Cisco Systems Network Card Craft Works Interface User Manual |
Quick Start Guide
Cisco Craft Works Interface Quick Start Guide
Cisco IOS XR Software Release 3.4
Download from Www.Somanuals.com. All Manuals Search And Download.
Note
If you are using a CORBA connection and require notifications, the router must be explicitly configured for each client
that is to receive notifications. These notifications include real-time inventory updates (for example, online insertion
and removal [OIR]), alarms, and change-of-configuration events. See the “Configuring the Router and CWI Client”
section on page 4 for information on configuring the router to send notifications to a specified client.
These prerequisites sections are described:
•
•
•
Router Prerequisites
The router prerequisites ensure that the router is correctly set up. Before logging in to a router using CWI, you must meet the
Table 1
Checklist for Router Prerequisites
Item
Task
Additional Information
Base image and
manageability PIE
Ensure that the base image and manageability pie are
installed and running on the router to which you are
connecting using CWI client. Optionally, install and
activate the Cisco IOS XR Security Package (K9SEC) to
enable SSH and SSL functionality.
See Cisco IOS XR System Management
Configuration Guide for information on
how to start the base image.
Minimum router
configuration
Set the minimum router configuration before configuring
the CWI client and required Management Services
—
TTY or CORBA
connection method
Ensure if that connectivity is established between the
router Management Ethernet interface and CWI client.
See Cisco IOS XR Getting Started Guide
for information on connecting an
Ethernet interface from CWI client to the
router.
AAA1 username and
password
Configure at least one username and password on the
router. A valid AAA username and password for accessing Configuration Guide for information on
See Cisco IOS XR System Security
the router must be configured.
configuring usernames and passwords
on the router.
1. AAA = Authentication, Authorization, and Accounting
CWI Client Prerequisites
Ensure that the CWI client is correctly set up to communicate with the router. You should test the client connection. No special
configuration is required on CWI client.
Contact your system administrator to obtain the following information required to configure the router for use with CWI:
•
•
Router hostname
CWI client IP address if the client DNS name is not registered in a DNS server accessible by the router
CWI Client System Requirements
These sections list the CWI client hardware and software requirements. The CWI client hardware requirements ensure that the
CWI client has the proper verified system requirements for the chosen platform.
3
Download from Www.Somanuals.com. All Manuals Search And Download.
Hardware Requirements
Table 2 lists the CWI client hardware requirements.
Table 2
CWI Client Hardware Requirements
System
Requirement
MonitorDisplay
Drive Space Settings
CPU and CPU Speed MHz
RAM
Windows-based IBM PC-compatible 500 MHz PentiumIII minimum, 256 MB minimum,
CWI=5MB, 1024 by
PC
1.20 GHz Pentium IV recommended
512 MB recommended JRE=48MB. 768 pixels
UNIX
Solaris 550 MHz minimum,
1.2 GHz recommended
256 MB minimum, CWI=5MB, 1024 by
512 MB recommended JRE=48MB 768 pixels
CWI=5MB, 1024 by
512 MB recommended JRE=48MB 768 pixels
256 MB minimum, CWI=5MB, 1024 by
Linux-based PC IBM PC-compatible 500 MHz PentiumIII minimum, 256 MB minimum,
1.20 GHz Pentium IV recommended
Macintosh
500 MHz minimum,
1.20 GHz recommended
512 MB recommended JRE=48MB 768 pixels
Software Requirements
Table 3 lists the CWI client software requirements.
Table 3
CWI Client Software Requirements
System Requirement Operating System
Additional Software
Windows-based PC Windows 2000 or Windows XP
One of these browsers:
•
•
Microsoft Internet Explorer 5.0 or higher
Netscape Navigator 7.0 or higher
JRE version 1.5
Linux-based PC
Macintosh
Red Hat Linux Release 7.1 or any Linux operating Netscape Navigator
system on which JRE 11.5 runs
JRE version 1.5
See the Sun website for the latest minimum system
requirements for the JRE on Linux.
MAC OS X 10
Safari version 1.2.3
JRE version 1.5
1. JRE = Java Runtime Environment
4 Configuring the Router and CWI Client
To install CWI and for CWI to manage a router, specific configuration pieces must be active on the router. If you want to use
the serial port or terminal server connection method after installation, no further router configuration is required. For all other
connection methods, ensure that the router is configured, as described in this section.
The “Troubleshooting Basic IP Connectivity” section on page 24 provides information on resolving connectivity problems. See
Cisco IOS XR System Management Configuration Guide for information on the capabilities of, installation of
Cisco IOS XR software packages on, and bootup of the router.
These sections describe how to set up client connections on the router:
•
•
•
•
4
Download from Www.Somanuals.com. All Manuals Search And Download.
Enabling the HTTP Server
To download and install CWI, you must enable the HTTP server on the device.
Note
The HTTP server is used only to install CWI. After installation, the server can be deactivated.
To activate the HTTP server, install the manageability PIE, and add the configuration, use the http server command in global
configuration mode, as shown in the following example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# http server
In addition, you can enable SSL by using the ssl keyword from the http server command in global configuration mode, as shown
in the following example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# http server ssl
Setting Up the Common Configuration for IP Connection Methods
For CWI to manage the device through an IP connection method (for example, Secure Shell Version 1 [SSHv1], Secure Shell
Version 2 [SSHv2], or CORBA) one or more of Telnet, SSHv1, and SSHv2 must be active on the router, regardless of which main
connection method you are using. The default number of available virtual terminal lines (vtys) is relatively small. We strongly
recommend that the number be increased to allow several management sessions to run simultaneously.
To set the maximum number of vtys, use the vty-pool command in global configuration mode, as shown in the following
example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# vty-pool default 0 max vty
For more information, see Cisco IOS XR System Management Command Reference.
Enabling the Telnet Server
To enable the Telnet server on a device for CWI, use the
5
Connection Methods
Some connection methods require additional configuration on the router, as described in Table 4. For the connection methods
that require cryptographic (crypto) set up, see the “Setting Up the Minimum Crypto Requirements” section on page 6.
Table 4
Connection Methods and Requirements
Additional Router
Configuration Command
Manageability PIE
Requirement
Connection Method
Crypto Setup Requirement
Serial port
—
—
—
Terminal server (all types)
CLI over Telnet/SSHv1/SSHv2
XML over Telnet
—
—
—
—
—
Yes
—
xml agent tty
xml agent tty
xml agent corba
xml agent corba ssl
Yes
Yes
Yes
Yes
XML over SSHv1/SSHv2
XML over CORBA
Yes
—
XML over CORBA SSL
Yes
Setting Up the Minimum Crypto Requirements
This section describes the essential crypto requirements to enable the various secure communication options. If you want to run
CWI in a nonsecure (for example, Telnet- or CORBA-based) environment, this configuration is not required. For more detailed
information, see Cisco IOS XR System Security Configuration Guide.
Setting Up the Minimum Crypto Configuration for SSHv1 or SSHv2
To set up the minimum crypto configuration for SSHv1, use the crypto key generate rsa command in EXEC mode to generate a
RSA key pair. You must accept all prompted defaults. For more detailed information, see Cisco IOS XR System Security
Configuration Guide.
To set up the minimum crypto configuration for SSHv2, use the crypto key generate dsa command in EXEC mode to generate
a DSA key pair. For more detailed information, see Cisco IOS XR System Security Configuration Guide.
Setting Up the Minimum Crypto Configuration for SSL
To set up the minimum crypto configuration for SSL (CORBA, HTTP, or both), perform the following steps:
Step 1 Generate an RSA key pair. Accept all prompted defaults. If the key pair label is not specified, “the_default” is used.
RP/0/RP0/CPU0:router# crypto key generate rsa
Step 2 Configure the certification authority (CA) trust point.
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint ca-name
RP/0/RP0/CPU0:router(config-trustp)# enrollment url ca-URL
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label (If your RSA key pair was assigned a label)
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit
The following example shows how to configure the CA trust point:
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint myca
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit
Step 3 Exit configuration mode.
RP/0/RP0/CPU0:router(config)# commit
6
Download from Www.Somanuals.com. All Manuals Search And Download.
Step 4 Authenticate the CA by getting the certificate for the CA.
RP/0/RP0/CPU0:router# crypto ca authenticate ca-name
Step 5 Obtain a router certificate from the CA.
RP/0/RP0/CPU0:router# crypto ca enroll ca-name
5 Installing, Launching, and Uninstalling CWI
This section provides information on how to install, launch, and uninstall CWI. For a list of the login modes, see the “Login
The following sections are presented:
•
•
•
•
Installing CWI
Use this procedure to install CWI and log in to a router when SSL is either enabled or not enabled on the required Management
Services. Ensure that you have already set up the minimum client connections on the router. See the “Configuring the Router
Note
All steps associated with accepting a certificate are not required after the first time you have started the CWI client and
logged in to a router if you choose the certificate option Always.
To install CWI, perform the following steps:
Step 1 Launch your HTTP- or HTTPS-enabled web browser. See the “CWI Client System Requirements” section on page 3 for
information on web browsers.
If SSL is enabled, the router SSL certificate must be accepted. To choose the applicable option, follow the online
instructions.
Note
If you click No to deny the SSL certificate, the login process is canceled.
Step 2 Enter the DNS name or IP address of the router to be accessed in the Address field located near the top of the web
browser window. Press Enter.
You must enter the DNS name or IP address in the Address field using the following format:
If SSL is enabled, use the following format:
Step 3 A router HTTP authentication dialog box appears. See Cisco IOS XR System Security Configuration Guide for
information on the AAA username and password.
a. Enter your AAA username and password in the User Name and Password fields.
b. Click OK. The Cisco Systems router home page appears.
Step 4 Click the Craft Works Interface link in the web browser to start the CWI installation.
7
Download from Www.Somanuals.com. All Manuals Search And Download.
Launching CWI Without Using the Device Tree
To launch CWI with SSL either enabled or not enabled, perform the following steps:
Step 1 Double-click the CWI icon to launch the client desktop. The CWI - Login window appears (see Figure 1).
You have the option to add a device or device group and log in to multiple routers. See the “Launching CWI from the
Figure 1
CWI - Login Window
Note
Enter the same AAA username and password that you used in Step 4 to access the router that must be configured. See the
Step 2 Enter the same AAA username.
Step 3 Enter the same AAA password.
Step 4 (Optional) Enter the enable password for IOS.
Note
When you connect to an IOS device, you must enter the enable password.
Step 5 Choose one of the following connection categories from the drop-down menu:
•
•
•
IP
Console/Aux
Scripted
Note
If you choose the IP-based or Console/Aux connection categories, the scripted login fields are not displayed.
Step 6 Choose one of the following connection types from the drop-down menu:
•
•
XML over CORBA. Choose the node name. Note that XML over CORBA is the default.
CLI over Telnet/SSH. Choose the server name. Specifying the port is optional. If you specify a port, CWI tries to
connect using only that port. CWI does not automatically try to connect with other ports.
•
Terminal Server. Choose the server name and port.
• Serial Port. Choose the Serial Port. You can also set the parameters for the serial port.
9
Download from Www.Somanuals.com. All Manuals Search And Download.
Step 7 (Optional) If you chose the Scripted connection category to log in to the intermediate or Scripted server:
a. Enter the Scripted username.
b. Enter the Scripted password.
c. Click the ellipsis button to display the Login Script Steps window (see Figure 7). Follow the procedure in the “Specifying
Note
In addition, you must enter the applicable information in the Device Description field to uniquely identify the
connection. For example, if you are connecting to a device such as router_1 through the intermediate machine, enter
router_1 in the Description field.
Step 8 Enter the node name (DNS name or IP address) of the device that CWI is directly connecting to.
Step 9 (Optional) Check the Manage admin plane check box to enable the admin plane for the applicable device group or
device. If checked, the admin plane node appears above the corresponding device node in the Inventory Tree. For more
Step 10 Click Login. Note that if you checked the Lite Mode check box, the XML option is disabled.
For SSL enabled: If you did not choose Always to automatically accept the SSL certificate from the “Installing CWI”
section on page 7, you must accept the SSL certificate.
Step 11 After the CWI initialization is completed, the CWI Desktop window appears. The chosen login mode is indicated in the
Inventory Tree. See the “CWI Desktop Window” section on page 19 for information on the CWI Desktop window.
Note
CWI is automatically locked when there is no activity in the CWI session for 15 minutes. To unlock CWI, you
must provide the username and password used when logging in to the router. See Cisco Craft Works Interface
User Guide for CWI unlocking procedures.
If any of the minimum requirements of the initialization steps fails, a CWI dialog box appears allowing you to abort,
troubleshoot, or continue the initialization process.
Step 12 If necessary, complete the following steps to troubleshoot the initialization process.
a. To stop the initialization process, click Abort.
b. To troubleshoot the process, click Troubleshoot. The Troubleshooter application is started, and a Troubleshoot New
Device Launch problems dialog box appears. The Troubleshooter application runs fault isolation tests on the
client/server communication path between the CWI and router management agent. The Troubleshooter application
provides a window that describes the reason for the failure, possible cause, and recommended repair action. An
automatic repair option is provided in many instances. See Cisco Craft Works Interface User Guide for information on
using the Troubleshooter feature.
c. To continue the initialization process, click Continue.
Launching CWI from the Device Tree
These sections describe how to launch CWI through configured devices or device groups:
•
•
•
•
10
Download from Www.Somanuals.com. All Manuals Search And Download.
Adding or Editing a Device
To add or edit a new device to the Device Tree, perform the following steps:
Step 1 From the CWI - Login window, right-click the Login information directory and choose Add New Device. The Add
Device window appears (see Figure 2). Or you can right-click the device in the Login information directory and choose
Edit to display the Edit Device window.
Figure 2
Add Device Window
Step 2 Choose one of the following connection categories from the drop-down menu:
•
•
•
IP
Console/Aux
Scripted
Note
If you choose the IP-based or Console/Aux connection categories, the scripted login fields are not displayed.
Step 3 Choose the applicable connection type from the drop-down list. For a list of the connections, see the “Launching CWI
Step 4 Click the ellipsis button to display the Login Script Steps window (see Figure 7). For more information on how to specify the
login script steps, see “Specifying the User Login Script” section on page 15.
Note
This step is mandatory only if you selected the Scripted connection category.
Step 5 Enter the IP address or name of the node in the Node Name/Port field.
Step 6 (Optional) From the Device Tree, check the Manage admin plane check box to enable the admin plane for the applicable
device group or device. If checked, the admin plane node appears above the corresponding device node in the Inventory
Tree. For more information, see “Understanding the Admin Planes and Device Planes” section on page 18.
Step 7 (Optional) Check the Lite Mode check box to force a connection to the device in Lite Mode.
Step 8 Click OK to accept the device information for the Device Tree.
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Adding or Editing a Device Group
To add or edit a new device group to the device tree, perform the following steps:
Step 1 From the CWI - Login window, right-click the Login Information directory and choose Add New Device Group. The
Add Device Group window appears (see Figure 3). Or you can right-click the device group and choose Edit to display
the Edit Device Group window.
Figure 3
Add Device Group Window
Step 2 Enter the name of the group in the Group Name field.
Step 3 (Optional) Enter a description of the group in the Group Description field.
Step 4 Click OK to accept the device group information for the device tree.
Removing a Device or Device Group
To remove a device or device group from the Login Information directory, right-click the device or device group and choose
Delete. Click Yes to confirm.
Logging In to Multiple Network Elements
To log in to multiple network elements, perform the following steps:
Step 1 From the CWI - Login window, choose the devices or device groups that you want to log in to. The CWI - Login for
Selected Devices/Groups window is displayed (see Figure 4).
Figure 4
CWI - Login for Selected Devices and Groups Window
Step 2 Enter the same AAA username across all routers.
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Step 3 Enter the same AAA password across all routers.
Step 4 (Optional) Enter the enable password for IOS.
Note
When you connect to an IOS device, you must enter the enable password.
Step 5 Choose one of the following connection categories from the drop-down menu:
•
•
•
IP
Console/Aux
Scripted
Note
If you choose the IP-based or Console/Aux connection categories, the scripted login fields are not displayed.
Step 6 Choose one of the following connection types from the drop-down menu:
•
•
XML over CORBA. Choose the node name. Note that XML over CORBA is the default.
CLI over Telnet/SSH. Choose the server name. Specifying the port is optional. If you specify a port, CWI tries to
connect using only that port. CWI does not automatically try to connect with other ports.
•
•
Ter |