped with the EPICenter software: • The DevCLI utility, that can be used to add, modify, delete, and sync devices and device groups; and can be used to modify device configuration information from the EPICenter database using the command devcli •...
Page 470: Using The Devcli Commands
EPICenter Utilities Using the DevCLI Commands The utility is located in the root EPICenter install directory, by default \epc4_1 (in a UNIX environment). /opt/extreme/epc4_1 The DevCLI utility supports the following four commands: • to add a device or device group. devcli add <options>...
Page 471 The DevCLI Utility These commands support a set of options for specifying device information such as passwords and community strings, device group information such as device group names and member devices, as well as information about the EPICenter server, such as host name or IP address, port, and user name and password.
Page 472: Devcli Examples
Most options default to the values equivalent to those used by default on Extreme Networks devices or in the EPICenter software.
Page 473: Inventory Export Scripts
Inventory Export Scripts • To modify the membership of a device group named “Engineering Device Group” to remove any existing devices from the device group and add four new devices (10.205.0.91, 10.205.0.92, 10.205.0.93, and 10.205.0.94) to the device group, enter the following command: devcli mod -u admin -g “Engineering Device Group”...
Page 474 EPICenter Utilities Under Solaris, enter the command: cd epc4_1/user/scripts/bin inv.sh -o devinfo.csv • (Windows), or (Solaris) exports slot information from slots.bat <options> slots.sh <options> the EPICenter database. To run the command as user “user1,” and export slot information to file under slotinfo.csv Windows, enter the command:...
Page 475: Inventory Export Examples
Inventory Export Scripts Table 14: Inventory script command options (continued) Option Value Default For the msinv.bat and msinv.sh commands only: Name <epc_install_dir>\user\scripts\ (and path) of file containing EPICenter server list config\servers.txt under Windows, <epc_install_dir>/user/scripts/ config/servrs.txt under Solaris NOTE The inv.bat, inv.sh, slot.bat, and slot.sh scripts retrieve information only from an EPICenter server that runs on the same machine as the scripts.
Page 476: The Snmpcli Utility
<options> For example, to get the value of the object (the variable in the extremePrimaryPowerOperational Extreme Networks MIB) whose OID is . on the device at 10.205.0.99, 1.3.6.1.4.1.1916.1.1.1.10.0 enter the following command: snmpcli snmpget -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.10.0 •...
Page 477: Snmpcli Examples
The following examples illustrate the usage of these commands. • To retrieve the values of the extremePrimaryPowerOperational variables for the Extreme Networks device with IP address 10.205.0 extremeRedundantPowerStatus 99, with read community string “purple” and a timeout of 1000 ms, enter the following command: snmpcli snmpget -a 10.205.0.99 -r purple -t 1000 -o .1.3.6.1.4.1.1916.1.1.1.10.0...
Page 478 To run the Port Configuration utility, do the following: 1 Run the program from the Windows Start menu: Select Programs, then Extreme Networks, followed by EPICenter 4.1, then Port Configuration. The EPICenter Port Configuration window appears, as shown in Figure 229.
Page 479: The Alarmmgr Utility
The AlarmMgr Utility The AlarmMgr Utility The Alarm Manager utility (AlarmMgr) enables you to access EPICenter alarm information and output the results to a command window or to a file. This command provides a command-line version of part of the functionality available in the EPICenter Alarm Manager applet. Using the AlarmMgr Command The AlarmMgr utility is located in the EPICenter directory,...
Page 480 EPICenter Utilities Table 16: AlarmMgr command options (continued) Option Value Default -c <category> Display alarms that occur for a specific When these category. Category specification is case options are categorie insensitive. Must be quoted if category name combined, an includes spaces or other delimiters. alarm must meet all criteria to be -s <severity>...
Page 481: Alarmmgr Output
The FindAddr Utility AlarmMgr Output The output from the AlarmMgr command is displayed as tab-delimited ascii text, one line per alarm. Each line contains the following information: • ID: Event ID of the alarm (assigned by the EPICenter server when the alarm is received) •...
Page 482: Using The Findaddr Command
EPICenter Utilities Using the FindAddr Command The FindAddr utility is located in the EPICenter directory, . By <EPICenter_install_dir>/bin default this is in Windows, or in a UNIX environment. epc4_1\bin /opt/extreme/epc4_1/bin This command includes options for specifying EPICenter server access information, the address to be located, and a search domain (an individual device and ports, or a device or port group).
Page 483: Findaddr Output
The FindAddr Utility Table 17: FindAddr command options (continued) Option Value Default Search domain options: -dg <device group> Defines the search domain to include the At least one of None specified device group. -dip, -dg, or -pg must be provided. -pg <port group>...
Page 484: Findaddr Examples
EPICenter Utilities FindAddr Examples The following examples illustrate the usage of these commands. • To display all addresses that can be accessed through devices in the Default device group, from the local EPICenter database (with default user, password and port), enter the following command: FindAddr -user admin -all -dg Default •...
Page 485 The TransferMgr Utility The EPICenter user name, one of the four transfer options, and a device IP address are required. Other options are optional. Table 18 specifies the options you can use with this command: Table 18: TransferMgr command options Option Value Default...
Page 486: Transfermgr Examples
. You can change the location of the TFTP <EPICenter_install_dir>\user\tftp root directory by using the Server function of the EPICenter Configuration Manager applet. • Standard ExtremeWare software images as shipped by Extreme Networks are provided in the directory directory (by default <EPICenter_install_dir>\user\tftp\images...
Page 487: The Vlanmgr Utility
The VlanMgr Utility Assuming the default location for the TFTP root directory, and assuming that this command was executed on July 24, 2001 at 10:02 AM, this will place the device configuration information in the file epc4_1\user\tftp\configs\2001\07\24\10_20_30_40_1002.txt • To download version 6.1.8 b11 of the ExtremeWare to an i-series device, enter the following command: TransferMgr -user admin -software v618b11.xtr -dip 10.20.30.40 The VlanMgr Utility...
Page 488 EPICenter Utilities Table 19: VlanMgr command options (continued) Option Value Default Create a new VLAN: -create <VLAN name> Create a new VLAN of the specified name. None -dip <IP address> IP address of device to add to VLAN. This option may be repeated. None -port <ports>...
Page 489: Vlanmgr Output
The VlanMgr Utility Table 19: VlanMgr command options (continued) Option Value Default -protocol <protocol Set protocol filter. If this option is not included, the protocol will be name> reset to ANY. Delete VLAN: -delete <VLAN name> Delete the specified VLAN from all switches on which it is None configured.
Page 490: The Importresources Utility
EPICenter Utilities This creates the VLAN on switch 10.205.0.35 with member ports 10 and 11, VLAN IP address 10.201.20.100 and VLAN mask 255.255.255.0, and on switch 10.205.0.36 with member ports 11, 12, 13, 14 and 15, VLAN IP address 10.201.20.102 and mask 255.255.255.0. •...
Page 491 The ImportResources Utility Importing from an LDAP Directory. Importing from an LDAP directory uses an import specification file that defines the following: • The information you want to extract from the directory. • How to map that data to groups, resources, and attributes in the EPICenter Grouping module. The specification file must be named , and must reside in the EPICenter LDAPConfig.txt...
Page 492: Importresources Examples
EPICenter Utilities ImportResources Examples The following examples illustrate the usage of these commands. • To import resources from a tab-delimited file named into a source group named importdata.txt ImportedUsers in the EPICenter database running the local server with the default administrator name and password, enter the following command: ImportResources -user admin -s ImportedUsers -f importdata.txt •...
Page 493: Epicenter External Access Protocol
EPICenter External Access Protocol This appendix describes: • The EPICenter external access protocol structure and commands • The client Tcl API, a higher-level API based on the External Access Protocol External Access Protocol Overview The EPICenter external access protocol enables you to access data from the EPICenter data for use within other applications.
Page 494 EPICenter External Access Protocol Encoding Layer The encoding of all data transmitted through the transport layer uses a set of HTML/XML-like encoding rules. All data are transmitted as values enclosed in tags. For example: <TAG1>value1</TAG1> The first tag is the begin tag. Following the begin tag, a value is supplied, which can be empty. It is followed by the end tag.
Page 495 External Access Protocol Structure Command Protocol Layer Using the transport mechanism and the encoding rules described above, the EPICenter server uses the following command protocols. The external application may send a request to the server in the following format. (Italic words are to be substituted by the external application. Other characters using the regular font should be used as is.) <COMMAND><PARAM>command name</PARAM><PARAM>argument 1</PARAM><PARAM>argument 2</PARAM>...<PARAM>argument n</PARAM></COMMAND>...
Page 496: Epicenter Server Commands
EPICenter External Access Protocol 5 The external application sends a “dbquery” command request and arguments to the EPICenter server. 6 The EPICenter server sends a response back to the external application. 7 Step 4 through 5 may be repeated as many times as needed. 8 The external application sends a “logout”...
Page 497 External Access Protocol Structure Note that the name must match “Al’s Brewery”, which has a ‘ (single quote) character in it. But the standard SQL statement must quote its string inside a pair of single quote characters. As a result, the external application must specify the above query using the following select statement: select * from Store where name = ? followed by “Al’s Brewery”...
Page 498: Tcl Client Api
EPICenter External Access Protocol is one of the following: command enable Enables one or more policies by name. The arguments to this command are one or more policy names. disable Disables one or more policies by name. The arguments to this command are one or more policy names.
Page 499: Installing And Using The Tcl Client Api
Tcl Client API Use of this API is not required, although developers may find this API more convenient to use than communicating directly through the TCP connection. The Tcl API is structured as a Tcl package, and is written for Tcl 8.3 or later. Installing and Using the Tcl Client API A Tcl application may install the EPICenterTcl Client API package by copying the directory to their...
Page 500 EPICenter External Access Protocol servlet (optional) the path to the EPICenter servlet. Defaults to "everest" # Returns: channel_id channel id of the socket connecting to the remote EPICenter server. # Exception: When the connection cannot be established, this function throws an error. Login Function # extr::login channel_id ?name? ?password? Send the given name and password to the EPICenter server to login.
Page 501 Tcl Client API Query Function # extr::query channel_id ?-raw | -decode flag | -command cmd? sql ?arg arg ...? Sends a sql command to the EPICenter server. Retrieves the result. The result of the command can be either an error message signaling that there is some syntax error about the sql command, or a table of data.
Page 502 EPICenter External Access Protocol this is called, the dataValue is the total number of data rows fetched. An example callback function may look like this: proc myCallBack { dataType dataValue } { switch $dataType { TABLE_BEGIN {puts "table beginning\n"} TABLE_FINISH {puts "table finished with $dataValue rows.\n"} COLUMN_TYPE {...} The return value from "cmd"...
Page 503 Tcl Client API Policy Function # extr::policy channel_id [enable|disable|configure] ?arg arg ...? Sends a policy command to the EPICenter server. A policy command can be used to control policy operations on the EPICenter server. Currently the following policy commands are supported: enable policy_name ?policy_name policy_name ...? Enables the policies on the EPIcenter server.
Page 504 EPICenter External Access Protocol EPICenter Software Installation and User Guide...
Page 505: Epicenter Database Views
A database unique id identifying a device. (This column can be used as the primary key.) enterprise_oid integer The enterprise id, e.g. 1916 for extreme networks. system_oid string The partial system oid, e.g. “1916.2.7” for Summit 24. device_group_names string The EPICenter device group name(s) of the device group(s) to which this device belongs, e.g.
Page 506 EPICenter Database Views Column Column Name Type Description sysContact string The sysContact of the device. read_write_community string The read/write SNMP community string. read_only_community string The read-only SNMP community string. cli_login string The CLI/Telnet login name of the device. cli_password string The CLI/Telnet password for the above login.
Page 507: Interface Report View
Interface Report View Interface Report View Table 22: EPICenter Database Interface Report View Extreme_Interface_Report Extreme_Interface_Report is a database view that has one row for each interface that is being managed by the EPICenter server. Some of the columns in the view contain Extreme specific information. For interface that is not on an Extreme device, the Extreme specific columns are empty, such as an empty string.
Page 508: Database Event Log View
EPICenter Database Views Database Event Log View Table 23: EPICenter Database Event Log View Event_Log_View Event_Log_View is a database view that shows the EPICenter alarm event log, but making the data from each column into a human readable format. Column Column Name Type Description...
Page 509: Database Alarm Log View
Database Alarm Log View Database Alarm Log View Table 24: EPICenter Database Alarm Log View Alarm_Log_View Alarm_Log_View is a database view that shows the EPICenter alarm log, but making the data from each column into a human readable format. Column Column Name Type Description...
Page 510 EPICenter Database Views EPICenter Software Installation and User Guide...
Page 511: Event Types For Alarms
The BGP Established event is generated when the BGP FSM enters 6.1.9 or later the ESTABLISHED state. BGP Prefix Max Extreme Networks proprietary trap. This trap indicates that the number 6.2.2 or later Exceeded of prefixes received over this peer session has reached the maximum configured limit.
Page 512 6.2 or later Threshold generated when the value of extremeCpuAggregateUtilization touches/crosses extremeCpuUtilRisingThreshold. Dsx1 Line Status Change Extreme Networks proprietary trap. Indicates that the DS1 line status 6.1.8b66 change for the specified interface has been detected. Dsx1 Loss of Master Extreme Networks proprietary trap. Indicates that the 6.1.8b66...
Page 513 SNMP Trap Events Table 25: SNMP Trap Events (continued) ExtremeWare Event Definition Version OSPF Interface An ospfIfAuthFailure trap signifies that a packet has been received on 6.1.9 or later Authentication Failure a non-virtual interface from a router whose authentication key or authentication type conflicts with this router’s authentication key or authentication type.
Page 514 Full to 1-Way or Down) or progresses to a terminal state (e.g., Full). Overheat Extreme Networks proprietary trap. This trap indicates that the on board temperature sensor has reported an overheat condition. This indicates the temperature has reached the Overheat threshold. The switch will continue to function until it reaches its shutdown threshold.
Page 515: Rmon Rising Trap Events
Definition Version SLB Unit Added Extreme Networks proprietary trap. This trap indicates that the server 6.1 or later load balancer has activated a group of virtual servers that it normally would not activate. This may be due to the failure of another server load balancer.
Page 516: Epicenter Events
(cold start or warm start). Unlike the cold start or warm start SNMP trap, EPICenter generates this event by polling the device. Device Warning from EPICenter For Extreme Networks devices only. The EPICenter server generates this event in one of two situations: •...
Page 517: Epicenter Backup
EPICenter Backup This appendix describes the following: • The EPICenter Alarm Log and Event Log backup files • The DBVALID command-line database validation utility • The DBBACKUP command-line database backup utility EPICenter Log Backups Both the EPICenter Event Log and Alarm Log files are kept in tables in the EPICenter database. These tables can contain approximately 50,000 and 10,000 entries, respectively.
Page 518: Database Utilities
EPICenter Backup Database Utilities Sybase database validation and backup utilities are shipped with the EPICenter software. The Validation utility validates all indexes and keys on some or all of the tables in the database. The Validation utility scans the entire table and looks up each record in every index and key defined on the table.
Page 519: Database Connection Parameters
The Backup Utility Syntax: dbvalid [switches] Table 27: dbvalid Command Switches Switch Description -c “keyword=value; ...” Supply database connection parameters Database Connection Parameters These are the parameters for the command-line switch. If the connection parameters are not specified, connection parameters from the SQLCONNECT environment variable are used, if set. Table 28: Database Connection Parameters for dbvalid Utility The user name used to login to the database.
Page 520: Database Connection Parameters
EPICenter Backup < > is the directory where the EPICenter software is installed. Substitute the actual install_dir directory name in the command. < > is the directory where the backup copy of the database should be stored. Substitute an backup_dir actual directory name in the command.
Page 521 The Backup Utility To replace a damaged database with the backup copy, follow these steps: 1 Shut down the EPICenter software following the instructions for your operating system in the EPICenter Software Installation and User Guide. 2 Move or delete the old copy of found in the EPICenter installation basecamp.db basecamp.log...
Page 522 EPICenter Backup EPICenter Software Installation and User Guide...
Page 523: Appendix G Dynamic Link Context System (Dlcs)
Dynamic Link Context System (DLCS) This appendix describes: • How the EPICenter policy system uses the Dynamic Link Context System (DLCS) to map logical end stations (users, hosts) to physical attributes • How to enable DLCS on Extreme switches running ExtremeWare 5.0 or later •...
Page 524: Dlcs Properties
Dynamic Link Context System (DLCS) DLCS Properties The following guidelines must be used when using DLCS: • Only one user can be attached to a host at a given time. This is always the last user that logged in. • A user may be logged into many hosts simultaneously. •...
Page 525: Isq Improvements
DLCS Limitations • When a host is moved from one port to another port on a switch, the old entry will not age out, unless the host is rebooted or a user login operation is performed after the host is moved. •...
Page 526 Dynamic Link Context System (DLCS) EPICenter Software Installation and User Guide...
Page 527: Epicenter Policy System Feature Comparison
EPICenter Policy System Feature Comparison This appendix describes: • A summary of the features available through the ExtremeWare Command Line Interface (CLI) that are supported by the EPICenter Policy Manager • A summary of the policy features available in Cisco IOS 11.2 that are supported by the EPICenter Policy Manager •...
Page 528: Extremeware 6.0.X And 6.1.X Features Supported
EPICenter Policy System Feature Comparison Supported EW 6.2.x Features in EPICenter Notes Rules without precedence All rules must have precedence. ACL name Supports QP1-QP8 * This feature is supported, but the implementation in EPICenter may differ in some respects from its implementation in ExtremeWare.
Page 529: Extremeware 5.X Features
ExtremeWare 5.x Features Ingress port list Partial Can display access-list with ingress port list. Does not configure any access-list using ingress port list. Deny, Permit, Partial “Deny” is displayed as “blackhole” QoS profile. Permit-Established actions “Permit-Established” is not supported. Precedence EPICenter cannot display any rules with precedence number.
Page 530: Extremeware 4.X Features
EPICenter Policy System Feature Comparison Source L4 port/wildcard Destination L4 port/wildcard Protocol IP, UDP, TCP, Other Partial Other protocol is not supported. Deny Supports QP1-QP4 Source Port QoS Supports QP1-QP4 Supports “blackhole” Source port blackhole is implemented as disabling the source port.
Page 531: Cisco Internetworking Operating System (Ios) 11.2 Features
Cisco Internetworking Operating System (IOS) 11.2 Features Cisco Internetworking Operating System (IOS) 11.2 Features Supported Cisco IOS 11.2+ Features EPICenter Notes IP QoS IP Access Group Supported using QoS profile “blackhole” Priority Queuing Supported using QoS profile priority field. Only supports four priorities rather than eight as in Extreme.
Page 532 EPICenter Policy System Feature Comparison • An IP or source port rule created by the EPICenter policy server is identified by its owner string “EPICenter.” • Any access-list using TCP Permit-Established is displayed in the EPICenter policy server as protocol “Deny TCP Sync”...
Page 533 Index Numerics relationships to resource resource as child 1d mode, STP RMON rule 802.1Q tag 321, 331 user accounts 802.1x VLANs address range in Discovery About EPICenter page in IP/MAC Address Finder Access Domain of a policy Admin button access levels 26, 355 Admin port 54, 59...
Page 534 Index SNMP traps 121, 131 Archive button (Configuration Manager) 165, 167 Syslog messages archiving configuration settings Alarm Log Browser Attribute Name field Alarm Log Detail View Attribute Type field Alarm Log history attributes of resources 207, 210 Alarm Log report DLCS ID type 219, 221 Alarm System...
Page 535 Index Delete (Threshold Configuration) Settings... (Alarm Definition) Delete (VLAN Manager) Stop (Telnet) Delete alarms with specified conditions Destroy 210, 213 Submit (IP/MAC Address Finder) Detail Sync (Inventory Manager) 90, 111 Discover (Device Discovery dialog) Sync (Threshold Configuration) Discover (Inventory Manager) Telnet 81, 191 Download (Configuration Manager)
Page 536 Index Compression Algorithm creating G.711 alarm definitions G.723.1 alarm threshold event rules G.729 device groups Other incremental configuration file Config button 81, 157, 410, 434 new device node (Topology) configuration files new topology map archiving new topology view download incremental resources downloading search task (IP/MAC Address Finder)
Page 537 Index in Grouping Manager incremental configuration modifying information saved device configuration scheduled configuration global Download button (Configuration Manager) scheduled configuration upload drop-down menu fields uploading configuration from Dynamic Link Context System 40, 523 Device Alarms... menu selection Device Browse... menu selection Device Discovery set up window Edit Policy Endpoints window device groups...
Page 538 Index Expand Map menu selection in Telnet applet Export button 235, 240 in Topology Export Local button 235, 240 Find IP/MAC button 81, 233 external access protocol 44, 493 Find Map Node... menu selection command protocol layer FindAddr utility 27, 481 encoding layer Fit Map in Window menu selection server commands...
Page 539 Index IP address finding with IP/MAC Address Finder auto populate 293, 294, 305 modifying for a VLAN creating IP address as policy components deleting submap IP forwarding Expand Map disabling fit Map in Window enabling Layout Map In Window IP forwarding tab renaming IP/MAC Address Finder map element description panel...
Page 540 Index Monitor access 26, 355 policy definition page 412, 416 network resource policy scope policy type buttons navigating EPICenter applications traffic definition Navigation Toolbar traffic direction Network Login/802.1x tab Users list Network Login/802.x1 display policy description network resource specification policy name Network Resources list policy precedence policy definition page...
Page 541 Index Remove button in Add Attribute to Resource QoS profile in Add Relationship to Group as policy components in Discovery default QoS profiles in Grouping Manager devices for configuration in IP/MAC Address Finder Max Bandwidth remove children from a group Max Bandwidth for VoIP remove resource from results list Min Bandwidth...
Page 542 Index Resource to Attribute Mapping report Delta (for CPU Utilization) resources Delta (RMON) creating in Grouping Manager Save button 216, 218, 219, 221, 410, 429 description 209, 212 scheduled configuration upload DLCS ID attribute type 219, 221 scheduled configuration, global filtering scope for alarms generic attribute type...
Page 543 Index Thread Pool Size multi-port real-time Timeout Period real-time Topology properties Status icon Traps per device Status/Detail Information panel Traps per Minute Stop button Update Type Library on Server Stop Record (Telnet) Upload/Download Timeout Period stopping the server Use EPICenter Login for Telnet under Solaris Server Properties tab under Windows...
Page 544 Index setting view properties writing scripts for alarm actions submap node Tcl client API text node Tcl exported functions view Telnet applet 24, 191 VLANs button Alarms browser menu item Topology button 81, 286 copy 193, 197 Topology views 25, 285 Device statistics menu item ToSlave (ESRP) EPICenter Telnet...
Page 545 Index deleting protocol filters disabling IP forwarding Variables... button (Alarms) displaying Versions button (Configuration Manager) displaying in Topology applet view (topology) enabling IP forwarding creating finding connections renaming from ExtremeView applet setting properties from Real-Time Statistics applet View configured rules menu item 441, 444, 447 modifying View Documentation link...

This manual is also suitable for:

Epicenter 4.1

Extreme Networks EPICenter Software Installation Manual

Preface

Introduction

Conventions

Related Publications

Chapter 1 Epicenter and Policy Manager Overview

Introduction

Summary of Features

Epicenter Components

Extreme Networks Device Support

Third-Party Device Support

Overview of the Policy Manager

Basic Epicenter Policy Definition

Policy Types

Policy Named Components

Policy Access Domain and Scope

Using Groups in Policy Definitions

Policy Configuration

Cisco Device Support

Epicenter Policy Limitations

Chapter 2 Installing the Epicenter Software

Installation Overview

Server Requirements

Client Requirements

Browser Requirements for Reports

Epicenter Software Licensing

Upgrading from a Previous Release

Installing on a Windows 2000 or Windows XP System

Installing on a Solaris System

Installing the Epicenter Client

Uninstalling the Epicenter Software

Chapter 3 Starting Epicenter

Running the Epicenter Server Software under Windows

Running the Epicenter Server Software under Solaris

The Epicenter Client

Running the Epicenter Stand-Alone Client

Running the Epicenter Client in a Browser

The Network Status Summary Report Page

Navigating the Epicenter Applications

Chapter 4 Using the Inventory Manager

Overview of the Epicenter Device Inventory

Displaying the Network Device Inventory

Viewing Device Status Information

Discovering Network Devices

Adding Devices and Device Groups

Modifying Devices and Device Groups

Deleting Devices and Device Groups from the Database

Updating Device Information

Configuring Default Access Parameters

Finding Devices

Displaying Properties

Chapter 5 The Epicenter Alarm System

Overview of the Epicenter Alarm System

The Alarm Log Browser

Defining Alarms

Alarm Categories

Threshold Configuration

Setting Epicenter as a Trap Receiver

Configuring Epicenter as a Syslog Receiver

Log Archive

Writing Tcl Scripts for Alarm Actions

Chapter 6 Configuration Manager

Overview of the Configuration Manager

Uploading Configurations from Devices

Archiving Configuration Settings

Downloading Configuration Information to a Device

Downloading an Incremental Configuration to Devices

Upgrading Software Images

Selecting Software Images

Specifying the Current Software Versions

Performing a Live Software Update

Configuring the TFTP Server

Finding Devices

Displaying Properties

Chapter 7 Using the Interactive Telnet Application

Overview of the Interactive Telnet Applet

Using Telnet with Extreme Switches

Viewing Device Information from Pop-Up Menus

Using Interactive Telnet with Third-Party Devices

Finding Devices