NetLD Manual. - Net LineDancer
Contents
1. 3 6 13 Retrieve OS Image Files This feature retrieves an IOS image file from the devices and store it internally Those images can be used for IOS Software Distribution Sec 3 6 10 and NEC WA Software Distribution Sec 3 6 12 Retrieve OS Image Files tA Default Retrieve OS Image Files 2011 08 19 13 52 Find Next Device Elapsed Time seconds Y 10 0 2 26 125 Le 10The time required to add an image varies If you wait for a while and the image is not displayed yet retry to add the file again 3 6 CHANGE MENU 88 Figure 3 6 2 NEC WA Software distribution NEC WA Software Distribution Select an 05 image file to push si Optional Remove the existing image from flash _ Boot from the new image _ Reload after image push _ Perform backup after tool completes Execute Cancel Menu Items Description Select an IOS image file Click on the button on the right and select to push the image in a Browse OS image dialog Remove the existing im Enable it to remove the existing image from flash age from flash Boot from the new im Enable it to boot from the new image age Reload after image push Enable it to reload the new image after pushing the image Perform Backup after tool completes Copyrights LogicVein inc All rights reserved 89 CHAPTER 8 BASIC TOOLS 3 6 14 Add Static Route Here you can add new static routes for the devices Enter required information2. Show Terminal Prossy Loge Compare Configurations Edit Launchers Figure 3 4 3 Opening a device property in the status pane RTX1200 10 0 2 3 RTX1200 10 0 2 3 Last Backup 2014 03 24 09 57 Snapshot Config Timestamp Size U 2014 03 24 09 57 config 2014 03 24 09 57 1082 r Serial Number D26059822 Device Type Router RAM 128 MB Make Yamaha Model RTX1200 Software Version 10 01 22 Using protocols SNMP Telnet from Default b Draft Configurations Using credentials New Credentials from testgroup ts Copyrights LogicVein inc All rights reserved 69 General Tab CHAPTER 3 BASIC TOOLS General tab displays the configurations or specifications of the devices Note that information shown in this tab is based on the last backup netLD performed C3640 10 0 2 6 Last Backup 2014 05 27 10 12 Timestamp Snapshot Config Size 2014 05 27 10 12 running config 2014 05 27 10 12 1086 startup config 2014 05 27 10 12 1086 2014 04 01 17 31 running config 2014 04 01 17 31 1467 startup config 2014 04 01 17 31 1467 b Draft Configurations Compliance Tab General Compliance Hardware Interfaces ARP MAC VLAN Make Cisco Flash 32 MB Model CISCO3640 RAM 128 MB Software Version 12 3 11 T Packet Memory 6 MB Serial Number Device Type Router Using protocols Telnet TFTP from Default Using credentials Now Credentials from Ivi 26433110 Configuration Memo
3. 117 40 Copyrights LogicVein inc All rights reserved 41 CHAPTER 3 BASIC TOOLS 3 10 2 Creating a New Rule co o0 2 sn 121 SWG FON D e e saa a ae Ge e a SR we a Op 125 3 11 Draft Configuration e e e e e e ee o oo eo 131 3 11 1 Creating a Draft Configuration 131 3 11 2 Importing Configurations from Plain Texts 132 3 11 3 Comparing the Configurations 134 3 11 4 Applying a Draft Configuration to a Device 134 3 12 Change Advisor o 135 3 12 1 Executing Commands through Change Advisor 136 2 13 Search DaD sesos ooo EEE ER EES EG 137 3 13 1 Switch Port DEBE s gt s e sas eee ee we we es 137 313 2 ARP Search e e s ace ie eRe ewe eee ee ee 137 3 1 CREDENTIALS A2 3 1 Credentials In this section we show the process of adding credentials manually or using data in a spreadsheet and so on Let s start with the brief overview on how we should set up credentials and network groups If the number of credential information is limited then a single Network Group might be enough for you In this case the same credential set is applied to all devices in the inventory Just enter the required information to access the devices in the Credentials window However in some cases the number of credentials gets quite large and it might be practically impossible to manage them In this case you might have to divide the credentials into sev
4. NTP Servers Port VLAN Assignment SNMF Community Strings SNMP Trap Hosts Syslog Hosts Static Routes Add Static Route Delete Static Route Users Add User Account Change Enable Password Change Local User Password Change Vty Password Delete User Account OS Image 105 Software Distribution Manage OS Images ae NEC WA Software Distribution B Retrieve O5 Image Files r i 3 6 CHANGE MENU SU 3 6 1 Command Runner Command Runner eases the effort of managing your devices by automating the iteration over them e g you can schedule the execution of the hundreds of lines of commands with just one click Available commands include those for fetching or pushing the configurations After the required fields are filled in click on the Execute button Command Runner Specify the commands to run against the devices conf t hostname 26006 end write mem Override the default prompt regex Response timeout seconds 60 _ Perform backup after tool completes Execute Cancel es The results are shown in the status pane Command Runner Default Command Runner 2011 08 19 11 59 89 eae Find Next Device Duration seconds Y 10 0 2 26 29 config t la Enter configuration commands one per line End with CNTL Z 2600G config hostname 26006 26006 config tend 2600G write memo Building configuration OK Ces OL Override the default
5. Rule Set SNMP community public gt Rule Set SNMP community public E General Rules Description This rule set applies to this configuration running config This is a test rule that to find a device without its SNMP community set as public Apply to the whole config _ Apply to blocks _ Template v Restrict the visibility of this rule set to the following networks wv Default Items Description Description Giving a neat description is a good practice Apply to the whole config Apply the rules to entire configuration Apply to blocks Apply the rules to blocks of configuration divided Template Compare the configuration line by line and signals a violation if there is a difference Restrict the visibility of this Check this and restrict networks under the rule rule set to the following net works Copyrights LogicVein inc All rights reserved 121 CHAPTER 8 BASIC TOOLS 3 10 2 Creating a New Rule Here we provide a screen by screen instruction Now let s create a rule here that will generate violation when SNMP community is public in Cisco IOS device configurations Click on i in Compliance Rule Sets tab o e w Compliance o admin Logout Help Policy Rule Sets S Description dp Create Ly Copy ji p Rule Set Adapter Config Source SANS Institute Cisco Router Hardening Step by Step IOS Interface Auto Duplex Speed Cisco IOS running confi site y Remove Unneeded Ser
6. Select None 3 2 2 Creating a User Creating a Role is also simple Go to Setting window gt Users Again Click on the 1 below Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Server Settings Username a Full Name Email Role Type admin Administrator netld nowhere x Administrato Local asai Administrato External mizumachi Administrato External 3 2 USERS AND ROLES 92 There are various fields to be customized J Add User General Username Full Name Custom Fields Email Address Role Administrator Password Confirm Password Cancel Menu Items Description Username Enter the login username for the user Full Name Enter the full name of the user Email Address Enter the user s E mail address Role Select a role for the user from the dropdown list Password Enter a login password of the user Confirm Pass Retype the password to confirm word In Networks submenu you can restrict the user s network access Toggle the available networks for the user in this section The user gains the permission to access the networks whose checkboxes are on Add User General iv Restrict user s access to the following networks Networks Default Custom Fields i aaa Select All Select None Copyrights L
7. m 3 12 CHANGE ADVISOR 136 3 12 1 Executing Commands through Change Advisor You can push the commands provided by Change Advisor into a device Before running the command suggested by the advisor please re check the generated commands again Once you have noticed any unintended suggestion you can edit the generated commands directly Re check the generated commands again Recommended commands configure terminal logging 1 1 1 1 logging 192 168 0 58 exit Perform backup after writing changes to the device After that click on Run and then confirm it by clicking on the Yes button to proceed Contirm Tool Execution o This tool will change a device Do you want to continue 10 0 2 50 424305 Bont show this dialog again You can see the results of the command executions in CLI as they progress The results are also shown in the job history Sec 3 7 LYI Router 10 0 0 250 Change Advisor Default Change Advisor 2013 09 25 13 50 a Find Next Device Duration seconds 10 0 0 250 2 configure terminal Enter configuration commands one per line End with CNTL Z LVI_Router config banner motd LVI lSDuring the configuration recovery and the draft configuration the primary communication protocol is TFTP Therefore these features are not available in devices with no support for TF TP On the other hand Change Advisor is available in all devices supporting some CLI telnet SSH Co
8. 2 2 2 2 0 00000058 121 3 10 3 Poley tab ox ce eae Ew ERD ee oe Se Bee 125 oid Dra ONEe ation o oros 131 3 11 1 Creating a Draft Configuration 131 3 11 2 Importing Configurations from Plain Texts 132 3 11 3 Comparing the Configurations 134 3 11 4 Applying a Draft Configuration to a Device 134 312 Change Advisor so cd wk ee ewe REE ERE ES 135 3 12 1 Executing Commands through Change Advisor 136 ee DOI AO ka eA eR Awe oe Ass 137 3 13 1 Switch Port Search eae eo 6 Rae EH HO SS 137 AA 26 oe he BG ae A eRe RR RAH EH EES 137 Advanced Tools 139 4l Terminal Proxy Lab 2c eae eee saaa hae ee hens he ewes 140 4 1 1 AvailableCommands 0004 141 4 1 2 Setup the Terminal Proxy 0 142 lee BOG sa Gate eS Ree eee eo Tew oe ee ee Se 143 4 1 4 Terminal Proxy Log occ A 145 4 1 5 Verifying the Log from Change History 146 4 1 6 Exporting the Log Files 147 4 2 Cisco Plug and Play Optional 148 4 2 1 Requirements for Using Cisco PnP Feature 150 4 2 2 Setting up a DHCP Server 04 151 4 2 3 Template Based Deployment 156 4 2 4 Importing the Replacement Values in Cisco PnP 161 CONTENTS xi 4 2 5 Cisco PnP Self Recovery oaoa a a 163 4 2 6 Cisco PnP Specific Device Recovery 165 4 2 7 Distributing Configurations via 3G ne
9. alternatively Net StreetDancer 32bit Home Free Version Product Support Net LineDancer Pasteasy and affordable Configuration Management Tool Company Download Evaluation How to start evaluation Met LineDancer evaluation requires Internet access to receive an evaluation license and to register the license in its setup wizard If your machine does not have internet access please send the machine s MAC address so that we can provide a license file Program is incompatible between Linux or Windows 64bit operation systems Please select the program to download according to your evaluating machine You can expect comprehensive and friendly technical support fram us by the next day of a request or earlier We look forward to helping with your technical questions If you have any questions or help please contact Technical Support Evaluation Program for Net LineDancer Free Version Program for Net StreetDancer 1 2 INSTALLING NETLD 4 1 2 Installing netLD Once you get the software let s install it There are few notes before installing the software 1 First of all the installation should be done by the user with Administrator privilege on Microsoft Windows On Unix like machines you have to be able to log in as root user or sudoers if sudo is set up in the system Login again as the appropriate user 2 Next check the minimum requirements of the installation 3 Third check the install de
10. 25004 Template Close Hostname Mew Host Password enable password IP address IP address Mask SNMP community type RO If all the template value is filled in then the leftmost status icon turns into Configurations Templates History Zero Touch Device Configurations CNS Device ID or Template CNS Device ID FHK134570SY 4 1 10f1 Live Status CHS Device ID Template 25004 Template Status Go Cisco CNS Deployment ID FHK13457057 Template 25004 Template Clase Hostname New Host 25004 Password enable password Ivi IP address IP address 192 168 0 1 Mask 255 255 255 0 SNMP community Ivi F type RW ti 4 2 CISCO PLUG AND PLAY OPTIONAL 160 After connecting the target device to network turn on the power of the device As shown in Fig 4 2 1 the device shifts to the Auto Install mode and tries to get an IP address by broadcasting DHCP BOOTP request After that the device tries to receive a configuration file using TFTP You can check the deployment job status in Live Status area age gle E a e y wee e le we the ee Be a Live Status CNS Device ID Live Status shows the current status of the deployment process During the deployment Deployment Complete Live Status Live Status CNS Device ID Status CNS Device ID Status m FHK134570S Deploying configuration FHK134570SyY Successfully deployed configuration A
11. 40 jsnmp server host 10 10 10 252 public 41 snmp server host 192 168 0 60 wee 42 banner motd Welcome to LVI network 43 44 line con 0 45 line aux 0 46 line wry O 4 Copyrights LogicVein inc All rights reserved 125 CHAPTER 8 BASIC TOOLS 3 10 3 Policy tab Policy tab consists of the following subtabs Device subtab allows you to select devices to which you will apply a policy The interface is exactly the same as those described in Jobs Management section p 92 Rule Sets subtab register the existing rule sets to the policy in this tab Item Description All devices Apply the policy to all devices in the inventory Search Apply the policy to all devices that match the query The search is conducted every time the violation check was triggered Static List Choose a set of devices by switching the main pane to the device tab create a static list and the violation check is applied only to the devices in the list tab switching technique Item Description Adapter Specify the target adapter Configuration Choose from either startup config or running config The check is applied to the specified configuration only Rules set Rules in this policy Severity Either Error or Warning This results in the different visual icons when a violation occurred 3 10 COMPLIANCE 126 Creating a New Policy Let s create a policy here that will generate a violation for Cisco IOS device con figurations
12. DHCP Acknowledgment Bootfile Request Send Bootfile CNS Initial Configuration Request Process CNS Template CNS Initial Configuration Response CNS Status Report Cicso IOS AutoInstall Phase Cicso CNS Initial Configuration Phase Figure 4 2 2 Example of DHCP Relay VLAN 10 NN L3 Switch Zero Touch target device DHCP Client Net LineDancer Server DHCP Server 4 2 CISCO PLUG AND PLAY OPTIONAL 150 4 2 1 Requirements for Using Cisco PnP Feature To use Cisco PnP feature make sure the following conditions are met e The target device is running OS 12 2 or later releases with CNS Auto In stall e no startup config the device should not have a valid startup config e DHCP Server if you choose to use netLD DHCP Sever feature the target device must be in an environment where DHCP server can distribute an IP address to the device See Figure 2 for more details You can check the available features of your IOS device in http tools cisco com ITDIT CFN jsp index jsp 3Select the option without default configuration in nvram when you order the device If you need to delete configurations manually use erase startup config or erase nvram command and make the size of configuration in nvram to 0 4Tf necessary there is an additional option that you use an external DHCP Server that sup ports TFTP boot files option If the target router is not connected directly to broadcast domain
13. Edit O 10 0 3 6 Cisco C2600_6 AEO7170Q85 Router Re Edit device properties 10 0 3 4 Cisco Cat2500_4 16930549 Switch IP Associate tags 10 0 3 1 Cisco LVI test i AB03060AX0 Router Dissociate tags 10 0 2 50 Alaxala AX24305 ATRIO SL 56015 Switch Copyrights LogicVein inc All rights reserved 193 CHAPTER 5 MISCELLANEOUS Enable checkboxes for each device tag to associate it with the devices or leave checkbox empty disassociate Add Remove Tags HP_Iwi 10 0 0 253 Configure the tags associated with this device w Tag A _ Tag B O Tag e OK Cancel If you are selecting more than one device tags shared by those devices are displayed in the list Finally click on the OK button to save the change Tag Devices Check the tags that you wish to associate with the devices On the right is the list of tags that the selected devices already share Tags to add Shared tags Tag A Tag B _ Tag D ee lanian 5 2 CONFIGURATIONS AVAILABLE IN SETTINGS WINDOW 194 5 1 4 Display Neighbor Information netLD allows you to check the neighbor information of the device via Display neighbors in Device menu Select Device gt Display neighbors eo Device E Irwentory Tools Change Smart Change hi Reports Backup Serial E s Collect neighbor data FOci117Z900 a J A gt Display neighbors cea ploy neig FHK 14217203 ompare Configurations 21023524206104000005 Edit 2102352150 106000028
14. No adapter matches Server protocol settings for SNMP for this device are disabled There was no ICMP ping response Unable to establish TCP connection on port 22 Telnet or 23 SSH The device has responded to Telnet SSH or ping but did not respond to SNMP request The device has responded to SNMP request but netLD does not have the adapter for the device SNMP protocol in Inventory Protocols settings is disabled for the network group The device did not respond to ICMP ping request only in Single IP Address discovery netLD failed to connect neither to port 22 nor 23 of the device only in Single IP Address discovery During the discovery netLD uses SNMP version 1 by default To change the setting use Inventory Protocols menu and select the proper SNMP option The discovery result only shows the devices which have responded to the Telnet SSH ping Details for discovery status follows 3 8 TOOLS FOR DEVICES IS 3 3 3 Adding Devices Manually You can also add the devices manually Go to Inventory gt Add New Device and you can add each device manually Menu Items Description IP Address Specify an IP address of the device to add Adapter Select adapter ID from the dropdown list of the device to add Alternatively you can do the same thing by importing a handwritten or the exported spreadsheet This is described in Sec 3 3 6 We also provide a template spreadsheet to fill in the IP add
15. Tag B Hostname EOL Tia Tag D Status Any w System name Serial J Changed Any v Installation Date MAG J Config Text clear search basic search Names for each custom field may be different if they were changed in Setting Server Settings gt Custom Device Fields menu IP CIDR Enter an IP address CIDR e g 10 0 0 1 or 192 168 0 1 24 Admin IP Enter an IP address Note that only the devices already added in the Inventory are subject to the search Hostname Enter a hostname e g J2320 or J23 Status Select a backup status from the dropdown list Changed Select the time that the last backup was done Custom 1 to 5 Enter any text It matches the custom field of each device e g lvi netLD net etc Device with tags Select a device tag name from the list You can use and or radio buttons to toggle how queries are combined Vendor Select a device vendor name from the dropdown list Model Enter a model name to filter devices by model name e g J2320 J23 etc e This optional filter is available when the Vendor filter is used Version Enter a version number of the devices Operation Systems and select an operator from the dropdown list e g gt 9 2 e This optional filter is available when the Vendor filter is used 3 8 TOOLS FOR DEVICES 62 Serial Enter a serial number in this field to filter devices by serial numbers e g 01621220 MAC Enter a M
16. To use this feature configurations for the devices must already be stored in netLD by per forming backup Copyrights LogicVein inc All rights reserved 183 CHAPTER 4 ADVANCED TOOLS 4 4 2 Configuring SNMP Trap Send netLD is able to send a trap to the network managers when 1 the device configuration changes 2 a new device was added to deleted from the netLD inventory 3 netLD fails to run the backup job and 4 a compliance status changes in some devices To set the trap destination follow the instructions below In Settings window SNMP Traps enable the checkboxes for the conditions in which netLD sends a trap Data Retention send traps when System Backup device configuration changes are detected Mail Server Id devices are added and deleted SNMP Traps a backup fails Users _ the compliance status of a device changes Roles Trap receivers External Authentication Community Host Port Version Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update 10Traps are sent only when the configuration differes from the last backup 4 4 INTEGRATION WITH EXTERNAL NETWORK MANAGEMENT SOFTWARE 184 Click on the at the bottom of the Trap receivers list to enter the hostname and the port of the receiver Also enter the name of SNMP trap community into SNMP community string field Click on the OK button to add the receiver to the
17. Windows Service Manager or via CUI See Sec 2 6 for details 2 Save the latest netLD install program to the target server and double click on the program to start The following procedure is just the same as that of the initial installation except for the minor changes e License registration does not appear e Installation directory is not asked and confirmed 5 4 5 Uninstalling netLD To uninstall netLD follow the instruction below In the Windows Programs and Features dialog select Net LineDancer Enterprise from the Name list and click on the Uninstall button ca E El y E Control Panel Programs Programs and Features Tasks Uninstall or change a program View installed updates oe a To uninstall a program select it From the list and then click Uninstall Change or Repair Get new programs online at Windows Marketplace Organize v Views v Uninstall Turn Windows features on or off v Publisher a Adobe Flash Player 10 Activex Adobe Systems Incorporated SD WinPcap 4 1 2 CACE Technologies weet LineDancer Enterprise DancerNetworks 2011 08 18 a The Wireshark developer com Then the following message is displayed to confirm the uninstallation Click on the Yes button if you want to keep the configuration data of netLD or click on the No button if you want to uninstall everything including all configurations i i Uninstalling will de
18. correct by entering a test username and password into the Test Authentication area Clicking the Test button will cause netLD to attempt an Access Request against the specified server To enable the RADIUS integration check Allow authentication using an exter nal RADIUS server and click on OK Copyrights LogicVein inc All rights reserved 201 CHAPTER 5 MISCELLANEOUS 5 2 6 Changing the Column Names of Custom Device Fields You can add arbitrary texts in the custom fields of the devices In order to modify the value of custom field in each device see Sec 3 3 4 In this setting section you can customize the titles of Custom Device Fields 5 2 7 Launchers URL Launchers In this setting section you can create shortcuts to access certain URLs defined by the device in the right click menu which appears in the inventory If you set a URL Launcher template IP Address for example an IP Address button appears in the right click menu in Device View When you click on it the template is instantiated with the device information and the browser opens the result URL To add such a launcher click on to insert the entry to the list The URL may contain some specific patterns surrounded with braces which are substituted with the actual value of each device Server Settings Data Retention URL Variables System Backup Create a New Launcher lt Hostname Mail Server Name IP Address SNMP Traps URL http M
19. e and w or Use search from devices view Adding a Trigger Finally we add the triggers Process 4 Move to Schedule subtab in the status pane Click on the bottom left to add a new trigger Scheduled Inventory Report Email Notification 5 Devices Schedule v Trigger Next Fire Time GMT 9 Tf you use Search option while adding the devices to the job the query is run each time the job is run and the search results changes depending on the inventory at the time of the job to run Copyrights LogicVein inc All rights reserved 97 CHAPTER 8 BASIC TOOLS Set a trigger with the date and repetition cycle Click on the Save button after all the required information is set Trigger Mame Everyday on 12 00pm y Once e Daily Weekly Monthly Cron mE DE Recur every a day s Ea When a recurrence interval other than 1 is selected the starting day is always based on the 1st of the month Example a recurrence interval of 2 means the schedule will run on the 1st 3rd 5th etc of the month Filter No Filter gt E Save Cancel 3 7 JOB MANAGEMENT lt 2 Name Specify the name of the trigger Time Specify the time and date to perform the job Schedule Select one of the following scheduling types Once the job is scheduled just once Daily the job is scheduled to run on every l nxk th day e g m z the job is run on Ist 3rd 5th 31st Weekly execute t
20. line VTY variable matches line 6 e End matches line 9 Match Expression the main query of the match used to determine the violation Action One of the following e Stop if not matched e Stop on match e Violation if not matched e Violation on match Variable Variables between tildes are added into the bottom window and any value can be entered Without any filter it means do not care Type One of the four possible type of variables Copyrights LogicVein inc All rights reserved 119 CHAPTER 3 BASIC TOOLS e Text e IP address e Host name e Word Restriction If a violation query matches a line in the configuration apply a regular expression filter If a line matches the violation query but the value of the variable does not match the filter then the violation match is withdrawn Figure 3 10 3 Example code snippets banner motd C Welcome line con O line aux O line vty 0 4 password lvi login o 0 Non F W N e E E E end 3 10 COMPLIANCE 120 General Subtab General Subtab is meant for writing a documentation for the maintenance We strongly suggest that you add a documentation to each rules Suppose one of your administrator quit his job and no one can maintain and understand the purpose of the rules he had written You would encounter a big problem in this case Figure 3 10 4 General tab you can write a general description and specify some other attributes
21. logging 192 168 0 58 46 snmp server community public RO 47 snmp server community netman RW 48 snmp server community netld RO Software Summary shows OS information of all devices in Device View software Summary Report netLO Enterprise f 15 14 7 39 PM ptosis Frequency Apresia 7 22 01 1 Alaxala 10 4 1 Cisco 12 1 9 1 12 2 46 SE 15 1 4 M1 3 8 REPORT 102 Network Hardware Summary shows pie charts where each color corresponds to a device hardware vendor and a device type firewall router or switch Network Hardware Summary 7 15 14 7 38 PM netLD Enterprise Device Hardware Vendors B Alaxala 0 B Extreme Af O Apresia Bl Cisco By i Juniper Bf H3C y a D Link NEC Foundry HP Device Types B Switch D Wireless Controller Wireless Access Point Router O Firewall Hardware Report shows the hardware chassis information including type slot and serial numbers for the devices Hardware Report 7 15 14 7 38 PM netLO Enterprise Type Slot SlotType Model Part Serial Description 10 0 2 5 Apresia_SW Switch Chassis Apresia3424GT SS Apresia Switch 10 0 2 50 AX24305 Switch Chassis AX24305 24T 856015 AX24305 24T OS L2 Ver 10 4 10 0 3 4 2500 Router Chassis CiISCO2Z500 06930549 Cisco Internetwork Operating System Software IOS tm 2500 Software C2500 L Version 12 1 9 RELEASE SOFTWARE fc1 Copyright c 1986 2001 by cisco Systems Inc Compi
22. 1 40 logging 192 168 0 146 41 logging 192 168 0 144 42 logging 10 0 0 172 43 logging 10 0 0 160 44 snmp server community public RW 15 snmp server enable traps snmp authentication linkdown linkup coldst 46 snmp server host 192 168 0 24 public 711 lip http server a 2 logging 192 168 0 146 logging 192 168 0 144 ar logging 10 0 0 172 ac logging 10 0 0 160 mA Ye ae om snmp server community public RW F ai PARE 43 51 line con 0 j 52 line aux 0 control plane i i line vty 0 4 lh 4 password lvi line con 0 login cr line aux 0 line vty 0 4 mmm 1 Removed Modified Added This feature is not available for all devices because some devices do not have running config and startup config netLD does not show this icon 4 for some devices even if there is a compliance violation 3 5 TOOLS MENU 14 3 5 Tools Menu Tools in Tools menu check the real time status of the selected devices You can export the accumulated results by clicking on the CSV button Y at the upper right corner in the corresponding view in the status pane Figure 3 5 1 Tools Menu gt Device se Inventory G Tools e Change LA Smart Change T Reports DNS Lookup E Interface Brief 105 Show Commands IF Routing Table Live ARF Table Fing Port Scan SNMP System Info Traceroute 3 5 1 DNS Lookup It shows the result of DNS name resolution of the devices DNS Lookup Lia Default DNS Lookup 201
23. 10 0 2 50 Alaxala AX24305 10 0 2 30 Extreme Summit48i O 100 214 Fujitsu Si R80brin C 4 1 24 of 24 v Compare Scheduled Inventory Report 3 Email Notification Devices h Schedule _ All Devices Search e Static list IP Address 10 0 3 6 10 0 3 4 10 0 3 2 10 0 3 1 Add selected from device view search Remove S5R 5224TC2 Fujitsu gt Device gejInventory GTools Model 5R 5224TC2 WS C3560 24TS S 1ISCO2500 CISCO2611XM 2FE CISCO2500 CISCO2524 CIscO2611 AX24305 24T Summit48i Si R80brin vy Hostname C2600_6 Cat2500_4 C2500_2 LVL test x xm cy y Change 2 Smart Change hu Reports Serial Device Type 00127300 Switch FDO1241X0RF Switch 03923464 Router JAE07170Q85S Router 06930549 Switch 06956296 Router JABO3060AX0 Router 856015 Switch 0145M 01540 Switch 00118324 Router y Results per page 254 vw E El e 3 7 JOB MANAGEMENT o Or select the radio button Search and use the Search feature in the status pane The queries in the Device View in main pane can be copied into the status pane by Use search from Device View Scheduled Inventory Report Lia F Email Notification Devices S Schedule a Static list IP CIDR 10 0 0 0 24 Custom 1 Devices with tags Vendor Any g Search Hostname Custom 2 A Branch B Status Any w Custom 3 v Branch Changed Any w Custom 4 Branch D Serial Custom 5
24. 100 212 10443 Roles E 554 192 168 100 213 10443 External Authentication i 192 168 100 214 10445 Custom Device Fields ses ETAS ila Sone ee se7 192 168 100 216 10443 NA ses 192 168 100 217 10443 Smart Bridges Networks Network Servers Cisco Plug and Play Software Update iw x 4 8 SMART BRIDGE OPTIONAL 176 Enter the required information in Bridge Host dialog Then click on the OK button to finish Bridge Host Mame Host orIP 197 168 100 209 Port 10443 Cancel Menu Items Description Name Enter a name for the Smart Bridge Host or IP Specify a server by hostname or IP address that the Smart Bridge is installed Port Specify a port that the Smart Bridge uses by the up and down arrow keys Once the Smart Bridge is added to the network list on the core server you will be soon able to check the connection status to the Smart Bridge in this dialog The icons in the first column indicates the status of the Smart Bridge Now the status is Y because the connection is not established Server Settings Data Retention Name Host Port System Backup Default 127 0 0 1 10443 Mail Server a LVI Branch A 192 165 0 175 10445 SNMP Traps Users Roles Custom Device Fields Memo Templates Launchers Smart Bridges Metworks Metwork Servers software Update P p OK Cancel Copyrights LogicVein inc All rights reserved 177 CHAPTER 4 ADVANCED TOOLS Sooner or later if the config
25. 152 to real time batch If no such entry is found check another syslog log file normally syslog log in the same directory to see if it is receiving any messages from the device Again note that this feature is not available on some devices It is either due to the hardware limitation or because the device is the latest model However in the latter case a future support is possible if the device has a specific login and logout events or a syslog event for configuration change For this kind of feature request contact LogicVein Technical Support support logicvein com If you need further assistance or technical support about Net LineDancer please fell free to contact below We will be pleased to help you when you find any errors or ambiguities in this manual or any questions regarding them as well Please note that we are closed on weekends national holidays New Year and sum mer holidays in Japanese time We accept e mails for 24 hours but we will only reply on those business hours Thank you for your cooperation LogicVein Inc Technical Support Mail support logicvein com Copyrights LogicVein inc All rights reserved Chapter 5 Miscellaneous In this chapter we describe various tips that help fine tune the interface and the security We also include some features that are not used so often but are sometimes essentials Contents 5 1 Configurations Related to Devices and Operations 188 5 1 1 Mod
26. 203 cisco2600a intra dar co jp 10 0 0 208 C2801 x X X X ae 4 2 CISCO PLUG AND PLAY OPTIONAL 148 4 2 Cisco Plug and Play Optional Cisco Plug and Play PnP formerly known as netLD Zero touch is a feature that deploys configurations into remote devices using Cisco OS Auto Install and Cisco Networking Services CNS feature of the device The name Cisco PnP is named after their characteristics which allow the network devices to be automatically located in a network just like plugging a Plug and Play device into a computer As soon as the device is connected to the network netLD detect it automatically sends an appropriate configuration and backup the device There are three deployment types for Cisco PnP e Template based deployment e Cisco PnP recovery for the identical device e Cisco PnP recovery for the alternative device netLD Cisco PnP distributes the configurations via the following protocols e DHCP Dynamic Host Configuration Protocol e DHCP option 150 Cisco Network Registrar e TFTP Trivial File Transfer Protocol e Cisco Auto Install e Cisco Networking Services CNS Copyrights LogicVein inc All rights reserved 149 CHAPTER 4 ADVANCED TOOLS Figure 4 2 1 Following figure shows the basic flows of Cisco PnP For simplicity DHCP TFTP and netLD servers are displayed separately but actually netLD runs all servers by itself DHCP TERE netLD DHCP Discover DHCP Offer DHCP Request
27. 5 6 Interface EN as Sod o e e e eee oe we oo eH my oe em aw 18 Boy cs Se ce Ge a ee ee ee a a d 78 3 5 9 Live ARP Table lt si24 4046 44 mud phew de ha es 79 Change Menu oc ep ek eee heehee EY AA 79 3 6 1 Command Runner 0000 as 80 3 6 2 Enable or Disable Interfaces 81 3 6 3 Login Banner IN OTDS ocio osos aros EES HG 81 3 6 4 Name Servers Manager 82 3 6 5 NUPRSES co wwe ee ww ee AR AAA 82 3 6 6 Port VLAN Assignment o 83 3 6 7 SNMP Community String 84 Se SNMP Trap Hosts o o coreo Ewe ODS 84 3 6 9 Syslog Hosts lt lt su e sc ec ARA AA 85 3 6 10 IOS Software Distribution 00 4 85 3 6 11 Manage OS Images 2 2 85 3 6 12 NEC WA Software Distribution 87 3 6 13 Retrieve OS Image Files 87 3 6 14 Add Static Route 89 3 6 15 Delete Static Route eee ee 89 Pa IAE ENE 90 Job Management 2 2 a a 92 3 7 1 Creating a New Job 4666 42 e264 eh se eA ms 93 3 1 2 Status Indicators in Job History Subtab 2 99 A i ee we GR ee Se Ae ee ee 100 CONTENTS 3 8 2 Scheduling the Reports 0 000058 106 Oo Pee nw eee ew eR SERRE RE ERE EEE HES 108 3 9 1 Creating a Smart Change Job 109 Ei nw ee we Ew Gm ww EO ww HY ew 116 3 10 1 Various Rule related tabs 0 117 3 10 2 Creating a New Rule
28. A Map Mib Trend Event Menu Cable Modem Trap Sender SS Snmp Y3 14 4 gt Pif Current A History A Custom 1 A Custom 2 A Custom 3 h Custom 4 A Custom 5 A Custom 6 A Cll netLD Diff localhost adn Ly Show historical configurations Select one configuration from each side Cisco2600D fstartup config Date 2011 08 23 10 08 2011 08 23 10 08 Cancel a 4 4 INTEGRATION WITH EXTERNAL NETWORK MANAGEMENT SOFTWARE 182 netLD config diff screen opens if any object is selected If you select two devices configurations comparison screen of the devices shows up Compare gt C1921 running config 2012 06 29 02 48 C3640 running config 2012 06 29 02 48 3 service timestamps log datetime msec 3 service timestamps log datetime msec m 4 no service password encryption 4 no service password encryption 5 5 6 jhostname C1921 6 hostname C3640 7 7 r 8 boot start marker 8 boot start marker 9 boot end marker 9 boot end marker 10 10 11 enable secret 5 1 Pds8SwOMcRPKJUfA3cYvicnyIM1 11 no logging console 12 enable password password 12 enable password lvi 13 13 14 ino aaa new model 14 no aaa new model 15 ip subnet zero 15 16 16 no ipv6 cef 17 ip source route 18 no ip routing 19 no ip cef rr ries CUA ATA eel Elli eC ie 20 17 18 ip cef 19 ip name server 192 168 0 3 spell 3 20 22 21 Ep Removed Modified
29. C2600_6 Cat2500_4 C2500_2 LVL test Serial 00127300 FDO1241X0RF 03923464 JAEO7170Q85S 06930549 06956296 JABO3060AXO 85G015 0145M 01540 00118324 Device Type Switch Switch Router Router Switch Router Router Switch Switch Router le lly gt Device Inventory Tools Change Smart Change kj Reports E Y Results per page 254 vw A A El 3 9 SMART CHANGE 108 Set a trigger with the date and repetition cycle to issue the report Details are described in Sec 3 7 p 92 Trigger Mame Everyday on 12 00pm y Once e Daily Weekly Monthly Cron a DE Recur every day s When a recurrence interval other than 1 is selected the starting day is always based on the 1st of the month Example a recurrence interval of 2 means the schedule will run on the 1st 3rd Sth etc of the month Filter lt No Filter a Save Cancel Finally do not forget to click on the button to save the job Once saved reports are e mailed automatically See Sec 3 7 p 92 for more details about setting the schedules 3 9 Smart Change Smart Change feature is similar to Command Runner Tool Sec 3 6 1 p 80 but allows for the more flexibility It instead runs a command template on which you can customize the unique value of each device For example the IP Address of the devices in a same network is always unique and the Command Runner fails in this case It is because they just r
30. CIDR of the network to discover e g 192 168 0 1 24 IP Address Range Enter 2 IP addresses to specify the address range to discover e g 10 0 0 1 10 0 0 100 Single IP Address Enter an IP address of the single device to discover e g 192 168 0 1 You can also import the range data from a text file CSV Write the discovering addresses or networks in each line Copyrights LogicVein inc All rights reserved ot CHAPTER 3 BASIC TOOLS Descriptions of the other options follows Boundary Networks Enter the boundary network addresses to limit the range of discovery 10 0 0 0 8 172 16 0 0 16 and 192 168 0 0 16 FD00 8 are set by default and if you want to extend the search range add a new address range in this field Crawl the network from the specified addresses Enable this checkbox to re cursively crawl and add the neighboring devices to the inventory Include existing inventory in addresses to crawl Enable this checkbox to en able crawling on the neighbors of the devices that already exist in the inven tory Additional SNMP Community String Enter a community string to give prior use for discovery Finally click on the Run button to start discovery and the devices are added to the inventory Discovery status is going to be show up in the status pane Status Device added Description The device has been successfully discovered and added to the device inventory There was no SNMP re sponse
31. Click on i in Compliance gt Policy tab o e o Compliance a admin Logout Help Policy Rule Sets sp Create X te Device Violation Summary Policy Devices Covered Devices Violating Violating In Compliance All Policies Enter a policy name select the target adapter and configuration then click on the OK button Policy Name IOS Policy Adapter Cisco 105 Configuration frunning config OK Cancel Select Search Enter a search query which selects the target devices In this example enter Cisco in Model filter As a result the violation is checked against only those devices whose name contain a string Cisco Policy IOS Policy Policy IOS Policy Devices Rule Sets Status _ All Devices Search Static list v Interface IP Eos Devices with tags and or Model Cisco Admin IP EoL Version lt v cali Hostname Location MAC Contact Custom 5 Copyrights LogicVein inc All rights reserved 127 CHAPTER 3 BASIC TOOLS This process is the same as that has appeared in Sec 3 7 Job Management Consequently the same characteristics apply to this device selection if you define the target devices via Search then the search is done im each time the policy is checked Click on in Rule Sets subtab in the status pane Policy IOS Policy Policy IOS Policy Devices Rule Sets Status Adapter Cisco IOS Configuration running config R
32. D6 42 E1 N 1 1of1 v 138 Results are based on ARP entries Interface GigabitEthernet1 0 7 Copyrights LogicVein inc All rights reserved Chapter 4 Advanced Tools In this chapter we describe the tools which are required when you need to manage the professional and commercial large remote networks under the high availability constraints and the high maintenance costs that occur when the appropriate tools are not applied Contents AL Terminal Proxy Tab gt lt 2202 04000502300 140 4 1 1 AvailableCommands 004 141 4 1 2 Setup the Terminal Proxy 142 dbo AA caia aa TEA 143 4 1 4 Terminal Proxy Log ooo 2446446 bk nd we ee eo 145 4 1 5 Verifying the Log from Change History 146 4 1 6 Exporting the Log Files 147 4 2 Cisco Plug and Play Optional 148 4 2 1 Requirements for Using Cisco PnP Feature 150 4 2 2 Setting up a DHCP Server 151 4 2 3 Template Based Deployment 156 4 2 4 Importing the Replacement Values in Cisco PnP 161 4 2 5 Cisco PnP Self Recovery 2 005 163 4 2 6 Cisco PnP Specific Device Recovery 165 4 2 7 Distributing Configurations via 3G network and VPN capable Mobile Router 167 4 2 8 Deploying Configurations Prior to Sending the Devices to Each Bage io hee w OS ar daa 169 4 2 9 Deploying a Bootstrap 08 170 4 3 Smart B
33. Edit v Size User GP 2013 09 25 13 00 3140 admin sample confguration file Exporting Drafts Similarly click on the to export the draft into a plain text Deleting Drafts To remove a draft click on the 3 11 DRAFT CONFIGURATION 134 3 11 3 Comparing the Configurations id You can compare the configurations via button The methods for getting the comparison between snapshot to snapshot snapshot to draft and draft to draft are identical For more information see Sec 3 4 5 p 71 Compare A A Select two configurations for comparison and click on LYI Router 10 0 0 250 LVI_Router 10 0 0 250 Last Backup 2013 09 25 10 22 Hle IS A Snapshot Config Timestamp Size User GF 2013 09 25 10 22 frunning config 2013 09 25 10 22 3140 na startup config 2013 09 25 10 22 3140 n a Alan dat 2013 09 25 10 22 660 n a w Draft Configurations 3 3 EF 2 Draft Last Edit v Size User GF sample confguration file 2013 09 25 13 00 3140 admin 3 11 4 Applying a Draft Configuration to a Device Similar to the comparison method applying a draft is almost the same as applying restoring a past configuration snapshot to a device However there is a difference in one point depending on the device Select a draft configuration for a push and click on 1 3 64 87 Y Serial Number FF Draft Last Edit Size User Pu sample confguration file 0130925 13 00 3140 admin i Draft Configurations uw h th
34. Mask Next Hop Interface 0 0 0 0 0 0 0 0 10 0 2 254 10 0 2 0 255 255 255 0 10 0 2 123 GigabitEthernet0 0 10 0 2 12 755 255 255 755 100 217 GigabitEthernet0 0 3 5 4 Ping It sends a ping to the device and shows its response Ping kal DefaultPing 2011 08 24 14 08 Device Bytes TIL 10 0 0 209 32 254 Pinging 10 0 0 20 with 32 bytes of data Peply from 10 0 0 209 bytes 3Z2 time 4ms Peply from 10 0 0 209 bytes 532 time ms Reply from 10 0 0 209 bytes 532 time gt 3ms Ping statistics for 10 0 0 209 5 i Hal pa Find Next Min ms Avg ms Max ms Stddev ms Pkt Loss 55 2 3 4 MA MES aie TTL 254 TTL 254 TTL 254 Packets Sent 3 Peceived 3 Lost O 0 lossi Approximate round trip times in milli seconds Minimum ms Maximum dms Average mes Copyrights LogicVein inc All rights reserved i CHAPTER 8 BASIC TOOLS 3 5 5 SNMP System Info It shows the SNMP system information of the devices SNMP System Info ea Default SNMP System Info 2011 08 19 12 11 5 665 Find Next Device System Description System UpTime System Cont System Name System Locatii 10 0 2 26 Cisco 105 Software C2600 Software C2600 IPBASE M Version 7 days 02 44 33 95 26006 10 0 2 252 55G5 Serial version 6 2 0r5 0 5N 0162122010000596 Firewall 13 days 20 33 07 00 5595 af 10 0 2 233 Cisco Internetwork Operating System Software 27 days 23 15 23 33 Cisco2600D 10 0 2 20 Cisco Int
35. Report Copyrights LogicVein inc All rights reserved 107 CHAPTER 8 BASIC TOOLS A new tab opens in the status pane In the Email Notification subtab select the report format out of HTML and PDF Enter the recipients in To and Cc fields You need to setup an SMTP server to make this feature work See Sec 5 2 3 for details Scheduled Inventory Report 3 Email Notification Format a HTML U Adobe Acrobat PDF Devices f Schedule To logicvein lvi co jp Cc netLD_support lvi co jp Using the tab switching technique described previously in Sec 3 7 p 92 add the devices to the Devices subtab in the status pane Devices lt oe clear search basic search Z IP Address HW Vendor 10 0 3 253 Fujitsu 10 0 3 250 Cisco O 10 03 15 Cisco 1003 6 Cisco 10034 Cisco 1003 2 Cisco 10031 Cisco 10 0 2 50 Alaxala 10 0 2 30 Extreme 100 214 Fujitsu C 4 1 24 of 24 v Compare Scheduled Inventory Report gt gt Email Notification 3 Devices Schedule y All Devices Search e Static list IP Address 10 0 3 6 10 0 3 4 10 0 3 2 10 0 3 1 Add selected from device view search Remove Hostname SR S224TC2 Fujitsu 3560 C2500_LVI C2600_6 Cat2500_4 C2500_2 LVL test AX24305 Summit48i Si R80brin Model SR 5224TC2 WS C3560 24TS S CISCO2500 CISCO2611XM 2FE CISCO2500 CISCO2524 CISCO2611 AX24305 24T Summit48i Si R80brin v Hostname
36. Server optional Add DHCP Pool Cancel Description Enter the name of a newly created DHCP pool Enter the range of IP addresses in which DHCP Relay servers are running The IP address range to deploy the configuration The subnet mask for the IP address range The gateway address of the device that netLD should use netLD executes deployment through the gateway of DHCP relay agent if this option is not specified An IP address of the DNS server used for the name resolution of the server The boxes are filled in Click on the OK button Add DHCP Pool Pool Name Default Relay Server IDR 192 168 0 0 f 18 Address Range 192 168 1 1 192 168 1 100 Subnet Mask 255 255 255 0 Overrides Gateway DNS Server LOK cancel Copyrights LogicVein inc All rights reserved 153 CHAPTER 4 ADVANCED TOOLS After that there should be a new DHCP pool entry in the table Server Settings Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update PnP Type e Plug and play Cisco CNS al Tt F PnP Protocol HTTP SSL TLS Settings CISCO PnP Server auto 7 w Enable PnP Debugging Optional Authentication Parameters Username Password Mobile PIN Address Pools iv Enable DHCP Server Address Pool Relay Server ae Leas
37. Voila Now the netLD login screen should be displayed For security reasons whenever you log in to netLD you must provide a username and the password The username and the password for the initial login are shown below Username admin Password password Figure 1 4 1 The login screen Figure 1 4 2 Enter the default passwords If you are using the free trial version the evaluation license expires in 30 days after the first login Similarly if you have authenticated the license via a license file it expires in 30 days after the date issued In order to upgrade from the free version to the full version you have to add a license file Sec 5 4 2 IMPORTANT please change the admin password later for more security When you cannot change the password immediately disconnect the machine from the network at least However it still allows the attackers to sneak into the system using viruses sent via devises such as USB flash drives The instruction is given later in the manual Sec 3 2 but we also describe it briefly now after the login click on the Settings in the upper right corner of the screen go to Users section double click on the user admin and then modify its password Copyrights LogicVein inc All rights reserved 17 CHAPTER 1 TUTORIAL 1 5 Initial configuration In order to gather the configuration data of the network devices in your network netLD needs to know how to access those de
38. admin Logout Help Device User Session Date Past 7 days v AAA Text Client e Export Device IP Address Device Hostname Make Model Protocol User Client IP Address Session Start v Session End E 10 0 2 29 C2500c Cisco CISCO2500 Telnet Operator 192 168 0 94 2012 07 04 09 36 2012 07 04 09 37 E 10 0 0 250 C1841 Cisco CISCO1841 Telnet admin 192 168 0 94 2012 07 04 09 33 2012 07 04 09 35 E 10 0 2 29 Cisco2500C Cisco CISCO2500 Telnet admin 192 168 0 94 2012 07 04 09 32 2012 07 04 09 33 k Ea Cae e Cisco2500C 10 0 2 29 Terminal Log Cisco2500C 10 0 2 29 2012 07 04 09 32 57 09 33 22 25 seconds x 1 Welcome to LVI network v User Access Verification Password Cisco2500C gt enable Password Cisco2500C config t Enter configuration commands one per line End with CNTL Z 10 Cisco2500C config hostname C2500c 11 C2500c config exit 12 C2500c exit oo Ih wu amp WwW A La A 14 Menu Items Description Device IP Address Device IP address you logged in Device Hostname Hostname you logged in Make Model Make Model you logged in Protocol Protocol used User Login User Client IP Address IP address of original client login Session Start Time of Session Start Session End Time of Session End 41 TERMINAL PROXY TAB In terminal log there are five kinds of searches available Search Device Text User L Client IP Session date Description ogin user of netLD IP address and ho
39. automatically Specify your internet activation serial or the location of your license file If you have neither hit enter to skip Activation Serial or License File path to license enc Net LineDancer enabling redirection of FTP TFTP and HTTPS ports to host centos virtual Starting Net LineDancer Open the browser and access https localhost If your installation is successful and the server starts without error it would show the uncertified SSL warnings described in the next section 1 2 INSTALLING NETLD 14 When you run into trouble If you are using the virtualization software such as VirtualBox or VMware and run netLD in the guest OS you have to pay the special attention on how the network device on the guest OS is emulated If you match this situation and you have trouble running netLD below method might work for you e First of all take a memo of your local IP address for example 192 168 0 78 e Ona browser try accessing the IP address 192 168 0 78 instead of localhost e If this does not work see the log file The log file is located in usr share netld which is also the instal lation path Below the directory you will see netLD log vials usr share netla Look into the log file and see the warning messages via less netLD log If you find java net UnknownHostException XXXX XXXX name or service unknown or similar error messages this is an system dependent problem x In this
40. case you have to resolve the name XXXX via etc hosts file or via DNS x Let XXXX be centos virtual for example This is usually the hostname of your machine available via hostname command on the terminal x Add the following line to the etc hosts lt real host IP address gt centos virtual If it is not the case for you or it does not solve the problem or if you are still in trouble contact support logicvein com with the above log file attached Our professional support team is ready to fix things Copyrights LogicVein inc All rights reserved 15 CHAPTER 1 TUTORIAL 1 3 Accessing the netLD Instance Now that the installation is complete the netLD server is automatically running in the background and you can access its GUI To do so open a web browser and enter https localhost in the address bar then hit Enter If you are running netLD on a different machine than that you are trying to access it on then replace localhost with the machine s IP address The program is running as a standard HTTP server and the default access port is 80 but this can be modified later If you are running a modern browser it complains that you are trying to access an insecure website However clearly this website is your own local web server you do not have to worry that it could be any malicious website The browser in this example is Mozilla Firefox and you should click on Add exception The similar interface is provided in Microsof
41. configuration 5 2 CONFIGURATIONS AVAILABLE IN SETTINGS WINDOW 196 Figure 5 2 1 Data Retention settings menu Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Server Settings Delete expired data weekly at this time Monday v els 00 y Duration to keep configuration history Forever v Duration to keep terminal proxy history 3 Months v Duration to keep job execution history 3 Months v Figure 5 2 2 System Backup settings menu Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Server Settings v Enable daily system backup Perform the system backup daily at this time 7 00 Number of backups to keep 7 v Backup directory backups Perform System Backup Now System backup last performed 2014 07 10 07 00 hana Semone Copyrights LogicVein inc All rights reserved 197 CHAPTER 5 MISCELLANEOUS Restoring the Backup Data Note that there is no compatibility of the saved data between the different versions of netLD This is usually not a problem because when netLD is upgraded to a new version and it has some backup data they are automatically migrated
42. configurations Launch a URL OJO O O O O O 0O 0 00 OOO OO O JO O JOJO O JO O OO O O O O O O O O Device IP Adapter map Delete the device O Associate tags O O O Dissociate tags O O O O EEG VLVA 4 J4LdVHO paeATOSal SIS TY urur syystsAdoy Jobs Open Results Compare Results Open Job Delete Job Run Now New Job Terminal Proxy Log in Auto log in Search Configuration Search Switch Port Search ARP Search Compliance R compliance R W rules R W policies Cisco PnP Configurations Templates History Settings DHCP Server 1 1 1 1 2 2 3 41 5 6 718 8 1 9 9 1 10 10 1 10 2 11 11 1 12 13 13 1 14 14 1 15 16 17 18 19 20 21 22 22 1 23 O O IESO OO Os Or O O RON Roe Es OO OOOO SATOd NI FIA VIMDIANOO SNOISSINAHA EL VEG 239 CHAPTER 7 DATA 7 4 Compliance Rules Provided by Default These are the complete set of rules provided by default e JOS Interface Auto Duplex Speed Violation if interface settings include followings no ip address Stop on match x shutdown command Stop on match x duplex auto Violation if not matched speed auto Violation if not matched IOS Secure Enable Passwords Violation if not matched Service password encryption enable secret Violation if not matched IOS Telnet Restricted Access Violation if line vty setting x access class Violation if no variables matched IOS SSH only Restricted A
43. diles di discard Finger is also on by default and should be disabled IOS Disabled Unneeded Services Cisco IOS running config IOS Session Idle Timeout Cisco IOS running config 3 10 COMPLIANCE 118 Rules Subtab double clicking each Rule Set shows a new tab in the status pane In the new tab following subtabs exist Figure 3 10 2 Rules subtab in status pane contains some rules and provides an interface to modify them Rule Set IOS Interface Auto Duplex Speed Rule Set IOS Interface Auto Duplex Speed v General Rules Violation Message Interface Interface Name is not configured for auto duple select a test config Start interface Interface Name End Match Expression Action no ip address Stop on match shutdown Stop on match duplex auto Violation if not matched speed auto Violation if not matched v Variable Type Restriction Interface Name Text Ethernet The items here have the following functions Violation Message The warning message to be seen when a violation is detected Start End This is available only when Apply to blocks rule is selected If ac tivated the beginning and the end of the block are searched with pattern matching and the violation check is applied only within that block For example the expression below limits the violation check only to the specific part of the configuration that matches it Corresponding code snippets are shown in Fig 3 10 3 e Example Start
44. down key to read the rest of the agreement and click on the Agree to continue Met LineDancer Enterprise Setup mel x License Agreement Please review the license terms before installing Met LineDancer Enterprise y Press Page Down to see the rest of the agreement tooodo l MET LINEDANCER LICENSE AGREEMENT SEER EEE EE OE OE OEE EE EE EE EE RERE EEE EOE OE OE OE EE EOE CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT THE SOFTWARE PROVIDED WITH THIS AGREEMENT THE SOFTWARE IS LICENSED AND ITS USE 15 SUBJECT TO THE TERMS AND CONDITIONS BELOW IF YOU DO WOT AGREE TO THE TERMS OF THIS AGREEMENT PROMPTLY RETURN THE SOFTWARE AND DOCUMENTATION AND YOU WILL BE OFFERED 4 REFUND BASED ON YOUR ORIGINAL PAYMENT TF vou accept the terms of the agreement click 1 Agree bo continue You must accept the agreement to install Net Lin Dancer Enterprise Mullsoft Install System v2 45 lt Back Cancel Specify the install directory by clicking Browse button Click on the Next button to continue Met LineDancer Enterprise Setup hal x Choose Install Location Choose the Folder in which to install Met LineDancer Enterprise 4 Setup will install Wet Linebancer Enterprise in the Following Folder To install in a different Folder click Browse and select another folder Click Next to continue Destination Folder C Program Files Wet LineDancer Browse Space required 176 7MB Space available 6 96 Nullsoft Install S
45. draft configu ration for the device Click on a configuration snapshot to copy from and then click on 2 3100 192 168 0 245 LYI Router 10 0 0 250 ccc 192 168 0 248 gt ccc 192 168 0 248 General Compliance Hardware Interfaces ARP PAA Last Backup 2013 09 25 10 22 St Timesta Size User 1 caia 2013 09 25 10 22 frunning config 2013 09 25 10 22 3424 nia SCarlup conhg I f PF lt 4 na Man dat 2013 09 25 10 22 916 na Make Cisco Device Type Switch Enter the name for the draft configuration and click on the OK button Configuration Draft Draft name sample config OK cancel 3 11 DRAFT CONFIGURATION 132 To modify a draft configuration double click on the entry 53100 192 168 0 245 LYI Router 10 0 0 250 coc 192 168 0 248 ccc 192 168 0 248 Last Backup 2013 09 25 10 22 El Ed El E Ei Snapshot Contig Timestamp Size User 2013709725 10 22 frunning contig 201309725 10 22 3424 n a fstartup contig 2015 09 25 10 22 3424 nya Alandat 2013 09 25 10 22 916 n a Draft Configurations 3 18 3 EP S Draft Last Edit Size User a sample cantig 2013 09 25 11 58 3424 admin Edit the configuration When finished save the configuration via version 12 4 version 12 4 service timestamps debug datetime msec Service timestamps debug datetime msec Service timestamps log datetime msec Service timestamps log datetime msec no service password encryption no service passwor
46. feature allows you to manage the multiple separate remote networks from a single netLD server Assume you are managing the devices in the corporation networks of your customers and those local networks do not share the local IP namespace Without SB you had to set up a new netLD server in each networks but now you can manage those network via a single terminal Figure 4 3 1 Smart Bridge concept Y oN 4 4 SSL g SSL https n 4 https gt Operators ER g Customer 2 S O Smart Brides D E i S C 3 J ustomer a s Pee eee eee eee PEPE eee O Smart Bridge L In Sec 2 5 we described the concepts of Networks as a special terms for a device grouping method in netLD do not confuse with network groups described in Sec 3 1 The default network is named as Default while you can name the other networks as you like You can also assign privileges to users on those networks Each SB managed remote network is added to the list of networks and devices in the remote networks are treated as a member of corresponding networks You can manage those devices by simply switching to that network through the drop down menu in the global menu in the top left corner When you switch to a certain network the graphical interface is identical to what it used to be which means any operations described until now is also available in those remote networks including credentials access controls Sec 2 4 a
47. inventory as Excel file Export inventory with configurations as ZIP file Save inventory import Excel template Import update inventory from Excel file Manage pa Device Tags e Run Startup Wizard 3 8 TOOLS FOR DEVICES 56 3 3 2 Discover New Devices Device Discovery is a wonderful tool as long as your devices follow the conditions described in Fig 3 3 1 During the discovery netLD first asks each device in the given IP address range if they made their ports open to netLD so that netLD can make a connection Ifthe answer was positive it makes the device send an SNMP packet to the netLD host server The device is then added to the Device View with the SNMP information To run the Discovery open Discover new devices and follow the instruction below Specify all IP addresses or ranges to discover Enter the IP ranges in corresponding menu and click on Added elements are listed in the box located at the bottom of the menu Discover Devices Specify the networks and addresses that you would like to discover Boundary Networks 10 0 0 0 8 172 16 0 0 16 192 168 0 0 16 FD0OO 8 ee _ Crawl the network from the specified addresses IP Address Range Single IP Address IP Address Import from CSV 192 168 0 0 24 5 10 0 0 10 10 0 0 30 44 10 2 200 5 Additional SNMP Community String Run Cancel Menu Items Example and Description IP Address CIDR Enter IP address
48. list SNMP Trap Host Host 10 0 0 1 i dk Port 162 SNMP Community String public Version T OK Cancel Confirm the receiver is correctly listed in the receivers list and click on the OK button to save the change Data Retention send traps when System Backup device configuration changes are detected Mail Server Cd devices are added and deleted SNMP Traps y a backup fails Users _ the compliance status of a device changes Roles Trap receivers External Authentication Community Host Port Version Custom Device Fields z y public 10 0 0 1 162 2c Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Copyrights LogicVein inc All rights reserved 185 CHAPTER 4 ADVANCED TOOLS 4 5 Real time Change Detection netLD is able to detect the configuration changes made outside of netLD and perform a backup in real time The change is notified from the device via syslog message Figure 4 5 1 Operation Model of Real time Change Detection Device s configuration has been changed eee a 2 Device sends SYSLOG to nal D 3 natl D backups the device s configuration 4 netLO 4 naL D checks if any change in configuration exists 4 natLD sends a trap to NMS IP Address Configuration File Name 4 5 1 Configuring your devices In order to activate this feature you have to add your netLD
49. mer holidays in Japanese time We accept e mails for 24 hours but we will only reply on those business hours Thank you for your cooperation LogicVein Inc Technical Support Mail support logicvein com 221 6 1 DEVICES ARE NOT SUCCESSFULLY DISCOVERED NOR ADDED TO THE DEVICE LIST a7 6 1 Devices are not successfully discovered nor added to the device list Confirm the followings 1 SNMP is enabled on each device 2 SNMP community name of the device is consistent with that of the registered element in the netLD inventory 3 No firewall or antivirus software shuts the PING SNMP access from netLD See Also Sec 3 3 1 Adding devices 6 2 Backup Fails Please follow the instruction below precisely 1 Confirm again the credential information set in netLD username password community names etc matches the configurations in the device 2 Confirm again the protocols enabled for the device in netLD are also enabled on the device 3 Confirm again firewall antivirus software does not block the required ports 4 Confirm again NO TWO network groups share the same IP address 5 Confirm the cable connection again If the backup still fails after all these efforts get the log files by performing steps in Adapter Logging Sec 5 3 3 p 207 and send it to our technical support supportQlogicvein com Thank you for your patience See Also Sec 2 3 p 31 Credentials Network Groups Protocols Sec 3
50. only the systems with rpm are supported These are for example Fedora Cent OS6 RedHat and so on If the system supports up2date or yun the install dependencies are resolved automatically If you find your system does not have those package managers please contact support logicvein com Note that you also have to set up the network connection in order to get the dependent packages from the remote rpm repositories We provide a self containing installation binary named as net1d 2013 08 0 x86_64 bin which may differ depending on the version Before the installation make sure the binary has the executable flag on chmod x netld 2013 08 0 x86_64 bin If you have the superuser password login as root and type as follows Below means you are logged in as a regular user and means you are now a superuser su Password sh netld 2013 08 0 x86_64 bin then the installation starts Alternatively if your system has sudo installed and you are one of sudoers then you can also type sudo sh netld 2013 08 0 x86_64 bin You will see the package manager downloads the dependent packages via the Internet java version 1 7 0_55 Loaded plugins fastestmirror refresh packagekit security 1 2 INSTALLING NETLD 12 Loading mirror speeds from cached hostfile base www ftp ne jp extras www ftp ne jp updates ftp nara wide ad jp setting up Install Process Package Arch Version Repository Size Installing netld x86_
51. relevance at all Rather Networks are often closely tied to the Smart Bridge SB feature Using SB remote local networks with independent IP space can also be represented as a network For example it can manage the remote LANs in a different floors and buildings in just the same way as managing the normal inventory You can assign the access permission to each user i e you can control which sets of network devices they can read and write This is available in the Users section in the Settings window Details about Networks and Smart Bridge is described in Sec 4 3 2 6 Service Management netLD consists of two parts the server program running in the background and the web based GUI In order to access the GUI you first have to launch the server program net LD service starts automatically just after the installation Also it is launched every time after the system boot You can start or stop the service manually either by clicking on the netLD icon in Windows Task Bar or via Service Manager netLD service must be restarted in the following cases When IP address of the netLD server was changed manually e When new device adapters was added manually When backed up files was restored manually When license file was renewed manually When its program was upgraded On Linux systems NetLD daemon Linux counterpart of windows service can be started stopped via service start netldand service stop netld For deta
52. results found 1005 trnet default Run a neighbor collection job to check for new data 4 1 40f4 bh Results per page 100 w Copyrights LogicVein inc All rights reserved v1 CHAPTER 8 BASIC TOOLS 3 4 5 Comparing the configurations There are two style of comparison available comparison among devices or along the history the timeline If you compare the configurations of two devices in the different or the same timestamp then you should initially select two devices Oth erwise you compare the configurations of single device at the different timestamps and you should select one device in this case While selecting the device s to compare click on the Device gt Compare con figurations or in the right click menu Access this feature via the tools menu Search IP Hostname IP Address 10 0 0 211 10 0 0 212 10 0 0 213 10 0 0 250 10 0 0 253 A nnna 4 Hostname J2320 Fastlron 5120 LwI_ Router HP_Ivi eeat advanced search HW Yendor H3C Cisco Model 5120 26P SI cIscO1641 gt Device g4Inventory GTools Backup Collect neighbor data ES Compare Configurations Edit ka Edit device properties YD Associate tags Serial 210235442DB104000005 FHK142172C3 Alternatively access the feature using the right click menu 10 0 0 213 10 0 0 250 6 10 0 0 253 6 10 0 2 1 6 10 0 2 2 10 0 2 3 5120 LVIRouter HP_lvi 55g5 IX2025 RTX1
53. sams wana tee ooo amp x 18 Pie TU Oe oe go bas ras ar a a 78 3 5 9 Live ARP Table 26 see cee aes esa 79 3 0 Change Memi i oe ete bd OS SERED EO ee ess 79 3 6 1 Command Runner gt gt sa sesa rse serso 80 3 6 2 Enable or Disable Interfaces 81 3 6 3 Login Banner MOTD 81 3 6 4 Name Servers Manager 82 200 NIP Servers oo cuerda ARA 82 3 6 6 Port VLAN Assignment 0 83 3 6 7 SNMP Community String 4 84 3 6 8 SNMP Trap Hosts 2 2 6 624 4464S oe ee He 84 3 6 9 Syslog Hosts sn caw ee S ee Se PR Rew ee HE em 85 3 6 10 IOS Software Distribution 85 3 6 11 Manage OS Images 0 85 3 6 12 NEC WA Software Distribution 87 3 6 13 Retrieve OS Image Files 87 3 6 14 Add Static Route 2444 Gee ue eee eee Gio awe 89 3 6 15 Delete Static Route 0 20008 89 Oe Bee nk eee oo eS ee ee we ere 90 3 7 Job Management s s sss e e e e e eo eeo eooo 92 Mink Creams a New JOD cos serena AA 93 3 1 2 Status Indicators in Job History Subtab 99 lt 7 Sg a a a a a a E E ee ae ee a 100 3 8 1 Issuing a Report Manually 105 3 8 2 Scheduling the Reports 106 3 9 Smart Change lt lt eee REE REE ERE Oe HES 108 3 9 1 Creating a Smart Change Job 109 3 10 Comphance RETINA 116 3 10 1 Various Rule related tabs
54. server to the device configuration as a syslog recipient The feature is not available on some devices depending on the vendor and the model of the device Also we provide only a lim ited instruction to the syslog configuration because the syntax in the configuration varies among vendors Please contact the device vendors for further assistance Note that if there is another syslog server in your network it might interfere the logging command sent to netLD server Contact LogicVein Technical Support for more details for locating an external syslog server Also if your devices are not able to emit syslog messages you have to set up a syslog server manually and independently In this case too please contact us through support logicvein com Now following examples show the syslog configuration on Cisco and Yamaha devices where The IP address of netLD server is 192 168 0 10 4 0 REAL TIME CHANGE DETECTION 186 Cisco 2500 Router configure terminal Router config logging 192 168 0 10 Router config logging on Router config exit Yamaha RT107 Yamaha syslog host 192 168 0 10 Yamaha syslog info on Yamaha save 4 5 2 Operation Check Check netLD server log real time events to test operations of this feature netLD Server log files are saved in netLD install directory with a name netLD log When a change is detected the following entry is added 10 35 57 RealtimeProvider Jetty 1 INFO Added device 10 0 0
55. simply click on Device Backup without selecting any device If you want to backup certain devices only select the devices prior to clicking the button Alternatively you can run the backup via the right click menu which shows up when you select the devices and right click the selected entries on the Device View Figure 3 4 1 Via the menu button Device Ex Inventory GbToo Y Backup So Collect neighbor data a Edit Once the backup is successfully performed the information in Device View Inventory is updated Copyrights LogicVein inc All rights reserved 65 CHAPTER 3 BASIC TOOLS 3 4 1 Status Summary Status icons in status pane show the status of the last backup performed Each icon means the following Status Description Available Action in Status Sum mery Successes w Changes The backup was successful and more than one change was found in the configuration O Success w o Changes The backup was successful but there is no change in the config uration from the last backup O Invalid Credentials The icon indicates that the backup was inhibited during the authentication which means the registered credential set was in correct If you click on the row the error log shows up in the bot tom If you double click on the icon then the Credentials dialog shows up which is identical to what you find in Inventory gt Credentials and you can check the current credential informa tion ov Fail
56. that netLD is locatable you have to set DHCP relay on the relaying device and send DHCP requests to netLD 9 Copyrights LogicVein inc All rights reserved Lol CHAPTER 4 ADVANCED TOOLS 4 2 2 Setting up a DHCP Server To use netLD DHCP server in netLD later than version 14 06 open Settings win dow and go to Cisco Plug and Play section This is Cisco Plug and Play section in Settings window Click on Li to add a new DHCP pool Server Settings Data Retention PnP Type e Plug and play Cisco CNS o PnP Protocol HTTP Mail Server PEE PnP Server auto SNMP Traps m Users iw Enable PnP Debugging Roles Optional Authentication Parameters External Authentication m Username Password Custom Device Fields Memo Templates Mobile PIN Launchers Smart Bridges Address Pools Networks Network Servers iw Enable DHCP Server Address Pool Relay Server gP J Fou Cisco Plug and Play Lease Tm Bo Pefault dl Software Update A OK Cancel Menu Items Description Enable DHCP Server Enable this checkbox to use the DHCP server fea ture in netLD Select the lease time from the dropdown list either 9 or 10 minutes Lease Time 4 2 CISCO PLUG AND PLAY OPTIONAL Enter the required information 152 Pool Name Relay Server CIDR Address Range Subnet Mask Overrides Gateway DNS Server Menu Items Pool Name Relay Server CIDR Address Range Subnet Mask Gateway optional DNS
57. the elements in the upper pane into the list in the lower pane while you are configuring a feature in the other tab in the upper pane This technique is called Tab Switching Technique and described in Creating a New Job section Sec 3 7 1 29 2 1 BASIC CONTROLS AND UI ELEMENTS 26 2 1 2 Menu and Submenu Fig 2 1 1 also shows the global menu and the tools menu Tools menu is a menu in the Devices Tab highlighted in light blue The global menu is highlighted in brown as well You can access the Server Settings Window or just settings window and SO On Fig 2 1 2 shows how a menu is composed If you click on the each item of the menu then a submenu will pop up submeny may contain several sections which works as separators Finally there are several items between sections separators In this manual we indicate a menu item A in submenu B by B A We use the similar notation if the element is located in section C e g B gt CA 2 1 3 Subtabs and Subpane In the previous figure Fig 2 1 1 you would notice that the lower pane is again divided vertically In Fig 2 1 3 this is called Subpanes Also one of the subpane in the right has its own tabs and we refer to it as just tabs or sometimes subtabs when we have to clarify 2 1 4 Window Windows are the UI elements that individually pops up in the browser Small windows are also called dialogs The most common windows appear in this manual is the Server Setti
58. those networks and operations The complete list of configurable permissions can be found in Sec 7 3 P 232 User experience Role s 0 yr backup only 2 yrs backup amp schedule in Network A 5 yrs backup schedule modify in Networks A B 1 15 yrs all features Configuration on the users and the roles can be done primarily on the settings window Figure 2 4 1 Roles section in Settings window Server Settings Data Retention Administrator Add a role System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update OK Cancel In the factory configuration only the Administrator role is available and there is only one user named admin with the password set to password For the better security users are highly recommended to change this password Also when multiple operators manage the devices adding some roles and setting a correct permission is preferable Copyrights LogicVein inc All rights reserved 30 CHAPTER 2 NETLD BASICS 2 5 Networks Network in netLD is a way to partition and manage the large inventory Each Net work has its own inventory credentials and protocols Users can create networks and switch between networks as long as they have the permission to access these networks This is different from Network Groups they have no
59. to the new version The problem occurs when you move or store the saved data manually One such situation is when you want to migrate the settings to the new machine In this case you should be careful about the compatibility To migrate the setting data manually follow the instruction below 1 Stop the running netLD service in the new and the old servers 2 Copy derby and lucene and pgsql after version 14 06 subdirectories cf Sec 7 2 p 231 from the old server and save them into the netLD install directory of the new server 3 Start netLD service in the new server 5 2 3 Mail Server You can set an SMTP server to allow netLD to send E mails Following configu rations are available 5 2 CONFIGURATIONS AVAILABLE IN SETTINGS WINDOW 198 Figure 5 2 3 Mail Server section in settings window Server Settings Data Retention Mail server hostname or IP address System Backup mail see iii From email address SNMP Traps netLDOlvi co j Users Roles From name External Authentication netLD jel An _ Server requires authentication Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update oK Cancel SSS lo Menu Items Description Mail server hostname or IP address From email address From name Server requires authentication Mail server username Mail server password The mail server by hostname or IP address The sender email address The send
60. usec FastEthernet0 1 is up line protocol is up Hardware is AmdFE address is 000c cec6 eael bia 000c cec6 eael Internet address is 10 0 1 1 24 In the case above since none of the interfaces are loopback interfaces netLD jumps to 6 and sends a ping to 10 0 0 216 first If the device responds it takes it as a management address Otherwise it sends a ping to 10 0 1 1 If 10 0 1 1 does not respond it means that the IP address has disappeared completely in the network Please review the SNMP settings and other configurations on the device by connecting to the device directly e g via the serial port 6 4 IS IT POSSIBLE TO UPGRADE THE FIRMWARES OF OUR DEVICES AT ONCE 224 6 4 Isit possible to upgrade the firmwares of our devices at once Yes Use Command Runner tool Sec 3 6 1 p 80 to run the command for upgrading the firmware on the target devices For Cisco devices Change gt IOS Software Distribution Sec 3 6 10 p 85 is convenient Note that FTP and TFTP servers are required For Cisco devices Change gt IOS Software Distribution 105 Software Distribution selecil an IOS image file to push o m Destination flash location flash Optional Destination flash directory Destination flash partition _ Remove the existing image from flash _ Boot from the new image _ Reload after image push Minimum DRAM in Kilobytes from CCO _ Perform backup after tool completes Execute Cancel For other devices C
61. weekends national holidays New Year and summer holidays in Japanese time We accept e mails for 24 hours but we will only reply on those business hours Thank you for your cooperation LogicVein Inc Technical Support Mail support logicvein com Copyrights LogicVein inc All rights reserved Chapter 2 netLD Basics In this chapter we define the several basic concepts and names that are used among this manual from just the terms of UI elements to the concepts that generalizes the differences between the devices Descriptions in this manual depend on the definitions in this section but since most of them follow the usual conventions knowledgeable users can safely ignore this section partly or completely 2 1 Basic controls and UI elements In this section we define the names of the various UI elements in brief 2 1 1 Panes Panes are the divided parts of the entire area of the browser Horizontal and vertical division is possible and the things in both sides are called so Fig 2 1 1 shows an example of the common netLD web based GUI The most frequently used panes are the main pane and the status pane One of those panes can be hidden via the small triangle buttons in the middle Both panes have multiple tabs Please keep in mind that they are independent Therefore you can keep show ing the lower status pane as it is while you switch the main pane to another tab This helps the multitasking e g adding
62. you specify the IP address by range Dynamic or by entering the IP address directly or from the spreadsheet Static In most cases Dynamic method is better for the new users Hew Network Group Dynamic Credentials by CIDR Range Wildcard e g 192 166 1 0 24 172 16 0 1 172 16 0 10 10 0 0 _ Static Credentials by specific IP address e g 192 168 1 1 OK Cancel PEE ee 3Clicking on the above icons will change the current tab in Startup Wizard so you can go back and forth at any time in this Startup Wizard This allows you to for instance go back to Add Devices section and run the discovery again If the devices are not detected correctly then you can repeatedly add the credential information and try the discovery Similarly you can add the credential information try the backup discover more devices add the credential information looping These cycles iteratively improve the information accuracy and the completeness in the database Note that during discovery and backup the device configurations are not modified and it is safe to run these operations again and again i 1 5 INITIAL CONFIGURATION Enter the login information to each devices iri gt a Add Devices Credentials Yalidate Backup Setup Schedules add another network grou Ww Network Group Logic ein ES 192 168 0 0 24 Add address IP CIDR Wildcard or Rangel 10 0 0 0 24 y Ead Credentials WTY Username Iwi Mew Credent
63. 1 p 42 Credentials Sec 2 3 2 p 33 Protocols Sec 5 3 3 p 207 Adapter Log ging Copyrights LogicVein inc All rights reserved 223 CHAPTER 6 FAQ 6 3 The wrong 1P address is displayed during the discovery netLD choose one IP address if the device has multiple addresses Therefore the detected address may be different than the one you expected Io use the other address for the device add the device manually by using Inventory gt Add New Device During the discovery it uses the following algorithm to guess the management IP address 1 Runs show interface command on each device and gets the response 2 Reads the result from the top and search for the interface description Once it finds an interface it checks if it is a software loopback If yes it also reads the IP address written in the result 3 Sends a ping to that address 4 If the device responds netLD selects the IP address as a management ad dress End the algorithm 5 If the device does not respond netLD goes back to 2 to try another address 6 If none of the address responds then pings to the non loopback interfaces similar to 3 5 and selects the first IP address that responds An example of a result of running show Interface command on a device FastEthernet0 0 is up line protocol is up Hardware is AmdFE address is 000c cec6 eae0 bia 000c cec6 eael Internet address is 10 0 0 216 24 MTU 1500 bytes BW 100000 Kbit DLY 100
64. 1 08 24 17 40 E Find Mext Device Resolwed Name 10 0 0 208 c2801 intra lvi co jp A 10 0 0 254 A 10 0 2 254 Copyrights LogicVein inc All rights reserved 19 CHAPTER 8 BASIC TOOLS 3 5 2 IOS Show Commands It runs IOS Show commands on the device and shows the results In the list there are several commands you run Note that this operation is available only on devices that are Cisco IOS compatible Select which command to run on the device Then click on the Execute button PERL ELHHEHLE ECE E An example Commands 10S Show Commands Default TOS Show Commands 2011 08 19 12 05 Device 100 212 10 0 2 23 show arp Protocol Address 10 0 10 0 10 0 Internet Internet Rh Ri Ri i i i Internet 105 Show Commands show access lists show arp show cdp show flash show interfaces show spanning tree show version show ip arp show ip bgp show ip eigrp neighbors show ip ospf show ip route show ip vrf AAA selected devices with the OS Show of running show arp on the E FA ER E Find Next Ue Age min Hardware Addr Type Interface 5 3ce5 a67 e67d ARPA GigabitEtherneto o e05f b9ba 4d60 ARPA CigabitEtherneto o O 1c17 d365 3b6f BARPA GigebitEthernet 0 3 5 TOOLS MENU 16 3 5 3 IP Routing Table It shows the routing information of the device IP Routing Table gt eA Default IP Routing Table 2011 08 19 12 09 10 0 2 12 Find Next Destination
65. 10 0 2 1 Ivi 10 0 2 14 admin 10 0 3 14 tech 10 0 3 252 admin 10 0 3 253 admin 10 0 3 254 Ivi 192 168 0 196 root 192 168 20 253 4 1 12 of 12 gt lana la 3 1 3 Import from an Excel spreadsheet In the Static strategy you can also import the credentials from a spreadsheet instead of setting them manually During the Static setting strategy described in the previous section follow the instruction below Click on the and then select Save empty static credentials Excel Template Network Groups lwi_st Default lvi_dy Credential Find a CA AS IP Address Se Ena Import static credentials from Excel 10 0 0 111 E Save empty static credentials Excel Template 10 0 0 211 Ivi 10 0 0 253 user_tech 10 0 0 254 10 0 2 1 Ivi 10 0 2 114 admin 10 0 3 114 tech 10 0 3 252 admin 10 0 3 253 admin 10 0 3 254 Ivi 192 168 0 196 root 192163 20 253 4 1 120f12 gt OK Cancel Copyrights LogicVein inc All rights reserved 49 CHAPTER 3 BASIC TOOLS Open the exported spreadsheet and enter the device IPs and the corresponding credential information accordingly Once you have finished save and close the file and get back to the netLD screen 0 i enable123 public 3 10 0 0 2 Ivi Wwil24 enable enalbe124 public 4 10 0 0 3 Ivi Wwi125 enable enable125 public 5 110 0 0 4 li lvi126 enable enable126 public 6 10 0 0 5 Ivi Wwil2 enable enalbe127 public 7 10 0 0 6 Ivi Ivi12
66. 2 over a maximum of 30 hops 1l 4 ns Z ms l mns 122 1625 0 254d Z 3 ms 3 ms ms 10 0 0 250 3 3 ms 3 ms 3 me lLlO O f 252 Trace complete 3 5 8 Port Scan Shows port usages of the devices Port Scan Default Port Scan 2011 08 19 12 13 X E Find Next F 5 Device ftp 20 ftp 21 10 0 0 211 10 0 2 8 10 0 0 208 10 0 2 21 10 0 2 252 10 0 2 27 10 0 2 7 10 0 2 23 10 0 0 209 10 0 2 9 A MA telnet 23 titp 69 http 80 snmp 161 https 443 EELEEEEES LLLE IEEE gt gt gt gt CILLIT EECEEEEES gt gt gt gt gt gt gt gt gt H KKK Keke TELLITE Copyrights LogicVein inc All rights reserved 19 3 5 9 Live ARP Table CHAPTER 8 BASIC TOOLS Shows the real time status of ARP table of the devices Live ARP Table Default Live ARP Table 2011 08 19 12 19 10 0 2 26 IP Address vf 10 0 2 254 y 10 0 2 9 y 10 0 2 236 3 6 Change Menu E Find Next MAC 1c 17 d3 65 3b 6f 3c e5 ab f e6 7d 00 09 b ff 14 20 Configuration Change tools perform operations related to the configuration changes on the selected devices They are all located under Change submenu In this sec tion we describe each feature in this submenu from the top to the bottom Change tools are placed under Change submenu in the tools menu Device inventor E Tools a Change D Smart Change kj Reports Command Runner E Enable or Disable Interfaces Login Banner MOTD Name Servers Manager
67. 200 H3C 2 Backup E e ES Compare Configurations Edit Launchers 5120 26P SI cISCO1841 Switch Router 210235442DB104000005 FHK142172C3 Select the configurations to compare and click on the Compare Configuration button When you compare the historical configurations check on Show historical configurations and the old configurations would appear in the list Cisco2600E Config frunning config alartup contfig slartup config running config frunning contig slartup config Cd Show historical configurations Select one configuration from each side Date 2012 07 06 08 30 2012 07 06 08 30 2012 07 06 08 27 2012 07 06 08 27 2012 06 29 02 47 2012 06 29 02 47 55120 Config frunning contig siartup ctg Date 2012 06 29 02 47 2012 06 29 02 47 Compare Configurations AA co Cancel n y Change Smart Change hy Report ia 3 4 CONFIGURATION AND BACKUP 2 More conveniently we can also compare the configurations on the Device Information Select two of them in the list and click on the upper left icon Currently we do not provides right clicks on the device information Cisco2600_7 10 0 3 7 Cisco2600_7 10 0 3 7 General Compliance Hardware Interfaces Last Backup 2013 12 24 01 00 NVI AER o Snapshot Config Timestamp Size User G 2013 12 21 01 00 running config 2013 12 21 01 00 875 n a startup config 2013 12 12 01 00 756 n a 2013 12 20 01 00 r
68. 2430S 24T 10 4 85G015 10 10 0 2 254 Default Cisco IOS LVI_Router Router Cisco CISCO1841 15 1 1 T FHK142172C3 Copyrights LogicVein inc All rights reserved 59 CHAPTER 3 BASIC TOOLS Figure 3 3 3 Specify the Version via the corresponding pull down list Protocols Network Groups Use network groups to define groups of devices that require specific protocols for connection The Default network group defines the protocols Default used for IPs not defined in other network groups Y SSH SNMP Telnet Port 161 a Y WWS Timeout ms 800 Y HTTP Retries 2 scp Y FIP Version 1 v IV TFTP V3 Authentication MDS y Y Ej SNMP V3 Encryption DES T ME i X uw T Y OK Cancel Figure 3 3 4 Enter the IP address and the adapter Add Device Adapter A10 ACOS T Add Cancel 3 8 TOOLS FOR DEVICES 60 Parameter Description IP Address Required Specify an IP address of the device to add Network Required Enter an existing network group to assign the device Adapter ID Required Enter the device adapter ID of the device Custom 15 Optional text for the custom field Finally click on the Inventory gt Import update inventory from Excel file The same feature can also be accessed from Run Startup Wizard Import from Excel 3 3 4 Editing and Deleting the Devices Although it is not a common practice when you want to edit the IP Address Hostname Adapter ID Network and Custom Fields of the
69. 5 255 255 0 no ip directed broadcast 1 interface Serial0 no ip address no ip directed broadcast no ip mroute cache no fair queue interface Seriall no ip address no ip directed broadcast shutdown 1 saj wi wis e x v LA in classlase a 5If you do NOT want to save the configuration in the target device when it is deployed add no persist at the end of the cns config initial sentence Fig 4 2 6 Copyrights LogicVein inc All rights reserved 157 CHAPTER 4 ADVANCED TOOLS Figure 4 2 6 No persist configuration cns config initial no persist Registering devices You have completed the preparation for the template required by Cisco PnP now Next you need to set the target devices and configurations to deploy and set the replacement values if necessary First move to Configurations subtab in the main pane then click on J Devices Jobs Terminal Proxy Search Compliance Cisco PnP Configurations Templates History Pnp Device Configurations Configuration arire nalate Device ID or Template Go Device ID Template Live Status Device ID Status 4 2 CISCO PLUG AND PLAY OPTIONAL 158 Then fill in the information in the dialog and click on the OK button Select the Template in Deployment Type The table below describes the meaning of each field PoP Device Configuration Device ID TESTESTEST Deployment Type Template o cc a E Template Tsune test o fan Target configurat
70. 6 SERVICE MANAGEMENT 38 Figure 2 6 4 netLD service can also be managed in Windows Service Manager Select Services option from Configuration menu and select Net LineDancer from Name list After the action list Stop the service Restart the service is displayed for the selected service select the action to perform E Server Manager File Action View Help es Alpi kde H mo Server Manager WIMN2008TEST de Roles A Features ES a Diagnostics El Configuration Net LineDancer Mame _ Description status Task Scheduler 24 Microsoft iSCSI Initiator Service Manages I Q Windows Firewall with Adva Stop the service Ch Microsoft Software Shadow Cop Manages 5 S Services A EE Sh Multimedia Class Scheduler Enables rel ay WMI Control E het LineDancer Net LineDa Started E Local Users and Groups Desain Ch Metlogo Maintains a ES Storage Met LineDancer ich Network Access Protection Agent Enables Me Ch Network Connections Manages 0 Started ich Network List Service Identifies E Started ch Network Location Awareness Collects an Started Sh Network Store Interface Service This servic Started Copyrights LogicVein inc All rights reserved Chapter 3 Basic Tools In this chapter we mainly provide a screen by screen instructions per purpose For important and large features we also provide the instructions to the concepts of those tools Contents 3 1 Credentials dec
71. 64 2013 08 0 XXXXX netld 154 M Transaction Summary Install 1 Package s Total size 154 M Installed size 154 M Is this ok Ly N As shown above you will be prompted y N Answer y here Installation continues and finishes After that if you have ever installed netLD before the installer may ask you if you want to overwrite the certificate If so answer y Further description on SSL certificate is available in Sec 5 4 1 Verifying netld 2013 08 0 20131127 1745 x86_64 Installed netld x86_64 0 2013 08 0 20131127 1745 Complete A certificate has already been created for this server Would you like to overwrite it Overwrite y n y Then you will be asked to enter some information to set up an SSL certificate Example information is shown below Net LineDancer clients use SSL to communicate with the server An SSL certificate must be generated for this machine The hostname field below must accurately reflect the hostname for this server Only ASCII characters are supported Hostname FQDN logicvein com Copyrights LogicVein inc All rights reserved 13 CHAPTER 1 TUTORIAL Organization Unit lvi Organization lvi City kawasaki State or Province Kanagawa Country Code JP KR US JP Finally you will be asked for an license file If you continue using netLD with a trial license just hit Enter If you already have a license file give the full pathname to the file After that netLD service starts
72. 8 enable enable128 public 8 10 0 0 7 Ivi 1vi129 enable enable129 public 9 110 0 0 8 li 11130 enable enalbe130 public 10 10 0 0 9 li li131 enable enable131 public 11 10 0 0 10 Ivi lvi132 enable enable132 public IZ MES Click on the and select Import static credentials from Excel to import the data from the spreadsheet you edited above In the file selection dialog choose the edited one and click on the OK button Credentials Network Groups Find a La A E lvi_st IP Address PA Enabl Import static credentials from Excel Default 10 0 0 111 ae Save empty static credentials Excel Template Ivi_dy 10 0 0 211 Ivi 10 0 0 253 user_tech 10 0 0 254 10 0 2 1 Ivi 10 0 2 14 admin 10 0 3 14 tech 10 0 3 252 admin 10 0 3 253 admin 10 0 3 254 Ivi 192 168 0 196 root 192 168 220 253 EP TL A 1 12 of 12 Fs Ok Cancel Importing data from the external resources may overwrite the existing cre dential with the same IP Ensure there is no unacceptable conflict in IP address between the existing data and the newly imported ones 3 2 USERS AND ROLES 50 3 2 Users and Roles Description on Users and Roles is described in Sec 2 4 p 34 Briefly speaking each Role defines a set of available operations and a User has exactly one such role The list of operations to be restricted such as reading and writing the configuration and more are shown in Sec 7 3 In this section we rather focus on the scr
73. AC address e g OOOCCEC6EAEO0 Only the full match is available and partial match is not supported right now Config Text Config Text search runs a full text search in the device configura tions For example if you want to search the configurations that contain version and 12 1 enter version AND 12 1 in Search field and click on button For details about the search query refer to Query Syntax located in the right of the query field 3 3 6 Exporting and Importing the Inventory You can import and export the current Inventory status in a spreadsheet These operations are available in Inventory Import Export section The form includes the IP address the hostname and so on Figure 3 3 7 Inventory submenu Device fe Inventory GTools h Change e Smart Change hj Reports ja Credentials E M Protocols Add ge Add new device Discover new devices Import Export Export inventory as Excel file Export inventory with configurations as ZIP file Save inventory import Excel template E E 180 E Import update inventory from Excel file Manage at Device Tags ah Run Startup Wizard Copyrights LogicVein inc All rights reserved 63 CHAPTER 3 BASIC TOOLS Exporting Inventory in a Spreadsheet Select some of your devices and click on the Export inventory as Excel file entry then you can save the sheet into a x1s file such as netLD inventory 2014 03 25 x1ls If you export all devic
74. All rights reserved 129 CHAPTER 8 BASIC TOOLS Select a test config Select Configuration a IP Address a Hostname 10 0 0 250 CISH 10 0 2 22 Cisco2600C 10 0 2 23 Cisco2600D 10 0 2 24 Cisco2600E 10 0 2 25 Cisco2600F 10 0 2 26 routeri 10 0 2 29 C2500C 10 0 2 31 Cisco2500D 10 0 2 33 C3640 10 0 2 38 C1921 10 0 2 39 Configured 892J 1 12 0f 12 P Results per page 254 OK Cancel Violations are colored in red The top right number shows the total number of violations When you are satisfied with the test results you should then activate the policy Note that netLD does not run the violation check unless you activate it Policy IOS Policy gt Policy IOS Policy Devices Rule Sets Status Adapter Cisco IOS 10 0 2 31 select a test config Failed rule sets 2 Configuration running config v a pa Rule Set Severity Paia Cisco2500D IOS Interface Auto Duplex Speed Warning 8 ino logging console 9 lenable password lvi IOS Secure Enable Passwords Error 10 lljip subnet zero 12 lip name server 192 168 0 3 13 14 15 16 interface Ethernet 17 ip address 10 0 2 31 255 255 255 0 18 no ip directed broadcast 1917 3 10 COMPLIANCE 130 Activating the Policies Once a policy was created you should activate the policy to the devices Make sure that the main pane shows Compliance Policy subtab In Policy subtab select a policy and click on the Enable button You will see a pi
75. DFD41 Y BRIO 1 isdn 64000 1500 e FastEthernet ethernet 100000000 1500 000750BDFD51 2 BRI2 0 isdn 64000 1500 Y Ethernet2 0 ethernet 10000000 1500 000750BDFD61 Y Ethernet2 1 ethernet 10000000 1500 000750BDFD62 ARP MAC VLAN Tab ARP MAC VLAN tab shows ARP table MAC table and VLAN member ports information of the device Note that information shown in this tab is based on the last collect neighbor job netLD performed Before collecting the neighbor information nothing is shown in left subpane Click on the Run Neighbor Collection Now to run the neighbor search C3640 10 0 2 6 General Compliance Hardware Interfaces ARP MAC VLAN In order to view ARP and MAC information for this device you must first run a neighbor collection job VLAN Member Ports The neighbor collection job will collect a snapshot of MAC forwarding tables and ARP tables from the device 2 Name Port Run Neighbor Collection Now 1 default 1002 fddi default 1003 token ring default 1004 fddinet default 1005 trnet default And the result information is shown here C3640 10 0 2 6 General Compliance Hardware Interfaces ARP MAC VLAN ARP Table MAC Table VLAN Member Ports IP Address a MAC Address Interface Name Port 10 0 2 6 00 07 50 BD FD 41 FastEthernet0 1 default 10 0 2 14 00 17 42 FE BD 2E FastEthernet0 1002 fddi default 10 0 2 30 00 01 30 B9 B5 10 FastEthernet0 1003 token ring default 10 0 2 254 1C 17 D3 65 3B 6F FastEthernet0 1004 fddinet default No
76. ENU 82 3 6 4 Name Servers Manager It allows you to add or delete a name server of the devices Name Servers Manager Mame Server Address 10 0 0 100 Name Server Action add delete add Domain Suffix Name example net Perform backup after tool completes Menu Items Description Name Server Address Enter IP address of the name server Select action for the name server from the drop down list to add or delete Enter the domain suffix name Name Server Action add delete Domain Sufix Name 3 6 5 NTP Servers Adds removes NTP servers to from the devices NTP Servers NTF servers to add 10 0 0 1 NTF servers to remove Perform backup after tool completes ed Menu Items Description NTP servers to add Enter the IP address of the NTP server to add NTP servers to remove Enter the IP address of the NTP server to delete Copyrights LogicVein inc All rights reserved 83 CHAPTER 8 BASIC TOOLS 3 6 6 Port VLAN Assignment It allows you to assign VLAN ports to the interfaces of the device Port VLAN Assignment Select Interfaces GigabitEthernet0 0 GigabitEthernet0 1 Select a VLAN Name Number default 1 fddi default 1002 token ring default 1003 fddinet default 1004 trnet default 1005 Perform backup after tool completes Execute Cancel After selecting one or more interfaces from the Select Interfaces list and the VLAN name to assign click
77. GEMENT SOFTWARE 180 4 4 Integration with External Network Manage ment Software In this section we describe the method to interact with external Network Man agement Software NMS such as SNPMc 4 4 1 Interaction with SNMPc After version 10 10 or above netLD and SNMPc network manager has the im proved collaboration netLD get a device configuration from SNMPc and manages the configuration history Follow the instructions below but we assume a windows environment First create a following batch script Oecho off Osetlocal set NETLD_SERVER kk x set NETWORK Default for f tokens 1 2 delims a in 1 do set DEVICE1 a set DEVICE2 1 b set DEVICE1 DEVICE1 0 NETWORKY set DEVICE2 DEVICE2 0 NETWORKY explorer exe https NETLD_SERVER username x amp password x krandom R ANDOM amp action diff amp device DEVICE1 DEVICE2 exit However please note that e set NETLD_SERVER x xx x x x x x x fill with the netLD IP address or host name e username fill k with netLD login username e password x fill with netLD login password Save this batch script with an arbitrary name like diff bat into SNMPc Net work Manager install directory Copyrights LogicVein inc All rights reserved 181 CHAPTER 4 ADVANCED TOOLS Second create a custom menu in SNMPc Add the following custom menu by selecting Add Custom Menu in To
78. LVI 10 0 23 RTX1200 8 10 0 2 5 Apresia3424GT 10 0 2 6 C3640 10 0 27 DG53426 10 0 2 30 Summit43i e 10 0 2 50 AX24305 10 0 2 254 LVI_Router lvi co jp amp 1 90f9 v 1 5 INITIAL CONFIGURATION 22 The backup status of each device is indicated with an icon Successful backup shows a green icon Credential error shows a yellow icon Failure shows a red Y icon and so on Details are described in the later section Sec 2 2 Usually you might fail to get the complete backup of all devices in the first time due to some wrong configurations on your network devices However this is a good example showing that managing the devices is difficult and requires the considerable efforts Now that you have netLD you no longer have to worry about this issue In order to increase the number of devices which are successfully backed up quickly review the following conditions on each device where the backup has failed e Go back to the previous section and check if the registered credentials User name Password Community etc are consistent with the information on the devices e Back to the previous section and check if no network groups are using the same range of IP addresses e Required protocols e g telnet ssh etc are already enabled on the device In order to do this you have to manually log in to each device via CUI and change the configurations The required protocols are listed in Sec 7 1 e Certain por
79. Last Success GMT 892 TEST 19 7 168 0 111 Cisco No protocols 2014 07 08 05 51 available 3 8 REPORT 104 Protocol and Credentials shows the summaries of protocols and credentials used for all the devices in Device View Protocols and Credentials Summary 7 15 14 7 39 PM netLO Enterprise Protocol Usage by Device TFTP Telnet LAA r_ Credential Usage by Device B New Credentials 10 0 2 1 100 3 252 10 0 0 211 Copyrights LogicVein inc All rights reserved 105 CHAPTER 3 BASIC TOOLS 3 8 1 Issuing a Report Manually You can run the tool whenever you would like to issue a report There are two kinds of reports where the former summarizes all devices on the Inventory while the latter can be issued on the selected device s Reports summarized on all devices Reports that can be issued on each device Network Hardware Summary Inventory Report Protocols and Credentials Configuration Change Hardware Report Hardware Change Report Backup Summary Software Summary Assume we are trying to issue an Inventory Report written in bold in the table above Select the devices you want to include in the report in Device View If you plan to include all devices leave everything unselected If no devices are selected and the report is designed for summarizing the data on individual device the following confirmation pops up Please be careful when the number of devices is large because build
80. Net LineDancer User Guide Version 14 06 Logic Vein Inc www logicvein com Mail support logicvein com a veto LogicVein July 22 2014 Introduction Thank you for purchasing our product lines Net LineDancer v14 06 hereafter referred to as netLD It reduces the effort of network device management and also increases the robustness security and high availability of your networks and we are very happy to help your job and to introduce you to such a product To achieve the maximum speedup in your office in the least cost of time please take a look at this introduction section first It would be helpful how to read the manual and which section you should read in order to get the information right away Figure 0 1 1 Features in netLD 1 Probe the devices in the network and add them to the Inventory Database 2 Login to the devices using the credential information stored in the database 3 Read the device configurations and back it up 4 Modify the configurations of the devices with Smart Change o Manage the devices by grouping them into Networks 6 Monitor the devices 24 7 and provide a secure network 0 1 WHAT IS NETLD 111 0 1 What is netLD netLD is designed to help network engineers manage the configurations of the net work devices e g routers or switches in their enterprises Below is a brief summary of what netLD can do they are mainly described in Basic Tools Se
81. OS devices should have encrypted enable passwords Y 10 0 2 26 IOS Secure Enable Passwords IOS devices should have encrypted enable passwords Y 10 0 2 31 IOS Secure Enable Passwords IOS devices should have encrypted enable passwords Y 10 0 2 29 IOS Secure Enable Passwords IOS devices should have encrypted enable passwords W 10 0 2 33 IOS Secure Enable Passwords IOS devices should have encrypted enable passwords W 10 0 2 39 IOS Secure Enable Passwords IOS devices should have encrypted enable passwords W 10 0 2 38 IOS Secure Enable Passwords IOS devices should have encrypted enable passwords 15Violation icons are also shown in Device View To see the detailed information of the violation double click on the warning error icon Copyrights LogicVein inc All rights reserved 131 CHAPTER 8 BASIC TOOLS 3 11 Draft Configuration A Draft Configuration is a configuration that are saved independently of the backup history It is treated just the same way as the normal configurations in the backup snapshots but it also has several difference it has a name it can be exported to imported from a plain text files etc It is useful when you reuse the same device configuration several times Figure 3 11 1 The buttons in the draft configuration pane ES 3 11 1 Creating a Draft Configuration Draft configuration can initially be made by copying the existing configuration snapshot Firstly double click on the target device to make a new
82. OW 204 Figure 5 2 6 URL Launchers Server Settings Data Retention URL Variables System Backup Create a New Launcher 9 Hostname Mail Server Name IP Address SNMP Traps URL http Make Users 2 Model Roles gt Serial Number External Authentication 2 Software Version Custom Device Fields i URL Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Figure 5 2 7 Network Servers Server Settings Data Retention User login idle timeout minutes 300 y linia v Enable the Terminal Server Proxy SSH Mail Server SNMP Traps Terminal Server Proxy SSH port 2222 Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Copyrights LogicVein inc All rights reserved 205 CHAPTER 5 MISCELLANEOUS Changing the Server Primary IP Address Windows version only netLD primary server IP address will be automatically detected when the program is launched To change the value use Server Primary IP Address pull down list to change the IP address and click on the OK button Restart Required dialog will show up Click on the Yes button to restart the server and apply changes in the settings Restart Required some changes require the server lo be restarted Would you like to continue Yos Cancel Changing the HTTPS port Windows version only E
83. P Edit device properties The new tab appears in the status pane Cisco2600G Neighbors Ea Data Last Updated 2011 08 19 11 32 Protocol Local Interface Neighbor Address Neighbor ID Neighbor Interface CDP Ethernet0 0 10 0 2 11 1921 SEC K9 GigabitEthernet0 0 A CDP Ethernet0 0 10 0 2 12 1921 NOSEC K9 GigabitEthernet0 0 CDP Ethernet0 0 10 0 2 20 Cisco2600A Ethernet0 0 CDP Ethernet0 0 10 0 2 21 Cisco2600B FastEthernet0 0 CDP Ethernet0 0 10 0 2 22 Cisco2600C FastEthernet0 0 CDP Ethernet0 0 10 0 2 23 Cisco2600D FastEthernet0 0 CDP Ethernet0 0 10 0 2 24 Cisco2600E FastEthernet0 0 y Double click an entry to view that device s neighbors 5 2 Configurations Available in Settings Window In this section we describe the configurations available in Server Settings win dow It opens when you click on the settings button on the global menu Copyrights LogicVein inc All rights reserved 195 CHAPTER 5 MISCELLANEOUS 5 2 1 Setting the Data Retention policy netLD stores all configuration data unless specified However it causes the size of the database to increase in the long run You can set an expiration period of the data to avoid this problem The configuration is available in Data Retention menu In Delete expired data weekly at this time you can configure which timing you want to remove the old data The rest determines just as it says e Duration to keep configuration history e Duration to keep terminal proxy history e Dura
84. Play Software Update Copyrights LogicVein inc All rights reserved 179 CHAPTER 4 ADVANCED TOOLS Enter the required information in the dialog In the Bridge Host field select a SB that you have just added in the previous section Finally click on the OK button to save the network Managed Network Name Bridge Host Default F nerd o 1 A SOSA Default ro SB1 SB SBS 5B4 Mm Menu Items Description Name Enter a name for the new network Bridge Host Select a Smart Bridge to use for the network from the dropdown list Once a network is added it appears in the Network dropdown list in the global menu Selecting its entry switches the network 4 3 4 Adding devices to a SB Finally add devices to the SB network Again the manipulation required to add devices credentials and so on in the remote network is nearly exactly the same as those required in the local network The only difference is that you have to switch the current network to the target remote newtork which was added in the previous section Once you have switched to the appropriate network you can discover add and change the devices as usual Credentials can also be handled just the same way as you did When you add a device it is polled checked backed up by the Smart Bridge instead of the core netLD server For information on adding devices and credentials see Sec 3 3 1 and Sec 3 1 4 4 INTEGRATION WITH EXTERNAL NETWORK MANA
85. SCELLANEOUS For example if you right click on a device with IP 10 0 0 1 and click on the new entry IP Address added in the right click menu a pattern device ipAddress in the URL of that entry is substituted with an actual IP address 10 0 0 1 Those patterns are added via buttons in URL Variables 10 0 3 4 2500 Cisco CISC 10 0 3 248 2960 Cisco Cisco WS dh 192 168 0 111 RO TEST Cisen CTSC 10 0 25 o 10 0 2 pen Terminal E 10 0 2 50 show Terminal Proxy Logs 24 a 19216810 Compare Gontigurations Hostname 10037 Edit Launchers ct 10 0 5 6 on Ci GH 10 0 3 250 10 03 20 5 2 8 Network Servers In Network Servers you can modify the settings for Login Idle Timeout and Server Primary IP Address Login Idle Timeout Login idle timeout for netLD console is set to 30 minutes by default You can change it in the Network Servers Follow the instruction below Disabling this feature is not available because it is a bad practice with regard to the security If someone get the configuration data while an administrator is leaving his desk for a while it causes a serious system abuse However if you really want to do it you are still able to achieve virtually the same results by setting the maximum value 526 000 To change the value change the number of minutes in User login idle timeout minutes dial box Click on the OK button to save the value 5 2 CONFIGURATIONS AVAILABLE IN SETTINGS WIND
86. SH uses by default Check the port at Terminal Server Proxy SSH port in Server Settings window Network Servers bash gt ssh admin0192 168 0 7 p 2222 admin 192 168 0 77 s password Active network Default Welcome to Net LineDancer 2014 03 26 11 33 20 JST netld Connect the IP address of a device with connect lt IP address or host name gt You can automatically login to the devices as an administrator with already enabled state as long as netLD already has the correct credential information of the device netld connect 10 0 2 2 connect 10 0 2 2 Resolving device 10 0 2 2 Connecting to device 10 0 2 2 Warning skipping login authentication until an administrative user is added NEC Portable Internetwork Core Operating System Software Copyright Notices Copyright c NEC Corporation 2001 2010 All rights reserved Copyright c 1985 1998 OpenROUTE Networks Inc Copyright c 1984 1987 1989 J Noel Chiappa IX2025_LVI enable config Enter configuration commands one per line End with CNTL Z IX2025_LVI config 4 1 TERMINAL PROXY TAB 144 When you are done enter exit several times to go back to the netLD SSH session However the number is device specific The first exit is for exiting the enabled mode in the device CUI and the second exit is for exiting the session with the device Upon logout netLD takes a backup automatically Also when a configuration change has been detected the event is auto
87. This section introduces how to use cron to set job schedule in Net LineDancer Most of the contents in this section are quoted from cron4j website http www sauronsoftware it projects cron4j cron4j is a scheduler for the Java platform which is very similar to the UNIX cron daemon With cron4j you can launch from within your Java applications any task you need at the right time according to some simple rules 243 8 1 CRON TUTORIAL 244 8 1 1 Scheduling patterns A UNIX crontab like pattern is a string split in five space separated parts Each part is intended as 1 Minutes sub pattern During which minutes of the hour should the task been launched The values range is from 0 to 59 2 Hours sub pattern During which hours of the day should the task been launched The values range is from 0 to 23 3 Days of month sub pattern During which days of the month should the task been launched T he values range is from 1 to 31 The special value L can be used to recognize the last day of month 4 Months sub pattern During which months of the year should the task been launched The values range is from 1 January to 12 December otherwise 2 99 2 99 2 oD 9 this sub pattern allows the aliases jan feb mar apr may jun jul aug sep oct nov and dec 5 Days of week sub pattern During which days of the week should the task been launched The va
88. ake Users Model Add Roles j Serial Number External Authentication lt Software Version Custom Device Fields O URL ale aa 144 Hostname http A device hostnamej Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update OK Cancel Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update 5 2 CONFIGURATIONS AVAILABLE IN SETTINGS WINDOW Figure 5 2 4 External Authentication section in Server Settings window Server Settings _ Allow authentication using an external RADIUS server RADIUS Server Hostname 10 2 1 1 Port 1812 RADIUS Server Shared Secret win Test Authentication Password Figure 5 2 5 Custom Device Fields Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Server Settings The device inventory has five custom fields that can be used to set additional values on each device You can specify names for these custom fields here Custom 1 Section name Custom 2 EOS Custom 3 EOL Custom 4 System name Custom 5 Installation Date 202 Copyrights LogicVein inc All rights reserved 203 CHAPTER 5 MI
89. als window we specified the login information while in protocols window instead we specify the connection protocols information Initially only the Default network group exists and it is used by default The input interface is almost the same as that of Credentials window Figure 2 3 2 Protocols window Protocols Network Groups 10 0 0 1 10 0 0 50 Add address IP CIDR Wildcard or Range AA 22205 ES Default L Z Telnet oo 22 v HTTPS Version auto Z HTTP Y SCP v FTP W TFTP Y SNMP ESIE EN In each input field e Enable the checkbox if the protocol could be used during the backup and other operations In the Default network group all protocols are checked by default e Up down arrow buttons move the order in the list and change the priority of the protocol netLD tries to use the protocol of the top priority If it fails then it tries to connect with the protocol of the next priority e To add a new protocol specification click on the and enter a name of the group e Enter the IP address ranges in Add address IP CIDR Wildcard or Range field Click on the L to add it to the list on the left 2 4 USERS AND ROLES 34 2 4 Users and Roles Roles manage the user permissions in general Each role defines a set of permis sions such as read write permissions on devices Each user belongs to exactly one such role and the role effectively controls the user s access to
90. an email to support logicvein com with the log file 1 5 4 Scheduling the Backups Now you got the first backup successfully Then why not make it run the backup on the regular basis Always keeping track of all the configurations is critical for the robustness and the security of your network ail ic E ES w Add Devices Credentials Yalidate Backup Setup Schedules Create job Backup F o Run daily at 0 ue 00 e Job Mame Mew Job Figure 1 5 2 Scheduling a backup Creating a periodical schedule of backup jobs is quite easy Just go to the next tab and create a Backup job In Run daily at you can specify which time of the day you want to perform the backup In netLD the scheduled tasks are called jobs The options available in Startup Wizard are quite limited compared to what can be done in Jobs tab The full feature of job scheduling is described in Sec Ste You can also specify a neighbor jobs in which netLD acquire the neighbor information from each of the network devices Same as the backup jobs only the daily schedules can be created in this Startup Wizard However in depth configuration can be made afterward 1 5 INITIAL CONFIGURATION 24 If you need further assistance or technical support about Net LineDancer please fell free to contact below We will be pleased to help you when you find any errors or ambiguities in this manual or any questions regarding them as well Please note that we are closed on
91. ancer Smart Bridge It is recommended that you close all other applications before starting Setup This will make it possible to update relevant system files without having to reboot your computer Click Next ko continue cna Copyrights LogicVein inc All rights reserved 173 CHAPTER 4 ADVANCED TOOLS License Agreement dialog Press page down key to read the rest of the agreement and click on the I Agree to continue Met LineDancer Smart Bridge Setup Mei x License Agreement Please review the license terms before installing Met LineDancer Smart Bridge y Press Page Down to see the rest of the agreement Hottie l MET LINEDANCER LICENSE AGREEMENT SEES EE EE OE OE OE OE EE EE EE EE EEE EEE EOE EOE OEE OE EOE CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT THE SOFTWARE PROVIDED WITH THIS AGREEMENT THE SOFTWARE IS LICENSED AND ITS USE 15 SUBJECT TO THE TERMS AND CONDITIONS BELOW IF YOU DO WOT AGREE TO THE TERMS OF THIS AGREEMENT PROMPTLY RETURN THE SOFTWARE AND DOCUMENTATION AND YOU WILL BE OFFERED 4 REFUND BASED ON YOUR ORIGINAL PAYMENT TF vou accept the terms of the agreement click 1 Agree to continue You must accept the agreement to install Met LineDiancer Smart Bridge Mullsoft Install System v2 45 lt Back Cancel Specify the install directory by clicking on Browse button Click on the Next button to continue Met LineDancer Smart Bridge Setup Mei x Choose Install Location Choo
92. ardware Change Report Hardware Report Inventory Report Network Hardware Summary Protocols and Credentials Software Summary We provides the following eight types of reports Inventory Report shows the hostname IP address model OS version and serial number of the devices as well as the date the last backup was performed on the device ollo netLO Enterprise Hostname IP Address Model OS Version Serial Number Last Backup Alaxala AX24305 10 0 2 50 AX24305 24T 10 4 856015 07 15 2014 3 09 PM Apresia Apresia SW 10 0 2 5 Apresia3424GT 55 7 2201 07 15 2014 3 09 PM Cisco 2500 10 0 3 4 CISCO2500 12 1 9 06930549 07 15 2014 3 09 PM 892 TEST 192 168 0 111 CISCOB892 K9 15 1 4 M1 FHK134570SY 07 08 2014 2 51 PM 2960Cisco 10 0 3 248 WS C2960 24TT L 12 2 46 SE FOC1117Z9D0 07 15 2014 3 09 PM Copyrights LogicVein inc All rights reserved 101 CHAPTER 8 BASIC TOOLS Configuration Change Report shows change history and details of configurations changed during specified period for the devices Configuration Change Report netLO Enterprise 7 15 14 7 38 PM Path Type 10 0 3 4 2500 07 15 2014 3 09 PM running contig Modified 43 logging 192 168 090 112 44llogging 10 0 0 179 45 logging 10 0 3 100 logging 192 168 0 58 46 snmp server community public RO 47 snmp server community netman RW 48 snmp server community netld RO Istartup config Modified 43 logging 192 168 0 112 44llogging 10 0 0 179 45 logging 10 0 3 100
93. ates the logs even while using the Smart Bridge feature 1 Select the About in the Help menu 2 Click on the Send Log button Enter your E mail address in Your E Mail field and click on the OK button to send the log Send Information to Support via E Mail Please enter your e mail contact address Your SMTP mail server must be configured in Server Settings Your E Mail Copyrights LogicVein inc All rights reserved 209 CHAPTER 5 MISCELLANEOUS 5 4 Yet Other Miscellaneous Operations We further describe the other operations hard to categorize 5 4 1 Security Certificate on Browsers Since we need to access netLD server with HTTPS security certification error is issued on a browser when you access the netLD instance Ignoring the error and accessing netLD s interactive interface via a browser is completely safe but you can also issue and install SSL certificate to suppress the error message While the operation is instructed with Internet Explorer the similar method can also be applied to the other browsers like Google Chrome and Mozilla Firefox Installing SSL Certificate This instruction is for IE only For the other browsers refer to the guide provided by the browser vendor Start Internet Explorer browser and connect to netLD server and select Continue to this website not recommended y There is a problem with this website s security certificate The security certificate presented by this website was
94. button The Customization dialog show up so toggle each entry appropri ately Click on the button a e 0 A lem ma Copyrights LogicVein inc All rights reserved 189 CHAPTER 5 MISCELLANEOUS Toggle the checkboxes Select Columns Backup Status OS Version w IP Address wv Serial Y Hostname iw SW Vendor w Adapter Custom 1 w Memo Custom 2 wv Model Custom 3 w Device Type Custom 4 w HW Vendor Custom 5 _OK Cancel 5 1 2 Scheduler Filters You can use cron expression filters to set regular basis job schedules Added filters can be reused afterward while making a job schedule Select Job Management Filters Network Default 7 asai Logout Settings Help 2 Open Job X D Rename AR Sg New Job 72 Filters pe Comment mal 5 1 CONFIGURATIONS RELATED TO DEVICES AND OPERATIONS 190 Click on 1 to create a filter Mame 4 Cron l T A r dt OK Cancel Enter the required information Click on the OK button to save the filter Filter Mame not on sundaty Cron Expression EXE g Timezone GMT 09 00 Tokyo Parr A OK Cancel Field title Description Name Enter a meaningful filter name Cron Expression Enter a cron expression Timezone Select the timezone to calculate the event trigger ing time Copyrights LogicVein inc All rights reserved 191 CHAPTER 5 MISCELLANEOUS Confirm if the new filter is added and cli
95. c s Network Default Zal admin Logout Settings Help clear search basic search Y gt Device Inventory Tools Change 2 Smart Change k Reports IP Address HW Vendor Hostname Model Serial Device Type E 10 0 3 15 Cisco C2500_LVI CISCO 2500 03923464 Router 1003 6 Cisco C2600_6 CISCO2611XM 2FE JAE07170Q85 Router 10 0 3 4 Cisco Cat2500_4 CISCO2500 06930549 Switch 10 0 3 2 Cisco C2500_2 ISCO2524 06956296 Router F 10031 Cisco LVL test CISCO2611 JABO3060AX0 Router 10 0 2 50 Alaxala AX24305 AX24305 24T 85G015 Switch 10 0 2 30 Extreme Summit4si Summit4si 0145M 01540 Switch C 4 1 24 of 24 P Results per page 254 v w a Access List al Template al Replacement Values Devices amp Schedule IP Address Hostname 10 0 3 1 LVI_test 10 0 3 2 C2500_2 10 0 3 4 Cat2500_4 10 0 3 6 C2600_6 Add selected from device view search Remove J Use the same replacement values for all devices inthe job Use unique replacement values for each device in the job Copyrights LogicVein inc All rights reserved 115 CHAPTER 8 BASIC TOOLS Open the Replacement Values subtab in the status pane and assign the replacement value to each device The interface is dynamically generated according to which kind of replacements are included in this Smart Change Access List Lal Template Replacement Values E Devices Schedule Lo IP Address Hostname 10 0 2 26 Cisco26006 ES 10 0 2 27 Cisco25004 access lis
96. ccess In line vty settings x transport input ssh violation if not matched transport input telnet violation on matched e TOS Disabled Unneeded Service Violation if the followings are not matched no service tcp small servers no service udp small servers no ip bootp server no service finger no 1p source route no ip identd xXx ae X X X AG no ip http server e IOS Session Idle Timeout line vty Settings exec timeout minutes Violation if no variables matched 7 5 RECOMMENDED SYSTEM REQUIREMENTS 236 7 5 Recommended System Requirements Minimum Requirements for 3 000 devices Operation Systems Windows 64bit only Windows Server 2008 SP2 Windows Server 2008 R2 Windows Server 2012 Linux 64bit only Cent OS 5 6 RedHat 5 6 or later Hardware Requirements CPU Core Minimum 4 Memory Minimum 2GB HDD 120GB 10K RPM RAID1 Minimum Requirements for 12 000 devices Windows 64bit only Windows Server 2008 SP2 Windows Server 2008 R2 Windows Server 2012 Linux 64bit only Cent OS 5 6 RedHat 5 6 or later CPU Core Minimum 6 Memory Minimum 8GB HDD 300GB 10K RPM RAID1 On the Client side you can browse Net LineDancer Server with e Internet Explorer 7 or later e FireFox e Safari or the other conforming browser implementation Copyrights LogicVein inc All rights reserved 237 CHAPTER 7 DATA 7 6 Updates in version 13 08 e Draft Configurations Feature Support for creating configurati
97. ck on the OK button to finish Name a Cron not on sundaty e 5 1 3 Device Tags You can group devices in netLD inventory by creating tags for each group Device Tags can be used while searching the devices Open Inventory gt Device Tags menu gt Device Inventory Tools Change 4 Smart Change hj Reports Credentials E La Protocols Add a Add new device E Discover new devices Import Export Export inventory as Excel file Export inventory with configurations as ZIP file Save inventory import Excel template E 050 E TEL Import update inventory from Excel file Manage ad Device Tags oh Run Startup Wizard 5 1 CONFIGURATIONS RELATED TO DEVICES AND OPERATIONS 192 Enter a name for the tag and click on Tags Manage the available device tags ES Ed Tag A 36 4 Tag B El P Tag D OK Cancel Icons Description Click on this icon to delete the tag Click on this icon or double click on a tag name in the list to edit the tag Select devices in Device View and click on the Associate Tag or Disassociate tags buttons in the Device tool bar Devices o lt a a a Ta Search IP Hostname 4 advanced search gt Device gt Z IP Address HW Vendor Hostname etial Device Type 10 0 3 253 Fujitsu SR 5224TC2 Fujitsu 0127300 Switch EA 10 0 3 250 Cisco 3560 DO1241X0RF Switch 10 0 3 15 Cisco C2500_LVI 3923464 Router
98. ction e Automatic detection of network devices in your network Once you specify the range of IP addresses you soon get the network devices as they are This is helpful when you jump into an awful situation such as there is almost no reliable documentation on the device IP addresses and no one understand the current state of your network e Grouping automated login and backup You can group the devices so that the devices share the same login information within a group and then you can reduce the effort to log in to each device Once you registered the login information to the database you can back up the configuration data in the devices e Fast amp intuitive amp automated access to the properties of each device You can see compare and restore the backed up state of the devices in few clicks Current states of the devices are shown in icons and you can easily find which device has a problem e If you have over the thousands of devices you will find it painstaking to con figure them because their configurations are almost the same but have small variations such as IP addresses and device names We provide a scalable management method Smart Change on that purpose e And many other features such as Producing a summary report Automated detection and logging of changes in the configuration Automated error reporting to the other Network Management Systems All of these features are described in this manual and th
99. ction job 13 1 create update delete a neighbor collection job 14 run a Smart Change job 14 1 create update delete a Smart Change job 15 create update delete URL launchers 16 create update delete memos 17 create update delete managed networks 18 create update delete Cisco PnP configurations 19 create update delete Cisco PnP templates 20 administer security settings 21 create update delete inventory tags 22 login using the terminal server proxy 22 1 automatically log in to devices from the terminal server proxy 23 view other user s terminal proxy logs Copyrights LogicVein inc All rights reserved 7 3 2 Permission vs Available Operations 1 1 1 1 2 2 3 4 5 6 7 8 8 1 9 9 1 10 10 1 10 2 11 11 1 12 13 13 1 14 14 1 15 16 17 18 19 20 21 22 22 1 23 Main Menu Credentials Protocols Discover Devices Add Devices Device Tags Scheduler Filters OS Images Server Settings Devices Search IP Hostname Advanced search O O O O O O O IO OJ O O O O O O O OJO O OO O O OJO O OJO O O O O OJO O OJO O O O O O O O OJ O O O O O JO OO Q O O O O O O O O O O O O O Run Backup Command runner O Read tool OJO O Change tool O Smart Change O O Collect neighbor data OJO Create a new job O O O O O O Terminal log OI OJO Export Inventory OJO O Export configurations OJO O Display configurations Display neighbors O O O Run a report Ois 2 Compare
100. d or Range LVI 10 0 0 90 p 6565 192 1683 0 1 24 Default it New Credential Set Credentials a a TATE Enter a name for the new credential set SNMP Get Community SNMPvSs Authentication Username public SNMPvS Authentication Password de Mii ME SNMPv3 Privacy Password OK Cancel t 1 Repeat these steps until all groups and credentials are added to the list Click 7 on the OK button to finish If more than two credential sets are available for a group netLD tries each set on the list in turn and uses the first valid credential Make sure that any groups do not share the same range of IP addresses Otherwise netLD might fail to save the backup of the devices 3 1 CREDENTIALS 46 3 1 2 Static Setting Strategy Next we show how to use Static setting strategy In the Static setting strategy you should run the process by hand Click on the L in the lower left Credentials Network Groups 10 0 0 1 10 0 0 50 Add address IP DR Wildcard or Range 10 0 0 90 ap Jj Credentials WY Username New Credentials VIY Password Enable Username Enable Secret Password SNMP Get Community SNMP Authentication Username SNMPv3 Authentication Password ell od ell o o SNIMPY3 Privacy Password po E Enter a new name of the network group Select Static Credentials by specific IP address Click on the OK butt
101. d encryption hostname pala hostname C2600M LVI boot start marker boot start marker boot end marker boot end marker no logging console no logging console C2600M 10 0 3 67 sample config L gt sample config aH version 12 4 service timestamps debug datetime msec RKTT S service timestamps log datetime msec no service password encryption hostname C2600M LVI 1 boot start marker boot end marker no logging console Then the timestamp in the Last Edit is refreshed 3 11 2 Importing Configurations from Plain Texts To create a new draft configuration from an external text file double click on the target device in Device View and open up the configuration history in the status pane We assume that you already have a text file containing a configuration Then click on the Using protc Draft Configurations Us b Ee faite new dhatechnfiguration g crede Copyrights LogicVein inc All rights reserved 133 CHAPTER 8 BASIC TOOLS Select the file to import and click on the Open button just as in usual Windows software Look in Net LineDancer Q pc ql a she by A Recent Places Desktop as sample E configuration file Libraries Computer Network File name sample configuration file m Files of type All Files v Cancel Li Then a new configuration is added to the list of Draft Configurations w Draft Configurations H Rad En E gt Draft Last
102. e Time 5 minutes a amet Ka Default 192 1163 0 0 8 ma s E 4 2 CISCO PLUG AND PLAY OPTIONAL 154 Prior to netLD 13 08 Prior to netLD 13 08 DHCP server preferences can be configured in Zero touch Settings subtab Move to the subtab and enter the required information Menu Items Description Enable DHCP Server Enable this checkbox to use the DHCP server fea ture in netLD DHCP Relay CIDR Enter the range of IP addresses in which DHCP Relay servers are running Address Range The IP address range to deploy the configuration Subnet Mask The subnet mask for the IP address range Gateway optional The gateway address of the device that netLD should use netLD executes deployment through the gateway of DHCP relay agent if this option is not specified TFTP Server optional The IP address of the TFTP server if you use a TFTP server other than that of netLD DNS Server optional An IP address of the DNS server used for the name resolution of the server Lease Time Select the lease time from the dropdown list either 9 or 10 minutes To save the change in DHCP Server settings Click on Save button in the upper right corner Copyrights LogicVein inc All rights reserved 155 CHAPTER 4 ADVANCED TOOLS Figure 4 2 3 If you are deploying configurations for more than one network seg ments add DHCP pools by using button Devices Jobs Terminal Proxy Search Compliance Zero Touch Network Defau
103. e above list is in complete As you proceed through the manual you will find many other useful features lv 0 1 1 Target Audience The target audience of this manual is the network administrators with minimum knowledge of managing the network devices such as routers and switches We assume you are already familiar with IP network concept of configurations of the devices and sometimes CUI operation on both network devices and the server However please do not worry you do not have to be the master of all methods of managing the devices We sometimes provide a helpful explanation even on the basic knowledge if we think it is necessary As you progress through the manual anyone new to the network management would get more familiar with what it is all about 0 1 2 About this manual The manual is constructed as follows 1 First we give tutorial sections that describe the basic installation method and the initial setup so that you can soon start managing the devices in your networks 2 Then we give a concise explanation of various original concepts in netLD for example networks credentials etc as well as most of the terms that we use throughout the manual such as the names of the UI elements If you feel you are already good at those concepts you can skip this section 3 Next we proceed to the usage of the basic tools They are easy to under stand if you have a good understanding of some concepts and UI of netLD However si
104. e bE ee MES aa RE BH oe a 42 3 1 1 Dynamic Setting Strategy a 43 3 1 2 Static Setting Strategy a 46 3 1 3 Import from an Excel spreadsheet 48 3 2 Users and ROS coco crios cra aaa A eS 50 3 2 1 Creating a Role ew eee eRe Ew RSG KG 50 mae Creating a User ossa hte Eee RH ERE EEG SE 51 3 2 3 Quick Password Change 040 53 So Tools for Devitos gt e hme ee he RR OGRE HEHE RHEE adi 54 3 3 1 Adding Devices e 54 3 0 2 Discover New Devices sc 2 00 cir 2 56 3 3 3 Adding Devices Manually 58 3 3 4 Editing and Deleting the Devices 2 60 3 3 5 Searching Devices oaoa a a 60 3 3 6 Exporting and Importing the Inventory 62 3 4 Configuration and Backup ec eee bb eed eses 64 3 4 1 Status Summary 2 2 2 ce sce dene ee ee ss 65 3 4 2 Status after Performing Backup 66 3 4 3 Restoring the Configuration 67 3 44 Device Property ee ee 67 3 4 5 Comparing the configurations 71 3 4 6 Checking the Mismatch in startup config and running config 73 Sar Toob MEDU 2 nt eee eRe ee we Ode Ow Ew HY GO 14 CONTENTS ix 3 0 3 7 3 8 sol TE LO eee EER RR eee HER 14 ooe TOS slow Commands ciones rosso ses 15 Ooo IP Routing Table oa esso ems seras rss 16 ee PU orar aaa tence s t 76 3 5 5 SNMP System nid 2 16 see dee wee ee we we wm i 3
105. e draft to the device Using protocols 55H Using credentials Me Choose which configuration to push it to Either running config or startup config This is the only difference between restoring the configuration snapshot and uploading a draft configuration Push Draft Target Configuration frunning contig a seh ee OK Cancel Copyrights LogicVein inc All rights reserved 135 CHAPTER 3 BASIC TOOLS Click on the OK button to initiate an upload Restore Configuration Restoring Configuration 3 12 Change Advisor Cancel Run in Background Change Advisor guesses the needs of the operator and automatically create a help ful advice by comparing the latest configuration with the selected configuration Note This feature is supported only on Cisco IOS and similar operation systems Press to initiate Change Advisor LYI Router 10 0 0 250 LVI_Router 10 0 0 250 Last Backup 2013709725 10 22 Timestamp 2013 09 25 10 22 2013 09 25 10 22 2013 09 25 10 22 Snapshot Config 2013 09 25 10 22 frunning config startup config fvlan dat w Draft Configurations Draft sample confguration file Ele siS 2 Size User 3140 n a 3140 n a 660 nia 3 08 89 oe Last Edit v Size User 2013 09 25 13 00 3140 admin 1 double click on a device in Device View General Make 1 Model Software Version Serial Number l 9 l Run change advisor seat id U
106. e graph in violation summary on the right Policy Rule Sets sp Create Rename Enable Delete Device Violation Summary Policy Devices Covered Devices Violating Violating In Compliance Y 10S Policy 0 0 Policy IOS Policy If any violation was found in the policy its icon changes Depending on the severity there will be an orange warning icon or a red error icon Policy Rule Sets ip Create Rename Disable ji Delete Device Violation Summary Policy Devices Covered Devices Violating Violating In Compliance 10 105 Poy n 10 1 E Policy IOS Policy Then double click on the violation icon Status subtab opens in the status pane showing the detailed information of the violation Policy IOS Policy gt gt Policy IOS Policy Devices Rule Sets Status IP Address Rule Set Message y 10 0 2 22 IOS Interface Auto Duplex Speed Interface FastEthernet0 0 is not configured for auto duplex speed W 10 0 2 26 IOS Interface Auto Duplex Speed Interface Ethernet0 0 is not configured for auto duplex speed Vv 10 0 2 31 IOS Interface Auto Duplex Speed Interface Ethernet0 is not configured for auto duplex speed W 10 0 2 29 IOS Interface Auto Duplex Speed Interface Ethernet0 is not configured for auto duplex speed Y 10 0 0 250 IOS Secure Enable Passwords IOS devices should have encrypted enable passwords y 10 0 2 23 IOS Secure Enable Passwords IOS devices should have encrypted enable passwords Y 10 0 2 25 IOS Secure Enable Passwords I
107. ected for each device in Replacement Values section This feature is convenient when the number of choices are limited Add a Replacement Selection 1 72 16 0 1 Name Web Server Type Choice Ea Choices E 172160 1 IAE 172 16 0 2 a at Adding another conditional type replacement with a name logging for the log entry Access List dl 2 Template lt gt Replacement Values Devices fh Schedule i a la Replacements Commands cont t y F A ip access list extended access list name i Source IP 20 permit ip host T gt 10 permit ip host 192 168 0 2 host 172 16 0 1 log gt Web Server end AMA BA write mem Copyrights LogicVein inc All rights reserved 113 CHAPTER 8 BASIC TOOLS Setting the Conditional Type replacement for the log entry Add a Replacement Selection log Name logging Type Conditional Ea i Use selection as default value a When you reuse the same replacement several times in the different parts of the text select each portion of the text and drag and drop the replacements in the list directly onto the Commands field Access List 12 22 Template lt 2 Replacement Values Devices Schedule G 2 cy Replacements Commands y a ai conft AS ip access list extended access list name Source IP 20 permit tp host Source IP host oo logemng a 10 permit ip host Source IP2 host log gt Web Server ead Web Serves write mem loggin
108. ed further assistance or technical support about Net LineDancer please fell free to contact below We will be pleased to help you when you find any errors or ambiguities in this manual or any questions regarding them as well Please note that we are closed on weekends national holidays New Year and sum mer holidays in Japanese time We accept e mails for 24 hours but we will only reply on those business hours Thank you for your cooperation LogicVein Inc Technical Support Mail support logicvein com 4 2 CISCO PLUG AND PLAY OPTIONAL 170 4 2 9 Deploying a Bootstrap netLD can deploy the configurations to the devices even when the device is in a network where DHCP is not available by deploying a bootstrap in advance The following is an example bootstrap for netLD Cisco PnP Substitute lt IP gt with the actual IP address of the netLD server For more information please contact your distributors cns id hardware serial l cns connect cns profile ping interval 10 retries 3 sleep 5 discover interface FastEthernet template cns profile l cns template connect cns profile cli description Basic CNS Initial Template cli ip address dhcp cli ip route 0 0 0 0 0 0 0 0 interface cli no shutdown exit cns config initial lt IP gt status http lt IP gt cns config asp l end Copyrights LogicVein inc All rights reserved 171 CHAPTER 4 ADVANCED TOOLS 4 3 Smart Bridge Optional netLD Smart Bridge SB
109. een by screen instructions 3 2 1 Creating a Role Creating a Role is quite simple First go to Setting window Roles Enter the name of the Role into the text area and click on Server Settings Data Retention Administrator Add a role System Backup carpentar magician cla Mail Server o a SNMP Traps Users Roles a Custom Device Fields Memo Templates Led Launchers Smart Bridges Networks Network Servers Software Update Lv OK Cancel ee La Copyrights LogicVein inc All rights reserved ol CHAPTER 8 BASIC TOOLS Select the permission of the role by toggling the checkbox If the toggle is on the permission to run the operation is granted to the user Meaning of each checkbox is available at Sec 7 3 p 232 Data Retention System Backup Mail Server SNMP Traps Users Roles Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Software Update Administrator Add a role carpentar magician 2 Y Permission to view compliance rule sets and policies v Permission to create update delete a compliance policy Y Permission to create update delete a compliance rule set _ Permission to view device configurations _ Permission to administer credentials and protocols Y Permission to create update delete device information in the inventory _ Permission to assign names to custom fields _ Permission to tag untag devices in the inventory Select All
110. emplates History Pop Device Configurations Configuration Device ID or Template Go Device ID Template d 1 Oof0 gt aja HN Live Status Device ID Status 4 2 CISCO PLUG AND PLAY OPTIONAL 166 Specify the necessary information in Cisco PnP Device Configuration dialog and click on the OK button Select Specific Device Recovery option as a Deployment Type PoP Device Configuration Device ID FHEG 94547 2HM Deployment Type Specific Device Fimi sno eninenneni anal AO Recovery Device ID FHK221816MN OK m Cancel Menu Items Description Recovery Device ID Similar to Device ID but it should be the ID of the old device After that the configuration data already stored in netLD is restored back to i the device All remaining processes are the same as in Template based deployment To deploy a configuration from netLD Cisco PnP in a device that will be powered on for the first time the device must be dispatched by the vendor without startup config in its NVRAM e g CCP CD NOCF or CCP EXPRESS NOCF option to order devices Copyrights LogicVein inc All rights reserved 167 CHAPTER 4 ADVANCED TOOLS 4 2 7 Distributing Configurations via 3G network and VPN capable Mobile Router netLD is able to distribute configurations via 3G network Sometimes the device to be deployed should be sent to the remote base where various base level services are not available For instance the network is not connected to the W
111. eplacement values for each device in the job OK Cancel 3 9 SMART CHANGE 110 Enter a sequence of ordinary commands in Commands field in the Template subtab In the figure below the commands for changing the access list settings are entered However the commands are for one specific device only since some values IP address etc are specific to one device We then change these commands into a template Access List Lan 22 Template lt Replacement Values 3 Devices h Schedule i 2 Replacements Commands cont t ip access list extended lvi filter 20 permit ip host 192 168 0 1 host 172 16 0 1 log 10 permit ip host 192 168 0 2 host 172 16 0 1 log end write mem dl te ea oe ae After entering the commands select a portion of the text that should be replaced with each device specific value Access List o Ed Template Replacement Values Sj Devices 4 Schedule G EJE Replacements Commands cont t ip access list extended 20 permit ip host 192 168 0 1 host 172 16 0 1 log 10 permit ip host 192 168 0 2 host 172 16 0 1 log end write mem k oe Then click on the to make them into a Replacement Enter the name of the replacement and select its type In the example below we selected lvi filter entered access list name as the name and selected Text type from the Type dropdown list Click on the OK button Add a Replacement Selection lvi filter Name access list
112. er name Enables the server authentication Mail server username for the authentication Mail server password for the authentication Copyrights LogicVein inc All rights reserved 199 CHAPTER 5 MISCELLANEOUS 5 2 4 Changing the Data Directory in Operation You can customize not only the backup directory but also the current setting directories while it requires some amount of operations 1 Stop the running netLD service via CLI Service Manager or Task Tray see Sec 2 6 2 Copy derby and lucene subdirectories cf Sec 7 2 p 231 to the destination directory E nlddata for example 3 Open Net LineDancer osgi config config ini and find the following line netld datadir Append the destination directory path to the line netld datadir E nlddata 4 Start netLD service in CLI e g net start netld 5 2 5 netLD RADIUS External Authentication netLD provides the ability for users to be authenticated using an external Remote Access Dial In User Service RADIUS server This guide will explain how to configure netLD to enable this integration Requirements In order to run the RADIUS integration you must have a RADIUS capable server like Microsoft Active Directory or FreeRADIUS The netLD server and RADIUS server must also be able to communicate using UDP on port 1812 5 2 CONFIGURATIONS AVAILABLE IN SETTINGS WINDOW 200 Configuring RADIUS In order for netLD to be able to authenticate the RADIUS serv
113. er only needs to be configured to handle Access Request packets After sending an Access Request to the RADIUS server netLD will listen for an Access Accept response The response should contain one or more Filter Id attributes Here is an example configuration for a user named jdoe in FreeRADIUS yamada Cleartext Password password Filter Id role Administrator Filter Id networks Filter Id customFields 1 2 3 4 5 This configuration tells FreeRADIUS that for an Access Request for a user named jdoe to match the password password If the password matches an Access Accept response will be sent with three Filter Id attributes set These three Filter Id attributes control the access the user is granted Name Required Description role Yes The name of the netLD role to assign to this user networks No A comma separated list of the managed networks visible to the user Use to grant access to all networks customFields No A comma separated list of the custom fields that should be visible to the user Configuring Net LineDancer To configure RADIUS authentication you must tell netLD the hostname and shared secret for communicating with your RADIUS server The RADIUS config uration settings can be found in the Server Settings window Here you can enter the hostname or IP address of the RADIUS server and the shared secret to use when making requests You can test if the settings are
114. eral network groups Starting from the version 11 04 netLD provides two ways to add credential sets called the Dynamic setting strategy and the Static setting strategy In Dynamic setting strategy you assign a range of IPs and a set of credentials of each network group In Static setting strategy you specify the credentials for the devices one by one Registering credential information can be done by hand or by reading a Microsoft Excel spreadsheet We also generate an empty static credentials Excel template for convenience Copyrights LogicVein inc All rights reserved 43 CHAPTER 3 BASIC TOOLS 3 1 1 Dynamic Setting Strategy Here we show how to set up a network group in Dynamic setting strategy First open Tools Menu gt Inventory gt Credentials Click on the 1 in the lower left or click on the button in the center This empty screen is shown only at the first visit Credentials Network Groups Use network groups to define groups of devices that require specific credentials for authentication ee Add a new network group Ok Cancel Enter a new name of the network group Select Dynamic Credentials by CIDR Range Wildcard and click on the OK button to create a network group Credentials Network Groups Use network groups to define groups of devices that require specific credentials for authentication The Default network group defines the Default credentials used for IPs not defined in other network gro
115. ernetwork Operating System Software 27 days 23 15 46 20 Cisco26004 a PA A A we na en EAS FA Cisco 1085 Software C2600 Software C02600 IPBASE M Version 12 4 15 T7 RELEASE SOFIWARE fc3 Technical Support http www cisco com techsupport Copyright ec 19868 2008 by Cisco Systems Inc Compiled Wed 13 Aug 08 16 09 by prod rel_team 3 5 6 Interface Brief It shows the IP addresses of the device and UP DOWN status of the interfaces on it Interface Brief gt Default Interface Brief 2011 08 19 12 16 10 0 2 252 lt gt p Find Next Admin Line Description IP MAC hex If Speed High Speed d Y etnemetos 28 00D 4E50408 100000000 100 amp Y bgroup2 28CODAESO40D 1000000000 1000 4p 4 ethernet 172 16 0 252 28CODAE50405 100000000 100 4 Y ethemetos 2800DAE50409 100000000 100 Y bgroupo 10 0 3 1 28CODAESO40B 1000000000 1000 4p Y etherneto 0 10 0 2 252 28CODAES0400 100000000 100 amp Je bgroup3 28CODAESO40E 1000000000 1000 Y etnemnetos 28 00D AE5040A 100000000 100 Y Y seria 28CODAES0415 92000 d Y etnemeto 2 2800DAE50406 100000000 100 3 5 TOOLS MENU 18 3 5 7 Traceroute Sends traceroute to the devices and shows the responses Traceroute bal Default Traceroute 2011 08 24 14 16 10 0 2 252 EP 665 Find Next TTL Hostname IP Probe 1 ms Probe 2 ms Probe 3 ms wo 1l 192 168 0 254 19 166 0 254 4 z 1 wo 10 0 0 250 10 0 0 250 3 3 2 Er 10 0 2 252 10 0 2 252 3 3 3 Tracing route to 10 0 2 25
116. es in the inventory empty the selection and then run the export Similarly you may also export a ZIP archive containing the data if the sheet gets too large This option is available in Export inventory with configurations as ZIP style file The output file is named such as netLD configs date of ex port zip The files in the archive are organized into subdirectories as follows e lt filename gt zip lt network name gt x 10 0 0 1 1812J B x 10 0 0 201 cisco2500b intra dar co jp x 10 0 0 203 cisco2600a intra dar co jp x 10 0 0 208 C2801 x Importing the Exported File Also you can then import add and update overwrite the exported spread sheets Click on the Import update inventory from Excel file entry It allows you to add a number of devices at once 3 4 CONFIGURATION AND BACKUP 64 3 4 Configuration and Backup Configuration backup of devices are done via a set of commands corresponding to the model of the device IOS devices for example can be backed up via the following sequence of commands copy running config tftp copy startup config tftp show access lists show diag What netLD does is to automates these command line sequences Since these commands vary among the vendors maintenance of large number of devices by hand is quite inefficient and there are many reznventions of wheels in each devel oper s personal shell scripts To take the backups of all the devices in Inventory
117. file Firstly navigate on your Web browser e g Google Chrome Firefox Internet Explorer to http www logicvein com shown in the following pages Follow the instruction in each figure and get the installer binaries which are usually named as netld Enterprise lt release date gt lt architecture gt If you are using a machine with 32bit Operation System we are very sorry to inform you that netLD enterprise is not available for your system You can alter natively get Net StreetDancer the free version of the software where the maximum number of devices is smaller than those available in netLD To run netLD make sure you have the 64bit operation system 1 1 GETTING NETLD 2 Figure 1 1 1 This is LogicVein support page Navigate to the Product highlighted in red Free Version Support Company Figure 1 1 2 Click on the green Download button in the middle of the page LogicVein EE a e a s Home Free Version Support Company Net LineDancer Pastyeasy and affordable k Configuration Management Tool ee A Se Set eS T eS OU _ A ee Ss eet ee ee eee ee Se OE eee pa baw Da y See Say a E Y A AA AA es aq tr Sp pa ps pp PAP ARA AA Y paa s E G e melee ee by a eee SS tae Le Copyrights LogicVein inc All rights reserved 3 CHAPTER 1 TUTORIAL Figure 1 1 3 Finally in this page choose either Windows 64bit Linux 64bit or
118. for but the most important feature among these is adding the devices Just as you have done in the tutorial there are two ways to add devices to netLD inventory e The Automatic Discovery feature e Adding devices manually In order to discover the devices automatically you have to configure both netLD and the device itself If you encounter any trouble first check Fig 3 3 1 Both menus for adding the devices are placed under Inventory Add section in the Tools Menu Add new device is for the manual process and Discover new devices is for the automated discovery Copyrights LogicVein inc All rights reserved 59 CHAPTER 3 BASIC TOOLS Figure 3 3 1 Requirements for Device Discovery 1 your device is SNMP compatible and its SNMP feature is turned on 2 you have registered all necessary information in the previous section and 3 you have resolved any port conflicts between netLD and other firewall anti virus software in your network The port usage is listed in the Data section Chapter 7 4 The maximum number of IP addresses discovered is 66 000 We consider this is a sufficient number because it is clearly a vast IP space for this enterprise class software For instance 10 2 x x already contains 65 025 addresses Figure 3 3 2 Inventory gt Add gt Device Inventory Tools Change 44 Smart Change hj Reports Credentials E M Protocols Add ge Add new device E Discover new devices Import Export Export
119. fter the deployment is completed the device reloads automatically and the deployed configuration is applied You can see the history of Cisco PnP job in History tab The maximum size of the configuration file per device is about 20KB Copyrights LogicVein inc All rights reserved 161 CHAPTER 4 ADVANCED TOOLS 4 2 4 Importing the Replacement Values in Cisco PnP This is a new feature introduced in version 11 04 Follow the instruction below 1 After you have set up the template click on the Close button 2 Click on button and select either Save empty Excel import file or Export configurations for template to Excel menu Showing Save empty Excel import file menu Configurations Templates History Pnp Device Configurations Device ID or Template Device ID FHK104780MN TEST TESTEST TESTESTEST Template Self Recovery Specific Device Recovery Self Recovery Tsune_test N 1 1ofi v Live Status Device ID Status Menu Items Import configurations for template Save empty Excel import file Export configuration for template to Ex cel Configuration Import configurations for template Save empty Excel import file Export configurations for template to Excel Description Import an excel data which contains the replacement values for the currently se lected template Export a template with no value listed Export a template with replacement val ues c
120. g a Source IP2 ea te ed oe eee gt If the number of replacements get larger click on 8 to add a Replacement Group Add some groups and manage the replacements with the arrow buttons The navigation would be intuitive enough Add Replacement Group Group name Ac 3 9 SMART CHANGE 114 In each dialog enabling Use selection as default value sets the selected value in the configuration text area as the default value of the replacement to be made In Type dropdown list you can specify the expected type of the input value When you make a Smart Change template this will not only ease the tasks to edit each device values but also ensures that only the correct configurations are sent to the devices Below we show the available types of the replacements Text Any text Hostname Hostname IP address An IP address It accepts only those texts which conform to the correct IPv4 and IPv6 format IP or Hostname IP address or hostname Choice It makes a dropdown list for selection which means that only the prede fined value is accepted Conditional It makes a checkbox to enable or disable it If the checkbox is disabled on a device the replacement is simply an empty string Now let s run the Smart Change In order to add the devices to run the Smart Change process 3 in Sec 3 7 p 92 we use the tab switching technique which we do not describe here refer to Sec 3 7 p 92 Devi
121. g RSA dname CN netLD server logicvein com QU Tech 0 LogicVein L Kawasaki S Kanagawa c JP alias ziptie keypass ziptie keystore osgi config Y keystore storepass ziptie validity 3650 Finally restart netLD service with net stop netld and net start netld Each key value pair in the step 3 has the following meaning Change the value appropriately CN Server FQDN Fully Qualified Domain Name OU Branch name O Company name L City S Prefecture State 5 4 YET OTHER MISCELLANEOUS OPERATIONS 216 5 4 2 Software License Key We do not provide instructions to upgrade a software license key from the eval uation version to the paid full version or to the superior version even larger number of devices can be added due to the security consideration We provides the instruction only from the LogicVein technical support If you need further assistance or technical support about Net LineDancer please fell free to contact below We will be pleased to help you when you find any errors or ambiguities in this manual or any questions regarding them as well Please note that we are closed on weekends national holidays New Year and sum mer holidays in Japanese time We accept e mails for 24 hours but we will only reply on those business hours Thank you for your cooperation LogicVein Inc Technical Support Mail support logicvein com 5 4 3 Resetting Client Settings You can reset the client sett
122. gal acknowledgements Apache Lucene full text search indexes Version upgrades scripts Internal configuration files Perl Runtime distribution PostgreSQL Database Real time change detection scripts Internal report definition files Internal temporary file storage directory Apache Derby database initialization files Java 7 temporary file storage directory Device tool scripts Core service code Online update temporary storage directory Net LineDancer service executable and configuration 7 3 PERMISSIONS CONFIGURABLE IN ROLES 232 7 3 Permissions Configurable in Roles 7 3 1 List of Permissions Here is the list of configurable permissions No Descriptions of permissions 1 view compliance rule sets and policies 1 1 create update delete a compliance policy 1 2 create update delete a compliance rule set 2 view device configurations administer credentials and protocols create update delete device information in the inventory assign names to custom fields tag untag in the inventory administer scheduler filters run a backup job 00 1 co N DD Oo A W create update delete a backup job run a device discovery job T Aa create update delete a device discovery job run a tool 10 1 create update delete a tool job 10 2 run a tool which changes a device configuration 11 run a report 11 1 create update delete a report job 12 run a restore job 13 run a neighbor colle
123. group of users with different RADIUS attributes applied For example if you have two roles Administrator and Operator you can create one Network Policy for each and specify the Filter Id appropriately for each Copyrights LogicVein inc All rights reserved 249 CHAPTER 8 APPENDICES
124. hange Command Runner Command Runner Specify the commands to run against the devices conf t hostname 26006 end write ra Override the default prompt regex de Response timeout seconds 60 _ Perform backup after tool completes Execute Cancel Copyrights LogicVein inc All rights reserved 295 CHAPTER 6 FAQ 6 5 Is it possible to send a trap when the config urations were changed Yes netLD sends a trap to notify such event as a configuration change Sec 4 4 2 p 183 The Trap information sent to NMS contains hostname IP address and configuration file name of the device Deviee s configuration has been changed r a 2 Device sends SYSLOG to naL D 3 nat backups the device s configuration 5 netLO gt 4 oLD checks ifany change in configuration exists 2 nctLD sends a trap to NMS j Configuration File Name can 6 6 HOW MANY JOBS CAN BE RUN AT THE SAME TIME 226 6 6 How many jobs can be run at the same time netLD runs up to 10 jobs at the same time by default If the number of the current jobs exceeds 10 they are handled sequentially This value is automatically configured by netLD by analyzing the system performance of the server Careful tuning is required and so the manual configuration is not available If you do need to configure this value contact the technical support Even though the larger number might seem to allow for faster processi
125. haracters are supported Hostname fnetid company com Organizational unit name teh Organization name Logicvein Inc City Kawasaki O Stake or Province Kanagawa O0 Country Code JPF Mullsort Install System 2 45 lt Back Install Cancel Installation continues Installing Please wait while Wet Linebancer Enterprise is being installed y Extract Parsers pm 100 Sas Output folder C Program Files Net LineDancerfadapters ziptie adapters dell powe Output folder C Program Files Net LineDancer adapters ziptie adapters dell powe Output folder Program Files Net LineDancer adapters ziptie adapters dell powe Extract PowerConnect metadata xml 100 Extract PowerConnect pm 100 Output folder C Program Files Net LineDancer adapters ziptie adapters dell powe Extract Autologin pm 100 Extract Disconnect pr 100 Extract GetConfig pr 100 Extract Parsers pm 100 F Mullsoft Install System v2 45 Back Mext gt Gancel NetLD authenticate the serial number via Internet so the Internet connection is required in order to activate it Without Internet connection you have to obtain a static license file from us Please contact support logicvein com Also when we issue a license file we require the MAC Address of your server MAC Address can be obtained by ipconfig all on windows CUI or ifconfig on UNIX like systems If the server has mul
126. he job every day of the week specified Monthly run the job every 1 n x k months Many options are available Cron to specify the job s schedule with a cron expression e Refer to the Sec 8 1 for cron configuration Timezone Specify the time zone Filter Select an opt out filter applied to the schedule The job is not executed on the timing specified by this filter For further detail see Sec 5 1 2 Do not forget clicking on the button to save the job It is in the upper right corner of the status pane If the button is active red some changes are not saved yet PA Next Fire Time GMT 9 2013 12 25 12 00 Copyrights LogicVein inc All rights reserved 99 CHAPTER 8 BASIC TOOLS 3 7 2 Status Indicators in Job History Subtab Here is the list of the status indicators Menu Items Description netLD performed the job on all devices successfully netLD performed the job but it failed on some devices o o netLD failed to perform the job on all devices The Data retention policy of the job history is described in Sec 5 2 1 3 8 REPORT 100 3 8 Report Net LineDancer provides several types of useful and informative reports on the devices You can run it from the menu at any time and it can be scheduled to run automatically Figure 3 8 1 The Report tools are available under Reports submenu Device Inventory Tools Change 44 Smart Change 4 Reports Backup Summary Configuration Changes H
127. his is expected because we have not yet entered the credential information Credential information is described in the next section Figure 1 5 1 Results after adding a device Icons indicates the status of the device e g in this figure Y indicates successful addition However users reading this tutorial usually do not see much usually and it is an expected results gt 3 w Add Devices Credentials Validate Backup Setup Schedules add more devices w Discovery 192 168 10 0 24 IP Address Adapter Status O 192 168 10 1 Cisco IOS Device added 192 168 10 254 There was no SNMP response The discovery can be run later described in Sec 3 3 1 If you already have a CSV spreadsheet containing the list of device IP addresses Import from Excel Copyrights LogicVein inc All rights reserved 19 CHAPTER 1 TUTORIAL option might be useful The specification of the spreadsheet columns is available in Sec 3 3 6 1 5 2 Setting the Credentials After the devices are added you have to register the login information for the devices in order to allow netLD to freely login the devices In Startup Wizard you can click on the large Credentials icon to do this lia First enter an arbitrary name for the network group This can be modified later In this example we chose LogicVein ic e E gt w Add Devices Credentials Yalidate Backup Setup Schedules Enter a name forthe new network group Next choose if
128. hould look like the following gt Input Parameters E Devices Y Schedule El _ All Devices ej Search Static list Interface IP Custom 1 Devices with tags y and j or Vendor Any v Admin IP Custom 2 lispy Hostname Custom 3 Status Any Custom 4 Serial Changed Any v Custom 5 MAG Use search from devices view Copyrights LogicVein inc All rights reserved 95 This is the Static List option in Process 3 Input Parameters 3 Devices Schedule _ All Devices Search e Static list IP Address Hostname CHAPTER 3 BASIC TOOLS Now an important technique is introduced here It might seem a bit tricky but once you get accustomed to it you would soon feel it very comfortable We call it a tab switching technique which effectively utilize the nature of the two panes available in the netLD interface namely main and status pane You can move the upper main pane to the Devices Tab Now you can choose the devices that a job is run Select the devices in the Device View as usual and click on the Add selected from Device View search button in the lower status pane Devices o clear search basic search Z IP Address HW Vendor Hostname 10 0 3 253 Fujitsu 10 0 3 250 Cisco 3560 10 03 15 Cisco C2500_LVI 1003 6 Cisco C2600_6 10034 Cisco Cat2500_4 1003 2 Cisco C2500_2 10031 Cisco LVL test
129. ials WTE Password we Enable Username Iwi Enable SecretrPassweordi SNMP Get Community eee SMMPyS Authentication Username SAMMP WS Authentication Password wi ap SNMPv3 Privacy Password 20 In VI Y Username and VTY password area enter the CUI login username and the password used during the SSH or telnet connection If the devices have both the secret password and enable password enter the secret password If only the enable password is available on the device enter the enable password You can add multiple Network Groups Also you can register multiple Cre dentials and IP ranges per each group The concepts like Network Groups and Credentials are described in detail in the later chapter Sec 2 4 Credential feature is available outside of Startup Wizard just as Adding devices is You can change the value in Inventory gt Credentials Further description is available in Sec 3 1 Copyrights LogicVein inc All rights reserved 21 CHAPTER 1 TUTORIAL 1 5 3 Performing a Backup When enough number of devices are added to the inventory perform the first backup by clicking on Run Backup button Ss 2 g T Add Devices Credentials Validate Backup Setup Schedules In order to validate the configured credentials and to acquire configurations for the devices in the inventory a backup has to be run against all devices Run Backup Backup Status IP Address Hostname 10 0 21 ssg5 8 10 0 2 2 IX2025_
130. icate through with the Terminal Server Proxy SSH Port below Click on the OK button to save the change Remember that you must open the access to the SSH port in your firewall program Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Server Settings User login idle timeout minutes 300 Bd w Enable the Terminal Server Proxy SSH hi Terminal Server Proxy SSH port 2222 Copyrights LogicVein inc All rights reserved 143 CHAPTER 4 ADVANCED TOOLS 4 1 3 Login Before trying to log in take a memo of the netLD server IP address First open and start an SSH client and connect to the netLD server The type of the client does not matter you can use a standard OpenSSH on various OSes like UNIX Mac OSX Linux and Windows machines additional installation is required on Windows In this example we assume the server is 192 168 0 77 and the client is bash Again remember that you must open the access to the SSH port in your firewall program bash gt Log in to the netLD server as an usual SSH session The username and pass word are the same as those used in the usual browser GUI interface login Note that you have to specify the appropriate port upon login On Linux version it is 2222 and on windows version it is 22 same as what S
131. ifying the Columns in the Device View 188 5 1 2 Scheduler Filters eee 189 mia Device TUS cea o E aa aw 191 5 1 4 Display Neighbor Information 194 5 2 Configurations Available in Settings Window 194 5 2 1 Setting the Data Retention policy 195 5 2 2 System Backup and Restoration 2 195 Daa Mall Servo lt lt tee eee a we A 197 5 2 4 Changing the Data Directory in Operation 199 5 2 5 netLD RADIUS External Authentication 199 5 2 6 Changing the Column Names of Custom Device Fields 201 5 2 7 Launchers URL Launchers 201 5 2 8 Network Servers 2 00 eee ee ee ee 203 5 2 9 Software Update 0 0 0000 eee 205 To Hep MOni bac bo ee be SSeS aS Gee Ow eS 206 Boal Pil Soe e bee ee eet aaa 206 Boe PUG cinco dbs Rhee GEE BH BSS 206 Dir ADO sra eee hea eee ee eee 207 5 4 Yet Other Miscellaneous Operations 209 5 4 1 Security Certificate on Browsers 209 5 4 2 Software License Key 0200 216 187 5 1 CONFIGURATIONS RELATED TO DEVICES AND OPERATIONS 188 5 4 3 Resetting Client Settings 206 216 OAS Upgrading netLD aw sac eee PR RE mS ee mS 218 5 4 5 Uninstalling netLD 218 5 1 Configurations Related to Devices and Op erations 5 1 1 Modifying the Columns in the Device View To modify the columns in the Device View click on the top right Select columns
132. ils see the man page of service by entering man service on console 2 6 SERVICE MANAGEMENT 36 Figure 2 4 2 Users section in Settings window Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Server Settings Username a Full Name Email admin Administrator netld nowhere x asai mizumachi Role Type Administrato Local Administrato External Administrato External Figure 2 5 1 Network section in settings window Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Server Settings Name a Bridge Default Default aaa Default f x OK Cancel Copyrights LogicVein inc All rights reserved 37 CHAPTER 2 NETLD BASICS Figure 2 6 1 Background Service and GUI concept om e an a ve Vim Ae mas wee an i mo x 3 Se po gt ren En H n x ey t Service Program i Figure 2 6 2 This is the Task Bar Icon of netLD ss 12 05 ME 19 06 90 ME Figure 2 6 3 Right click on the icon and the menu appears then start stop the Service Mistart Het Lmelancer stoop Net LineLlancer Exit Service Manager Pa 20120620 at 2
133. in Cisco PnP Device Configuration dialog and click on the OK button This time select Self Recovery option for Deployment Type PoP Device Configuration Device ID Deployment Type Self Recovery 7 After that the configuration data already stored in netLD is restored back to the device All remaining processes are the same as in Template based deployment Copyrights LogicVein inc All rights reserved 165 CHAPTER 4 ADVANCED TOOLS 4 2 6 Cisco PnP Specific Device Recovery This feature configures a new device replaced with a certain old device automat ically If the device is malfunctioning in the network you just replace the device and run Cisco PnP zero touch then deploy the same configuration as the old one had This is quite effective when a device is malfunctioning in a in a remote environ ment Assume you cannot actually touch the device because the site is in a good distance from where you are and also no one in the data center can deal with the device configuration With Cisco PnP you just have to tell someone there to insert the cable into a replacement device by phone which obviously does not require much knowledge and you just upload the configuration to the new device remotely Again the processes are almost the same as using Cisco PnP Template feature First move to Configurations subtab in the main pane then click on J Devices Jobs Terminal Proxy Search Compliance Cisco PnP Configurations T
134. ing It resets the miscellaneous status such as the checkboxes in the dialog 1 Click on the current username located the upper right side of screen 2 Click on the Reset client settings button and click on the OK button to save the change Copyrights LogicVein inc All rights reserved 217 Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update CHAPTER 3 MISCELLANEOUS Figure 5 2 8 Software Update Server Settings Current version 14 06 revision 20140707 1054 The software is up to date Y Enable online update checking v Enable anonymous usage reporting n ai Figure 5 4 1 Resetting the client settings Nau f t i 25 10 1843 11 o admin e m e ge Cisco CNS Deployment Username admin Full Name Administrator Email netid nowhere x Role Administrator New Password Confirm Reset client settings Y Use system fonts requires client reload 5 4 YET OTHER MISCELLANEOUS OPERATIONS 218 5 4 4 Upgrading netLD Also refer to the Sec 5 2 9 p 205 automatic update section for a guide to run the automatic update via Internet In this section instead we describe how to update your netLD from a binary installation 1 Stop the netLD server first The netLD service can be stopped from the system tray
135. ing a quite large report may require significant amount of CPU power and the server may hung up Confirm Execution No devices are selected The current search criteria will be used to execute against 24 devices Would you like to continue Yes Mo Select a report format to issue and click on the OK button Report Format Selection Selec format HyperText Markup Language html v ani tt co OK Cancel i eer Reporting does not automatically fetch the latest information from the devices If you need the latest information to be included perform a backup prior to the execution 3 8 REPORT 106 3 8 2 Scheduling the Reports netLD has a feature which schedules a periodical report and e mails the result to the administrator The schedule can be configured in Job tab New Job gt Report Now assume we are trying to issue an Inventory Report Create a new report Devices Jobs Terminal Proxy Search Compliance Cisco PnP Network Default v asai Logout Settings Help Job History Job Management i a 3B 3 New Job 77 Filters Name Network Type Comment Backup Tool job Default Tool Discovery sa Neighbors ki Report Smart Change Tool Enter the name and the comment of the job then select the desired report type from the dropdown list now it is Inventory Report Click on the OK button Tool Job Job Mame Inventory Report Network Default Comment My first report Report Inventory
136. ion E AA Reload after deploy Inventory iv Automatically add to Inventory and Backup after ZeroTouch Primary Management Interface FastEthernet0 0 kd Menu Items Device ID Deployment Type Template Target configu ration Automatically add to In ventory and Backup after Zero Touch Primary Man agement Inter face Description Specify a device ID according to the ID type selected in the above field Select Template to deploy the configuration template you have created Specify the template to be deployed Specify which configuration netLD should deploy the data to Add the device to the inventory and get its backup con figuration after Cisco PnP Zero Touch is run Select the management interface to use while adding the device netLD parses the template and automatically in fer which interface is available on that device If no in terface description is found in the configuration then no item would appear in the list Copyrights LogicVein inc All rights reserved 159 CHAPTER 4 ADVANCED TOOLS In the fields to the right select each template variable and enter the parameter values for it Configurations Templates History Zero Touch Device Configurations CNS Device ID or Template CNS Device ID QD FHK1345705Y 4 1 10f1 Live Status CHS Device ID Template 25004 Template Status Go dh Cisco CNS Deployment ID FHK13457057 Template
137. ions 233 7 4 Compliance Rules Provided by Default 02 235 7 0 Recommended System Requirements 236 7 6 Updates in version 13 08 e 237 7 7 The List of Available Device Adapters 238 7 7 1 Supported Device List version14 06 2 239 7 7 2 IOS Software Distributing Exception 242 1 1 3 Getting the Latest Adapter Information 242 TE IEEE EN 242 CONTENTS x111 8 Appendices 243 Ol APO iIMiML eee ce bbe eee ee AE EH eB 243 8 1 1 Scheduling patterns 0 0 0 0 0 0 0000 244 8 1 2 Some examples e 245 8 2 Setting up Active Directory on Windows Server 2012 247 MA ii IEEE 247 Chapter 1 Tutorial Now we give a tutorial that helps you install our products This chapter forms a full tutorial that is helpful when you first run the trial version of netLD If you have a full manual and a tutorial the contents are going to be exactly the same so you can simply ignore the latter 1 1 Getting netLD For the users who first get this manual before getting the software we provide a brief introduction to our website Please understand that the website appearances are subject to changes If you already have the software you can safely ignore this section Following the tutorial here you can get a free trial version of NetLD The free version can later be upgraded to the full version by adding a license
138. isorio isis asa 42 3 1 1 Dynamic Setting Strategy 2 06 43 3 12 Static Setting Sirategy i cei vv ewe ee dune i 46 3 1 3 Import from an Excel spreadsheet 48 3 2 Users and Roles o ened wwe a e eee 4 o 50 3 2 1 Creating a Role os s cosas ras ewe So Se we So 50 3 2 2 Creating a User aooaa we mete wa GR 51 3 2 3 Quick Password Change 0 53 3 3 Tools for Devices seee e ee 54 3 3 1 Adding Devices oaoa 00000 eee 54 pee Discover New Devices gc oae bee ow See eww a 56 3 3 3 Adding Devices Manually 58 3 3 4 Editing and Deleting the Devices 60 3 3 5 Searching Devices eee eae 60 3 3 6 Exporting and Importing the Inventory 62 3 4 Configuration and Backup 64 34 1 e EN 65 3 4 2 Status after Performing Backup 66 3 4 3 Restoring the Configuration 67 0414 Device Property 2 44444 ea dR ee eee sered 67 3 4 5 Comparing the configurations 71 3 4 6 Checking the Mismatch in startup config and running ee nk k eae ee ee hee Ee eG amp 13 Ber Tools DICK ic bth Sow ee CET EN SCE E ERE EGE SE 74 Decl DNS LOORI eso eses aa we 74 3 5 2 IOS Show Commands lt ss sa as bassas assau 15 oon IP Routing Table sis das dea as DS 76 Oe Pia eee hee ee de Hee Ree ee OD 76 3 5 5 SNMP System Info 204 17 3 5 6 Interface Brief oceania 7 S0 AVTACOIOUNG es rosa
139. ith standard installation process of windows programs However few things to note we require the Internet connec tion to automatically certificate your license key or you are required to run an additional process On the server double click on the netLD installer to start the installation netld Enterprise 2013 08 0 64bi exe DancerNetworks Select a language to use from the drop down menu and click on the OK button to start the Setup wizard Installer Language Y Please select a language cancel _ 1 2 INSTALLING NETLD 6 After selecting language to use NetLD checks the port usage Following error message will show up if the installer find any applications using the required port The Following ports needed by Net LineDancer are in use by other software These services must be disabled For Met LineDancer to Function properly Ports in use HTTPD Click on the Next button to go to License Agreement dialog Met LineDancer Enterprise Setup Ta xl Welcome to the Net LineDancer Enterprise Setup Wizard This wizard will guide you through the installation of Met Linebancer Enterprise It is recommended that you close all other applications before starting Setup This will make it possible to update relevant system Files without having to reboot your computer Click Mext to continue cacal Copyrights LogicVein inc All rights reserved Y CHAPTER 1 TUTORIAL License Agreement dialog Press page
140. ity Passport 1600 Passport Tiara PA 500 Series OFR RT RTX 7 8 CONTACTS 242 7 7 2 IOS Software Distributing Exception You can update or distribute Cisco IOS software images to devices by Net LineDancer except the following devices that are started up with flash For more information please contact support logicvein com e Cisco 1600 e Cisco 2500 e Cisco AS5200 7 7 3 Getting the Latest Adapter Information Also the latest information can be obtained in our website We provide a more detailed version of the above list Supported Device and Feature Matrix e http ww logicvein com product device html e http ww logicvein com product pdf matrix pdf 7 8 Contacts If you need further assistance or technical support about Net LineDancer please fell free to contact below We will be pleased to help you when you find any errors or ambiguities in this manual or any questions regarding them as well Please note that we are closed on weekends national holidays New Year and summer holidays in Japanese time We accept e mails for 24 hours but we will only reply on those business hours Thank you for your cooperation LogicVein Inc Technical Support Mail support logicvein com Copyrights LogicVein inc All rights reserved Chapter 8 Appendices In this chapter we describe 1 the cron expression language and 2 the guide to set up Windows Active Directory on Windows Server 2012 8 1 Cron tutorial
141. ive Directory on Windows Server 2012 A RADIUS server can be configured on Windows Server 2012 using Active Direc tory and Network Policy Server 8 2 1 Installation Active Directory and Network Policy Server can be installed by going to the Server Manager and in the Dashboard and clicking Add roles and features 8 2 SETTING UP ACTIVE DIRECTORY ON WINDOWS SERVER 2012 248 8 2 2 Configuration 1 Network Policy Server a Top node NPS Right click gt Register server in Active Directory b RADIUS Clients gt Right click gt New 1 11 111 IV Friendly name anything Address netLD server IP address shared secret OK c Network Policies Right click gt New 1 11 111 Policy name anything Next Conditions Add User Groups Add Add Groups gt Domain Users iv Next v Permission leave defaults Access Granted vi Next vil Authentication Methods gt check Unencrypted authentication vill Next ix Constraints leave defaults x Next xi Settings RADIUS Attributes Standard gt Add A Attribute Filter Id Add B Attribute Information gt Add C String value role Administrator D OK xii OK d Close 2 Next 3 Finish This configuration allows netLD users to authenticate as a domain user and will grant the user the Administrator role You can create any number of Net work Policies each one can represent a different
142. king on each device It is highlighted in green Intuitively each element in the Device View corresponds to one network device such as CISCO switches and routers The amount of information in the table varies among the device vendor For example netLD does not show the serial number for Apresia devices On Device View you can click on the device to select it Just as in the common file manager software you can select multiple devices by pressing Shift key or Control key while clicking on the device When you press Shift the range of rows are added into the selection When you use the Control key the clicked row is added into the selection This is useful when you apply a single operation on many devices and most table like views in netLD provide the same feature If you have already through the tutorial and successfully run the backup the Backup Status should contain some icons There are many other icons and the details are described in the later section Sec 3 4 2 2 DEVICES CONFIGURATIONS AND BACKUPS 30 Successful backup Credential error Backup Failure Devices can be added modified deleted backed up tagged and searched for Each feature can be accessed from the following menu The details are described in Sec 3 3 Adding the devices Inventory gt Add Editing the properties of the selected devices Device Edit device prop erties You can manually modify the IP address hostname and the device type a
143. l Authentication 199 5 2 6 Changing the Column Names of Custom Device Fields 201 xil CONTENTS 5 2 7 Launchers URL Launchers coords aa 201 5 2 8 Network BOTY sc o sese ee nu Srs RE a 203 5 2 9 Software Update oaoa aa a 2 0 2 2 008 205 5 3 DIEM nor eee RE a 206 A ee ee eee eee SP eee ee aa 206 Sre DEDI rr a ra nc a a ea ae 206 A RA 207 5 4 Yet Other Miscellaneous Operations 209 5 4 1 Security Certificate on Browsers 209 5 4 2 Software License Key 00 0000 216 5 4 3 Resetting Client Settings 0 000004 216 9 4 4 Upgrading netLD 02 0004 218 a4 Uninstalling netLD o a ses a6 ese e ee ewe ae we ed 218 FAQ 221 6 1 Devices are not successfully discovered nor added to the device list 222 602 II 222 6 3 The wrong IP address is displayed during the discovery 223 6 4 Is it possible to upgrade the firmwares of our devices at once 224 6 5 Isit possible to send a trap when the configurations were changed 225 6 6 How many jobs can be run at the same time 226 6 7 Error No connection based protocol specified occurs when I try to run a change tool onoo he nad a PPA Data 229 Til POR Usage on he GG ke GES RRO Em aE a RS 230 Ta WU coo Re wR eh ee eee ss 231 1 3 Permissions Configurable in Roles 2932 7 3 1 List of Permissions 232 1 3 2 Permission vs Available Operat
144. lcatel Lucent Allied Telesis Allied Telesyn Alteon Anritsu APC Aruba Networks BlueCoat Brocade Check Point Model series Operation System ACOS Netvanta AX S Series OmniSwitch 87005L Series X Series FS900M Switches AD3 PureFlow GS1 Smart UPS ArubaOs ProxySG Fabric OS SecurePlatform VPN1 Edge Firewalls 7 7 THE LIST OF AVAILABLE DEVICE ADAPTERS 240 Figure 7 7 3 Supported Device List part 2 Vendor Cisco Systems Citrix Systems Dell D Link Enterasys Extreme Model series Operation System ACNS Platforms ArrowPoint CatOS CS500 GSS Appliances IOS Linksys LocalDirector MDS Series SAN OS Nexus Security Appliances VPN 3000 Series VxWorks WAAS Platforms Wireless LAN Controller WLSE NetScaler PowerConnect DGS Series Matrix SecureStack Switches SOR VerticalHorizon Extremeware XOS Copyrights LogicVein inc All rights reserved 241 CHAPTER 7 DATA Figure 7 7 4 Supported Device List part 3 Vendor F5 Networks Fortinet Foundry Fujitsu Furukawa electric H3C Hitachi Metals HP Huawei Juniper Networks NEC Nortel Palo Alto Networks Vyatta Yamaha Model series Operation System BIG IP 3 DNS FortiGate Edgelron FastIron SR S Series Si R Series FX Series Switches Apresia ProCurve M ProCurve VRP OS DX Junos ScreenOS Wireless LAN Controller IX Series WA Series Accelar BayRS Baystack Contiv
145. led Wed 13 Jun 01 15 12 by kellythw 10 0 3 248 2960Cisco Switch Chassis WS C2960 24TT L FOC111779D WS C2960 24TT Card 1 Stack WS C2960 24TT L73 10390 03 FOC11164YWMaster Switch Copyrights LogicVein inc All rights reserved 103 CHAPTER 8 BASIC TOOLS Hardware Change Report shows the change history and the detailed status of hardware whose configuration is changed during the specified period Hardware Change Report 7 15 14 7 38 PM netLO Enterprise Type Slot Slot Type Model Part Serial Description 10 0 2 5 Apresia_SW Switch 07 07 2014 2 10 PM Chassis Apresia3424GT SS Apresia Switch 10 0 2 50 AX24305 Switch 07 07 2014 2 10 PM Chassis AX24305 24T 856015 AX24305 24T OS L2 Ver 10 4 10 0 3 4 2500 Router 07 07 2014 2 10 PM Chassis cisco2500 06930549 Cisco Internetwork Operating System Software 10S tm 2500 Software C2500 L Version 12 1 9 RELEASE SOFTWARE ic1 Copyright c 1986 2001 by cisco Systems Inc Compiled Wed 13 Jun 01 15 12 by kellythw 10 0 3 248 2960Cisco Switch 07 07 2014 2 10 PM Chassis WS C2960 24TTF L FOC111729 WS C2960 24TT L Backup Summary shows the backup status summary Number of successes and failures are summarized into a pie chart Simple descriptions of failures are listed in the bottom of the report if any Backup Summary netLO Enterprise ASAA 7 38 PM Backup Status Summary Success No protocols available Hostname IP Address Vendor Error Type
146. lete all data stored by Met LineDancer Do vou want to preserve your data Copyrights LogicVein inc All rights reserved 219 CHAPTER 5 MISCELLANEOUS If you choose Yes the configuration is saved in the original installation direc tory Moving copying the directory to the other devices or servers will help you migrate to the other environment After that e Click on the Next button e Click on the Uninstall button e Click on the Next button e Select Restart Now option and click on the Finish button to close the unin stallation wizard Uninstalling Smart Bridge T he process is straightforward and same as uninstalling netLD 1 In the Windows Programs and Features dialog select Net LineDancer Smart Bridge from the Name list and click on the Uninstall button 2 Confirm the directory to delete and click on the Uninstall button to start the uninstallation process 3 When uninstall process is completed the following message will be displayed Click on the Close button to end this wizard Chapter 6 FAQ In this chapter we answer the frequently asked question collected from the past user feedback If you need further assistance or technical support about Net LineDancer please fell free to contact below We will be pleased to help you when you find any errors or ambiguities in this manual or any questions regarding them as well Please note that we are closed on weekends national holidays New Year and sum
147. lex auto Violation if not matched speed auto Violation if not matched Additionally at a higher level you can define a Policy which is what is actually applied to each device A policy again consists of many rule sets However it also manages which device belongs to that policy which kind of severity error warning or info should a violation be assigned to as well as current and historical status of the violations detected on those devices Copyrights LogicVein inc All rights reserved 117 CHAPTER 3 BASIC TOOLS 3 10 1 Various Rule related tabs To define rules rule sets and policies you have to open Compliance tab and edit the elements in each tab Let s review those tabs first Rule Sets Subtab Rule Sets subtab in main pane contains some rule sets Figure 3 10 1 Rule Sets Subtab e w Compliance oe w admin Logout Help Policy Rule Sets i Description dp Create Copy p Rule Set Adapter Config Source SANS Institute Cisco Router Hardening Step by Step IOS Interface Auto Duplex Speed Cisco IOS running confi y s Remove Unneeded Services IOS Secure Enable Passwords Cisco IOS running config IOS Telnet Restricted Access Cisco IOS Irunning config In global configuration mode UDP and TCP small services should be disabled They P n are on by default in Cisco routers The services are echo chargen daytime and IOS SSH only Restricted Access Cisco IOS running confi y
148. ls d Mi os SV La Protocols Hostname 3 Add new device F Discover new devices Import Export Export inventory as Excel file fF Export inventory with configurations as ZIP file Save inventory import Excel template E E Importfupdate inventory from Excel file Manage al Device Tags Run Startup Wizard 1 5 INITIAL CONFIGURATION 18 1 5 1 Adding the Devices You can add devices to the inventory either manually or automatically but now we describe the automatic method only First open up Startup Wizard You will see 2 input areas IP Address CIDR and Community String IP Address and CIDR specify the target range of the IP Addresses with a subnet mask Community String is the information netLD uses in the SNMP communication during the automatic discovery In most devices the read only community string is public by default e w Add Devices Credentials Validate Backup Setup Schedules IP Address CIDR 10 0 0 0 fo 24 a Discover using SMMP Community String public y Import trom Excel a Crawl the network from the specified addresses configure discovery boundaries Discover Menu Items Example IP Address CIDR 192 168 0 1 24 Community String public Once you think you have entered the correct information try the Discover button A new table shows up and tells you about the progress The leftmost icons are supposed to show O or which indicates some information is missing However t
149. lt Configurations Templates History Settings v admin Logout Settings Help Cisco CNS Deployment 192 168 1 100 DHCP Server Address Pools Address Pool Relay Server Address Range 192 168 14 Default Subnet Mask 255 255 255 0 Overrides Gateway TFTP Server DNS Server Autolnstall bootfile General Settings _ Enable DHCP Server Lease Time 5 minutes v Add DHCP Pool Pool Name Relay Server CIDR Save Figure 4 2 4 Adding a template from Cisco PnP Tab Templates Devices Jobs Terminal Proxy Search Compliance Cisco PnP Network Default v asai Logout Settings Help Comiguraiinas y Templates Histury Cisco Plug and Play Templates Configuration Template Description Test Add Configuration Template Template Type CNS Dynamic Configuration gt Autolnstall Static Configuration Template Name 2500A Template Description OX_ Cancer ta 4 2 CISCO PLUG AND PLAY OPTIONAL 156 4 2 3 Template Based Deployment In a large network sometimes there are many devices with similar configurations i e the difference is limited to the IP address hostname DNS or syslog servers With aid of Master Configuration template you can reduce the effort of customiz ing the configuration files for those devices We assume you are already familiar with using a template feature in netLD If you are not then we strongly suggest you to read the Smart Change section p 108 to understand the conce
150. lues range is from 0 Sunday to 6 Saturday other wise this sub pattern allows the aliases sun mon tue wed thu fri and sat The star wildcard character is also admitted indicating ev ery minute of the hour every hour of the day every day of the month every month of the year and every day of the week according to the sub pattern in which it is used Once the scheduler is started a task will be launched when the five parts in its scheduling pattern will be true at the same time Copyrights LogicVein inc All rights reserved 245 CHAPTER 8 APPENDICES 8 1 2 Some examples 5 kx ok ok ok This pattern causes a task to be launched once every hour at the beginning of the fifth minute 00 05 01 05 02 05 etc kok k kX This pattern causes a task to be launched every minute 12 Mon This pattern causes a task to be launched every minute during the 12th hour of Monday 12 16 Mon This pattern causes a task to be launched every minute during the 12th hour of Monday 16th but only if the day is the 16th of the month Every sub pattern can contain two or more comma separated values 59 11 A 2 This pattern causes a task to be launched at 11 59AM on Monday Tuesday Wednesday Thursday and Friday Values intervals are admitted and defined using the minus character 59 11 x x 1 5 This pattern is equivalent to the previous one The slash cha
151. matically stored into the configuration history IX2025_LVI config exit exit IX2025_LVI exit exit Connection to 10 0 2 2 closed netld To exit the netLD session again hit exit netld exit exit Connection to 192 168 0 77 closed bash gt Auto completion During the session with the netLD server connect c shows the list of top 10 host names starting with c in your network Enter the key number of the device then hit Enter It automatically tries to log in and when successful the prompt on the device appears Also the auto completion is available e g connect c lt Tab gt shows all host names starting from c When the target device was not in the list you can narrow down the list of the matched devices by entering additional characters like cisco lt Tab gt and the list contains only the devices starting with cisco You cannot login to the devices in the Network which you are not authorized Without an authorization you can login only to the devices in the Default network To switch the network enter network lt network name gt More descriptions are available in Sec 2 5 p 35 Copyrights LogicVein inc All rights reserved 1 145 CHAPTER 4 ADVANCED TOOLS 4 1 4 Terminal Proxy Log You can check the terminal proxy history in Terminal Proxy tab double click on a log and you will see the detailed log on the lower pane Terminal Proxy log e Terminal Proxy a F
152. nable Host the HTTPS web client on a non standard port checkbox and change the port number and click on the OK button Click on the Yes button in Restart Required dialog to restart netLD server Restart Required some changes require the server lo be restarted Would you like to continue Yos Cancel ls Reference Sec 7 1 p 230 5 2 9 Software Update netLD automatically checks for updates and notifies if any updates are available including adapter or manual updates Automatic update notification needs an Internet connection Usually you will find the update notified on the top of the screen Software Update Available 5 3 HELP MENU 206 To update the software explicitly 1 Click on the Install Update button to update Click on the Yes button to confirm starting the update 2 Download starts automatically When the update is complete netLD service restarts and then the new login screen appears Downloading the updates Downloading updates 8025 26714 KB 5 3 Help Menu Help Menu is used to send a log check the manual FAQs and so on 5 3 1 FAQ Clicking on this menu opens FAQ page in our website 5 3 2 Manual Clicking on this menu opens netLD product manual Copyrights LogicVein inc All rights reserved 207 CHAPTER 5 MISCELLANEOUS 5 3 3 About There are several features in Help gt About and they are useful for debugging To use the features in this section you have
153. name Type Text i Use selection as default value Copyrights LogicVein inc All rights reserved 111 CHAPTER 8 BASIC TOOLS Once the part is set as a replacement it is highlighted in yellow in the Commands field We next select an IP address to make it into a template Access List i 38 Template lt Replacement Values Sj Devices h Schedule Gi Ea la Replacements Commands Y access list name cont t ip access list Y 20 permit ip host host 172 16 0 1 log 10 permit ip host 192 168 0 2 host 172 16 0 1 log end write mem ci 7 0 el e Add a replacement of type IP address with a name Source IP in the same manner The I P Address type requires the replacement value specified later to be a valid 1P address Add a Replacement Selection 192 168 0 1 Name Source IP Type IP Address Use selection as default value leon lsc Next we select 172 16 0 1 and add a Choice type replacement with a name Web Server Access List i 25 Template Replacement Values 4 Devices f Schedule G aR Replacements Commands 3 conf t y Y access list name ip ae L eip Source IP 20 permit ip host Source IP 10 permit ip host 192 168 0 2 host 172 16 0 1 log end write mem 8 710 el e 19 3 9 SMART CHANGE 112 Now the replacement have two possible values each corresponds to the IP address of the different web server which needs a logging This can be later sel
154. name New Credentials VTY Password j Enable Username Enable Secret Password i SNMP Get Community SNMPv3 Authentication Username SNMPv3 Authentication Password se x SP l Jh XII SNMPv3 Privacy Password OK Cancel In Credentials window you should enter all the information needed to access the devices username password SNMP community and etc You can leave them blank if certain information is not required but if there is any lack of credential information it leads to login failure and every operations fail e g reading and writing information backup or compare would not be successful Each Credential contains the following information 2 8 CREDENTIALS NETWORK GROUPS PROTOCOLS 32 Entry VTY Username password Enable Username Enable Secret Password SNMP Get Community SNMPv3 Authentication Username SNMPv3 Authentication Password SNMPv3 Privacy Password 2 3 1 Network Group Description The username password required by the login shell on each network device The login shell can be one of ssh and rlogin remote terminal Note that VIY stands for virtual tty console Administrative Username that is required when you modify the configuration One of the two kinds of passwords for the CISCO devices former the better These correspond to each field in the SNMP data gram The name of Get Community in SNMP The name of Authorization Community defined in SNMPvs3 The commu
155. nce the UI elements are designed to be intuitive enough you might already know how to use it even before reading this section 4 We give further details of the advanced tools in our products such as termi nal proxy Smart Bridge or Zero touch which is necessary when you try to manage the large networks under many customers or you have to reduce the management effort on the remote networks 5 The rest of the sections describe miscellaneous tools tips FAQs and de fault internal data which may sometimes help you solve the problem you will encounter during the operations Note that you can start from any section especially if you are already famil lar with our products by testing the trial version This manual is composed for that purpose and each section is composed so that it minimizes the dependencies between the chapters 0 1 WHAT IS NETLD v If you need further assistance or technical support about Net LineDancer please fell free to contact below We will be pleased to help you when you find any errors or ambiguities in this manual or any questions regarding them as well Please note that we are closed on weekends national holidays New Year and sum mer holidays in Japanese time We accept e mails for 24 hours but we will only reply on those business hours Thank you for your cooperation LogicVein Inc Technical Support Mail support logicvein com Finally note that the descriptions in this manual are based on the
156. nd so on Operating Smart Bridge reduces both the CPU workload on the server and the network bandwidth usage Rather than making one netLD server monitors all devices in one network you can subdivide a large network into a set of smaller networks and delegate server s task to each Smart Bridge The server only has to manage the result data sent from each SB and the workload on the server decreases Also on a system with Smart Bridges the total amount of data communicated through the global network is significantly reduced because the data sent by each SB consist only of changes from the previous state In the following sections we describe how to set up Smart Bridge feature into fully working state 4 8 SMART BRIDGE OPTIONAL 172 4 3 1 Installation Smart Bridge program is a standalone program that works on the server You need to install them in each network segment Save the netLD Smart Bridge install program i e netld Bridge version 32bit or 64bit exe to the target server and double click on the program to start e DancerNetworks Select a language to use from the drop down menu and click on the OK button to start the Setup wizard Installer Language E Please select a language S Click on the Next to go to License Agreement dialog Net LineDancer Smart Bridge Setup Mezi Welcome to the Net Line Dancer Smart Bridge Setup Wizard This wizard will guide you through the installation of Met LineD
157. nd vendors Delete the selected devices Inventory gt Manage gt Delete device Back up Device gt Backup Search the inventory for devices via the Search bar It provides a useful incremental search interface Manipulate Tags on the selected devices Device gt Associate Dissociate tags Inventory Manage Device Tags The Tag information can be used dur ing the search 2 2 1 Adapters An Adapter basically means the model and the OS of the device netLD has a module for each adapter type and use it to manipulate the device which belongs to that adapter For example many Cisco IOS based devices like CISCO2500 have Cisco OS adapter Generally speaking the devices of the same adapter can be manipulated in the same command sequence netLD has several adapters and we are developing even more adapters for the broader range of support The complete adapter list can be found in Sec 7 7 Copyrights LogicVein inc All rights reserved 31 CHAPTER 2 NETLD BASICS 2 3 Credentials Network Groups Protocols A Credential is the login security information of each device You have to give the information to netLD in order to let it access the device Information can be added in Credentials window accessible via Inventory gt Credentials Figure 2 3 1 Credentials window Credentials Network Groups 10 0 0 1 10 0 0 50 Add address IP CIDR Wildcard or Range L Credentials VTY User
158. ng the actual speed depends on the computational power and the network speed Generally the number of jobs should not be too much because too many jobs would flood the network with lots of packets and consume the bandwidth Running a job concurrently and or in parallel Running Job 10 Job 11 IE Job 10 an additional job will be started Copyrights LogicVein inc All rights reserved 227 CHAPTER 6 FAQ 6 7 Error No connection based protocol speci fied occurs when I try to run a change tool This error occurs when Credential and Protocol cache was cleared by editing these settings To solve this issue run a backup on the device s before running change tool Chapter 7 Data 229 7 1 PORT USAGE 230 7 1 Port Usage The ports used by netLD are listed below If you need to access the target devices through a firewall configure the transmission policy of the firewall depending on which protocols to use Function Protocol Port UDP TCP Direction from netLD Cisco PnP DHCP 67 UDP netLD dest 68 UDP netLD dest HTTP 80 TCP netLD dest TFTP 69 UDP netLD dest ICMP netLD dest Automatic Discovery SSH Telnet 22 23 TCP netLD dest SNMP 161 UDP netLD dest ICMP netLD dest Setting Upload TFTP 69 UDP netLD dest restoring configurations Setting change tool SSH Telnet 22 23 TCP netLD dest Trap sending SNMP 162 UDP netLD dest Real time cha
159. nge detection Syslog 514 UDP netLD dest Backup tool SSH Telnet 22 23 TCP netLD dest SNMP 161 UDP netLD gt dest TFTP 69 UDP netLD dest FTP 21 TCP netLD dest Terminal Log Windows version SSH 22 TCP UDP netLD Client Linux version SSH 2222 TCP UDP netLD Client Client Web Browser HTTPS 443 TCP netLD client GUI Smart Bridge HTTPS 10443 TCP netLD Smart Bridge RADIUS Authentication RADIUS 1812 UDP netLD Radius Server Configured CLI protocols are used 2The appropriate configuration depends on which models of devices are in use For example 1 Adapter for IOS CLI Telnet SSH only or both CLI and TFTP 2 Adapter for Alaxala CLI Telnet SSH FTP or SNMP 3On Windows version the port usage can be modified in Settings window See Sec 5 2 8 p 205 tOn Windows version the port usage can be changed in Settings window See Sec 5 2 8 p 205 Copyrights LogicVein inc All rights reserved 231 CHAPTER 7 DATA 7 2 Directories netLD creates the following directory trees under the installation directory Directory adapters backups core crates derby Java legal lucene migration osgi config Perl pgsql real time reports scratch sql tmp tools ul update ztwrapper Description Device interaction adapters Automated daily backups Core service code Core service code Apache Derby database Java 7 Runtime distribution Open Source library licenses and le
160. ngs window shown in Fig 2 1 4 It is often called as just settings window Copyrights LogicVein inc All rights reserved at CHAPTER 2 NETLD BASICS Figure 2 1 1 A screen capture of netLD Main UI Main Tabs Global Menu 3 Search IP Hostname L advanced search Device Einventory Tools Change Smart Change amp j Reports eee Figure 2 1 2 Menu items Menu Ed Credentials LJ Protocols a m Add new device Discover new devices Menu Item Menu Item Menu Item Menu Item Manage ed Device Tags M4 Delete device Run Startup Wizard Submenu 2 1 BASIC CONTROLS AND UI ELEMENTS AA D ss O m J4 o E E in m Figure 2 1 3 Subtabs and Subpanes enai ADS lomo y an lt 28 e s wp Y me er h ee Subtabs Figure 2 1 4 Server Settings window It has various menus on the left side and the settings can be modified on the right The changes made in this window is immediately applied when you click on the OK button to close the window If you click on the cancel button then it discards the changes and closes the window Data Retention System Backup Mail Server SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and Play Software Update Server Settings Delete expired data weekly at this time Monday y els Duration
161. nity s login password defined in SN MPvs The password used for the encryption during the connection A set of credentials forms a Network Group A network group can be defined by the list of IP Address Ranges and each network group contains many credentials When netLD tries to log in to a device it looks up the network group that the IP address of the device matches If more than one credentials are available in a network group netLD tries each credential in the list in turn and use the first valid credential Note that the IP ranges should be pairwise disjoint among network groups or the incorrect credential might be applied to the devices It leads to the backup failure In the initial configuration there is only network group Default Copyrights LogicVein inc All rights reserved 99 CHAPTER 2 NETLD BASICS 2 3 2 Protocols Protocols specify the measure to connect the devices Just as credentials protocols used by netLD can be customized in Inventory gt Protocols For each protocol you can define several network groups defined by an IP range just like in Credentials It might be misleading but network groups for credentials and for protocols are not associated by its name They are named independently and no relevance is detected In each network groups you can specify the list of protocols that is used for the given IP range The list is tried upon connection from top to bottom In Credenti
162. not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Y Click here to close this webpage Xx Continue to this website not recommended More information 5 4 YET OTHER MISCELLANEOUS OPERATIONS 210 Click on the Certificate Error to open the error message and click on View certificates to start an installation yy Favorites da BM Suggested Sites E Ba Net LineDancer D Untrusted Certificate The security certificate presented by this website was not issued by a trusted certificate authority This problem might indicate an atternpt to fool you or intercept any data you send to the server We recommend that you close this webpage About certificate errors View certificates Click on the Install Certificate button Certification Path La Certificate Information This certificate is intended for the following purposefs Ensures the identity of a remote computer Issued to tech 63 Issued by tech 63 Yalid from 12 25 2013 to 12 23 2023 Install Certificate Issuer Statement Learn more about certificates Copyrights LogicVein inc All rights reserved 211 CHAPTER 5 MISCELLANEOUS Click on
163. ogicVein inc All rights reserved 93 CHAPTER 3 BASIC TOOLS Similarly when you restrict the user s access to the custom fields select Custom Fields and toggle the available custom fields The user gain the permission to see the selected custom fields Add User General User has permission to see the selected custom fields Metworks w Section name Custom Fields w EOS v EOL Y System name Y Installation Date Cancel Click on the OK button to save the user 3 2 3 Quick Password Change There is a shorthand method to change the password if you are currently logged in as a user only your own password can be modified Click on your own login username in the global menu In the example below admin is the username shown on the left of Logout a admin Logout Settings Help Change 2 Smart Change hj Reports JN114F40DA0D 3This feature is not available for users who logged in via RADIUS server authentication 3 8 TOOLS FOR DEVICES 54 Enter the new password in both New Password and Confirm fields Then click on Change Password button to save the new password My User Profile Username admin Full Name Administrator Email netid nowhere x Role Administrator New Password Confirm Reset client settings iv Use system fonts requires client reload 3 3 Tools for Devices 3 3 1 Adding Devices Devices can be added modified deleted backed up tagged and searched
164. ol menu Here is an example of creating a custom menu to use the above batch script Note that when you fill in the Argument field you specify the correct file name that you have saved the batch file as in the previous instruction Menu Name arbitrary Type Arguments Run Use Selected Object checkbox Enable Add Custom Menu Menu Mame netLD Diff Type Arguments Jomd exe e netlddiff bat A 2 w Use Selected Object T Has IP F Device Check All Check None Has SNMP Ptop Link Has WEB 7 Network F Object ID Has Telnet Subnet Cancel Help cmd exe c diff bat A In order to check the menu behavior select a map object in SNMPc map and click on the new custom menu 5 SNMPc Management Console 10 0 2 2 File Edit View Insert Manage Tools Config Window Help la xj ASGSGIAARiaA Pu 10 a Cisco2600D y Systeminto y Root Subnet El 10 0 0 A ia 10 0 2 a 172 16 0 S 192 168 0 a 218 44 238 48 as 4 1841 c2801 I ere a lt C3640 aie Cisco26004 4 Cisco2600F E gt HP ProCurve Switch 262 4 32320 Cisco2600C lt SNMPS 4 ssg5 Config Date pa TECH 03 frunning config 2011 08 23 10 08 TECH 07 Poll Object gt r Q this Connect Tehat fstartup config 2011 08 23 10 08 WEB Browser Switches emp Roen MIB Browser A RMON View e 18 gt Servers
165. ompary cor The following number will assist you in this process Thurnbprint shal 7FLSE99S CB6C6641 382 L42F1 74284088 05604960 Do you want to install this certificate 5 4 YET OTHER MISCELLANEOUS OPERATIONS 214 Click on the OK button to finish the wizard General Certification Path SA Certificate Information This CA Root certificate is not trusted To enable trust install this certificate in the Trusted Root Certification Authorities store Issued to tech 63 Issued by tech 63 Valid from 12 25 2013 to 12 23 2023 Install Certificate Issuer Statement Learn more about certificates Copyrights LogicVein inc All rights reserved 215 CHAPTER 5 MISCELLANEOUS Restart Internet Explorer and access the netLD GUI again Confirm that the Security Certificate error is not displayed Updating SSL Certificate Follow the following steps to update the SSL Certificate after the netLD installa tion These steps are only for updating the SSL Certificate and are not required while upgrading netLD itself Change directory to the netLD install directory directory in a command prompt e g cd c Program Files Net LineDancer Y Java Y bin Enter the following commands to delete the existing SSL certificate keytool delete alias ziptie keystore osgi config keystore storepass ziptie Issue a new SSL Certificate with the following command keytool genkey keyal
166. on Execute button to run the tool 3 6 CHANGE MENU 84 3 6 7 SNMP Community String It allows you to add or delete a SNMP community string for the devices SNMP Community Strings New Community String Community String Access Type BO Delete Community String Community String Access Type BO Perform backup after tool completes Menu Items Description Community String Enter SNMP community string to add or delete Select access type of the community string to add or delete from the dropdown list Access Type 3 6 8 SNMP Trap Hosts It allows you to add or delete a SNMP trap host for the devices SNMP Trap Hosts New Trap Host Name Trap Host Name Address 192168 0 63 New Community String Community String public Action add delete add y Ly Perform backup after tool completes Menu Items Description Trap Host Name Address Enter the hostname or IP address of the trap host to add or delete Community String Enter the community string of the trap host Action add delete Select the action from the dropdown list Copyrights LogicVein inc All rights reserved 89 CHAPTER 8 BASIC TOOLS 3 6 9 Syslog Hosts It allows you to add or delete a syslog host of the devices Syslog Hosts Logging hosts to add 10 0 0 1 Logging hosts to remove 40 0 0 2 Perform backup after tool completes Execute Cancel Menu Items Description Logging hosts to add Enter IP address of the
167. on drafts from existing device configu rations or importing from text files Draft configurations can be edited directly and can then be pushed to the device either running or startup configuration Drafts can also be compared to existing configurations to verify that only the parts you expect to change are affected Change Advisor Feature This is new feature that is unique in the industry The Change Advisor can work with existing configurations or draft configurations e Tera Term Integration Working in concert with the Terminal Proxy feature which allows auto mated login to devices and capture of terminal sessions we have added the ability to simply right click on a device in the inventory list and open a Tera Term session that jumps directly into the device logging in automatically for you Cisco PnP Feature optional We added the ability to create run after the Cisco PnP function to back up add the inventory automatically Add Supported Operating Systems Windows Server 2012 Linux Cent OS later than RedHat 5 x 6 x 7 7 THE LIST OF AVAILABLE DEVICE ADAPTERS 238 7 7 The List of Available Device Adapters Here are the lists of available devices at the time of this document for different versions of netLD If any of your devices are not listed above please contact the Sales Team LogicVein developer team starts the development as soon as possible and your devices are su
168. on to specify the credential set for the group Credentials Network Groups 10 0 0 1 10 0 0 50 Add address IP CIDR Wildcard or Range Default New Network Group Enter a new name for this network group Cre Dynamic Credentials by DR Range Wildcard e g 192 168 1 0 24 172 16 0 1 172 16 0 10 10 0 0 a Static Credentials by specific IP address e g 192 168 1 1 SNMPvS Authentication Password el SEEE ai ar db SNMPv3 Privacy Password OK Cancel Copyrights LogicVein inc All rights reserved 47 CHAPTER 3 BASIC TOOLS Click on the 1 in the upper right corner of the screen to add a device credential Network Groups Find 1P Address Q 45 E bi_st IP Address a VTY Username Enable Username SNMPvw3 Username LAR i 4 1 Oof0 b LN Enter the required credential information of the device and click on the OK button regent IP Address 10 0 3 5 VT Username logicvein WT Password T Enable Username Enable Secret Password SNMP Get Community AS SNMPws Authentication Username SNMPws Authentication Password SNMPws Privacy Password 3 1 CREDENTIALS 48 Repeat these steps until all groups and credentials are added to the list Click on the OK button to finish Network Groups Ivi_st Default lvi_dy Credentials Find a LES X E IP Address a VTY Username Enable Username SNMPv3 Username 10 0 0 111 admin 10 0 0 211 Ivi 10 0 0 253 user_tech 10 0 0 254
169. orld Wide Web The most reasonable reason is for the security so the network may be physically disconnected from the Internet or virtually via firewall program And if you are serious about security you would understand the risk of changing the firewall settings each time the device configurations should be uploaded Also you might not gain access to the DNS DHCP service in that network Everything might be running on fixed IP tables and there might be no room for additional terminal devices to be inserted into These problems occurs mostly when the target network is not your own but rather a network of your customer and when you provide a specialized maintenance service to the customer In these cases 3G connection is important because if you upload the configuration through it there is no need to use the network in the remote base Other big pros of using 3G network is the following e There is no need to set up PPPoE on the remote base thanks to the 3G network e Each 3G mobile router is reusable so the cost of the router per remote base is quite limited In the following section we describe how to set up a 3G based configuration deployment Figure 4 2 7 Concept of 3G based deployment netLO Server Target Network nr e Mobile Router gt PES ba y Target O e Internet 3G Network Cisco Device 1 In Cisco PnP Tab set up everything needed for the new Cisco device i e setu
170. p server community public mode Violation on match Variable Type mode Text Copyrights LogicVein inc All rights reserved 123 CHAPTER 3 BASIC TOOLS To test the new rule click on the select a test config link and select a device in the inventory Rule Set SNMP Community public gt Ey Rule Set SNMP Community public General Rules Violation Message public is set in SNMP community select a test config Match Expression Action snmp server community public mode Violation on match ane oP T Variable Type Restriction mode Text Select Configuration window lists the devices that match the adapter you have selected when you created this rule In this case only devices with JOS adapter are present in this list Select Configuration gt IP Address a Hostname 10 0 2 24 Cisco2600E E 10 0 2 25 Cisco2600F 10 0 2 26 routeri 10 0 2 29 C2500C 10 0 2 391 Cisco2500D 10 0 2 32 Cisco2600H 40 0 2 39 ca640 10 0 2 38 C1921 10 0 2 39 Configured 892J 10 0 2 254 C1841 1 12 0f 12 b Resultsperpage 254 OK Cancel 3 10 COMPLIANCE 124 Violations are colored in red Once you are satisfied make up a policy from the set of rules in the next section General Rules 10 0 2 29 select a test config Failures 1 32 33 Logging 10 10 10 25 34 logging 10 30 0 1 35 flogging 10 0 0 50 36 flogging 192 168 0 112 37 38 anmp server community public RO 39 snmp server enable traps tty
171. p the configuration templates and register its serial number in the netLD GUL 4 2 CISCO PLUG AND PLAY OPTIONAL 168 2 Power on the mobile router and make a VPN connection from netLD to the data center 3 Connect a new Cisco device to the mobile router 4 netLD receives the requests from the Cisco device and distributes the con figuration via 3G 5 Once the deployment is finished connect the Cisco device to the target network Copyrights LogicVein inc All rights reserved 169 CHAPTER 4 ADVANCED TOOLS 4 2 8 Deploying Configurations Prior to Sending the De vices to Each Base Another way to deploy devices are using the configure and deliver strategy Just upload the proper configurations with Cisco PnP in your office and send the devices to the remote bases The pros of this strategy is its simplicity However the devices should first be at your office so you cannot deliver the devices directory from the manufacturer Figure 4 2 8 Concept of configure and deliver strategy Remote Bases 1 netLO Server TT 1 Deploy the configurations 2 Deliver the devices 1 Register the configurations and the serial numbers of the routers to the netLD server 2 Power on the Cisco devices and distribute the configurations by netLD in your office 3 Deliver the devices to each base Contact LogicVein Technical Support support logicvein com and we give the more detailed instruction If you ne
172. pendency and the programs that are simultane ously installed into the system and so on Minimum Requirements for 3 000 devices Operation Systems Windows 64bit only Windows Server 2008 SP2 Windows Server 2008 R2 Windows Server 2012 Linux 64bit only Cent OS 5 6 RedHat 5 6 or later Hardware Requirements CPU Core Minimum 4 Memory Minimum 2GB HDD 120GB 10K RPM RAID1 On the Client side you can browse Net LineDancer Server with e Internet Explorer 7 or later e FireFox e Safari or the other conforming browser implementation Platform specific installation notes follow this section Windows and Linux instruction is available Read the appropriate pages Instruction on Windows platform starts immediately after this section Linux instruction starts in Sec Las Copyrights LogicVein inc All rights reserved 5 CHAPTER 1 TUTORIAL 1 2 1 Instruction on Windows On windows there is little or no software dependency on installing netLD The installer sets up everything needed at the same time These are the list of auto matically installed software e Adobe Flash Player v 10 3 or above Installation is system wide e Java7 SE Runtime Environment and ActivePerl Installation is package local so it does not conflict with the system wide installation of Java envi ronment or ActivePerl Now we provide a screen by screen instruction of the installation of netLD It is straightforward if you are already familiar w
173. pported usually within 3 weeks Figure 7 7 1 Supported Device List version 13 08 Adtran Netvanta Alcatel Lucent OmniSwitch Allied Telesyn Telesis X Series M Allied Telesis CentreCOM FS917M Anritsu PureFlow Apresia Blue Coat ProxySG Check Point SecurePlatform Cisco ACNS Platforms Cisco CatOS Cisco CSS ArrowPoint Cisco IOS Cisco Nexus Cisco Security Appliances Cisco VxWorks Cisco WLSE Dell PowerConnect Enterasys Matrix Enterasys SSR Extreme Extremeware F5 3DNS BIG IP v4 Fortinet Fortigate Foundry Fastlron H3C HP ProCurve M Juniper JUNOS NEC IX Nortel BayRS Nortel Contivity Nortel Passport 1600 Paloalto PA 500 Yamaha RT RTX Alaxala AXS Allied Telesis 8700SL Series M Allied Telesyn Switches Alteon AD3 APC smart UPS Aruba ArubaOS Brocade Silkworm CheckPoint VPN1 Edge Firewalls Cisco Airespace Controller Cisco CS500 Cisco GSS Appliances Cisco LocalDirector Cisco SAN OS Cisco VPN Cisco WAAS Platforms Citrix NetScaler D link DGS Enterasys SecureStack Switches Enterasys VerticalHorizon Extreme XOS F5 BigIP Foundry Edgelron Fujitsu SRS HP ProCurve Juniper DX Juniper ScreenOS NEC WA1020 Nortel BayStack Nortel Passport Nortel Tiara Vyatta OFR Copyrights LogicVein inc All rights reserved 239 CHAPTER 7 DATA 7 7 1 Supported Device List version14 06 Figure 7 7 2 Supported Device List part 1 Vendor A10 Networks ADTRAN ALAXALA Networks A
174. prompt regex specifies the regular expression that matches to a specific prompt like PS1 variable on the shell on the device Specifying this field is required if some operation use the special input prompt e g interactive input might respond with a prefix gt on each line while the normal command responds with a prefix lt username gt In this case you should specify a regular expression lt a line starting with lt Otherwise netLD fails to distinguish the command output and the prompt for the next input SHowever you cannot respond to the input query interactively while iterating over the devices Copyrights LogicVein inc All rights reserved 81 CHAPTER 3 BASIC TOOLS 3 6 2 Enable or Disable Interfaces It allows you to change the admin status of interfaces of the device Enable or Disable Interfaces Select Interfaces Admin Interface Up GigabitEthernet0 0 down GigabitEthernet0 1 Up Down A Perform backup after tool completes Select interface s and select UP or DOWN to change from the dropdown list Note that if the interface which is going to be DOWN is the only interface you can connect to the device in the network you no longer connect to that device in the same measure after that 3 6 3 Login Banner MOTD Changing the MOTD login banner of the devices Login Banner MOTD Login Banner Welcome to LogicVein Network Perform backup after tool completes IE 3 6 CHANGE M
175. pt of template first To build a master template follow the instructions below 1 Move to Cisco PnP gt Template Tab and click on to create a template Fig 4 2 4 2 Select CNS Dynamic Configuration for the Template Type and enter the arbitrary template name in the Template Name field Add Description if you want Click on the OK button to move to the next dialog 3 Enter a base configuration into the text field on the right In most cases the easiest way to achieve a base configuration is to copy the configuration from the other device 4 Finally follow the instructions in Smart Change section p 108 and make the configuration into a template Figure 4 2 5 When all the required replacements are added save the template by clicking on the Save button in upper right corner of the Configuration Editor Devices Jobs Terminal Proxy Search Compliance Cisco pnp Network Default v admin Logout Settings Help Configurations Templates History Settings Cisco CNS Deployment Templates Configuration 2500A Template Save Close version 12 0 service timestamps debug uptime network confg Basic CNS Initial Template service timestamps log uptime 2500A Template service password encryption Template Description hostname New Host enable secret 5 1 jHH2sRun n1KRCltgx5N3lbc1Z1 1 ip subnet zero no ip domain lookup 1 Replacements z am New Host interface Ethernet0 ip address 10 0 3 2 25
176. pyrights LogicVein inc All rights reserved 137 CHAPTER 8 BASIC TOOLS 3 13 Search Tab This section describes the various advanced search methods that are accessible in Search Tab These methods do NOT have something to do with the device search Search Tab consists of two subtabs switch port search and ARP search 3 13 1 Switch Port Search Switch Port Search allows you to search devices by specifying FQDN Fully Qual ified Domain Name IP address or MAC address of the device It shows ARP and NDP of the nodes or the information of the Switch Port The following example shows the result for switch port search by specifying an IP address 10 0 2 254 Figure 3 13 1 Port search Search Config Search Switch Port Search ARP Search FQDN IP or MAC Address 10 0 2 254 Go Target Host ARP NDP Switch Port IP 10 0 2 254 Device 10 0 2 14 Device 10 0 2 5 MAC 1C 17 D3 65 3B 6F Interface MultiAccessVirtual lanO Port 22 g Results will show the closest switch that is under management 3 13 2 ARP Search ARP Search searches for any device that has the query IP in its ARP table In the example below we have that the ARP table in a device 10 0 0 213 contains the specified IP 10 0 0 254 3 18 SEARCH TAB Figure 3 13 2 ARP table search lt Search o Config Search Switch Port Search ARP Search IP CIDR 10 0 0 254 Go Device IP Address a MAC Address 10 0 0 213 10 0 0 254 C8 9C 1D
177. r network Consequently Terminal Proxy provides a centralized management of the de vices even on the devices beyond netLD backup coverage Figure 4 1 1 Operation Model of Terminal Proxy To set up the Terminal Proxy feature follow these steps described in this section Copyrights LogicVein inc All rights reserved 141 4 1 1 Available Commands Command connect IP address or host name connect ini tials device IP address or host name device initials exit help network lt network name gt version Example connect 192 168 10 0 connect cisco connect c device 192 168 10 0 device cisco device c CHAPTER 4 ADVANCED TOOLS Description Connect to devices with either SSH or tel net You have to set up the Credentials prior to the connection Show the list of upto 20 devices starting with the character Show the details of the device Show the list in just the same way as connect command does Terminate the SSH session with netLD Show the list of commands Switch the current network in terms of Sec 2 5 to the specified one Show the current version of netLD 4 1 TERMINAL PROXY TAB 142 4 1 2 Setup the Terminal Proxy First since this feature is disabled by default enable Terminal Proxy in the settings window Go to Settings gt Network Servers and check on the Enable the Terminal Server Proxy SSH You can change the port that SSH commun
178. racter can be used to identify step values within a range It can be used both in the form c and a b c The subpattern is matched every c values of the range 0 maxvalue or a b 5 k x This pattern causes a task to be launched every 5 minutes 0 00 0 05 0 10 0 15 and so on 3 18 5 xk x 8 1 CRON TUTORIAL 246 This pattern causes a task to be launched every 5 minutes starting from the third minute of the hour up to the 18th 0 03 0 08 0 13 0 18 1 03 1 08 and so on 15 9 17 This pattern causes a task to be launched every 15 minutes between the 9th and 17th hour of the day 9 00 9 15 9 30 9 45 and so on note that the last execution will be at 17 45 All the fresh described syntax rules can be used together x 12 10 16 2 x This pattern causes a task to be launched every minute during the 12th hour of the day but only if the day is the 10th the 12th the 14th or the 16th of the month x 12 1 15 17 20 25 x This pattern causes a task to be launched every minute during the 12th hour of the day but the day of the month must be between the 1st and the 15th the 17th or the 20th and the 25 Finally cron4j lets you combine more scheduling patterns into one with the pipe character O 5 18 10 x 22 17 x This pattern causes a task to be launched every day at 05 00 10 08 and 17 22 Copyrights LogicVein inc All rights reserved 247 CHAPTER 8 APPENDICES 8 2 Setting up Act
179. resses etc This is available in Inventory gt Save inventory import Excel template Open the Inventory submenu and save the template gt Device Inventory gt Tools Change e Smart Change hj Reports ja Credentials E M Protocols Add a Add new device E Discover new devices Import Export Export inventory as Excel file E E Export inventory with configurations as APF file lel h Save inventory import Excel template Import update inventory from Excel file Manage i Device Tags EN a Run Startup Wizard Open and edit the exported Excel file When you finish editing the file import it with the Import Update inventory from XLS file menu and confirm all devices are added in inventory list A B C D E F G H J K 1 IP Address Network Adapter ID Hostname Type Vendor Model OS Version Serial Number Memo Custom 1 Cust 2 10 0 2 1 Default Juniper ScreenOS ssg5 3 10 0 2 2 Default NEC IX IX2025 LVI Router NEC IX2025 8 5 21 12TNU01048 4 10 0 2 3 Default Yamaha RT RTX RTX1200 Router Yamaha RTX1200 10 01 22 D26059822 5 110 025 Default Apresia Apresia LVI Switch Apresia Apresia3424GT SS 7 22 01 6 110 0 26 Default Cisco IOS C3640 Router Cisco CISCO3640 12 3 11 T 26433110 7 10 0 2 7 Default D Link DGS DGS3426 Switch D Link DGS 3426 2 62 B61 P1AJ1A2000040 8 10 0 2 30 Default Extreme Extremeware Summit48i Switch Extreme Summit48i 7 323 0145M 01540 9 10 0 2 50 Default Alaxala AXS AX2430S Switch Alaxala AX
180. ridge Optional 171 daal INSUSUIAION s ea obo ew estaa oe aa 172 4 3 2 Registering Smart Bridges to the Core Server 175 139 4 1 TERMINAL PROXY TAB 140 4 3 3 Adding a Network fora SB 178 4 3 4 Adding devices toa SB 179 4 4 Integration with External Network Management Soft WATS lt gt ee eK ad 180 4 4 1 Interaction with SNMPc 180 4 4 2 Configuring SNMP Trap Send 183 4 5 Real time Change Detection 185 4 5 1 Configuring your devices 000 185 4 5 2 Operation Check sos cirios 186 4 1 Terminal Proxy Tab Terminal Proxy feature allows remote clients to log in to the managed devices through netLD server One useful aspect of using Terminal Proxy is that you do not have to input the login information on the console netLD automatically feeds the information for you It also logs all the operation history with various information that can be later reviewed when something happens Also using this feature results in the more secure network because the password do not have to be sent through the World Wide Web Moreover outsourcing the management effort is more secure because the operators do not have to know the actual device password The outside operators they just have to know the login passwords of Net LineDancer instances and MOT the device passwords avoiding access to the critical security information in you
181. ription 2 Open Results ER Compare Results Opens the results of the selected job Compares the results of the same type of selected jobs arcas Cancel the selected job if the job is running Job Management subtab is a place you can actually create manage edit and run the jobs Jobs can be modified by double clicking on 1t Also several buttons are provided Menu Items Description Se Open Job Open the job in the status pane This has es sentially the same effect as double clicking on the job Delete the selected jobs Rename a job JE Delete P Rename eee ete g Run Now Execute the selected jobs immediately ALAN Create a new job A dropdown list will show up and you can further choose which kind of job to create Backup Smart Change Discovery Neigh bor Report or Tool Add an opt out filter that can be used while scheduling a job called Scheduler Filter See Sec 5 1 2 for details CE Filters Copyrights LogicVein inc All rights reserved 93 CHAPTER 8 BASIC TOOLS 3 7 1 Creating a New Job Jobs can be created in New Job submenu The basic process of creating a job is shared in all kind of jobs Whenever you make a job you are expected to 1 Set a job name and select a feature 2 enter the required parameters 3 select the target devices and 4 set the triggers schedule of the job We provide a screen by screen instruction no
182. ry 125 KB Compliance tab shows the violation contents if the device has violation against enabled policy For more details please refer to the Compliance section Sec 3 10 p 116 C3640 10 0 2 6 General Compliance Hardware Interfaces ARP MAC VLAN There are no compliance violations for this device Hardware Tab Hardware tab shows the hardware information of the backup information C3640 10 0 2 6 Type Description Model Chassis 3640 chassis Hw Serial 26433110 Hw Revisi CISCO3640 JH Card NM 1FE2W Port adapter 3 ports aa Daughter Car BRI S T 2186 WAN daughter card Jas Daughter Car BRI S T 2186 WAN daughter card JAI Card JH Card Jas Daughter Car BRI S T 2186 WAN daughter card NM 1FE2W Port adapter 1 port Combo 2E 2W Port adapter 4 ports NM 2E2W device based on the last ARP MAC VLAN General Compliance Hardware Interfaces Part Serial Hardware Ver Slot 26433110 800 04796 01 JADO6070DXS 1 0 0 800 01833 04 29937533 1 3 0 800 01833 03 19231298 1 3 1 800 04796 01 JADO43909KQ 1 0 1 800 01171 05 15860442 1 2 2 800 01833 03 22483637 13 0 3 4 CONFIGURATION AND BACKUP 10 Interfaces Tab Interfaces tab shows the interface status of the devices based on the last backup information C3640 10 0 2 6 General Compliance Hardware Interfaces ARP MAC VLAN Admin Name Type IP Speed bps MTU MAC Y BRIO 0 isdn 64000 1500 gt FastEthernet ethernet 10 0 2 6 24 100000000 1500 000750B
183. s of atomic matching query i e Stop on match Stop if not match Violation on match Violation if not match Each query has one matching string and netLD checks if a given configuration matches to the string Once the query matches does not match the configuration above four queries have the following effects Violation on match If the query string matches the configuration then it is a violation Violation if not match If the query string does not matches to any lines of the configuration then it is a violation Stop on match If the query string matches the configuration then the configu ration is OK regardless of the rest of the queries Stop if not match If the query string does not matches to any lines of the con figuration then it is OK regardless of the rest of the queries 9 9 In other words Violation act as black lists while Stop on act as white lists You can create modify and delete these rules A set of compliance rules forms a Rule Set Rule sets can also be created modified copied and deleted However you usually do not have to create their own because many useful rules are already provided by default Entire default rules are listed in Data section in Sec 7 4 p 235 This is a rules set provided by default IOS Interface Auto Duplex Speed e Violation if the interface settings include the followings no ip address Stop on match shutdown command Stop on match dup
184. se the folder in which to install Met LineDancer Smart Bridge y Setup will install Wet LineDancer Smart Bridge in the following folder To install in a different Folder click Browse and select another Folder Click Install to start the installation Destination Folder C Program Files Wet Linebancer Browse Space required 107 5ME Space available 6 7GB Mullsort Install System v2 45 lt Back Install Cancel 4 8 SMART BRIDGE OPTIONAL 174 Installation continues Met LineDancer Smart Bridge Setup Me x Installing Please wait while Met LineDancer Smart Bridge is being installed y Output Folder C Program Piles hlet LineDancer adapters ziptie adapters cisco Threeo05_21 Ea Output Folder C Program Files Met LineDancer adapters ziptie adapters cisco Thr Output Folder C Program Files Net LineDancer adapters ziptie adapters cisco Thr Extract MANIFEST MF 100 Output Folder C Program Files Net LineDancer adapters ziptie adapters cisco Thr Qutput Folder C Program Files Net LineDancer adapters ziptie adapters cisco Thr Extract Cisco jpg 100 Output Folder C Program Files Net LineDancer adapters ziptie adapters cisco Thr Extract 3000 jpg 100 Output Folder C Program Files Net LineDancer adapters ziptie adapters cisco Thr Qutput Folder C Program Files Net LineDancer adapters ziptie adapters cisco Thr Ea Mulsoft Install S
185. signaled a severity level Warning Details are described in the later sections see Sec 3 10 The configuration contains a violation of compliance which signaled a severity level Error Copyrights LogicVein inc All rights reserved 67 CHAPTER 3 BASIC TOOLS 3 4 3 Restoring the Configuration netLD allows you to restore the past configuration of a device double clicking on a device in Inventory shows its backup history in the status pane Select a configuration to restore and click on Restore the configuration button 1 Cisco2600F 10 0 2 25 gt j Cisco2600F 10 0 2 25 General Compliance Hardware Interfaces ARP MACVLAN Last Backup 2012 06 30 06 37 Snapshot Config Timestamp Size User 2012 06 30 06 37 running config 2012 06 30 06 37 1508 na Istartup config 2012 06 30 06 37 1508 na 2012 06 29 02 47 running config 2012 06 29 02 47 1494 ma startup config 2012 06 29 02 47 1494 ma Make Cisco Flash 16 MB Model CISCO2611XM 2FE RAM 64 MB Software Version 12 4 12 Packet Memory 3 67 MB Serial Number JAE07170085 Configuration Memory 32 KB Device Type Router Using protocols Telnet TFTP from Default Using credentials default set from Default Once you click on the OK button in the confirmation dialog it starts restoring the configuration Restore Are you sure you want to restore the selected configuration to the device OK Cancel es t At this point internally netLD issues copy tftp
186. sing protocols Using credentials I 2 Select a configuration either from draft or snapshot configurations 3 Click on 4 Change Adviser is invoked and suggests some commands in the lower window Change Adviser is initiated Change Advisor Cisco1841 10 0 0 250 Current running config 2014 07 15 15 09 ip flow export destination 172 16 0 5 9996 7lip flow export destination 192 168 0 144 2055 I b b 49 ip route 0 0 0 0 0 0 0 0 10 0 0 254 50lip route 192 168 100 0 255 255 255 0 10 0 3 250 1 51 logging 192 168 0 67 52 logging 172 16 0 4 3 logging 10 0 0 141 logging 192 168 0 141 55 logging 192 168 0 50 56 logging 192 168 0 144 57 logging 10 0 0 160 58 logging 192 168 0 115 NN popa pap o nu ooo n d S 60 logging 192 168 0 190 Recommended commands configure terminal logging 1 1 1 1 logging 192 168 0 58 exit _ Perform backup after writing changes to the device running config 2014 07 11 14 28 147lip flow export destination 192 168 0 144 2055 148 149 ip route 0 0 0 0 0 0 0 0 10 0 0 254 pa 52 logging 192 168 0 67 53 logging 172 16 0 4 54 logging 10 0 0 141 5 5 logging 192 168 0 141 56 logging 192 168 0 50 57 logging 192 168 0 144 5gilogging 10 0 0 160 59 logging 192 168 0 115 60 logging 1 1 1 1 61 logging 192 168 0 190 62 logging 192 168 100 144 Inwin 107 160 19M of NA y n oo rs solip route 192 168 100 0 255 255 255 0 10 0 3 250 E LL Lo
187. specific device click on the row of the device to edit and go to Device gt Edit Device properties When you delete a set of devices select the devices and go to Inventory gt Delete device 3 3 5 Searching Devices In Device View netLD provides a flexible search and filter function of the devices There are two modes of the search function Basic and Advanced Search where the former is set as the default method Note that the Filtering is done only within a same network To change the current Network select it in the drop down box in the global menu Basic Search You can filter devices by just entering an IP address or a hostname in the search pane It supports an incremental search feature so the elements are gradually filtered as you type Figure 3 3 5 Simple search pane If you click on a label advanced search the advanced search pane will show up Devices e e fe gt lt PaF Search IP Hostname advanced search 2 gt y Copyrights LogicVein inc All rights reserved 61 CHAPTER 3 BASIC TOOLS Advanced Search Compared to the Basic Search Advanced Search supports plenty of filters Turn on the Advanced Search mode via advanced search button in the Device View The search can be done as you type Figure 3 3 6 Advanced Search panes Devices Interface IP Section name Devices with tags and or Vendor Any v Admin IP EOS Tag A
188. ssword Contin Perform backup after tool completes Execute Cancel Delete User Account It deletes the existing user account on the device Delete User Account User Data Username _ Perform backup after tool completes Execute Cancel Copyrights LogicVein inc All rights reserved 91 CHAPTER 8 BASIC TOOLS Add User Account It adds a user account on the device Add User Account User Data Username Password Privilege RO T _ Ferform backup after tool completes Execute Cancel Change Local User Password It changes the local passwords for the username configured on the devices Change Local User Password User Data Username New Password Password Confirm Perform backup after tool completes 3 7 JOB MANAGEMENT 92 3 7 Job Management In Jobs Tab you can create manage edit and run the jobs Jobs are the tasks that are scheduled to run automatically and periodically A Trigger for a schedule is a specifier of the periodical cycles e g once in a day at noon every five minutes every first Monday in a month and so on Several triggers can be added to one task and the triggers define how often the tasks are executed Jobs Tab consists of two subtabs Job History and Job Management In Job History subtab you can see the past results of the jobs including the ones that are run automatically Following buttons are available in the Job History subtab Menu Items Desc
189. startup config command to copy the selected configuration to the device s startup config After reloading the device restored configuration is applied See Also Sec 2 3 2 m 3 4 4 Device Property Details of device hardware information and configuration backup are available by double clicking on the device row Information included in device property con tains information that netLD has collected from the device in the backup and the neighbor information Latest information can be obtained explicitly by performing the backup or correcting the neighbor information Uploading a configuration again relies on the protocol settings Therefore you must specify the correct protocol to upload the configuration prior to the restoration See Sec 2 3 2 Pro tocols for details For example you need to enable TFTP in Inventory gt Protocols menu for Cisco IOS configuration However if you did not change the protocol from the default settings you do not have to care much about that because all protocols are enabled in the default Protocol settings 3 4 CONFIGURATION AND BACKUP 68 Figure 3 4 2 Via the right click 10 0 2 30 10 0 2 50 10 0 2 254 Backup Open Terminal 10 0 2 1 5595 Juni 10 0 2 2 IX2025 LVI NEC IX20 Rou 12TI NEC B E E 10 0 23 RTX1200 Yam RIM Rou D26 Yam 10 10 0 2 5 Apresia LVI Apr Apr Swit Apri Fa a 10 0 2 6 3640 Cise CISC Rou 264 Cisc 12 wy 10 0 2 7 DGS3426 D Li DGS Swit PLA D Li 26
190. stname you logged in The IP address that the user logged in from Specify the range of dates to search 146 Searches for the query Texts in the command input and output Tips Right click on a device in Device View then click on the Show Terminal Proxy Logs It provides an easy access to the terminal history of the device Devices _ gt search IP Hosiname advanced search IP Address Hostname Model Device Type 192 168 0 248 C2960 WS C2960 24TT L Switch 10 02 39 Confiqured 892u CISCOB92 K9 Router 100238 Backup CISCO1921 K9 Router 100233 M4 Show Terminal Proxy Logs CISCO3640 Router 100 231 Compare Configurations CISCO2524 Router O 10 02 26 routert CISCO2610 Router 4 1 5 Verifying the Log from Change History As in the normal backups if a backup was performed due to the changes made in the proxy terminal Configuration Change History shows the change and you can check the backup status Click on the button while selecting the configuration and the change summary tab shows up in the status pane Click on the button while selecting the configuration C2500_2 10 0 3 2 C2500_2 10 0 3 2 Last Backup 2013 12 19 13 53 Snapshot 2013 12 19 13 53 Config running config startup config 2013 12 12 01 00 running config startup config 2013 12 10 14 15 running config startup config Draft Configurations Gallo 2 15 12 Timestamp Si
191. syslog host to add Logging hosts to remove Enter IP address of the syslog host to delete 3 6 10 IOS Software Distribution netLD is able to distribute IOS software to the devices through the remote network IOS images should be saved before using the tool To save the image see Sec 3 6 13 it 3 6 11 Manage OS Images Specify the directory on the server s file system and search for OS image files in that directory The images found in this feature are later available in IOS Software Distribution Sec 3 6 10 and NEC WA Software Distribution Sec 3 6 12 Click on to add an IOS image files Browse 05 Images Calla 26 Mame Size MDS Hash OK TOS Software Distribution tool is not available for devices that boot from the flash memory e g Cisco 1600 Cisco 2500 Cisco AS5200 3 6 CHANGE MENU 86 Figure 3 6 1 IOS Software distribution IOS Software Distribution Select an 105 image file to push Destination flash location flash Optional Destination flash directory Destination flash partition _ Remove the existing image from flash _ Boot from the new image _ Reload after image push Minimum DRAM in Kilobytes from COD _ Perform backup after tool completes Menu Items Select an IOS image file to push Destination flash loca tion Destination flash direc tory Destination flash parti tion Remove the existing im age from flash Boot from the new im age Reload af
192. t Internet Explorer and Google Chrome On IE select Continue to this website not recommended On Chrome select Proceed anyway This Connection is Untrusted You have asked Firefox to connect securely to localhost but we can t confirm that your connection is secure Normally when you try to connect securely sites will present trusted identification to prove that you are going to the right place However this site s identity can t be verified What Should I Do If you usually connect to this site without problems this error could mean that someone is trying to impersonate the site and you shouldn t continue Get me out of here Technical Details I Understand the Risks If you understand what s going on you can tell Firefox to start trusting this site s identification Even if you trust the site this error could mean that someone is tampering with your connection Don t add an exception unless you know there s a good reason why this site doesn t use trusted identification Add Exceptions This security certificate messages can be safely ignored in this case and do not affect the behavior of the program They are displayed just because your browser is not aware of the SSL credential used by netLD You can safely disable this dialog by adding the SSL certification of your server to the browser The instruction for adding the credential is given later in the manual Sec 5 4 1 ia 1 4 LOGIN 16 1 4 Login
193. t name demo filter 10 0 2 7 DG53426 10 029 5120 IP Source IP 192 168 053 Source IP2 193 168 0 58 Web Server 372160 1 7 logging _ Perform backups after the bulk update completes On Schedule tab add the trigger by clicking L For more details see Sec ag Access List v ES Template ee Replacement Values Devices amp Schedule le a Trigger Next Fire Time Finally do not forget to click on the button to save the job Now the Smart Change jobs are fully setup Once you click on the Jobs tab gt Run Now button netLD runs the job immediately iz 12You can import export the replacement values of IP address for devices in a spreadsheet Click on the export and 4 import in the top right corner of the status pane 13You can also run the job from the Devices Tab Tools menu Smart Change shows the list of Smart Change jobs currently available Click on the one you would like to execute 3 10 COMPLIANCE 116 3 10 Compliance If you configure a compliance policy the administrators are alarmed when some configuration is missing or invalid It helps you keep the network stable safe and robust When a violation has occurred Status Display Pie Charts and Trap Handlers are the helpful tools You can analyze the situation and fix the violation quickly In order to detect the erroneous and unsafe configurations you have to define a Compliance Rule A rule can be defined with four type
194. tch in startup config and running config Configuration Mismatch is signaled when you have a device that has two configu rations called running config and startup config and the two configurations differ to each other startup config is a configuration that is used when a device is rebooted and it is supposed to be used in the regular operations while the running config is a temporary configuration If someone made changes to the startup config but forgot to restart the device it is highly likely that your net work is handled incorrectly Also If someone made changes to the running config though they think the changes should be permanent then the changes will be reset upon startup and again the network is configured incorrectly If the device status indicates the configuration mismatch double click on the icon to display configuration comparison in the status pane Click on the buttons at the upper right corner of the screen to overwrite the startup configu ration with the running configuration to revert the running configuration to the startup configuration or revert the running configuration to the startup configu ration using the change adviser Figure 3 4 4 Comparison pane of a startup config and running config Compare EA Cisco2600_7 startup config 2013 12 12 01 00 Cisco2600_7 running config 2013 12 21 01 00 187 a Y duplex auto speed auto vee ip route 0 0 0 0 0 0 0 0 10 0 3 254 ot ip http server
195. ter image push Minimum DRAM in Kilobytes from CCO Perform backup after tool completes Execute Cancel ay iy kamanas Description Click on the button on the right and select the image in a Browse OS image dialog Specify the name of the drive e g usbflash0 nvram on the device flash Enter the directory on the drive where the flash image is saved If the directory does not exist it will be created Enter the drive partition If the partition does not exist the distribution fails Reload the new image after pushing the image Enter minimum DRAM size the information is available at Cisco com This is an optional fea ture to check if the device has enough space for the new image Copyrights LogicVein inc All rights reserved S CHAPTER 8 BASIC TOOLS You can add some directories This can be achieved by click on the l button in the previous figure New Folder Specify the folder name OK Cancel After the image is successfully added to the list click on the OK button to finish Browse 05 Images Cisco c2600 al la a Name Size MDS Hash E c2600 pbase m2 124 15 Tf bin 14603464 22285e0855ef24cdft1ba2fc857260fa93 OK pe 3 6 12 NEC WA Software Distribution Similar to IOS distribution netLD is also able to distribute NEC WA software to the devices through the remote network The images should be saved before using the tool To save the image see Sec 3 6 13
196. the Next button 5 J Certificate Import Wizard Welcome to the Certificate Import Wizard This wizard helps you copy certificates certificate trust Se S i lists and certificate revocation lists From your disk to a Es certificate store 4 certificate which is issued by a certification authority is a confirmation of your identity and contains information used to protect data or to establish secure network connections A certificate store is the system area where certificates are kept To continue click Mest Back Cancel Select Place all certificates in the following store and click on the Browse button Certificate Import Wizard Certificate Store Certificate stores are system areas Where certificates are kept Windows can automatically select a certificate store or you can specify a location For the certificate automatically select the certificate store based on the type of certificate Place all certificates in the Following store Certificate store Browse Learn more about certificate stores lt Back next gt Cancel 5 4 YET OTHER MISCELLANEOUS OPERATIONS 212 Select Trusted Root Certification Authorities and click on the OK button EA EA ee Los select Certificate Store E Select the certificate store vou want to use Personal Trusted Root Certification Authorities 3 Enterprise Trust Intermediate Certification Suthorities 4 MT mL Show ph
197. tion to keep job execution history 5 2 2 System Backup and Restoration All netLD internal data are saved in derby and lucene subdirectories and also pgsql after version 14 06 under the netLD installation directory netLD provides a convenient backup amp restoration feature for those configurations System backups can be scheduled and runs automatically m In System Backup settings you can modify the following contents Menu Items Description Enable daily system Enable this checkbox to enable daily system backup backup Perform the system Specify the time to perform the system backup backup at this time Number of backups to Specify the number of backups 7 14 and 30 to keep keep in the local server Backup directory Specify a name of the directory that the back up files should be saved Perform System Backup Click on this button to execute a system backup Now System backup last per Shows the date and time last system backup was formed performed Backup data will be saved in a directory named backup yyyy mm dd where yyyy mm dd corresponds to year month and date respectively The default direc tory is lt installdir gt backups but you can also save the backup into the other path e g D backups Backup data can be saved only in the local disks 1The latest configuration is always kept even if it is older than the duration setting 2These settings are independent of the backup schedule for the device
198. tiple NICs we require only one of them 1 2 INSTALLING NETLD 10 Click on the Next button if Installation Complete dialog is displayed Installation Complete Y Setup was completed successfully Completed Delete file C Users hech 4ppData Local Tempye perl win 5 6 6 72 Output Folder C Users tech 4ppData lLocal Tempe Extract Flash player ax 10 5 181 32 exe Installing Adobe Flash plug in Execute Flash player ax 10 3 181 32 ex e finstall Delete File C Usersttech AppDiataLocalTemprekrlash player ax 10 3 181 32 exe Updating service configuration Created uninstaller C Program Files Net LineDancer uninstall exe Installing and starting service Completed a Nullsoft Install System v2 45 Back Gancel Click on the Finish button to close the setup wizard Met LineDancer Enterprise Setup Tra E Completing the Net LineDancer Enterprise Setup Wizard Met Linebancer Enterprise has been installed on your computer Click Finish bo close this wizard Back Gancel Copyrights LogicVein inc All rights reserved 11 CHAPTER 1 TUTORIAL 1 2 2 Instruction on Linux family of OS On linux based systems there are some software dependencies but they are au tomatically resolved by their package manager and our installation script The dependencies are e Java7 runtime java 1 7 openjdk package and alike e openssl e compat expat1 only needed on Cent OS 6 x Currently
199. to add a static route and click on the Execute button Add Static Route window Add Static Route Destination Destination Address IP Address Destination Mask IP Mask Gateway Gateway Address IP Address Perform backup after tool completes Cancel Menu Items Description Destination Address IP Address Enter the destination IP address Destination Mask IP Mask Enter the destination subnet mask Gateway Address IP Address Enter the destination gateway address 3 6 15 Delete Static Route Here you can delete static routes for the devices Select the static routes to delete and click on the Execute button Delete Static Route window Delete Static Route Select Static Routes Gateway Destination Mask Destination Address 10 0 0 250 24 10 0 2 0 10 0 0 51 g 10 128 0 0 10 0 2 252 32 172 16 0 5 Ly Perform backup after tool completes Execute Cancel 3 6 CHANGE MENU 90 3 6 16 Users It changes the user account and password on the devices Change Enable Password It sets an enable password or an enable secret password for the devices If both passwords are configured on the devices it overwrites the enable secret password only Change Enable Password User Data New Password Password Confirm Perform backup after tool completes Execute Cancel Change VTY Password It changes the VTY password of the devices Change Vty Password User Data New Password Pa
200. to keep configuration history Forever v Pei E Duration to keep terminal proxy history 3 Months Duration to keep job execution history 3 Months v lacus Derea Copyrights LogicVein inc All rights reserved 29 CHAPTER 2 NETLD BASICS 2 2 Devices Configurations and Backups Next we describe the interfaces for configuring the devices Fig 2 2 1 shows the Devices Tab the primary tab for handling and watching the devices If you double click on the rows then the status pane shows the Device Property Sec 3 4 4 and the backup history Figure 2 2 1 Device View Devices Search IP Hostname advanced search Device JInventory GD Tools Change Smart Change kj Reports A a Hostname HW Vend Model Device Ty Serial Adapter Memo OS Versio SW Vendor O ssg5 Juniper S O 1X2025_LVI NEC Ix Y RTX1200 Yamaha R O Apresia3424GT Apresia rA 3640 CISCO364 Router 26433110 Cisco 1OS 12 3 11 T Cisco O DGS3426 D Link DG O Summit48i Summit4s Switch 0145M 01 Extreme E 1323 Extreme AX24305 Alaxala A gt A LVI_ Router CISCO184 Router FHK14217 Cisco IOS 15 1 1 T Cisco Devi evice View C 4 1 9 0f9 V Results per page 254 v Backup Status The status icons changes upon the device backup or when a compliance error is signaled It is highlighted in pink in the figure Device View All devices in the inventory are listed here As stated above you can check the configurations stored backed up in the server by double clic
201. to login with Administrator user Adapter Logging Adapter Logging feature in the About menu allows you to issue a log for adapter operations It is effective only in 5 minutes and is disabled after that It is because this feature is quite CPU intensive and there may be significant performance drawback if someone forgot to disable the feature To activate the adapter logging feature first select the About in Help menu Then click on the Adapter Logging button About netLu Version 14 06 revision 20140707 1054 Copyright 2009 2014 Licensee LogicVein License Expiration Perpetual Support Expiration 2019 06 30 Nodes 10000 24 used Serial 70553 BCB7E 69EEE FO9DD 8F228 ore Le Sea la 5 3 HELP MENU 208 Enter an IP address of the target device in IP CIDR and enable checkbox for Enable recording of adapter operations Adapter Diagnostic Settings Configure preferences to enable disable various methods of performing diagnostics against adapter operations These settings should only be modified when performing diagnostics due to the performance penalty that may occur _ Enable recording of adapter operations The log file have a filename much like the following C Program Files Net LineDancer scratch logs Switch_backup_10 0 2 3 log Send Log Send Log feature sends a set of log files to support logicvein com when you are in troubles The logging feature in netLD is quite exhaustive e g it cre
202. ts for those communications are not blocked neither by any fire walls nor by any antivirus software The list of TCP UDP ports used by netLD is available in Sec 7 1 e Check if your devices are supported The available device adapter list is in Sec 7 7 If the program is not able to perform a backup even though the above conditions are met please get the log file through the following steps and send it to our support office support logicvein com 1 Take a memo on the devices whose backup fails 2 Click on the Close button in the bottom right of the Startup Wizard dialog 3 Find the Help section in the menu bar located in the upper right corner of the screen 4 Navigate through Help gt About gt Adapter Logging 5 Enter the IP addresses of the devices in IP CIDR field Check on Enable recording of adapter operations and click on the OK button 6 Perform a backup for those devices Copyrights LogicVein inc All rights reserved 23 CHAPTER 1 TUTORIAL 7 The log file is exported to C FProgram Files Net LineDancer scratch logs on Windows Server 8 If you are already done with SMTP server setting you can a Select Help menu located in the upper right corner of the screen and select About option b Click on the Send Log and enter your e mail address in Your E Mail field and click on the OK button In order to setup the SMTP server see Sec 5 2 3 Otherwise you can simply send
203. twork and VPN capable Mobile Router ee 167 4 2 8 Deploying Configurations Prior to Sending the Devices to Each AE 169 4 2 9 Deploying a Bootstrap 0 0 0 0 084 170 4 3 Smart Bridge Optional 00004 171 Al Installation 2k Ge hee OEE EER HE eee 172 4 3 2 Registering Smart Bridges to the Core Server 175 4 3 3 Adding a Network for a SB 04 178 4 3 4 Adding devices toaSB 179 4 4 Integration with External Network Management Software 180 4 4 1 Interaction with SNMPc 180 4 4 2 Configuring SNMP Trap Send 183 4 5 Real time Change Detection 185 4 5 1 Configuring your devices 0000 185 4 5 2 Operation Check 0 0 0 0 002 000 000084 186 5 Miscellaneous 187 5 1 Configurations Related to Devices and Operations 188 5 1 1 Modifying the Columns in the Device View 188 5 1 2 Scheduler Filters orion arras 189 Skla Dovro TEn areosas ppr e Tekenya penea 191 5 1 4 Display Neighbor Information 194 5 2 Configurations Available in Settings Window 194 5 2 1 Setting the Data Retention policy 195 5 2 2 System Backup and Restoration aa 195 DaS Mail perver 2 cee dei keg de ee eRe Eds 197 5 2 4 Changing the Data Directory in Operation 199 5 2 5 netLD RADIUS Externa
204. ule Set Severity Select a rules set and click on the Add button In this example we have selected JOS Interface Auto Duplex Speed amp IOS Secure Enable Passwords rules Add Rule Sets IOS Disabled Unneeded Services IOS Interface Auto Duplex Speed lOS SSH only Restricted Access IOS Secure Enable Passwords IOS Session Idle Timeout IOS Telnet Restricted Access Add Cancel l 3 10 COMPLIANCE 128 Select a Severity for the rule Here we select different severity for each rule so that different violation icons will show up Policy IOS Policy Policy IOS Policy EA la Devices Rule Sets Status Adapter Cisco IOS select a test config Configuration running config Rule Set Severity IOS Interface Auto Duplex Speed Warning v IOS Secure Enable Passwords Error X Click on the select a test config link and select a device to test the policy Policy 105 Policy Policy 105 Policy Adapter Cisco lOS select a test confi Configuration running config Rule Set Severity IOS Interface Auto Duplex Speed Warming lOS Secure Enable Passwords Error IMPORTANT NOTE The rules that appear in this window is only those rules whose adapter type matches that of the current policy If no rule appears in the candidates then it means no rules are defined for the adapter which your policy is defined for Please review the adapter type setting in your policy or rule sets Copyrights LogicVein inc
205. un a static sequence of commands and do not send the right command with the right IP address In a command template you can enter the required commands in a template and set the right value for the corresponding device In the following sections we pro vide a screen to screen instruction for making a command template for the Smart Change jobs T he instruction makes a template for changing the access list of Cisco devices Copyrights LogicVein inc All rights reserved 109 CHAPTER 3 BASIC TOOLS 3 9 1 Creating a Smart Change Job Smart Change jobs are created in Jobs tab gt Job Management subtab gt New Job Smart Change Since the major parts of the procedure are common in any job we do not describe the details not specific to the Smart Change feature they are already described in Sec 3 7 p 92 Navigate to the above menu and create a job Network Default y asai Logout Settings Help Jobs _ Job History Job Management 3 S NewJob 7 Filters Name Network Type Comment Backup Tooljob Default Tool Discovery Ha Neighbors ki Report Smart Change Tool Follow the dialog process 1 Select either Use the same replacement values for all devices in the job or Use unique replacement values for each device in the job mart Change Job Job Mame Access List Comment loo Use the same replacement values for all devices in the job o Use unique r
206. unning config 2013 12 20 01 00 756 n a startup config 2013 12 12 01 00 756 n a Make Cisco 2013 12 19 13 53 running config 2013 12 19 13 53 875 n a Model CISCO2611XM 2FE startup config 2013 12 12 01 00 756 n a Software Version 12 4 12 Packet Memory 2013 12 12 01 00 running config 2013 12 12 01 00 756 r Serial Number JAEO71601ZT Configuration Memor Device Type Router startup config 2013 12 12 01 00 756 n a The configuration diff is displayed in colors red removed yellow modified and green added Compare gt C1921 running config 2012 06 29 02 48 C3640 running config 2012 06 29 02 48 3 service timestamps log datetime msec 3 service timestamps log datetime msec a 4 no service password encryption 4 no service password encryption pr 5 5 _ 6 hostname C1921 6 hostname C3640 7 7 y 8 boot start marker 8 boot start marker 9 boot end marker 9 boot end marker 10 10 am 11 enable secret 5 1 Pds8 w0McRPKjJUfA3cYvicnyIM1 11 no logging console 12 lenable password password 12 enable password lvi a 13 13 14 ino aaa new model 14 no aaa new model 15 ip subnet zero 15 16 16 no ipv6 cef 17 ip source route a 18 no ip routing 19 no ip cef 20 17 _ 18 ip cef oe 19 ip name server 192 168 0 3 21 20 22 21 yi gt Removed Modified Added Copyrights LogicVein inc All rights reserved 13 CHAPTER 8 BASIC TOOLS 3 4 6 Checking the Misma
207. ups New Network Group Enter a new name for this network group LVI Cre kay Dynamic Credentials by DR Range Wildcard def l e g 192 168 1 0 24 172 16 0 1 172 16 0 10 10 0 0 y Static Credentials by specific IP address e g 192 168 1 1 SAMP Authentication Password E J oA A SNMPv3 Privacy Password OK Cancel 3 1 CREDENTIALS 44 Enter the range of IP addresses specifying the devices in Add address IP CIDR Wildcard or Range field Click on the 1 on the right The address will be added into the table on the left Network Groups 10 0 0 1 10 0 0 50 Add address IP IDR Wildcard or Range 10 0 0 90 la Default Ls Credentials VT Username New Credentials VTY Password j Enable Username Enable Secret Password SNMP Get Community SNMPvs Authentication Username SNMPv3 Authentication Password E A TA CAE T dl SNMPv3 Privacy Password a LE Example Single IP Address 10 0 0 1 2001 0DB8 AC10 Range of IP Addresses 192 168 0 10 0 0 1 10 0 0 100 192 168 0 1 24 2001 0DB8 AC10 64 Copyrights LogicVein inc All rights reserved 45 CHAPTER 3 BASIC TOOLS After you entered a proper IP range register the credential information You can set upto three credentials for one network group Click on the 1 just under the Credentials field and enter a name of the new credential set Credentials Network Groups 10 0 01 10 0 0 50 Add address IP DR Wildcar
208. uration is correct the icon should turn into Y If it never do so review the configuration again If the problem still exists please contact out support i If you need further assistance or technical support about Net LineDancer please fell free to contact below We will be pleased to help you when you find any errors or ambiguities in this manual or any questions regarding them as well Please note that we are closed on weekends national holidays New Year and sum mer holidays in Japanese time We accept e mails for 24 hours but we will only reply on those business hours Thank you for your cooperation LogicVein Inc Technical Support Mail support logicvein com The name of Smart Bridge cannot be modified after it has been registered in the core server If you do have to change the name you have to delete the original one and rerun the entire registration 4 8 SMART BRIDGE OPTIONAL 178 4 3 3 Adding a Network for a SB Adding a network is exactly the same as what you do in order to add a local network except that you should specify the registered Smart Bridge while adding it First Open Settings window Networks section Click on the _ to create a new network Data Retention Name a Bridge System Backup Default Default Mail Server aaa Default SNMP Traps Users Roles External Authentication Custom Device Fields Memo Templates Launchers Smart Bridges Networks Network Servers Cisco Plug and
209. ures The icon indicates that netLD has failed to backup the config uration due to the other causes If you click on the row the er ror log shows up in the bottom See Section 10 4 Status after Per forming Backup for clearing each error 3 4 CONFIGURATION AND BACKUP 3 4 2 Status after Performing Backup Status icons in the leftmost column in the device list show the backup status You can see the detail by double clicking on the icon Status Description Backed Up zN Configuration Mismatch Invalid Credential Backup Failed oO UNAVAILABLE_PROTOCOL o UNEXPECTED_RESPONSE oO DEVICE_MEMORY_ERROR Compliance Y Compliance Warning y Compliance Error Reason The configuration is backed up success fully The running config and startup config were different Sec 3 4 6 The credential set for the device was in correct If you double click on the icon Backup Error Detail dialog shows up Review credential settings in Inventory Credentials menu for the device netLD could not access devices with cer tain protocols Review the configuration or check the hardware and also the Eth ernet connection The unintended answers are returned from the device If you still have any troubles accessing the devices even af ter checking Credentials and Protocols please contact to our support The startup config is missing on the device The configuration contains a violation of compliance which
210. urrently set Open the exported file and edit or fill each replacement values Save the change after editing the file a M4 gt bt Net LineDancer 4 2 CISCO PLUG AND PLAY OPTIONAL 162 Back to netLD click on template menu button and select Import configurations for Configurations Templates History Pnp Device Configurations Device ID or Template Device ID FHK104780MN TEST TESTEST TESTESTEST dl 1 10f1 Live Status Device ID Configuration A Template Self Recovery Specific Device Recovery Self Recovery Tsune_test gt x s Import configurations for template Save empty Excel import file Status Export configurations for template to Excel Copyrights LogicVein inc All rights reserved 163 CHAPTER 4 ADVANCED TOOLS 4 2 5 Cisco PnP Self Recovery You can recover the configuration that has previously been stored in netLD This is effective when for example the device configuration was erased by mistake The process is almost the same as using Template First move to Configurations subtab in the main pane then click on J Devices Jobs Terminal Proxy Search Compliance Cisco PnP Configurations Templates History Pop Device Configurations Configuration I l Tl il Device ID or Template Go Device ID Template d 1 Oof0 E ei E Live Status Device ID Status 4 2 CISCO PLUG AND PLAY OPTIONAL 164 Specify the necessary information
211. version and the state of the websites on June 2014 and may be obsolete after some changes happen Also we do not guarantee all or part of the contents in this manual maintain its accuracy Contents 2 0 1 WhatisnetLD e eos 111 0 1 1 Target Audience 0 000000 eee iv 0 1 2 About this manual 000000 iv Tutorial 1 Ll See canos osado Ara 1 1 2 Installing Weg sa s o uro coa wne daa AAA 4 1 2 1 Instruction on Windows oaoa a a 5 1 2 2 Instruction on Linux family LOS 11 1 3 Accessing the netLD Instance o oo aaa a a a a a 15 L Ls os ADAH Eee hee eee eke Re 16 lo Se o ica s sos ess he eR ee 17 1 5 1 Adding the Devices oo a aa a a 18 1 5 2 Setting the Credentials 19 1 5 3 Performing a Backup 21 1 5 4 Scheduling the Backups 23 netLD Basics 25 2 1 Basic controls and UI elements 25 AME oo nag tee ee AA EA AAA 25 2 1 2 Menu and Submenu aa aa e 26 2 1 3 Subtabs and Subpane a oaoa aa a 26 Dee VII E EKER RE 26 2 2 Devices Configurations and Backups 29 221 O II 30 vil vill CONTENTS 2 3 Credentials Network Groups Protocols 31 2 3 1 Network Group ow cee Oba RAK AR ERE RS e 32 A o II 39 2 4 Users and Roles ui us eos e a A ss 34 A ls A 30 2 6 Service Management a a a a a 35 Basic Tools 39 31L Credentials s eb bb
212. vices IOS Secure Enable Passwords Cisco IOS running config IOS Telnet Restricted Access Cisco IOS running config In global configuration mode UDP and TCP small services should be disabled They are on by default in Cisco routers The services are echo chargen daytime and IOS SSH only Restricted Access Cisco IOS running config discard Fi is also on by default and should be disabled IOS Disabled Unneeded Services Cisco IOS running config IOS Session Idle Timeout Cisco IOS running config Enter a name for the rule select the target adapter the kind of device model and which configuration to apply the rule to running config or startup config Click on the OK button Rule Set Name SNMF Community public Adapter Cisco 105 Configuration funning config 3 10 COMPLIANCE 122 In the Violation message field enter the message to be shown when a violation occurs The violation message in this example is public 25 set in SNMP community After that click on the LE Rule Set SNMP Community public Rule Set SNMP Community public Violation Message public is set in SNMP community Match Expression Action Variable Type Enter the violation search query in Match Expression and select Violation on match in Action field Rule Set SNMP Community public Rule Set SNMP Community public Violation Message public is set in SNMP community Match Expression Action snm
213. vices In this section we give a brief overview of how the configuration proceeds in netLD After these configurations are done we gain the full access to the network devices via our convenient interfaces 1 Adding the Devices First add devices to netLD inventory You either add devices manually or use the automatic device discovery facility See Sec 3 3 1 for details 2 Setting the Credentials Register a username and the associated password of each devise T his information is used every time netLD log in to the devices under control See Sec 3 1 for details 3 Performing a Backup netLD creates backups of the configuration data of each device in the inventory It allows you to com pare configurations be tween devices detect changes in configurations and track down the history afterward See Sec 3 4 for details 4 Setup the Schedules Make the schedules of the back ups We recommend that you would take a backup on a regular basis Further description is available in Sec 3 7 We also provide a built in Startup Wizard that will show up when you logged in to netLD the first time This wizard can be suspended at any time and also invoked later again To access the wizard find Inventory section in the upper right menu bar and click on it to navigate to Run Startup Wizard Startup Wizard can be accessed from here a n advanced search im Device E Inventory dE Tools y Change Smart Change hj Repol Ea Credentia
214. w Click on the New Job gt Tool for example Set a Job Name and Select a Feature First enter the name and the comment in the fields and select the tool type from the dropdown list Almost all tools in Devices Tab gt tools menu Change are available Now we choose Change Enable Password for example Process 1 Tool Job Job Name Tool Job Comment Tool Change Enable Password hd 3 7 JOB MANAGEMENT 94 Enter the Required Parameters Next enter the required parameters in Input Parameters tab Since we activated the Change Enable Password tool in the previous step parameters fields for new password and confirmation are displayed Process 2 Tool Job gt Input Parameters 5 Devices Ts Schedule User Data New Password Password Confirm _ Perform backup after tool completes Select the Target Devices Next we proceed to the Process 3 Currently you are supposed to be opening a Jobs tab in the main pane and a new job in the status pane which further opens Input Parameters subtab Now open the Devices subtab in the lower pane A view similar to the advanced search pane in the device tab should be displayed in the status pane You would also notice that there is an additional radio button saying All Devices Search Static List In Process 3 You would use this default Search option more often However for the sake of beginners we choose Static List in this instruction Then the screen s
215. ysical stores Lx Click on the Next button Certificate Store Certificate stores are system areas where certificates are kept Windows can automatically select a certificate store or you can specify a location For the certificate Automatically select the certificate store based on the type of certificate Place all certificates in the Following store Certificate store Trusted Root Certification Authorities Learn more about certificate stores Copyrights LogicVein inc All rights reserved 213 CHAPTER 5 MISCELLANEOUS Click on the Finish button to save the change Ci mo to s T TLdle A ene moor za FO Completing the Certificate Import Wizard The certificate will be imported after you click Finish You have specified the Following settings Ms eee ea Trusted Root Certifice Content Certificate Click on the Yes button to install the certificate in Security Warning dialog A You are about to install a certificate from a certification authority CA claiming to represent nethd cormpany carri Warning Tf you install this root certificate Windows will automatically trust any certificate issued by this CA Installing a certificate with an unconfirmed thumbprint is a security risk IF you click Yes you acknowledge this risk Windows cannot validate that the certificate is actually frorn neti comparny cam You should confirm its origin by contacting netld c
216. ystem v2 45 Click on the Next button if Installation Complete dialog is displayed Installation Complete Setup was completed successfully Completed CONSTRAINT device to proto map pk PRIMARY KEY ip address network j O rows inserted updatedideleted ij gt Setting database property to derby C Program Files Met LineDancer gt set PATH C Program Files Net LineDancer Jay Program Files het LineDancer keytool genkey keyalg R54 dname CH OU Delete file C Users 4DMINI 1 4ppData Llocal T emp 2 cert bat Created uninstaller C Program Files Met LineDancer uninstall exe Installing and starting service Completed E Hullsott Install System v2 45 Back Gancel Copyrights LogicVein inc All rights reserved 175 CHAPTER 4 ADVANCED TOOLS Click on the Finish button to close the setup wizard Met LineDancer Smart Bridge Setup Completing the Net LineDancer Smart Bridge Setup Wizard Net LineDancer Smart Bridge has been installed on your computer Click Finish Eo close this wizard Back Gancel 4 3 2 Registering Smart Bridges to the Core Server You have to register the installed Smart Bridges to the core netLD Server Go to the settings window gt Smart Bridges Click on the Data Retention Name a Host Port System Backup Default 127 0 0 1 10443 Mail Server sB1 192 166 100 209 10445 SNMP Traps 552 192 168 100 211 10443 Users se 192 168
217. ystem v2 45 lt Back Cancel 1 2 INSTALLING NETLD 8 Choose the license If you just want to try the trial version choose Activate Evaluation and enjoy 30 days trial If you already paid for our product and have a license key choose Activate with existing License Key or License File Net LineDancer Enterprise Setup License Select an evaluation install or activation using a license key or file WONSOTE Instal System we 46 If your environment is connected to the Internet enter your serial number in the Internet Activation Serial field and click on Next Otherwise get a license file from us support logicvein com choose that file and click on Next Note that the online serial authentication may fail under LDAP certification Met LineDancer Enterprise Setup Net LineD ancer License Specify a Net LineDancer license File WONSOTE Instal System we 45 Copyrights LogicVein inc All rights reserved 9 CHAPTER 1 TUTORIAL In the SSL Certificate dialog enter the required information and click on the Install button Information entered here can be edited after the installation See Sec 5 4 1 for details SSL Certificate Mil ES Create SSL Certificate Generate an SSL Certificate For this server y Met LineDancer clients use SSL to communicate with the server An S5L certificate must be generated For this machine The hostname Field below must accurately reflect the hostname For this server Only ASCII c
218. ze User 2013 12 19 13 53 768 n a 2013 12 19 13 53 768 n a 2013 12 12 01 00 768 n a 2013 12 12 01 00 768 n a 2013 12 10 14 15 770 n a 2013 12 10 14 15 770 n a 13 General Compliance Hardware Interfaces Make Cisco Flash 3 MB Model CISCO2524 RAM 8 MB Software Version 12 0 28a Packet Memory 2 MB Serial Number 06956296 Configuration Memory 32 KB Device Type Router Using protocols Telnet TFTP from Default Using credentials New Credentials from Default I ARP MAC VLAN Copyrights LogicVein inc All rights reserved 147 CHAPTER 4 ADVANCED TOOLS The change summary tab shows up in the status pane C2500_2 10 0 3 2 Default Backup Devices gt El Default Backup Devices 2013 12 19 13 53 Status Summary IP Address Hostname 100 37 Cisco2600_7 4 Successes With Changes 1003 1 LVL test 16 Successes Without Changes 1003 2 C2500_2 2 Invalid Credentials O 10034 Cat2500 4 Q 2 Failures 10 0 0 250 LVI_ Router Total Devices 24 10 0 3 250 C3560 Configuration Change Type running config Modified startup config Modified 4 1 6 Exporting the Log Files Clicking the Export button in the Terminal Proxy Tab in the mane pane creates an zip archive in a specified folder The files in the archive are organized into subdirectories as follows e lt filename gt zip lt network name gt 10 0 0 1 1812J B 10 0 0 201 cisco2500b intra dar co jp 10 0 0
Download Pdf Manuals
Related Search