cisco prime ip express 8.2 user guide · iii cisco prime ip express 8.2 user guide ol-31070-01...

Cisco Prime IP Express 8.2 User Guide

March 2014

Cisco Systems, Inc.www.cisco.com

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

Text Part Number: OL-31070-01

http://www.cisco.comhttp://www.cisco.com/go/offices

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Cisco Prime IP Express 8.2 User Guide Copyright © 2014 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

OL-31070-01

C O N T E N T S

Preface xxix

P A R T 1 Getting Started

C H A P T E R 1 Cisco Prime IP Express Components 1-1

Management Components 1-1

Simple Network Management 1-2Setting Up the SNMP Server 1-3How Notification Works 1-4Handling SNMP Notification Events 1-5

Server Up/Down Traps 1-7Handling SNMP Queries 1-8Integrating Cisco Prime IP Express SNMP into System SNMP 1-9

Default Ports for Cisco Prime IP Express Services 1-9

C H A P T E R 2 Cisco Prime IP Express User Interfaces 2-1

Introduction to the Web-Based User Interfaces 2-1Supported Web Browsers 2-2Access Security 2-2Logging In to the Web UIs 2-2Multiple Users 2-3Changing Passwords 2-4Navigating the Web UIs 2-4Waiting for Page Resolution Before Proceeding 2-4Committing Changes in the Web UIs 2-5Role and Attribute Visibility Settings 2-5Displaying and Modifying Attributes 2-5

Grouping and Sorting Attributes 2-5Modifying Attributes 2-6Displaying Attribute Help 2-6

Left Navigation Pane and Quick View Icon 2-6Help Pages 2-6Logging Out 2-6

Local Cluster Web UI 2-7

iiiCisco Prime IP Express 8.2 User Guide

Contents

Local Basic Main Menu Page 2-7Local Advanced Main Menu Page 2-8Setting Local User Preferences 2-9Configuring Clusters in the Local Web UI 2-9

Regional Cluster Web UI 2-10

Command Line Interface 2-10

Central Configuration Management Server 2-11Managing CCM Server 2-11Editing CCM Server Properties 2-11

Bring Your Own Device Web Server 2-12Managing BYOD Web Server 2-12Editing BYOD Web Server Properties 2-12Setting Up BYOD Theme and Content 2-12

Adding BYOD Themes 2-13Adding BYOD Content 2-13

Global Search in Prime IP Express 2-13

C H A P T E R 3 Server Status Dashboard 3-1

Opening the Dashboard 3-1

Display Types 3-2Tables 3-3Line Charts 3-3Stacked Area Charts 3-5Other Chart Types 3-5Getting Help for the Dashboard Elements 3-6

Customizing the Display 3-6

Selecting Dashboard Elements to Include 3-7Configuring Server Chart Types 3-8

Host Metrics 3-9System Metrics 3-9JVM Memory Utilization 3-10

DHCP Metrics 3-10DHCP Server Request Activity 3-11DHCP Server Response Activity 3-11DHCP Buffer Capacity 3-12DHCP Response Latency 3-13DHCP DNS Updates 3-13DHCP Address Current Utilization 3-14

ivCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

DHCP Failover Status 3-15DHCP General Indicators 3-15DHCP Server Lease Data 3-16

Authoritative DNS Metrics 3-16DNS Outbound Zone Transfers 3-16DNS Inbound Zone Transfers 3-17DNS Network Errors 3-18DNS Related Servers Errors 3-18DNS General Indicators 3-19DNS Queries Per Second 3-19

Caching DNS Metrics 3-20DNS Queries Type 3-20DNS Queries Responses 3-20DNS Incoming Queries 3-21DNS Recursive Query Time 3-21DNS Caching 3-22Caching DNS General Indicators 3-22DNS Caching Server Queries Per Second 3-23

C H A P T E R 4 Deploying Cisco Prime IP Express 4-1

Target Users 4-1

Regional and Local Clusters 4-1

Deployment Scenarios 4-2Small-to-Medium-Size LANs 4-3Large Enterprise Network 4-3

Configuration and Performance Guidelines 4-5General Configuration Guidelines 4-5Special Configuration Cases 4-6

P A R T 2 Local and Regional Administration

C H A P T E R 5 Configuring Administrators 5-1

Administrators, Groups, and Roles 5-1How Administrators Relate to Groups, and Roles 5-2Administrator Types 5-2Roles, Subroles, and Constraints 5-2Groups 5-5Managing Administrators 5-5Managing Passwords 5-6

vCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Managing Groups 5-6Managing Roles 5-7

External Authentication Servers 5-8Configuring an RADIUS External Authentication Server 5-8

Adding an RADIUS External Configuration Server 5-9Deleting an RADIUS External Authentication Server 5-9

Configuring an AD External Authentication Server 5-10Configuring Kerbero’s Realm and KDC 5-10Adding an AD External Configuration Server 5-11Deleting an AD External Authentication Server 5-12

Granular Administration 5-12Scope-Level Constraints 5-12Prefix-Level Constraints 5-14Link-Level Constraints 5-15

Licensing 5-15

License History 5-16

Centrally Managing Administrators 5-17Pushing and Pulling Administrators 5-17

Pushing Administrators to Local Clusters 5-18Pushing Administrators Automatically to Local Clusters 5-18Pulling Administrators from the Replica Database 5-19

Pushing and Pulling External Authentication Servers 5-20Pushing RADIUS External Authentication Servers 5-20Pulling RADIUS External Authentication Servers 5-20Pushing AD External Authentication Servers 5-21Pulling AD Authentication Servers 5-22

Pushing and Pulling Groups 5-22Pushing Groups to Local Clusters 5-22Pulling Groups from the Replica Database 5-23

Pushing and Pulling Roles 5-24Pushing Roles to Local Clusters 5-24Pulling Roles from the Replica Database 5-24

Local Cluster Management Tutorial 5-25Administrator Responsibilities and Tasks 5-26Create the Administrators 5-26Create the Address Infrastructure 5-27Create the Zone Infrastructure 5-28

Create the Forward Zones 5-28Create the Reverse Zones 5-28

viCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Create the Initial Hosts 5-29Create a Host Administrator Role with Constraints 5-30Create a Group to Assign to the Host Administrator 5-31Test the Host Address Range 5-32

Regional Cluster Management Tutorial 5-32Administrator Responsibilities and Tasks 5-33Create the Regional Cluster Administrator 5-33Create the Central Configuration Administrator 5-33Create the Local Clusters 5-34Add Zone Management to the Configuration Administrator 5-35Create a Zone for the Local Cluster 5-35Pull Zone Data and Create a Zone Distribution 5-36Create a Subnet and Pull Address Space 5-36Push a DHCP Policy 5-37Create a Scope Template 5-37Create and Synchronize the Failover Pair 5-38

C H A P T E R 6 Managing the Central Configuration 6-1

Central Configuration Tasks 6-1

Configuring Server Clusters 6-2Adding Local Clusters 6-2Editing Local Clusters 6-3Listing Related Servers for DHCP, DNS, and TCP Listener Servers 6-4Connecting to Local Clusters 6-10Synchronizing with Local Clusters 6-10Replicating Local Cluster Data 6-11Viewing Replica Data 6-11Deactivating, Reactivating, and Recovering Data for Clusters 6-12Polling Lease History Data 6-13

Polling Process 6-13Adjusting the Polling Intervals 6-13

Enabling Lease History Collection 6-14

Managing DHCP Scope Templates 6-15Pushing Scope Templates to Local Clusters 6-15Pulling Scope Templates from Replica Data 6-16

Managing DHCP Policies 6-16Pushing Policies to Local Clusters 6-16Pulling Policies from Replica Data 6-17

Managing DHCP Client-Classes 6-17

viiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Pushing Client-Classes to Local Clusters 6-18Pulling Client-Classes from Replica Data 6-18

Managing Virtual Private Networks 6-19Pushing VPNs to Local Clusters 6-19Pulling VPNs from Replica Data 6-20

Managing DHCP Failover Pairs 6-20

Managing Lease Reservations 6-21DHCPv4 Reservations 6-21DHCP v6 Reservations 6-21

C H A P T E R 7 Maintaining Servers and Databases 7-1

Managing Servers 7-1

Scheduling Recurring Tasks 7-3

Logging Server Events 7-4Searching the Logs 7-5Logging Format and Settings 7-5

Log Files 7-6

View Change Log 7-7

Dynamic Update on Server Log Settings 7-8

Monitoring and Reporting Server Status 7-9Server States 7-9Displaying Health 7-10

Server Health Status 7-10Displaying Statistics 7-11

DNS Statistics 7-12CDNS Statistics 7-14DHCP Statistics 7-16

Displaying IP Address Usage 7-17Displaying Related Servers 7-18

Monitoring Remote Servers Using Persistent Events 7-18DNS Zone Distribution Servers 7-19DHCP Failover Servers 7-20

Displaying Leases 7-20

Running Data Consistency Rules 7-21

Troubleshooting 7-23Immediate Troubleshooting Actions 7-23Modifying the cnr.conf File 7-23Troubleshooting Server Failures 7-25

viiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Linux Troubleshooting Tools 7-25Using the TAC Tool 7-26

C H A P T E R 8 Backup and Recovery 8-1

Backing Up Databases 8-1Syntax and Location 8-2Backup Strategy 8-2

Using cnr_shadow_backup utility: 8-2Setting Automatic Backup Time 8-3Performing Manual Backups 8-3Using Third-Party Backup Programs with cnr_shadow_backup 8-3

Database Recovery Strategy 8-4Backing Up CNRDB Data 8-5Backing Up all CNRDBs using tar or similar tools 8-5Recovering CNRDB Data from Damaged Databases 8-6Recovering CNRDB Data from Backups 8-7Recovering all CNRDBs using tar or Similar Tools 8-8Recovering single CNRDB from tar or similar tools 8-9Virus Scanning While Running Cisco Prime IP Express 8-9

Troubleshooting Databases 8-9Using the cnr_exim Data Import and Export Tool 8-10Using the cnrdb_recover Utility 8-11Using the cnrdb_verify Utility 8-12Using the cnrdb_checkpoint Utility 8-13Restoring DHCP Data from a Failover Server 8-13

P A R T 3 Address Management

C H A P T E R 9 Managing Address Space 9-1

Address Block Administrator Role 9-1Required Permissions 9-1Role Functions 9-2

Viewing Address Space 9-2

Pulling Replica Address Space from Local Clusters 9-2

Address Blocks and Subnets 9-3Viewing Address Blocks, Subnets, and Address Types 9-4Knowing When to Add Address Blocks 9-5Adding Address Blocks 9-5Delegating Address Blocks 9-6

ixCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Pushing Subnets to Local DHCP Servers 9-7Creating Reverse Zones from Subnets 9-8Reclaiming Subnets 9-9Adding Children to Address Blocks 9-9Adding Address Ranges to Subnets 9-10Viewing Address Utilization for Address Blocks, Subnets, and Scopes 9-10

C H A P T E R 10 Managing Hosts 10-1

Managing Hosts in Zones 10-1

Adding Additional RRs for the Host 10-2

Editing Hosts 10-2

Removing Hosts 10-3

C H A P T E R 11 Managing Owners and Regions 11-1

Managing Owners 11-1

Managing Regions 11-2

Centrally Managing Owners and Regions 11-2Pushing and Pulling Owners or Regions 11-3

Pushing Owners or Regions to Local Clusters 11-3Pulling Owners and Regions from the Replica Database 11-3

C H A P T E R 12 Managing Reports 12-1

ARIN Reports and Allocation Reports 12-1

Managing ARIN Reports 12-1Managing Point of Contact and Organization Reports 12-2

Creating a Point of Contact Report 12-2Registering a Point of Contact 12-3Editing a Point of Contact Report 12-3Creating an Organization Report 12-4Registering an Organization 12-4Editing an Organization Report 12-5

Managing IPv4 Address Space Utilization Reports 12-5Managing Shared WHOIS Project Allocation and Assignment Reports 12-6Managing BYOD Reports 12-6

Registered Devices 12-6Scopes 12-6

P A R T 4 Domain and Zone Administration

xCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

C H A P T E R 13 Introduction to the Domain Name System 13-1

How DNS Works 13-1

Domains 13-2Learning ExampleCo Address 13-3Establishing a Domain 13-3Difference Between Domains and Zones 13-3

Nameservers 13-5

Reverse Nameservers 13-6

Authoritative and Caching DNS servers 13-7

High-Availability DNS 13-7

DNS Database 13-7

DNS Views 13-7

About EDNS 13-8

C H A P T E R 14 Managing Zones 14-1

Staged and Synchronous Modes 14-1

Creating and Applying Zone Templates 14-2

Managing Primary DNS Servers 14-4Configuring Primary Forward Zones 14-4

Creating Primary Zones 14-5Editing Primary Zones 14-7Confirming Zone Nameservers 14-8Synchronizing Zones 14-8Zone Commands 14-8Importing and Exporting Zone Data 14-9

Adding Primary Reverse Zones 14-11Adding Reverse Zones as Zones 14-11Adding Reverse Zones from Subnets 14-12

Getting Zone Counts on the Server 14-13

Managing Secondary Servers 14-13Adding Secondary Forward Zones 14-13Enabling Zone Transfers 14-14

Managing DNS ENUM Domain 14-15Managing DNS ENUM Defaults 14-15Adding DNS ENUM Domains 14-16Adding DNS ENUM Numbers 14-17Pulling and Pushing ENUM Domains 14-17

Pushing ENUM Domains to Local Clusters 14-17

xiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Pulling ENUM Domains from the Replica Database 14-18Pulling and Pushing ENUM Numbers 14-18

Pushing ENUM Numbers to Local Clusters 14-18Pulling ENUM Numbers from the Replica Database 14-19

Adding Subzones 14-19Choosing Subzone Names and Servers 14-20Creating and Delegating Subzones 14-20Undelegating Subzones 14-21Editing Subzone Delegation 14-22

Enabling DNS Updates 14-22

Managing Zone Distributions 14-22Preparing the Zone Distribution Map 14-23Creating a Zone Distribution 14-24Pulling Zone Distributions from Replica Data 14-26

C H A P T E R 15 Configuring DNS Views 15-1

DNS Views Processing 15-1

Key Points to Remember When you Work on DNS Views 15-1

Managing DNS Views 15-2Reorder DNS Views 15-2

Synchronizing DNS Views 15-3

Pushing and Pulling DNS Views 15-3Pushing DNS Views to Local Clusters 15-3

Pulling DNS Views from Local Clusters 15-4

C H A P T E R 16 Managing Resource Records 16-1

Managing Resource Records 16-1Adding Resource Records 16-2Protecting Resource Record Sets 16-3Editing Resource Records 16-4Removing Resource Records 16-4Listing Records 16-5Searching Server-Wide for Records and Addresses 16-5Filtering Records 16-7Using Service Location (SRV) Records 16-7Using NAPTR Records 16-8

Managing Hosts in Zones 16-9

xiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

C H A P T E R 17 Managing Authoritative DNS Server Properties 17-1

Managing DNS Authoritative Servers 17-1Running DNS Authoritative Server Commands 17-1Configuring DNS Server Network Interfaces 17-2

Setting DNS Server Properties 17-2Setting General DNS Server Properties 17-3Specifying Delegation-Only Zones 17-3Enabling Round-Robin 17-4Enabling Subnet Sorting 17-4Enabling Incremental Zone Transfers (IXFR) 17-5Restricting Zone Queries 17-5Enabling NOTIFY 17-5

Setting Advanced Authoritative DNS Server Properties 17-6Setting SOA Time to Live 17-6Setting Secondary Refresh Times 17-7Setting Secondary Retry Times 17-7Setting Secondary Expiration Times 17-8Setting Local and External Port Numbers 17-8Handling Malicious DNS Clients 17-8Tuning DNS Properties 17-9

Troubleshooting DNS Servers 17-9

C H A P T E R 18 Managing Caching DNS Server Properties 18-1

Managing DNS Caching Servers 18-1Running DNS Caching Server Commands 18-1Configuring CDNS Server Network Interfaces 18-2

Defining Forwarders 18-2

Using Exceptions 18-3

Managing DNS64 18-4

Managing DNSSEC 18-5

Setting DNS Caching Server Properties 18-5Setting General CDNS Server Properties 18-6Specifying Log Settings 18-6Specifying Activity Summary Settings 18-7Specifying Caching Settings 18-7Setting Cache TTLs 18-7Defining Root Nameservers 18-8Dynamic Allocation of UDP Ports 18-8

xiiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Setting Advanced Caching DNS Server Properties 18-9Setting Maximum Memory Cache Sizes 18-9Specifying Network Settings 18-10Flushing CDNS Cache 18-10Detecting and Preventing DNS Cache Poisoning 18-11

DNS Cache Poisoning Attacks 18-11Handling DNS Cache Poisoning Attacks 18-11

Handling Unresponsive Nameservers 18-12

Caching DNS Domain Redirect 18-12

C H A P T E R 19 Configuring High-Availability DNS Servers 19-1

HA DNS Processing 19-1

Configuring an HA DNS Server Pair from Main Server 19-3

DNS Server Configuration for HA DNS 19-4

Synchronizing HA DNS Zones 19-5

HA DNS Configuration Synchronization 19-5Initial Setup Considerations 19-5Migration Procedure 19-6

Pre-install Cisco Prime IP Express on the HA DNS backup server 19-6Pre-migration Steps for HA DNS Main Server 19-6Restart Cisco Prime IP Express on the HA DNS Main Server 19-7Copy Cisco Prime IP Express Database Files to HA DNS Backup Server 19-7Reconfigure Cisco Prime IP Express on the HA DNS Backup Server 19-7Configure Cisco Prime IP Express HA DNS on the HA DNS Main Server 19-8Reload the DNS Servers 19-8

HA DNS Statistics 19-8

P A R T 5 Dynamic Host Administration

C H A P T E R 20 Introduction to Dynamic Host Configuration 20-1

How DHCP Works 20-1Sample DHCP User 20-2Typical DHCP Administration 20-2Leases 20-3Scopes and Policies 20-3

Cisco Prime IP Express DHCP Implementations 20-4DHCP and IPv6 20-4Virtual Private Networks 20-5

xivCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Subnet Allocation and DHCP Address Blocks 20-5

DNS Update 20-6Effect on DNS of Obtaining Leases 20-7Effect on DNS of Releasing Leases 20-7Effect on DNS of Reacquiring Leases 20-8

DHCP Failover 20-8Allocating Addresses Through Failover 20-8

Client-Classes 20-9DHCP Processing Without Client-Classes 20-10DHCP Processing with Client-Classes 20-11Defining Scopes for Client-Classes 20-11Choosing Networks and Scopes 20-12

C H A P T E R 21 Configuring Scopes and Networks 21-1

Configuring DHCP Servers 21-1General Configuration Guidelines 21-1Configuring DHCP Server Interfaces 21-2

Defining and Configuring Scopes 21-2Creating and Applying Scope Templates 21-3

Using Expressions in Scope Templates 21-4Additional Scope Template Attributes 21-8Editing Scope Templates 21-8Applying Scope Templates to Scopes 21-8Additional Scope Template Attributes 21-8Editing Scope Templates 21-8Applying Scope Templates to Scopes 21-8Cloning a Scope Template 21-9

Creating Scopes 21-9Getting Scope Counts on the Server 21-10Configuring Multiple Scopes 21-11

Configuring Multiple Scopes for Round-Robin Address Allocation 21-11Configuring Multiple Scopes Using Allocation Priority 21-12

Editing Scopes 21-17Staged and Synchronous Mode 21-18Configuring Embedded Policies for Scopes 21-18Configuring Multiple Subnets on a Network 21-19Enabling and Disabling BOOTP for Scopes 21-20Disabling DHCP for Scopes 21-20Deactivating Scopes 21-21

xvCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Setting Scopes to Renew-Only 21-21Setting Free Address SNMP Traps on Scopes 21-21Removing Scopes 21-22

Removing Scopes if Not Reusing Addresses 21-22Removing Scopes if Reusing Addresses 21-23

Managing DHCP Networks 21-23Listing Networks 21-23Editing Networks 21-24

C H A P T E R 22 Configuring Policies and Options 22-1

Configuring DHCP Policies 22-1Types of Policies 22-1Policy Hierarchy 22-3Creating and Applying DHCP Policies 22-3Cloning a Policy 22-5Setting DHCP Options and Attributes for Policies 22-5

Adding Option Values 22-6Adding Complex Values for Suboptions 22-7

Creating and Editing Embedded Policies 22-7

Creating DHCP Option Definition Sets and Option Definitions 22-8Using Standard Option Definition Sets 22-8Creating Custom Option Definitions 22-10Creating Vendor-Specific Option Definitions 22-10Option Definition Data Types and Repeat Counts 22-15Adding Suboption Definitions 22-16Importing and Exporting Option Definition Sets 22-17Pushing Option Definition Sets to Local Clusters 22-17Pulling Option Definition Sets from Replica Data 22-18Setting Option Values for Policies 22-18

C H A P T E R 23 Managing Leases 23-1

Configuring Leases in Scopes 23-1Viewing Leases 23-2Lease States 23-2Guidelines for Lease Times 23-3Importing and Exporting Lease Data 23-4Pinging Hosts Before Offering Addresses 23-6Deactivating Leases 23-7Excluding Leases from Ranges 23-7

xviCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Searching Server-Wide for Leases 23-8

Using Client Reservations 23-10Differences Between Client Reservations And Lease Reservations 23-13

Creating Lease Reservations 23-13DHCPv4 Reservations 23-13

Setting Advanced Lease and Reservation Properties 23-14Reserving Currently Leased Addresses 23-15Unreserving Leases 23-16Extending Reservations to Non-MAC Addresses 23-17Forcing Lease Availability 23-18Inhibiting Lease Renewals 23-19Handling Leases Marked as Unavailable 23-20Setting Timeouts for Unavailable Leases 23-20

Running Address and Lease Reports 23-20Running Address Usage Reports 23-21Running IP Lease Histories 23-21

Enabling Lease History Recording at the Local Cluster 23-22Querying IP Lease History 23-22Trimming Lease History Data 23-26

Receiving Lease Notification 23-27Running Lease Notification Automatically in Linux 23-27Running Lease Notification Automatically in Windows 23-28Specifying Configuration Files for Lease Notification 23-28

Querying Leases 23-28Leasequery Implementations 23-29Pre-RFC Leasequery for DHCPv4 23-29RFC 4388 Leasequery for DHCPv4 23-30Leasequery for DHCPv6 23-31Leasequery Statistics 23-32Leasequery Example 23-33

DHCP Listener Configuration 23-35

Lease History Database Compression Utility 23-37General Comments on Running cnr_leasehist_compress 23-37Running Compression on Linux 23-38Running Compression on Windows 23-41

Moving Leases Between Servers 23-42

C H A P T E R 24 Advanced DHCP Server Properties 24-1

Configuring BOOTP 24-1

xviiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

About BOOTP 24-2Enabling BOOTP for Scopes 24-2Moving or Decommissioning BOOTP Clients 24-3Using Dynamic BOOTP 24-3BOOTP Relay 24-3

Defining Advanced Server Attributes 24-4Setting Advanced DHCP Server Attributes 24-4Deferring Lease Extensions 24-8

Integrating Windows System Management Servers 24-9

Using Extensions to Affect DHCP Server Behavior 24-10Writing Extensions 24-11Preventing Chatty Clients by Using an Extension 24-13

Tuning the DHCP Server 24-15

Configuring Virtual Private Networks and Subnet Allocation 24-17Configuring Virtual Private Networks Using DHCP 24-18

Typical Virtual Private Networks 24-18Creating and Editing Virtual Private Networks 24-19VPN Usage 24-21

Configuring DHCP Subnet Allocation 24-22VPN and Subnet Allocation Tuning Parameters 24-23

Setting DHCP Forwarding 24-24

C H A P T E R 25 Configuring Client-Classes and Clients 25-1

Configuring Client-Classes 25-1Client-Class Process 25-2Defining Client-Classes 25-2Setting Selection Tags on Scopes and Prefixes 25-4Defining Client-Class Hostname Properties 25-5Editing Client-Classes and Their Embedded Policies 25-5Processing Client Data Including External Sources 25-6

Processing Order to Determine Client-Classes 25-7Processing Order to Determine Selection Tags 25-7

Troubleshooting Client-Classes 25-8

Configuring Clients 25-9Editing Clients and Their Embedded Policies 25-10Setting Windows Client Properties 25-11Allocating Provisional Addresses 25-12Skipping Client Entries for Client-Classing 25-13Limiting Client Authentication 25-13

xviiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Setting Client Caching Parameters 25-13

Subscriber Limitation Using Option 82 25-14General Approach to Subscriber Limitation 25-15Typical Limitation Scenario 25-15Calculating Client-Classes and Creating Keys 25-15Client-Class Lookup Expression Processing 25-16Limitation Processing 25-16Expression Processing for Subscriber Limitation 25-16Configuring Option 82 Limitation 25-17Lease Renewal Processing for Option 82 Limitation 25-17Administering Option 82 Limitation 25-18Troubleshooting Option 82 Limitation 25-18Expression Examples 25-19

Configuring Cisco Prime IP Express to Use LDAP 25-19About LDAP Directory Servers 25-19Adding and Editing LDAP Remote Servers 25-19Configuring DHCP Client Queries in LDAP 25-20Configuring DHCP LDAP Update and Create Services 25-23

Lease State Attributes 25-24Configuring DHCP to Write Lease States to LDAP 25-25Using LDAP Updates 25-26Configuring LDAP State Updates 25-26Configuring LDAP Entry Creation 25-28

Troubleshooting LDAP 25-29LDAP Connection Optimization 25-29Recommended Values for LDAP 25-30

C H A P T E R 26 Using Expressions 26-1

Using Expressions 26-1

Entering Expressions 26-2

Creating Expressions 26-3Expression Syntax 26-4Expression Datatypes 26-4Literals in Expressions 26-5Expressions Return Typed Values 26-5Expressions Can Fail 26-6Expression Functions 26-6Datatype Conversions 26-21Expressions in the CLI 26-22

xixCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Expression Examples 26-22Limitation Example 1: DOCSIS Cable Modem 26-23Limitation Example 2: Extended DOCSIS Cable Modem 26-24Limitation Example 3: DSL over Asynchronous Transfer Mode 26-24

Debugging Expressions 26-26

C H A P T E R 27 Managing DHCPv6 Addresses 27-1

DHCPv6 Concepts 27-2IPv6 Addressing 27-2Links and Prefixes 27-2

Determining Links and Prefixes 27-3Generating Addresses 27-4Generating Delegated Prefixes 27-5Prefix Stability 27-5Prefix Allocation Groups 27-6

DHCPv6 Clients and Leases 27-7DHCPv6 Bindings 27-8Lease Affinity 27-8IPv6 Lease States 27-8Lease Life Cycle 27-9DHCPv6 Lease Reservations 27-10DHCPv6 Client Reservations 27-12Searching for Leases 27-12Querying Leases for DHCPv6 27-12

DHCPv6 Policy Hierarchy 27-12DHCPv6 Options 27-13

DHCPv6 Configuration 27-13Viewing IPv6 Address Space 27-14Configuring Links 27-14

Creating and Editing Link Templates 27-14Creating and Editing Links 27-18

Configuring Prefixes 27-20Creating and Editing Prefix Templates 27-20Creating and Editing Prefixes 27-25Viewing IPv6 Leases 27-29Viewing Address Utilization for Prefixes 27-30

Viewing DHCPv6 Networks 27-32Editing DHCPv6 Server Attributes 27-32Configuring DHCPv6 Policies 27-32

xxCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Configuring DHCPv6 Client-Classes 27-33Configuring DHCPv6 Clients 27-34Setting DHCPv6 Options 27-34Reconfigure Support 27-35

DNS Update for DHCPv6 27-36

C H A P T E R 28 Managing DHCP Failover 28-1

How DHCP Failover Works 28-1

DHCP Simple Failover 28-2

DHCPv6 Failover 28-3

Setting Up Failover Server Pairs 28-3Adding Failover Pairs 28-4Synchronizing Failover Pairs 28-5Failover Checklist 28-8

Configuring Failover Parameters Based on Your Scenario 28-8Setting Backup Percentages 28-8Setting the Maximum Client Lead Time 28-10Using the Failover Safe Period to Move Servers into PARTNER-DOWN State 28-11Setting DHCP Request and Response Packet Buffers 28-13Setting Load Balancing 28-13

Configuring Load Balancing 28-14

Recovering from a DHCP Failover 28-14Confirming Failover 28-14Monitoring DHCP Failover 28-15Failover States and Transitions 28-15State Transitions During Integration 28-17

Setting Advanced Failover Attributes 28-19Setting Backup Allocation Boundaries 28-20DHCPLEASEQUERY and Failover 28-20

Maintaining Failover Server Pair 28-20Changing Failover Pair Server Addresses 28-20Restarting the Failover Servers 28-21

Restoring a Standalone DHCP Failover Server - Tutorial 28-21Background 28-22Repair Procedure 28-22Reversing the Failover Role on Backup Server 28-23Starting with Server A Powered Off 28-23Starting with Server A Powered On and DHCP Server Stopped 28-24

xxiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Starting with Server A Replaced 28-25Transferring Current Lease State to Server A 28-26Repairing Partners to Their Original Roles 28-26

Changing Failover Server Roles 28-27Establishing Failover Using Standalone Server as Main 28-27Replacing Servers Having Defective Storage 28-28Removing Backup Servers and Halting Failover Operation 28-29Adding Main Servers to Existing Backup Servers 28-29Configuring Failover on Multiple Interface Hosts 28-29

Troubleshooting Failover 28-29Monitoring Failover Operations 28-30Detecting and Handling Network Failures 28-30

Supporting BOOTP Clients in Failover 28-31Static BOOTP 28-31Dynamic BOOTP 28-31Configuring BOOTP Relays 28-32BOOTP Backup Percentage 28-32

C H A P T E R 29 Configuring DNS Update 29-1

DNS Update Process 29-1

Special DNS Update Considerations 29-2

DNS Update for DHCPv6 29-2DHCPv6 Upgrade Considerations 29-3Generating Synthetic Names in DHCPv4 and DHCPv6 29-3Determining Reverse Zones for DNS Updates 29-4Using the Client FQDN 29-4

Creating DNS Update Configurations 29-5

Creating DNS Update Maps 29-7

Configuring Access Control Lists and Transaction Security 29-8Access Control Lists 29-9Configuring Zones for Access Control Lists 29-10Transaction Security 29-10

Creating TSIG Keys 29-11Generating Keys 29-11Considerations for Managing Keys 29-12Adding Supporting TSIG Attributes 29-12

GSS-TSIG 29-13Creating GSS-TSIG Configuration 29-14GSS-TSIG attributes 29-15

xxiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Configuring DNS Update Policies 29-15Compatibility with Cisco Prime IP Express Releases 29-15Creating and Editing Update Policies 29-16Defining and Applying Rules for Update Policies 29-16

Defining Rules for Named Update Policies 29-16Applying Update Policies to Zones 29-18

Confirming Dynamic Records 29-19

Scavenging Dynamic Records 29-19

Troubleshooting DNS Update 29-21

Transitioning to DHCID RR for DHCPv4 29-21

Configuring DNS Update for Windows Clients 29-22Client DNS Updates 29-23Dual Zone Updates for Windows Clients 29-25DNS Update Settings in Windows Clients 29-25Windows Client Settings in DHCP Servers 29-25SRV Records and DNS Updates 29-26Issues Related to Windows Environments 29-28Frequently Asked Questions About Windows Integration 29-32

Configuring GSS-TSIG 29-34CPIPE DNS Configuration to integrate with AD 29-34Primary DNS Server on Linux Integrated to MIT-KDC 29-36Troubleshooting GSS-TSIG Configuration 29-37

C H A P T E R 30 Using Extension Points 30-1

Using Extensions 30-1Creating, Editing, and Attaching Extensions 30-2Determining Tasks 30-3Deciding on Approaches 30-3Choosing Extension Languages 30-4

Language-Independent API 30-4Routine Signature 30-4Dictionaries 30-5Utility Methods in Dictionaries 30-5Configuration Errors 30-5Communicating with External Servers 30-6Recognizing Extensions 30-6Multiple Extension Considerations 30-6

Tcl Extensions 30-7Tcl Application Program Interface 30-7

xxiiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Dealing with Tcl errors 30-8Handling Boolean Variables in Tcl 30-8Configuring Tcl Extensions 30-8Init-Entry Extension Point in Tcl 30-9

C/C++ Extensions 30-9C/C++ API 30-9Using Types in C/C++ 30-10Building C/C++ Extensions 30-10Using Thread-Safe Extensions in C/C++ 30-10Configuring C/C++ Extensions 30-11Debugging C/C++ Extensions 30-11

Pointers into DHCP Server Memory in C/C++ 30-11Init-Entry Entry Point in C/C++ 30-12

DHCP Request Processing Using Extensions 30-12Enabling DHCPv6 Extensions 30-14Receiving Packets 30-14Decoding Packets 30-14Determining Client-Classes 30-15Modifying Client-Classes 30-15Processing Client-Classes 30-15Building Response Containers 30-16Determining Networks and Links 30-16Finding Leases 30-16Serializing Lease Requests 30-17Determining Lease Acceptability 30-17DHCPv6 Leasing 30-19

DHCPv6 Prefix Usability 30-19DHCPv6 Lease Usability 30-19DHCPv6 Lease Allocation 30-20

Gathering Response Packet Data 30-20Encoding Response Packets 30-21Updating Stable Storage 30-21Sending Packets 30-21Processing DNS Requests 30-21Tracing Lease State Changes 30-22Controlling Active Leasequery Notifications 30-22

Extension Dictionaries 30-23Environment Dictionary 30-24

General Environment Dictionary Data Items 30-25

xxivCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Initial Environment Dictionary 30-26Request and Response Dictionaries 30-26

Decoded DHCP Packet Data Items 30-27Using Parameter List Option 30-28

Extension Point Descriptions 30-28init-entry 30-29pre-packet-decode 30-30post-packet-decode 30-31

Extension Description 30-31Overriding Client Identifiers 30-31

post-class-lookup 30-32pre-client-lookup 30-32

Environment Dictionary for pre-client-lookup 30-33post-client-lookup 30-34

Environment Dictionary for post-client-lookup 30-35generate-lease 30-35check-lease-acceptable 30-37lease-state-change 30-37

Environment Dictionary for lease-state-change 30-38pre-packet-encode 30-38post-packet-encode 30-38pre-dns-add-forward 30-38post-send-packet 30-39environment-destructor 30-39

P A R T 6 Virtual Appliance

C H A P T E R 31 Introduction to Cisco Prime IP Express Virtual Appliance 31-1

How the Cisco Prime IP Express Virtual Appliance Works 31-1How to Download the Cisco Prime IP Express Virtual Appliance 31-1

Monitoring Disk Space Availability 31-2

Increasing the Size of Disk 31-2

Troubleshooting 31-3

C H A P T E R 32 Managing the Cisco Prime IP Express Virtual Appliance 32-1

Invoking the Cisco Prime IP Express Virtual Appliance 32-1

Modifying Virtual Appliance Configuration 32-2Setting the Time Zone 32-2Viewing Network Status 32-2

xxvCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Modifying Network Address Settings 32-2Configuring Proxy Server 32-3

Accessing Cisco Prime IP Express Application 32-3

Configurations and Restrictions 32-3

P A R T 7 Appendices

A P P E N D I X A Resource Records A-1

A P P E N D I X B DHCP Options B-1

Option Descriptions B-1RFC 1497 Vendor Extensions B-1IP Layer Parameters Per Host B-3IP Layer Parameters Per Interface B-4Link Layer Parameters Per Interface B-4TCP Parameters B-5Application and Service Parameters B-5DHCPv4 Extension Options B-8Microsoft Client Options B-10DHCPv6 Options B-11

Option Tables B-15Options by Number B-15Options by Cisco Prime IP Express Name B-20Option Validation Types B-26

A P P E N D I X C DHCP Extension Dictionary C-1

Extension Dictionary Entries C-1Decoded DHCP Packet Data Items C-1Request Dictionary C-10Response Dictionary C-16

Extension Dictionary API C-26Tcl Attribute Dictionary API C-26

Tcl Request and Response Dictionary Methods C-27Tcl Environment Dictionary Methods C-29

DEX Attribute Dictionary API C-30DEX Request and Response Dictionary Methods C-31DEX Environment Dictionary Methods C-39

Handling Objects and Options C-40

xxviCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

Using Object and Option Handling Methods C-40Options and Suboptions in C/C++ C-41

Examples of Option and Object Method Calls C-42Handling Vendor Class Option Data C-42Handling Object Data C-42

G L O S S A R Y

I N D E X

xxviiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Contents

xxviiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Preface

This guide describes configuring Cisco Prime IP Express by using the web-based user interface (web UI) and command line interface (CLI).

Who Should Read This GuideThis guide is designed for network managers who are responsible for maintaining the network Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and Simple Network Management Protocol (SNMP) servers. The network manager should be familiar with the following topics:

• Basic concepts and terminology used in internetworking

• Network topology and protocols

How This Guide Is OrganizedThis guide describes how to become familiar with Cisco Prime IP Express features so that you can use them to administer network addresses. The parts of this guide are described in the following subsections.

Part 1—Getting StartedPart 1 introduces Cisco Prime IP Express, describes the management and protocol components, and describes the user interfaces. This part includes the following chapters:

Chapter 1 Cisco Prime IP Express Components

Introduces Cisco Prime IP Express, its deployment scenarios, and some deployment guidelines.

Chapter 2 Cisco Prime IP Express User Interfaces

Describes the Cisco Prime IP Express management and protocol components.

Chapter 3 Server Status Dashboard Describes the Cisco Prime IP Express server status dashboard features and functions.

Chapter 4 Deploying Cisco Prime IP Express

Describes the Cisco Prime IP Express local and regional web UIs and CLIs.

xxixCisco Prime IP Express 8.2 User Guide

OL-31070-01

Part 2—Local and Regional AdministrationPart 2 describes how to configure administrators, manage the central configuration, and maintain the servers and databases (including backup and recovery). This part includes the following chapters:

Part 3—Address ManagementPart 3 describes how to manage the IP address space and its hierarchy, hosts, owners and regions, and reports. This part includes the following chapters:

Chapter 5 Configuring Administrators Describes how to configure the local and regional administrators, and provides administration tutorials.

Chapter 6 Managing the Central Configuration

Describes how to manage the central network configuration from the regional cluster.

Chapter 7 Maintaining Servers and Databases

Describes how to maintain the Cisco Prime IP Express servers.

Chapter 8 Backup and Recovery Describes how to back up or recover the databases.

Chapter 9 Managing Address Space Describes how to manage address space elements known as address blocks and subnets.

Chapter 10 Managing Hosts Describes how to manage network hosts.

Chapter 11 Managing Owners and Regions

Describes how to manage network owners and regions.

Chapter 12 Managing Reports Describes how to manage American Registry of Internet Numbers (ARIN) and address allocation reports.

xxxCisco Prime IP Express 8.2 User Guide

OL-31070-01

Part 4—Domain and Zone AdministrationPart 4 describes how to configure DNS servers, zones, resource records, server attributes, and High Availability (HA) servers. This part includes the following chapters:

Part 5—Dynamic Host AdministrationPart 5 describes DHCP and how to configure scopes and leases and their several deployments, IPv6 addresses, clients and client-classes, failover, DNS Update, and special processing using extensions. This part includes the following chapters:

Chapter 13 Introduction to the Domain Name System

Introduces the Domain Name System (DNS) protocol and its Cisco Prime IP Express implementation.

Chapter 14 Managing Zones Describes how to manage DNS zones.

Chapter 16 Managing Resource Records Describes how to manage DNS resource records (RRs).

Chapter 17 Managing Authoritative DNS Server Properties

Describes how to set advanced Authoritative DNS server properties.

Chapter 18 Managing Caching DNS Server Properties

Describes how to set more advanced Caching DNS server properties.

Chapter 19 Configuring High-Availability DNS Servers

Describes how to configure a High Availability (HA) DNS server.

Chapter 20 Introduction to Dynamic Host Configuration

Introduces DHCP and its Cisco Prime IP Express implementation.

Chapter 21 Configuring Scopes and Networks

Describes how to configure scopes and networks.

Chapter 22 Configuring Policies and Options

Describes how to configure policies and options.

Chapter 23 Managing Leases Describes how to manage leases.

Chapter 25 Configuring Client-Classes and Clients

Describes how to configure DHCP clients and client-classes.

Chapter 26 Using Expressions Describes how to use expressions for DHCP processing.

Chapter 27 Managing DHCPv6 Addresses

Describes how to manage the DHCPv6 address space.

Chapter 28 Managing DHCP Failover Describes how to configure DHCP failover servers.

xxxiCisco Prime IP Express 8.2 User Guide

OL-31070-01

Part 6—Virtual AppliancePart 6 describes virtual appliance and how to configure and mange Cisco Prime IP Express virtual appliance. This part includes the following chapters:

Part 7—Appendixes, Glossary, and IndexPart 7 includes appendixes that describe DNS RRs, DHCP options, and the DHCP extension dictionary. This part also includes a glossary and an index.

Document ConventionsThis guide uses the following documentation conventions.

FormattingThis guide uses the following formatting conventions:

• User input and controls are indicated in bold; for example, “enter 1234” and “click Modify Scope.”

• Object attributes are indicated in italics; for example, “the failover-safe-period attribute.”

Chapter 24 Advanced DHCP Server Properties

Describes how to manage the more advanced DHCP server properties.

Chapter 29 Configuring DNS Update Describes how to configure DNS Update for DHCP.

Chapter 30 Using Extension Points Describes how to use extensions for DHCP processing.

Chapter 31 Introduction to Cisco Prime IP Express Virtual Appliance

Introduces virtual appliance and its Cisco Prime IP Express implementation.

Chapter 32 Managing the Cisco Prime IP Express Virtual Appliance

Describes how to manage the Cisco Prime IP Express virtual appliance.

Appendix A Resource Records Describes the DNS RRs.

Appendix B DHCP Options Describes the DHCP options.

Appendix C DHCP Extension Dictionary Describes the DHCP extension dictionary.

Glossary Glossary Glossary of terms used in Cisco Prime IP Express.

Index Index Index to the guide.

xxxiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

• Cross-references to chapters or sections of chapters are indicated in blue type; for example, “see the “Document Conventions” section on page xxxii.”

Navigation and ScreensThis guide uses the following navigation and screen display conventions:

• Windows systems use a two-button mouse. To drag and drop an object, click and hold the left mouse button on the object, drag the object to the target location, then release the button.

• Screen displays can differ slightly from those included in this guide, depending on the system or browser you use.

• Web UI Navigation bar labels can have IPv4 and IPv6 variants depending on the administrator role privileges assigned. To simplify procedural instructions, this User Guide uses the most generic versions of the menu bar labels, unless there is a need to be more specific. For example, the Address Space menu label might be rendered as IP v4 and IP v6. The instructions will have the label simply as Address Space.

CalloutsCallouts in the text have the following meaning:

Caution Be careful. The description alerts you to potential data damage or loss.

Note Take note. The description is particularly noteworthy.

Timesaver Save time. The description can present a timesaver.

Tip Consider this helpful hint. The description can present an optimum action to take.

Product Documentation

Note We sometimes update the electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.

You can view the marketing and user documents for Cisco Prime IP Express at: http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-ip-express/tsd-products-support-series-home.html

The following document gives you the list of user documents for Cisco Prime IP Express 8.2: http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/ip_express/8-2/doc_overview/guide/CPIPE_8_2_Doc_Guide.html

xxxiiiCisco Prime IP Express 8.2 User Guide

OL-31070-01

http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/ip_express/8-2/doc_overview/guide/CPIPE_8_2_Doc_Guide.htmlhttp://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/ip_express/8-2/doc_overview/guide/CPIPE_8_2_Doc_Guide.htmlhttp://www.cisco.com/c/en/us/support/cloud-systems-management/prime-ip-express/tsd-products-support-series-home.html

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.

xxxivCisco Prime IP Express 8.2 User Guide

OL-31070-01

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

P A R T 1

Getting Started

OL-31070-01

C H A P T E R 1

Cisco Prime IP Express Components

Cisco Prime IP Express provides the tools to configure and control the servers necessary to manage your IP address space. This chapter provides an overview of the management components and concentrates on the Simple Network Management Protocol (SNMP), which are not covered in subsequent parts of this User Guide.

Management ComponentsCisco Prime IP Express contains two management components:

• Regional component, consisting of:

– Web-based user interface (web UI)

– Command line interface (CLI)

– Central Configuration Management (CCM)

– Bring your own device (BYOD)

• Local component, consisting of:

– Web UI

– CLI

– CCM server

– Authoritative Domain Name System (DNS) server

– Caching / Recursive Domain Name System (CDNS) server

– Dynamic Host Configuration Protocol (DHCP) server

– Simple Network Management Protocol (SNMP) server

– Management of local address space, zones, scopes, DHCPv6 prefixes and links, and users

Note We do not recommend configuring both DNS and Caching DNS services in one server.

License management is done from the regional cluster when Cisco Prime IP Express is installed. You must install the regional server first and load all licenses in the regional server. When you install the local cluster, it registers with regional to obtain its license.

1-1Cisco Prime IP Express 8.2 User Guide

Chapter 1 Cisco Prime IP Express ComponentsSimple Network Management

The regional CCM server provides central management of local clusters, with an aggregated view of DHCP address space and DNS zones. It provides management of the distributed address space, zones, scopes, DHCPv6 prefixes and links, and users.

The local CCM server provides management of the local address space, zones, scopes, DHCPv6 prefixes and links, and users.

The remainder of this chapter describe the SNMP protocol. The CCM server, web UIs, and CLI are described in Chapter 2, “Cisco Prime IP Express User Interfaces.” The DNS, CDNS and DHCP servers are described in their respective sections of this guide.

Simple Network ManagementThe Cisco Prime IP Express Simple Network Management Protocol (SNMP) notification support allows you to query the DHCP and DNS counters, be warned of error conditions and possible problems with the DNS and DHCP servers, and monitor threshold conditions that can indicate failure or impending failure conditions.

Cisco Prime IP Express implements SNMP Trap Protocol Data Units (PDUs) according to the SNMPv2c standard. Each trap PDU contains:

• Generic-notification code, if enterprise-specific.

• A specific-notification field that contains a code indicating the event or threshold crossing that occurred.

• A variable-bindings field that contains additional information about certain events.

Refer to the Management Information Base (MIB) for the details. The SNMP server supports only reads of the MIB attributes. Writes to the attributes are not supported.

The following MIB files are required:

• Traps—CISCO-NETWORK-REGISTRAR-MIB.my

• DNS server—CISCO-DNS-SERVER-MIB.my

Note The Caching DNS server requires only a subset of the DNS MIB when it is operating. Caching DNS server only supports the server-start and server-stop notification events.

• DHCPv4 server—CISCO-IETF-DHCP-SERVER-MIB.my

• DHCPv4 server capability—CISCO-IETF-DHCP-SERVER-CAPABILITY.my

• DHCPv4 server extensions—CISCO-IETF-DHCP-SERVER-EXT-MIB.my

• DHCPv4 server extensions capability—CISCO-IETF-DHCP-SERVER-EXT-CAPABILITY.my

• DHCPv6 server—CISCO-NETREG-DHCPV6-MIB.my (experimental)

Note The MIB, CISCO-NETREG-DHCPV6-MIB is defined to support query of new DHCP v6 related statistics and new DHCP v6 traps.

These MIB files are available in the /misc directory of the Cisco Prime IP Express installation path.

The following dependency files are also required:

• Dependency for DHCPv4 and DHCPv6—CISCO-SMI.my


OL-31070-01


• Additional dependencies for DHCPv6—INET-ADDRESS-MIB.my

These dependency files are available along with all the MIB files at the following URL:

ftp://ftp.cisco.com/pub/mibs/v2/

To get the object identifiers (OIDs) for the MIB attributes, go to the equivalently named .oid file at:

ftp://ftp.cisco.com/pub/mibs/oid/

Related Topics

Setting Up the SNMP Server, page 1-3How Notification Works, page 1-4Handling SNMP Notification Events, page 1-5Handling SNMP Queries, page 1-8

Setting Up the SNMP ServerTo perform queries to the SNMP server, you need to set up the server properties.

Local Basic or Advanced Web UI

Step 1 From the Operate menu, choose Manage Servers under the Servers submenu to open the Manage Servers page (see the “Managing Servers” section on page 7-1).

Step 2 Click the Local SNMP Server link to open the Edit Local SNMP Server page.

Step 3 The Community string attribute is the password to access the server. (The community string is a read community string only.) The preset value is public.

Step 4 You can specify the Log Settings, Miscellaneous Options and Settings, and Advanced Options and Settings:

• trap-source-addr—Optional sender address to use for outgoing traps.

• server-active—Determines whether the SNMP server is active for queries. The default value is true. If set to false, the server will run, but is not accessible for queries and does not send out traps.

• cache-ttl—Determines how long the SNMP caches responds to queries, default to 60 seconds.

Step 5 To manage the SNMP server interfaces in the Advanced mode, click the Network Interfaces tab. You can view the default configured network interfaces, and create and edit additional ones. To create and edit them, you must be assigned the server-management subrole of the ccm-admin role. The interface properties are similar to those for the TFTP server.

Step 6 To manage trap recipients for the server:

a. Click the Trap Recipients tab.

b. Enter the name and IP address of a trap recipient (both are required).

c. Click Add Trap Recipient.

d. Repeat for each additional trap recipient.

e. To set the port, community string, and agent address for a trap recipient, click its name on the Trap Recipients tab to open the Edit Trap Recipient page, then set the values.

Step 7 Complete the SNMP server setup by clicking Save.


OL-31070-01

ftp://ftp.cisco.com/pub/mibs/v2/ftp://ftp.cisco.com/pub/mibs/oid/


CLI Commands

To set the community string in the CLI so that you can access the SNMP server, use snmp set community=name. Use snmp set trap-source-addr to set the trap source address. Use snmp disable server-active to deactivate the SNMP server and snmp set cache-ttl=time to set the cache time-to-live.

To set trap recipients, use trap-recipient, in the following syntax to include the IP address:

nrcmd> trap-recipient name create ip-addr=ip-addr

You can also add the agent-address, community, and port-number values for the trap recipient.

Other SNMP-related commands include snmp disable server-active to prevent the server from running when started and the snmp-interface commands to configure the interfaces. The addr-trap command is described in the “Handling SNMP Notification Events” section on page 1-5.

How Notification WorksCisco Prime IP Express SNMP notification support allows a standard SNMP management station to receive notification messages from the DHCP and DNS servers. These messages contain the details of the event that triggered the SNMP trap.

Cisco Prime IP Express generates notifications in response to predetermined events that the application code detects and signals. Each event can also carry with it a particular set of parameters or current values. For example, the free-address-low-threshold event can occur in the scope with a value of 10% free. Other scopes and values are also possible for such an event, and each type of event can have different associated parameters.

Table 1-1 describes the events that can generate notifications.

Table 1-1 SNMP Notification Events

Event Notification

Address conflict with another DHCP server detected (address-conflict)

An address conflicts with another DHCP server.

DNS queue becomes full (dns-queue-size)

The DHCP server DNS queue fills and the DHCP server stops processing requests. (This is usually a rare internal condition.)

Duplicate IP address detected (duplicate-address and duplicate-address6)

A duplicate IPv4 or IPv6 address occurs.

Duplicate IPv6 prefix detected (duplicate-prefix6)

A duplicate IPv6 prefix occurs.

Failover configuration mismatch (failover-config-error)

A DHCP failover configuration does not match between partners.

Caching DNS forwarders not responding (forwarders-not-responding)

Forwarding servers stop responding to the Caching DNS server.

DNS forwarders responding (forwarders-responding)

Forwarding servers respond after having been unresponsive.


OL-31070-01


Handling SNMP Notification EventsWhen Cisco Prime IP Express generates a notification, it transmits a single copy of the notification as an SNMP Trap PDU to each recipient. All events (and scopes or prefixes) share the list of recipients and other notification configuration data, and the server reads them when you initialize the notification.

You can set SNMP attributes in three ways:

• For the DHCP server, which includes the traps to enable and the default free-address trap configuration if you are not specifically configuring traps for scopes or prefixes (or their templates).

• On the scope or prefix (or its template) level by setting the free-address-config attribute.

• For the DNS server, which includes a traps-enabled setting.

To use SNMP notifications, you must specify trap recipients that indicate where trap notifications should go. By default, all notifications are enabled, but you must explicitly define the recipients, otherwise no notifications can go out. The IP address you use is often localhost.

Free-address thresholds (free-address-low and free-address-high; or free-address6-low and free-address6-high)

The high trap when the number of free IPv4 or IPv6 addresses exceeds the high threshold; or a low trap when the number of free addresses falls below the low threshold after previously triggering the high trap.

High-availability (HA) DNS configuration mismatch (ha-dns-config-error)

An HA DNS configuration does not match between partners.

HA DNS partner not responding (ha-dns-partner-down)

An HA DNS partner stops responding to the DNS server.

HA DNS partner responding (ha-dns-partner-up)

An HA DNS partner responds after having been unresponsive.

DNS masters not responding (masters-not-responding)

Master DNS servers stop responding to the DNS server.

DNS masters responding (masters-responding)

Master DNS servers respond after having been unresponsive.

Other server not responding (other-server-down)

A DHCP failover partner, or a DNS or LDAP server, stops responding to the DHCP server.

Other server responding (other-server-up)

DHCP failover partner, or a DNS or LDAP server, responds after having been unresponsive.

DNS secondary zones expire (secondary-zone-expired)

A DNS secondary server can no longer claim authority for zone data when responding to queries during a zone transfer.

Server start (server-start) The DHCP or DNS server is started or reinitialized.

Server stop (server-stop) The DHCP or DNS server is stopped.

Table 1-1 SNMP Notification Events (continued)

Event Notification


OL-31070-01


The DHCP server provides special trap configurations so that it can send notifications, especially about free addresses for DHCPv4 and DHCPv6. You can set the trap configuration name, mode, and percentages for the low threshold and high threshold. The mode determines how scopes aggregate their free-address levels.

DHCP v4 Notification

The DHCP v4 modes and thresholds are (see also the “Handling Deactivated Scopes or Prefixes” section on page 1-6):

• scope mode—Causes each scope to track its own free-address level independently (the default).

• network mode—Causes all scopes set with this trap configuration (through the scope or scope template free-address-config attribute) to aggregate their free-address levels if the scopes share the same primary-subnet.

• selection-tags mode—Causes scopes to aggregate their free-address levels if they share a primary subnet and have a matching list of selection tag values.

• low-threshold—Free-address percentage at which the DHCP server generates a low-threshold trap and re-enables the high threshold. The free-address level for scopes is the following calculation:

100 * available-nonreserved-leases total-configured-leases

• high-threshold—Free-address percentage at which the DHCP server generates a high-threshold trap and re-enables the low threshold.

DHCP v6 Notification

The DHCP v6 modes and thresholds are (see also the “Handling Deactivated Scopes or Prefixes” section on page 1-6):

• prefix mode—Causes each prefix to track its own free-address level independently.

• link mode—Causes all prefixes configured for the link to aggregate their own free-address levels if all prefixes share the same link.

• v6-selection-tags mode—Causes prefixes to aggregate their free-address levels if they share a link and have a matching list of selection tag values.

• low-threshold—Free-address percentage at which the DHCP server generates a low-threshold trap and re-enables the high threshold. The free-address level for prefixes is the following calculation:

100 * max-leases - dynamic-leases max-leases

• high-threshold—Free-address percentage at which the DHCP server generates a high-threshold trap and re-enables the low threshold.

Handling Deactivated Scopes or Prefixes

A deactivated scope or prefix never aggregates its counters with other scopes or prefixes. For example, if you configure a prefix with link or v6-selection-tags trap mode, and then deactivate the prefix, its counters disappear from the total count on the aggregation. Any changes to the leases on the deactivated prefix do not apply to the aggregate totals.

Therefore, to detect clients for deactivated scopes or prefixes, you must set the event mode to scope or prefix, and not to any of the aggregate modes (network, selection-tags, link, or v6-selection-tags).


OL-31070-01


The use case for setting traps on deactivated prefixes, for example, is network renumbering. In this case, you might want to monitor both the new prefixes (as an aggregate, ensuring that you have enough space for all the clients) and old prefixes to ensure that their leases are freed up. You would probably also want to set the high threshold on an old prefix to 90% or 95%, so that you get a trap fired when most of its addresses are free.

Local Basic or Advanced Web UI

Access the SNMP attributes for the DHCP server by choosing Manage Servers from the Operate menu, then click Local DHCP Server in the left pane. You can view the SNMP attributes under SNMP (in Basic mode) or SNMP Settings (in Advanced mode) in the Edit DHCP Server page.

The four lease-enabled values (free-address6-low, free-address6-high, duplicate-address6, duplicate-prefix6) pertain to DHCPv6 only. Along with the traps to enable, you can specify the default free-address trap configuration by name, which affects all scopes and prefixes or links not explicitly configured.

To add a trap configuration, do the following:

Step 1 In Advanced mode, from the Deploy menu choose Traps under the DHCP submenu to access the DHCP trap configurations. The List/Add Trap Configurations page appears.

Step 2 Click the Add Traps icon in the left pane to open the Add AddrTrapConfig page.

Step 3 Enter the name, mode, and threshold percentages, then click Add AddrTrapConfig.

To edit a trap configuration, do the following:

Step 1 Click the desired trap name in the Traps pane to open the Edit Trap Configuration page

Step 2 Modify the name, mode, or threshold percentages.

Step 3 Click the on option for the enabled attribute to enable the trap configuration.

Step 4 Click Save for the changes to take effect.

To delete a trap configuration, select the trap in the Traps pane and click the Delete icon, then confirm or cancel the deletion.

Regional Basic or Advanced Web UI

In the regional web UI, you can add and edit trap configurations as in the local web UI. You can also pull replica trap configurations and push trap configurations to the local cluster on the List/Add Trap Configurations page.

Server Up/Down Traps

Every down trap must be followed by a corresponding up trap. However, this rule is not strictly applicable in the following scenarios:

1. If a failover partner or LDAP server or DNS server or HA DNS partner is down for a long time, down traps will be issued periodically. An up trap will be generated only when that server or partner returns to service.


OL-31070-01


2. If the DHCP or DNS server is reloaded or restarted, the prior state of the partner or related servers is not retained and duplicate down or up traps can result.

Note Other failover partner or LDAP server or DNS server or HA DNS partner up or down traps occur only to communicate with that partner or server, and therefore may not occur when the other partner or server goes down or returns to service.

CLI Commands

To set the trap values for the DHCP server at the local cluster, use dhcp set traps-enabled=value. You can also set the default-free-address-config attribute to the trap configuration. For example:

nrcmd> dhcp set traps-enabled=server-start,server-stop,free-address-low,free-address-high nrcmd> dhcp set default-free-address-config=v4-trap-config

Note If you do not define a default-free-address-config (or v6-default-free-address-config for IPv6), Cisco Prime IP Express creates an internal, unlisted trap configuration named default-aggregation-addr-trap-config. Because of this, avoid using that name for a trap configuration you create.

To define trap configurations for DHCPv4 and DHCPv6, use addr-trap name create followed by the attribute=value pairs for the settings. For example:

nrcmd> addr-trap v4-trap-conf create mode=scope low-threshold=25% high-threshold=30% nrcmd> addr-trap v6-trap-conf create mode=prefix low-threshold=20% high-threshold=25%

Handling SNMP QueriesYou can use SNMP client applications to query the following MIBs:

• CISCO-DNS-SERVER-MIB.my

• CISCO-IETF-DHCP-SERVER-MIB.my

• CISCO-IETF-DHCP-SERVER-EXT-MIB.my

• CISCO-NETREG-DHCPV6-MIB.my (experimental)

When the SNMP server receives a query for an attribute defined in one of these MIBs, it returns a response PDU containing that attribute value. For example, using the NET-SNMP client application (available over the Internet), you can use one of these commands to obtain a count of the DHCPDISCOVER packets for a certain address:

C:\net-snmp5.2.2\bin>snmpget -m ALL -v 2c -c public 192.168.241.39:4444.iso.org.dod.internet.private.enterprises.cisco.ciscoExperiment.ciscoIetfDhcpSrvMIB.ciscoIetfDhcpv4SrvMIBObjects.cDhcpv4Counters.cDhcpv4CountDiscovers

CISCO-IETF-DHCP-SERVER-MIB::cDhcpv4CountDiscovers.0 = Counter32: 0

C:\net-snmp5.2.2\bin>snmpget -m ALL -v 2c -c public 192.168.241.39:4444 1.3.6.1.4.1.9.10.102.1.3.1

CISCO-IETF-DHCP-SERVER-MIB::cDhcpv4CountDiscovers.0 = Counter32: 0


OL-31070-01

Chapter 1 Cisco Prime IP Express ComponentsDefault Ports for Cisco Prime IP Express Services

Both commands return the same results. The first one queries the full MIB attribute name, while the second one queries its OID equivalent (which can be less error prone). As previously described, the OID equivalents of the MIB attributes are located in the relevant files at the following URL:

ftp://ftp.cisco.com/pub/mibs/oid/

For example, the CISCO-IETF-DHCP-SERVER-MIB.oid file includes the following OID definition that corresponds to the previous query example:

"cDhcpv4CountDiscovers" "1.3.6.1.4.1.9.10.102.1.3.1"

Here are some possible SNMP query error conditions:

• The community string sent in the request PDU does not match what you configured.

• The version in the request PDU is not the same as the supported version (SNMPv2).

• If the object being queried does not have an instance in the server, the corresponding variable binding type field is set to SNMP_NOSUCHINSTANCE. With a GetNext, if there is no next attribute, the corresponding variable binding type field is set to SNMP_ENDOFMIBVIEW.

• If no match occurs for the OID, the corresponding variable binding type field is set to SNMP_NOSUCHOBJECT. With a GetNext, it is set to SNMP_ENDOFMIBVIEW.

• If there is a bad value returned by querying the attribute, the error status in the response PDU is set to SNMP_ERR_BAD_VALUE.

Integrating Cisco Prime IP Express SNMP into System SNMPYou can integrate the Cisco Prime IP Express SNMP server into the SNMP server, for the system it runs on. The integration can be done in a way where the system will respond to queries for Cisco Prime IP Express MIB entries. On systems using NET-SNMP (and compatible servers) this is done by adding the following entries to the /etc/snmp/snmpd.conf configuration file

view systemview included .1.3.6.1.4.1.9.9view systemview included .1.3.6.1.4.1.9.10

proxy -v 2c -c public 127.0.0.1:4444 .1.3.6.1.4.1.9.9proxy -v 2c -c public 127.0.0.1:4444 .1.3.6.1.4.1.9.10

The community string public and the port number 4444 may have to be replaced if the Cisco Prime IP Express SNMP server has been configured with different values for those settings.

NET-SNMP is commonly available on Linux and other Unix-like systems. On other systems, similar mechanisms may also be available.

Default Ports for Cisco Prime IP Express ServicesTable 1-2 lists the default ports used for the Cisco Prime IP Express services.

Table 1-2 Default Ports for Cisco Prime IP Express Services

PortNumber Protocol Service

53 TCP/UDP DNS

53 TCP/UDP Caching DNS


OL-31070-01

Chapter 1 Cisco Prime IP Express ComponentsDefault Ports for Cisco Prime IP Express Services

67 UDP DHCP client to server

67 TCP Bulk or Active leasequery client to DHCP server

68 UDP DHCP server to client

80 HTTP BYOD web server client to server web UI

162 TCP SNMP traps server to server

389 TCP DHCP server to LDAP server

443 HTTPS BYOD web server secure client to server web UI

546 UDP DHCPv6 server to client

547 UDP DHCPv6 client to server

647 TCP DHCP failover server to server

653 TCP High-Availability (HA) DNS server to server

1234 TCP Local cluster CCM server to server

1244 TCP Regional cluster CCM server to server

4444 TCP SNMP client to server

5480 HTTPS Virtual Appliance

8080 HTTP Local cluster client to server web UI

8090 HTTP Regional cluster client to server web UI

8443 HTTPS Local cluster secure client to server web UI

8453 HTTPS Regional cluster secure client to server web UI

Table 1-2 Default Ports for Cisco Prime IP Express Services (continued)

PortNumber Protocol Service


OL-31070-01

OL-31070-01

C H A P T E R 2

Cisco Prime IP Express User Interfaces

Cisco Prime IP Express provides a regional and a local web-based user interface (web UI) and a regional and local command line interface (CLI) to manage the CDNS, DNS, DHCP, and Central Configuration Management (CCM) servers:

• Web UI for the regional cluster to access local cluster servers—See the “Regional Cluster Web UI” section on page 2-10.

• Web UI for the local cluster—See the “Local Cluster Web UI” section on page 2-7.

• CLI for the local clusters—Open the CLIContent.html file in the installation /docs directory (see the “Command Line Interface” section on page 2-10).

• CCM servers that provide the infrastructure to support these interfaces—See the “Central Configuration Management Server” section on page 2-11.

• BYOD web server for the regional cluster that provide the infrastructure to support BYOD—See the “Bring Your Own Device Web Server” section on page 2-12.

This chapter describes the Cisco Prime IP Express user interfaces and the services that the CCM servers provide. Read this chapter before starting to configure the Cisco Prime IP Express servers so that you become familiar with each user interface capability.

Introduction to the Web-Based User InterfacesThe web UI provides granular access to configuration data through user roles and constraints. The UI provides quick access to common functions. The web UI granularity is described in the following sections.

Related Topics

Supported Web Browsers, page 2-2Access Security, page 2-2Logging In to the Web UIs, page 2-2Multiple Users, page 2-3Changing Passwords, page 2-4Navigating the Web UIs, page 2-4Waiting for Page Resolution Before Proceeding, page 2-4Committing Changes in the Web UIs, page 2-5Role and Attribute Visibility Settings, page 2-5


Chapter 2 Cisco Prime IP Express User InterfacesIntroduction to the Web-Based User Interfaces

Displaying and Modifying Attributes, page 2-5Help Pages, page 2-6Logging Out, page 2-6

Supported Web BrowsersThe web UI has been tested on Microsoft Internet Explorer 9 and Mozilla Firefox 24 and later. Internet Explorer 8 is not supported.

Access SecurityAt Cisco Prime IP Express installation, you can choose to configure HTTPS to support secure client access to the web UIs. You must specify the HTTPS port number and provide the keystore at that time. With HTTPS security in effect, the web UI Login page indicates that the “Page is SSL1 Secure.”

Note Do not use a dollar sign ($) symbol as part of a keystore password.

Logging In to the Web UIsYou can log into the Cisco Prime IP Express local or regional cluster web UIs either by HTTPS secure or HTTP nonsecure login. After installing Cisco Prime IP Express, open one of the supported web browsers and specify the login location URL in the browser address or netsite field. Login is convenient and provides some memory features to increase login speed.

You can log in using a nonsecure login in two ways:

• On Windows, from the Start menu, choose Start > All Programs > Cisco Prime IP Express 8.2 > Cisco Prime IP Express 8.2 {local | regional} Web UI. This opens the local or regional cluster web UI from your default web browser.

Note Open the regional Web UI first and add the licenses for the required services.

• Open the web browser and go to the web site. For example, if default ports were used during the installation, the URLs would be http://hostname:8080 for the local cluster web UI, and http://hostname:8090 for the regional cluster web UI.

This opens the New Product Installation page if no valid license is added at the time of installation. You have to browse and add the valid license. If the license key is acceptable, the Cisco Prime IP Express login page is displayed.

Note You can add the licenses only in the regional server. The local has to be registered to the regional at the time of installation to run the desired licensed services.

In the local server, confirm the regional server IP address and port number and also the services you want to run at the time of your first login. Click Register to confirm registration. If the regional server is configured with the required licenses, you will be displayed the login page.1. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit

(http://www.openssl.org/).


OL-31070-01

http://www.openssl.org/


Enter the superuser username and password created at the time of installation to log into the Web UI. The password is case-sensitive (See the “Managing Passwords” section on page 5-6). If you already added the valid license and superuser and configured a password at the time of installation, then you can log into the web UI using that username and password.

Note There is no default username or password for login.

Note To prepare for an HTTPS-secured login, see the Cisco Prime IP Express Installation Guide.

Depending on how your browser is set up, you might be able to abbreviate the account name or choose it from a drop-down list while setting the username.

To log in, click Login.

Adding License

Cisco will e-mail you one or more license files after you register the Cisco Prime IP Express Product Authorization Key (PAK) on the web according to the Software License Claim Certificate shipped with the product. Cisco administers licenses through a FLEXlm system. Once you have the file or files:

1. Locate the license file or files in a directory (or on the desktop) that is easy to find.

2. On the List/Add Product Licenses page, browse for each file by clicking the Choose File button.

Note The List/Add Product Licenses option is only available at the Regional.

3. In the Choose file window, find the location of the initial license file, then click Open.

4. If the license key is acceptable, the Add Superuser Administrator page appears immediately.

5. To add further licenses, from Administration menu choose Licenses under the User Access submenu to open the List/Add Product Licenses page. Click Browse to open the Choose file window, locate the additional license file, then click Open. If the key in the file is acceptable, the key, type, count, and expiration date appear, along with whether it is an evaluation key. If the key is not acceptable, the page shows the license text along with an error message. For the list of license types, see the “Licensing” section on page 5-15.

Above the table of licenses is a License Utilization area that, when expanded, shows the license types along with the total nodes that you can use and those actually used.

If Cisco Prime IP Express is installed as a distributed system, the license management is done from the regional cluster. You will not have the option of adding licenses in local cluster.

Multiple UsersThe Cisco Prime IP Express user interfaces support multiple, concurrent users. If two users try to access the same object record or data, a Modified object error will occur for the second user. If you receive this error while editing user data, do the following:

• In the web UI—Cancel the edits and refresh the list. Changes made by the first user will be reflected in the list. Redo the edits, if necessary.


OL-31070-01


• In the CLI—Use the session cache refresh command to clear the current edits, before viewing the changes and making further edits. Make changes, if you feel that it is necessary even after the other user’s changes.

Changing PasswordsWhenever you edit a password on a web UI page, it is displayed as a string of eight dots. The actual password value is never sent to the web browser. So, if you change the password, the field is automatically cleared. You must enter the new password value completely, exactly as you want it to be.

Note The password should not be more than 255 characters long.

For details on changing administrator passwords at the local and regional cluster, see the “Managing Passwords” section on page 5-6.

Navigating the Web UIsThe web UI provides a hierarchy of pages based on the functionality you desire and the thread you are following as part of your administration tasks. The page hierarchy prevents you from getting lost easily.

Caution Do not use the Back button of the browser. Always use the navigation bar menu, or the Cancel button on the page to return to a previous page. Using the browser Back button can cause erratic failures.

A single sign-on feature is available to connect between the regional and local cluster web UIs. The regional cluster web UI pages include the Connect button ( ) in the List/Add Remote clusters page, which you can click to connect to the local cluster associated with the icon. If you have single sign-on privileges to the local cluster, the connection takes you to the related local server management page (or a related page for related server configurations). If you do not have these privileges, the connection takes you to the login page for the local cluster. To return to the regional cluster, local cluster pages have the Return button ( ) on the main toolbar.

Note Navigation bar items can vary based on if you have the role privileges for IPv4 or IPv6. For example, the Design menu bar can be DHCPv4 and DHCPv6 if you have the ipv6-management subrole of the addrblock-admin role assigned.

Waiting for Page Resolution Before ProceedingOperations performed in the web UI, such as resynchronizing or replicating data from server clusters, are synchronous in that they do not return control to the browser until the operation is completed. These operations display confirmation messages in blue text. The IE browser displays a wait cursor while the operation is in progress.

Tip Wait for each operation in the web UI to finish before you begin a new operation. If the browser becomes impaired, close the browser, reopen it, then log in again. Some operations like zone distributions can take significant amount of time, so you may have to wait till the operation completes.


OL-31070-01


Committing Changes in the Web UIsYou do not actually commit the page entries you make until you click Save on the page. You can delete items using the delete icon. To prevent unwanted deletions, a Confirm Delete dialog box appears in many cases so that you have a chance to confirm or cancel the deletion.

Role and Attribute Visibility SettingsClick the username drop-down list on the top of the main page to modify user preferences, session settings, user permissions, or debug settings.

• To view the user groups and roles for the administrator, select the User Preferences option. Superuser is a special kind of administrator. (For details how to set up these administrator roles, see the “Create the Administrators” section on page 5-26.)

• Select Session Settings to open the Session Settings dialog, select the mode from the Session Web UI Mode drop-down list, and click Modify Session Settings. You can also click the drop-down arrow of the Mode icon ( ) to view the list of modes. Select the required mode from the list:

– Basic—Basic user mode (the preset choice).

– Advanced—Advanced user mode that exposes the normal attributes.

– Expert—Expert user mode that exposes a set of attributes that are relevant for fine-tuning or troubleshooting the configuration. In most cases, you would accept the default values for these expert attributes and not change them without guidance from the Cisco Technical Assistance Center (TAC). Each Expert mode attribute is marked with a Warning icon on the configuration pages. Each page is clearly marked as being in Expert mode.

Displaying and Modifying AttributesMany of the web UI pages, such as those for servers, zones, and scopes, include attribute settings that correspond to those you can set using the CLI. (The CLI name equivalents appear under the attribute name.) The attributes are categorized into groups by their function, with the more prominent attributes listed first and the ones less often configured nearer the bottom of the page.

Grouping and Sorting Attributes

On many Advanced mode web UI pages, you can toggle between showing attributes in groups and in alphabetical order. These pages generally open by default in group view so that you can see the attributes in their respective categories. However, in the case of large numbers of attributes, you might want to see the attributes alphabetized. Click Show A-Z View to change the page to show the attributes alphabetically. Click Show Group View to change the page to show the attributes in groups. You can also expand or collapse the attribute groups in group view by clicking Expand All or Collapse All. In Expert mode, the Expert mode attributes are alphabetized separately further down the page under the Visibility=3 heading and are all marked with the Warning icon.


OL-31070-01


Modifying Attributes

You can modify attribute values and unset those for optional attributes. In many cases, these attributes have preset values, which are listed under the Default column on the page. The explicit value overrides the default one, but the default one is always the fallback. If there is no default value, unsetting the explicit value removes all values for that attribute.

Displaying Attribute Help

For contextual help for an attribute, click the name of the attribute to open a separate popup window.

Left Navigation Pane and Quick View IconThe Web UI also provides a navigation pane on the left of the main pages. This navigation pane provides access to objects that are added as part of the various categories. You can click the object to edit its properties in the main page.

Each object displayed under a category in the pane also has a Quick View icon associated with it, which is activated when you move the mouse pointer over the object. The Quick View icon expands to open a dialog box that displays the main details about the object, and provides links (if any) to perform the main actions associated with the object.

Help PagesThe web UI provides a separate window that displays help text for each page. The Help pages provide:

• A context-sensitive help topic depending on which application page you have open.

• A clickable and hierarchical Contents and Index, and a Favorites setting, as tabs on a left-hand pane that you can show or hide.

• A Search facility that returns a list of topics containing

cisco prime ip express 8.2 user guide · iii cisco prime ip express 8.2 user guide ol-31070-01...

Documents