Cisco Systems Network Card Craft Works Interface User Manual

Note  
If you are using a CORBA connection and require notifications, the router must be explicitly configured for each client  
that is to receive notifications. These notifications include real-time inventory updates (for example, online insertion  
and removal [OIR]), alarms, and change-of-configuration events. See the “Configuring the Router and CWI Client”  
section on page 4 for information on configuring the router to send notifications to a specified client.  
These prerequisites sections are described:  
Router Prerequisites  
The router prerequisites ensure that the router is correctly set up. Before logging in to a router using CWI, you must meet the  
router prerequisites that are described in Table 1.  
Table 1  
Checklist for Router Prerequisites  
Item  
Task  
Additional Information  
Base image and  
manageability PIE  
Ensure that the base image and manageability pie are  
installed and running on the router to which you are  
connecting using CWI client. Optionally, install and  
activate the Cisco IOS XR Security Package (K9SEC) to  
enable SSH and SSL functionality.  
See Cisco IOS XR System Management  
Configuration Guide for information on  
how to start the base image.  
Minimum router  
configuration  
Set the minimum router configuration before configuring  
the CWI client and required Management Services  
TTY or CORBA  
connection method  
Ensure if that connectivity is established between the  
router Management Ethernet interface and CWI client.  
See Cisco IOS XR Getting Started Guide  
for information on connecting an  
Ethernet interface from CWI client to the  
router.  
AAA1 username and  
password  
Configure at least one username and password on the  
router. A valid AAA username and password for accessing Configuration Guide for information on  
See Cisco IOS XR System Security  
the router must be configured.  
configuring usernames and passwords  
on the router.  
1. AAA = Authentication, Authorization, and Accounting  
CWI Client Prerequisites  
Ensure that the CWI client is correctly set up to communicate with the router. You should test the client connection. No special  
configuration is required on CWI client.  
Contact your system administrator to obtain the following information required to configure the router for use with CWI:  
Router hostname  
CWI client IP address if the client DNS name is not registered in a DNS server accessible by the router  
CWI Client System Requirements  
These sections list the CWI client hardware and software requirements. The CWI client hardware requirements ensure that the  
CWI client has the proper verified system requirements for the chosen platform.  
3
Download from Www.Somanuals.com. All Manuals Search And Download.  
       
Hardware Requirements  
Table 2 lists the CWI client hardware requirements.  
Table 2  
CWI Client Hardware Requirements  
System  
Requirement  
MonitorDisplay  
Drive Space Settings  
CPU and CPU Speed MHz  
RAM  
Windows-based IBM PC-compatible 500 MHz PentiumIII minimum, 256 MB minimum,  
CWI=5MB, 1024 by  
PC  
1.20 GHz Pentium IV recommended  
512 MB recommended JRE=48MB. 768 pixels  
UNIX  
Solaris 550 MHz minimum,  
1.2 GHz recommended  
256 MB minimum, CWI=5MB, 1024 by  
512 MB recommended JRE=48MB 768 pixels  
CWI=5MB, 1024 by  
512 MB recommended JRE=48MB 768 pixels  
256 MB minimum, CWI=5MB, 1024 by  
Linux-based PC IBM PC-compatible 500 MHz PentiumIII minimum, 256 MB minimum,  
1.20 GHz Pentium IV recommended  
Macintosh  
500 MHz minimum,  
1.20 GHz recommended  
512 MB recommended JRE=48MB 768 pixels  
Software Requirements  
Table 3 lists the CWI client software requirements.  
Table 3  
CWI Client Software Requirements  
System Requirement Operating System  
Additional Software  
Windows-based PC Windows 2000 or Windows XP  
One of these browsers:  
Microsoft Internet Explorer 5.0 or higher  
Netscape Navigator 7.0 or higher  
JRE version 1.5  
Linux-based PC  
Macintosh  
Red Hat Linux Release 7.1 or any Linux operating Netscape Navigator  
system on which JRE 11.5 runs  
JRE version 1.5  
See the Sun website for the latest minimum system  
requirements for the JRE on Linux.  
MAC OS X 10  
Safari version 1.2.3  
JRE version 1.5  
1. JRE = Java Runtime Environment  
4 Configuring the Router and CWI Client  
To install CWI and for CWI to manage a router, specific configuration pieces must be active on the router. If you want to use  
the serial port or terminal server connection method after installation, no further router configuration is required. For all other  
connection methods, ensure that the router is configured, as described in this section.  
The “Troubleshooting Basic IP Connectivity” section on page 24 provides information on resolving connectivity problems. See  
Cisco IOS XR System Management Configuration Guide for information on the capabilities of, installation of  
Cisco IOS XR software packages on, and bootup of the router.  
These sections describe how to set up client connections on the router:  
4
Download from Www.Somanuals.com. All Manuals Search And Download.  
     
Enabling the HTTP Server  
To download and install CWI, you must enable the HTTP server on the device.  
Note  
The HTTP server is used only to install CWI. After installation, the server can be deactivated.  
To activate the HTTP server, install the manageability PIE, and add the configuration, use the http server command in global  
configuration mode, as shown in the following example:  
RP/0/RP0/CPU0:router# configure  
RP/0/RP0/CPU0:router(config)# http server  
In addition, you can enable SSL by using the ssl keyword from the http server command in global configuration mode, as shown  
in the following example:  
RP/0/RP0/CPU0:router# configure  
RP/0/RP0/CPU0:router(config)# http server ssl  
Setting Up the Common Configuration for IP Connection Methods  
For CWI to manage the device through an IP connection method (for example, Secure Shell Version 1 [SSHv1], Secure Shell  
Version 2 [SSHv2], or CORBA) one or more of Telnet, SSHv1, and SSHv2 must be active on the router, regardless of which main  
connection method you are using. The default number of available virtual terminal lines (vtys) is relatively small. We strongly  
recommend that the number be increased to allow several management sessions to run simultaneously.  
To set the maximum number of vtys, use the vty-pool command in global configuration mode, as shown in the following  
example:  
RP/0/RP0/CPU0:router# configure  
RP/0/RP0/CPU0:router(config)# vty-pool default 0 max vty  
For more information, see Cisco IOS XR System Management Command Reference.  
Enabling the Telnet Server  
To enable the Telnet server on a device for CWI, use the  
5
   
Connection Methods  
Some connection methods require additional configuration on the router, as described in Table 4. For the connection methods  
Table 4  
Connection Methods and Requirements  
Additional Router  
Configuration Command  
Manageability PIE  
Requirement  
Connection Method  
Crypto Setup Requirement  
Serial port  
Terminal server (all types)  
CLI over Telnet/SSHv1/SSHv2  
XML over Telnet  
Yes  
xml agent tty  
xml agent tty  
xml agent corba  
xml agent corba ssl  
Yes  
Yes  
Yes  
Yes  
XML over SSHv1/SSHv2  
XML over CORBA  
Yes  
XML over CORBA SSL  
Yes  
Setting Up the Minimum Crypto Requirements  
This section describes the essential crypto requirements to enable the various secure communication options. If you want to run  
CWI in a nonsecure (for example, Telnet- or CORBA-based) environment, this configuration is not required. For more detailed  
information, see Cisco IOS XR System Security Configuration Guide.  
Setting Up the Minimum Crypto Configuration for SSHv1 or SSHv2  
To set up the minimum crypto configuration for SSHv1, use the crypto key generate rsa command in EXEC mode to generate a  
RSA key pair. You must accept all prompted defaults. For more detailed information, see Cisco IOS XR System Security  
Configuration Guide.  
To set up the minimum crypto configuration for SSHv2, use the crypto key generate dsa command in EXEC mode to generate  
a DSA key pair. For more detailed information, see Cisco IOS XR System Security Configuration Guide.  
Setting Up the Minimum Crypto Configuration for SSL  
To set up the minimum crypto configuration for SSL (CORBA, HTTP, or both), perform the following steps:  
Step 1 Generate an RSA key pair. Accept all prompted defaults. If the key pair label is not specified, “the_default” is used.  
RP/0/RP0/CPU0:router# crypto key generate rsa  
Step 2 Configure the certification authority (CA) trust point.  
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint ca-name  
RP/0/RP0/CPU0:router(config-trustp)# enrollment url ca-URL  
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label (If your RSA key pair was assigned a label)  
RP/0/RP0/CPU0:router(config-trustp)# exit  
RP/0/RP0/CPU0:router(config)# commit  
The following example shows how to configure the CA trust point:  
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint myca  
RP/0/RP0/CPU0:router(config-trustp)# enrollment url http://myca/mydomain.com  
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label  
RP/0/RP0/CPU0:router(config-trustp)# exit  
RP/0/RP0/CPU0:router(config)# commit  
Step 3 Exit configuration mode.  
RP/0/RP0/CPU0:router(config)# commit  
6
Download from Www.Somanuals.com. All Manuals Search And Download.  
     
Step 4 Authenticate the CA by getting the certificate for the CA.  
RP/0/RP0/CPU0:router# crypto ca authenticate ca-name  
Step 5 Obtain a router certificate from the CA.  
RP/0/RP0/CPU0:router# crypto ca enroll ca-name  
5 Installing, Launching, and Uninstalling CWI  
This section provides information on how to install, launch, and uninstall CWI. For a list of the login modes, see the “Login  
The following sections are presented:  
Installing CWI  
Use this procedure to install CWI and log in to a router when SSL is either enabled or not enabled on the required Management  
Services. Ensure that you have already set up the minimum client connections on the router. See the “Configuring the Router  
Note  
All steps associated with accepting a certificate are not required after the first time you have started the CWI client and  
logged in to a router if you choose the certificate option Always.  
To install CWI, perform the following steps:  
Step 1 Launch your HTTP- or HTTPS-enabled web browser. See the “CWI Client System Requirements” section on page 3 for  
information on web browsers.  
If SSL is enabled, the router SSL certificate must be accepted. To choose the applicable option, follow the online  
instructions.  
Note  
If you click No to deny the SSL certificate, the login process is canceled.  
Step 2 Enter the DNS name or IP address of the router to be accessed in the Address field located near the top of the web  
browser window. Press Enter.  
You must enter the DNS name or IP address in the Address field using the following format:  
http://router-dns-name or http://ip-address  
If SSL is enabled, use the following format:  
https://router-dns-name or https://ip-address  
Step 3 A router HTTP authentication dialog box appears. See Cisco IOS XR System Security Configuration Guide for  
information on the AAA username and password.  
a. Enter your AAA username and password in the User Name and Password fields.  
b. Click OK. The Cisco Systems router home page appears.  
Step 4 Click the Craft Works Interface link in the web browser to start the CWI installation.  
7
Download from Www.Somanuals.com. All Manuals Search And Download.  
   
Note  
You must install JRE 1.5 to proceed with the CWI installation.  
Step 5 If this is the first time the CWI client has started CWI, the Java Plug-in must be installed and the CWI Cisco security  
certificate must be accepted.  
a. If the Java Plug-in installation is completed, a dialog box appe  
8
   
Launching CWI Without Using the Device Tree  
To launch CWI with SSL either enabled or not enabled, perform the following steps:  
Step 1 Double-click the CWI icon to launch the client desktop. The CWI - Login window appears (see Figure 1).  
You have the option to add a device or device group and log in to multiple routers. See the “Launching CWI from the  
Figure 1  
CWI - Login Window  
Note  
Enter the same AAA username and password that you used in Step 4 to access the router that must be configured. See the  
Step 2 Enter the same AAA username.  
Step 3 Enter the same AAA password.  
Step 4 (Optional) Enter the enable password for IOS.  
Note  
When you connect to an IOS device, you must enter the enable password.  
Step 5 Choose one of the following connection categories from the drop-down menu:  
IP  
Console/Aux  
Scripted  
Note  
If you choose the IP-based or Console/Aux connection categories, the scripted login fields are not displayed.  
Step 6 Choose one of the following connection types from the drop-down menu:  
XML over CORBA. Choose the node name. Note that XML over CORBA is the default.  
CLI over Telnet/SSH. Choose the server name. Specifying the port is optional. If you specify a port, CWI tries to  
connect using only that port. CWI does not automatically try to connect with other ports.  
Terminal Server. Choose the server name and port.  
• Serial Port. Choose the Serial Port. You can also set the parameters for the serial port.  
9
Download from Www.Somanuals.com. All Manuals Search And Download.  
   
Step 7 (Optional) If you chose the Scripted connection category to log in to the intermediate or Scripted server:  
a. Enter the Scripted username.  
b. Enter the Scripted password.  
c. Click the ellipsis button to display the Login Script Steps window (see Figure 7). Follow the procedure in the “Specifying  
Note  
In addition, you must enter the applicable information in the Device Description field to uniquely identify the  
connection. For example, if you are connecting to a device such as router_1 through the intermediate machine, enter  
router_1 in the Description field.  
Step 8 Enter the node name (DNS name or IP address) of the device that CWI is directly connecting to.  
Step 9 (Optional) Check the Manage admin plane check box to enable the admin plane for the applicable device group or  
device. If checked, the admin plane node appears above the corresponding device node in the Inventory Tree. For more  
Step 10 Click Login. Note that if you checked the Lite Mode check box, the XML option is disabled.  
For SSL enabled: If you did not choose Always to automatically accept the SSL certificate from the “Installing CWI”  
section on page 7, you must accept the SSL certificate.  
Step 11 After the CWI initialization is completed, the CWI Desktop window appears. The chosen login mode is indicated in the  
Inventory Tree. See the “CWI Desktop Window” section on page 19 for information on the CWI Desktop window.  
Note  
CWI is automatically locked when there is no activity in the CWI session for 15 minutes. To unlock CWI, you  
must provide the username and password used when logging in to the router. See Cisco Craft Works Interface  
User Guide for CWI unlocking procedures.  
If any of the minimum requirements of the initialization steps fails, a CWI dialog box appears allowing you to abort,  
troubleshoot, or continue the initialization process.  
Step 12 If necessary, complete the following steps to troubleshoot the initialization process.  
a. To stop the initialization process, click Abort.  
b. To troubleshoot the process, click Troubleshoot. The Troubleshooter application is started, and a Troubleshoot New  
Device Launch problems dialog box appears. The Troubleshooter application runs fault isolation tests on the  
client/server communication path between the CWI and router management agent. The Troubleshooter application  
provides a window that describes the reason for the failure, possible cause, and recommended repair action. An  
automatic repair option is provided in many instances. See Cisco Craft Works Interface User Guide for information on  
using the Troubleshooter feature.  
c. To continue the initialization process, click Continue.  
Launching CWI from the Device Tree  
These sections describe how to launch CWI through configured devices or device groups:  
10  
Download from Www.Somanuals.com. All Manuals Search And Download.  
   
Adding or Editing a Device  
To add or edit a new device to the Device Tree, perform the following steps:  
Step 1 From the CWI - Login window, right-click the Login information directory and choose Add New Device. The Add  
Device window appears (see Figure 2). Or you can right-click the device in the Login information directory and choose  
Edit to display the Edit Device window.  
Figure 2  
Add Device Window  
Step 2 Choose one of the following connection categories from the drop-down menu:  
IP  
Console/Aux  
Scripted  
Note  
If you choose the IP-based or Console/Aux connection categories, the scripted login fields are not displayed.  
Step 3 Choose the applicable connection type from the drop-down list. For a list of the connections, see the “Launching CWI  
Step 4 Click the ellipsis button to display the Login Script Steps window (see Figure 7). For more information on how to specify the  
Note  
This step is mandatory only if you selected the Scripted connection category.  
Step 5 Enter the IP address or name of the node in the Node Name/Port field.  
Step 6 (Optional) From the Device Tree, check the Manage admin plane check box to enable the admin plane for the applicable  
device group or device. If checked, the admin plane node appears above the corresponding device node in the Inventory  
Step 7 (Optional) Check the Lite Mode check box to force a connection to the device in Lite Mode.  
Step 8 Click OK to accept the device information for the Device Tree.  
11  
Download from Www.Somanuals.com. All Manuals Search And Download.  
   
Adding or Editing a Device Group  
To add or edit a new device group to the device tree, perform the following steps:  
Step 1 From the CWI - Login window, right-click the Login Information directory and choose Add New Device Group. The  
Add Device Group window appears (see Figure 3). Or you can right-click the device group and choose Edit to display  
the Edit Device Group window.  
Figure 3  
Add Device Group Window  
Step 2 Enter the name of the group in the Group Name field.  
Step 3 (Optional) Enter a description of the group in the Group Description field.  
Step 4 Click OK to accept the device group information for the device tree.  
Removing a Device or Device Group  
To remove a device or device group from the Login Information directory, right-click the device or device group and choose  
Delete. Click Yes to confirm.  
Logging In to Multiple Network Elements  
To log in to multiple network elements, perform the following steps:  
Step 1 From the CWI - Login window, choose the devices or device groups that you want to log in to. The CWI - Login for  
Selected Devices/Groups window is displayed (see Figure 4).  
Figure 4  
CWI - Login for Selected Devices and Groups Window  
Step 2 Enter the same AAA username across all routers.  
12  
Download from Www.Somanuals.com. All Manuals Search And Download.  
         
Step 3 Enter the same AAA password across all routers.  
Step 4 (Optional) Enter the enable password for IOS.  
Note  
When you connect to an IOS device, you must enter the enable password.  
Step 5 Choose one of the following connection categories from the drop-down menu:  
IP  
Console/Aux  
Scripted  
Note  
If you choose the IP-based or Console/Aux connection categories, the scripted login fields are not displayed.  
Step 6 Choose one of the following connection types from the drop-down menu:  
XML over CORBA. Choose the node name. Note that XML over CORBA is the default.  
CLI over Telnet/SSH. Choose the server name. Specifying the port is optional. If you specify a port, CWI tries to  
connect using only that port. CWI does not automatically try to connect with other ports.  
Ter